- Data Privacy Statement
BPI (Europe) Plc Data Privacy Statement
We take the privacy of the information we hold about you seriously. We ask that you read carefully this Data Privacy Statement as this explains how we collect, access, protect, use, share and retain personal information we have about you when you apply for and avail of our products and services.
This statement outlines the general practices of the Bank of the Philippine Islands (Europe) Plc (“BPI Europe”) in relation to our processes and content which are made available through our website. This Statement also covers the privacy practices for our customers who apply for and obtain products and services from us, such as, but not limited to, deposits, loans, international payments, and other such products and services that the bank may offer from time to time.
What we may collect from you and where it comes from
We collect information about you, your transactions, your use of our products and services and your relationships with Bank of the Philippine Islands (BPI), and all its subsidiaries or affiliates when you apply for or avail of any product or service that BPI Europe offers or when you interact with our employees.
- These may include personal information (contact details, financial information, family, and employment details) that come from:
a. Customer Information Sheet (CIS) you filled out, supporting documents (passports, visa, proof of address, proof of National Insurance Number, etc.) you provided, including information about payments you make or receive such as the date, amount, currency, details of the payee or payer, proof of source of funds and purpose of transaction and accounts you hold with other providers;
b. third parties such as credit reference and fraud prevention agencies, publicly available information such as country court judgments and electoral registers;
c. your interaction with us through emails, post, social media and the way you use your account(s) for example, your use of branches (images via CCTV), telephone facility (voice recording) or online banking;
- These may also include information you give us about other people (such as dependants, providers, employers or joint account holders) that we will use to provide services or, upon your request, to share it with third parties. If so, you confirm that you have gotten their permission or you are authorised to give us these information.
How we use your information and lawful basis for processing these information
The information you provided and we have collected from other sources is used to provide our products and services to you and to manage your account(s), for legitimate business purposes and in compliance with regulatory requirements.
We may use your information specifically to:
- consider your application with us, verify your identity and that of your spouse/partner/ provider or employer;
- manage and operate your account(s) including updating your records with us;
- carry out regulatory checks to fulfil our regulatory obligations and comply with any subsequent applicable laws;
- protect ourselves against harm to our rights and property interests;
- manage our internal operational requirements including audit and compliance, credit and risk management, training, and product and services development
- prevent and detect financial crime, terrorist financing and debt recovery including tracing;
- As a subsidiary of BPI, we may have to share your relevant personal and/or account information to BPI and its subsidiaries, as part of the services and technological support provided to us, for any of the following purposes:
- to validate, consolidate or update your customer information records and/or credit history;
- to comply with legal obligation to which BPI or the concerned subsidiary/ies or affiliate/s is subject to.
- We have the following lawful basis for collecting, processing, and using your data:
- We obtained explicit consent from you to use your information;
- To allow us to process your transactions and provide the banking services you need such as receiving payments and/or making payments to your account;
- To allow us to meet our regulatory and legal obligations by obtaining your identification details to combat financial crime in the industry;
- To protect our legitimate interests to detect, prevent, and investigate fraud, money laundering and other, crimes and to verify your identity in order to protect our customers and our business.
- If BPI Europe asks for your consent or permission to process your personal data, you can refuse, or withdraw your permission at any time by using the contact details at the end of this privacy notice.
Who we can share your information with
We’ll keep the information we hold about you secure and confidential. We may however, have to share, transfer, and disclose your information when we use it for purposes as set out above to:
- any member of BPI and its subsidiaries and anybody who provides services to them or their agents. Information will be shared outside the UK;
- our service providers and agents (including sub-contractors) for providing services to us such as updating your records, storing your data, processing your payments, and carrying out actions to comply with regulatory and legal requirements;
- other financial institutions, fraud prevention agencies, trade associations and credit and debt recovery agencies and agents;
- government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators e.g. the Prudential Regulation Authority, the Financial Conduct Authority, the Information Commissioner’s Office);
- courts, to comply with legal requirements, and for the administration of justice;
- persons acting on your behalf, payment recipients (e.g. utility companies when they need to apply the payment to you), beneficiaries, account nominees, intermediary, correspondent and agent banks, clearing houses and clearing or settlement systems;
- anyone else when you have requested and consented to do so;
- anyone to whom we transfer or may transfer our rights and duties in this agreement.
- Sharing your personal data
- Outside the United Kingdom or European Economic Area.
- We share, transfer, and/or disclose your personal information to above persons or companies outside the UK and the European Economic Area. While some countries have adequate protections for personal information under applicable laws, in other countries there is still a need for measures to be implemented to ensure appropriate safeguards apply to it. These may include imposing contractual obligations of adequacy or requiring the recipient to comply or be certified with an “international framework” of data protection. You likewise consent to having your information transferred by us, or others processing on our behalf, or their agents, to authorities in other countries if the disclosure is required by UK law and that of those countries.
- Fraud prevention and immigration agencies
- The personal information we have collected directly from you when you applied or at any stage will be shared with fraud prevention agencies that will use it to verify your identity, your right to stay in UK and to prevent fraud and money laundering. If fraud is detected, you could be refused certain services, finance, or employment in the future. In case of questions on your right to stay, we will refuse your application and we will have to submit your personal information to the Home Office. We can also search and use our own internal records for these purposes.
- Credit reference checks
- In cases where you apply for a credit product, we will perform credit and identity checks to process your application with one or more credit reference agencies. To do this, we will send your personal information including your name, birthday, and address to these credit reference agencies and they will give us information about you. Our search (whether or not your application is successful) may affect your ability to get credit elsewhere. We will likewise continue to exchange information (details of your account and how you manage it) with the credit reference agencies while our relationship is on-going. If you do not repay any debt in full or on time, it will be recorded and this information will be shared to others performing similar checks, for tracing, and to recover your debts with us. Records will remain on file for five (5) years after they are closed, whether settled or defaulted. For joint applicants, a financial association link will be created at the credit reference agencies to link your financial records to be taken into account in all of your future applications by either or both of you until either of you apply for a notice of disassociation with the credit reference agencies.
- Marketing related searches
- For marketing our products and services we’ll send out through phone, mail, fax, and other digital methods such as MMS (Multimedia Message Service) and SMS (Short Message Service). We’ll never pass your information though to a third party for them to use in their own direct marketing without your consent. You can ask us to stop or start sending you marketing messages at any time either by writing us, calling us or visiting our branch.
How long we keep your information
The information we have about you will be kept secure for as long as it required by us (even if you close your account) in order to comply with legal and regulatory requirements, or for operational reasons such as dealing with any queries relating to your account. We normally keep data up to five (5) years unless we receive a notice from legal authorities to keep the data longer. We will continue to protect your data the entire time.
Your rights under applicable data protection law
Your rights are as follows (noting that these rights do not apply in all circumstances and that data portability is only relevant from May 2018):
- the right to be informed about our processing of your personal data;
- the right to have your personal data corrected if it is inaccurate, and have any incomplete personal data completed;
- the right to object to processing your personal data, such as not sending marketing materials via email;
- the right to restrict processing your personal data by not sharing your personal information to companies that we have business with provided that such information is not critical nor required by applicable laws and regulations in maintaining the services that you have availed with us;
- the right to have your personal data erased;
- the right to request access to your personal data subject to restrictions applied to us by certain laws and regulations; and
- the right to move, copy or transfer your personal data (“data portability”).
To exercise any of the above rights, please visit our website at www.bpieuropeplc.com to download the Data Subject Access Request Form (DSAR).
For more details you may:
- Visit our website
- Visit our BPI Europe Plc Earls Court branch
- Email us at firstname.lastname@example.org
Changes to our Data Privacy Statement
We may modify or amend this Data Privacy Statement from time to time to keep up with any changes in relevant laws and regulations applicable to us or how we collect, access, protect, use, share and retain your personal information. Any relevant updates will be posted on the BPI Europe website.
1. Personal Information/Data – refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
2. Sensitive Personal Information/Data – refers to personal information:
a. about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
b. about an individual’s health, education, genetic or sexual lie of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
c. issued by government agencies peculiar to an individual which includes, but not limited, to social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
d. specifically established by an executive order or an act of Congress to be kept classified.
3. BPI subsidiaries and affiliates – members of the BPI Group of Companies such as, but not limited to, Bank of the Philippine islands, BPI Direct Banko, and BPI Family Savings Bank.