We at Rizal Commercial Banking Corporation (RCBC) value your privacy. We believe that you are entitled to know how we use and protect your personal information. We give this notice to inform you of the ways in which we process your personal information and the means by which you can control, to a certain extent, these processes.


Who is providing this notice?

As the personal information controller under Republic Act No. 10173 or the Data Privacy Act of 2012, RCBC gives this notice to inform you of your rights and our obligations under the law.



What personal information do we collect?

The types of personal data that we collect depend on the product or service that you avail or intend to avail from us, including but not limited to:

  • Full name, gender, place and date of birth;
  • Residential/permanent address;
  • Copy of IDs such as passport, TIN, SSS/GSIS number, or other Government-issued IDs;
  • Employment or business information;
  • Payment details, including credit card and banking information;
  • Contact details, including telephone number and email address;
  • Latest income documentation;
  • Latest billing as proof of address;
  • Images (videos and/or photos) collected via CCTV, and similar devices when you visit our premises, ATMs, or when you use our virtual KYC tools (which may be outsourced);
  • Voice recordings of telephone-initiated transactions and customer service calls; and
  • Other information necessary to provide you with the product or service that you need.

Additional personal data that we collect over the course of our relationship with you

Over the course of our relationship, we may collect data about you including but not limited to your transactions, account history and behavior, information, and inquiries about our products and services.

How do we collect your personal data?

There are many ways that we get information from you. We might collect your information when you fill out a form with us, when you give us a call, use our websites or mobile applications, or drop by one of our business centers. We may also collect your information via the following:

  • In applications, emails and letters to us, in customer surveys, during financial reviews and interviews.
  • From data analysis (for example, the amount, frequency, location, origin, and recipient) of your payments and other transactions, and your use of our products and services.
  • Information that we receive from our subsidiaries and affiliates, and from or through other organizations (for example, card associations, credit bureaus, insurance companies, and fraud prevention agencies) whether in the course of providing products and services to you or otherwise.

How do we collect and manage your sensitive personal information?

The Data Privacy Act considers the following information as sensitive:

  • Race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
  • Health, education, genetic or sexual life of a person;
  • Proceeding for any offense committed or alleged to have been committed by such person, or the sentence of any court in such proceedings; and
  • TIN, SSS/GSIS number, health records, licenses, tax returns, etc.

With your consent, we will collect your sensitive information for legitimate purposes, and in cases permitted or required by law.

Personal data that we collect as authorized or required by law

We may also collect information about you when required or authorized by law. For example, we require your personal data to verify your identity under Republic Act No. 9160 or the Anti-Money Laundering Act of 2001.

Personal data that we collect via your web activities

RCBC uses "Google Analytics" to collect information about use of this site. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. We then use the information collected from Google Analytics only for purposes of improving this site. Google Analytics collects only the IP address assigned to you on the date you visit this site, rather than your name or other identifying information. RCBC does not combine information collected through the use of Google Analytics with any of your personally identifiable information.

Please note that some information may be gathered with the use of 'cookies' which are small pieces of information stored on your browser that may be retrieved by the site. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google and will allow Google Analytics to recognize you on any return visit to this site. Should you wish to disable these cookies, you may do so by changing the appropriate settings on your web browser.

Personal data that we collect through social media

We know that some of you like to engage with us through social media. So that we can respond to your inquiries, we may ask for your name, contact number and email address. We will only collect your information with your consent. For account and transaction inquiries, you can always call our Customer Contact Center.

When will we notify you that we have received your information?

When we receive your personal information, we will take reasonable steps to notify you on how and why we collected your information, who we may disclose it to and how you can access it, seek correction of it or file a complaint. This notice may already be included in the form or document that you filled out and submitted to us. When we receive your personal data from third parties, we presume that you have permitted these parties to share your data with us. We will notify you of the circumstances of such collection upon your request.



Why do we use your personal data?

We use your personal data for various reasons, mainly:

  • To comply with law and regulation (for KYC or client identification);
  • To carry out our obligations arising from contracts entered between you and us;
  • To conduct our everyday business purposes (to process your transactions and maintain your account).

Collecting your personal data allows us to provide you with the products and services you requested. This means we can also use your information to:

  • Consider your request for products and services, including eligibility;
  • Process your application; and
  • Conduct market research and business research, which may include customer profiling.

Will we use your personal data for customer profiling and direct marketing?

With your consent, we may use your personal data to let you know about non-bank products and services that we believe may be of interest to you, including products and services from our related companies (cross-selling). To help us determine offers most suitable to you, we may use automated tools for profiling and data analytics.

Such marketing activities may be via mail, telephone, SMS, email, or any other electronic means. We may also market our products through third party channels (such as social media sites) and partners.

You can let us know at any time if you no longer wish to receive direct marketing offers or object to the processing of your data for profiling.



How long do we keep your personal data?

Your personal information shall be retained for as long as the purposes for which it was collected, and such other purposes that you may have consented to from time to time, remain in effect.

We also keep your information for a period required by law and regulations.

How do we take care of your personal data?

We store information in paper and electronic formats. The security of your personal data is important to us and we take reasonable steps to protect it from misuse, interference, loss, unauthorized access, modification, and unauthorized disclosure by establishing and enforcing measures that include, but not limited to, the following:

  • Confidentiality requirements and data privacy training of our employees;
  • Document storage security policies;
  • Security measures to control access to our systems and premises;
  • Limitations on access to personal data;
  • Strict selection of third party data processors and partners; and
  • Electronic security systems, such as firewalls and data encryption of our websites and mobile applications.

We may store your personal data physically or electronically with third party data storage providers. When we do this, we use contractual arrangements to ensure those providers take appropriate measures to protect that information and restrict the uses to which they can put that information.



Sharing with the government

To comply with legal and regulatory mandates, we submit required information to government agencies, like the Bangko Sentral ng Pilipinas (BSP), Bureau of Internal Revenue (BIR), and Securities and Exchange Commission (SEC).

Sharing with Credit Reporting Bodies

Pursuant to Republic Act No. 9510 or the Credit Information System Act, we may disclose your personal and other relevant information to the Credit Information Corporation in connection with your application for and availment of a credit facility with us. This information may include data on your creditworthiness. We may also share such information with other credit bureaus authorized by the Credit Information Corporation.

Sharing with Service Providers

In the normal course of our banking operations, we may share your data with third party service providers who passed our due diligence assessment to perform tasks and activities on our behalf. They will be provided only with personal data necessary to perform their services. Contractual protections and monitoring procedures are in place to ensure they do not process such data for other purposes. These activities may be performed by IT firms to provide us with application systems and IT infrastructure services, including cloud services.

Sharing with other persons and entities

After obtaining your consent, we may disclose your information to third parties for further processing such as marketing, cross-selling and other specified legitimate purposes. In instances where your information is shared with third parties, we will ensure that we would only share your data with entities that can demonstrate sufficient organizational, technical and physical security measures.



What happens when we no longer need your information?

We will only retain your information for as long as necessary for the purpose for which they were collected or as required by law and regulation. We will destroy your personal data when its retention is no longer required by purpose, law or regulation.



How do you access or correct your personal data?

Unless there are practical, contractual and legal reasons why we cannot process your request, you have the right to ask for a copy of any personal information we hold about you, as well as to ask for it to be corrected if you think it is wrong. To do so, please email dataprivacy@rcbc.com.



Under the Data Privacy Act, you have the right:

  • To be informed – as a data subject, you have the right to be informed that your personal data will be, are being, or were, collected and processed.
  • To access – you have a right to obtain a copy of any information relating to you that we have on our computer databases and/or manual filing systems. It should be provided in an easy-to-access format, accompanied with a full explanation executed in plain language.
  • To object – unless required by law, rules and other regulations, you have a right to object to the processing of your personal data, including processing for direct marketing, automated processing or profiling.
  • To erasure or blocking – you have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data.
  • To be indemnified of damages – you may claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, considering any violation of your rights and freedoms as data subject.
  • To data portability – you have the right to obtain and electronically move, copy or transfer your data in a secure manner, for further use.
  • To rectify – you have the right to dispute and have corrected any inaccuracy or error in the data we hold about you.
  • To file a complaint – If you feel that your personal information has been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated, you may file a complaint or any concern with our Data Protection Officer and/or with the National Privacy Commission.

For request to update and/or rectify your personal information, please go to any RCBC branch near you.

To update your mobile number and email address, you may use RCBC Online Banking. Just log-in to your RCBC online account and click "My
Profile" button and update your information.



We may amend this Notice to comply with changes in relevant laws and regulations, and to keep you informed of changes in the ways we process your personal data.

Updates will be posted on this website.



Data privacy requests and concerns

For your data privacy concerns and requests, kindly fill out the Privacy Contact Us Form below.

You may also contact our Data Protection Officer:
Email: dataprivacy@rcbc.com
Address: Regulatory Affairs Group Office, RCBC Plaza, 6819 Ayala Avenue, Makati City, Philippines

For your RCBC Credit Cards data privacy concerns and requests, you may contact dataprivacy@rcbcbankard.com

You may also contact the National Privacy Commission
Email: info@privacy.gov.ph or complaints@privacy.gov.ph
Address: 5th Floor Delegation Building, PICC Complex, Roxas Boulevard
Mobile Nos. 09451534299 / 09399638715

Privacy Contact Us Form

Attach supporting documents here