Data Privacy Notice

The DBP Data Center, Inc. is committed to protect your privacy and ensure that all personal data collected from you are processed according to the principles of transparency, legitimate purpose and proportionality pursuant to R.A. 10173 (Data Privacy Act of 2012). Our goal is to protect your personal data on the channels you interact with us – through this website, and other sites being provided by DCI.

It is our goal to institute fair information practices as part of our commitment to product and service quality that conforms to your expectations. Hence, we present the key principles that guide our service:

• We will ensure the security and confidentiality of any personal data our customers share with us
• We will limit the collection and use of customer data to a minimum
• We will permit only authorized employees, who are knowledgeable in the handling of customer data, to have access to that data
• We will not reveal customer data to any external organization unless we have previously informed the customer in disclosures or agreements, have been authorized by the customer, or are required by law.

1. WHY WE COLLECT PERSONAL DATA

   In general, DCI collects, uses and discloses personal data for the following purposes:

   • To conduct our everyday business purposes such as processing your payment transactions including sending notices, billings, and other such documents necessary for the continued use of our products and services
   • To conduct identity verification and customer due diligence in order to comply with regulation and applicable laws of the Philippines including the prevention of money laundering (pursuant to the Anti-Money Laundering Act of 2001, as amended)
   • To comply with the laws of the Philippines and applicable foreign jurisdiction
   • To comply with contractual and regulatory requirements such as the submission of data to credit bureaus, credit information companies, and the Credit Information Corporation (pursuant to the Credit Information System Act)
   • To respond to court orders, instructions and requests from local or foreign authorities including regulatory, governmental, tax and law enforcement
   • To comply with our operational, audit, administrative, credit/risk management processes, and other internal policies and procedures
   • To respond to, process and handle your queries, requests, feedback, suggestions and complaints
   • To conduct studies and researches for the purpose of reviewing, developing and improving our products and services including monitoring and recording calls and communications
   • To prevent, detect, investigate crime and manage the safety and security of our premises and services (including but not limited to conducting security clearances and carrying out CCTV surveillance)

   Furthermore, DCI shall perform the following only with your express consent:

   • To reach out to you regarding products and services information, including offers, promotions, discounts, rewards and to personalize your experience with our various touchpoints such as social media, website, email, messaging and other channels.
2. WHAT WE MAY COLLECT FROM YOU

   The types of personal data we collect and share depend on the product or service you have with us. We collect your personal data when you interact with our employees and authorized representatives through our various business units, branches, social media and other electronic channels. This may include, among others:

   • Basic personal information like your name, date of birth, gender, marital status and citizenship including supporting documents such as government ID details
   • Your contact details like your home address, mobile and telephone numbers
   • Specimen signatures
   • Education, employment and business details
   • Images via CCTV and other similar recording devices which may be observed when visiting our offices and/or using our other facilities
   • Voice recordings of our conversations with you
   • Financial information (such as income, expenses, balances, investments, tax, insurance, financial and transaction history, etc.
   • Business interests, assets and credit information
   • Account transactions, movements and interactions with third parties such as merchants
3. HOW WE COLLECT DATA FROM YOU

   There are many ways that we get personal data from you such as when you fill out a form with us, when you give us a call, when you submit records and official documents, when we conduct background and credit investigation in relation to a prospective business relationship with us, when you interact with us via social media and other electronic means. The following are ways by which we may collect personal data from you:

   • When you submit any form, including but not limited to application forms or other forms relating to any of our products and services or partnerships
   • When you enter into any agreement or provide other documentation or information in respect of your transactions with us, or when you avail of our products and services
   • When you interact with our personnel, including relationship managers, and their assistants, example via telephone calls (which may be recorded),letters, fax, face-to-face meetings and emails
   • When your images are captured by us via closed-circuit television cameras (CCTVs) or other equipment or devices while you are within our premises
   • When you use some of our products and services provided through online and other technology platforms, such as websites and apps
   • When you request that we contact you, or include you in an email or other mailing list; or when you respond to our request for additional personal data, promotional campaigns and other marketing activities
   • When you are contacted by, and respond to our marketing representatives, agents and other service providers
   • When we seek information about you and receive your personal data from third parties in connection with your relationship and transactions with us, for example, from referrers, business partners, external or independent asset managers, public agencies or the relevant authorities
   • In connection with any investigation, litigation, or inquiry which may relate to you or any connected person
   • When you submit your personal data to us for any other reason
4. HOW WE MAY SHARE YOUR DATA

   DCI will not share your personal data with third parties unless necessary for the above-mentioned purposes and unless you give your consent thereto. Such third parties may include DCI’s business units, partners, affiliates, agents, outsourced service providers and other third parties.

   We engage outsourced service providers to support us in delivering services to you. Our third parties include government regulators, judicial, supervisory bodies, tax authorities or courts of competent jurisdiction. We engage third parties for the following reasons:

   • Verify your personal information
   • Assist in business operations
   • Comply with legal requirements
   • Enforcing our terms of use including other applicable policies with respect to the services that we provide
   • Addressing fraud, security or technical issues, to respond to an emergency or otherwise protect the rights, property or security of our customers or third parties
   • Carrying out all other purposes set out above

   Personal data shared with third parties shall be covered by the appropriate agreement to ensure that all personal data is adequately safeguarded.

   DCI does not, will not, sell personal data to any third party. All our engagements with third parties shall be fully-compliant with our obligation of confidentiality imposed on us under applicable agreements and/or terms and conditions or any applicable laws that govern our relationship with you.

5. HOW WE PROTECT YOUR DATA

   DCI strictly enforces data privacy and information security policies. It implements technological, organizational and physical security measures to protect your personal data against loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction. We put safeguards such as the following:

   • We keep and protect data using a secured server behind a firewall, deploying encryption on computing devices and physical security controls
   • We restrict access to your personal data only to qualified and authorized personnel who hold your personal data with strict confidentiality
   • We train our employees to properly handle your data and
   • We require our third parties to protect personal data aligned with our own security standards.
6. HOW DO WE STORE AND DISPOSE YOUR PERSONAL DATA

   DCI stores personal data in a data center (on premise and cloud) and physical document storage facilities.

   It retains personal data only according to operational need and in compliance with legal and regulatory purposes. The company’s data retention and disposal policy is in accordance with R.A. 9470 (National Archives of the Philippines Act) and BSP regulations. In general, DCI shall only retain your data for five (5) years after the processing relevant to the purpose has been terminated. However, DCI may retain your data when necessary to establish, exercise or defend legal claims, for legitimate business purposes, or when provided by law.

7. YOUR ROLE IN ENSURING THE COMPLETENESS, ACCURACY AND PROTECTION OF YOUR PERSONAL DATA

   You should ensure that personal data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested. You should inform DCI immediately of any change of facts or circumstances which may render any information or personal data previously provided inaccurate, untrue, or incorrect and provide any information or documentation DCI may reasonably require for the purposes of verifying the accuracy of the updated information or personal data.

   We encourage you to be vigilant in protecting your personal data by ensuring that your account details, PINs, username and password are not disclosed to others or written somewhere accessible to others. We advise you to exercise caution in protecting yourself against phishing, skimming and other electronic fraud.

8. YOUR DATA PRIVACY RIGHTS

   Under the Data Privacy Act, you have the following rights:

   • Right to be informed;
   • Right to object;
   • Right to access;
   • Right to rectify or correct erroneous data;
   • Right to erase or block;
   • Right to secure data portability;
   • Right to be indemnified for damages; and
   • Right to file a complaint.

   The company’s decisions to provide access, consider requests for correction or erasure, and address objection to process data as it appears in DCI’s official records, are always subject to applicable internal policies, relevant laws and regulation.

9. HOW YOU MAY CONTACT US How to contact us

   For further inquiries or complaints, please visit any of our office or get in touch with our Business Development Department at (02) 88189511 local 2913 or at email address info@dci.ph

   Data privacy requests and concerns

   For data privacy requests and concerns, you may write to our Data Protection Officer at bjpasuncion@dci.ph or

   Data Protection Officer DBP Data Center, Inc., 9/F DBP Building, Sen. Gil Puyat Ave. corner Makati Ave. Makati City 1200
10. CHANGES TO OUR DATA PRIVACY NOTICE

    DCI may amend this Data Privacy Notice to ensure that it is consistent with industry trends, legal and regulatory requirements applicable to how we handle your personal data. Relevant updates will be posted on this site.

11. CONSENT

    Submitting your data to DCI signifies that you have read and understood the above Privacy Notice and expressly consent to the processing of your personal and/or sensitive personal information in the manner and for the purpose provided in this Notice. You understand and accept that this will include access to personal data and records submitted, which may be regarded as personal and/or sensitive personal data as provided under the Data Privacy Act of 2012.

    You also authorize DCI to disclose your data to accredited/affiliated third parties or independent/non-affiliated third parties, whether local or foreign, in the following circumstances:

    • As necessary for the proper execution of processes related to the declared purpose;
    • The use or disclosure is reasonably necessary, required or authorized by or under law; and
    • Provided security systems are employed to protect my data.

    Consenting to this Privacy Notice, however, does not waive any of your rights under the Data Privacy Act of 2012.

    For complete reference on the Data Privacy Act, please visit the National Privacy Commission website at https://www.privacy.gov.ph/.