DATA PRIVACY POLICY

Privacy Statement

Asia United Bank Corporation (“AUB”) is a universal bank licensed and established under the laws of and operating within the Republic of the Philippines through the AUB core bank, the AUB Trust and Investments Group, and AUB’s parent companies, subsidiaries and affiliates (collectively, the “AUB Group”, “We”).

We commit to keep your personal information, sensitive personal information and account information safe with us, as a shared responsibility and accountability between yourself and our bank. We also commit to honor the secrecy of bank deposits and the confidentiality of personal data, as mandated under and in accordance with prevailing banking and data privacy laws, rules and regulations in the Republic of the Philippines.

We further commit in ensuring that we handle your personal data in accordance with the requirements of the Data Privacy Act of 2012 (“DPA”), its Implementing Rules and Regulation (IRR) and all its related issuances.

THIS PRIVACY NOTICE

This Privacy Notice describes how we collect, use, store, disclose, dispose and protect your personal data as we offer and provide our products and services and as we conduct our business.

The words “personal data”, “personal information”, “sensitive personal information”, “processing of personal data”, and other related terminologies in this Privacy Notice are used in the same context as they are found in the DPA:

We confirm that our bank only employs the following secure channels to collect Personal Data:

• Electronic Channels refers to the AUB official online platforms and mobile applications.

• Personal data refers to both the personal and sensitive personal information.

• Personal information is any information or set of information that can be used to identify an individual or can reasonably and directly identify an individual.

• Sensitive Personal Information is any information about individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; individual’s health or education; about any criminal, civil or administrative proceeding of an individual; unique government issued identifiers; and those established by law as classified.

• Processing of Personal Data refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, use, storage, disclosure or disposal.

OUR BASIS FOR PROCESSING YOUR PERSONAL DATA

As we conduct our business and offer you our products and services, we may process your personal data in accordance with the following lawful basis:

1. Your consent, which you may withdraw by sending your request to our Data Privacy Officer with contact details provided below, unless there are other existing basis for processing;

2. The needs of the relevant contract;

3. Our need to comply with our legal obligation or comply with the requirements of existing laws and regulations, such as banking laws and those issued by the Bangko Sentral ng Pilipinas, Anti-Money Laundering Council and other government regulatory bodies;

4. To protect our lawful rights and interests in court proceedings or to establish, exercise or defend legal claims.

PERSONAL DATA WE COLLECT

As we provide you our products and services, we will collect the following personal data:

1. Personal information such as name, photo, video and sound recordings, contact information (such as your email address, telephone, mobile phone number, residential and/or business address, and the like).

2. Sensitive personal information such as gender, age, date of birth, marital status, government-issued identifiers (such as details and copy of government issued identification documents, Tax Identification Number, SSS number, GSIS number and the like).

3. Financial-related information such as employment history, source of income, credit data, bank statements, taxation information and other relevant details needed for purposes of facilitating your transactions with us including payments and taxes.

4. Bank account details with AUB and other banks, such as your account name, account number, and other related information.

5. Account details such as username, browser used, session cookies to track your preferences, access time, dates and location, time spent on the AUB platforms, searches made, transactions consummated, correspondences with other users, IMEI, MAC address, and other technical data that may be collected for purposes of maintaining and administering your account online account and through our electronic channels.

6. Transaction information, including, but not limited to, any information related to servicing and maintaining your savings or trust accounts, your credit card, loans, remittances and other related information.

7. Records of your transactions, the content you have provided us with, your requests, agreements between you and us, and the services provided to you.

8. Whether you accept receipt of our marketing materials, communication preferences, your communication history with us or with other third parties that use the services.

9. Information that we would need to conduct Know Your Customer activities, due diligence and credit investigation for identity and legitimacy verification, credit evaluation and credit collection.

10. Facts and antecedents surrounding complaints brought against you by third-parties, violations of product/service terms and conditions, fraudulent acts and/or practices, or for other similar circumstances.

11. Other information that may be collected from your interaction with us through our bank branches and use of our online website and mobile applications and platforms.

You will have the ability to register and create your own account on our Electronic Channels and certain data will be collected from your device depending on your allowed permissions. Please refer to the Privacy Notice specific to the mobile application for the specific processing information.

Should there be a need to collect data other than as enumerated above, we will specifically notify you of the same and the reason for such collection. However, please note that AUB will never ask for your account details and other confidential information (such as CVV, PIN, one-time PIN) through unsolicited calls.

We may also collect any information that does not identify you individually. This may include anonymous, aggregated, or analytical reports; statistical and analytical data; anonymized usage statistics and data; and other forms of anonymized data that we may get from your use of our services or otherwise liaising with us.

You are under no obligation to provide any such information. Please note that if you do not provide us with all requested information, our ability to provide you with certain services may be limited.

SOURCES OF YOUR PERSONAL DATA

Most of the personal data we process is provided to us directly by you when:

1. You open, register, and maintain an account with us.

2. You use any of our products and services and conduct transactions through our Electronic Channels, headquarters and bank branches.

3. You browse or conduct transactions through our website or our social media accounts.

4. You contact us or interact with our customer support teams through telephone, email, social media accounts, in person through bank branches. Subject to applicable law, we may record your conversations or maintain a transaction history of your communications with our customer support or with other such contact points.

5. You fill out or accomplish certain forms such as: Customer Information Sheet, application forms, transaction forms, inquiry forms, questionnaires, surveys, and the like.

6. There are third-party complaints lodged or investigations conducted by law enforcement agencies and other regulatory bodies against you.

7. You subscribe to receive notifications, advertisements, updates, publications, or other marketing materials.

We may also collect your personal data from other sources such as:

1. When you provide your personal data to third parties, affiliates, subsidiaries, partners, and contracted service providers as may be necessary to provide you our products and services.

2. When we conduct credit investigation, due diligence and Know Your Customer activities and when we access your credit data from credit bureaus and partners maintaining credit database, as required by banking regulations.

3. Commercially or publicly available sources, government agencies and public information sharing facilities.

OUR PURPOSE FOR PROCESSING

We only collect the personal data needed to provide you our products and services; specifically, we use your Personal Data for the following purposes:

1. For providing you our services:

1. To verify or ascertain your identity, conduct due diligence, Know Your Customer activities, credit investigations, credit collections, and to compare information we receive from you and those we receive about you from third persons.

2. To maintain and administer your account with us, which includes sending you account statements, transaction records, notice and other documents necessary for your continued use of our products and services and for other purposes that would be necessary or beneficial to administer transactions made on the services.

3. To respond to your queries, comments, feedbacks, or requests and address your complaints and provide customer support.

4. To provide and facilitate your use and access, to administer your account and to update you with operational news and information about our Electronic Channels and for why other purpose necessary or beneficial to administer transactions made on our Electronic Channels.

5. To uniquely identify you or your business and identify potentially fraudulent activity and to ensure implementation of your contract with us.

6. To process and/or keep a transaction history, generate sales information and financial reports, and to store, host, and back-up your personal data.

7. To carry out obligations arising from any contracts entered into between you and AUB.

8. To allow you to avail of our products and services in any automated teller machine network, electronic fund and/or credit card network.

9. To validate, verify and/or update provided information and supporting documents and verify personal data from third parties such as government agencies and courts.

10. To conduct asset search and investigation in case of past due obligations to AUB.

11. To use of data analytics technologies such as Machine Learning and AI (Artificial Intelligence), historical and statistical research that will then be used to:

1. conduct automated assessment, profiling, risk and credit rating;

2. develop, enhance and offer you financial services and products that we think will be suitable for your needs;

3. to improve our customer service and experience;

4. to improve our internal system, programs and processes;

5. in internal and external management reporting; and

6. to develop business strategies and attain business-related company goals.

2. For marketing and advertising activities:

1. To communicate with you regarding services, promotions, products, offers and/or promotional discounts.

2. To provide information we think you may find useful or which you have requested from us.

3. To provide you with the marketing materials of third parties which we think may interest you.

4. To provide you with a customized experience and/or to offer products and services that are relevant and suitable to you.

3. For analytics, business, and technical use:

1. To conduct research and gain an understanding of the users of our Electronic Channels, their experiences and preferences.

2. To run system diagnostics to ensure that the Electronic Channels are functioning properly and to improve the user experience.

3. To improve existing and/or further the development of products and/or services that are offered or may be offered by us.

4. To achieve purposes that are related to or similar to those enumerated above.

4. For compliance with our legal obligations, regulatory requirements and for other legal purposes:

1. To process any complaints, implement preventive measures and to investigate act, omission, or misconduct that would constitute a violation of your contract with AUB Group and of the applicable laws.

2. To gather the necessary information required by law, record keeping, good business practices, or banking industry standard.

3. To further secure AUB Group from fraud, unauthorized and illegal transactions, and anti-money laundering and terrorist financing risks.

4. To comply with domestic and/or foreign laws and regulations, directives or guidelines issued by competent authority, regulatory or supervisory body, court, and enforcement agencies applicable to AUB Group.

5. To facilitate settlement of disputes or claims regarding your account/s or in defense of AUB Group and/or any of its officers and personnel.

6. To comply with policies and procedures applicable within AUB;

7. To protect AUB Group’s lawful rights and interests in court proceedings and to establish, exercise or as use as defense from legal claims.

DATA DISCLOSURE AND SHARING

In the course of your transaction with us, we may disclose and share your personal data to the following:

1. To AUB’s parent companies, subsidiaries and affiliates members of AUB Group for purposes of managing your account and complying with relevant domestic or foreign laws and regulations, directives or guidelines applicable to AUB Group.

2. To third-party service providers engaged by us and subject to strict confidentiality requirements and security protocols who process personal data on our behalf to provide us services. These service providers will only process your personal data upon our instructions.

3. To government entities such Bangko Sentral ng Pilipinas, Bureau of Internal Revenue, Anti-Money Laundering Council, Credit Information Corporation as may be required by applicable laws and in compliance with our legal obligations.

4. To program partners and other private entities such as Credit Bureaus to give effect to our contractual obligations with them and/or as stipulated by law.

5. To law enforcement agencies, government authorities, or other third parties if we believe your actions are inconsistent with our contracts or policies, or if we believe there is a need to protect the rights, property, or safety of the AUB Group.

6. As warranted under the circumstances, to another organization to facilitate corporate reorganizations, mergers and/or consolidations, or other legitimate business transactions where a counter-party requests personal data.

7. Subject to strict confidentiality requirements and security protocols, to other third parties to prevent fraud or cybercrime, to protect the AUB Group, to enforce the terms under which you transact with us, or to enforce the rights, property or personal safety of any person based on business necessity or desirability.

Rest assured that, in sharing your personal data, AUB Group will ensure that your rights as a data subject are protected and respected by obtaining your consent, when necessary, or when allowed by the DPA and other relevant rules and regulations. We ensure the personal and/or sensitive personal information being shared to the above listed recipients are not excessive in relation to the declared and specified purpose.

PERIOD FOR DATA RETENTION

Electronic records are securely stored in our onsite data center. Physical documents, on the other hand, are stored and kept within our headquarters and bank branches in filing secured storage facilities.

We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected or as may be required by applicable law, rules and regulations. Thus, the retention of your personal data shall be in accordance with our documented record retention policies.

We will cease to retain and remove all your personal data once it is ascertained that the retention of personal data is no longer necessary. We will securely destroy your personal data in accordance with our internal procedure such as: shredding the physical records or deletion or anonymization of electronic data, and through such other means that would prevent further processing.

In some instances (such as data analytics, research, historical and statistical analysis, management reporting), we will anonymize your personal data where you will no longer be identifiable.

OUR DATA PROTECTION MEASURES

We implement reasonable and appropriate technical, physical and organizational security measures to protect your personal data from unauthorized disclosure, misuse, alteration, loss or destruction.

While we cannot guarantee the absolute security and impenetrability of our database, we will take all the necessary measures, according to reasonable industry standards and practices to keep your data safe through the establishment of security controls.

We guarantee that our bank enforces strict and tested policies regarding your personal data through reliable systems, processes and infrastructure that we consistently assess, test and refine.

Our service providers and program partners are accredited and regularly evaluated based on metrics that include compliance with our agreed security, confidentiality and data privacy standards.

Our employees and all others who handle your personal data on our behalf are properly managed through formulation and implementation of access control policy, confidentiality contractual clauses. Our employee development program includes training in data privacy and confidentiality of classified information.

YOUR ROLE IN DATA PROTECTION

While we try to keep our systems safe, we cannot control external factors (such as the safety of your computer or mobile phone, the network you are using, the servers you are being routed through, and the like). As our partner in safeguarding your personal data, we rely on your commitment:

1. To employ the necessary measures to likewise protect your personal data, including keeping your passwords and security information safe and updated.

2. To communicate with us only through our branches and official channels, while taking appropriate security and confidentiality safeguards necessary on your end.

3. To immediately reach out to us in case any of your personal data had been (or you suspect may have been) accessed, handled or otherwise dealt with without your consent.

If you believe that there has been a breach of your personal data, please contact us at aub_dpo@aub.com.ph

YOUR DATA SUBJECT RIGHTS

Under the DPA, you have the following rights:

1. Right to be informed. You have the right to be informed prior to data collection of how your data will be collected, used, stored, shared and disposed.

2. Right to object. You have the right to say no to the processing of your personal data or withdrawing the same thereafter.

3. Right of access. You have the right to ask whether your personal data is being or has been processed, what data is being processed, and for what purpose plus how such processing is being or has been conducted and demand reasonable access to your personal data with AUB and obtain a copy of such personal data.

4. Right to rectification. You have the right to ask us to modify or correct your personal data when the same is incomplete, inaccurate, outdated or false.

5. Right to erasure or blocking. You have the right to delete or block the use of your personal data with us upon discovery and substantial proof that your personal data are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which such personal data were collected.

6. Right to data portability. You have the right to ask that we transfer your personal data to another organization, or to you, in certain circumstances.

7. Right to file a complaint and ask for damages. If you think that your rights as a data subject have been violated, or if you sustained damages due to any inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of your personal information, you may escalate your concern to our Data Privacy Officer so we can assist you. In case we failed to resolve your complaint or in you are unsatisfied with the way we handle the matter, you have the right to file a complaint with the National Privacy Commission (NPC).

How to exercise your data privacy rights

For queries, clarifications or requests on matters related to your personal data please visit any of our branches or get in touch with our Customer Care Contact Center at +632 8282 8888 or customercare@aub.com.ph.

You may also contact our Data Privacy Officer at:

1. DATA PRIVACY OFFICER

2. Asia United Bank Corporation

3. 31/F Joy~Nostalg Center

4. 17 ADB Avenue, Ortigas Center

5. Pasig City, Metro Manila

6. aub_dpo@aub.com.ph

To exercise your data subject rights, please fill out our Data Subject Request Form by scanning the QR Code below and submit together with the form all the supporting documents necessary to facilitate your request and verify your identity. We reserve the right to charge an appropriate fee for access requests to cover administrative cost as may be allowed by applicable law, and/or to deny your requests where, in our discretion, they may be unfounded, excessive, or otherwise unacceptable under applicable data privacy laws.

OUR USE OF COOKIES AND WEB ANALYTICS

When you interact with us through our Electronic Channels, we try to make that experience secure, simple and meaningful through the use of cookies. Cookies are small pieces of information which are issued to your computer when you visit a website and which store and track information about your use of the site. Our server sends cookies to your computer or mobile device (depending on how you access our Electronic Channels).

We use cookies to:

1. remember that you have visited us before, which allows us to identify the number of unique visitors we receive;

2. collect statistical information about how you use the service so that we can improve the service and learn which parts of the Service are most popular to visitors; and

3. secure your connection and data.

We use session cookies that last only for the duration of your web session and expire when you close the platform .We also use persistent cookies up to twelve (12) months to remember you when you return to the service and to ensure identity security and will last for longer. Some of the cookies used by our Electronic Channels are set by us, and some are set by third parties who are delivering services on our behalf. For example, we use Google Analytics to track what customers do on the platform and Imperva Incapsula to protect your connection and data.

Most browsers automatically accept cookies but, if you prefer, you can change your browser settings to prevent or to notify you each time a cookie is set. Please note however, that by blocking or deleting cookies you may not be able to take full advantage of our service’s features.

CHANGES TO THIS PRIVACY NOTICE

Please be advised that we may revise this Privacy Notice from time to time, as may be necessary to reflect any changes in our policies and procedures, as well as to keep up with developments in applicable laws, rules and regulations. Please be assured that any such changes will be posted on our official website.

Version No.: 2.0

Effectivity Date: 1 November 2023

Version 1.0: 28 August 2020