Privacy Policy

Privacy and Terms

To proceed with the enrollment, you’ll need to agree to the Business Banking Terms & Conditions, which contains the following topics:

How to activate your online banking access.

Online banking products and services you can avail such as account management, fund transfers, bills payments, mobile check deposit, branch visit scheduling, and more.

What are access rights and how these are interpreted in the System.

How we process online transactions and when are service fees deducted.

What are transaction approvals and why it’s important.

What security measures are in place to prevent fraudulent transactions.

Lastly, we process your information as described in our Privacy Policy, including these key points:

Data that we process

We store personal and company information you give us like your name, email, mobile number, company address.

When you login to the UnionBank Business Banking website or app, we process information about that activity – including information such as the device IDs, IP addresses, cookie data and location. These allow us to:

Improve security by protecting against fraud and abuse; and

We store all transaction information processed in the system, such as amount and beneficiary information. This helps us:

Measure and understand how our services are used.

Improve the quality of our services and develop new ones;

By clicking agree, you consent to the Business Banking Terms and Conditions, and the Privacy Policy.

INTRODUCTION

UNIONBANK respects and values your right to privacy with utmost importance. We would like to inform you that we are taking the necessary steps for the protection and security of your personal information and of your use of our services. As provided by the Data Privacy Act of 2012 (“DPA”), its Implementing Rules and Regulations (“IRR”), and issuances by the National Privacy Commission, the Bank guarantees that we are compliant with all the requirements mandated by law, as well as with the generally accepted global data protection standards and regulations. The Bank ensures continued protection of your personal information with our organizational, physical, and technical measures for data protection, including policies for evaluation, monitoring, and review of operations and security risks. This Privacy Policy informs you of updates in our corporate policies regarding the collection, use, storage, disclosure, and disposal of personal information we receive and collect from the Bank customers, payees, users, and any individual who communicate, raise inquiries and concerns, as well as transact with us through our authorized representatives, bank branches, official websites and platforms, and web-based applications and channels. This Privacy Policy shall be subject to changes in our policies and the law. We shall notify you of the changes by posting in our website and other means of communication for your information and reference.

YOUR PRIVACY AND THE LAW
Personal Information refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual. Sensitive Personal Information is any attribute of your personal information that can discriminate, qualify, or classify you such as your age, date of birth, marital status, government-issued identification numbers, account numbers, and financial information. Privileged Information is any and all forms of information which, under the Rules of Court and other pertinent laws, constitute privileged communication (i.e. lawyer-client, priest-confessor, doctor-patient).

Under the Data Privacy Act of 2012, you have the following rights: (1) Right to be informed – you may demand the details as to how your personal information is being processed or have been processed by the Bank, including the existence of automated decision-making and profiling systems; (2) Right to access – upon written request, you may demand reasonable access to your personal information, which may include the contents of your processed personal information, the manner of processing, sources where they were obtained, recipients and reason of disclosure; (3) Right to dispute – you may dispute inaccuracy or error in your personal information in the Bank systems through our contact center representatives; (4) Right to object – you may suspend, withdraw, and remove your personal information in certain further processing, upon demand, which include your right to opt-out to any commercial communication or advertising purposes from the Bank; (5) Right to data erasure – based on reasonable grounds, you have the right to suspend, withdraw or order blocking, removal or destruction of your personal data from the Bank’s filing system, without prejudice to the Bank continuous processing for commercial, operational, legal, and regulatory purposes; (6) Right to secure data portability – you have the right to obtain from the Bank your personal information in an electronic or structured format that is commonly used and allows for further use; (7) Right to be indemnified for damages – as data subject, you have every right to be indemnified for any damages sustained due to such violation of your right to privacy through inaccurate, false, unlawfully obtained or unauthorized use of your information; and (8) Right to file a complaint – you may file your complaint or any concerns with our Data Protection Office at 44/F UnionBank Plaza, Meralco Avenue corner Onyx Road, Pasig City, 1600, Metro Manila, Philippines or dpo@unionbankph.com and/or with the National Privacy Commission through www.privacy.gov.ph

COLLECTION AND USE OF YOUR PERSONAL INFORMATION
UNIONBANK collects and processes your personal information only upon your express consent, which refers to any freely given, specific, informed indication of will, whereby you agree to the collection and processing of your personal, sensitive or privileged information. The Bank processes your personal information in accordance with the law, this Privacy Policy, Terms and Conditions, and other legal instruments which you may have entered into with the Bank.

As mandated by the Bangko Sentral ng Pilipinas, in the usual course of banking business activities, we collect the following personal information from you and about you, including, but not limited to: full legal name, gender, date of birth, nationality, civil status, permanent address, present address, tax identification number and other government-issued identification numbers, mobile number, home number, office contact details, company name, job position or rank, office address, source of funds, gross annual income, among others.

When you provide us with personal information by which you can be reasonably identified, you can be assured that your personal information will be used only in accordance with this Privacy Policy and the relevant Terms and Conditions governing your relationship with us. The Bank collects your personal information from the following sources: 1) your Personal Information Sheet; 2) information we collect about you when you contact us through our authorized representatives in bank branches and contact centers, email, mobile applications or services, and other online and mobile platforms; and) information we collect about you from public records and from other available sources authorized to disclose your information.

All the personal information we collect about you may be combined and processed to improve our products, services, and communications with you. The Bank ensures that only authorized employees and third party service providers, who have undertaken to satisfy our stringent corporate, legal, information security, and data privacy requirements, are allowed to process your personal information. Through your express consent, you agree that we may disclose your personal information to our third party service providers who perform business operations on our behalf or partners who collaborate with us to provide services to you and business partners that provide joint communications that we hope you find of interest.

By registering, signing in to, or using the Bank’s consent forms in our products, services, web platform and applications, you authorize and consent to the processing, sharing and/or transferring by the Bank of your Personal Information relating to your accounts with us for specified purposes which in all cases are in compliance with or pursuant to the Bank’s legal or contractual obligations:

1. Government regulatory agencies, credit information or investigation companies, financial institutions, credit bureaus, other banks, credit card companies, loyalty program partners, consumer reporting or reference agencies such as Credit Card Association of the Philippines, Bankers Association of the Philippines, Credit Information Corporation, and the Transunion Credit Bureau for the purpose of credit investigation, consumer reporting, or for reports of your credit history and account updates;
2. Third persons, correspondent banks, service providers and entities as the Bank deems necessary, to enable the Bank to service your account/s and to provide all the existing features of your account/s, the Bank’s products, services, facilities, and channels, and any future enhancements thereto or to assist the Bank in the processing of your data, including its collection, recording, organization, storage, management, protection, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction;
3. Third parties engaged by the Bank or by its subsidiaries or affiliates for the purpose of direct or indirect marketing to offer selected products and services which may interest you unless specifically instructed otherwise in writing;
4. Insurers, Insurance brokers, or providers of deposit or credit protection or protection against all kinds of risks;
5. Republic Act No. 9510 or the Credit Information Systems Act and its Implementing Rules and Regulations, which mandates the Bank to submit your credit data to the Credit Information Corporation (CIC) and share the same with other accessing entities and special accessing entities authorized by the CIC;
6. Bangko Sentral ng Pilipinas Circular No. 472 Series of 2005 as implemented by the Bureau of Internal Revenue Regulation No. 4-2005, which mandates the Bank to conduct random verification with the Bureau of Internal Revenue in order to establish authenticity of the Income Tax Return (ITR), accompanying financial statements and such other documents, information, and data;
7. National Internal Revenue Code, as amended, which mandates the Commissioner of Internal Revenue to inquire into the bank accounts of the following taxpayers: a) a decedent in order to determine his gross estate; b) a taxpayer who has filed an application to compromise his tax liability on the ground of financial incapacity; and c) a taxpayer, information on whose account is requested by a foreign tax authority;
8. Unexplained wealth under Section 8 of Republic Act No. 3019 or the Anti-Graft and Corrupt Practices Act;
9. Cases under Republic Act No. 9160 or the Anti-Money Laundering Act of 2001, when there is probable cause that the deposits or investments involved are in anyway related to an unlawful activity or a money laundering offense;
10. Regulatory authorities when such other persons or entities the Bank may deem as having authority or right to such disclosure of information as in the case of regulatory agencies, government or otherwise, which have required such disclosure from the Bank and when the circumstance so warrant;
11. Other related and applicable laws and regulations, subject to your right to information under the Data Privacy Act, which legally mandate the Bank to obtain and disclose your personal information to government regulatory agencies and consumer reporting or reference agencies, subject to your right to information under the Data Privacy Act.

Your personal information you provided to the Bank shall only be used for the purpose of service and product delivery you consented to, subject to the Terms and Conditions you agreed to. With your express consent, you may agree and authorize the Bank to share your personal information with private entities subject to mandatory disclosure pursuant to government and public functions. In all instances, we process and/or disclose your personal information in accordance with the Data Privacy Act and its Implementing Rules and Regulations.

DATA STORAGE
It is the policy of the Bank that all systems and storage medium or repositories that store customer data shall have completed the appropriate information security, risk, legal compliance, and privacy impact assessments. Your personal information shall only be stored in the Bank- managed environment. Physical copies of documents containing your personal information shall be stored in physical vaults in a sealed and secure manner. All systems or storage medium or repositories which are used and will be used in the future to store your personal information are and will be duly approved and registered with the Bangko Sentral ng Pilipinas and other regulatory agencies, as the case may be.

DATA ACCESS AND RETRIEVAL
Access refers to a user’s capacity to access or retrieve data stored within a database or other repository. Your personal information can only be accessed and retrieved by authorized personnel of the Bank and only pursuant to a legitimate business purpose, in accordance with the consent you have provided us. Remote connectivity to any Bank- managed environment is only through Virtual Private Network or Access Gateway technology solutions that will enable us to enforce security controls required to protect your personal information.

DATA RETENTION
Regulation and legitimate bank business purpose and policy define the data retention period of your personal information. Pursuant to Section X808 of the Manual of Regulations for Banks issued by Bangko Sentral ng Pilipinas, transaction records shall be maintained and safely stored for five (5) years from the date of transaction except where specific laws and/or regulations require a different retention period, in which case, the longer retention period is observed. Pursuant to the Bureau of Internal Revenue Regulation 17-2013, documents pertaining to your billing statements, which indicate taxable transactions shall be preserved for ten (10) years.

DATA DISPOSAL
The Bank has established mechanisms for secure disposal of data from the Bank’s systems after the data is no longer required by the business for any legitimate purpose and activity. After the defined retention periods, the Bank shall dispose your personal information in a secure manner in order to prevent further processing, unauthorized access, or disclosure to any other party.

PERSONAL DATA BREACH MANAGEMENT
Personal Data Breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed. A Personal Data Breach shall be subject to notification requirements under the following conditions:
1. Compromised data involves personal data that may be used to enable identity fraud;
2. There is reason to believe that the information may have been acquired by an unauthorized person; and
3. The unauthorized acquisition is likely to give rise to a real risk of serious harm to any affected data subject.

The Bank shall notify the National Privacy Commission and affected Customers in case of breach within 72 hours upon knowledge of or reasonable belief by the Bank or our third party processor that a personal data breach has occurred. If such event occurs, we shall notify you, through a secure means of communication, of the nature of the breach, your personal information possibly compromised, measures taken to address the breach and reduce negative consequences, contact details of government authorities concerned and our Data Protection Office who can assist you in mitigating the possible ramifications that can compromise you and your right to privacy.

For inquiries, complaints, and other concerns, you may address them in writing to the Bank’s Data Protection Officer, Ms. Maria Francesca R. Montes via dpo@unionbankph.com.

CONSENT TO THE PROCESSING OF CUSTOMER PERSONAL INFORMATION
By ticking the box, I expressly authorize and consent to the processing, sharing and/or transferring by Union Bank of the Philippines (the “Bank”) of his/her/their Personal Data as this term is defined under the Data Privacy Act and its Implementing Rules and Regulations ("DPA IRR") and all other issuances of the National Privacy Commission (NPC), or otherwise, relating to his/her/their account(s) to any of the following for any of the specified purposes which in all cases are in compliance with or pursuant to the Bank's legal or contractual obligations:
a. government regulatory agencies, credit information/investigation companies, financial institutions, credit bureaus, other banks, credit card companies, loyalty program partners, consumer reporting or reference agencies such as Credit Card Association of the Philippines, Bankers Association of the Philippines, Credit Information Corp. and the Trans Union Credit Bureau for the purpose of credit investigation, consumer reporting, or for reports of his/her/their credit history and account updates;
b. third persons, correspondent banks, service providers and entities as the Bank deems necessary, to enable the Bank to service his/her/their account/s and to provide all the existing features of his / her / their account/s, the Bank products, services, facilities and channels, and any future enhancements thereto or to assist the Bank in the processing of his/her/their data, including its collection, recording, organization, storage, management, protection, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction;
c. third parties engaged by the Bank or by its subsidiaries or affiliates for the purpose of direct/indirect marketing to offer selected products and services which I may have interest unless specifically instructed otherwise in writing or
d. insurers, insurance brokers, or providers of deposit or credit protection or protection against all kinds of risks;
e. regulatory authorities or such other persons or entities the Bank may deem as having authority or right to such disclosure of information as in the case of regulatory agencies, governmental or otherwise, which have required such disclosure from the Bank and when the circumstance so warrant.
I understand that personal information refers to any information, whether recorded in a material form or not, from which his/her/their identity is apparent or can be reasonably and directly ascertained by the entity holding Information, or when put together with other information would directly and certainly identify I.
I agree that I am fully aware that the Bank collects my personal information from any of the following sources:
a. Personal Information Sheet or other form duly accomplished by me as requested by the Bank;
b. Information collected about me when I contact the Bank or the Bank contacts me through the hotline, via email, mobile applications or services, online platforms and otherwise; and) information collected about me from other commercially available sources or recorded communication.
I authorize the Bank and/or its authorized representative to, when deemed necessary or relevant by the Bank,
a. pursuant to BSP Circular No. 472 Series of 2005 as implemented by BIR Revenue Regulations RR-4-2005, conduct random verification with the Bureau of Internal Revenue in order to establish authenticity of Income Tax Returns (ITR), accompanying financial statements and such other documents/information/data submitted by me, and/or
b. obtain or disclose my information or the loan/credit facilities applied for hereunder to any party as the Bank may deem necessary or as may be required or allowed by applicable laws, rules and regulations.
Depositor/s authorize:
a. the regular submission and disclosure of my basic credit data (as defined under Republic Act No. 9510 and its Implementing Rules and Regulations) to the Credit Information Corporation (CIC) as well as any updates or corrections thereof for purposes of including said basic credit data in a centralized credit information system as mandated by law; and

b. the sharing of my basic credit data with Accessing Entities as defined in Republic Act No. 9510 and its Implementing Rules and Regulations authorized by the CIC, and credit reporting agencies duly accredited by the CIC.

I am aware that my personal information is collected and shared for purposes of providing the service, product and/or facility depositor/s has/have applied for or agreed to obtain from the Bank, or for purposes of complying with relevant government or legal mandate or requirement, Depositor/s hereby consent to the disclosure required by such product, service of facility to the enumerated third parties above and further authorize the Bank, its officers, employees or representatives and third parties as enumerated above, to obtain verify and review Information that I have provided and to use and process the same in evaluating my applications to avail of the Bank’s products and/or services, which include a broad range of credit, deposit and other financial products.

I likewise authorize the collection of his/her/their personal, use and processing, directly by the Bank or through its authorized third party service providers, business partners, consultants or advisers, which have satisfied the Bank’s requirements of corporate legal, information security, and data privacy, to either improve the Bank's product or service to me/us or the public in general or to market any other product, service or facility of the Bank which the Bank may determine to be of interest to me/us.

I agree that my authorization and consent as provided herein has been executed freely, voluntarily and with full knowledge of its consequences. It is intended to be the consent and/or permission required under the DPA IRR, RA 1405 or the Bank Secrecy Law and all other relevant laws for the purposes specified above. It is valid as an agreement signed by me and shall have continued effect throughout the duration of my relationship with the Bank and/or existence of my account(s), and/or until the expiration of the retention limit set by laws and regulations, and/or the period set until the destruction or disposal of records as mandated by relevant laws, unless I withdraw such authorization and consent in writing.

I agree to render the Bank, its officers, employees and representatives free and harmless from any and all liabilities arising from the above use and disclosure of his/her/their information.

I certify that Information I have provided in the Personal Information Sheet (PIS) or other form or document as required by the Bank is true, correct and complete and I agree to immediately and/or periodically update the same should there be any change, mistake or inaccuracy thereon. I fully understand that said information may be used by the Bank to provide the service, product or facility the depositor has applied for or agreed to obtain from the Bank. I understand that the contact information provided shall be used for all correspondences between depositor and the Bank unless I notify and promptly advise the Bank in writing of any change on said contact and other personal information.

I acknowledges that I have read, understood and fully agree with the Bank’s Privacy Policy as found in https://www.unionbankph.com/privacy-security#0 and receipt of which I confirm by ticking the box above.

I allow the Bank to keep my personal information only for as long as it is necessary:

a. for the fulfilment of the declared, specified, and legitimate purposes provided above, or when the processing relevant to the purposes has been terminated; or

b. for the establishment, exercise or defense of legal claims; or

c. for legitimate business purposes, which shall be in accordance with the standards of the banking industry.

I authorize the Bank to dispose my personal information in a secure manner in order to prevent further processing, unauthorized access, or disclosure to any other party.

The account holder is responsible for the electronic notification received; as such, the Bank is free and harmless from any liability if Information contained in the electronic notification is, by any means, accessed by any person other than the customer.

By ticking the box on the screen, I acknowledge that I, understood, and fully agree with the UNIONBANK CONSENT TO THE PROCESSING OF CUSTOMER PERSONAL INFORMATION with which I was duly provided, receipt of which I confirm by ticking the box on the screen.

I agree to the UnionBank Privacy Policy

I would like to receive a copy of the Privacy Policy via email