MetroRemit UK - Privacy Notice
OUR ROLE:
We assure you that information you provide us is kept confidential. All information you provide will only be used within the bounds of applicable UK Laws*, and of other rules and regulations that may be issued by the competent authorities.
*The Data Protection Act or the General Data Protection that governs the processing of information relating to individuals, including obtaining, holding, use or disclosure of information.
We will collect personal information only for the following purposes:
- To verify the client’s identity
- To determine the client’s eligibility for remittance services
- To provide the client with continued service in the future
- To respond to clients’ inquiries about the status of past remittance transactions
- To prevent fraud with respect to both the customer and the company
- To meet legal, regulatory and other statutory requirements
Personal data obtained by Metro Remittance (UK) Ltd may only be processed for the prevention of money laundering and terrorist financing. And for the purpose of transmitting funds in favour of the beneficiary through Metropolitan Bank and Trust Company (Metrobank) in the Philippines.
You may also be contacted by us using contact details provided from time to time for updates on the Company's products and services, or other related announcement or promos from the company or from the Metropolitan Bank and Trust Company (Metrobank Philippines). This is to improve the way we provide services to you during the term of our relationship.
We ensure that the handling of your information adheres to the established security standards and procedures. Further, up-to-date technology is in place in our systems to prevent unauthorised access which undergoes continuous assessment to improve your security and your privacy.
We guarantee you that any information you provide to us is protected. We will only collect your identifiable information through secure means, i.e. in person at the branch, or through authorised marketing activities of the company. We may ask you to provide your information by post if you are unable to come at our office or by email. We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your mail server does not support TLS, you should be aware that any emails you send to us may not be protected in transit.
YOUR ROLE & RIGHTS:
Protect your information. We encourage you to be vigilant in protecting your personal data by ensuring that your account details, PINs, username and password are not disclosed to others nor written somewhere where it will be accessible to others. We also advise you to use strong passwords and to change them regularly as well as keeping your software/s updated.
Use secure means to communicate with us. You can contact us through our website, London Office, or by phone call. Rest assured that information coursed through these channels is protected by the security of our systems.
Access to your Information. You may request a copy of information we hold about you by email or by post and we will provide you details in portable format if feasible. (A fee may be applicable) You may also request that your personal information may be amended for the purpose of accuracy and completeness.
Erasure. You may request that we delete your personal information if you believe that:
– we no longer need to process your information for the purposes for which it was provided;
– we have requested your permission to process your personal information and you wish to withdraw your consent; or
– we are not using your information in a lawful manner.
Please note that the right to erasure is subject to certain exemptions, and if you request us to delete your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
Objection. You have a right to object to us processing your personal information (and to request us to restrict processing), unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests or where we need to process your information to investigate and protect us or others from legal claims. Depending on the circumstances, we may need to restrict or cease processing your personal information altogether, or, where requested, delete your information.
Please note that your right to object to our processing is subject to certain exemptions, and if you object to us processing your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
Marketing. You have a right to object at any time to processing of your personal information for direct marketing purposes, including profiling you for the purposes of direct marketing.
Withdraw Consent. Where we rely on your permission to process your personal information, you have a right to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities.
Report any data breach. If you think that your personal data was mishandled in terms of confidentiality or integrity, or if someone tampered with your personal data without your consent, please do not hesitate to contact our Information Security Officer through the following:
Chief Information Security Officer
1F 12 Kensington Church Street
London W8 4EP United Kingdom
Telephone Number: 020 7368 4490
Fax Number: 020 7937 6140
E-mail Address: info@metrorem.co.uk
Due to the rapidly evolving changes in current regulations over the financial sector, we may update this information from time to time.
Cookies Policy
Metrobank Philippines - Privacy Notice
How we collect information
We collect your personal data manually or automatically through various interactions including but not limited to the following:- When visiting and/or transacting at any office, building, premises, and/or use the facilities of a member of the Bank;
- When transacting with our employees, authorized representatives, agents and service provider;
- When visiting the websites of the Bank or third-party websites and clicking on the advertisements of the Bank;
- When submitting application forms and or other forms related to our products and services; and
- When filing complaints, inquiries or requests to the Bank.
What information we may collect
- Identification Data / Know-Your-Customer (KYC). This refers to personal data we collect when you register to our products and services, such as full name, gender, date of birth, civil status, place of birth, citizenship, permanent address, present address, government-issued identification numbers, email address, mobile number, home number, office contact details, company name, job position or rank, office address, source of funds, gross annual income, and such other information necessary to conduct due diligence and comply with BSP and AMLC rules and regulations;
- Financial Information. This includes but not limited to income, expenses, deposits, investments, credit cards, tax, insurance, financial and transaction history, relationships with other banks and/or financial institutions, business interests and assets;
- Audiovisual Data. This includes video, image, and sound recordings of when you communicate with representatives of the Bank through official Bank communication channels and surveillance videos at branches and automated teller machines (ATM), subject to limitations imposed by law;
- Non-Personal Information. This can be read on your device when you use Metrobank’s websites, apps, and other electronic platforms; and
- Relevant Individuals. These are information about your family members, beneficiaries, attorneys-in-fact, shareholders, beneficial owners whenever applicable, persons under any trust, trustees, partners, committee members, directors, officers or authorized signatories, guarantors, and other security and other individuals.
What we do with the information we gather
While your consent may be solicited to process your personal data, we may also process personal data without your consent, such as when processing is according to our mandate or when processing is allowed under Section 12 or Section 13 of the DPA.- Data Storage. We store data in secure and encrypted managed environments, devices, and media. For third-party managed environments such as cloud service providers, we employ BSP-sanctioned security protocols and procure BSP approval prior to deployment. We store physical copies of documents containing personal data in physically secure environments.
- Data Access. The data we collect can only be accessed by authorized personnel on a role-based access control, need-to-know basis and least-privilege principles.
- Data Use. Your personal data may be used, stored, processed, shared and disclosed by the Bank to its members, as well as third parties (as may be allowed by law) for the following relevant and necessary purposes:
- To protect you. We use your data to further secure your accounts from fraud and other illegal activities.
- To keep your information updated. We use your data to validate, verify, and update your information and documents.
- To facilitate transactions and offer you relevant products. We share your data within the Metrobank Group and to carefully selected third-party service providers to facilitate transactions and let you know about products and services relevant to you. o Data Profiling and Analytics. In determining products and services suitable for you, we may process your data using automated tools for profiling and data analytics.
- To perform legal duties. We use your data to comply with our legal duties and to further improve due diligence in anti-money laundering and counter-terrorism efforts as well as other activities required by applicable laws and regulations.
- To settle claims or disputes. We use your data to settle claims or disputes involving our products and services. Your data can also be used for prosecuting or defending Metrobank or its employees if needed.
- The personal data collected through CCTV recordings are securely kept and deleted after 30 calendar days, unless your entry or presence in the premises will be a subject of an investigation or inquiry, in which case, your personal data shall be kept until the investigation or inquiry is terminated.
- For financial data and documents which indicate taxable transactions, data shall be preserved for ten (10) years per BIR regulation.
- The processing, profiling, and sharing apply during the prospecting and application stages, as well as for the duration of and even after the rejection, termination, closure, or cancellation of Metrobank’s products and services for a period of at least ten (10) years from the termination of the last existing account or relationship of the Data Subject or Relevant Individual as determined by the Bank.
- All other transactions and accounts that are not defined above shall be retained following BSP and AMLC regulations where retention period for transaction records shall be five (5) years from the date of transaction except where specific laws and/or regulations require a different retention period, in which case, the longer retention period is observed.
To whom do we share your personal data
We may share your Identification Data, Financial Information, Audio-Visual Data, Non-Personal Information and Relevant Individuals, as defined above, only to the extent necessary to provide you with products and services suitable to your needs and fulfill our foregoing obligations, to:- Various units, offices and stores of the Bank;
- Subsidiaries, affiliates, and companies of the Metrobank Group;
- Authorized/accredited agents, representatives and third-party service providers;
- Banking associations, merchants, and partners;
- Banks and financial institutions, credit agencies; and
- Regulatory and government agencies as required or authorized by law.
Risks involved and how we protect your data
Metrobank ensures that adequate physical, technical, and organizational security measures, policies and procedures are in place to protect personal data's confidentiality, integrity, and availability. These include the use of secure physical and digital storage facilities; strict role-based access controls; multi-factor authentication; encryption; firewalls; secure file transfer protocols; advanced security software; regular security audits; data minimization, pseudonymization and anonymization; robust employee trainings and practices; stringent third-party service providers, vendors and partners management policy; and rigorous breach response plan. However, these do not guarantee absolute protection against certain risks involving the processing of personal data, such as when systems are exposed to targeted cyberattacks, malware, ransomware, and computer viruses or when manual records are accessed without authority.
Your safety is our priority
We care for the safety and security of all our clients and partners. Because of this, we highly encourage the following:- Protect and update your information. Keep your data safe by making sure your account details, PINs, username, and password are not accessible to others. Use strong passwords and change them regularly. When on electronic platforms, make sure to use devices that are safe and keep your software updated. We will not be able to serve you properly if your information is not updated. Make sure the information you submit is accurate, complete, and not misleading. Keep documents that can verify your information safe and available. If there are changes to your information, inform us immediately.
- Contact us through secure channels. Take advantage of our secure channels by contacting us through our website, branches, Contact Center, MetrobankDirect Online, and MetrobankDirect Mobile. When communicating via email, never disclose sensitive information such as account numbers, credit card numbers, or passwords. We will never ask you for these via email. We will also never ask you to click a link to verify your information. If we need sensitive information, an authorized bank representative will get in touch with you.
- Report any data issues. If you think your data has been mishandled in terms of confidentiality or integrity, or if you think your data has been tampered with, contact us through any secure channels mentioned above.
Your data privacy rights
Under the DPA, you have the following rights:- Right to be informed. The right to be informed whether your personal data shall be, are being, or have been processed, including the existence of automated decision-making and profiling.
- Right to access. The right to demand reasonable access to your data and obtain a copy of such data in an electronic or structured format.
- Right to object. The right to object to the processing of your personal data where such processing is based on consent or legitimate interest.
- Right to erasure or blocking. The right to request for the suspension, withdrawal, blocking, removal, or destruction of your personal data from the PIC’s filing system, in both live and backup systems.
- Right to damages. The right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of your right and freedoms as data subject.
- Right to data portability. The right to obtain from the PIC a copy of your personal data and/or have the same transmitted from one PIC to another, in an electronic or structured format that is commonly used.
- Right to file a complaint. If you feel that your personal information has been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated, you have a right to file a complaint with the NPC.
- Right to rectify. The right to dispute the inaccuracy or error in your personal data and have the PIC correct the same within a reasonable period of time.
Contact us
Data Protection Officer
Address: 2nd Floor, The Shops Grand Central Park, 7th Avenue corner 36th and 38th Streets, North Bonifacio District, Bonifacio Global City Taguig, 1637 Metro ManilaTelephone Number: 63-02-8-857-5539
E-mail Address: dataprotectiondept@metrobank.com.ph