We at Rizal Commercial Banking Corporation (RCBC) respect and value your privacy. We
believe that you are entitled to know how we use and protect your personal information. We
give this notice to inform you of the ways in which we process your personal information and the
means by which you can control, to a certain extent, these processes.
While this notice is intended mainly for the benefit of our individual clients, we stress that we
handle and protect the information of our entity clients in the same manner that we handle and
protect the information of individuals.
Who is providing this notice?
As the personal information controller under Republic Act No. 10173 or the Data Privacy Act of
2012, RCBC gives this notice to inform you of your rights and our obligations under the law.
What personal information do we collect?
The types of personal data that we collect depend on the product or service that you avail or
intend to avail from us, including but not limited to:
Full name, gender, place and date of birth;
Copy of identification cards, passport, TIN, or SSS/GSIS number;
Employment or business information;
Payment details, including credit card and banking information;
Contact details, including telephone number and email address;
Latest income documentation;
Latest billing proof of address (where applicable); and
Other information necessary to provide you with the product or service that you need.
Additional personal data that we collect over the course of our relationship with you
Over the course of our relationship, we may collect data about you including but not limited
to your transactions, account history and information, inquiries about our products and
Personal data that we collect as authorized or required by law
We may also collect information about you when required or authorized by law. For
example, we require your personal data to verify your identity under Republic Act No. 9160
or the Anti-Money Laundering Act of 2001.
Personal data that we collect via your web activities
RCBC uses "Google Analytics" to collect information about use of this site. Google Analytics
collects information such as how often users visit this site, what pages they visit when they
do so, and what other sites they used prior to coming to this site. We then use the
information collected from Google Analytics only for purposes of improving this site. Google
Analytics collects only the IP address assigned to you on the date you visit this site, rather
than your name or other identifying information. RCBC does not combine information
collected through the use of Google Analytics with any of your personally identifiable
Please note that some information may be gathered with the use of 'cookies' which are small
pieces of information stored on your browser that may be retrieved by the site. Although
Google Analytics plants a permanent cookie on your web browser to identify you as a
unique user the next time you visit this site, the cookie cannot be used by anyone but
Google and will allow Google Analytics to recognize you on any return visit to this site.
Should you wish to disable these cookies, you may do so by changing the appropriate
settings on your web browser.
Personal data that we collect through social media
We know that some of you like to engage with us through social media. So that we can
respond to your inquiries, we may ask for your name, contact number and email address.
We will only collect your information with your consent. For account and transaction
inquiries, you can always call our Customer Contact Center.
How do we collect your personal data?
There are many ways that we get information from you. We might collect your information when
you fill out a form with us, when you give us a call, use our websites or mobile applications, or
drop by one of our Business Centers. We may also collect your information via the following:
In applications, emails and letters, in customer surveys, during financial reviews and interviews.
From data analysis (for example, the amount, frequency, location, origin, and recipient)
of your payments and other transactions, and your use of our products and services.
Information that we receive from our subsidiaries and affiliates, and from or through
other organizations (for example, card associations, credit bureaus, insurance
companies, and fraud prevention agencies) whether in the course of providing products
and services to you or otherwise.
How we collect and manage your sensitive personal information?
The Data Privacy Act considers the following information as sensitive:
Race, ethnic origin, marital status, age, color, and religious, philosophical or political
Health, education, genetic or sexual life of a person, proceeding for any offense
committed or alleged to have been committed by such person; and
TIN, SSS/GSIS no., health records, licenses, tax returns, etc.
Unless allowed or required by law or regulation, we will only collect your sensitive
information with your consent.
When will we notify you that we have received your information?
When we receive your personal information, we will take reasonable steps to notify you on
how and why we collected your information, who we may disclose it to and how you can
access it, seek correction of it or file a complaint. This notice may already be included in the
form or document that you filled out and submitted to us.
When we receive your personal data from third parties, we presume that you have
permitted these parties to share your data with us. We will notify you of the circumstances
of such collection upon your request.
How do we take care of your personal data?
We store information in paper and electronic formats. The security of your personal data is
important to us and we take reasonable steps to protect it from misuse, interference, loss,
unauthorized access, modification, and unauthorized disclosure by establishing and
enforcing measures that include, but not limited to, the following:
Confidentiality requirements and data privacy training of our employees;
Document storage security policies;
Security measures to control access to our systems and premises;
Limitations on access to personal data;
Strict selection of third party data processors and partners; and
Electronic security systems, such as firewalls and data encryption of our websites
and mobile applications.
We may store your personal data physically or electronically with third party data storage
providers. When we do this, we use contractual arrangements to ensure those providers
take appropriate measures to protect that information and restrict the uses to which they can
put that information.
What happens when we no longer need your information?
We will only retain your information for as long as necessary for the purpose for which they
were collected or as required by law and regulation. We will destroy your personal data
when its retention is no longer required by purpose, law or regulation.
How do we use your personal data?
Why do we use your personal data?
We use your personal data for various reasons, mainly:
To comply with law and regulation (for KYC or client identification);
To carry out our obligations arising from contracts entered between you and us;
To conduct our everyday business purposes (to process your transactions and
maintain your account).
Because we offer a range of products and services, collecting your personal data allows us
to provide you with the products and services you requested. This means we can also use
your information to:
Consider your request for products and services, including eligibility;
Process your application; and
Conduct market research and business research, which may include customer profiling.
Will we use your personal data for customer profiling and direct marketing?
With your consent, we may use your personal data to let you know about products and
services that we believe may be of interest to you, including products and services from our
related companies. To help us determine offers most suitable to you, we may use automated tools
for profiling and data analytics.
Such marketing activities may be via mail, telephone, SMS, email, or any other electronic
means. We may also market our products to you through third party channels (such as
social media sites), or via other companies who assist us to market our products and
You can let us know at any time if you no longer wish to receive direct marketing offers or object
to the processing of your data for profiling.
With whom do we share your personal data?
Sharing with the government
To comply with legal and regulatory mandates, we submit required information to
government agencies, like the Bangko Sentral ng Pilipinas (BSP), Bureau of Internal
Revenue (BIR), and Securities and Exchange Commission (SEC).
Sharing with Credit Reporting Bodies
Pursuant to Republic Act No. 9510 or the Credit Information System Act, we may disclose
your personal and other relevant information to the Credit Information Corporation in
connection with your application for and availment of a credit facility with us. This
information may include data on your creditworthiness. With your permission, we may also
share such information with other credit bureaus authorized by the Credit Information
Sharing with other persons and entities
Only after obtaining your consent, we may also disclose your information to third parties for
marketing, cross-selling and other specified legitimate purposes. In instances where your
information is shared with third parties, we will ensure that we would only share your data
with entities that can demonstrate sufficient organizational, technical and physical security
measures that can and will protect your personal data.
How do you access or correct your personal data?
Unless there are practical, contractual and legal reasons why we cannot process your
request, you have the right to ask for a copy of any personal information we hold about you,
as well as to ask for it to be corrected if you think it is wrong. To do so, please email
If you have queries, requests and complaints
We care about what you think and we welcome your feedback. You can contact us: