



SIMPLE LANG, MAAASAHAN.
When you bank with us, maaasahan mong we will safeguard your personal and account information and fully ensure your safety and privacy.
We respect your rights under Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA) and fully commit to protect your personal data in compliance thereof.
This Privacy Policy Statement informs you, the Data Subject, about what information we collect from you; how we collect such information; for what purposes we use your information for; the methods we use for automated access/processing; to whom we may share your personal data; how we store and for how long we keep your personal data; how we dispose your personal data; what risks are involved in processing your personal data; how we protect your personal data; and what your rights are under the DPA that we are bound to uphold.
What information we may collect from you
- Personal data and employment details;
- Financial information, business interests, and assets;
- Details of your family members, beneficiaries, attorney’s-in-fact, and other individuals or companies related to you;
- Government-issued IDs, tax and social security numbers;
- Transaction details with third party merchants and companies;
- CCTV video and image, and sound recordings of when you transact in branches or through phone banking; and
- Non-personal information that can be read on your device when you use PSBank’s website, applications, and other electronic platforms;
- Data and information we generated in the ordinary course of our business, such as but not limited to customer-profiling, making credit opinion, market research, cross-referencing;
- Other personal or non-personal information received by and/or disclosed to us in the course of the performance of our obligation under Anti-Money Laundering Act (AMLA), Credit Information System Act (CISA), existing regulations of the Bangko Sentral ng Pilipinas (BSP), and other applicable laws.
How we collect your information
We collect your personal data manually or automatically through various interactions including but not limited to the following:
- When visiting and/or transacting at any of our branch and other office premises and/or using our facilities;
- When transacting with our employees, authorized representatives, agents and service providers;
- When visiting our Customer Experience Hotline, our electronic channels (PSBank Online and PSBank Mobile), PSBank LiveChat, official social media sites and corporate website and when using the websites of third-parties with whom we have tie-ups with and clicking on our advertisements;
- When submitting application forms and or other forms related to our products and services; and
- When filing complaints, inquiries or requests to us.
What we may use your information for
While your consent may be solicited to process your personal data, we may also process personal data without your consent, such as when processing is according to our mandate or when processing is allowed under Section 12 or Section 13 of the DPA.
In these instances, we utilize your personal data for the following purposes:
- To commence and facilitate the efficient delivery, administration, operation and/or implementation of the products and services you have availed from the PSBank including related activities outsourced to PSBank’s authorized agents, service providers and third parties;
- To validate, verify and/or update your submitted information and related documents;
- To communicate with you in response to your queries, requests, instructions, complaints and suggestions;
- To protect you and PSBank against fraudulent, unauthorized or illegal transactions or activities;
- To enable PSBank to enforce its rights or perform its obligations by reason of any law, rules and regulations, contracts or orders from any court or quasi-judicial and administrative officers with the corresponding duty to keep such information confidential in accordance with PSBank’s Data Privacy Policy;
- To use in the prosecution or defense of PSBank or its directors, officers and employees with regard to the settlement of claims and disputes involving PSBank’s products and services;
- To enable PSBank, its subsidiaries and affiliates within the Metrobank Group to reach out and offer you other products and services relevant to you such as in cross-selling arrangements; and
- To enable PSBank, its subsidiaries and affiliates within the Metrobank Group to perform other general purposes such as internal or market research, cross-referencing, status inquiry, making credit opinion, evaluation, profile analytics, security, etc.
What methods we use for automated access/processing of your information
We also use automated systems to collect and process certain types of data such as:
- Ongoing rules-based transactions monitoring fraud detection systems and analytics tools for us to automatically flag transactions suspected of fraud in compliance with the Anti-Financial Account Scamming Act (AFASA) and the related BSP rules & regulations;
- Ongoing rules-based anti-money laundering/anti-terrorism financing transactions monitoring systems and analytics tools for us to automatically flag unusual or suspicious transactions as well as automated risk profiling and sanctions screening tools in compliance with the Anti-Money Laundering Act (AMLA), Anti-Financing of Terrorism Act (AFTA) and the related BSP rules & regulations;
- Automated tools for our profiling and data analytics in determining products and services suitable for you;
- Credit scoring algorithms used in our credit evaluation for loan applications; and
- Mobile app telemetry to improve our performance and security.
To whom we share your personal data
We may share your personal data, as defined above, only to the extent necessary to provide you with products and services suitable to your needs and fulfill our obligations:
- To our business units tasked to perform and deliver our products and services;
- To our accredited service providers or agents that we have engaged to perform certain functions or activities on our behalf in accordance with existing laws and regulations governing outsourcing arrangements, such as your:
- Name, address, contact details, loan details and government-issued ID details to our duly accredited credit verification, loans registration, property consolidation, collection and property repossession/foreclosure agencies in accordance with the terms & conditions of your loan agreement with us, as applicable;
- Name and government-issued ID details to our duly accredited security agencies for security purposes when you visit/enter our premises;
- Name, address and account & transactions details to our duly accredited printing service providers for the printing of your statement of account; and
- Name and address to our duly accredited courier/delivery/messengerial service providers when we deliver your statement of account and other important communications/letters.
- To third parties where we have contractual obligations and required to make necessary disclosure such as other banks/financial institutions, banking associations, credit agencies/bureaus, merchants and suppliers;
- To our parent-bank, subsidiaries and affiliates within the Metrobank Group to offer you other products and services relevant to you such as in cross-selling arrangements, upon your consent;
- To regulatory authorities (e.g., the Bangko Sentral ng Pilipinas, Anti-Money Laundering Council), courts, quasi-judicial agencies, law enforcement agencies, and other relevant government bureaus or agencies in compliance with applicable rules & regulations, orders & directives and ordinances; and
- To your authorized and/or legal representative/s, assignee/s, and beneficiary/ies.
How we store your personal data
We store your personal data in secure, encrypted and managed environments, devices, and media. For third-party managed environments, we employ BSP-sanctioned information security protocols and, in the event that we store personal data in the cloud, we procure BSP approval prior to deployment. We store physical copies of documents containing personal data in physically secure environments.
For how long we keep your personal data
We keep your personal data for as long as your account exists or as long as necessary for the fulfillment of the declared, specified, and legitimate purposes, or when the processing relevant to the purposes has been terminated, for the establishment, exercise or defense of legal claims or for legitimate business purposes, which shall be in accordance with the standards of the banking industry.
Should you decide to part ways with us, we shall keep your personal data up to five (5) years from the date of closure of your account except for your signature-bearing documents in digital form and system logs / records which shall be retained up to ten (10) years for legal purposes, or until the final closure and termination of the case should your account becomes subject of dispute pursuant to the requirements of the Anti-Money Laundering Act (AMLA), as amended and its Implementing Rules and Regulations (IRRs).
We securely store your transaction records in accordance with BSP and AMLC regulations where retention period is five (5) years from date of transaction except where specific laws and/or regulations require a different retention period, in which case, the longer retention period is observed.
For your personal data collected through our CCTV recordings, we securely keep them up to a maximum period of ninety (90) calendar days without prejudice to applying a shorter retention period on a case-to-case basis depending on the assessed level of risk exposure, unless your entry or presence in the premises will be subject of an investigation or inquiry, in which case, your personal data shall be kept until the investigation or inquiry is terminated.
How we dispose your personal data
After the expiration of the imposed retention period, we dispose of your personal data in a secure manner in order to prevent further processing, unauthorized access/recovery, or disclosure to any other party. Physical documents are shredded into small unreadable pieces using shredding machines to ensure adequate destruction beyond further use or reconstruction. Digital data are permanently deleted/purged and overwritten from systems and storage facilities.
What risks are involved in processing your personal data
Risk refers to the potential of an incident to result in harm or danger to you and/or the Bank. Risks may lead to the unauthorized collection, use, disclosure, or access to your personal data. It includes risks involving the confidentiality, integrity and availability of your personal data or the risk that processing will violate the general data privacy principles and your rights as data subject.
We ensure that adequate organizational, physical and technical security measures are in place to protect your personal information's confidentiality, integrity and availability. However, these do not guarantee absolute protection against certain risks involving the processing of your personal data, such as when systems are exposed to targeted cyberattacks, malware, ransomware and computer viruses or when manual records are accessed without authority. Nonetheless, we have adequate policies and procedures in place to ensure appropriate security incident management in line with existing rules and regulations of the National Privacy Commission (NPC).
How we protect your personal data
We safeguard the confidentiality, integrity, and availability of your personal information by maintaining a combination of organizational, physical, and technical security measures based on generally accepted data privacy and information security standards. Among the measures we implement are the following:
- Strict policies on role-based access controls, need-to-know basis and least-privilege principles;
- Use of secure facilities in both physical and digital infrastructures to prevent unauthorized access and acceptable use policies;
- End-to-end encryption and data classification whenever suitable;
- Security measures against natural disasters, power interruptions, external access and similar threats;
- Technical measures to protect our computers, application systems, network and databases against accidental, unlawful or unauthorized usage, interference or access e.g., firewalls, multi-factor authentication, secure file transfer protocols; advanced security software; regular information security audits; data minimization, pseudonymization and anonymization; and
- Other organizational security measures e.g., robust employee trainings and practices, stringent supervision over third-party service providers, vendors and partners management policy and rigorous breach response plan.
Your data privacy rights
We honor and recognize your rights under the Data Privacy Act of 2012, as follows:
- Right to be informed. The right to be informed whether your personal data shall be, are being, or have been processed, including the existence of automated decision-making and profiling.
- Right to access. The right to demand reasonable access to your data and obtain a copy of such data in an electronic or structured format.
- Right to object. The right to object to the processing of your personal data where such processing is based on consent or legitimate interest.
- Right to erasure or blocking. The right to request for the suspension, withdrawal, blocking, removal, or destruction of your personal data from our filing system, in both live and backup systems.
- Right to damages. The right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of your right and freedoms as data subject.
- Right to data portability. The right to obtain from us a copy of your personal data and/or have the same transmitted from us to another, in an electronic or structured format that is commonly used.
- Right to file a complaint. If you feel that your personal information has been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated, you have a right to file a complaint with the National Privacy Commission (NPC).
- Right to rectify. The right to dispute the inaccuracy or error in your personal data and have us correct the same within a reasonable period of time.
Your safety is our priority
We care for the safety and security of all our clients and partners. Thus, we highly encourage you to maximize your data privacy and security by:
-
Protecting your information
Keep your data safe by making sure your account details, PINs, username, and password are not accessible to others. Use strong passwords and change them regularly. When on electronic platforms, make sure to use pass codes on your devices and keep your software updated.
We will not be able to serve you properly if your information is not updated. Make sure the information you submit is accurate, complete, and not misleading. Keep documents that can verify your information safe and available. If there are changes to your information, inform us immediately.
-
Contacting us through our secure channels
For any questions, clarifications, requests, or feedback, take advantage of our secure channels by contacting us in person at our branches, via recorded line through our Customer Experience Hotline, our e-channels (PSBank Online and PSBank Mobile), PSBank LiveChat and website.
When communicating via email, never disclose sensitive information such as account numbers, credit card numbers, or passwords. We will never ask you for these via email nor ask you to confirm any such information by clicking on a link in an e-mail.
If we need sensitive personal information, an authorized bank representative will get in touch with you.
-
Reporting any data issues
If you think your data has been mishandled in terms of confidentiality or integrity, or if you think your data has been tampered with, contact us through any of our secure channels mentioned above.
You can also directly contact our Data Protection Officer through the following:
Data Protection Officer
16th Floor PSBank Center
777 Paseo de Roxas corner Sedeño Street, Makati City, 1226 PH
Telephone Number: (632) 8885-8219 or (632) 8885-8208 Local: 8169
E-mail Address: [email protected]
MOVING FORWARD
Due to the rapidly evolving nature of banking and technology, we will update this Privacy Policy Statement from time to time to stay aligned with the latest laws and regulations. We encourage you to periodically check and review this policy so that you will be apprised accordingly.
Thank you.
Last updated: March 2026