PRIVACY STATEMENT

1. Purpose

CBLIC values the trust and confidence of the insuring public, its agents and other stakeholders to handle and process their information. Thus, this Privacy Statement is created to demonstrate the company’s commitment to treat information of its clients, employees and other individuals with utmost care and confidentiality.

CBLIC recognizes its responsibility to:

  • collect, disclose or process personal information with the consent of the data subjects
  • implement reasonable and appropriate controls to assure privacy and data protection against unauthorized, access, use or disclosure
  • to comply with the Data Privacy Act (DPA) of 2012 and its Implementing Rules and Regulations (IRR)

II. Scope

This covers all types of personal information, including privileged information of CBLIC’s clients, directors, employees, agents and other individuals who furnish personal data to the company.

It encompasses personal information under company’s possession or control and obtained directly from its clients, submitted thru company website, thru representatives, including personal data in the possession of the insurance agents which CBLIC engaged to solicit insurance in its behalf.

III. Personal Data

Personal data refers to all types of personal information, including privileged information.

  • Personal Information – refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
  • Sensitive Personal Information – refers to personal information:
    1. About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
    2. About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
    3. Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
    4. Specifically established by an executive order or an act of Congress to be kept classified.
  • Privileged Information” refers to any and all forms of data which, under the Rules of Court and other pertinent laws, constitute privileged communication.

IV. Purpose of Personal Data Collection

CBLIC collects, processes and retains personal data when reasonable and necessary for the company to perform its business processes efficiently and effectively, particularly:

  • for the risk assessment and underwriting of life insurance
  • to facilitate processing of life insurance coverage or claims
  • to evaluate prospective agents, employees, representatives and other individuals
  • use or disclosure reasonably necessary, required or authorized by or under law

V. Types of Data Collected

Information collected when we conduct risk assessment and underwrite life insurance coverage and in claims payment includes:

  • Full Name
  • Home Address
  • Email Address
  • Contact Numbers
  • Age, Gender
  • Date and Place of Birth
  • Civil Status
  • Government Issued ID Nos.
  • Employment/Business Details
  • Medical Records ( Physicians Statement)
  • Death Certificate

VI. Collection, Use, Retention, Disposal and Disclosure

A. Collection

The company collects personal information of individual clients and of authorized signatories of business entities, by asking the clients to fill-out and sign Application Forms and AMLA Know Your Customer (KYC) Forms. AMLA requires obtaining minimum clients information to prevent or counteract money laundering activities and terrorism activities.

Data Privacy Notice and Consent Form is presented to the data subject which is being signed together with the accomplishment of the Insurance or Bond Application Form and KYC Form.

B. Use

Personal data collected are used for the risk assessment and issuance of life insurance policy, wherein personal data and other details obtained are encoded in the policy issuance system.

In case, insurance  coverage exceeds the retention limit of the company, issued  policy is placed for reinsurance. Insurance coverage details are also furnished with Re-insurance companies for their risk assessment and/or acceptance of amount ceded.

Personal information obtained from the clients thru insurance application forms and AMLA KYC Form (minimum information to be obtained) are periodically reviewed. This is to limit the processing of data, to ensure that it is only to the extent necessary for the declared, specified, and legitimate purpose.

C. Storage, Retention and Disposal

The company implements appropriate security measures on storage, retention and disposal of collected personal information of the clients, employees, insurance agent and of other stakeholders in compliance to DPA of 2012.

Retention of records – within 5 years in compliance to the AMLA requirement except on some records which may be required for longer period of retention

D. Access to Personal Data

To protect personal information of clients and other stakeholders, only authorized employees and agents shall be given access to data for authorized processing.

Policies are also established for access controls and management, system monitoring, and protocols to follow during security incidents or technical problems.

E. Disclosure and Sharing

Personal data under the custody of the company shall be disclosed only pursuant to a lawful purpose, and to authorized recipients of such data.

1. General Agents – on personal information of clients furnished to and processed by  General Agents in behalf of CBLIC

 2. Reinsurance Companies – on insurance coverage  beyond the retention limits of the company, the insurance are re-insured with  reinsurance brokers.

3.  Anti-Money Laundering Council – on transactions considered to be part of the Covered Transaction or Suspicious Transaction Reports in compliance to AMLA (RA 9160)

Data Sharing Agreement will be executed on clients’ information processed by agents and on data shared with re-insurance companies.

VII. Privacy and Security Measures

 The company implemented organizational, physical and technical measures in order to:

  • Maintain the availability, integrity, and confidentiality of clients and other stakeholders’ personal data;
  • Protect personal data against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination.

The company protects personal information thru:

  • Restricted access only for authorized personnel
  • Use of secured servers and firewall
  • Strict implementation of security policies
  • Shredding the documents containing personal information after the retention period

VIII. Rights of Data Subjects under DPA of 2012

  1. Right to be informed of whether personal data pertaining to him or her will be, are being, or were processed.
  2. Right to object to the processing of his or her personal data and shall be given an opportunity to withhold consent to the processing in case of changes or any amendment to the information.
  3. Right to access upon demand contents, sources, names and addresses of recipients of his or her personal data, manner by which such data were processed, reasons for the disclosure, information on automated processes, date when his or her personal data were last accessed and modified and the identity, and address of the personal information controller.
  4. Right to rectification or right to dispute the inaccuracy or error in the personal data and have the CBLIC correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable.
  5. Right to erasure or blocking or right to suspend, withdraw or order the blocking, removal or destruction of his or her personal data from the personal information controller’s filing system.
  6. Right to damages shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, taking into account any violation of his or her rights and freedoms as data subject.
  7. Rights to file a complaint, data subject who encounter privacy violation or personal data breach or personally affected by a violation of the DPA may file complaints with the NPC.
  8. Right to Data Portability, the data subject shall have the right to obtain from the CBLIC a copy of such data in an electronic or structured format that is commonly used and allows for further use by the data subject.

CBILC’s decision to grant access, consider request for correction or erasure and to address objection to personal data as it appears in the company’s records or information systems are always subject to DPA of 2012, its IRR and other NPC issuances and to other applicable laws and regulations.

IX. Data Protection Officer

 For more information on data subjects’ rights and on this Privacy Statement, as well as any concerns or complaints on data privacy you may contact the Data Protection Officer:

The Data Protection Officer

Country Bankers Life Insurance Corporation

Country Bankers Centre

648 TM Kalaw Avenue, Ermita, Manila

Tel: (02)8523 86 11-18

Email: info@countrybankerslife.com.ph

You may also send a complaint to the National Privacy Commission thru:

Website:              privacy.gov.ph

Email:                    info@privacy.gov.ph

From time to time CBLIC may update this Privacy Statement by posting the updated version to its website, https://www.countrybankers.com and by providing its personnel with the copy thereof.