GoTyme Bank values customers’ trust and upholds the privacy of customers. The Bank commits itself to protect your privacy and the security of your personal information. This Privacy Consent and Notice (“PCN”) reflects our commitment to ensure that data subjects from whom we collect and process financial and personal data about, are adequately informed of the organization’s activities with respect to such data. We will endeavor to obtain your informed consent to continue processing your personal data under the terms provided hereunder.
Personal Data includes any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual. Personal Data includes sensitive personal information as defined under the Data Privacy Act of 2012. GoTyme Bank may collect, use, process, disclose, share, and store the following types of data :
- Full Name and other identifiers;
- Demographic data, such as age, marital status, sex and location;
- Contact information, such as your permanent address, email address, and mobile number;
- Financial information, including your source of funds and wealth, nature of business or employment, financial position, account balances, credit history and score, financial goals, objectives and appetite for loss;
- Transaction and behavioral data , such as Deposit & Withdrawal (DEWI), fund transfers, payments, value-added services, lifestyle, social media information, product usage and engagements;
- Background information, such as educational attainment, employment history, and other relevant information gathered as part of our customer and employee verification processes;
- Photograph and biometric information;
- Identification Documents (IDs), such as government issued IDs; and
- Digital footprint , including cookies, webpages viewed, language and channel preferences, browsing activity, smart app log-ins and usage, social media profiles, device and telecommunications company data, location data, and use of our online banking platforms.
Collection, Use and Processing of Personal Data
Principles of Data Processing
When processing Personal Data, GoTyme Bank adheres to the following data privacy principles enshrined in the Data Privacy Act of 2012:
- Personal Data must be collected for specified and legitimate purposes determined and declared before, or as soon as reasonably practicable after collection, and later processed in a way consistent with such declared, specified and legitimate purposes only;
- Personal Data must be processed fairly and lawfully;
- Personal Data must be accurate, relevant and, where necessary, kept up to date.
- Personal Data must be adequate and not excessive in relation to the purposes for which they are collected and processed.
- Personal Data must be retained only for as long as necessary for the fulfillment of purposes for which data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law.
- Personal Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed.
Collection of Data
GoTyme Bank may collect data of customers and other individuals in connection with the purposes described in this notice. These individuals may include:
- Leads, prospects and applicants for banking products and services;
- Individuals connected to a customer or an applicant including beneficial owners, persons sending or receiving funds to/from customers;
- Shareholders, directors, officers, employees, individual contractors and job applicants of GoTyme; and
- Shareholders, directors, officers, contractors and individual representatives of business partners, service providers and other third parties.
Personal Data may be collected directly from you or from third parties whom you authorize to share your personal information, including government agencies, credit bureaus, data aggregators, and business partners. You confirm that have obtained the consent of beneficial owner(s), and other individuals, as applicable, for the use, sharing and processing of their Personal Data for the purposes set out in this notice. You agree to provide us with proof of your authority to give the foregoing consent.
We collect Personal Data through your account opening, availment of loans, investments, value-added services and other facilities, products and services, use of our online banking platform, accumulation and conversion of Go Rewards points, regular updating of customer information, job application, and as described through our Terms and Conditions. We may also collect data from legitimate public sources such as public registers and social networking sites.
Purposes of Data Processing
We shall process your information only for the following purposes:
- fulfillment, delivery, support, and maintenance of GoTyme Bank facilities, products and services, as well as products and services of our bank partners for investments, insurance, and other value-added services;
- approve, facilitate, administer and process applications, payment instructions and other transactions;
- respond to queries, requests and complaints and improve how we interact with you;
- communicate with you, including sending of your statements and/or billings, administrative communications about any account you may have with us or about future changes to this privacy statement;
- design new or enhance existing products and services provided by us;
- perform market and behavioral research, including scoring and analysis to determine if you qualify for products or services, or to determine affordability and qualifying facility sizes or limits; and to understand market's needs, wants and trends to be able to improve and recommend suitable products and services;
- personalize the appearance of our websites or mobile app and include location-based services such as finding the ATMs or cash agents nearest to you;
- should you opt to, conduct customer satisfaction surveys or communicate with you regarding GoTyme Bank’s products and services information, including offers, promotions, discounts, rewards, advisories, notices, and for personalizing your experience with our various touch points such as ATM, bank partners, cash agents, telemarketing, email, SMS, Chat Messaging Service (CMS), Social Networking Service (SNS), and other marketing and communication channels;
- perform certain protective safeguards against improper use or abuse of our products and services including fraud prevention;
- to utilize data analytics and advanced machine learning algorithms and techniques in order to develop models and derive insights that will help the organization improve and develop customer experience and assistance ;
- respond to customer queries and complaints including analytics of complaints to understand trends and prevent future complaints;
- to enforce and collect on any agreement when you default on, or breach the terms or conditions of products availed of; perform contract tracing, and if necessary, institute legal or administrative proceedings against you;
- comply with our operational, audit, administrative, credit and risk management processes, policies and procedures, the terms and conditions governing our products, services, facilities and channels, GoTyme Bank's rules and regulations, legal and regulatory requirements of government regulators, judicial and supervisory bodies, tax authorities or courts of competent jurisdiction, as the same may be amended or supplemented from time to time;
- comply with applicable laws of the Philippines and those of other jurisdictions including the United States Foreign Account Tax Compliance Act (FATCA), the laws on the prevention of money laundering and terrorist financing including the provisions of Republic Act No. 9160 (Anti-Money Laundering Act of 2001, as amended (AMLA) and the Anti-Terrorism Act of 2020, and the implementation of know your customer (KYC) process/procedures, fraud and sanction screening checks;
- comply with legal and regulatory requirements such as record retention, submission of data to credit bureaus, credit information companies, the Credit Information Corporation (CIC) (pursuant to RA No. 9510 and its implementing rules and regulations), responding to court orders and other instructions and requests from any local or foreign authorities including regulatory, governmental, tax and law enforcement authorities or other similar authorities;
- background checks through character reference verification; and
- perform other such activities permitted by law or with your consent.
We may also process your Personal Data to create customer profiles based on product usage and engagements, transaction and behavioral data and, and other available information. We may use automated processes in creating the profiles to enhance and/or offer product and services that may suit your needs.
Further, if you, already are, become, or apply to become a client of our parent company and/or any of our subsidiaries, affiliates , and/or other related interests, GoTyme Bank Corporation including its parent company and the subsidiary/ies, affiliate/s, and/or other related interests concerned have the option, but not the obligation, to rely upon, to use, and share your relevant personal data and/or account information for any of the following purposes:
- to facilitate and integrate your account opening or application with the concerned subsidiary/ies or affiliate/s;
- to validate, consolidate or update your customer information records and/or credit history;
- to provide consolidated billings, deposit or investment summaries or other reports as you may request;
- depending on your preferences, to send you advisories, reminders, announcements, promotions, offers, invitations and other notifications, as applicable;
- for market and financial research purposes, including sharing of data analytics results to design banking, financial, securities and investment or other related products or services for your use as well as to improve customer experience and assistance;
- additional background checks through character reference verification; and
- to comply with a legal obligation to which GoTyme Bank or the concerned subsidiary/ies or affiliate/s is subject.
Personal Data Sharing / Disclosures
We will store your personal data in our electronic data processing systems hosted via third-party cloud storage facilities/systems and their regional data centers located outside the Philippines. These data centers and systems are covered by appropriate physical, technical, and organizational measures to protect the confidentiality, integrity and availability of your data. Only authorized personnel within the organization who are contractually bound to keep your information confidential are allowed access to your data and only for the purposes we have mentioned. Access is granted on a need-to-know basis following the principle of least privilege.Third Parties
We allow access to your personal data to trusted and authorized third parties, such as business partners, merchants, cash agents, service providers and vendors engaged by GoTyme Bank located within and outside the Philippines to provide services including, among others:
- Cloud storage facilities, data ingestion and warehousing, and data processing systems to meet GoTyme Bank’s product, processing, storage, legal, compliance, regulatory and risk management requirements;
- Utilize information and communications technology such as SMS, CMS, SNS, email and similar communication channels; and non-electronic communication channels such as but not limited to printed letter(s) for the intent of customer information updating, promotions and other related materials;
- Implementation of protective safeguards against improper use or abuse of our products and services including the prevention of fraud and all forms of unauthorized access to your personal and financial services;
- For fulfillment and support of GoTyme Bank’s contractual obligations in delivering its products and services to you;
- Data analytics that will help GoTyme Bank design and develop new or improve existing products, services; personalize relevant product offers; determine eligibility scoring and assessments for specific products, services, rewards, promotions, cash back and discounts, and related benefits; provide recommendations on how to better manage your money to access, save and earn more with it; enable continual learning and development to create deep linkages in your preferences and sentiments; and improve customer experience and assistance services;
- Services that would assist compliance with GoTyme Bank’s operational, audit, administrative, credit, compliance and risk management processes, policies and procedures, the terms and conditions governing our products, services, facilities and channels, GoTyme Bank's rules and regulations, legal and regulatory requirements of government regulators, judicial and supervisory bodies, tax authorities or courts of competent jurisdiction, as the same may be amended or supplemented from time to time.
GoTyme Bank will remain responsible over the personal data disclosed to such third parties. As such, we will ensure that such third parties are contractually obligated to comply with the requirements of the Data Privacy Act of 2012 and shall process your data strictly in accordance with the purposes enumerated above. Unless otherwise authorized, these third parties may use, process and retain information for the sole purpose of providing contracted services. You may request for additional information on the identities of these parties from the Office of the Data Protection Officer.Go Rewards
We offer enhanced banking services by linking your account with Go Rewards administered by Digital Analytics Ventures, Inc. (DAVI), a member of the Gokongwei Group. To allow you to earn, enjoy and redeem Go Rewards points and privileges, we will be sharing your contact information, financial information, transaction and behavioral data, and digital information with DAVI. Your information may also be shared with DAVI to customize offerings which will be relevant to you so you do not miss out on special offers, discounts, rewards, lifestyle and value add-ons, and other related benefits.
We also have legal obligation to disclose relevant and necessary personal data to government regulatory agencies in accordance with reportorial requirements established by law.
We will not share or disclose your personal data to unauthorized third parties without your consent unless we are legally required to do so.
We reserve the right to use or disclose any information as needed in order to comply with applicable laws and regulations; to protect the integrity of our system, products and services and in the provisioning of the same; to fulfill your request; or when required to cooperate in any law enforcement investigation or in instances involving public safety subject to appropriate procedures for verification, due diligence, and authentication. Protecting Your Personal Data
We adopt organizational, technical and physical security measures to protect confidentiality, integrity and availability of your data, and guard against anticipated threats or hazards as well as unauthorized access, use or loss of customer data.
These security measures include the following:
- Conducting initial and ongoing due diligence on third parties, such as business partners, service providers, suppliers and vendors;
- Imposing contractual obligations on officers, employees, contractors and third parties with whom we share information, to keep customer data, secure and private;
- Technical controls such as data loss prevention, encryption and key management, identity and access management, logging and monitoring, network and perimeter security, malware protection, and vulnerability management;
- Periodic threats and control assessments and control reviews to ensure that security measures continue to be effective and updated in response to emerging trends and best practices;
- 24x7 Security Operations Center (SOC) that will monitor and review technical system logs, identify, manage and resolve security breaches or patterns of behavior related to cyber incidents.
Retention and Disposition of Personal Data
We will keep your data only for as long as is necessary for the fulfillment of the declared, specified, and legitimate purposes mentioned above. After which, we shall dispose of it in a lawful and secure manner that would keep your personal data from being further processed and/or accessed by unauthorized parties in accordance with the organization’s retention and disposal policy.
In relation thereto, we would like to inform you that it is the organization’s policy to retain the personal data you shared with us, even when the said application with us proves unsuccessful. We maintain such application database solely to introduce future offerings better suited for you and/or to process additional products and services you may wish to avail.
Your Rights as a Data Subject
- The Right to be Informed – This PCN honors your right to be informed of whether personal data pertaining to you will be, are being, or were processed, including its disclosure to third parties, if any. Through this PCN, we endeavored: i) to provide you with a description of the personal data we collect and process pursuant to purposes enumerated above; ii) to obtain your consent; iii) to explain the scope and method of the collection and sharing; iv) to describe how we protect your information; and v) to provide you with information on the recipients of the personal data collected and shared. Should there be any changes in the information provided to you in this PCN, you shall be informed of such changes and your consent thereto is to be obtained before such changes are implemented.
- The Right to Object – You have the right to object to the processing and/or sharing of your data. However, this may result to the termination of your account and the services we provide you. This will also be subject to the Bank’s legal and regulatory obligations to retain customer data.
- The Right to Withdraw Consent Anytime – You have the right to withdraw your consent to this PCN at any time. However, this may result to the termination of your account and the services we provide you. This will also be subject to the Bank’s legal and regulatory obligations to retain customer data.
- The Right to Access, Data Portability, Rectification, Erasure and/or Blocking – You have the right to request for a copy of any personal data we hold about you, including the sources from which such data was collected and to whom the same is shared, if any. You may ask it from us through the contact information provided below and we will provide it in a machine-readable format. You have the right to have it corrected or revised if you think it is inaccurate or incomplete, subject to the submission of sufficient proof establishing the same. You have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data should you a) discover that it is incomplete, outdated, false, unlawfully obtained, used for an unauthorized purpose, no longer necessary for the abovementioned purposes; b) withdraw your consent thereto; or c) discover violations of your right as a data subject.
- The Right to Damages – You have the right to be indemnified for damage sustained, if any, as a result of information that is inaccurate, incomplete, outdated, false, unlawfully obtained, or used for an unauthorized purpose.
If you have any questions, concerns, objections about this PCN, and our personal data processing activities please reach us through the following contact information:DATA PROTECTION OFFICER
GoTyme Bank Corporation
30F Robinsons Cyberscape Gamma,
Topaz and Ruby Roads,
Ortigas Center, Brgy. San Antonio ,
Email Address/Privacy Mailbox: firstname.lastname@example.org
Customer Service Hotline: email@example.com
GoTyme Bank Corporation may change this PCN from time to time by notifying you on the updates to the PCN and to secure your consent when necessary. You are also encouraged to visit GoTyme Bank’s official website frequently to stay informed about how GoTyme Bank Corporation uses your personal information.
GoTyme Bank Corporation is a financial institution supervised by the Bangko Sentral ng Pilipinas (BSP). You may get in touch with the BSP Consumer Empowerment Group through email at firstname.lastname@example.org, BSP Online Buddy (BOB) at www.bsp.gov.ph, direct line at (02)-8708-7087, mailing address at The Consumer Empowerment Group, Center for Learning and Inclusion Advocacy, Bangko Sentral ng Pilipinas, 5th Floor Multi-Storey Building, BSP Complex, A. Mabini Street Malate, 1004 Manila.