Our Privacy Policy

DATA PRIVACY STATEMENT

BRIC BANK, INC. A RURAL BANK (“BRIC”) is committed to protecting your privacy and ensuring the secrecy of your personal information. This Data Privacy Statement (“DPS”) informs you, the Data Subject, about the personal data we collect about you, how we collect, use, store, process, share, protect, and delete it, and who we will share it with. In the processing of your personal data, we adhere to the principles of legitimate purpose, transparency, and proportionality.

This DPS applies to Data Subjects, including current, past, and prospective customers as individuals or corporations, non-clients such as payees, payors, visitors, inquirers at our branches and online channels, corporate representatives, and anyone involved in the application of financial services, whether approved or rejected, and transactions with us or our consumers. This DPS shall be read in conjunction with your products and services terms and conditions.

Your continued use of BRIC’s products and services shall be considered a positive action demonstrating your consent to this DPS and any revisions made to it.

 

COLLECTION OF YOUR PERSONAL AND SENSITIVE PERSONAL INFORMATION

Personal Information refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.    

Sensitive Personal Information refers to personal information:

(1) About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations;

(2) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;

(3) Issued by government agencies peculiar to an individual, which includes, but is not limited to, social security numbers, previous or current health records, licenses or their denials, suspension or revocation, and tax returns; and

(4) Specifically established by an executive order or an act of Congress to be kept classified.          

Collectively, Personal Information and Sensitive Personal Information shall be referred to as “Personal Data” in this DPS.    

BRIC collects your Personal Data when you register, sign up, use our bank products and services, or communicate with us about them. We also collect it from your authorized organization, whether it’s a private corporation or a government instrumentality. Additionally, we may obtain your Personal Data from other available sources authorized to disclose your information when permitted by laws and regulations. This data collection is done for the purpose of identity verification and regulatory requirements by the Bangko Sentral ng Pilipinas (BSP).

The collection and processing of Personal Data shall be based on your transaction or engagement with us. Any data processed and collected pursuant to this DPS shall be used to confirm your identity, provide you with relevant products and services, personalize our offerings, improve products and services, manage risk, prevent fraud, and communicate updates.         

BRIC shall occasionally request additional Personal Data after you avail any of BRIC’s products and services. Your submission of any information to us, our authorized agents, or the website expressly contains your warranty that such information is accurate, up to date, and not misleading.

 

KINDS OF DATA WE COLLECT AND PROCESS

BRIC collects and processes Personal Data, including but not limited to the following information:

●       Identification Data / Know-Your-Customer (KYC)

Personal Data collected include your full name, gender, date of birth, marital status, place of birth, citizenship, permanent and current addresses, government-issued ID numbers, email address, mobile, home, and office phone numbers, employer name, job title, office address, source of funds, gross annual income, and any additional details required for due diligence and compliance with BSP and AMLC regulations;

●       Financial Information

Personal Data collected is related to your financial profile and activities, such as income and expense records, account balances, deposits, investment holdings, credit card data, tax and insurance documents, transaction histories with our bank and other financial institutions, business interests, and asset holdings;

●       Audiovisual Data

Personal Data collected refers to the video, image, and audio recordings captured during interactions with bank representatives through official channels, as well as surveillance footage at branches and ATMs, subject to applicable legal requirements;

●       Non-Personal Information

Personal Data collected refers to the technical and usage data automatically collected from your device when accessing BRIC’s websites, mobile apps, and other digital platforms;

●       Relevant Individuals

Information about related parties, including family members, beneficiaries, attorneys-in-fact, shareholders, beneficial owners where applicable, trustors and trustees, partners, committee members, directors and officers, authorized signatories, guarantors, and other associated individuals.

    

DATA PROCESSING

BRIC processes Personal Data only when permitted by law and for legitimate purposes, such as your consent upon application, fulfillment of a contract, compliance with legal obligations, or other purposes permitted by law. This includes activities like collecting, storing, using, updating, or deleting your data. Processing is strictly limited to authorized personnel and trusted third-party providers who meet our rigorous standards for risk management, security, and data privacy.

BRIC securely stores Personal Data in controlled environments, including physical vaults and BSP-compliant cloud services. Access is strictly limited to authorized personnel based on role and necessity.

During the course of your availment of BRIC’s products and services, we may, through manual or automated means, use, process, and/or disclose your Personal Data to our affiliates, subsidiaries, and third-party partners for any of the following purposes (“Permitted Processing”):

●       Data Storage and Access
BRIC securely stores your Personal Data in our managed environments and BSP-compliant third-party systems. Access is strictly limited to authorized personnel based on role and necessity, following strict privacy and security protocols.

●       Identity Verification and Account Management
We process your data to verify your identity, assess and process your applications, and manage your accounts and transactions. This includes communicating with you regarding your accounts, responding to inquiries or complaints, and sending updates and reminders.

●       Credit Assessment and Financial Evaluation
Your data is used to evaluate applications and assess your financial capacity and suitability for BRIC’s products and services. This includes conducting necessary background checks such as credit scoring, investigations, and data analytics to support lending decisions, manage financial risk, and assist other institutions in credit evaluations.

●       Regulatory Compliance and Legal Obligations
We process data to comply with laws and regulations such as KYC, anti-money laundering, and PEP screening. Your data may also be used to respond to legal requests, enforce our rights, collect debts, and verify the authority of individuals involved in transactions.

●       Marketing and Customer Engagement
We use your data to offer personalized marketing, cross-selling, and promotions for products and services from BRIC and trusted partners. Additionally, we conduct market research, surveys, and business analysis to improve our offerings.

●       Security and Fraud Prevention
We monitor your transactions to protect you and your accounts from fraud and financial crimes using advanced tools, which may include biometric verification and AI-driven risk detection. We may also record communications for quality assurance and investigations.

All processing activities follow BSP standards, with a strong emphasis on privacy, data integrity, and protection against unauthorized access or misuse.

 

DATA RETENTION AND DISPOSAL

We retain your personal and financial data only as long as necessary to fulfill legitimate purposes, comply with legal obligations, or support business needs. Financial records related to taxable transactions are preserved for ten (10) years per BIR regulations. For prospecting, application, and after service termination, data processing and retention continue for at least ten (10) years from the closure of your last account or relationship with us.

Other transaction records are retained for five (5) years following BSP regulations, or longer if required by specific laws. Once the retention period expires, we securely dispose of your data to prevent unauthorized access, processing, or disclosure, in compliance with regulatory requirements.

 

DATA SHARING AND PURPOSE

When you consent to the processing of your Personal Data with us, you also agree to assist us in fulfilling our statutory and contractual obligations with other financial institutions. Additionally, we may share your Personal Data externally with our partners, upon your written and/or electronic consent, for value-added services that you may find useful and relevant to your account with us. For contractual and value-added service data sharing agreements, we adhere to standardized model clauses recommended by the National Privacy Commission (NPC) to ensure the protection of your Personal Data. Below are the disclosures mandated by government entities, regulatory authorities, and financial institutions:

  1. Various units of BRIC;

  2. Subsidiaries and affiliates of BRIC;

  3. Authorized/accredited agents, representatives, and third-party service providers;

  4. Banking associations, merchants, and partners;

  5. Banks and financial institutions, credit agencies; and

  6. Regulatory and government agencies as required or authorized by law.

 

RIGHTS OF THE CONSUMER

Under the Data Privacy Act of 2012, you have the following rights:

  1. Right to be informed – You may request information about how BRIC processes your Personal Data.

  2. Right to access – You may demand, via a written request, reasonable access to your Personal Data.

  3. Right to correct – You may request correction by submitting the appropriate supporting documents to BRIC to update or rectify your personal information if found to be incomplete, out of date, or inaccurate.

  4. Right to object – You may request the suspension, withdrawal, or removal of your Personal Data from further processing at any time.

  5. Right to data erasure – You may request the suspension, withdrawal, or order the blocking, removal, or destruction of your Personal Data from BRIC’s filing system, provided that such action is neither critical nor required by any applicable laws and regulations to maintain the product and services you availed. This right does not prejudice BRIC’s ongoing processing for commercial, operational, legal, and regulatory purposes.

  6. Right to data portability – You may obtain a copy of your Personal Data from BRIC in a structured, commonly used, and machine-readable format that allows you to store it for your own use or transmit it to another data controller, where technically feasible.

  7. Right to be indemnified for damages – You may be compensated for any damages caused by the violation of your privacy rights through the inaccurate, false, unlawfully obtained, or unauthorized use of your Personal Data.

  8. Right to file a complaint – You may file a complaint or express any concerns with our Data Protection Officer (“DPO”) at BRIC Bank, Inc. A Rural Bank, Brgy. San Miguel, Cordova, Cebu, or data@bricbank.ph or through the NPC’s website (privacy.gov.ph).

For a complete reference of your rights under the Data Privacy Act, you may access the National Privacy Commission website at www.privacy.gov.ph.

CHANGES TO THE DATA PRIVACY STATEMENT

Please note that we may update this DPS from time to time via posting on our website. You are advised to periodically view our website for any updates or the most current version of our DPS. If the DPS is updated, the said updated version shall apply to all of your information held and processed by BRIC. Your continuous use of the website, products, and services of BRIC shall signify your consent to the changes made to this DPS. If you do not consent to the updated terms, you may contact our DPO.

CONSENT AND ACKNOWLEDGEMENT    

By providing us with your Personal Data, you hereby consent to the use, processing, and/or disclosure of your Personal Data in accordance with this DPS to BRIC, its affiliates, subsidiaries, third-party service providers, and partner institutions.

If you are a corporation whereby you have provided/disclosed Personal Data of individual third parties including but not limited to your directors, individual shareholders, employees, authorized signatories, agents, representative or otherwise, you hereby represent and warrant to us that you have the consent of such third parties and are entitled to provide their Personal Data to us to be used, processed and/or disclosed in accordance with this DPS.

You also consent that BRIC may be required to disclose your Information to the Securities and Exchange Commission, Bangko Sentral ng Pilipinas, Anti-Money Laundering Council, credit bureaus, and/or any other governmental body, in compliance with its legal obligations.

NATIONAL PRIVACY COMMISSION (NPC) REGISTRATION

The Data Protection Officer and Data Processing Systems of BRIC are duly registered with the National Privacy Commission (NPC).