Privacy Statement

BDO Data Privacy Statement

 

At BDO Unibank, Inc. (“BDO”), we are committed to protecting your privacy as our client, and even as a visitor to this website. We are bound by, and shall comply with, the Data Privacy Act  of 2012 (“Republic Act No.  10173”), other applicable Philippine laws on data privacy, as well as rules and regulations issued by the Bangko Sentral ng Pilipinas  and other regulatory bodies, that uphold data privacy (e.g. Republic Act No. 1405 or the Law on Secrecy of Bank Deposits) (collectively, “Data Privacy Laws”).

 

Collection, Use, Disclosure and Recipients of Personal Information

When you visit our website, or submit to us your application to apply or avail of any of our services or products, or file complaints, inquiries or requests, we may manually or automatically collect your personal data (which may include your personal information and sensitive personal information) such as:

(a) Your name and other particulars such as contact details, address, birthdate, education; specimen signatures;

(b) Government ID details (such as TIN, SSS, GSIS, Driver's license);

(c) Financial information (such as income, expenses, deposits, investments, credit cards);

(d) Employment details;

(e) Images captured via CCTV and other similar recording devices which may be observed when visiting our offices,
     and/or using our facilities; 

(f) Voice recordings of our conversations with you; 

(g) Information  about your transactions with third parties, including merchants and utility companies;

(h) Non-personal information such as those provided by the device you are using (e.g. your phone) such as the
     IP address, operating system, browser type and version, and other machine-related identifiers.

 

We may use web analytic tools, including those of third parties, that use cookies to collect anonymous information and data generated in connection with your activities when you visit the BDO website (e.g. perform searches, access internal links).

 

Your personal data may be used, stored, processed, and disclosed by BDO to members of the BDO Group (consisting of BDO subsidiaries, and affiliates) as well as third parties5 as may be necessary and allowed by law (i) for legitimate purposes1,(ii) to provide services to you or implement transactions which you request, allow, or authorize, and, (iii) to comply with the BDO Group’s internal policies and its reporting obligations2 to governmental authorities3 under applicable laws4.

 

These information are kept secure and only processed by concerned business units.

 

Phishing Emails

Since the email is not entirely safe, we will not use email to get your confidential information such as account numbers, passwords, and credit card numbers. We encourage you also not to use email to provide your confidential information. An authorized bank representative will get in touch with you should we require confidential/other information. We will never ask you to confirm any such information by clicking on a link in an email. Should you happen to receive an email containing a purported link to our website, asking you to provide or confirm confidential information, kindly ignore this and do not attempt to access the link to get to our site. These links may take you to a spoofed site that could send all information you enter to the hacker who designed the site.

 

Security and Retention Period

We have put in place appropriate physical, organizational, and technical controls to maintain the confidentiality, integrity, and availability of your personal data.

 

Your personal data will be stored in a database for no longer than five (5) years from the conclusion of your transactions with any member of the BDO Group or until the expiration of the retention limits set by applicable law, whichever comes later, after which both physical records and digital files shall be disposed of.

 

Your Rights

Subject to the requirements, conditions and exemptions under the Data Privacy Laws, you are entitled to the following rights:

1. To be informed

     a. whether personal data pertaining to you shall be, are being, or have been processed, including the existence of automated
         decision-making and profiling.        

     b. be notified and furnished with the information indicated below before the entry of your personal data into our system, or
         at the next practical opportunity:

  • Description of the personal data to be entered into the system;
  • Purposes for which they are being or will be processed, including processing for direct marketing, profiling or historical, statistical or scientific purpose;
  • Basis of processing, when you have not provided consent;
  • Scope and method of the personal data processing;
  • The recipients or classes of recipients to whom the personal data are or may be disclosed
  •  Methods utilized for automated access, if allowed by you, and the extent to which such access is authorized, including meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing;
  • The identity and contact details of the appropriate Bank representative
  •  The period for which the information will be stored; and
  • The existence of your rights, including the right to access, correction, and object to the processing, as well as the right to lodge a complaint before the National Privacy Commission (NPC).

2.  To object to processing of your personal data, including processing for direct marketing, automated processing, or profiling,
      and in case of changes or amendments in processing

3. To access your personal data

4. To require BDO to correct any of your personal data, if inaccurate

5. To obtain a copy of your personal data in an electronic or structured format for your further use

6. To suspend, withdraw, or order the blocking, removal, or destruction of your personal data from BDO's system. It is understood
      that if you exercise this particular right, BDO has the right to terminate the services.

7. To file a complaint with the NPC

8. To be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or
      unauthorized use of your personal data.

 

Inquiries, clarifications, or requests in relation to this Data Privacy Statement may be addressed to BDO’s Data Protection Officer at data_protection_officer_bdounibankinc@bdo.com.ph, or to Data Protection Officer, 10F South Tower, BDO Corporate Center, 7899 Makati Avenue, Makati City 0726.

 

Changes to Our Data Privacy Statement

We may modify this Data Privacy Statement from time to time to align with changes in relevant laws and regulations as applicable. All updates will be posted in our website.

 

___________________________________________________

1Purposes include but are not limited to credit and risk management, know your customer checks, prevention and detection of fraud or crime, system or product development and planning, profiling, complaints management, insurance, audit and administrative purposes, and relationship management.

2Reporting obligations means obligations of the BDO Group to comply with (a) Applicable Law, and internal policies or procedures, or (b) any demand and/or requests from Government Authorities for purposes of reporting, regulatory trade reporting, disclosure or other obligations under Applicable Law.

3Governmental authority means the government of the Republic of the Philippines or a foreign country, as may be applicable, or any political subdivision thereof, and any entity exercising executive, legislative, judicial, regulatory, or administrative functions of or pertaining to the government.

4Applicable law means any statute, law, constitution, regulation, rule, ordinance, order, decree, directive, guideline, policy, requirement or other governmental restriction or any similar form of decision of, or determination of any of the foregoing by, any national, regional or local government or political subdivision, commission, authority, tribunal, agency or entity of the Republic of the Philippines or a foreign country, as may be applicable.

5Third party refers to a third party (local or overseas):
    • That is a Governmental Authority
    • Who acquires or will acquire the rights and obligations of any member of the BDO Group;
    • Who is in negotiations with any member of the BDO Group in connection with the possible sale, acquisition or restructuring
       of any member of the BDO Group;
    • Who processes information, transactions, services, or accounts, on behalf of the BDO Group (including but not limited to
       courier agencies; telecommunication information technology companies; payment, payroll,  collection, training, and storage
       agencies; entities providing customer support, and other similar entities); or
    • Who requires the information for audit and administrative purposes.