Statement of Commitment to Data Privacy and Security
The Credit Information Corporation (“CIC”) upholds and respects your data privacy rights. In this regard, the CIC employs reasonable measures to protect your personal data in accordance with Republic Act No. 10173 or the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and the various issuances of the National Privacy Commission (NPC) (collectively, the Data Privacy Regulations).
In this Privacy Policy, you will understand how we collect, use, and share your personal data for the processing and resolution of disputes arising from your credit report in accordance with the Credit Information Systems Act (“CISA”) and relevant CIC issuances. We recommend that you review this Privacy Policy regularly as this is subject to change to reflect updates to relevant laws and regulations as well as our policies.
Brief Service Description; General Purpose and Process
Section 4(o), RA 9510 or Credit Information System Act provides that: “The Corporation should use a simplified dispute resolution process to fast track the settlement /resolution of disputed credit information.” The CIC has created a system called the Online Dispute Resolution System (ODRS) pursuant to CIC Circular 2019-01 for the speedy resolution of disputes for your credit reports.
Use of the Online Dispute Resolution System (ODRS)
In order to file a dispute with CIC, the disputer must first acquire a credit report from Special Accessing Entity of the CIC or through this link: https://www.creditinfo.gov.ph/direct-consumer-d2c-program
The subject of a dispute is any erroneous, misleading, incomplete, or outdated credit data found in your credit report.
For the step-by-step procedures in filing of a dispute, kindly visit this link: https://www.creditinfo.gov.ph/online-dispute-resolution-process-0
What personal data do we collect?
The CIC will collect the following personal data via the ODRS:
- Full name of disputer;
- Contact of disputer which includes but not limited to cellphone number, email address, or telephone number;
- birthdate and identifying information of disputer
- name of the submitting entity and its contact information;
- address of the disputer;
- reason and details of the dispute; and
- other relevant data for the authentication services, processing and resolution of the dispute.
Why do we collect your personal data?
All data collected via the ODRS shall be processed for the following purposes:
- for the processing and resolution of disputes
- to contact you and the Submitting Entity in response to queries, requests, or concerns of both parties as well as the orders and directives of the CIC;
- to correct or update your Credit Reports
- for other purposes pursuant to the performance of the functions of Credit Information Corporation or as required by the Credit Information Systems Act (CISA) and its Implementing Rules and Regulations and
- National ID authentication services
To whom do we share your personal data?
Apart from the CIC, your personal data in relation to the dispute shall only be shared to the Submitting Entity to thom the dispute is filed and to the Philippine Statistics Authority (PSA) as for the National Authentication services.
The same shall not be released to other entities except upon a subscription agreement and lawful orders of the court.
How do we process your personal data?
Personal data collected via the ODRS shall be processed to CIC’s internal monitoring and processing of disputes. After receiving your disputes, the information provided will be relayed or transferred to the concerned submitting entities (banks, lending institutions, etc.) for the acknowledgment of the dispute. A special submission file will be sent by the submitting entity to correct or resolve the disputed data. Afterwards, the CIC will verify, monitor and process the data subject for resolution.
How do we protect your personal data?
The foregoing personal data, which are encrypted, shall be captured, stored, and retrieved by the CIC solely for the specific purposes stated in this Privacy Notice. The data shall be processed and stored with utmost security and confidentiality. The CIC implements organizational, physical, and technical security measures to protect personal data from unauthorized disclosure and access.
Only authorized CIC Technical Personnel shall have access to the collected data stored and hosted in its server, which in turn are subject to strict security protocols.
The personal data collected via the ODRS are used only to resolve the dispute filed within the CIC’s system.
How long will we keep your personal data?
According to Section 4 (h) of the CISA Law provides: “The negative information on the borrower as contained in the credit history files of borrowers should stay in the database of the Corporation unless sooner corrected, for not more than three (3) years from and after the date when the negative credit information was rectified through payment or liquidation of the debt, or through settlement of debts through compromise agreements or court decisions that exculpate the borrower from liability.”
The collected personal data shall be stored in the CIC’s internal database_____ xxxx. Access to such data will be limited to CIC authorized personnel. Sharing of personal data with unauthorized individuals is strictly prohibited.
Personal data collected via the ODRS shall be retained until the request or concern is addressed. In exceptional cases, the data may be retained for a longer period, such as when legal issues arise from your requests or concerns or their processing, after which the personal data shall be anonymized and/or expunged.
In all cases, your personal data shall be stored in a secure manner to ensure its confidentiality, integrity, and availability.
Upon expiration of the period of retention, any personal data collected through the ODRS shall be disposed of and discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure of your data.
What are your rights as a data subject?
Under the Data Privacy Regulations, you are entitled to the following rights as data subject in relation to the personal data collected via ODRS. These rights may be exercised at your discretion:
-
The right to be informed
You have the right to be informed whether personal data pertaining to you, obtained via the ODRS, shall be, are being or have been processed.
-
The right to access
Under the DPA, individuals can request access to any of their personal data (obtained via the ODRS), held by the CIC, subject to certain restrictions. Any such request should be addressed to the Data Protection Officer.
-
The right to object
You have a right to object to the processing of your personal data, including processing for direct marketing, automated processing or profiling.
-
The right to erasure or blocking
You have the right to suspend, withdraw or order the blocking, removal, or destruction of your personal data from the CIC’s system as obtained via the ODRS, subject to the provisions of the Data Privacy Regulations.
-
The right to damages
You have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data, considering any violation of your rights and freedoms as data subject.
-
The right to file a complaint before the NPC
If you feel that your rights have been violated or your personal data has been misused, maliciously disclosed, or improperly disposed of, you have the right to file a complaint before the NPC.
-
The right to rectification
You have the right to dispute any inaccuracy or error in your personal data and have the CIC correct it immediately, unless the request is vexatious or unreasonable.
-
The right to data portability
You have the right to obtain a copy of your data in an electronic or structured format that is commonly used and allows for further use by the data subject.
Changes to our Privacy Notice:
The Privacy Notice may be updated from time to time. If material changes are required, any revisions shall be published on the CIC website under the News and Announcements page for your immediate guidance. Therefore, we encourage you to review this Privacy Notice periodically so that you are up to date on our most current policies and practices.
This Privacy Notice was last updated on June 03, 2024.
How do you contact us?
If you have any privacy concerns or questions about your data privacy rights or our Privacy Notice, please contact us through:
CIC DATA PROTECTION OFFICER
Credit Information Corporation
6F, Exchange Corner e Bldg. 107 VA. Rufino Street,
Cor. Esteban, Legaspi Village, Makati City
+6302822365900
dpo@creditinfo.gov.ph