top of page

GENERAL PRIVACY POLICY

​PRIVACY STATEMENT

 

We, the AFP Finance Center Multi-Purpose Cooperative (AFPFC MPC), are committed to protecting personal data and upholding the data privacy rights of our members, clients, and other stakeholders. All personal, sensitive, and privileged information collected and processed by the Cooperative are handled in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, its Implementing Rules and Regulations (IRR), and relevant issuances of the National Privacy Commission (NPC). 


We ensure that personal data are processed only for legitimate and lawful purposes and in strict adherence to the principles of Transparency, Legitimate Purpose, and Proportionality, with all officers, employees, and authorized personnel sharing responsibility for safeguarding personal information under the Cooperative’s custody.

OUR PRODUCTS AND SERVICES

 

AFPFC MPC is a member-based Cooperative duly registered with the Cooperative Development Authority (CDA). We provide financial and related services through our main branch, satellite offices, as well as our website and mobile application. Our services include, but are not limited to, the following:
•    Membership Application and Management – verification, and maintenance of member records
•    Loan Application and Processing – evaluation and granting of loans and other financial assistance programs
•    Savings and Investment Services – management of member deposits and investments
•    Insurance and Protection Programs – processing of claims and benefits
•    Member Assistance Programs – financial support, donations, and other assistance programs
•    Digital Platforms and Chatbot Services – member inquiries, service transactions, and information dissemination through the website and social media

WHAT WE COLLECT

 

We collect personal information necessary to provide you with our services and to comply with legal and regulatory requirements. This may include, but is not limited to:


Identification Information (Know-Your-Customer)
This includes your full name, sex/gender, civil status, date and place of birth, citizenship/nationality, present and permanent address, contact information (landline, mobile number, and/or email address), source of fund, occupation, employment information (Branch of Service, Rank, Serial Number, Company Name, Job Title, Income), Government Issued Identification (SSS, TIN, AFP and LGU ID, Passport, etc), and Biometrics (Photo, Specimen Signature, and Fingerprint)


Financial Information and Transaction History
This includes financial information such as bank account details, loan information, savings, and investments, as well as transaction history covering loan applications, payments, and membership details.


Third Party Information
This includes identification information from third-party sources and when you engage with us through social media platforms, we may also access limited data associated with your social media account.


Communication Information
This includes voice and/or chat conversations between you and our field associate representatives.


Security Information
This includes images and videos recorded through our CCTV, log histories of entry and exit within the premises, vehicle details, and other security-related records collected for safety and monitoring purposes.


Suppliers and Contractors Information
This includes business and contact details of suppliers and contractors, records of contracts and engagements, transaction and payment information, and other relevant documents necessary for procurement, compliance, and business operations.

HOW AND WHEN WE COLLECT

 

We collect your personal data through and during:


Through Face-to-Face Interaction. We collect personal data when you visit our main office and satellite offices, interact with our team, or availof our products and services. Your personal data may be collected through filling out a physical form, digital form, interview, and CCTV.


Through our Web App. We collect personal data when you register and create an account through our Web App. Additionally, personal data is collected when you process transactions within the app.


Through our Official Website and Social Media Accounts. We collect personal data when you visit our website and submit online forms. Additionally, we gather personal data through your interactions with our team via social media channels, including calls, chats, private messages, comments, and reactions.


Through our Customer Service Hotline, Chat or Email. We collect personal data through various customer support channels, including hotline calls, online chat, email correspondence, and direct interactions with our customer service team.

WHY WE COLLECT

​

We collect your information for the following purposes:

  • To process applications for membership, loans, savings, insurance, contracts, and participation in Cooperative programs

  • To assess eligibility, creditworthiness, financial capacity, and compliance with Cooperative requirements

  • To carry out day-to-day Cooperative operations, including account management, billing, collections, procurement, governance, and customer support

  • To manage financial transactions such as deposits, payments, disbursements, remittances, and reconciliations

  • To administer member benefits and entitlements and send related notices and updates

  • To verify identity, secure accounts and transactions, and prevent fraud or unauthorized access

  • To communicate official notices, statements, billing information, and Cooperative activities

  • To maintain accurate records of members, officers, suppliers, partners, and transactions

  • To generate internal management, financial, and compliance reports

  • To comply with legal, regulatory, reportorial, audit, and record-keeping requirements

  • To conduct audits, investigations, risk management, and collection or legal actions when necessary

  • To conduct analysis and research to improve Cooperative services, programs, and operations

  • To ensure the safety and security of members, clients, visitors, facilities, and assets of the Cooperative

  • To undertake other similar legitimate purposes

HOW WE STORE, RETAIN, AND DISPOSE​

 

We store your information based on the following:
Physical records containing your personal data are securely stored at our main officestorage facilities. This location follows strict physical security protocols to safeguard your information against unauthorized access, loss, or damage.


Digital records containing your personal data are securely stored on our computers, servers, CCTV recorders, and cloud-based data storage systems. These systems employ industry-standard encryption, access controls, and regular security audits to protect your data from unauthorized access, loss, or breach.


We retain your personal data for ten (10) years from the date of your last transaction, account closure, or settlement, and three (3) years in the case of employees following resignation or separation, except for CCTV recordings, which are retained for a maximum of one (1) month. Where personal data are required for ongoing investigations, legal proceedings, or compliance with legal obligations, we may retain them beyond these periods in accordance with applicable laws and regulations.


We dispose your personal data as follows:
Physical records containing personal data are disposed of using secure destruction methods, including shredding by the Administrative Department. These methods are chosen to ensure complete and irreversible destruction of documents, in accordance with applicable data privacy regulations.


Digital records containing personal data are securely disposed of using data deletion tools that overwrite information to prevent recovery. These tools follow industry-standard protocols to ensure that erased data cannot be retrieved or reconstructed, thereby protecting the confidentiality and integrity of personal information.

WITH WHOM DO WE SHARE​

 

We may share your personal information only to the extent necessary to provide our services and fulfill our legal and operational obligations. This includes:

  • Our employees and officers, who handle your accounts, requests, transactions, and collections.

  • Government agencies, such as the Bureau of Internal Revenue (BIR), Cooperative Development Authority (CDA), and other regulatory bodies.

  • Partner financial institutions, insurance providers, and collection agencies, for purposes related to loans, savings, insurance transactions, and collections.

  • Service providers, including IT service providers and consultants, who assist in the development, maintenance, and support of our systems and services.

  • External partners, for purposes such as risk management, collections, fraud detection, and prevention.

​

We ensure that all third parties process personal information in compliance with the Data Privacy Act of 2012 and exercise the same degree of care and diligence that we apply to protect your data.

HOW WE PROTECT​

 

We value the trust you place in us and take comprehensive measures to safeguard your personal data against unauthorized access, disclosure, alteration, and loss. Our protection framework includes organizational, physical, and technical measures.


Organizational Security Measures

  • Appointment of a Data Privacy Officer (DPO) and the formation of a Data Privacy Response Team.

  • Maintenance of an up-to-date inventory of all Data Processing Systems.

  • Ongoing data privacy training and education for all employees.

  • Inclusion of confidentiality and data protection clauses in employment contracts and Non-Disclosure Agreements (NDAs).

 

Physical Security Measures

  • Personal data in both digital and paper formats are stored securely.

  • Paper records are kept in a secured records office, with access limited to authorized personnel and monitored via CCTV. 

  • Digital data are stored in the AFPFC Integrated Management System (AIMS), on locked servers in secured rooms, portable disks, and other devices, all protected by strong passwords or passcodes. Devices are encrypted using industry-standard encryption protocols.

​

Technical Security Measures

  • Installation and regular updating of firewalls and antivirus software on all devices storing personal data.

  • Continuous monitoring of access to personal data to minimize the risk of data breaches and security incidents.

  • Regular vulnerability scans to detect outdated software and potential security gaps.

  • Encryption of all stored personal data and enforcement of strong password or passcode policies to prevent unauthorized access.

  • Regular encrypted backups of personal data, with restricted and monitored access to backup files.

​

Through these measures, AFPFC MPC ensures the confidentiality, integrity, and availability of your personal data, in compliance with applicable data privacy laws and regulations.

WHAT ARE YOUR RIGHTS​

​

Your right to data privacy empowers you to have reasonable control over the flow of your personal data. Under Data Privacy Act of 2012, individuals whose personal information is collected, stored, and processed are referred to as data subjects. It is the responsibility of the Personal Information Controllers (PIC) and Personal Information Processors (PIP) that handle your personal details, whereabouts, and preferences to uphold and respect your data privacy rights.


Right to be Informed. As a data subject, you have the right to be informed whether your personal data shall be, are being, or have been processed, including the existence of automated decision-making and profiling.


Right to Object. As a data subject, you shall have the right to object to the processing of your personal data where such processing is based on consent or legitimate interest.


Right to Access. As a data subject, you have the right to obtain confirmation on whether or not data relating to you are being processed.


Right to Rectify. As a data subject, you have the right to dispute the inaccuracy or error in your personal data and have the PIC correct the same within a reasonable period of time.


Right to Erasure or Blocking. As the data subject, you have the right to request the suspension, withdrawal, blocking, removal, or destruction of your personal data from the PIC's filing system, in both live and backup systems.


Right to Damages. As data subject, you have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of your right and freedoms as data subject.


Right to File a Complaint. If you feel that your personal information has been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated, you have a right to file a complaint with the NPC.


Right to Data Portability. As a data subject, you have the right to obtain from the PIC a copy of your personal data and/or have the same transmitted from one PIC to another, in an electronic or structured format that is commonly used.

HOW WE UPDATE​

​

AFPFC MPC reserves the right to update or revise this privacy notice at any time and will provide a new privacy notice whenever there are substantial changes. Prior versions shall be retained and may be provided to the data subjects upon request.

​

​

HOW YOU CAN EXERCISE YOUR RIGHTS​

​

For your inquiries and complaints, you may visit any of our offices or get in touch with us through our Customer Service Hotline and/or Email.

​


For data privacy requests and concerns, you may send contact us through our DPO Contact Number.


DATA PROTECTION OFFICER
DPO Contact Number: 0916-563-7537
DPO Email: dpo@afpfinancecoop.com
 

DPO DPS Registration Seal exp Jan 2027.png
bottom of page