CBIC values the trust and confidence of the insuring public, its agents and other stakeholders to handle and process their information. Thus, this Privacy Statement is created to demonstrate the company’s commitment to treat information of its clients, employees and other individuals with utmost care and confidentiality.
CBIC recognizes its responsibility to:
- collect, disclose or process personal information with the consent of the data subjects
- implement reasonable and appropriate controls to assure privacy and data protection against unauthorized, access, use or disclosure
- to comply with the Data Privacy Act (DPA) of 2012 and its Implementing Rules and Regulations (IRR)
This covers all types of personal information, including privileged information of CBIC’s clients, directors, employees, agents and other individuals who furnish personal data to the company.
It encompasses personal information under company’s possession or control and obtained directly from its clients, submitted thru company website, thru representatives, including personal data in the possession of the insurance agents which CBIC engaged to solicit insurance in its behalf.
III. Personal Data
Personal data refers to all types of personal information, including privileged information.
- Personal Information – refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
- Sensitive Personal Information – refers to personal information:
- About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
- About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
- Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
- Specifically established by an executive order or an act of Congress to be kept classified.
- Privileged Information” refers to any and all forms of data which, under the Rules of Court and other pertinent laws, constitute privileged communication.
IV. Purpose of Personal Data Collection
CBIC collects, processes and retains personal data when reasonable and necessary for the company to perform its business processes efficiently and effectively, particularly:
- for the risk assessment and underwriting of insurance or bonds
- to facilitate processing of insurance or bond claims
- to evaluate prospective agents, employees, representatives, other individuals
- use or disclosure reasonably necessary, required or authorized by or under law
V. Types of Data Collected
Information collected when we conduct risk assessment and underwrite insurance or bond includes:
- Full Name
- Home Address
- Email Address
- Contact Numbers
- Age, Gender
- Date and Place of Birth
- Civil Status
- Government Issued ID Nos.
- Employment/Business Details
VI. Collection, Use, Retention, Disposal and Disclosure
The company collects personal information of individual clients and of authorized signatories of business entities, by asking the clients to fill-out and sign the Insurance or Bond Application Forms and AMLA Know Your Customer (KYC) Forms. AMLA requires obtaining minimum clients information to prevent or counteract money laundering activities and terrorism activities.
Data Privacy Notice and Consent Form is presented to the data subject which is being signed together with the accomplishment of the Insurance or Bond Application Form and KYC Form.
Personal data collected are used for the risk assessment and issuance of bond or policy, wherein personal data and other details obtained are encoded in the policy issuance system or bonds system to generate Insurance Policy or Bond/Surety Document.
In case, insurance or bond coverage exceeds the retention limit of the company, issued bond or policy is placed for reinsurance. Insurance or bond details are also furnished with Re-insurance companies for their risk assessment and/or acceptance of insurance or bond ceded.
Personal information obtained from the clients thru insurance and bond application forms and AMLA KYC Form (minimum information to be obtained) are periodically reviewed. This is to limit the processing of data, to ensure that it is only to the extent necessary for the declared, specified, and legitimate purpose.
C. Storage, Retention and Disposal
The company implements appropriate security measures on storage, retention and disposal of collected personal information of the clients, employees, insurance agent and of other stakeholders in compliance to DPA of 2012.
Retention of records – within 5 years in compliance to the AMLA requirement except on some records which may be required for longer period of retention
D. Access to Personal Data
To protect personal information of clients and other stakeholders, only authorized employees and agents shall be given access to data for authorized processing.
Policies are also established for access controls and management, system monitoring, and protocols to follow during security incidents or technical problems.
E. Disclosure and Sharing
Personal data under the custody of the company shall be disclosed only pursuant to a lawful purpose, and to authorized recipients of such data.
1. General Agents – on personal information of clients furnished to and processed by General Agents in behalf of CBIC
2. Reinsurance Companies – on insurance coverage and bonds coverage beyond the retention limits of the company, the insurance/bonds are re-insured with other insurance companies and reinsurance brokers.
3. Anti-Money Laundering Council – on transactions considered to be part of the Covered Transaction or Suspicious Transaction Reports in compliance to AMLA (RA 9160)
Data Sharing Agreement will be executed on clients’ information processed by agents and on data shared with re-insurance companies.
VII. Privacy and Security Measures
The company implemented organizational, physical and technical measures in order to:
- Maintain the availability, integrity, and confidentiality of clients and other stakeholders’ personal data;
- Protect personal data against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination.
The company protects personal information thru:
- Restricted access only for authorized personnel
- Use of secured servers and firewall
- Strict implementation of security policies
- Shredding the documents containing personal information after the retention period
VIII. Rights of Data Subjects under DPA of 2012
- Right to be informed of whether personal data pertaining to him or her will be, are being, or were processed.
- Right to object to the processing of his or her personal data and shall be given an opportunity to withhold consent to the processing in case of changes or any amendment to the information.
- Right to access upon demand contents, sources, names and addresses of recipients of his or her personal data, manner by which such data were processed, reasons for the disclosure, information on automated processes, date when his or her personal data were last accessed and modified and the identity, and address of the personal information controller.
- Right to rectification or right to dispute the inaccuracy or error in the personal data and have the CBIC correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable.
- Right to erasure or blocking or right to suspend, withdraw or order the blocking, removal or destruction of his or her personal data from the personal information controller’s filing system.
- Right to damages shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, taking into account any violation of his or her rights and freedoms as data subject.
- Rights to file a complaint, data subject who encounter privacy violation or personal data breach or personally affected by a violation of the DPA may file complaints with the NPC.
- Right to Data Portability, the data subject shall have the right to obtain from the CBIC a copy of such data in an electronic or structured format that is commonly used and allows for further use by the data subject.
CBIC’s decision to grant access, consider request for correction or erasure and to address objection to personal data as it appears in the company’s records or information systems are always subject to DPA of 2012, its IRR and other NPC issuances and to other applicable laws and regulations.
IX. Data Protection Officer
For more information on data subjects’ rights and on this Privacy Statement, as well as any concerns or complaints on data privacy you may contact the Data Protection Officer:
The Data Protection Officer
Country Bankers Insurance Corporation
Country Bankers Centre
648 TM Kalaw Avenue, Ermita, Manila
You may also send a complaint to the National Privacy Commission thru:
“CBIC uses cookie to ensure you get the best experience while browsing the site.
By continued use, you accept the use of such cookies and our approach to privacy. To learn more about our privacy approach, click Privacy Statement.”
From time to time CBIC may update this Privacy Statement by posting the updated version to its website, https://www.countrybankers.com and by providing its personnel with the copy thereof.
END OF DOCUMENT