​​ FB Share
Privacy Notice for the BSP Mobile App

Privacy Statement


The Bangko Sentral ng Pilipinas (BSP) is committed to fully protect your personal data privacy in compliance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA).

In all instances, we assure you that processing your personal data will strictly follow the provisions of DPA, especially the general data privacy principles of Transparency, Legitimate Purpose, and Proportionality.

The BSP's mandate under Republic Act No. 11211, otherwise known as “The New Central Bank Act," and other special laws, involves a number of processes that may include personal information related to its personnel, business contacts, customers, or staff of financial and non-financial institutions it supervises and regulates, as well as the general public in the course of surveys and similar activities intended for research and policymaking. These processes are subjected to independent audit to improve the quality of information and delivery of service.

BSP Mobile Application Privacy Notice

This Privacy Notice is for the BSP Mobile application (app) which contains functionalities that enable the BSP to collect and process users' personal information. The BSP Mobile app includes the BSP Online Buddy (BOB), a consumer chatbot that receives complaints against banks and other BSP-supervised financial institutions (BSFIs).

Personal Data Collected and Manner of Collection

We collect the following personal data when you use the BOB chatbot through the BSP Mobile app:

  • Full name
  • Email address

Basis, Use, and Purpose for Processing of Personal Data

Your personal data will be used for the following purposes:

  • For documentation and processing of inquiries and requests within the BSP, enabling the BSP to properly address and forward them to its internal units for appropriate action;
  • To receive feedback for services provided, either through the BOB chatbot or other communication tools;
  • To provide updates and advisories through push notifications and widgets; and
  • To provide appropriate action that a data subject may require concerning their data privacy rights.

 
Moreover, we may collect other personal data that are necessary to provide support and data subject assistance.

Methods utilized for automated access

The BSP uses Google Analytics for Firebase, a third-party service, to analyze our app traffic data, determine our app's engagement, and improve our app's services and features.

The following web traffic data are processed for this purpose:

  • Your IP address
  • The screens accessed on our app
  • The date and time you used the app
  • Geolocation
  • Your device's operating system
  • Your device's make and model

We automatically collect certain information when you visit, use, or navigate the app's services. This information does not reveal your specific identity (e.g., name or contact information) but is primarily needed to maintain the security and operation of our services, and for our internal analytics and reporting purposes.

By agreeing to continue using the BSP Mobile app, you consent to provide the following data to enjoy the app's features, facilitate the delivery of BSP services, troubleshoot issues/bugs, and to facilitate internal analytics and reporting purposes:

  • Geolocation Information - We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device's setting
  • Mobile Device Access - We may request access or permission to certain features from your mobile device, including your mobile device's camera, and other features. If you wish to change our access or permissions, you may do so in your device's settings.
  • Push Notifications - We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings.

Disclosure of Personal Data

Personal data processed by the BSP are not shared with any other party unless such disclosure is allowed under Section 12 or 13 of the DPA.

Your personal data will be processed only by authorized staff on a need-to-know basis, depending on the specific purposes for which your personal data have been collected.

When using the location services, however, we may need to use your device information and share it with Google Maps Platform API1 to efficiently locate your position and provide directions. Google Maps uses GPS, Wi-Fi, and cell towers to estimate your location. GPS is accurate to about 20 meters, while Wi-Fi and cell towers help improve accuracy when GPS signals are weak, such as in indoor locations.

Risks Involved

The BSP ensures that adequate physical, technical, and organizational security measures are in place to protect the confidentiality, integrity, and availability of personal information. However, this does not guarantee absolute protection against certain risks involving the processing of personal data, such as when systems are exposed to targeted cyberattacks, malware, ransomware, and computer viruses, or when manual records are accessed without authority.

However, adequate policies are in place to ensure appropriate security incident management in line with existing BSP policies, circulars, and other issuances.

Data Protection and Security Measures

We use appropriate measures to keep your personal data confidential and secure. Please note, however, that these protections do not apply to information you choose to share in public areas such as third-party social networks.

We store your personal data in operating environments that use reasonable security measures to prevent unauthorized access. Among these measures are the following:

  • Information security policies on access control in both digital and physical infrastructures to prevent unauthorized access;
  • Cybersecurity policy encompassing acceptable use and data classification;
  • End-to-end encryption;
  • Business continuity measures against natural disasters, power disturbances, external access, and similar threats; and
  • Technical measures to protect our Information and Communication Technology (ICT) resources against accidental, unlawful, or unauthorized usage, interference, or access.

Storage and Retention

Personal information collected through the BSP Mobile App and the feedback form are securely stored in servers located in the Philippines and/or. cloud-based third-party data storage providers. To know more about this, please visit this link - https://support.google.com/analytics/answer/11598602?hl=en.

Personal data shall be stored in a database for five (5) years. After which, records shall be disposed of securely, including those collected and processed by Google Analytics and BOB chatbot. Other categories of data may be kept longer than five (5) years when their retention period is determined by other relevant laws and regulations.

Personal information that are no longer needed shall be deleted or anonymized. If this is not possible (e.g., information is stored in backup archives), they shall be stored to prevent further processing until they can be deleted.

Disposal

Digital files shall be disposed subject to BSP's guidelines on storage media sanitization. In all instances, our manner of disposal shall ensure that the personal information shall no longer be retrieved, processed, or accessed by unauthorized persons.

Rights of a Data Subject

Under the DPA, you have the right to be informed regarding the processing of personal information we hold about you.

Specifically, you may:

  1. Access your personal data. It is your right to obtain confirmation on whether or not data relating to you are being processed;
  2. Rectify your personal data. It is your right to have your personal data corrected if it is inaccurate or incomplete;
  3. Have your personal data erased or blocked when warranted;
  4. Object if the personal data processing involved is based on consent or on legitimate interest; and
  5. Request to obtain and electronically move, copy, or transfer your data securely for further use.

 

As data subject, you have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of your rights and freedoms as data subject.

When there is a perceived violation of your rights, you may file a complaint with the National Privacy Commission, in accordance with its Rules of Procedure governing all complaints filed before the Commission.2

Data Privacy Consent

I affirm that I have read the Privacy Notice for the BSP Mobile App, understood its contents, and consent to the processing of my personal information that are necessary and relevant:

  • to facilitate the automatic referral of my personal information to the appropriate BSP Offices; and
  • to be contacted for further validation/clarification of my concern/s.

I understand that my consent does not preclude the existence of other criteria for lawful processing of personal data and does not waive any of my rights under the DPA of 2012 and other applicable laws.

By continuing, I consent to the processing of my personal information as I indicated above.

Changes to the Privacy Notice 

The BSP reserves the right to update or revise this privacy notice at any time and will provide a new privacy notice whenever there are substantial changes. Prior versions of the privacy notice shall be retained by the Commission and shall be provided to data subjects upon request.

Feedback on our Privacy Notice

You may communicate through the following for privacy concerns, inquiries, or clarifications:

Telephone: (02)5306-2059

Postal Address: (The Lead Data Protection Officer (DPO) Bangko Sentral ng Pilipinas Room 506A, EDPC Building P. Ocampo Street corner A. Mabini Street, 1004 Malate, Manila

Email: dataprotection@bsp.gov.ph


Date last updated: 26 December 2024

1 Subject to Google Maps/Google Earth Additional Terms of Service at https://maps.google.com/help/terms_maps.html and the Google Privacy Policy at https://www.google.com/policies/privacy/

https://privacy.gov.ph/right-to-damages/

​​​​​​​​​
​ ​
​​

Created:6/17/2020 3:20 PM   by:  Pambid Frederick D.
Modified:1/10/2025 2:30 PM   by:  Pambid Frederick D.