Privacy Notice and Consent Form
Last Updated March 14, 2023
- 1. Definitions
- 2. Personal Data Collected, Used, and Shared
- 3. Organizational Security Obligations and Measures
- 4. Technical Security Measures
- 5. Rights of the Data Subject
- 6. Data Breaches and Security Incidents
- 7. Dispute Resolution and Law
- 8. Outsourcing and Subcontracting
- 9. Summary of Processing Activities
- 10. How to Contact Us
Chapter II - Personal Data Collected, Used, and Shared
Information Brankas Collects - Brankas collects your (or “you”) Personal Data, which, where applicable, may include credentials such as user name and password or security token. In some cases, we also collect your phone number, email address, and one-time password (OTP) to help verify your identity before providing our services to you. When providing this information, you give Brankas permission to act on your behalf to access, use, disclose and share your Personal Data from relevant banks or other entities (i.e., providers of financial products and services) to provide our services for your use. Further, with your consent and at the request of your financial services provider, Brankas may store your credentials, such as username, password, OTP, and token number which are generated digitally or through hard tokens. The data will be stored on the servers of the Company or a third-party provider. If we use your data beyond this state purpose, Brankas will ask for your consent anew. We uphold the confidentiality and privacy of your data. You can also provide us with other information, including your name, email address, and phone number.
The specific information we collect from your bank or financial product and service providers depends on the service you availed from us. Overall, this includes:
- Account information, including financial institution name, account name, account type, and account ownership;
- Information about an account balance, including current and available balance, and source of funds;
- Information about account transactions, including amount, date, payee, type, quantity, price, location, involved securities, and a description of the transaction;
- Information about credit accounts, including due dates, balances owed, payment amounts and dates, transaction history, credit limit, repayment status, and interest rate;
- Information about loan accounts, including due dates, repayment status, balances, payment amounts and dates, interest rate, guarantor, loan type, payment plan, and terms; and
- Information about the account owner(s), including but not limited to name,home address, marital status, nationality, work, email address, and phone number.
Upon using our services, if you have given consent to process your Personal Data, and later on you change your mind, you may withdraw your consent by contacting us via firstname.lastname@example.org.
Basis for Processing Your Personal Data - Our legal basis for processing your Personal Data will depend on the information concerned and the context in which we collected or processed it. Generally, however, we will normally only collect and process Personal Data where:
- fulfillment of our responsibilities and obligations in any contract or agreement with you (for example, to comply with our services agreements);
- fulfillment of our responsibilities and obligations in any contract or agreement with our Clients, as data controller, and our obligations as a data processor;
- to comply with our legal obligations under applicable law;
- processing is necessary for our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example, to safeguard our services; to communicate with you, or to update our services); or
- you have given your consent to do so.
To the extent we rely on consent to collect and process Personal Data, you have the right to withdraw your consent at any time per the instructions provided in this Policy.
How Brankas Uses Your Personal Data – With your consent, we use your Personal Data for a number of business and commercial purposes, including to operate, improve, and protect the services we provide, and to develop new services. More specifically, we use your Personal Data:
- To provide, operate, and maintain our services, which you intend to avail of;
- To improve, modify, add to, and further develop our services;
- To develop new services;
- To protect you, our partners, and others from fraud, malicious activity, and other privacy and security-related concerns;
- To provide customer support to you, including helping respond to your inquiries related to our service;
- To investigate any misuse of our service, criminal activity, or other unauthorized access to our services;
- To notify you about our latest service that may be tailored to your need; and
- For any other purpose, notified subject to your explicit consent and taking into account the objectives, needs, and balance of the interests of Brankas and the rights of the Data Subject.
How Brankas Shares Your Personal Data – With your specific consent and only in specific instances, we share your Personal Data for a number of business purposes:
- To enforce any contract with you;
- With our data processors and other service providers, merchants, partners, or contractors in connection with the services they perform for us and subject to any data outsourcing agreement they have with us;
- With our Clients, who are data controllers, pursuant to our Data Outsourcing Agreement with them, who must have likewise obtained your explicit consent;
- If, in good faith, disclosure is appropriate to comply with applicable law or legal process;
- In connection with a change in ownership or control of all or a part of our business (e.g. merger, reorganization, bankruptcy, etc.);
- Between and among Brankas affiliated entities such as parents, affiliates, subsidiaries, and other companies under common control or ownership, subject to any data-sharing agreement among such entities;
- To reasonably protect the rights, privacy, safety, or property of Data Subjects such as yourself, us, our partners, and others; or
- For any other notified purpose subject to your consent.
Transfer of Personal Data outside the jurisdiction of the Philippines, Indonesia, Singapore, and Thailand – Brankas operates in Southeast Asia and may transfer Personal Data to other personal data controllers outside the jurisdiction of the Philippines, Indonesia, Singapore, Thailand, and Vietnam which may have data protection rules different from those of your residence or place of domicile. We will take appropriate measures to ensure that:
- the country in which the controller of such other personal data or international organization receives the transfer of Personal Data has a level of protection of Personal Data equal to or higher than stipulated in the prevailing laws and regulations;
- there are international agreements between countries;
- there is a contract between personal data controllers that have standards and/or guarantees of protection of personal data following the applicable laws and regulations; and/or
- data subject’s consent is obtained for this purpose.
Retention Period of Personal Data – For the processing of such Personal Data, we will only retain Personal Data for 3 years under our Retention Policy. When such retention period ends or at the request of the Data Subject, the Personal Data we have processed will be deleted or destroyed, or removed from the list, with the exception of other decisive laws and regulations.
Other - We may collect, use and share your Personal Data aggregated or anonymously (without personally identifying you) for any purpose permitted by law, including creating or using data collected or anonymized based on Personal Data collected to develop new services and to facilitate research subject to your explicit consent. We do not sell or lease out Personal Data or any information we collect.