In this Privacy Notice, the terms “we”, “us”, and “our” refer to Sterling Bank of Asia Inc. (A Savings Bank). Meanwhile, the terms “you” and “your” refer to our individual client, or to an individual whose personal data are submitted to us for processing.
This Privacy Notice explains the types of personal data that we collect and process, why we collect and process them, and how we protect them. It also contains information about your rights under Republic Act No. 10173 or the Data Privacy Act and its Implementing Rules and Regulations (collectively, “data privacy laws”).
1. Types of personal data that we collect
We collect the following types of personal data when you avail of our products or services and over the course of our relationship:
- Identification information such as name, age, date and place of birth, citizenship, signature, profession/occupation, corporate or organizational documents, Tax Identification Number (TIN), Social Security System (SSS) or Government Service Insurance System (GSIS) Number, and licenses and permits to conduct business;
- Contact information such as electronic mail (email) address, personal and office phone numbers, and mobile phone number;
- Financial and credit information such as, but not limited to, financial status, credit background, and source of funds;
- Personal or business references;
- Any other personal data which we may be required to collect under the law, issuance of administrative and regulatory bodies, or court order or which we may need to collect in order to provide you our products and services; and
- Technical information such as internet protocol (IP), browser type, operating system, and average time spent on a website.
2. How we collect your personal data
We collect your personal data through the following:
- Forms, surveys, and other documents that you accomplish, sign, and/or submit when you avail of our product or service and over the course of our relationship
- Data analysis of your payments and other transactions with us
- Email, phone calls, letters, and other communications that you send to us
- Persons, institutions, and organizations (such as credit bureaus and fraud prevention agencies) from which you have authorized us to receive personal data or from which we are allowed to receive personal data under the law or issuances of Bangko Sentral ng Pilipinas (BSP) or other regulatory bodies
- Our website and online and mobile banking facilities
- Social media sites, news, publications, and other available sources
- Any of our branches and offices which you visited
3. How we use your personal data
We use your personal data for the following purposes:
- To enable us to provide the product(s) and/or service(s) that you availed of;
- To execute instructions and requests which you may make in relation to your account;
- To comply with the requirements of the law, BSP regulations (e.g., customer identification or KYC) or issuances of other regulatory body or agency, or order of a court of competent jurisdiction;
- To communicate with you concerning your account; (If you have elected to receive marketing and promotional materials about our products and services, your personal data may also be used for such purpose.)
- To fulfill our contractual obligations to you.
4. With whom we share your personal data
In connection with the abovementioned purposes, we may share your personal information with the following:
- Accredited service providers, agents, and third parties with whom we have executed outsourcing agreements and/or who have an obligation of confidentiality to us;
- Legal counsels, internal and external auditors, and advisors who need to have access to your personal data to perform their functions and who have an obligation of confidentiality to us;
- Credit information bureaus, financial institutions, and other entities with whom we are allowed or obligated to share personal data under BSP regulations;
- Third parties, pursuant to the order of a competent court, quasi-judicial agency, or regulatory body exercising supervision over us; and
- The BSP, the Credit Information Corporation (CIC), and other agencies and entities to whom we are required to disclose personal data under the law or a regulatory issuance.
5. How long do we retain your personal data
We retain your personal data, whether in paper or electronic format, only for as long as necessary for the fulfillment of the purposes for which we obtained your personal data; or for the establishment, exercise, or defense of legal claims; or for legitimate business purposes; or as provided by law, BSP regulations, and our policies and procedures. After the retention period, we destroy your personal data to ensure that they will no longer be readable by, or accessible to, any person.
6. How we protect your personal data
We employ reasonable and appropriate organizational, physical, and technical security measures in order to maintain the availability, integrity, and confidentiality of your personal data. Only authorized personnel are allowed to access your personal data. If and when we share your personal data to our service providers and other third parties, the arrangement is protected by a confidentiality clause.
7. Your rights under Data Privacy Laws
Subject to the conditions and exceptions provided under Data Privacy Laws, you have the right to:
- Be informed if your personal data will be, are being, or were, collected or processed;
- Have reasonable access to: (a) the contents of your personal data, (b) the sources from which the personal data were obtained, (c) the names and addresses of the recipients of your personal data, (d) the manner by which the personal data were processed, (e) the reasons for disclosure of the personal data to recipients, if any, (f) information on automated processes where your personal data are made the sole basis for any decision that significantly affects or will affect you, and (g) the date when your personal data were last accessed and modified;
- Object to the collection and processing of your personal data;
- Dispute and have corrected any inaccuracy or error in your personal data in our possession;
- Suspend, withdraw, or order the blocking, removal, or destruction of your personal data from our records or filing systems;
- Claim compensation for damages which you may have suffered due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data;
- File a complaint with the National Privacy Commission (NPC) if you believe that your personal data have been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated; and
- Obtain a copy of your personal data in an electronic or structured format that is commonly used and allowed for your further use.
8. Sterling Bank of Asia Electronic Banking Services
The provisions of this Section apply only to personal data collected through our internet and mobile banking services (collectively, “electronic banking services”). By using the said services, you agree to be governed by these provisions.
There are instances, however, when you will be requested to provide personal data through our website, such as when you file an online application for a product or service and when you decide to register on our website. We give all personal data that you provide through our website the same degree of protection that we give to personal data that we collect through other channels.
Our website may contain links to other websites. These third-party sites have separate and independent privacy policies. We have no responsibility or liability over the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Our electronic banking services are served from a secure server, thus any personal data that you submit through our electronic banking services are encrypted on their way from your computer to our servers. In the unlikely event that your transmission is intercepted, your personal data will not be usable by anyone.
We require that you use a unique password to access your accounts and transaction information through our electronic banking services. You can help maintain the security of your personal data by not sharing your password with anyone, by changing your password on a regular basis, and by properly signing off after each electronic banking session.
9. Change or Modification in Privacy Notice
We will notify you of any changes or modifications which we may make in this Privacy Notice. You may withhold your consent to the continuous collection and processing of your personal data if you do not approve of the changes.
10. Joint and in-trust-for(ITF) / for-the-account-of (FAO) accounts
We require each individual joint account holder, whether the account is an “and” or “or” joint account, to give consent to the collection and processing of his/her personal data. For in-trust-for (ITF) / for-the-account-of (FAO) accounts, the principal account holder warrants that he/she is authorized to submit to us the personal data of the minor or incapacitated beneficiary/ies for collection and processing.
11. How you may contact us
If you have questions or concerns about this Privacy Notice or the privacy of your personal data, please send an email to DPO@sterlingbankasia.com or call (+632) 8721-6000/(+632) 8672-6300.