Camalig Bank, Inc. (or hereinafter referred to as the “Bank”) is committed to the proper handling and safeguarding of your personal data. As a data subject, we value and assure you that the Bank protects and respects your privacy, personal data and your rights.
This privacy policy applies to past, present and prospective Bank clients and anyone involved in any transaction or business relationship with the Bank whether it’s in your personal capacity or as a representative of a legal entity (for example, a company executive officer, agent, legal representative, operational personnel, etc.) and non-Bank clients such as payees, contact persons of corporate clients and Bank partners, subject to data retention regulations and Bank policy.
This data privacy policy informs you how the Bank collects your personal data and how we process it in the course of your business with us in compliance with the requirements of the Data Privacy Act of 2012.
In a relation to CB's commitment to protect your bank information and your banking transactions, the bank employs the following security measures every time you perform your banking transactions with us or access your CB Mobile Banking account.
A. SECURITY MEASURES
1. FIREWALL
CB employs an industry-standard firewall system to ensure that the bank’s IT infrastructure is protected from untrusted network access.
2. AUTHENTICATION
Authentication ensures that only authorized persons or users can access their account by verifying the identity of the user or person transacting with us.
3. ENCRYPTION
This is the process of scrambling private information to prevent unauthorized access. Our system makes use of SSL (Secured Socket Layer) to ensure that all your Mobile Banking transactions are encrypted. SSL is a cryptographic protocol that provides security and data integrity for communications over networks such as the internet.
B. USER AUTHORIZATION
1. DOCUMENTATION
User has to fill in the account creation form and activate his CB Mobile Banking account following the guidelines set by the Bank from the time to time on account activation.
2. ACCESS
Access to CB Mobile Banking is allowed only after the user has entered the correct login information. The Mobile Banking app automatically logs off the user after the prescribed time of inactivity (5 minutes idle time).
3. USER VALIDATION
a. Login Information
CB Mobile Banking requires four (4) login information 1) Last Name 2) Birthdate 3) Document number 4) Account number. For CB Mobile Banking, One-Time Password (OTP) is an additional requisite for access.
b. Password Handling
The app requires security checks (sending of OTP code) to validate the user's identity when requesting for password change.
The user must not disclose his/her password or any account information to anyone. The user must create a password that is unique and cannot be easily guessed by others. Avoid using names, birth dates, etc. as passwords.
C. WHAT WE MAY COLLECT FROM YOU
Bank transactions and access to CB Mobile Banking may require the input or use of some of your personal data to be able to verify your identity, login to your mobile banking account, and authenticate your transactions.
We collect personal and non-personal data that you may purposely provide to us.
1. For account creation or account opening
Personal information and other particulars such as, but not limited to, full name, gender, place and date of birth, civil status, nationality;
Contact details, including email address and mobile number;
Address in the Philippines;
Education;
Employment or business information including assets;
Financial Information such as income, expenses, deposits, credit cards and other investments
Specimen signature
Details, photocopies and/or images of your government issued IDs, valid identification card and other digital photos amd biometrics capture or submitted in the course of your transaction with us;
Information about your transactions with third parties, including merchants and utility companies
2. For availment of bank products and services
It includes your identification data; transaction data such as account numbers and reference numbers related to your account and other data required to process your transaction that can be found on the transaction ledger maintained by the Bank; financial data such as invoices, credit notes, payslips, payment behaviour, the value of your property or other assets, your credit history, credit capacity, financial products you have with the Bank, whether you are registered with a credit register, payment arrears and income information; socio{emographic data whether you are manied and have children; and, data about your interests and needs that you share with us through the accomplishment of Bank surveys for the purpose of continuously improving the Bank products and services.
We will not record sensitive data relating to your health, ethnicity, religious or political beliefs unless it is necessary. When we do, it is limited under specific circumstances that will be communicated to you requiring your consent.
3. For identification
Personal data that we collect through our official website are limited to what will allow us to properly respond to your queries about the Bank's product and service offerings as well as complaints. In order for us to do this, we gather only the following personal data from you through our website: Name, Address, Phone, and E-mailAddress. As a matter of implementing the Bank's customer identification process, our banking offices collect the minimum information and other required information subject to applicable laws
4. For log in credentials
Last name, Birth date, Document number, Account number
PIN code or biometrics and other authentication credentials
5. For accessing CB Mobile Banking:
Banking and other transactions executed through CB Mobile Banking
Date and time when CB mobile accesses our servers
IP address of your device and other device-related identifiers
Personal and non-personal information combined downloaded from the CB mobile banking
Mobile device contacts (nominated by the user);
Video, image, and sound recordings of when you transact with us or contact us via phone calls;
Version of Camalig Bank Mobile you are using
Type of operating system you have
Your device model and manufacturer
Mobile application interactions;
Mobile application crash logs;
Mobile application diagnostics;
6. For Current Employees, Officers and the Board of Directors
We also collect information with our human resource for reasons such as:
(i) PersonnelRecord
(ii) Leave/Absence Management
(iii) Key Skills Assessment and Performance Management
(iv) Legalrequirement
(v) Supply management information
We ensure that the data we collect from our employees, officers and the members of the Board shall be handled with utmost confidentiality and protected for the rights of our human resource. Retention of data shall be governed by the Bank's AMLA Manual and personnel records shall be kept in the premises for only within the retention period required by the regulations
7. For Bank's Business Engagement with Partners
To conduct administration of business relationships with our partners, we collect personal information which may include a person's names, dates of birth, address, and payment information only relating to corporate bodies. This information will be processed for he purpose of legal obligations may include storage and identification requirements.
8. Website
Personal data that we collect are limited to what will allow us to properly respond to your queries about the Bank’s product and service offerings. In order for us to do this we collect only the following personal data from you:
1. Name
2. Address
3. Phone
4. E-mail Address
9. Job applicants
We collect personal data from you to allow us to properly match your profile with our various openings and their respective requirements. The personal data we collect are grouped accordingly to information that will allow us to communicate back with you and validate the following:
1. Your basic personal and family background
2. Your educational background
3. Your employment background (if any)
4. Information required to be asked and collected by virtue of a BSP requirement
HOW WE USE YOUR INFORMATION
We use your personaldata for legitimate purposes, as follows:
1. To facilitate the administration, servicing and implementation of the maintenance of your account and transactions.
2. To implement our credit risk management framework such as credit risk and behavioural analysis in assessing your ability to repay a loan based on your personal data and other required information.
3. To operationalize our products and services delivery.
4. To provide you with suitable products and services by gathering and analysing the information collected for the improvement and development of the Bank's products and services.
5. To manage customer relationships through your feedbacks, notes we have acquired during conversations with you by our employees in person / via telephone / via website regarding your business dealings and transactions with us as well as personalized marketing.
6. To prevent and detect fraud and unusual activities that may compromise data security.
7. To comply with internal and external reporting requirements as part of statutory directives and legal obligations.
8. For Camalig Bank Mobile, the personal data that you provide may be used to access your mobile banking account. We may also use your personal data to inform or offer you about products and services that we think may be relevant to you.
We use personal data collected through the CB Mobile Banking to:
Identify and authorize your log-in to your mobile banking account, authentication of transactions and processing of applications
Recognize you or your device when launching the app for a more secure and personalized experience
Respond to and process your requests
Improve and further customize other mobile services
Use your information to detect fraud and for other uses on information security
9. Records of your inquiries with us are kept only for a period of five (5) years afterwards the said records are destroyed and disposed of. We will only keep records of your inquiries beyond our stated retention period if we are bound to do so under circumstances covering legal obligations or compliance with regulatory agencies, laws, or as required by police authorities.
10. For job applicants, we will only keep your personal data as long as your application is considered active and will destroy and dispose of your personal data once deemed necessary either through filling in of vacancy applied for or withdrawal or lack of feedback from you about your application.
The Bank uses personal data collected only for the purposes for which it was collected and such other purposes that you may have consented to.
HOW WE MAY SHARE YOUR INFORMATION
The Bank will never share or disclose your personal data to any third-party without your explicit consent, or when we are bound to do so under circumstances covering legal obligations or compliance with regulatory agencies, laws, or as required by police authorities.
We may share your personal data with our affiliates or other third party partners and vendors, under an obligation of confidentiality, in order to:
Assist in providing you with requested products and services
Facilitate or implement any transaction-related services
Help analyze the use of our features and functionalities and how to improve them
Protect our clients and business from fraudulent and illegal activities
Comply with legal requirements
HOW LONG DO WE KEEP YOUR INFORMATION
We keep your personal data for as long as it is necessary in congruence to regulatory provisions on data retention. We will only keep records of your data beyond the retention period required by regulations, if we are bound to do so under circumstances covering legal obligations or compliance with regulatory agencies, laws, or as required by police authorities
HOW WE PROTECT YOUR INFORMATION
The privacy and security of your personal data is important to us. Appropriately, we employ digital, operational, and physical safety measures and safeguards to maintain the confidentiality, integrity and availability of your personal data. We train our employees to properly and carefully manage personal data. We require our third party partners and vendors to protect personal data aligned with our own security standards.
WHAT ARE YOUR RIGHTS AS A DATA SUBJECT
As a data subject you are entitled to the following rights:
1. Right to be informed on the nature, process and extent of processing we perform on your personal data.
2. Right to request for a copy of the personal data we collect from you, have it corrected in case there are errors to it and to be given a copy of it either electronically or in any other recommended format that allows for you to have continued use of your personal data.
3. Right to object to the processing of your personal data. You also have the right to withdraw your consent and request for stoppage to further processing of your personal data and ultimately to have your personal data deleted from our processing systems. Please note that exercise of these rights will be entertained by the Bank but may enable us not to process further any transaction you may have with the Bank.
4. Should you have objections or complaints to the way we process your personal data, or have substantial proof allowed under the Data Privacy Act of 2012 that your personal data was mishandled by the Bank, you have the right to file a complaint with the National Privacy Commission and be indemnified for any damages due to you.
WHAT ARE YOUR DUTIES AS A DATA SUBJECT
To commence and execute our duties as a bank and fulfil our associated contractual duties, you will duly provide certain information based on the requirements of the Bank.
There is also information that we are legally obliged to collect. Without these data we may not be able to open an account for you or perform certain banking activities.
EXTERNAL DATA STORAGE
We may store your data on servers provided by third hosting vendors with whom we have contracted.
SCOPE OF THIS PRIVACY POLICY
This privacy policy does not govern the collection and use of information by companies that we do not control, nor by individuals not employed or managed by us. lf you visit a Web site that we mention or link to, be sure to review its privacy policy before providing the site with information.
CHANGES TO THIS PRIVACY POLICY
We reserve the right to change this privacy policy as we deem necessary or appropriate because of legal compliance requirements or changes in our business practices. If you have provided us with an email address, we will endeavor to notify you, by email to that address, of any material change to how we will use your personal data.
CONTACT INFORMATION
If you wish to exercise any of your rights or have further inquiries regarding how the Bank manages and handles your personal data, you may reach out to our Data Protection Officer at privacy@camaligbank.com.ph.
For complaints and other concerns, you may contact our Consumer Support Unit at customersupport@camaligbank.com.ph
Camalig Bank is supervised by the Bangko Sentral ng Pilipinas (BSP). You may also call or email the BSP’s Financial Consumer Protection Department at (02) 708-7087 or consumeraffairs@bsp.gov.ph