Data Privacy Statement

This Data Privacy Statement (“Statement”), which has been prepared in relation to R.A. 10173, otherwise known as the Data Privacy Act of 2012, and its implementing rules and regulations, describes how personal information are collected, processed, disclosed, and stored by Philippine Investment Management Account (“PIMA”) and is applicable to its employees and all persons who apply for or avail of any of PIMA’s products and services, or who have established or propose to establish an account with PIMA, or who have provided or propose to provide third party security to PIMA (“Client”).

WHAT DATA TO BE COLLECTED FROM YOU

To provide the Client with PIMA’s banking/financial products and services and/or to implement Client-requested transactions, PIMA shall collect personal information from the Client which may include, but are not limited to:

• Name, Age, Date/Place of Birth, Gender, Civil Status, Nationality
• Address and Contact Details
• Educational Background
• Employment History
• Financial Background
• Specimen Signature
• Permits, Licenses & Registrations
• Status of Pending Civil/Criminal Cases (if any)
• Telephone conversation recordings through our Customer Care Center
• CCTV footage for security purposes

If deemed necessary, PIMA may request to verify the Client’s personal information, or seek additional information from regulatory, judicial, tax authorities, or credit bureaus.

PURPOSES OF DATA PROCESSING

PIMA shall process the Client’s personal information in connection with any of the following purposes:

• Open, maintain, and/or terminate accounts;
• Ease of contacting/communicating with clients;
• Evaluate, approve, provide, or manage applications, financial products and services, and other transactions that the Client has requested;
• Comply with know-your-customer information requirements;
• Conduct credit and background checks;
• Evaluate Client’s eligibility for PIMA’s products and services;
• Perform profile and risk analysis;
• Provide extensive and quality support to the Client;
• For internal purposes, such as administrative, operational, audit, credit and risk management, or;
• Comply with its reporting obligation to government authorities under applicable laws, rules and regulations.

PIMA’S METHOD OF PROCESSING PERSONAL DATA

Processing refers to the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of personal information. If necessary for the efficient delivery of PIMA’s products and services, the processing of personal data may be outsourced to third party service providers subject to compliance with this Statement and the provisions of the Data Privacy Act and its Implementing Rules and Regulations.

PIMA shall collect personal information through, but not limited to, any of the following:

• Face-to-face and/or telephone conversation with PIMA personnel
• Accomplishment and/or signing of forms/documents
• Online enrollment through electronic banking channels and services (e.g., iAccess, Mobile Banking Application, etc.)

WHEN DO WE COLLECT PERSONAL INFORMATION

PIMA collects information upon the Client’s application for, availment of and/or usage of PIMA’s products and services. This includes, but not limited to, account opening, loan applications, signing-in to e-Banking channels, etc.

RECIPIENTS OF INFORMATION

Personal information may be processed and shared with various units within PIMA to the extent necessary for any of the purposes herein declared, to credit information bureaus,or to government authorities under applicable laws, rules and regulations.

RETENTION AND DISPOSAL

Retention and disposal of personal information shall be made in accordance with the Records Disposal Policy and Records Disposition Schedule of PIMA as approved by the National Archives of the Philippines under RA 9470.

HOW WE SAFEGUARD PERSONAL INFORMATION

In accordance with the Data Privacy Act, RA 1405 (Bank Secrecy Law), RA 8791 (General Banking Law of 2000), RA 6426 (The Foreign Currency Deposit Act), BSP Circular 808 series of 2013 (Guidelines on Information Technology Risk Management for All Banks and other Supervised Institutions), BSP Circular 982 series of 2017 (Enhanced Guidelines on Information Security Management), and Payment Card Industry Data Security Standard (PCI DSS), PIMA, its employees, agents and representatives, shall handle personal information with utmost care and adhere to appropriate organizational, physical, and technical measures to maintain the confidentiality, integrity and security of all personal information in its possession.

THE CLIENT’S RIGHTS

In accordance with the Data Privacy Act, the Client has the right to:

• Be informed whether their personal information shall or have been processed;
• Reasonable access to their personal information;
• Require PIMA to update their personal information;
• Suspend, withdraw, or order the blocking, removal, or destruction of personal information if PIMA is not required to retain it by law or for legitimate business purposes and subject to the conditions for the legitimate exercise of the said rights under the Data Privacy Act and its IRR.

DATA PROTECTION OFFICER

Any inquiry or request for information regarding this Statement may be addressed to the following:

Data Protection Officer

2nd Floor, Philippines Stock Exchange Plaza,
Ayala Triangle, Ayala Avenue, Makati City, Metro Manila, Philippines
Phone: +63-927-412-5063
Email: info@pima.com.ph