Privacy Statement - City Savings Bank

CITY SAVINGS BANK

PRIVACY POLICY

FOR CLIENTS AND CUSTOMERS



City Savings Bank, Inc. (“CitySavings”, “we”, “us” or “Bank”) collects, processes, and retains personal data from its clients and all other interested persons who transact business with us.

This Privacy Policy (“Policy”) is in line with our upholding of Republic Act No. 10173, otherwise known as the "Data Privacy Act" (“DPA”), its Implementing Rules and Regulations (“IRR”), and all other issuances of the National Privacy Commission (“NPC”) (collectively, the “Privacy Laws”). The Bank has prepared this Policy to help you understand how it processes and safeguards the personal data that it collects by reason of and in relation to your transactions with us.

This Privacy Policy outlines the personal data we collect and process; the purpose for our collection and processing; the recipients for the data we collect and process; the retention period for the data collected; the rights of our clients and all other interested persons as data subjects; and the contact details of our data protection officer. We may, at any time and at our sole discretion, amend and update this Privacy Policy.



PURPOSE AND SCOPE



CitySavings respects and values your privacy and the secrecy of your account information with us. This Policy informs you, the consumer, how we collect, use, store, and process your personal data with us. We adhere to the data privacy principles of (1) legitimate purpose – we only process upon your consent, in compliance with law or contract, in pursuit of the Bank’s legitimate business purpose and to improve customer experience; (2) transparency – we notify everything that happens to your data; and (3) proportionality – collection is limited based on purpose.

This Policy applies to our consumers whether as: (1) current, past, and prospective customers as individuals or corporations, whether approved or rejected; or (2) non-clients – payees or payors or bank products and services we provide; visitors, or inquirers at our branches and online channels; ultimate beneficial owners, directors or representatives of corporate clients; and such other persons involved in the application of financial services – whether approved or rejected – and transactions with us or with our consumers.



COLLECTION OF YOUR PERSONAL AND SENSITIVE PERSONAL DATA



Personal Data refers to any information that identifies or is linkable to a natural person. On the other hand, Sensitive Personal Data is any attribute that can distinguish, qualify, or classify a natural person from the others such as data relating to your ethnicity, age, gender, health, religious or political beliefs, genetic, or biometric data.

We collect your Personal and Sensitive Personal Data when you register, sign-up, or use our bank products and services or contact us about them. We also collect through your authorized organization whether private corporation or government instrumentality. We may also obtain your information from other sources (i.e., publicly available platforms, financial institutions, credit agencies, payment gateway processors, public authorities, and other registers) for purposes of identity verification and regulatory requirements by the Bangko Sentral ng Pilipinas (BSP).



KINDS OF DATA WE PROCESS


  1. Know-Your-Customer (KYC) / Identification Data: refer to Personal Data and Sensitive Personal Data we collect when you sign up or register to our products and services such as full legal name, gender, date of birth, nationality, civil status, permanent address, present address, tax identification number, and other government-issued identification numbers, mobile number, home number, office contact details, company name, job position or rank, office address, source of funds, gross annual income, and such other information necessary to conduct due diligence and comply with BSP rules and regulations.

  2. Transactional Data: linkable information to your Personal Data such as (1) bank account number, deposits, withdrawals, such other transfers made to or from your account, and details about them such as reference number, place, and time these were made; (2) information when you contact us through our official channels such as branches, contact centers, web, and mobile platforms; (3) card account number as well as purchases or transactions using your card; and (4) other forms of customer account number, payments, and transactions you have with us.

  3. Financial Data: information about the value of your property and assets, your credit history and capacity, and other financial products and services you have with us

  4. Behavioral Data: this refers to your online behavior, customer segment, usage of our products and services, internet protocol address of your devices used to access our website and applications, interests and needs you share with us, and customer behavior we collect as part of due diligence, to prevent fraudulent conduct, and comply with banking rules on anti-money laundering, terrorism financing, and tax fraud.

  5. Audio Visual Data: for security and improvement of our services, we process audio and video recordings of your interactions with us and surveillance videos at branches and automated teller machines, subject to limitations imposed by law.

  6. Sensitive Personal Data: we may require the following Sensitive Personal Data: (1) for customer verification, your government-issued identification numbers or cards such as passport, PhilSys National ID or driver’s license ID; or (2) any information that is necessary, incidental to contractual agreement, or in connection with a requested product or service.

  7. Children’s Data: we may collect information about children if they have opened an account with us with parental consent or if you provide us in relation to a product or service you signed up with us (i.e. when your children open a bank account with us).

  8. Relevant Individuals: upon your authorization, we may collect information about family members, beneficiaries, attorneys, attorneys-in-fact, shareholders, beneficial owners whenever applicable, persons under any trust, trustees, partners, committee members, directors, officers or authorized signatories, guarantors, other security, and other individuals.



The foregoing data are collectively referred to as “Consumer Data”.



DATA PROCESSING



Processing means any activity pertaining to the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of Consumer Data

We process Consumer Data only for legitimate purposes and with lawful basis such as your consent to be bound by this Policy upon application and submission of the signed terms and conditions and application forms, terms, and conditions of product or service you signed up with us, and as required by law and regulation. We ensure that only authorized employees and third-party service providers, who satisfy our stringent risk management, governance, information security, and data privacy requirements, can process your data.




DATA SHARING AND PURPOSE



When you consent to the processing of your Consumer Data with us, you also agree to help us comply with our statutory and contractual obligations with other financial institutions. We may also share Consumer Data externally with our partners, upon your written and/or electronic consent, for value-added services you may find useful and relevant on top of your account with us. For contractual and value-added service data sharing agreements, we employ standardized model clauses as recommended by National Privacy Commission to ensure data protection of Consumer Data.


Further, the Consumer Data shall be provided in a manner and form as specified in a separate contract of agreement. The Bank and third parties shall take reasonable measures to protect the Consumer Data from breach of the agreement or any part thereof or from unauthorized and unlawful disclosure to other parties. The following shall be observed in sharing data:


  1. The amount of information that shall be collected and processed are defined.
  2. The information shall be provided only to the authorized recipients as of the date of the agreement.
  3. The Bank may withhold or order to cease processing or sharing of data at any time if it deems that such processing or disclosure is contrary to law or adversarial to the Bank’s interests.
  4. The Bank may share anonymized or aggregated information internally and with third parties for any purposes. Anonymized information will not identify you individually.

Below are the disclosures required by the government entities, other regulatory authorities and financial institutions:



RIGHTS OF THE CONSUMER


Under the Data Privacy Act of 2012, you have the following rights:


  1. Right to be informed – you may demand the details as to how your Personal Information is being processed or have been processed by the Bank, including the existence of automated decision-making and profiling systems.

  2. Right to access – upon written request, you may demand reasonable access to your Personal Information, which may include the contents of your processed personal information, the manner of processing, sources where they were obtained, recipients, and reason of disclosure.

  3. Right to dispute – you may dispute inaccuracy or error in your Personal Information in the Bank systems through our contact center representatives.

  4. Right to correct – you may require CitySavings to correct any Information and/or Personal Data relating to you which is inaccurate.

  5. Right to object – you may suspend, withdraw, and remove your Personal Information in certain further processing, upon demand, which include your right to opt-out to any commercial communication or advertising purposes from the Bank.

  6. Right to data erasure – based on reasonable grounds and subject to applicable laws and regulations, you have the right to suspend, withdraw or order blocking, removal or destruction of your personal data from the Bank’s filing system, without prejudice to the Bank continuous processing for commercial, operational, legal, and regulatory purposes.

  7. Right to data portability – you have the right to obtain from the Bank your Personal Information in an electronic or structured format that is commonly used and allows for further use.

  8. Right to be indemnified for damages – as data subject, you have every right to be indemnified for any damages sustained due to such violation of your right to privacy through inaccurate, false, unlawfully obtained, or unauthorized use of your information

  9. Right to file a complaint – you may file your complaint or any concerns with our Data Protection Officer and/or with the National Privacy Commission through www.privacy.gov.ph.


CONTACT OUR DATA PROTECTION OFFICER


To exercise your data privacy rights and for other inquiries and concerns, you may address them to CitySaving’s Data Protection Officer at 29/F UnionBank Plaza, Meralco Avenue cor. Onyx Road, Pasig City or through email at dpo@citysavings.com.ph.


Please clearly indicate the information that you wish to review, correct, update or modify. The Bank will endeavor to comply with your request as soon as reasonably possible. If the Bank is unable to uphold your data privacy rights, you have the right to lodge a complaint before the NPC.


The Bank welcomes any feedback from your regarding any area of our existing services or marketing strategies. You may send your specific feedback to the email address above. Any feedback you provide shall be deemed to be confidential. Your feedback is highly appreciated as it serves as a way for us to improve our services and best satisfy your needs.


From time to time, we may modify, update or amend the terms of this Privacy Policy by placing the updated Privacy Policy on our website. The effective date of such modifications, updates or amendments will be noted at the end of the Privacy Policy. The Bank will inform you in writing of any changes to this Policy, either by email, letter, posting the changes at the Bank’s official website, or other communication channels.


Effective Date: April 30, 2023