Data Privacy Statement

INTRODUCTION

  1. Tonik Digital Bank Inc. (“Tonik”, “we”, “us”, “our”) cares deeply about how important your Personal Data for you. This Privacy Statement explains what we gather, keep, store, use, process and how we do it.
  2. This Privacy Statement applies to all past, present and prospective Tonik customers and non-customers (such as, but not limited to, anyone who transacts with Tonik users from a Tonik Account, visitor to our site, anyone who engages our Customer Care channel); each of the foregoing, “you” or “your”.
  3. You confirm that you have read, understood and agreed to be bound by the Tonik Privacy Statement, which is available at the Tonik website and Tonik Mobile Banking Application (“Application”).
  4. You have agreed that Tonik may collect, hold, use, and share your Personal Data pursuant to the Data Privacy Act of 2012 (Republic Act No. 10173) to Tonik, our affiliates, our merchants, co-branding, and other strategic partners (collectively, “merchant-partners”) for as long as your records and Personal Data are required and/or allowed by law to be retained and processed, whether for your protection or for the protection and pursuit of the legitimate interests and/or business purposes of Tonik. As used herein, “affiliate” means any person or entity that, now or hereafter, directly or indirectly, controls (whether singly or together with others), is controlled by, or under common control with Tonik, where “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies whether through ownership of securities or equity interest, management authority, or contract.

HOW WE OBTAIN YOUR DATA

  1. The following are some ways we collect your data:
    1. We obtain your data, with your consent, when you:
      1. share it with us when you register on our website or Application,
      2. share it with us when you apply for or avail of any product or service offered from time to time by Tonik,
      3. upload documents, files, or images as part of applying for or availing of any product or services offered from time to time by Tonik,
      4. sign a contract with Tonik, or accepting offer of product or service from Tonik,
      5. interact with any of our employees, representatives, agents and/or service providers,
      6. contact us through one of our channels or visit our websites.
    2. We collect your Personal Data from your organisation when it becomes a partner or if it is an existing partner, and your Personal Data is provided to help us contact your organisation, or when your organization refers you to Tonik.
    3. We collect your Personal Data from other sources, including, without limitation, government agencies and instrumentalities, supervisory bodies, professional associations/organizations/clubs, tax authorities, courts of competent jurisdiction, other companies, and other third party sources.

  1. Some of your data and information will be gathered through the use of 'cookies'. Cookies are small bits of information that are automatically stored on a person's web browser in their computer that can be retrieved by this site. Such information, for example, may be a user's password that is stored to avoid having to retype it during subsequent uses of the Application or subsequent visits to a site. We use cookies to give you the best possible experience on our the Application and website. Should you wish to disable these cookies, you may do so by changing the settings on the Application or on our website.

    We use cookies for a variety of reasons, such as to determine preferences, let users navigate between pages efficiently, verify the user and carry out other essential security checks.

    However, please remember that cookies are often used to enable and improve certain functions on our Application and website. If you choose to switch certain cookies off, it is likely to affect how our Application and our website works. For example, if your browser is set to disable 'session' cookies, although you will still be able to view our public website, you won't be able to log on to internet banking.

WHAT WE PROCESS

  1. We process your personal information (“Personal Data”), including, among others, the following data:
    1. Identification data, such as, among others your name, date and place of birth, age, government ID number, email address, mailing address, telephone or mobile number, title, nationality, gender, and a specimen signature, postal code, social security number, as well as the name, date of birth,  gender, email address, mailing address, and telephone or mobile number of your relatives and spouse (“relatives”), when applicable;
    2. Transaction data, such as your bank account number, any deposits, withdrawals and transfers made to or from your account, and when and where these took place, customer account number, card number, etc.;
    3. Financial data, such as invoices, bank statements, credit notes, payslips, payment behaviour, financial information documents, the value of your property or other assets, your credit history, credit capacity, financial products you have with Tonik, whether you are registered with a credit register, payment arrears and information on your income, etc.;
    4. Socio-demographic profile, such as education, employment details including the office address and contact number/s of your employer and co-employees, career track, customer segment, whether you are married and have children, etc.;
    5. Behaviour and preferences data, such as data you share with us when you fill up our survey or when you contact our Customer Care channel, IP address of the mobile device or computer you use and the pages you visit on Tonik websites and the Application;
    6. Know your customer (KYC) data as part of customer due diligence and to prevent fraudulent conduct or behaviour that contravenes local and international sanctions and to comply with regulations against money laundering, terrorism financing, and tax fraud;
    7. Audio-visual data, where applicable and legally permissible, we process recordings of phone or video calls. We can use these recordings to verify telephone requests, for example, or for fraud prevention or staff training purposes;
    8. Biometric data, such as facial recognition data, voice identification or fingerprint. We will use biometric data for customer verification;
    9. Your interactions with Tonik on social media channels. We may follow public messages, posts, likes and responses to and about Tonik on the internet.
    10. Sensitive data (health, ethnicity, religious or political beliefs, genetic or biometric data, or criminal data) may be processed if:
      1. We have your explicit consent;
      2. We are required or allowed to do so, by applicable local law;
      3. You instruct us to make any payment or remittance to any person or entity including, without limitation, to a political party or religious institution ; or
      4. You choose the biometrics option for recognition and authentication in order to access and transact using the Application.
    11. Information from cookies, or other technologies deployed for analysis of visits to, usage and transactions in websites, Installed mobile applications, SMS or the use of any information technology application of and/or used by us, social media networks, data aggregators and data integrators and other available data sources and the use of the internet.
    12. The Tonik App will also require your permission to access your camera, audio, gallery, contacts, installed apps, and location to function as intended. We do not store any of your contact details.

YOUR DUTY TO PROVIDE DATA

  1. Your Personal Data may be needed before we may perform certain services and provide certain products, or when we are legally required to collect Personal Data. We will only ask for the relevant data to carry out the mentioned objectives. Failure to provide the necessary Personal Data, or to allow the processing, profiling and sharing of such Information may result in us being unable to make available or provide, or cause delays in the availability or provision, of products and services, including, without limitation, inability or delay in accessing and using of the Application or our website.
  2. With respect to the Personal Data of third parties that you provide or otherwise make available to us (including, without limitation, Personal Data of your relatives, friends, payees, beneficiaries, attorneys, attorneys-in-fact, guarantors, and, employees and officers of your employer) (each a “Related Person”), you represent and warrant to us that you have provided us with their correct and up-to-date information, and have obtained their consent to (a) collect and deliver to us their Personal Data, (b) process, store, and share their Personal Data in accordance with this Privacy Statement, with the understanding that this Personal Data may be used to contact them in relation to your Accounts, applications for products or services, or Cards of Tonik.

WHAT WE DO WITH YOUR DATA

  1. For us to provide and render our products and services to you, you hereby:
    1. waive your confidentiality rights under the relevant bank secrecy laws such as but not limited to Republic Act Nos. 1405, 8791 and 8484 (otherwise known as The Secrecy of Bank Deposits Law, The General Banking Law of 2000 and Access Device Regulations Act); and, allow us to contact you, your relatives, and/or employer through the Personal Data you provide to us, and make use of third parties for verification as part of our due diligence and Know your customer (KYC) procedures;
    2. agree that you and your Related Persons’ Personal Data may be processed, profiled and shared in and to any country/jurisdiction as we consider appropriate or necessary. Such Information may also be processed, profiled and shared in accordance with the local practices and laws, rules and regulations (including any regulatory requests, governmental acts and orders) in such country/jurisdiction.
    3. agree to indemnify and keep Tonik and its affiliates, including their respective stockholders, directors, officers, employees, and representatives free and harmless from and against any and all claims, suits, actions or proceedings which may arise as a result of or in connection with the lawful release and disclosure of your Personal Data.
  2. We use your Personal Data for business purposes such as:
    1. process applications for products and services of Tonik, our affiliates, merchant-partners, establish, maintain or terminate accounts, and establish, provide or continue banking/credit facilities or financial services, including, without limitation, credit, debit, charge, prepaid or any type of card, investment products, insurance, loan, mortgage, auto loan, and other financial products and services;
    2. undertake activities related to the provision of such products and services, including, without limitation, transaction authorization, transaction notification and confirmation, preparation and delivery of card, preparation and delivery of statements, customer service and other support services, conduct of surveys, product/service offerings and related materials, and administration of rewards and loyalty programs, which activities would involve contacting you through various modes of communication including, without limitation, via the Application, mail, telephone call, SMS, fax, electronic mail, internet, mobile, social media, chat, biometric, and other technological tools and development.
    3. verify your identity or authority, or that of representatives who contact us or may be contacted by us and to carry out or respond to requests, questions or instructions from your representatives;
    4. performing agreements to which you are a party so that we can carry out your instruction and/or analyse your eligibility for product and services by taking steps prior to entering into agreements. If allowed under local law, and you choose to use it, we may use your face, fingerprint or voice as recognition for authentication into mobile apps and certain operations;
    5. service offering and/or service development or improvement so that you can enjoy the utmost benefit that Tonik, its affiliates, or merchant-partners have to offer from time to time;
    6. from time to time, providing you with newsletters and other communications regarding Tonik, its affiliates, and merchant-partners, and offering or marketing to you and to individuals you refer to us, products or services of Tonik, its affiliates, or merchant-partners, conducting market, product and service research, and designing or refining any such products or services offered or marketed, which activities would include, without limitation, contacting you or such individuals through various modes of communication including, without limitation, via the Application, mail, telephone call, SMS, fax, electronic mail, internet, mobile, social media, chat, biometric, and other technological tools and development;
    7. enforce and defend our rights, as well as the rights of our affiliates, and our/their employees, officers, directors, and stockholders, whether such rights are contractual or otherwise, including, without limitation, in order to collect amounts owing from you;
    8. undertake risk assessment, behavior analysis, statistical and trend analysis and planning activities, including, without limitation, to carry out data processing, statistical, credit, risk and anti-money laundering and sanctions analysis, credit scoring models, credit worthiness checks (which includes, without limitation, conducting banking, credit, financial and other background checks and reviews, and maintaining banking, credit and financial history of individuals); In this regard, we may disclose from time to time your Personal Data and the Personal Data of third parties that you provide to us, for income verification with tax authorities, banks, banking associations, and credit bureaus;
    9. Business process execution, business management and reporting (including, without limitation, credit and risk management, system or product development and planning, insurance, audit and administrative purposes);
    10. monitoring and recording calls and electronic communications with you for record keeping, quality assurance, customer service, training, investigation, litigation and fraud prevention purposes;
    11. ensuring protection of your Personal Data, your assets with Tonik, and the financial system; and
    12. comply with legal, regulatory, governmental, tax, law enforcement and compliance requirements (both local and foreign), and disclosure to any foreign or domestic market exchange, court, tribunal, and/or legal, regulatory, governmental, tax and law enforcement authority pursuant to relevant laws, treaties, guidelines, regulations, orders, or requests from such authorities), including, without limitation, Know your customer (KYC) data obligations, and monitoring, reporting, and taking action under the money laundering or terrorism financing prevention program.
    13. comply with contractual arrangements or to support initiatives, projects and programs by or between financial industry self-regulatory organizations, financial industry bodies, or other financial institutions, including, without limitation, assisting other financial institutions to conduct background or credit checks or collect debts;
    14. undertaking automated processing of your and your Related Persons’ Personal Data for any, some, or all of the purposes set out above;
    15. any other purpose relating to any of the foregoing.
  3. When processing is not compatible with one of above purposes, we ask for your explicit consent which you may withhold or withdraw at any time.
  4. Applicable laws require us to retain Personal Data for a period of time. Generally, we delete your Personal Data or bundle data at a certain abstraction level (aggregate), render it anonymous, and dispose of it in five (5) years in accordance with applicable laws and regulations. We may retain your Personal Data for a longer period for an ongoing audit, investigation, litigation, or other legal proceeding.
  5. We may use your existing or retained Personal Data, KYC information, and transaction history with us (including existence of active, dormant, terminated, or blocked accounts) when you use our products and services.

WHO WE SHARE YOUR DATA WITH AND WHY

  1. Tonik may share your and your Related Persons’ Personal Data to any of the following, in accordance with any of the purposes set out above:
    1. our affiliates and our merchant-partners;
    2. drawee-bank or payee-bank clearinghouse or service provider thereof, credit reference company or bureau, dealer, registrar, paying and collecting agent, insurer, credit card company, acquiring company, card network or association, other financial institutions in order to, among others and without limitation:
      1. process certain payment and withdrawal services;
      2. exchange secure financial transaction messages;
      3. process payments and credit transactions locally and worldwide;
      4. process electronic transactions locally and worldwide;
      5. settle domestic and cross-border security transactions and payment transactions; or
    3. service providers and other third parties who provide services to us or any of our affiliates in connection with the operation or maintenance of our business (including their employees and officers), including, without limitation, service providers who are engaged in:
      1. optimizing, debugging and enhancing our products and services, including our mobile application;
      2. designing, developing and maintaining internet-based tools and applications;
      3. accessing and utilizing applications or and infrastructure (including, without limitation, cloud services);
      4. marketing activities or events and managing customer communications, including mobile attributions and the provision of analytics;
      5. preparing reports and statistics, printing materials, and designing products;
      6. legal, auditing or other special services provided by lawyers, notaries, trustees, company auditors or other professional advisors;
      7. identifying, investigating or preventing fraud or other misconduct through specialized companies;
      8. facilitating payment and transfer of funds;
      9. securing credit history and verifying ability to pay; or
      10. performing specialized services like courier service or postal mail by our agents, archiving of physical records, services by contractors, and external service providers;
    4. our and our affiliates’ research partners, and we will hold such researchers to the same strict requirements as Tonik employees;
    5. credit reference agencies, and, in the event of default, lawyers and debt collection agencies;
    6. any person or entity to whom we are an obligation or otherwise required to make disclosure pursuant to legal process or under the requirements of any foreign or domestic law, regulation, court order or agreement entered into, binding on or applying to us, or agreement entered into by us and any foreign or domestic governmental authority or between or among any two or more domestic or foreign governmental authorities;
    7. any of our actual or proposed assignee or participant or sub-participant or transferee of our rights in respect of any product or service offered to or availed by you, or any of our or our affiliates’ actual or proposed assignee of all or any part of our or our affiliates’ assets or business; 
    8. any person or entity giving or proposing to give a guarantee or third party security to guarantee or secure your obligations to, or contract with, us;
    9. third party reward, loyalty, privileges, programs or other related services and/or service or product provider;
    10. charitable or non-profit making organizations or other recipients of donations or contributions from you;
    11. The subcontractors, assignees, vendors or delegates of each of the above-described persons or entities.
  2. Whenever we share your Personal Data with third parties, we will ensure that we comply with requirements based on applicable local and foreign, if applicable, laws and regulations.
  3. Tonik may also obtain your Personal Data from our affiliates and merchant partners. The Personal Data shall be provided in a manner and form as specified in a separate agreement between Tonik and its partners, and shall be used by Tonik only for declared valid and legitimate purposes. Tonik and its partners shall take reasonable measures to protect the Personal Data from accidental, unauthorized, unlawful disclosure to other parties.

YOUR RIGHTS AND HOW WE RESPECT THEM

You have privacy rights when your Personal Data is used. Based on applicable laws, your privacy rights may vary from jurisdiction to jurisdiction. If you have questions about which rights apply to you, or you would like to exercise any of your rights, please get in touch with us. You have the following rights:

  1. Right to access your Personal Data that we use or process;
  2. Right to require us to correct any Personal Data which is inaccurate or erroneous;
  3. Right to object to processing. You can object to Tonik in the processing of your Personal Data, including processing for direct marketing, automated processing or profiling. However, we will still process and share in the instances provided under applicable law, rules and regulations, such as, but not limited to:
    1. if the Personal Data is needed pursuant to a subpoena;
    2. if the collection and processing is necessary for the performance of or in relation to the contract or service between you and us, such as, but not limited to, your continued use of the Application or our website, and;
    3. the Personal Data is collected and processed as a result of a legal obligation on our part.
  4. Right to object to receiving commercial messages from us.
    1. When you become a Tonik customer, we may ask you whether you want to receive offers for Tonik products and services, as well as those of our designated partners and/or third party partners. You can always change your mind by opting out and unsubscribing to our commercial email;
    2. We may send you newsletters, emails, telephone calls, or mobile notifications informing you about these products and services. If you don’t want to receive these offers you have the right to object to or to withdraw your consent;
    3. When you opt out from receiving commercial emails from us, we will still alert you on your banking activities and any unusual activity, such as when transactions have been made, your credit or debit card is blocked or when a transaction is requested from an unusual location;
  5. Right to data deletion. When regulatory agencies or government authorities require us to delete your Personal Data, we no longer need it, we unlawfully process your data, you withdraw your consent, or you object to us processing your data for our own legitimate interests or for personalised commercial messages, we will delete your Personal Data from our system;
  6. Right to complain if you are unsatisfied with our way of handling your Personal Data by filing a complaint with the National Privacy Commission;
  7. As a data subject, you shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of Personal Data, taking into account any violation of your rights and freedom as a data subject; and
  8. When exercising your rights, we may ask you for necessary identification details to verify your identity. We may deny your request and, if permitted by law, we will notify you of the reason for such denial. We may charge a reasonable fee for processing your request. If there is any delay in response time, we will notify you immediately and provide reasons for the delay.

HOW WE KEEP YOUR DATA SAFE

  1. We take appropriate technical and organizational measures (policies and procedures, IT security, etc.) to ensure the confidentiality and integrity of your Personal Data and the way they are processed. We have an internal policy framework and it is periodically kept up to date with regulations and market developments.
  2. The Data we process are stored in a secure cloud protected by firewalls and strict access permissions to prevent any unauthorized access, usage, and alterations. Third-party environments are subject to the same security controls that the Bank employs, aligned with regulatory and industry standards.
  3. We will retain your Data in accordance and consistent with the BSP Regulations:
    • Retention period for transaction records shall be five (5) years from the date of transaction except where specific laws and/or regulations require a different retention period, in which case, the longer retention period is observed.
    • For financial data and documents which indicate taxable transactions, data shall be preserved for ten (10) years per BIR Regulation.
  4. After the expiration of the imposed retention period, we will either:
    • securely and permanently delete or destroy the relevant personal data; or
    • anonymize or de-identify them.
  5. In addition, Tonik employees are subject to confidentiality obligations and will not disclose your Personal Data unlawfully or unnecessarily. You may contact Tonik if you suspect that your Personal Data may have been compromised, through your Application or sending us an email at dataprivacy@tonikbank.com or at the customer care hotline +63 2 5322 2645.

MISCELLANEOUS

  1. We may amend this Privacy Statement from time to time to remain compliant with any changes in laws and/or to reflect how our business processes Personal Data. You will be notified prior to the effect of any changes.
  2. To learn more about Tonik’s data privacy policies and how we use your Personal Data, you can chat with us through your Application, or by sending us an email at dataprivacy@tonikbank.com or call us at the customer care hotline +63 2 5322 2645.
 

 


Version: July 2023