BOF, Inc. (A Rural Bank) respects and values the data privacy rights of all its stakeholders. We make sure that all data collected from stakeholders are processed in compliance with the Republic Act No. 10173 also known as Data Privacy Act (DPA) of 2012, its Implementing Rules and Regulations (IRR) and other relevant policies including issuances of the National Privacy Commission (NPC). This Privacy Policy outlines how we collect, protect, use, and share information when you apply for and avail of our products and services.
Information We Collect
When you apply for or avail of any of our products or services, file complaints, inquiries or requests, apply for employment or visit our website, we may manually or automatically collect your personal data which may include your personal information and sensitive information such as but not limited to:
Name and personal particulars such as contact details, address, birthdate, education; and specimen signatures;
Government ID details (such as TIN, SSS, GSIS, Driver's License);
Financial information (such as income, expenses, balances, investments, tax, insurance, financial and transaction history, etc);
Employment details;
Business interests and assets;
Images via CCTV and other similar recording devices and processes which may be observed when visiting our offices and/or using our other facilities;
Voice recordings of our conversations with you;
Non-personal information such as those provided by the device you are using (e.g. your phone) such as the IP address, operating system, browser type and version, and other machine-related identifiers.
Kindly ensure that all personal data submitted are accurate, complete, and up-to-date.
If and when necessary, BOF may seek to verify and disclose these information with third-party entities including government regulators, judicial, supervisory bodies, tax authorities or courts of competent jurisdiction and, in the process, gain additional information about you.
BOF also collects information about your transactions and dealings with us such as account activities and transactions with third parties necessary to continue to provide our products and services. We may also collect, use and keep your personal opinions or comments made known to us via feedback or responses to surveys or any other interaction that you had with our employees, authorized representatives, agents, and service providers.
Usage of Information We Collect
BOF shall collect, use, transfer, share/disclose, retain, and dispose personal data for the following purposes:
For Clients
Process, approve, facilitate, and administer availment of our products and services, applications, and transactions;
Perform due diligence and/or background investigation and credit investigation;
Respond to queries, requests and complaints and improve how we interact with you;
Send you communications, statements, billings, notices and other documents necessary for continued use of our products and services;
Conduct researches for the purpose of reviewing, developing and improving our products and services;
Request feedback and participation in surveys for statistical purposes, participation in promotions and rewards;
Comply with audit requirements and privacy compliance assessments;
Comply with legal and regulatory obligations under the law as required by Government Organizations such as BSP, AMLC, BIR, DOLE, SSS, HDMF, and PhilHealth;
Comply with legal and regulatory requirements such as submission of data to credit bureaus, credit information companies, the Credit Information Corporation (CIC), responding to court orders and other instructions and requests from any local or foreign authorities including regulatory, governmental, tax and law enforcement authorities or other similar authorities; and
Perform other activities and disclosures permitted by law or with your consent.
For Employees
Process and evaluate suitability for employment, including background and credit investigation and skill-based assessment;
Processing payroll and employee benefits;
Monitoring of attendance and career development including training and compliance monitoring;
Evaluation of performance for promotion;
Performing business functions as preparers, approvers, reviewers and signatories;
Managing business operations including business continuity management, safety and security;
Comply with audit requirements and privacy compliance assessments;
Comply with legal and regulatory obligations under the law as required by Government Organizations such as BSP, AMLC, BIR, DOLE, SSS, HDMF, and PhilHealth;
Performing surveys and exit interviews; and
Perform other activities and disclosures permitted by law or with your consent.
Sharing of Your Information
Your personal information may be shared to various Groups, Departments and Strategic Banking Units (GDS) of BOF as well as to third parties as maybe necessary and allowed by law:
For legitimate purposes
To provide services to you or implement your transactions
To comply with internal policies and reporting obligations to regulatory bodies under applicable laws.
Security of Your Information
BOF is committed to protect the confidentiality of your personal information particularly as it may include sensitive personal information such as your gender, government-issued IDs, etc. These information are being processed by authorized business units only and bounded by the Confidentiality and Non-Disclosure Agreement. Appropriately, we strive to maintain the confidentiality, integrity, and availability of your personal information by employing physical, technological, and procedural safeguards. Whenever we engage other companies to provide services for us, we require them to protect personal information aligned with our own security standards.
Retention and Disposal of Your Information
Your personal information will be stored in a database for no longer than five (5) years from the conclusion of your transactions with BOF or as long as the purpose for which it was collected remains in effect or until the expiration of the retention limits set by applicable law, whichever comes later, after which both physical records and digital files shall be disposed of.
Your Rights
In adherence to the Data Privacy Act, all data subjects are entitled to the following rights:
To be informed
To be informed whether personal data pertaining to you shall be, are being, or have been processed, including the existence of automated decision-making and profiling.
Description of the personal data to be entered into the system;
Purposes for which they are being or will be processed, including processing for direct marketing, profiling or historical, statistical or scientific purpose;
Basis of processing, when you have not provided consent;
Scope and method of the personal data processing;
The recipients or classes of recipients to whom the personal data are or may be disclosed;
Methods utilized for automated access, if allowed by you, and the extent to which such access is authorized, including meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing;
The identity and contact details of the appropriate Bank representative;
The period for which the information will be stored; and
The existence of your rights, including the right to access, correction, and object to the processing, as well as the right to lodge a complaint before the National Privacy Commission (NPC).
To object to processing of your personal data, including processing for direct marketing, automated processing, or profiling and in case of changes or amendments in processing.
To access your personal data.
To require BOF to correct any of your personal data, if inaccurate.
To obtain a copy of your personal data in an electronic or structured format for your further use.
To suspend, withdraw, or order the blocking, removal, or destruction of your personal data from BOF's system. It is understood that if you exercise this particular right, BOF has the right to terminate its services with you.
To file a complaint with the NPC.
To be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of your personal data.
We may charge a fee for processing your request/s for correction, for access and/or update. The fee shall depend on the nature and complexity of your request. Information on the processing fee will be made available to you prior to implementing your request.