Data Privacy Notice

Janiuay Rural Bank, Inc. (JRBI) will protect your privacy and ensure that all data and information gathered from you will be handled in accordance with RA 10173 or the Data Privacy Act of 2012 which prescribes how personal information is collected, processed, disclosed, stored and disposed of.  All personal information you provide us will be treated with the utmost confidentiality and will be processed according to the principles of transparency, legitimate purpose and proportionality.

I.  Information/Data We may Collect from You. 

         When you apply for or avail of our products/services, we may request you to provide us with information such as, but not limited to:

·         Basic personal information like your name, gender, date of birth, marital status and citizenship, including supporting documents such as government-issued ID details;

·         Specimen signatures and biometrics;

·         Immediate family information and background;

·         Address(s) and contact details like telephone/cellphone numbers, as well as email address(s) and electronic links;      

·         Educational background, employment history and business details;

·         Financial information, transactions and interests;

·         CCTV images and recordings when you visit our offices, premises and facilities;

·         Additional information if and when deemed necessary, which may be legally requested from supervisory, regulatory, judicial and tax authorities as well as credit bureaus or courts of competent jurisdiction.

II.  Purpose of Collecting Your Information/Data.  

         All information/data collected by JRBI will only be utilized for legitimate purposes.  This information/data is gathered for the following purposes:

·         For opening, maintaining and closing of deposit accounts;

·         For obtaining loans and other credit facilities;

·         Availing other retail products/services offered by the Bank;

·         Improving our services to clients and consumers (e.g., delivery of mail, serving of notices, etc.);

·         Developing additional products suited to the needs of our clients and enhancing the quality of existing products to adapt to market and customer demands;

·         For compliance with requirements mandated by law and as directed by supervisory/regulatory bodies and legal authorities;

·         For internal purposes like audit and market/credit/risk analysis;

·         Other purposes as permitted by law, allowed by regulations or with your consent.

III.  How Your Information/Data May Be Collected. 

         JRBI collects data and information only by legal means and in accordance with socially accepted norms.  The ways and means by which we will collect information from you may include:

·         Interacting with JRBI personnel through face-to-face or telephone conversation, text or video messaging;

·         Accomplishing and/or signing of forms when you query about, apply for or avail of our products and services;

·         When you submit any forms or documents relating to your application for or patronage of our products and services;

·         When you communicate with us through written mail, email, fax messaging or by accessing our official website;

·         When you interact with our officially contracted services;

·         CCTV coverage when you visit our branches, premises and facilities.

IV.  How We Use and Share Your Information/Data. 

         JRBI uses all information and data gathered in accordance with applicable laws, rules and regulations.  We may share these only, subject to your authorization, with officially sanctioned third parties and affiliates under an obligation of strict confidentiality and for purposes not inimical to the subject of the information.  Data and information may be shared under, but not limited to, the following circumstances:

·         Sharing of information within and between JRBI organizational units and affiliates to better understand the needs of clients and improve the services extended to them;

·         Sharing for the purpose of legitimate audit and internal control measures;

·         To verify, evaluate, validate or update information submitted to or maintained by the Bank;

·         Sharing of information to contracted persons or entities to facilitate business operations and processing of transactions;

·         To protect the interests and rights of JRBI as creditor to those who avail of loans or other credit facilities;

·         To comply with orders, directives and other requirements by supervisory/regulatory bodies and legal authorities;

·         You may be requested to sign and submit a written consent on the lawful use and sharing of information obtained in the course of any transaction/s consequent to your banking relationship with JRBI;

·         Consistent with safe and sound banking practices in granting of loans or other credit accommodation, you may also be requested to sign and submit a waiver of confidentiality of information to facilitate fair evaluation of credit-worthiness to protect the interests of JRBI and its clients.

V.  How We Protect Your Information/Data. 

         JRBI observes strict standards of security and secrecy in the handling of data and information about its clients.  All documents and physical records on this are safely kept in steel vaults and cabinets that are under dual control and custodianship.  Electronic client information is protected by passwords and encryption.  Access to client information is also secured by a hierarchy of authorization levels that protects it against loss, misuse, modification, unauthorized access and destruction.  Personnel of JRBI are also well-trained and disciplined in handling or processing client information.

VI.  Information/Data Storage and Disposal. 

         Applicable laws and their implementing rules and regulations are strictly adhered to with regard to our processing, archival and disposal of information, records, documents and files.  These include RA 1405 (Secrecy of Bank Deposits Act), RA 8791 (General Banking Law), RA 9160 (Anti-Money Laundering Act), RA 10173 (Data Privacy Act) and RA 9510 (Credit Information System Act), each as subsequently amended or supplemented.  Records and documents covering accounts maintained by us are kept and maintained for as long as the accounts are active and carried in our books.  For closed accounts, the records and documents are retained for at least 5 years from the time the accounts are closed or the processing of data relevant to the accounts is terminated.  We may, however, retain information and documents for more extended periods in compliance with directives, orders and/or injunctions by regulatory and legal authorities and also when the lawful interests of JRBI may deem it necessary.

VI.  What are Your Rights?

         The Data Privacy Act of 2012 (RA 10173) protects your rights as a data subject, viz:                

                     “SEC. 16. Rights of the Data Subject. – The data subject is entitled to:

a) Be informed whether personal information pertaining to him or her shall be, are being or have been processed;

b)    Be furnished the information indicated hereunder before the entry of his or her personal information into the processing system of the personal information controller, or at the next practical opportunity:

(1)       Description of the personal information to be entered into the system;

(2)  Purposes for which they are being or are to be processed;

(3)  Scope and method of the personal information processing;

(4)  The recipients or classes of recipients to whom they are or may be disclosed;

(5)  Methods utilized for automated access, if the same is allowed by the data subject, and the extent to which such access is authorized;

(6) The identity and contact details of the personal information controller or its representative;

(7) The period for which the information will be stored; and,

(8) The existence of their rights, i.e., to access, correction, as well as the right to lodge a complaint before the Commission.

Any information supplied or declaration made to the data subject on these matters shall not be amended without prior notification of data subject: Provided, That the notification under subsection (b) shall not apply should the personal information be needed pursuant to a subpoena or when the collection and processing are for obvious purposes, including when it is necessary for the performance of or in relation to a contract or service or when necessary or desirable in the context of an employer-employee relationship, between the collector and the data subject, or when the information is being collected and processed as a result of legal obligation;

(c)   Reasonable access to, upon demand, the following:

(1) Contents of his or her personal information that were processed;

(2) Sources from which personal information were obtained;

(3) Names and addresses of recipients of the personal information;

(4) Manner by which such data were processed;

(5) Reasons for the disclosure of the personal information to recipients;

(6) Information on automated processes where the data will or likely to be made as the sole basis for any decision significantly affecting or will affect the data subject;

(7) Date when his or her personal information concerning the data subject were last accessed and modified; and

(8) The designation, or name or identity and address of the personal information controller;

(d)  Dispute the inaccuracy or error in the personal information and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal information has been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by recipients thereof: Provided, That the third parties who have previously received such processed personal information shall he informed of its inaccuracy and its rectification upon reasonable request of the data subject;

(e)  Suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controller’s filing system upon discovery and substantial proof that the personal information is incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected. In this case, the personal information controller may notify third parties who have previously received such processed personal information; and

(f)  Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.”

For further information and clarifications, please feel free to contact us through our website (https://www.janiuayrb.com/), by email rbjaniuay@rbap.org or call our Data Protection Officer at (033) 330-0131 / (033) 501-0487 / +639173055083.