Privacy Policy
PRIVACY STATEMENT
PNB Holding Corporation (PHC) is fully committed to protecting your personal data privacy in strict compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA).
We will provide a detailed explanation of how we process your personal data and present a separate privacy notice in an appropriate format whenever we collect personal data through other channels. (e.g., publicly facing data processing systems implemented, notice posted at the reception area of PHC or registration forms when personal data is collected according to the NPC’s mandate).
In all instances, we assure you that the processing of your personal data will strictly adhere to the provisions of the Data Protection Act (DPA), particularly the general data privacy principles of Transparency, Legitimate Purpose, and Proportionality.
PHC WEBSITE PRIVACY NOTICE
Our official website www.pnbholdings.com.ph.
This Privacy Notice pertains to the PHC’s corporate website. These functionalities allow PHC to collect and process your personal information.
PERSONAL DATA COLLECTED AND MANNER OF COLLECTION
We collect the following personal data from you when you manually or electronically submit your inquiries or requests to us:
▪ Name
▪ Email
CONTACT US PAGE
The data subject uses this form to submit inquiries and concerns to PHC.
BASIS, USE AND PURPOSED FOR PROCESSING OF PERSONAL DATA
While we may seek your consent to process your personal data, there may be instances where we process personal data without your consent. This can occur when processing is in accordance with our mandate or when processing is permitted under Section 12 or Section 13 of the DPA.
In these instances, your personal data is utilized for the following purposes:
- For documentation and processing of inquiries and requests within the PHC, enable PHC to properly address them and forward them to the appropriate internal units for action and response.
- To gather feedback for the services we offer
- To ensure you receive the necessary updates and advisories in a proper, organized, and timely manner.
- To comply with a legal obligation that PHC is subject to.
- To ensure compliance with public order and safety, as well as to fulfill the functions of public authority, including the processing of personal data to fulfill PHC’s mandate.
- To ensure that the appropriate action is provided to data subjects regarding their data privacy rights
Furthermore, we may collect other relevant and necessary personal data to fulfill our mandate of providing compliance support and assisting data subjects.
METHODS UTILIZED FOR AUTOMATED ACCESS
PHC utilizes a third-party service to analyze our web traffic data, assist us in gauging website engagement, and enhance our website services and features. Please note that this service employs cookies. Rest assured; the data generated through this analysis is not shared with any other party.
The following web traffic data are processed for this purposed:
• Your IP Address
• The pages and internal links accessed on our site.
• The date stamp when you visited the site.
• Your geolocation.
• The referring site or platform (if any) through which you accessed this site.
• Your web browser type and it’s operating system.
DISCLOSURE OF PERSONAL DATA
PHC does not share personal data processed with any other party unless such disclosure is permitted under Section 12 or 13 of the DPA.
RISK INVOLVED
Risk refers to the potential for an incident to cause harm or pose a danger to a data subject or organization. Risks can result in the unauthorized collection, use, disclosure, or access to personal data. These risks encompass the confidentiality, integrity, and availability of personal data, as well as the potential violation of general data privacy principles and the rights of data subjects.
PHC ensures that adequate physical, technical, and organizational security measures are in place to protect the confidentiality, integrity, and availability of personal information. However, this does not provide absolute protection against certain risks associated with the processing of personal data. For instance, systems may be vulnerable to targeted cyberattacks, malware, ransomware, and computer viruses. Additionally, there is a risk of unauthorized access to manual records.
However, there are adequate policies in place to ensure proper security incident management, in alignment with existing PHC policies, circulars, and other issuances.
DATA PROTECTION AND SECURITY MEASURES
We prioritize the protection of your personal information by implementing a comprehensive range of security measures. These measures encompass organizational, physical, and technical safeguards, all in accordance with widely accepted data privacy and information security standards. Our aim is to ensure the confidentiality, integrity, and availability of your data. Among the measures we implement are the following:
• Access control policies are in place for both digital and physical infrastructures to prevent unauthorized access.
• Acceptable use policies.
• End-to-end encryption and data classification should be implemented whenever it is appropriate.
• Security measures to protect against natural disasters, power disturbances, external access, and other similar threats is crucial.
• Technical measures to protect our computers and databases from accidental, unlawful, or unauthorized usage, interference, or access.
Storage and Retention
We store files containing personal information in our secure computers and servers, which are kept in a protected environment. We may also store your personal information with third-party data storage providers that utilize cloud-based technology. Rest assured, we take the necessary steps to ensure that your information is protected with appropriate security measures.
Personal data are stored in a database for a period of two (2) years after inquiries and requests have been addressed. After this time, records should be securely disposed of.
Other categories of data may be retained for longer than two (2) years if their retention period is determined by other relevant laws and regulations.
Disposal
Physical records will be securely disposed of through shredding, while digital files will be anonymized. In all cases, our disposal methods will ensure that personal information cannot be retrieved, processed, or accessed by unauthorized individuals.
RIGTHS OF A DATA SUBJECT
Under the Data Protection Act (DPA), you have the right to be informed about how we process the personal information we hold about you.
Further, you may be entitled to request:
1. Right to access the personal data we process about you. You can request confirmation on whether or not data relating to you are being processed.
2. Rectification of your personal data is your right. You have the right to have your personal data corrected if it is inaccurate or incomplete.
3. Erased or blocked of your personal data whenever necessary.
4. Object if the processing of your personal data is based on consent or legitimate interest.
5. To securely obtain, electronically move, copy, or transfer your data for further use.
If you believe that you have suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data, or if your rights and freedoms as a data subject have been violated, you may be eligible to claim compensation.
If you believe that your personal information has been misused, maliciously disclosed, improperly disposed of, or if your data privacy rights have been violated, you have the right to file a complaint with the NPC.
CHANGES TO THE PRIVACY NOTICE
PHC reserves the right to update or revise this privacy notice at any time. In the event of substantial changes, a new privacy notice will be provided. PHC will retain prior versions of the privacy notice and will provide them to data subjects upon request.
FEEDBACK ON OUR PRIVACY NOTICE
If you have any suggestions or comments regarding our privacy statement and notice, or if you have any concerns about PHC’s data privacy practices, please feel free to share them with us. You can reach us through our Data Protection Officer, Marvin M. Javier, at the following address: 4th Floor PNB Center Building, Ayala Avenue, Makati City, Metro Manila 1223. Alternatively, you can email us at [email protected].