Privacy Agreement
SM Savings and Loan Association, Inc. (hereafter “SM SLA”) complies with the standards and requirements set forth by Republic Act (R.A.) No. 10173, otherwise known as the Data Privacy Act (DPA) of 2012, its Implementing Rules and Regulations, and other data privacy guidelines issued by the National Privacy Commission (NPC) or other relevant government agencies. At SM SLA, we value your personal information and data privacy rights. |
|
Member Information and Purpose of Use SM SLA will collect, process, store, record, organize, update, modify, block, erase, and destroy (collectively referred to as “processing” under Republic Act No. 10173 and its Implementing Rules and Regulations, otherwise known as the “Data Privacy Act of 2012”) members’ personal information (as shown below) for the following purposes:
For the above purposes, we may collect or receive all or some of the following categories of personal information:
Consent The consent of an SM SLA member is documented through our forms (e.g. Membership Application Form, Loan Application Form, Withdrawal Slip, etc.) for the processing of personal information. Such consent, however, will automatically expire ten (10) years from the member’s last transaction with SM SLA (e.g. termination of membership and closure of accounts). Data Sharing SM SLA shares the personal information of members to its authorized third parties, such as: its service group, government agencies (e.g. BSP, AMLC, SEC, BIR, other judicial bodies), collection agents, accredited banks, and other contractors. Any data sharing for commercial purposes shall be covered by a Data Sharing Agreement. How Long Do We Retain Your Personal Information? We will keep the personal information we collect about you for as long as necessary to carry out the Purpose of Use set forth in this Privacy Notice or in accordance with prescribed retention periods under relevant regulations (e.g. BIR). We may also retain your personal data in order to enforce our legal rights or whenever it is required under the DPA or upon lawful order of a competent court or relevant government agency. How Do We Dispose Your Personal Information? Electronic files shall be erased, while physical records shall be shredded for disposal. When appropriate, anonymization techniques may be performed to permanently remove identifiable information from our records. In all cases, we will make sure that the personal information is destroyed in a way that prevents unauthorized people from accessing, processing, or retrieving it. What are the Risks Involved? Risk is the chance that a harmful incident may happen. In the context of personal data, risk refers to the chance that someone might collect, use, disclose, or access your personal data in an unauthorized manner or in a way that may cause you harm. In order to ensure that the risks to your personal information are minimized, we employ various measures to safeguard your personal information. However, this does not guarantee protection against all threats such as when systems are exposed to targeted cyber attacks, malware, ransomware, and computer viruses or when manual records are accessed without authority. In case a security incident occurs, we’re prepared to respond and manage such incidents in line with our policies and in accordance with regulations. Where Do We Store Your Personal Information? Your personal data are stored in a secure facility in the Philippines or in other countries where we or our Business Partners have facilities. When we transfer your personal information to other countries, we comply with the requirements of DPA Legislation or relevant regulation for such transfer and take steps to ensure that your personal information is protected and processed in accordance with this Privacy Notice. How Do We Protect Your Personal Information? We implement industry-standard security measures to protect the confidentiality, integrity, and availability of the personal data that we process. These security measures include the following: Organizational Security Measures
Physical Security Measures
Technical Security Measures
Do We Use Cookies? Our website collects device cookies to enable you to browse our website and to enable us to address your concerns and inquiry better. Cookies are small text files that are stored on your device when you visit our websites or use our apps. We utilize various cookies as described below.
Consent on Cookies You may withdraw your consent by choosing the opt-out function in our cookie setting. However, by opting out of these third-party cookies, your browsing experience may be affected. You may also later opt-out from said third-party cookies after giving your consent by clearing your cookies and other site data in your browser settings. What if You are a Minor? SM SLA shall not knowingly collect the personal data of a person below 18 years old without any legal basis or consent of the minor’s parent/s or legal guardian. Should it come to our attention that the personal data of minors was provided without a legal basis or consent of the minor’s parent/s or legal guardian, such personal data shall be destroyed or deleted in a secure manner. Minors are advised not to provide any personal data, such as their name, age, gender, email address, contact information, among others, and should consult their parent(s) or guardian(s). What are Your Rights and Obligations? You are responsible for ensuring that the personal data you provide is accurate and up-to-date and that you are of legal age when you submit any data to us. We encourage you to use the latest version of web browsers for your own safety and security. Updated web browsers are normally equipped with security features that provide anti-phishing protection, improved parental controls, and tools to prevent malware and other privacy threats. We will not be liable for any damage, loss, injury, or claim that may result when you fail to comply with these obligations. Please set and maintain your communication preferences so that we send communications to you in accordance with your preferences. You are not licensed or otherwise allowed to add other users to our mailing list (email or physical mail) without their express consent. You should not send any messages which contain spam, spyware or virus via the Website. If you would like to report any suspicious messages, please contact us at our email address provided on the latter part of this data privacy and protection notice. As provided under the DPA, you have the following data privacy rights:
If you intend to exercise any of your abovementioned data privacy rights you may contact our Data Protection Officer (DPO) through the contact details provided in the succeeding section. How Can You Contact the DPO? For inquiries regarding the processing of personal data, as well as any concerns or complaints regarding data privacy, or should you want to exercise your rights as a Data Subject, you may contact the DPO using the information below: The Data Protection Officer Email: [email protected] We encourage you to submit your inquiry and/or concerns in writing for proper documentation and tracking. Our response will be within 15 days upon receipt. How Will You Know if this Privacy Notice Changes? SM SLA may change this Privacy Notice from time to time without prior notice. Revised versions of this Privacy Notice will be posted on this page, together with an updated effective date. Last updated on 01 July 2024.
By clicking the “PROCEED TO LOGIN PAGE" button, I hereby give my full consent to SM SLA and its authorized representatives or agents to collect, use, verify, process and dispose in a secure manner, whether through manual or electronic means, for the period allowed under the applicable laws and regulations, any personal data I provide for the purposes of my/our membership and related applications or requests. |