Effective from July 18, 2022


Your trust is very important to us. This means that UnionDigital Bank Inc. (the “Bank” or “UnionDigital”) is committed to protecting the privacy and security of your personal data (the “Data”). This Privacy Notice (“Notice”) explains our information practices and informs you how we process personal data about you during and after your relationship with us, in accordance with Republic Act No. 10173 (otherwise known as the “Data Privacy Act of 2012” or simply, “DPA”), its Implementing Rules and Regulations (“IRR”), and issuances by the National Privacy Commission (“NPC”).

This Notice is addressed to individuals with whom we interact. This includes:


  1. Customers— current, past and prospective customers as individuals, corporations, or representatives of corporations; and
  2. Non-Customers— visitors of our website, payees or payors of the bank products and services we provide; or inquirers at online channels; ultimate beneficial owners, directors or representatives of corporate clients; and such other persons involved in transactions with us or with our customers.

UnionDigital collects Data according to the nature of your relationship with us. This shall include data that is necessary to validate your identity, fulfill our contractual obligations, perform transactions or provide services, customer care and support, etc. We can lawfully process your Data on the basis of at least one of the following reasons:


  • You have given your consent—if you have given express consent to process your Data for a specific purpose (e.g., to sign-up on exclusive offers, receive promotional materials)


  • By Contract— the processing is necessary for the performance of our contract with you (e.g., account application with the Bank, availment of our products or services)


  • To allow us to comply with Legal Requirements—the processing is necessary for us to comply with the law (e.g., rules and regulations prescribed by the Bangko Sentral ng Pilipinas (“BSP”), Department of Trade and Industry (“DTI”))


  • A Legitimate Interest—the processing is necessary for the purposes of the legitimate interests pursued by UnionDigital. When we use this lawful basis, we ensure that such interests do not override your interests or your fundamental rights and freedoms.

The Data we collect from you may be used for the following purposes:


  • Customer Engagement
    • We use your contact details with us to communicate with you about your relationship with us. We may ask for feedback, surveys or polls about our products and services.
    • We may send you email or mobile notifications, telephone calls, or newsletters about product and services enhancements and account security reminders.
    • You have the right to opt out from this form of communications with you or choose another means for which we can contact you.


  • Marketing
    • We may use your information for us to send out campaigns of commercial products and services we hope you find interesting, relevant, and useful.
    • We want to establish a more personalized relationship with you by providing you offers that would suit your lifestyle and needs.
    • We perform data analysis on results of our marketing campaigns to measure their effectiveness and relevance.
    • You have the right to withdraw your consent or unsubscribe from receiving personalized offers.


  • Due Diligence and Regulatory Compliance
    • We may use your data to evaluate your eligibility for Bank products and services.
    • In assessing your ability to repay your loans, we conduct credit risk and investigation and reporting on your credit history and account updates.
    • We use your account details when you instruct us to make a payment or fulfill an investment order.
    • We use automated processes and data science solutions for faster decision-making in granting loan products.
    • We process your data in compliance with legal obligations and statutory requirements by BSP, and other regulatory agencies.


  • Business Insights
    • We perform data analysis and reporting based on your data and how we operationalize to aid our management make better decisions.
    • We analyze your behavioral data, your interactions with our products and services, and our communications with you to aid us understand the areas for improvement and development.
    • We analyze transactional data performed through our third-party service providers and partners in order to determine how we can jointly improve our products and services for you.


  • Data Quality
    • We shall process your data in compliance with the data quality standards imposed by BSP. We shall obtain additional information about you from government institutions or credit bureaus to improve the quality of your data with us. We may contact you to ensure accuracy and integrity of your information in our data processing systems.


  • Protection and Security
    • We process your data for account protection against cybercrime, identity theft, estafa, fraud, financial crimes such as money laundering, terrorism financing, and tax fraud.
    • We use certain Data, including but not limited to name, age, nationality, IP address, home address, and other transactional data to conduct profiling for detection of suspicious activity on your account.
    • We may employ artificial intelligence and machine learning in real-time detection of suspected fraudulent activities on your account.
    • We may reset your password or temporarily hold your online banking account to protect you from detected suspected fraudulent activities.

Your Data can only be accessed by authorized personnel in a role-based manner following the principles of proportionality and legitimate “need-to-know”.

When you provide your Data, you also help us comply with our statutory and contractual obligations with other financial institutions. We may also share your data externally with our partners, upon your consent, for value-added services you may find useful and relevant on top of your account with us. For contractual and value-added service data sharing agreements, we employ standardized model clauses as recommended by NPC to ensure protection of your data.

In line with our commitment to keep your information secure, we design our services with your safety in mind. All electronic storage and transmission of data is protected with appropriate security tools and technologies. We also have dedicated teams to look after your information security and privacy.

To further sustain our security posture, we have implemented appropriate technical and security safeguards and robust policy framework that are kept up-to-date in accordance with the relevant technological developments and regulatory requirements.

The Data we process are stored in secure and encrypted Bank-managed environments, devices, and media. For third party-managed environments, we employ BSP-sanctioned security protocols and procure BSP approval prior to deployment.

We will retain your Data in accordance with the BSP Regulations.


  • Retention period for transaction records shall be five (5) years from the date of transaction except where specific laws and/or regulations require a different retention period, in which case, the longer retention period is observed.


  • For financial data and documents which indicate taxable transactions, data shall be preserved for ten (10) years per BIR Regulation.


For all other types of records and documents, we shall keep your data as long as it is necessary: a) for the fulfillment of the declared, specified, and legitimate purposes, or when the processing relevant to the purposes has been terminated; b) for the establishment, exercise or defense of legal claims; or c) for legitimate business purposes, which shall be in accordance with the standards of the banking industry.

After the expiration of the imposed retention period, we will either:


  • securely and permanently delete or destroy the relevant personal data; or


  • anonymize or de-identify them.

Cookies are small text files which are transferred to your computer when you visit a website. In UnionDigital, we use cookies to calculate visitor, session, and campaign data and to keep track of site usage for the site’s analytic report.

When we process your personal data, you are afforded certain rights under the DPA. These include:


  1. Right to be Informed. You may demand the details as to how your personal data is being processed or have been processed by the Bank, including the existence of automated decision-making and profiling systems.
  2. Right to Access. Upon written request, you may demand reasonable access to your personal data, which may include the contents of your processed information, the manner of processing, sources where they were obtained, recipients and reason of disclosure.
  3. Right to Rectify. You may dispute inaccuracy or error in your personal data in the Bank systems through our contact center representatives.
  4. Right to Object. For personal data processed based on Consent or on Legitimate Interest of the Bank, you may, upon demand, suspend, withdraw, or remove your personal data for further processing. This includes your right to opt-out to any commercial communication or advertising purposes from the Bank.
  5. Right to Erasure or Blocking. Based on reasonable grounds, you have the right to suspend, withdraw or order blocking, removal or destruction of your personal data from the Bank's filing system, without prejudice to the Bank continuous processing for commercial, operational, legal, and regulatory purposes.
  6. Right to Data Portability. You have the right to obtain from the Bank your personal data in an electronic or structured format that is commonly used, subject to the Bank’s internal procedures.
  7. Right to be Indemnified for Damages. You have the right to be indemnified for any damages sustained due to such violation of your right to privacy through inaccurate, false, unlawfully obtained or unauthorized use of your information.
  8. Right to File a Complaint. If you feel that your personal data has been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated, you have a right to file a complaint with our Data Protection Officer (“DPO”) and/or with the NPC through www.privacy.gov.ph

Whenever necessary, UnionDigital may revise or update this Privacy Notice. We shall inform you of any changes or revisions by placing the date of the latest version on top of this page. We encourage you to regularly check this page to ensure you are aware of the latest updates to this Notice.

If you have any questions or comments regarding this Privacy Notice or the processing of your personal data, you may contact us by writing to our DPO:


Data Protection Office
UnionDigital Bank Inc.
Address: 41/F, Meralco Ave. cor. Onyx & Sapphire Roads, Ortigas Center, UnionBank Plaza, Pasig City, Metro Manila, 1605 PH
Email: dpo@uniondigitalbank.io