Camalig Bank, Inc. (hereinafter referred to as the "Bank") is committed to properly handling and safeguarding your personal data. As a data subject, we value and assure you that the Bank protects and respects your privacy, personal data, and your rights.

This privacy policy applies to past, present, and prospective Bank clients and anyone involved in any transaction or business relationship with the Bank, whether it's in your personal capacity or as a representative of a legal entity (for example, a company executive officer, agent, legal representative, operational personnel, etc.) and non-Bank clients such as payees, contact persons of corporate clients and Bank partners, subject to data retention regulations and Bank policy.

This data privacy policy informs you how the Bank collects your personal data and how we process it in the course of your business with us in compliance with the requirements of the Data Privacy Act of 2012.

In relation to the Bank's commitment to protecting your bank information and banking transactions, the Bank employs the following security measures every time you perform your banking transactions with us or access your CB Mobile Banking account.

A. SECURITY MEASURES

1. FIREWALL

The Bank employs an industry-standard firewall system to ensure that the Bank's IT infrastructure is protected from untrusted network access.

2. AUTHENTICATION

Authentication ensures that only authorized persons or users can access their accounts by verifying the identity of the user or person transacting with us.

3. ENCRYPTION

Encryption is the process of scrambling private information to prevent unauthorized access. Our system uses SSL (Secured Socket Layer) to ensure that all your Mobile Banking transactions are encrypted. SSL is a cryptographic protocol that provides security and data integrity for communications over networks such as the internet.

B. USER AUTHORIZATION

1. DOCUMENTATION

The user has to fill in the account creation form and activate his CB Mobile Banking account following the guidelines set by the Bank from time to time on account activation.

2. ACCESS

Access to CB Mobile Banking is only allowed after the user has entered the correct login information. The Mobile Banking app automatically logs off the user after the prescribed time of inactivity (5 minutes idle time).

3. USER VALIDATION

a. Login Information

CB Mobile Banking requires four (4) login information 1) Last Name, 2) Birthdate, 3) Document number, 4) Account number. For CB Mobile Banking, a One-Time Password (OTP) is an additional requirement for access.

b. Password Handling

The app requires security checks (sending of OTP code) to validate the user's identity when requesting for password change.

The user must not disclose their password or any account information to anyone. The user must create a unique password that others cannot easily guess. Avoid using names, birth dates, etc., as passwords.

C. WHAT WE MAY COLLECT FROM YOU

Bank transactions and access to CB Mobile Banking may require the input or use of some of your personal data to be able to verify your identity, login to your mobile banking account, and authenticate your transactions.

We collect personal and non-personal data that you may purposely provide to us.

1. For account creation or account opening

• Personal information and other particulars such as but not limited to full name, gender, place, and date of birth, civil status, nationality;

• Contact details, including email address and mobile number;

• Address in the Philippines;

• Education;

• Employment or business information, including assets;

• Financial Information such as income, expenses, deposits, credit cards, and other investments

• Specimen signature

• Details, photocopies, or images of your government-issued IDs, valid identification card, and other digital photos and biometrics captured or submitted in the course of your transaction with us;

• Information about your transactions with third parties, including merchants and utility companies

2. For availing of bank products and services

It includes your identification data; transaction data such as account numbers and reference numbers related to your account, and other data required to process your transaction that can be found on the transaction ledger maintained by the Bank; financial data such as invoices, credit notes, payslips, payment behavior, the value of your property or other assets, your credit history, credit capacity, financial products you have with the Bank, whether you are registered with a credit register, payment arrears and income information; socio-demographic data whether you are married and have children; and, data about your interests and needs that you share with us through the accomplishment of Bank surveys to continuously improve the Bank products and services.

We will not record sensitive data about your health, ethnicity, or religious or political beliefs unless necessary. When we do, it is limited under specific circumstances that will be communicated to you, requiring your consent.

3. For identification

Personal data we collect through our official website are limited to what will allow us to appropriately respond to your queries about the Bank's product and service offerings and complaints. To do this, we gather only the following personal data from you through our website: Name, Address, Phone, and Email Address. As a matter of implementing the Bank's customer identification process, our banking offices collect the minimum information and other required information subject to applicable laws

4. For login credentials

• Last name, Birth date, Document number, Account number

• PIN code or biometrics and other authentication credentials

5. For accessing CB Mobile Banking:

• Banking and other transactions executed through CB Mobile Banking

• Date and time when CB mobile accesses our servers

• IP address of your device and other device-related identifiers

• Personal and non-personal information combined downloaded from the CB mobile banking

• Mobile device contacts (nominated by the user);

• Video, image, and sound recordings of when you transact with us or contact us via phone calls;

• Version of Camalig Bank Mobile you are using

• Type of operating system you have

• Your device model and manufacturer

• Mobile application interactions;

• Mobile application crash logs;

• Mobile application diagnostics;

6. For Current Employees, Officers, and the Board of Directors

We also collect information with our Human Resources Department for reasons such as:

(i) Personnel Record

(ii) Leave/Absence Management

(iii) Key Skills Assessment and Performance Management

(iv) Legal requirement

(v) Supply management information

We ensure that the data we collect from our employees, officers, and the members of the Board shall be handled with the utmost confidentiality and protected for the rights of our human resources. The Bank's AMLA Manual shall govern the retention of data, and personnel records shall be kept on the premises only within the retention period required by the regulations

7. For Bank's Business Engagement with Partners

To conduct the administration of business relationships with our partners, we collect personal information, which may include a person's name, dates of birth, address, and payment information only relating to corporate bodies. This information will be processed for legal obligations, including storage and identification requirements.

8. Website

The personal data we collect is limited to what will allow us to appropriately respond to your queries about the Bank's product and service offerings. For us to do this, we collect only the following personal data from you:

For Queries/Concerns:

1. Name

2. Address

3. Phone

4. Email Address

5. Queries/Concerns

6. Chatbot conversation

For Loan Applications:

1.    Name (First Name, Middle Name, Last Name)

2.    Email Address

3.    Phone Number

4.    Address (Address 1, Address 2, City, Province, Postal Code, Country)

5.    Date of Birth

6.    Name of Employer/Business Name

7.    Address of Employer/Business (Address 1, Address 2, City, Province, Postal Code, Country)

8.    Years Employed/Years in Business

9.    Monthly Income

10. Creditor’s Details (Creditor’s Name, Amount loaned)

11. ID Type

12. Other ID

13. ID Number

We may collect technical information that can be read on your device and is usually collected as a standard part of your browsing activity without disclosing any information about yourself. We use this information to assist us in recognizing and understanding users navigating our website with the following non-personal information:

1. Geolocation

2. Device Types

3. Sources

4. Other device information

9. Job applicants

We collect personal data from you to allow us to properly match your profile with our various openings and their individual requirements. The personal data we collect are grouped accordingly to information that will enable us to communicate back with you and validate the following:

1. Your basic personal and family background

2. Your educational background

3. Your employment background (if any)

4. Information required to be asked and collected by virtue of a BSP requirement

HOW WE USE YOUR INFORMATION

We use your personal data for legitimate purposes, as follows:

1. To facilitate the administration, servicing, and implementation of the maintenance of your account and transactions.

2. To implement our credit risk management framework, such as credit risk and behavioral analysis in assessing your ability to repay a loan based on your personal data and other required information.

3. To operationalize our products and services delivery.

4. To provide you with suitable products and services by gathering and analyzing the information collected to improve and develop the Bank's products and services.

5. To manage customer relationships through your feedback, notes we have acquired during conversations with you by our employees in person / via telephone / the website regarding your business dealings and transactions with us as well as personalized marketing.

6. To prevent and detect fraud and unusual activities that may compromise data security.

7. To comply with internal and external reporting requirements as part of statutory directives and legal obligations.

8. For Camalig Bank Mobile, your personal data may be used to access your mobile banking account. We may also use your personal data to inform or offer you products and services that we think may be relevant to you.

We use personal data collected through CB Mobile Banking to:

• Identify and authorize your login to your mobile banking account, authentication of transactions, and processing of applications

• Recognize you or your device when launching the app for a more secure and personalized experience

• Respond to and process your requests

• Improve and further customize other mobile services

• Use your information to detect fraud and for other uses on information security

9. Records of your inquiries with us are kept only for five (5) years after the records are destroyed and disposed of. We will only keep records of your inquiries beyond our stated retention period if we are bound to do so under circumstances covering legal obligations or compliance with regulatory agencies, laws, or as required by police authorities.

10. For job applicants, we will only keep your personal data as long as your application is considered active and will destroy and dispose of your personal data once deemed necessary, either through filling in of vacancy applied for or withdrawal or lack of feedback from you about your application.

The Bank uses personal data collected only for the purposes for which it was collected and other purposes you may have consented to.

HOW WE MAY SHARE YOUR INFORMATION

The Bank will never share or disclose your personal data to any third party without your explicit consent or when we are bound to do so under circumstances covering legal obligations or compliance with regulatory agencies, laws, or as required by police authorities.

We may share your personal data with our affiliates or other third-party partners and vendors, under an obligation of confidentiality, to:

• Assist in providing you with requested products and services

• Facilitate or implement any transaction-related services

• Help analyze the use of our features and functionalities and how to improve them

• Protect our clients and business from fraudulent and illegal activities

• Comply with legal requirements

HOW LONG DO WE KEEP YOUR INFORMATION

We keep your personal data for as long as necessary in congruence with regulatory provisions on data retention. We will only keep records of your data beyond the retention period required by regulations if we are bound to do so under circumstances covering legal obligations or compliance with regulatory agencies, laws, or as required by police authorities

HOW WE PROTECT YOUR INFORMATION

The privacy and security of your personal data are essential to us. Appropriately, we employ digital, operational, and physical safety measures and safeguards to maintain your personal data's confidentiality, integrity, and availability. We train our employees to properly and carefully manage personal data. We require our third-party partners and vendors to protect personal data aligned with our security standards.

WHAT ARE YOUR RIGHTS AS A DATA SUBJECT

As a data subject, you are entitled to the following rights:

1. Right to be informed on the nature, process, and extent of processing we perform on your personal data.

2. Right to request for a copy of the personal data we collect from you, have it corrected in case there are errors to it, and to be given a copy of it either electronically or in any other recommended format that allows for you to have continued use of your personal data.

3. Right to object to the processing of your personal data. You also have the right to withdraw your consent and request to stop further processing of your personal data and ultimately to have your personal data deleted from our processing systems. Please note that exercising these rights will be entertained by the Bank but may prevent us from further processing any transaction you may have with the Bank.

4. Should you have objections or complaints about the way we process your personal data or have substantial proof allowed under the Data Privacy Act of 2012 that the Bank mishandled your personal data, you have the right to file a complaint with the National Privacy Commission and be indemnified for any damages due to you.

WHAT ARE YOUR DUTIES AS A DATA SUBJECT

To commence and execute our duties as a bank and fulfill our associated contractual duties, you will duly provide specific information based on the requirements of the Bank.

There is also information that we are legally obliged to collect. Without these data, we may not be able to open an account for you or perform certain banking activities.

EXTERNAL DATA STORAGE

We may store your data on servers provided by third party hosting vendors we have contracted.

SCOPE OF THIS PRIVACY POLICY

This privacy policy does not govern the collection and use of information by companies that we do not control, nor by individuals not employed or managed by us. If you visit a Website, we mention or link to, review its privacy policy before providing the site with information.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to change this privacy policy as we deem necessary or appropriate because of legal compliance requirements or changes in our business practices. If you have provided us with an email address, we will endeavor to notify you, by email to that address, of any material change to how we will use your personal data.

CONTACT INFORMATION

Suppose you wish to exercise any of your rights or have further inquiries regarding how the Bank manages and handles your personal data. In that case, you may contact our Data Protection Officer at privacy@camaligbank.com.ph.

For complaints and other concerns, you may contact our Consumer Support Unit at customer-support@camaligbank.com.ph.

Camalig Bank is supervised by the Bangko Sentral ng Pilipinas (BSP). You may also call or email the BSP's Financial Consumer Protection Department at (02) 708-7087 or consumeraffairs@bsp.gov.ph.