We, at Rizal Microbank, Inc. (RMB), respect and value your privacy. We believe that you are entitled to know how we use and protect your personal information. We give this notice to inform you of the ways in which we process your personal information and the means by which you can control, to a certain extent, these processes.
While this notice is intended mainly for the benefit of our individual clients, we stress that we handle and protect the information of our entity clients in the same manner that we handle and protect the information of individuals.
Who is providing this notice?
As the personal information controller under Republic Act No. 10173 or the Data Privacy Act of 2012, RMB gives this notice to inform you of your rights and our obligations under the law.
What personal information do we collect?
The types of personal data that we collect depend on the product or service that you avail or intend to avail from us, including but not limited to:
- Full name, gender, place and date of birth;
- Residential/permanent address;
- Copy of identification cards such as passport, TIN, SSS/GSIS number;
- Employment or business information;
- Payment details, including credit card and banking information;
- Contact details, including telephone/cellphone number and email address;
- Latest income documentation;
- Latest billing proof of address (where applicable); and
- Other information necessary to provide you with the product or service that you need.
Additional personal data that we collect over the course of our relationship with you
Over the course of our relationship, we may collect data about you including but not limited to your transactions, account history and information, inquiries about our products and services.
Personal data that we collect as authorized or required by law
We may also collect information about you when required or authorized by law. For example, we require your personal data to verify your identity under Republic Act No. 9160 or the Anti-Money Laundering Act of 2001 and the Foreign Tax Compliance Act.
Personal data that we collect via your web activities
RMB uses “Google Analytics” to collect information about use of this site. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. We then use the information collected from Google Analytics only for purposes of improving this site. Google Analytics collects only the IP address assigned to you on the date you visit this site, rather than your name or other identifying information. RMB does not combine information collected through the use of Google Analytics with any of your personally identifiable information.
Please note that some information may be gathered with the use of ‘cookies’ which are small pieces of information stored on your browser that may be retrieved by the site. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google and will allow Google Analytics to recognize you on any return visit to this site. Should you wish to disable these cookies, you may do so by changing the appropriate settings on your web browser.
Personal data that we collect through social media
We know that some of you like to engage with us through social media. So that we can respond to your inquiries, we may ask for your name, contact number and email address. We will only collect your information with your consent. For account and transaction inquiries, you can always call our Customer Contact Center.
How do we collect your personal data?
There are many ways that we get information from you. We might collect your information when you fill out a form with us, when you give us a call, use our websites, or drop by one of our Business Centers. We may also collect your information via the following:
- In applications, emails and letters, in customer surveys, during financial reviews and interviews.
- From data analysis (for example, the amount, frequency, location, origin, and recipient) of your payments and other transactions, and your use of our products and services.
- Information that we receive from our subsidiaries and affiliates, and from or through other organizations (for example, card associations, credit bureaus, insurance companies, and fraud prevention agencies) whether in the course of providing products and services to you or otherwise.
How we collect and manage your sensitive personal information?
The Data Privacy Act considers the following information as sensitive:
- Race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
- Health, education, genetic or sexual life of a person, proceeding for any offense committed or alleged to have been committed by such person; and
- TIN, SSS/GSIS no., health records, licenses, tax returns, etc.
Unless allowed or required by law or regulation, we will only collect your sensitive information with your consent.
When will we notify you that we have received your information?
When we receive your personal information, we will take reasonable steps to notify you on how and why we collected your information, who we may disclose it to and how you can access it, seek correction of it or file a complaint. This notice may already be included in the form or document that you filled out and submitted to us.
When we receive your personal data from third parties, we will take reasonable steps to notify you of the circumstances of that collection upon your request.
How do we take care of your personal data?
We store information in paper and electronic formats. The security of your personal data is important to us and we take reasonable steps to protect it from misuse, interference, loss, unauthorized access, modification, and unauthorized disclosure by establishing and enforcing:
- Confidentiality requirements and data privacy training of our employees;
- Document storage security policies;
- Security measures to control access to our systems and premises;
- Limitations on access to personal data;
- Strict selection of third party data processors and partners; and
- Electronic security systems, such as firewalls and data encryption of our websites and mobile applications.
We may store your personal data physically or electronically with third party data storage providers. When we do this, we use contractual arrangements to ensure those providers take appropriate measures to protect that information and restrict the uses to which they can put that information.
What happens when we no longer need your information?
We will only retain your information for as long as necessary for the purpose for which they were collected or as required by law and regulation. We will destroy your personal data when its retention is no longer required by purpose, law or regulation.
How do we use your personal data?
We use your personal data for various reasons, mainly:
- To comply with law and regulation (for KYC or client identification);
- To carry out our obligations arising from contracts entered between you and us;
- To conduct our everyday business purposes (to process your transactions and maintain your account).
Because we offer a range of products and services, collecting your personal data allows us to provide you with the products and services you requested. This means we can also use your information to:
- Consider your request for products and services, including eligibility;
- Process your application; and
- Conduct market research
Will we use your personal data for marketing our products and services?
With your consent, we may use your personal data to let you know about products and services that we believe may be of interest to you, including products and services from our related companies.
Such marketing activities may be via mail, telephone, SMS, email, or any other electronic means. We may also market our products to you through third party channels (such as social media sites), or via other companies who assist us to market our products and services.
You can let us know at any time if you no longer wish to receive direct marketing offers.
With whom do we share your personal data?
Sharing with the government
To comply with legal and regulatory mandates, we submit required information to government agencies, like the Bangko Sentral ng Pilipinas (BSP), Bureau of Internal Revenue (BIR), and Securities and Exchange Commission (SEC).
Sharing with Credit Reporting Bodies
Pursuant to Republic Act No. 9510 or the Credit Information System Act, we may disclose your personal and other relevant information to the Credit Information Corporation in connection with your application for and availment of a credit facility with us. This information may include data on your creditworthiness. With your permission, we may also share such information with other credit bureaus authorized by the Credit Information Corporation.
Sharing with other persons and entities
Only after obtaining your consent, we may also disclose your information to third parties for marketing, cross-selling and other specified legitimate purposes. In instances where your information is shared with third parties, we will ensure that we would only share your data with entities that can demonstrate sufficient organizational, technical and physical security measures that can and will protect your personal data.
How do you access or correct your personal data?
Unless there are practical, contractual and legal reasons why we cannot process your request, you have the right to ask for a copy of any personal information we hold about you, as well as to ask for it to be corrected if you think it is wrong. To do so, please email RMBdataprivacy@rizalmicrobank.com.
If you have queries, requests and complaints
We care about what you think and we welcome your feedback. You can contact us:
- thru our Data Protection Officer: (082) 8894-9000 local 5774
- by speaking to any RMB Branch officer or personnel nearest you;
Data privacy requests and concerns
For your data privacy concerns and requests, you can email our Data Protection Officer at email@example.com.
You may also contact the National Privacy Commission
Email: firstname.lastname@example.org or email@example.com
Address: 5th Floor Delegation Building, PICC Complex, Roxas Blvd, Pasay, Metro Manila, Philippines