Better Banking means we value and protect your personal information. At Security Bank, it is one of our fundamental responsibilities as a financial institution to ensure that we protect the information entrusted to us by our clients and our website visitors. This is in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations and other issuances by the National Privacy Commission (NPC), as well as globally accepted data privacy standards and regulations. It is our responsibility to exert all efforts to protect your personal information against privacy and security risk such as, but not limited to, unauthorized collection, use, storage, and retention, excessive collection, and retention, confidentiality breach, availability breach and integrity breach. We ensure the employment of proper organizational, physical and technical security measures for the protection of personal information. Furthermore, we adhere to the general principles of transparency, legitimate purpose and proportionality accorded by law as well as recognize your rights as our data subjects.

In this Privacy Notice, we explain what personal data we process, how we collect, use, share, retain and dispose personal information that we obtain from you in the course of doing business or as a user of this website.
1. Who we are. Security Bank shall refer to any member of the SBC Group which is Security Bank Corporation and its affiliates, subsidiaries, bank assurance companies and other related entities, and their authorized service providers, agents and representatives.

2. Why and how we collect your personal information. We collect and use personal information that is material and relevant to your banking transaction and in fulfillment of the legal or contractual obligation we have with you in order to provide you with our services and to best adapt our business processes to your needs. This information may also be used by us to offer you our other products and services based on your profile and upon your consent, which you may revoke at any time, subject to applicable laws and regulations.

We may manually or automatically collect your personal data when you:
• Visit our website (eg. Cookies)
• Engage in banking transactions
• Submit application forms
• Make inquiries or requests
• Report a complaint or answer customer survey forms

3. Scope of this Privacy Notice and consent for processing of personal information. This Privacy Notice applies to the personal data that we collect about you for purposes of providing you with our services and products. We reserve the right to make changes to this Privacy Notice at any time. We encourage you to regularly review this Privacy Notice to make sure you are aware of any changes on how your personal information may be used. Our Privacy Notice is a controlling document to which you should refer if you have questions about Security Bank’s data processing practices. We collect and process your personal information only with your express consent, unless it is processing is based on any of the lawful basis for processing personal and/or sensitive personal information under sections 12 and 13 of the Data Privacy Act of 2012. Consent of data subject refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her. This shall be evidenced by written, electronic or any recorded means.

4. What personal information do we collect. Personal information is information from which your identity is apparent or can be reasonably and directly ascertained. This includes sensitive personal information which serves to classify or qualify you based on different parameters such as age, status, origin, affiliation, health condition and others. It also covers your government issued and kept data such as social security numbers and tax returns.

When you apply for or avail of any of our products or services, we primarily collect the following:
• your complete name;
• your contact details such as, but not limited to, address, mobile number, email address;
• complete date of birth
• educational background
• employment details or business information
• specimen signature
• government ID details
• CCTV footages or images taken during your visit to any of our branches/offices
• Voice recordings of our inbound or outbound calls with you
• financial information (i.e. income, expenses, deposits, investments, account balances, tax, insurance, and other financial and transaction history)

and other relevant personal information so that we can process your transactions throughout the duration of the banking relationship.

We may also use any information collected from third-party entities such as government regulators, public authority, judicial, supervisory, tax authorities or courts of competent jurisdiction for any legitimate business purpose, pursuant to a lawful mandate or any other lawful basis under the law.

Further, we may collect, use and keep your personal opinions or comments made known to us via feedback or responses to surveys or any other interaction that you had with our employees, authorized representatives, agents and service providers for purposes of providing you with better services throughout your relationship with the bank.

Website and Social Media Privacy Policy

When logging on to Security Bank’s official website and official Security Bank social media accounts, which are linked in Security Bank’s website footer, we collect personal information that you voluntarily submit. If you connect to Security Bank using Facebook or any other social media site, we will receive your personal information that you have authorized the social media site to share with us. Any information that we collect from your social media account may depend on the privacy settings you have set in the social media site. When you use Security Bank’s website, your device and browser automatically provide information to us that may enable us to track and serve relevant content to you. In order to provide better service, we employ the use of “cookies”. A cookie is a small piece of information which a website stores on your web browser and can later retrieve. The cookie cannot be read by a website other than the one that set the cookie.
• Necessary Cookies. These cookies are necessary for you to be able to use our website and its features in order to provide you with a smooth and seamless experience when navigating our site.

• Third-party Cookies. This cookie will be used to track your interests based on the pages you visited on our website. We will use this cookie to generate advertisements that are tailored fit for your interests to offer better banking services to you . Third-party cookies are used to monitor your web activity on our website therefore determining what best interests you but only in relation to the Security Bank products and services. We may use the data gathered through cookies to contact you via post, email, or SMS. You can set up your web browser to inform you when cookies are set or to prevent cookies from being set. Your browser software may contain a feature which is intended to notify you of the cookie policies of the various web sites you visit. If you wish to opt out of collecting the cookies from this website, you may adjust your browser’s privacy and security settings according to your preference.

5. How we use your information. Manual or automated processing of your personal information within or outside the Philippines is done with utmost confidentiality and strictly in accordance with relevant data privacy laws and the following:

a) Your Consent – For the execution of your banking transaction and fulfillment of our legal and contractual obligations with you, the Bank obtains your explicit and recorded consent for the following purposes, such as, but not limited to:
• provision of basic banking services done through over-the-counter transactions, web transactions or mobile banking transactions;
• sharing of information to SBC Group and other affiliates for cross-selling of products and services;
• profiling, research, data analytics and credit evaluation/reference checks;
• audit and account balance confirmation

b) Legal – Security Bank, in compliance with regulatory authorities, may process your personal data pursuant to regulatory reporting requirements consistent with the banking services offered as deemed fit by the Bank. This may include providing information to governmental authorities, regulatory agencies.

c) Contracts- The Bank regularly goes into contracts with private entities that may include the transfer or sharing of your information for purposes of sub-processing and/or data sharing. While data sharing shall be done only with your explicit consent, other personal information may also be processed to fulfill any contractual obligations or any legitimate interest in connection with the services we offer.

d) Third-Party – The company has a legitimate interest in disclosing or transferring your personal information to a third party in the event of any business transfer such as reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings)

e) Other legitimate interest- Processing of your personal data may be done by virtue of a legitimate business interest in connection with the banking service or any other contractual obligation, with utmost respect to your rights as our data subject.

6. How we share your information. In the course of doing business, Security Bank may make your personal information available, with your consent or pursuant to any legitimate lawful purpose under the law, within or outside the Philippines to:
o Our group of companies. The Group is composed of Security Bank and its affiliates and subsidiaries reported as part of the conglomerate map/group structure as defined under BSP Circular no. 749. Access to personal information within the Group is restricted to those individuals who have a need to access the information for legitimate business purposes based on adequate internal policies on information security and data privacy. We may also provide access or share your personal information with your consent to the SBC Group for purposes of cross-selling and marketing products.
o Our business partners and service providers. We have duly accredited processors in our business partners who act as advisers, consultants, service providers, contractors, or vendors, and their authorized agents and representatives who may perform different activities on behalf of the bank. These business partners underwent a rigorous vetting process and covered by contractual agreements before engagement and abide by the bank’s standards on data privacy and information security.
o Governmental authorities and industry associations. We may disclose your information to any Authority (governmental or regulatory authority, self-regulatory body or industry association in various jurisdictions) in connection or adherence (whether voluntary or otherwise) with legal or regulatory requirements.
o Cross border information sharing. Due to the global nature of the banking business, we may transfer your personal information to any of the abovementioned parties who may be located outside the Philippines. In doing so, we ensure that the cross-border transfer is secure and that we are transmitting your personal information to a country which has adequate data privacy standards before agreeing to such cross-border transfer.

See Annex A for the list of third-party recipients

7. How we protect your information. We safeguard the confidentiality, integrity and availability of your personal information physically or electronically by maintaining a combination of organizational, physical and technical security measures based on generally accepted data privacy and information security standards. These include the following:
Organizational. We have policies in place to protect your personal information:
• Data Protection Policy and Privacy Manual
• Security Incident Management Policy
• User Access Control
• Acceptable Use Policy
• Data Protection Training for bank personnel before onboarding and annually thereafter to promote privacy awareness and equip skills on proper handling of your personal data
• Third-party outsourcing contracts or data sharing agreements laying out obligations and liabilities as well as operational details surrounding the transfer and/or processing of personal data.

Technical. We employ up-to-date technical security measures including:
• End-to-end encryption;
• Data classification;
• Regular testing of policies through an annual breach drill;
• Conducting regular Vulnerability Assessment and Penetration Testing (VA/PT) of our internal systems;
• Password-protection of documents in transit.

Physical. We equip our employees and other authorized service providers with proper training and capacity in safekeeping any physical document that may contain personal data. This includes:
• Use of secured lockers and bags for documents at rest or in transit;
• Only authorized persons has access to physical files and documents;
• Provision of security badges;
• CCTV monitoring.

Whenever we engage with a third-party to provide services for us, outsourcing contracts are executed following the prescribed elements set by the NPC. We require them to protect personal information aligned with our own security standards to secure data from destruction, unauthorized access, alteration, disclosure, fraudulent misuse and/or any other unlawful processing, as well as other natural and human dangers. We may also store your personal information with third-party data storage providers who adopt proper measures to protect your information in accordance with the bank’s standards.

8. How long we retain your information. We will retain your personal information for up to five (5) years following the closure of the account, termination of the business relationship or after the date of the occasional transaction in accordance with retention limits set by law. We may, however, retain your personal information for more than five (5) years, should there be any legal or regulatory requirement or any case pending which includes your information on any court of competent jurisdiction, in accordance with law.

After which, these shall be disposed following the Bank’s guidelines on disposal of confidential data, either physical or electronic, in accordance with any existing law or regulation.

9. If you have issues with regards to how we process. As our valued customer, you are afforded the following rights in relation to your personal information under the Data Privacy Act which can be viewed in this link https://www.privacy.gov.ph/know-your-rights/
• To be informed that your personal information will be collected and how it will be processed,
• To have reasonable access to your personal information held by the bank,
• To dispute any error in your personal information and have it corrected,
• To have your personal information erased or blocked from our system if said information is incomplete,
• outdated, false, unlawfully obtained, used for unauthorized purposes or no longer necessary for the purposes for which they were collected,
• To object to the processing of your personal information
• To obtain your personal information from the bank in a portable and usable format,
• To lodge a complaint before the National Privacy Commission, and
• To be indemnified for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal information.

10. Who to contact for issues. If you have any questions or requests in relation to the processing of your personal information, please do not hesitate to contact our Data Protection Officer through the following:

• Email: [email protected]
• Address: Data Protection Officer
• Security Bank Corporation Compliance Office
• Security Bank Centre 6776 Ayala Avenue Makati City
• Or call our Customer Service hotline at +632 8887-918

This Data Privacy Notice has been updated as of February 16, 2023

E-Mail and Inquiry

Inquiries sent through our website pages will be transmitted and stored in a safe environment. Since e-mail is not entirely secure, we will not include confidential account information in the response. If we need confidential information from you, a customer service representative will contact you. You may also contact us by phone, mail or by visiting the branch nearest to you. Check if the domain is from securitybank.com (e.g. [email protected]). Make sure that it is not misspelled as some hackers take advantage of this vulnerability.

Sensitive Information

We will never ask for passwords, credit card numbers, or other personal information in an e-mail. If you do receive an e-mail requesting for this kind of information, don’t reply. If you think the e-mail is legitimate, contact us by phone, mail or visit our nearest branch to confirm.

Visit www.securitybank.com by typing the URL into your address bar

Don’t use the links in an email if you suspect the message might not be legitimate. Instead, call us on the telephone, or log onto the website directly by typing in the Web address in your browser. Those links may take you to a spoofed site that might send all the information you enter to the scam artist who created the site. Even if the address bar displays the correct address, don’t risk being fooled. There are several ways for hackers to display a fake URL in the address bar on your browser.

Regularly check your bank statements

If you check your bank statement regularly, you may be able to stop a scam artist and thwart them before they can cause major damage.

Report abuse

If you feel you have been a victim of fraud, inform us at [email protected], or immediately call our Customer Help Desk at telephone number 8887-9188. For phishing concerns, please email us at [email protected] or [email protected] for credit card.

This notice is being issued to support the intentions of Bangko Sentral ng Pilipinas (BSP) Circular No. 542, which is to provide consumer protection applicable to e-banking products and services of Security Bank.

Although the following are focused on the risks and risk management techniques associated with an electronic delivery channel to protect customers and the general public, it should be understood, however, that not all of the consumer protection issued that have arisen in connection with new technologies has been specifically addressed. Additional policies, guidelines or procedures may be issued in the future to address other aspects of consumer protection as the financial service environment through electronic banking evolves.

1. E-Banking Oversight Function

a.) Security Bank’s Board of Directors and senior management committee are responsible for developing the Bank’s e-banking business strategy and establishing an effective management oversight over e-banking services, encompassing the review and approval of the key aspects of the Bank’s security control program and process, such as the development and maintenance of security control policies and infrastructure that properly safeguard e-banking systems and data from both internal and external threats. It also includes a comprehensive process for managing risks associated with increased complexity of and increasing reliance on outsourcing relationships and third party dependencies to perform critical e-banking functions.

The Bank’s Board of Directors and banks’ senior management shall take necessary steps to ensure that Security Bank has updated and modified where necessary, its existing risk management policies and processes to cover current or planned e-banking services.

b.) Security Bank’s Compliance Officer shall ensure that proper controls are incorporated into the system so that all relevant compliance issues are fully addressed.

Management and system designers are tasked to consult with the Compliance Officer during the development and implementation stages of e-banking products and services. This level of involvement will help decrease the Bank’s compliance risk and may prevent the need to delay deployment or redesign programs that do not meet regulatory requirements.

2. E-Banking Risk Management and Internal Control

a.) Information Security Program

Security Bank, through its Information Technology Group, shall encourage the development of a security culture within the organization. Security Bank shall establish and maintain comprehensive information security program and ensure that this is properly implemented and strictly enforced. The information security program should include, at a minimum, the following:

• Identification and assessment of risks associated with e-banking products and services;
• Identifications of risk mitigation actions, including appropriate authentication technology and internal controls;
• Information disclosure and customer privacy policy; and
• Evaluation of consumer awareness efforts.

Security Bank shall perform the appropriate adjustment or update to its information security program in light of any relevant changes in technology, the sensitivity of its customer information and internal or external threats to information.

b.) Information Security Measures

Security Bank shall ensure that information security measures and internal controls related to electronic banking are installed, regularly updated, monitored and are appropriate with the risks associated with its products and services.

(Please refer to Appendix A and Appendix B for the minimum security measures that Security Bank shall employ in its ATM facilities and internet/mobile banking activities, respectively, to protect depositors and consumers from fraud, robbery and other e-banking crimes)

Security Bank shall also take into account other relevant industry security standards and sound practices as appropriate, and keep up with the most current information security issues (e.g., security weaknesses of the wireless environment), by sourcing information from well-known security resources and organizations.

c.) Authentication

To authenticate the identity of e-banking customers, Security Bank shall employ techniques appropriate to the risks associated with its products and services. The implementation of appropriate authentication methodologies should start with a risk assessment process. The risk should be evaluated based on the type of customer; the customer transactional capabilities (e.g., bill payment, fund transfer, inquiry); the sensitivity of customer information and transaction being communicated to both the Bank and the customer; the ease of using the communication method; and the volume of transactions.

Because the standards for implementing a commercially reasonable system may change over time as technology and other procedures develop, Security Bank and its technology service providers shall continuously review, evaluate and identify authentication technology and ensure appropriate changes are implemented for each transaction type and level of access based on the current and changing risk factors.

Account fraud and identity theft are frequently the result of single-factor (e.g., ID/password) authentication exploitation. Where risk assessments indicate that the use of single-factor authentication is inadequate, Security Bank shall implement multifactor authentication (e.g., ATM card and PIN), layered security, or other controls reasonably calculated to mitigate those risks.

Security Bank’s authentication process shall be consistent with and support overall security and risk management programs. An effective authentication process shall have customer acceptance, reliable performance, scalability to accommodate growth, and interoperability with existing systems and future plans as well as appropriate policies, procedures, and controls.

d.) Account Origination and Customer Verification

With the growth in e-banking and e-commerce, Security Bank shall use reliable methods of originating new customer accounts. Potentially significant risks may arise when a Bank accepts new customers through the internet or other electronic channels. Thus, in an electronic banking environment, Security Bank shall ensure that in originating new accounts, the Know-Your-Clients (KYC) requirement which involves “face-to-face” process is strictly adhered to.

e.) Monitoring and Reporting of E-banking Transactions

Monitoring systems can determine if unauthorized access to computer systems and customer accounts has occurred. Security Bank shall ensure that a sound monitoring system is in-place and that such system includes audit features that can assist in the detection of fraud, money laundering, compromised passwords, or other unauthorized activities.

Security Bank shall be responsible for activation and maintenance of audit logs that can help the Bank identify unauthorized activities, detect intrusions, reconstruct events, and promote employee and user accountability. This control process can also facilitate Security Bank in the submission of suspicious activities reports as required by the Anti-Money Laundering Council (AMLC) and other regulatory bodies.

Security Bank shall see to it that adequate reporting mechanisms are in place to promptly inform security administrators when users are no longer authorized to access a particular system and to permit the timely removal or suspension of user account access.

Whenever critical systems or processes are outsourced to third parties, Security Bank shall ensure that the appropriate logging and monitoring procedures are in place and that suspected unauthorized activities are communicated to the Bank in a timely manner.

An independent party (e.g., internal or external auditor) shall also review activity reports documenting the security administrators’ actions to provide the necessary checks and balances for managing system security.

3. Consumer Awareness Program

Consumer awareness is a key defense against fraud, identity theft and security breach. (Please refer to Appendix C for the minimum Consumer Awareness Program of Security Bank)

Security Bank shall implement and continuously evaluate the effectiveness of its consumer awareness program. Evaluation may include tracking the number of customers who report fraudulent attempts to obtain their authentication credentials (e.g., ID/password), the number of clicks on information security links on websites, the number of inquiries, etc.

4. Disclosure and Business Availability

Security Bank shall provide its customers with a level of comfort regarding information disclosures or transparencies, protection of customer data and business availability that they can expect when using traditional banking services.

To minimize operational, legal and reputational risks associated with e-banking activities, Security Bank shall make adequate disclosure of information and take appropriate measures to ensure adherence to customer privacy and protection requirements (Please refer to Appendix D for the minimum disclosure requirement). Similar to the record keeping requirements on paper-based transactions, Security Bank shall ensure proper safekeeping and monitoring of records or information regarding e-banking financial transactions and disclosures.

5. Complaint Resolution

Security Bank may receive customer complaints either through an electronic medium or otherwise, concerning an unauthorized transaction, loss, or theft in its electronic banking account. Therefore, the Bank shall ensure that controls are in place to review these notifications and that an investigation is initiated as required. Security Bank shall establish procedures to resolve disputes arising from the use of the electronic banking products and services.