Because we value your privacy, this Data Privacy Notice (“Notice”) is for all customers (“you” or “your”) who open a Deposit product, namely, the Tonik Savings Account (“TSA,” or “Tonik Account”), or apply for any Loan products, including the Shop Installment Loan, Cash Loan, and Upsell (“TDB Loans”), offered by Tonik Digital Bank, Inc. (“Tonik,” “TDB,” “Bank,” “Tonik Digital Bank,” “us,” “we,” or “our”). This Notice explains how we collect, use, share, store, protect, and dispose of your Personal Data in line with the Data Privacy Act of 2012 (the “DPA” or “Republic Act No. 10173”), and the relevant circulars, issuances, and regulations of the National Privacy Commission (NPC). Any capitalized terms used but not defined in this Notice will have the meaning(s) given to them under the DPA.
1. WHO WE ARE
We are Tonik Digital Bank, Inc., a licensed digital bank located in the Philippines, offering safe and easy-to-use banking services with a wide range of retail financial products, including deposits, savings, loans, payments, and cards, all through our highly secure digital banking platform on your mobile app.
2. THE PERSONAL DATA WE COLLECT
When you apply for an account with Tonik through our app, and while you use our Deposit and/or Loans products, we collect the following types of Personal Data:
Personal Identifiers: Your name, email address, home address, mobile number, date and place of birth, nationality, gender, and parents’/guardians’ name;
Biometric Information: Biometric data such as facial recognition, voice identification, or fingerprints;
Business/Employment Information: Your business details (e.g., company name, address, contact information, nature of business, and citizenship or nationality of the beneficiary or beneficial owner, where applicable), and employment information (e.g., company name, job title, industry, hiring date, salary, employment status, pay slips, and certificate of employment);
Transaction Information: This covers details about your use of our services and the transactions made through your Deposit or Loan accounts. It includes the amounts credited or debited such as deposits, withdrawals, transfers, or loan payments along with when, where, and how these transactions occur;
Payment/Cash-In or Out Information: Bank account details, credit, debit, or other payment card information for card linking to Tonik Account for cash-in or out purposes, billing address, payment methods, bank account statements, or credit card statements;
Government ID Data: Details from your government-issued IDs, including your photo;
Other Information You Provide to Us: The content of your correspondence with us, including communications with our customer support (such as through email, chat, in-app inbox and calls, messaging platforms such as, but not limited to, Viber and WhatsApp, or other social media channels);
Behavior and preferences data: This includes information about how you interact with us and your preferences when using our services. It may cover your behavior and communication patterns when engaging with our Customer Care channels, the details of your chosen settings and preferences, the IP address of the device you use, and the pages you visit on Tonik websites and applications; and
Information from Cookies, or Other Technologies: Data collected through cookies and similar technologies to analyze visits, usage, and transactions on our websites, and installed mobile applications. This may include device metadata such as SMS, contacts, and network information, details from our information technology applications, as well as from social media networks, data aggregators, data integrators, and other publicly available sources. For this purpose, data aggregators refer to entities or service providers that collect and compile information from multiple sources, such as websites, applications, and public databases, to create consolidated datasets for analysis, reporting, or commercial use. Meanwhile, data integrators refer to entities or service providers that combine or harmonize data obtained from various systems or platforms to ensure consistency, accuracy, and completeness of information used for analysis, processing, or service improvement.
3. WHAT WE DO WITH YOUR DATA
HOW WE PROCESS YOUR INFORMATION WHEN YOU OPEN A DEPOSIT ACCOUNT WITH US
USE OF YOUR INFORMATION BY TONIK
| Type/s of Personal Data | Purpose/s of Processing | Legal Basis for Processing |
|---|---|---|
| Personal Identifiers | - To facilitate and complete the opening and maintenance of your Deposit account with TDB. - To communicate with you regarding your account, including request for confirmations, balances, statements, and real-time transaction updates or notifications. - To provide you with information, news, and updates about Tonik products and services. - To send marketing or promotional content. | - To enter into and perform our Deposit contract with you (e.g., Terms & Conditions). - Where required under applicable law, we will obtain and rely on your consent. You may withdraw your consent at any time, but this will not affect the lawfulness of any processing of your Personal Data carried out before the withdrawal. |
| - To facilitate and complete the opening and maintenance of your deposit account with TDB. - To verify your identity, manage and process your requests such as cash-in/cash-out transactions, and assist you with customer support when needed. - To send marketing or promotional content, offers, and updates that may be relevant to you based on your profile or eligibility. | - To enter into and perform our Deposit contract with you (e.g., Terms & Conditions). - Where required under applicable law, we will obtain and rely on your consent. You may withdraw your consent at any time, but this will not affect the lawfulness of any processing of your Personal Data carried out before the withdrawal. |
| - To comply with the rules and requirements set by the Anti-Money Laundering Council and Bangko Sentral ng Pilipinas. - To use, keep, or share your Personal Data if we are required to do so by regulators, law enforcement agencies, courts or other authorities. | To comply with our legal and regulatory obligations. |
| - To improve your experience with TDB by giving you personalized content, helpful user suggestions, and timely notifications. - To operate, maintain, improve, provide, create, and develop both new and existing features, functions, and services within TDB. - To provide and increase safety and security for our websites, products, software, or applications and services (by preventing, detecting and implementing proper measures against spam, scammers, abuse, misuses of our services and violation of our rules). - To investigate and address incidents and violations of our terms. To detect, prevent and manage unlawful behavior. | To pursue our legitimate interests in ensuring that your experience with our products and services is smooth, efficient, safe, and secure, and that your use of them remains effective and aligned with our applicable terms and conditions. |
| - To carry out data analysis, identify usage trends, and measure how effective our products are. - To investigate and resolve incidents, ensure compliance with our Terms of Service, and to detect, prevent, and take action against unlawful activities. | To pursue our legitimate interests in improving our products and services, and in keeping the use of product safe, secure and reliable. |
HOW WE PROCESS YOUR INFORMATION WHEN YOU AVAIL OF OUR LOAN PRODUCTS
At Tonik, we offer a wide array of Loan products designed to match the needs and preferences of our customers and their preferred credit facility in line with our mission of financial inclusion. These include:
Shop Installment Loan (SIL) - An unsecured loan product used specifically for purchasing goods such as appliances (e.g., refrigerator, washing machine, television), furniture and other consumer items. For this product, Tonik partners with Purple Hub Inc. (PHI) and its Promoters, to help promote and accept SIL applications in various retail stores working with Tonik. For verification purposes, PHI Promoters may request a valid government ID from applicants. This ID is checked only to confirm the authenticity of the document and the applicant’s eligibility for the Loan. The ID is not recorded or retained by PHI.
Cash Loan - An unsecured multi-purpose loan that provides quick and affordable credit to individuals, ranging from PHP 5,000.00 to PHP 50,000.00 depending on the eligibility of the customer.
Upsell Loan - An unsecured multi-purpose loan available to customers with an existing Loan history at Tonik. Loan amounts range from PHP 5,000.00 to PHP 250,000.00.
USE OF YOUR INFORMATION BY TONIK
USE BY TONIK DIGITAL BANK, INC
| Type/s of Personal Data | Purpose/s of Processing | Legal Basis for Processing |
|---|---|---|
| Personal Identifiers | - To process your Loan application, release your Loan funds and record your payments. - To communicate with you about your Loan application status, send payment reminders, handle collections, and provide customer service. - To communicate with you regarding your account, including request for confirmation, balances, statements, and real-time transaction updates or notifications. - To provide you with news, updates, and information about Tonik products. - To send marketing or promotional content. | - To enter into and perform our Loan contract with you (e.g., Loans Terms & Conditions, Amortization Schedule, and other Loan documents). - Where required under applicable law, we will obtain and rely on your consent. You may withdraw your consent at any time, but this will not affect the lawfulness of any processing of your Personal Data carried out before the withdrawal. |
| - To process your Loan application, release your Loan funds and record your payments. - To verify your identity, review and process your Loan application, and decide whether it can be approved or denied. - To assist you with customer support when needed. - To send marketing or promotional content, offers, and updates that may be relevant to you based on your profile or eligibility. | To enter into and perform our Loan contract with you (e.g., Loans Terms & Conditions, Amortization Schedule, and other Loan documents). |
| - To comply with the rules and requirements set by the Anti-Money Laundering Council and Bangko Sentral ng Pilipinas. - To use, keep, or share your Personal Data if we are required to do so by regulators, law enforcement agencies, courts or other authorities. | To comply with our legal and regulatory obligations. |
| - To improve your experience with TDB by giving you personalized content, helpful user suggestions, and timely notifications. - To operate, maintain, improve, provide, create, and develop both new and existing features, functions, and services available within TDB. - To provide and strengthen the safety and security for our websites, products, software, applications, and services by preventing, detecting and taking proper action against spam, scams, abuse, misuse of our services, and violation of our rules. - To investigate and address incidents and violations of our terms. - To detect, prevent and manage unlawful behavior. | To pursue our legitimate interests in ensuring that your experience with our products and services is smooth, efficient, safe, and secure, and that your use of them remains effective and aligned with our applicable terms and conditions. |
| - To carry out data analysis, identify usage trends, and measure how effective our products are. - To investigate and resolve incidents, ensure compliance with our Terms of Service, and to detect, prevent, and take action against unlawful activities. | To pursue our legitimate interests in improving our products and services, and in keeping them safe, secure, and reliable. |
USE BY PURPLE HUB, INC. (FOR SHOP INSTALLMENT LOANS ONLY)
| Type/s of Personal Data | Purpose/s of Processing | Legal Basis for Processing |
|---|---|---|
| Government ID Data | To verify your identity, review and process Loan applications and decide whether they are approved or denied. | To fulfill PHI’s legal obligations with Tonik, as set out in their Channeling Partnership Agreement. |
4. WHO DO WE SHARE YOUR INFORMATION WITH
Sharing with Third Parties - As part of our operations, Tonik may share certain information with trusted third parties, including merchant-partners, banks, financial institutions, service providers, credit bureaus, insurers, vendors, and messaging or Voice-over-Internet Protocol (VoIP) applications. Such sharing is carried out only for legitimate business purposes, including but not limited to, payment processing, fraud detection and prevention, customer verification, delivery of important customer notifications, and the performance of technical or operational services necessary to support our products and services. Tonik ensures that all third parties process shared data in accordance with our data privacy policies, contractual safeguards, and applicable data protection laws and regulations.
NOTE: For SIL Loans, PHI and its Promoters do not share any of your information with anyone else. PHI does not record or store your information except for checking a valid government ID during application, as explained in Item No. 3 of this Notice.
Sharing for Legal and Regulatory Compliance - Tonik may disclose information if required by law, regulation, or official request. This includes complying with requirements from government agencies, courts, or law enforcement, and may also involve sharing with credit reference agencies, or other authorities.
Sharing with Business Partners and Affiliates - Tonik may share information with its affiliates and business partners to support joint activities such as research, marketing, and financial arrangements like loan participation or guarantees. These partners are different from our service providers and work with Tonik on broader business collaborations.
Cross-Border Data Transfers - Some of the Personal Data processed by Tonik may be transferred across borders. When this happens, we make sure the transfers comply with data protection laws and regulations, both locally and internationally, and that your information remains safeguarded at all times.
5. YOUR CONTROLS AND CHOICES
As a Data Subject, you have the following rights regarding your Personal Data:
Right to Access and Correct
You have the right to know whether Tonik holds any of your personal data and to request access to such information. This includes the right to obtain details about how your data is collected, used, shared, and stored. You may also ask us to correct or update any Personal Data that you believe is inaccurate or incomplete.
Right to Object, Withdraw, Suspend/Block, or Delete
You may object to the processing of your data, or request that we withdraw, suspend/block, remove, or delete it.
Note: These rights may not apply if the data is required for us to meet regulatory obligations or to establish, exercise, or defend legal claims.
To exercise these rights, please contact TDB’s Data Protection Officer at dataprivacy@tonikbank.com.
Right to File a Complaint
If you believe your data protection rights have been violated, you have the right to file a complaint with the NPC at complaints@privacy.gov.ph.
Right to Indemnification
You also have the right to claim indemnification for any damage caused by the inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your Personal Data.
For more information about your rights as a Data Subject and how to exercise them, please visit the NPC’s official website at https://privacy.gov.ph/.
6. DATA RETENTION AND DISPOSAL
Tonik will generally keep your Personal Data for five (5) years from the date of your last transaction with us or from your separation from the Bank, whichever happens later. We retain your information in line with Tonik’s data retention policies and in compliance with applicable laws and regulations. Your Personal Data will only be kept for as long as necessary to meet legal, regulatory, and business requirements, as set out in our data privacy policies. After the five (5) year retention period, your Personal Data will be securely disposed of in accordance with our policies and the law.
7. DATA SECURITY AND INTEGRITY
Your Personal Data is stored in secure databases managed by the Bank’s IT Department. We use a combination of physical, technical, and organizational safeguards to protect the confidentiality and security of your information. These protections are regularly reviewed and updated to meet with regulatory requirements and keep up with new technologies.
8. CHANGES TO THIS NOTICE
We may update this Notice from time to time to align with technological advancements, industry standards, regulatory obligations, or legal requirements. If we make significant changes, we will let you know either by email, through a notice on our website or app, or by other appropriate means. If required by law, we will also ask for your consent.
9. CONTACT US
To learn more about Tonik’s data privacy policies and how we use your Personal Data, you can reach us in the following ways:
Chat with us through the Tonik app
Email us at dataprivacy@tonikbank.com
Call our Customer Care Hotline at +63 2 5322 2645.
You can also view Tonik’s full Data Privacy Statement at https://tonikbank.com/data-privacy-statement.
10. CONSENT
By ticking the box on your application as to the processing of your information, you confirm that you have read and accepted the terms of this Notice. You also consent to the collection, use, disclosure, retention and disposal of your Personal Information as described in this Notice.
Last updated: 1 November 2025
