SESLA Data Privacy Notice

CONTENTS:

• Introduction
• Personal Data Collected
• Purpose of Processing Personal Data
• Sharing of Personal Data
• Data Subject Rights
• Data Retention Policy
• Security Measures
• How to Access and Exercise Data Subject Rights

INTRODUCTION:

Shell Employees Savings and Loan Association, Inc. (SESLA) is a non-stock, non-profit savings and loan association registered and incorporated with the Bangko Sentral ng Pilipinas and Securities and Exchange Commission in 1955. It is principally established for two-fold purposes:

• To cultivate the habit of saving among Shell employees.
• To provide financial assistance with minimal interest rate on loan, in times of need.

Established in 1955 as a non-stock, non-profit savings and loan association, Shell Employees Savings and Loan Association, Inc. (SESLA) has come a long way in offering a wide range of financial products and services to all its members throughout the Philippines. SESLA’s main office is located at the 40th floor Finance Centre Building, 26th Street, 9th Avenue, Bonifacio Global City Taguig where we centrally provide service to all Filipino Shell staff members.

SESLA is committed to respect, be responsible, and protect the personal information, sensitive-personal information and privileged information that it collects and processes in accordance with Republic Act (R.A.) No. 10173, otherwise known as the Data Privacy Act (DPA) of 2012 and its Implementing Rules and Regulations (IRR). This Data Privacy Statement aims to outline the information collected, the security measures employed, retention management, data subject rights and who to contact in SESLA for data privacy related queries.

PERSONAL DATA COLLECTION:

In this Data Privacy Notice, personal information, sensitive-personal information and privileged information collectively refers to as “personal information”. “Personal information” refers to all types of personal data of an individual, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information, would directly and certainly identify an individual. For purposes of establishing the member’s identity, we collect the following “personal information” which complies with the requirements of the Banco Sentral ng Pilipinas (BSP).

1. Photo
2. Member’s Full Name
3. Mother’s Maiden Name
4. Staff Number
5. Address (Present and Permanent)
6. Nationality
7. Date and place of birth
8. Tax Identification Number
9. SSS Number
10. Contact numbers (work, home or mobile);
11. Gender, civil status,
12. Personal E-mail address
13. Minimum Capital Contribution (Initial)
14. Monthly Capital Contribution (Capcon)
15. Mode of payment
16. Authorization for automatic monthly payroll deduction for Capcon and payment to loan/s.
17. Business Information
1. Name of Company and Workbase
2. Business Address
3. Telephone Number
4. Date joined Shell (day, month, year)
5. E-mail address
6. Present salary
7. Bank Account No.
8. Nature of business
9. Source of funds
18. Beneficiary/s:
1. Full name
2. Relationship
3. Birthday (day, month, year)
19. Member’s Specimen Signature
20. Question on Politically Exposed Person (PEP)
21. Product/s to be availed
22. Latest Payslip
23. Certificate of Regularization or Employment addressed to SESLA
24. Photocopy of two (2) valid ID’s (Company ID and Government-issued ID) with 3 specimen signatures

Above “personal information” and additional “personal information” may be collected per frequency and/or type of loan or withdrawal the member makes. There are dedicated forms for each of transaction which a member accomplishes and submits to the dedicated SESLA staff thru email or personal submission. The results of the loan transactions are securely stored. Physically submitted application documents are stored at SESLA Office and managed by dedicated staff. These documents are also digitally scanned and stored at SESLA’s licensed cloud storage facility. All stored forms and “personal information” follow SESLA’s Information Technology Data Retention Policy.

For website visitors, like most website operators, SESLA collects non-personally identifying information that web browsers and servers typically make available, such as the browser type, language preference, referring site, cookie-related information, and the date and time of each visitor request. SESLA’s purpose in collecting non-personally identifying information is to better understand how SESLA’s visitors use its website. From time to time, SESLA may release non-personally identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.

SESLA also collects potentially personally identifying information like Internet Protocol (IP) addresses for logged in users and for users leaving comments on sesla.com blogs/sites. SESLA only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personally identifying information as described, except that commenter IP addresses and email addresses are visible and disclosed to the administrators of the blog/site where the comment was left.

SESLA discloses potentially personally identifying and personally identifying information only to those of its employees, contractors and affiliated organizations that

1. need to know that information in order to process it on SESLA’s behalf or to provide services available at SESLA’s websites, and
2. that have agreed not to disclose it to others.

Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using SESLA’s websites, you consent to the transfer of such information to them. SESLA will not rent or sell potentially personally identifying and personally identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, SESLA discloses potentially personally identifying and personally identifying information only in response to a subpoena, court order or other governmental request, or when SESLA believes in good faith that disclosure is reasonably necessary to protect the property or rights of SESLA, third parties or the public at large. If you are a registered user of an SESLA website and have supplied your email address, SESLA may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with SESLA and our products. If you send us a request (for example via email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. SESLA takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally identifying and personally identifying information.

SESLA may collect statistics about the behavior of visitors to its websites. SESLA may display this information publicly or provide it to others. However, SESLA does not disclose personally identifying information other than as described below.

PURPOSE OF PROCESSING PERSONAL DATA:

“Personal information” is collected upon submission of membership form and other required documents. Collection, consent, processing, and retention of “personal information” is essential in determining member’s credit worthiness for loans and investments, and, in the case of SESLA staff and Trustees, the daily conduct of SESLA operations.

SESLA processes member “Personal information” in the following instances.

1. Membership application
2. Member evaluation
3. Various regular and special-offer loan application
4. Special Savings Deposit application/agreement
5. Assignment of Capital Contribution, Special Savings Deposit
6. Borrower’s Authority to Deduct
7. Option to Retain Membership
8. Assignment of Retirement Pay
9. Insurance Enrollment and Declaration

For every transaction, consent to processing of “personal information” is obtained from the member by SESLA’s staff.

Information is also gathered when members or non-members visit SESLA’s website. Such information is gathered to help SESLA for operational efficiency purposes and to monitor internet activity to safeguard against illegal activities.

SESLA strictly practices confidentiality and security in processing member personal data in the conduct of daily operations. SESLA employs reputable security measures thru is longtime Information Technology partners. We use systems that processes and stores personal data meeting compliance requirements of various departments of the Philippine government.

SHARING OF PERSONAL DATA:

Members’ “personal information” is generally not shared with other 3rd parties. Only in the following cases are “personal information” shared with 3rd parties.

1. To comply with legal or regulatory obligations as mandated by various Philippine government agencies such as Banco Sentral ng Pilipinas (BSP), Credit Information Corporation (CIC), etc.
2. To comply with Republic Act No. 9510 or Credit Information System Act (CISA)
3. Regular audits performed by designated internal and external auditors, and the BSP.

If “personal information” submission is required by legitimate party with justifiable reason, member consent will be secured prior to any action being taken. No information will be released without the member’s expressed written consent.

Business Transfers. If SESLA, or substantially all of its assets, were acquired, or in the unlikely event that SESLA goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of SESLA may continue to use your personal information as set forth in this policy.

DATA SUBJECT RIGHTS:

SESLA adheres and supports the rights of the data subjects as provided under Section 16 of R.A. No. 10173and Section 34, Rule VIII of the IRR, and other NPC issuances. The following member or data subject’s data privacy rights.

1. Right to be Informed whether personal data pertaining to him or her shall be, are being, or have been processed, including the existence of automated decision-making and profiling.
2. Right to object to the processing of his or her personal data where such processing is based on consent or legitimate interest. Note that this may have an impact on SESLA’s offering to the member due to other laws governing SESLA’s business and operations.
3. Right to access information on the processing of their personal data which is subject to further guidelines.
4. Right to rectification or dispute the inaccuracy or error in his or her personal data and have SESLA correct the same within a reasonable period of time.
5. Right to request for the suspension, withdrawal, blocking, removal, or destruction of his or her personal data from the SESLA’s filing system, in both live and back-up systems.
6. Right to obtain from the SESSLA a copy of his or her personal data and/or have the same transmitted from to another PIC, in an electronic or structured format that is commonly used and allows further use by the data subject.
7. Right to file a complaint.
8. Right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of your right and freedoms as data subject.

For a detailed explanation of each of your rights as contained in the DPA of 2012, please visit the NPC website at : https://privacy.gov.ph/data-subject-rights/

DATA RETENTION POLICY:

SESLA’S data retention policy is incorporated in the SESLA Information Technology Records Management Policy. It follows the generally accepted data lifecycle. Not all “personal information” follows the same data retention duration. It is determined by operational needs and legal/fiscal guidelines. SESLA Operations follows a structured process in monitoring and approval to dispose process.

SECURITY MEASURES:

Each SESLA staff and Trustee has committed to ensuring and promoting security of information in the conduct of business. Staff ensure that any manual documents and forms containing “personal information” are safely stored and can only be accessed by authorized individuals. Access to email, data processing systems and data storage facilities are controlled by SESLA’s 3rd Party IT Partner.

Together with our 3rd Party IT Partner, data is stored in Google Workspace. The following describes what is currently designed for SESLA.

For SESLA’s website.
Website Visitors
Like most website operators, SESLA collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. SESLA’s purpose in collecting non-personally identifying information is to better understand how SESLA’s visitors use its website. From time to time, SESLA may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.

SESLA also collects potentially personally-identifying information like Internet Protocol (IP) addresses for logged in users and for users leaving comments on sesla.com blogs/sites. SESLA only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below, except that commenter IP addresses and email addresses are visible and disclosed to the administrators of the blog/site where the comment was left.

Cookies. A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. SESLA uses cookies to help SESLA identify and track visitors, their usage of SESLA website, and their website access preferences. SESLA visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using SESLA’s websites, with the drawback that certain features of SESLA’s websites may not function properly without the aid of cookies.

Ads appearing on any of our websites may be delivered to users by advertising partners, who may set cookies. These cookies allow the ad server to recognize your computer each time they send you an online advertisement to compile information about you or others who use your computer. This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you. This Privacy Notice covers the use of cookies by SESLA and does not cover the use of cookies by any advertisers.

CONTACT SESLA:

You may contact SESLA for more information or to discuss specific data privacy related matters thru the following.

Although most changes are likely to be minor, SESLA may change its Privacy Policy from time to time at SESLA’s sole discretion. SESLA encourages visitors to frequently check this page for any changes to its Privacy Notice. If you have a sesla.com account, you might also receive an alert informing you of these changes. Your continued use of this site after any change in this Privacy Notice will constitute your acceptance of such change.