Online Security Policy

This Data Privacy Statement (“Statement”), which has been prepared in relation to R.A.
10173, otherwise known as the Data Privacy Act of 2012, and its implementing rules
and regulations, describes how personal information are collected, processed,
disclosed, and stored by Land Bank of the Philippines (“LANDBANK”) and is applicable
to its employees and all persons who apply for or avail of any of LANDBANK’s products
and services, or who have established or propose to establish an account with
LANDBANK, or who have provided or propose to provide third party security to
LANDBANK (“Client”).

LANDBANK’S METHOD OF PROCESSING PERSONAL DATA

Processing refers to the collection, recording, organization, storage, updating or

modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction
of personal information. If necessary for the efficient delivery of LANDBANK’s products
and services, the processing of personal data may be outsourced to third party service
providers subject to compliance with this Statement and the provisions of the Data
Privacy Act and its Implementing Rules and Regulations.

LANDBANK shall collect personal information through, but not limited to, any of the
following:

• Face-to-face and/or telephone conversation with LANDBANK personnel

• Accomplishment and/or signing of forms/documents

• Online enrollment through electronic banking channels and services (e.g., iAccess,
Mobile Banking Application, etc.)

WHEN DO WE COLLECT PERSONAL INFORMATION

LANDBANK collects information upon the Client’s application for, availment of and/or
usage of LANDBANK’s products and services. This includes, but not limited to, account
opening, loan applications, signing-in to e-Banking channels, etc.

RECIPIENTS OF INFORMATION

Personal information may be processed and shared with various units within
LANDBANK to the extent necessary for any of the purposes herein declared, to credit
information bureaus,or to government authorities under applicable laws, rules and
regulations.

RETENTION AND DISPOSAL

Retention and disposal of personal information shall be made in accordance with the
Records Disposal Policy and Records Disposition Schedule of LANDBANK as approved
by the National Archives of the Philippines under RA 9470.

HOW WE SAFEGUARD PERSONAL INFORMATION

In accordance with the Data Privacy Act, RA 1405 (Bank Secrecy Law), RA 8791
(General Banking Law of 2000), RA 6426 (The Foreign Currency Deposit Act), BSP
Circular 808 series of 2013 (Guidelines on Information Technology Risk Management
for All Banks and other Supervised Institutions), BSP Circular 982 series of 2017
(Enhanced Guidelines on Information Security Management), and Payment Card
Industry Data Security Standard (PCI DSS), LANDBANK, its employees, agents and
representatives, shall handle personal information with utmost care and adhere to
appropriate organizational, physical, and technical measures to maintain the
confidentiality, integrity and security of all personal information in its possession.

How To Protect Yourself Online

LANDBANK encourages clients to take part in protecting their account while doing
transactions online by ALWAYS doing the following:

1. Ensure that the site is secured before using it:

1. Always type the complete web address into your browser instead of clicking links.
By doing this, you are decreasing the risks of being deluded by a phishing site.

Phishing is the practice of attempting to obtain information (e.g., usernames,

passwords, credit card details, Bank account numbers, ATM PIN, etc.) by pretending to
represent a legitimate company in an e-mail or websites. The e-mail usually claims that
it is necessary for the recipient to update and provide the information in the link or form
attached in the e-mail. The criminals then use the information entered on the phishing
site or form for their own fraudulent intentions.

2. Official URL of LANDBANK website: https://www.landbank.com

 3. Ensure that 'https' and the padlock symbol are present in the website. These
indicators signify that the site you are entering is genuine and secure. Double
click the padlock symbol to verify if the certificate issued is still within its valid
dates or if it has been issued to the website you are accessing.

2. Protect your computer from online attacks from viruses, hackers, spywares
and other malicious programs by doing the following:

1. Install and regularly update your Anti-virus and Anti-spyware Software.

2. Activate your computer’s firewall settings.
3. Always update your operating system.
4. Do not download files or software from websites which you are not familiar with
or from hyperlinks sent by strangers.

3. When accessing your account using a public computer or using a public WIFI
network, kindly practice the following:

1. Never adjust your security details.

2. Always log-out from your online session once you are finished with your
transaction.
3. Ensure that no one can see your transactions in public.

5. Personal information such as address, mother's maiden name,

mobile/telephone numbers, social security number, Bank account number and e-
mail address should not be disclosed unless the one gathering the information is
reliable and trustworthy.

6. Regular checking of transaction history details and statements should be done

to ensure that no unauthorized transactions occur.
China Banking Corporation Data Privacy Notice

We are committed to protecting your privacy in accordance with Republic Act 10173 (“Data Privacy Act of
2012”), its implementing rules and regulations, and other applicable laws of the Republic of the Philippines.
We assure you that any information you communicate to us is protected. The Bank employs a combination
of organizational, physical, procedural and technical security measures to secure your personal data.

When and What Personal Information We May Collect

When you apply for, avail or use the Bank’s products or services, interact with our employees and/or
authorized representatives, visit our premises, and/or access our phonebanking, and/or access our online
systems and mobile apps, the Bank may collect your personal information, such as but not limited to your:

 name, gender, nationality, birthdate, address, civil status, education and contact details;
 tax identification number and other government-issued identification numbers;
 employment and/or business information;
 financial information (such as assets, income, expenses, payments and transaction history);
 transaction history and account activities including dealings and interactions with third parties;
 specimen signature, biometrics, voice recordings and cctv footages; and
 other personal information authorized and mandated by law to be collected such as but not limited
to Anti-Money Laundering Act of 2001 (AMLA), Bangko Sentral ng Pilipinas (BSP) Circulars, etc.

In addition, we may use “Google Analytics” to collect information about the visitors accessing our websites.
Google analytics collects information on the IP addresses, geolocation, frequency, pages accessed, web
browser information, and previous sites accessed prior to visiting the Bank’s website. The Bank may use
such information to improve the performance and content of its websites.

If you provide us with any personal information relating to a third party, you represent to us that you have
obtained the consent of such third party to provide us with his/her personal information for the relevant
purposes.

Use and Processing of Your Personal Information

The Bank may use your personal data for various purposes, including but not limited to:

 Know-Your-Customer examination/investigation or client identification related activities;

 evaluating and/or processing your applications or transactions;
 addressing your inquiries, concerns or complaints, and providing product and/or service related
support;
 managing your accounts and performing other audit, administrative and operational tasks (e.g.
credit and collection, customer satisfaction survey, relationship management, risk management,
staff training, due diligence, system or product development and planning, insurance, safety and
security management of premises and services, and general audit);
 informing you about new product/services offerings and promotions by the Bank, its subsidiaries’
and affiliates’;
 profiling, data analysis, behavioural modelling, market research, cross-selling and direct marketing;
 detection, prevention, investigation, and prosecution of fraud or crime;
 compliance with laws and regulations governing our products and services (e.g. AMLA, BSP
Circulars, Credit Information Corporation (CIC) Circulars, etc.);
 performing activities that you have consented to; and
 performing such other activities permitted by law;

Data Sharing
The Bank ensures that only authorized personnel within the various units of the Bank has access to your
personal information. Nevertheless, the Bank may share your personal information with relevant
Government agencies such as BSP, Securities and Exchange Commission (SEC), CIC, Philippine Deposit
Insurance Corporation (PDIC) and Bureau of Internal Revenue (BIR) as mandated by pertinent laws and
regulations. In addition, with your consent, the Bank may share your information with the bank’s offices,
branches, subsidiaries and affiliates that are in collaboration with the bank to provide certain products and
services to you, accredited third parties/vendors, credit reporting or credit reference agencies, credit
protection provider, guarantee institutions, debt collection agencies, private regulatory organizations and
other financial institutions, and other outsourced service providers engaged by the bank for the purposes of
the bank’s conduct of everyday business. Such data sharing activities shall be done in a manner that is
compliant with the Data Privacy Act of 2012 and under an obligation of confidentiality.

Data Retention

The Bank may retain, process, update and/or share your personal information for as long necessary for the
fulfilment of the purpose for which it was collected and such other purposes that you may have consented to
from time to time, or as required by pertinent laws and regulations.

Data Privacy Rights

Under the Data Privacy Act of 2012, the rights of the data subject is specifically set forth in Section 16 of the
said law.

You shall notify us in writing, which must be acknowledged by us, if you do not consent to any of the
processing described above and/or sharing of said information with our representative officers, subsidiaries,
affiliates, agents and accredited third parties/vendors, service providers, or other persons or entities that we
may reasonably select.
UnionBank Privacy Policy
UNIONBANK respects and values your right to privacy with utmost
importance. We would like to inform you that we are taking the necessary
steps for the protection and security of your personal information and of your
use of our services. As provided by the Data Privacy Act of 2012 (“DPA”), its
Implementing Rules and Regulations (“IRR”), and issuances by the National
Privacy Commission, the Bank guarantees that we are compliant with all the
requirements mandated by law, as well as with the generally accepted global
data protection standards and regulations. The Bank ensures continued
protection of your personal information with our organizational, physical, and
technical measures for data protection, including policies for evaluation,
monitoring, and review of operations and security risks. This Privacy Policy
informs you of updates in our corporate policies regarding the collection, use,
storage, disclosure, and disposal of personal information we receive and
collect from the Bank customers, payees, users, and any individual who
communicate, raise inquiries and concerns, as well as transact with us
through our authorized representatives, bank branches, official websites and
platforms, and web-based applications and channels. This Privacy Policy shall
be subject to changes in our policies and the law. We shall notify you of the
changes by posting in our website and other means of communication for your
information and reference.

YOUR PRIVACY AND THE LAW

Personal Information refers to any information, whether recorded in a material form or not, from
which the identity of an individual is apparent or can be reasonably and directly ascertained by the
entity holding the information, or when put together with other information would directly and
certainly identify an individual. Sensitive Personal Information is any attribute of your personal
information that can discriminate, qualify, or classify you such as your age, date of birth, marital
status, government-issued identification numbers, account numbers, and financial
information. Privileged Information is any and all forms of information which, under the Rules of
Court and other pertinent laws, constitute privileged communication (i.e. lawyer-client, priest-
confessor, doctor-patient).

Under the Data Privacy Act of 2012, you have the following rights: (1) Right to be informed – you
may demand the details as to how your personal information is being processed or have been
processed by the Bank, including the existence of automated decision-making and profiling systems;
(2) Right to access – upon written request, you may demand reasonable access to your personal
information, which may include the contents of your processed personal information, the manner of
processing, sources where they were obtained, recipients and reason of disclosure; (3) Right to
dispute – you may dispute inaccuracy or error in your personal information in the Bank systems
through our contact center representatives; (4) Right to object – you may suspend, withdraw, and
remove your personal information in certain further processing, upon demand, which include your
right to opt-out to any commercial communication or advertising purposes from the Bank; (5) Right
to data erasure – based on reasonable grounds, you have the right to suspend, withdraw or order
blocking, removal or destruction of your personal data from the Bank’s filing system, without
prejudice to the Bank continuous processing for commercial, operational, legal, and regulatory
purposes; (6) Right to secure data portability – you have the right to obtain from the Bank your
personal information in an electronic or structured format that is commonly used and allows for
further use; (7) Right to be indemnified for damages – as data subject, you have every right to be
indemnified for any damages sustained due to such violation of your right to privacy through
inaccurate, false, unlawfully obtained or unauthorized use of your information; and (8) Right to file a
complaint – you may file your complaint or any concerns with our Data Protection Office at 44/F
UnionBank Plaza, Meralco Avenue corner Onyx Road, Pasig City, 1600, Metro Manila,