Data Privacy Statement

Tonik Digital Bank, Inc. is a transformative digital bank on a mission to revolutionize the way money works in the Philippines. Our products, services, and digital platforms are designed to empower and connect customers with innovative financial solutions that bring ease, security, and value to everyday banking.

When you interact with Tonik or use our services whether through our mobile applications, website, customer service channels, or partner platforms, we may collect information from and about you and your devices. We recognize that your Personal Information is important, and we are dedicated to handling it with the highest standards of care, transparency, and respect.

Our Data Privacy Statement (“Statement”) is designed to help you understand how we collect, use, process, share, protect, retain, and dispose your Personal Information. It also explains your rights and choices, so you can make informed decisions when engaging with us.

INTRODUCTION

  1. Tonik Digital Bank, Inc. (“Tonik,” “Bank,” “we,” “us,” or, “our”) values how important your Personal Data is for you. This Statement explains what we collect, keep, store, use, and how we process it.
  2. This Statement applies to all Tonik customers, past, present and prospective, as well as non-customers who interact with Tonik. This includes, but is not limited to, anyone who transacts through Tonik’s outsourced platforms or agents, such as, but not limited to, Templetech Finance Corp. (“Tendo” or “Tendo by Tonik”) and Purple Hub, Inc. (“PHI”), those engaging with Tonik through partnerships, visitors to Tonik’s website and anyone who contacts our Customer Care channel (“users,” “you,” or “your”).
  3. By using Tonik’s products, services, website, or mobile banking application (“Application”), you confirm that you have read, understood and agreed to be bound by this Statement, which is available through both our Tonik website and Application.
  4. You agree that Tonik may collect, keep, use, and share your Personal Data in line with the Data Privacy Act of 2012 or Republic Act (R. A.) No. 10173. We may share your Personal Information with Tonik’s Affiliates such as Tendo, PHI and Tonik Financial India Pvt. Ltd. (“TFI”), as well as our merchants, co-branding, and other strategic partners as well as collection agencies and other service providers (collectively, “Merchant-Partners”) for as long as permitted or required by law. This may be done to protect, and to pursue Tonik’s legitimate interests and/or business purposes. For clarity, “Affiliate” means any person or entity that directly or indirectly controls, is controlled by, or is under common control with Tonik. “Control” refers to the power, whether through ownership, management authority, or contract, to direct or influence management and policies.

HOW WE OBTAIN YOUR DATA

  1. We collect your Personal Data in the following ways:
    1. With your consent, when you:
      1. provide it while signing up or when you register on our website or Application;
      2. share it with us when applying for, or using any Tonik products or services;
      3. upload or send documents, files, or images to Tonik, Tendo, or any of its data or service partners as part of your application or use of our products or services;
      4. enter into a contract with Tonik, or accept our offer of a product or service;
      5. interact with any of our employees, representatives, agents and/or service providers; and,
      6. reach out to us through any of our contact channels, or when you visit our website.
    2. From your organization, when it becomes (or already is) a Tonik partner, and your Personal Data is shared with us to help us contact your organization, or when your organization refers you to Tonik.
    3. From other authorized sources, including without limitation, government agencies, regulators, courts, tax authorities, credit scoring agencies, telecommunications providers, e-commerce companies, professional associations, income or address verification service providers, and other third-party sources.
  1. We may collect some of your data and information through the use of “cookies.” Cookies are small bits of information that are automatically saved in your web browser when you visit our website or use our Application. They can then be retrieved by our system during future visits. For example, a cookie may store your password, so you do not have to type it again each time you log in. We use cookies to: a) give you the best possible browsing experience; b) determine your preferences; c) help you move smoothly between pages; d) verify your identity; and, e) perform security checks. You can disable cookies anytime by changing your browser or Application settings. However, please remember that cookies make many of our features work properly. If you disable certain cookies, some functions on our website or Application may not work as intended. For example, if your browser is set to disable “session” cookies, you can still browse our public site but you will not be able to log in to online banking.
  1. When you install the Tonik app on your mobile device, and only if you give us express permission, we may collect certain information from your device. This may include details such as your installed mobile applications, network settings, IP address, contacts, and SMS metadata (i.e., non-content information associated with text messages stored or transmitted through your device. This may include details such as the sender and recipient phone numbers, message timestamps, and other transactional attributes, but excludes the actual content or body of the messages). We use this information to better understand your profile and needs, so we can offer loan products or other financial services that are more suitable and tailored for you.

WHAT WE PROCESS

  1. We may process and use different kinds of your Personal Information (also, “Personal Data”). This may include, but is not limited to:
    1. Identification data – This may cover details such as your name, date and place of birth, age, government-issued ID number, email address, home or mailing address, telephone or mobile number, job title, nationality, gender, specimen signature, postal code, and social security number. When relevant, we may also collect certain Personal Information about your friends, relatives, or spouse, like their name, date of birth, gender, email address, mailing address, and telephone or mobile number. This only applies if such information is needed for our services;
    2. Transaction data – This may include information such as your bank account number, deposits, withdrawals, transfers (including when and where they happened), your customer account number, and card number;
    3. Financial data – This may cover documents and records like invoices, bank statements, credit notes, pay slips, and other financial information; details about your property or assets, your credit history and capacity, payment behavior (like arrears or missed payments), whether you are listed with a credit bureau; the financial products you have with Tonik, and information about your income;
    4. Socio-demographic profile – This includes information such as your education, employment details, including but not limited to, your job title, industry, hiring date, salary, employment status, and certificate of employment, as well as your employer’s office address and contact numbers, details about your co-employees, your career path, customer segment, marital status, children, and other dependents;
    5. Behavior and preferences data – These cover the data you share with us when you respond to surveys or contact our Customer Care channel, the IP address of your mobile device or computer, and information about the pages you visit on our website and Application;
    6. Know-Your-Customer (KYC) data – As part of our legal and regulatory obligations, we collect information needed for customer due diligence. This helps us prevent fraud, money laundering, terrorism financing, tax fraud, and any activity that violates local or internal sanctions;
    7. Audio-visual data – Where allowed by law, we may record phone or video calls. These recordings may be used to verify your requests made over the phone, to help prevent fraud, or for staff training and quality assurance purposes;
    8. Biometric data – This may include information such as facial recognition data, voice identification, or fingerprints. We use biometric data mainly for verifying your identity and ensuring your secure access to our products and services;
    9. Social media interactions – We may collect information about your interactions with Tonik on social media. This includes public posts, messages, likes, comments, or responses related to Tonik that are visible on the internet.
    10. Sensitive data – In some cases, we may process Sensitive Personal Data such as your health information, ethnicity, religious or political beliefs, genetic or biometric data, or criminal records. This will only happen if:
      1. You have given us your express consent;
      2. It is required or allowed by applicable local laws;
      3. You instruct us to make a payment or transfer to any person or entity including, without limitation, a political party or religious institution; or,
      4. You choose to use biometric recognition like facial recognition or fingerprint to access or use the Application.
    11. Information collected through cookies or other technologies used to analyze visits, usage, and transactions on our websites, mobile applications, SMS, information technology systems, social media, data aggregators (i.e., companies or platforms that collect data from many sources), data integrators (i.e., companies or systems that combine data from different sources into one [1] view), and other online sources.
    12. The Application may also request permission to access your camera, microphone, gallery, contacts, installed applications, and location to function as intended.

OUR LAWFUL BASIS TO OBTAIN YOUR DATA

  1. We may need your Personal Data before we can provide certain products or services, or when required by law. We will only collect data that is relevant to these purposes. If you do not provide the necessary Personal Data, or do not allow its processing, profiling, or sharing, we may not be able to offer, or there may be delays in providing, our products and services, including, without limitation, access to, and use of, the Application or our website.
  2. If you provide or make available to us the Personal Data of third parties, including, but not limited to, your relatives, friends, payees, beneficiaries, attorneys, attorneys-in-fact, guarantors, as well as employees and officers of your employer (each a “Related Person”), you represent and warrant to us that: (a) the information you have provided is accurate and up to date, and, (b) you have obtained their consent to (i) collect and share their Personal Data with us, and, (ii) allow us to process, store, and share their Personal Data in accordance with this Statement. You also acknowledge that this Personal Data may be used to contact the Related Person regarding your accounts, applications for products or services, or Tonik cards.
  1. By assessing our services or products, and/or by applying for a loan through the Tendo app, you hereby:
    1. authorize us to contact you, your Related Persons, and/or your employer using Tendo-recognized communication channels. These may include, but are not limited to, phone calls, text messages, emails, in-app notifications, messages and/or calls, social media, e-commerce platforms, Viber and WhatsApp, or other secure digital platforms, through the Personal Data you have provided;
    2. allow us to engage third parties for verification purposes as part of our due diligence and KYC procedures;
    3. consent to, and/or waive your rights to confidentiality under applicable data privacy and bank secrecy laws, such as, but not limited to, R. A. Nos. 10173 (Data Privacy Act), 1405 (Secrecy of Bank Deposits Law), 8791(General Banking Law of 2000), 9160 (Anti-Money Laundering Act of 2001), 8792 (Electronic Commerce Act of 2000), and 8484 (Access Devices Regulation Act);
    4. agree that we may process, analyze, and share your Personal Data, including that of your Related Persons, with our Affiliates and trusted third parties, as needed. This includes sharing necessary Personal Data with Tendo to process your loan applications, release approved loans, provide customer support, handle collections, and address complaints. Such Personal Data may also be processed or shared in other countries or jurisdictions outside the Philippines where Tonik, and its Affiliates, including but not limited to Tendo, PHI, and TFI, operate, in line with the local laws, rules, regulations and other relevant official requests. All such transfers will comply with all applicable data protection laws.
    5. agree to hold, indemnify, and keep Tonik and its Affiliates, including their respective stockholders, directors, officers, employees, and representatives, free and harmless from and against any and all claims, suits, actions or proceedings which may arise as a result of or in connection with the lawful release and disclosure of your Personal Data, except when the unauthorized disclosure thereof is solely and directly caused by Tonik or its Affiliates’ gross negligence or wilful misconduct, or that of their respective officers and/or employees.

    2. WHAT WE DO WITH YOUR DATA

  2. We use your Personal Data for business and/or other legitimate purposes, such as:
    1. processing your applications for Tonik’s products and services, as well as those of our Affiliates and Merchant-Partners; establishing, maintaining or terminating accounts; recommending personalized financial products; and providing or continuing financial services, including, without limitation, credit, debit, charge, prepaid, or other types of cards, investment products, insurance, loans, mortgages, auto and payroll loans, and other related financial products and services;
    2. carrying out activities related to our products and services, including, without limitation, transaction authorization, notification and confirmation, preparation and delivery of cards and statements, customer and other support services, conduct of surveys, product and/or service offerings, and other related materials, as well as administration of rewards and loyalty programs. These activities may involve contacting you through various channels, including, but not limited to, the Application, mail, phone calls, SMS, fax, email, internet, mobile, social media, chat, enrolled biometric systems, any messaging or communication platforms or applications, such as Viber and WhatsApp, and similar tools;
    3. verifying your identity or authority, or that of your Related Persons and other authorized representatives who contact us or whom we may contact, as part of our KYC procedures, and responding to requests, inquiries, questions, or instructions from you, your Related Persons, or other authorized representatives;
    4. performing agreements to which you are a party, carrying out your instructions, and/or analysing your eligibility for products and services. Where allowed by law, and if you choose to use it, using your face, fingerprint, or voice for authentication in mobile applications and certain transactions as well as operations;
    5. developing, improving, or offering services so you can enjoy the full benefits of products and services from Tonik, its Affiliates, or Merchant-Partners;
    6. providing you, and those individuals you refer to us, with relevant and accurate information, newsletters, and updates about Tonik, its Affiliates, and Merchant-Partners, offering or marketing related products or services, and conducting market, product, and service research. These activities may include, without limitation, contacting you or such individuals through various channels such as, but not limited to, the Application, mail, phone calls, SMS, fax, email, internet, mobile, social media, chat, biometric systems, messaging and communication apps or platforms including, but not limited to Viber and WhatsApp, and other technological tools and development;
    7. managing collections and repayment plans, and enforcing or protecting our rights, as well as those of our Affiliates, employees, officers, directors, and stockholders, including, without limitation, the recovery of amounts owed to us;
    8. conducting credit and other risk assessment, behavior and trend analysis, as well as statistical and planning activities. This includes, without limitation, performing data processing, statistical, credit, risk, fraud prevention, anti-money laundering, and sanctions reviews and analysis, developing credit scoring models, and evaluating credit worthiness. These may involve, without limitation, doing banking, credit, financial, and other background checks and reviews, as well as maintaining records of the banking, credit and financial history of individuals. In this regard, we may, from time to time, share your Personal Data and the Personal Data of third parties you provide, with tax authorities, banks, banking associations, credit bureaus, and other third-party providers for income verification and similar checks; business process execution, business management and reporting (including, without limitation, credit and risk management, credit bureau reporting, system or product development and planning, insurance, audit and administrative purposes);
    9. monitoring and recording your calls and electronic communications with us for record keeping, quality assurance, customer service, training, investigation, legal, and fraud prevention purposes;
    10. ensuring the protection of your Personal Data, your assets with Tonik, and the integrity of the financial system;
    11. complying with legal, regulatory, tax, governmental, law enforcement, and compliance requirements, both local and foreign. This includes disclosures to any foreign or domestic market exchange, court, tribunal, or governmental and regulatory authority pursuant to relevant laws, treaties, guidelines, regulations, orders, or official requests from such authorities. It also covers, without limitation, meeting KYC obligations, and monitoring, reporting, and taking action under the programs against money laundering and terrorism financing;
    12. complying with contractual arrangements or supporting initiatives, projects, and programs of financial industry organizations, self-regulatory bodies, and other financial institutions, including, without limitation, assisting other financial institutions to conduct background or credit checks, prevent fraud, or collect debts;
    13. undertaking automated processing of your and your Related Persons’ Personal Data for any, some, or all of the purposes stated above; and,
    14. carrying out any other purposes relating to the foregoing.
  3. When the processing of your Personal Data does not fall under any of the purposes mentioned above, we will ask for your explicit consent, which you may choose to withhold or withdraw at any time.
  4. We are required by law to keep your Personal Data for a certain period. In general, we delete your Personal Data or convert it into aggregated or anonymous form, and dispose of it in five (5) years in accordance with applicable laws and regulations. We may, however, retain your Personal Data for a longer period if it is needed for an ongoing audit, investigation, litigation, or other legal matters. Similarly, Personal Data processed by Tendo on our behalf is retained only for as long as absolutely necessary to fulfil the purposes outlined in this Statement or as required by law. When our agreement with Tendo ends, any Personal Data held by it will be securely deleted or returned to us, following our instructions.
  5. We may use your existing or retained Personal Data, KYC information, and transaction history (including details of active, dormant, terminated, or blocked accounts) when you use our products and services.

WHO WE SHARE YOUR DATA WITH AND WHY

  1. Tonik may share your Personal Data and that of your Related Persons with the following parties, in accordance with any of the purposes set out above:
    1. our Affiliates, specifically Tendo and TFI, and/or our Merchant-Partners, which act as our authorized Personal Data Processor, that is, an organization that processes Personal Data on behalf of another party called the Personal Data Controller, i.e., Tonik. They help us facilitate loan applications, disbursements, customer service, collections, and complaint management. Tendo may also use approved sub-processors, who are contractually required to protect your Personal Data and use it only for authorized purposes to facilitate its services.
    2. financial institutions and related entities, such as drawee or payee banks, clearinghouses, credit reference companies or bureaus, dealers, registrars, paying and collecting agents, insurers, credit card companies, acquiring companies, card networks or associations, and other financial institutions. These entities help us:
      1. process payment and withdrawal transactions;
      2. exchange secure financial transaction messages;
      3. process payments and credit transactions locally and internationally;
      4. process other electronic transactions locally and internationally; and,
      5. settle domestic and cross-border security transactions and payment transactions; or,
    3. service providers and other third parties that assist us or our Affiliates in operating and maintaining the business, including their employees and officers. These may include, without limitation, those engaged in:
      1. optimizing, debugging and improving our products and services, including our mobile application;
      2. designing, developing and maintaining online tools and applications;
      3. providing and managing applications or infrastructure (including, without limitation, cloud services);
      4. marketing activities or events, and managing customer communications, including mobile attribution and analytics;
      5. preparing reports and statistics, printing materials, and designing products;
      6. providing legal, audit, or other professional services such as lawyers, notaries, trustees, auditors or other professional advisors;
      7. identifying, investigating, or preventing fraud or other misconduct through specialized companies;
      8. facilitating payment processing and fund transfers;
      9. sending transaction notifications, confirmations, announcements, and other client communications through messaging or Voice over Internet Protocol (VoIP) app channels;
      10. securing credit history and verifying creditworthiness and ability to pay; or,
      11. providing specialized services like courier delivery, postal mail, physical record archiving, services by contractors, and other external service providers;
    4. research partners, who are bound by the same confidentiality and data protection obligations as Tonik employees;
    5. other Merchant-Partners or sponsors, marketing and event service providers, auditors or witnesses, couriers or logistics providers, and relevant regulatory authorities, which assist Tonik, its Affiliates, or its Merchant-Partners in administering and fulfilling promotional activities, raffles, contests, rewards programs, or similar campaigns;
    6. credit reference agencies, and, in case of default, lawyers and debt collection agencies;
    7. government and regulatory authorities or other entities, when disclosure is required by laws, regulations, court orders, treaties, or binding agreements with domestic or foreign governmental authorities;
    8. actual or proposed assignees, participants, sub-participants, or transferees, or those of our Affiliates, of our rights or assets in relation to any product or service you have with us;
    9. guarantors or providers of third-party security who guarantee or secure your obligations to, or contracts with, us;
    10. third-party providers of rewards, loyalty, or privilege programs, and similar product or service partners;
    11. charitable or non-profit organizations, or other recipients of donations or contributions from you;
    12. subcontractors, assignees, vendors or delegates of any of the above-mentioned persons or entities.
  2. Whenever we share your Personal Data with third parties, we make sure that such sharing complies with all applicable local and foreign data protection laws and regulations, as required.
  3. Tonik may also collect your Personal Data from our Affiliates and Merchant-Partners. This Personal Data will be shared in accordance with a separate agreement between Tonik and those partners, and shall be used by Tonik only for declared, valid, and legitimate purposes. Tonik and its partners shall take reasonable and appropriate measures to protect your Personal Data from accidental, unauthorized, or unlawful access, use, or disclosure.

YOUR RIGHTS AND HOW WE RESPECT THEM

  1. You have privacy rights when your Personal Data is used. These rights may vary depending on the laws that apply in your location. If you have questions about which rights apply to you, or wish to exercise any of them, please get in touch with us.
  1. Your rights include the following:
    1. Right to access – you have the right to access your Personal Data that is being used or processed by Tonik;
    2. Right to correction – you have the right to ask us to correct any Personal Data that is inaccurate or incomplete;
    3. Right to object – you may object to the processing of your Personal Data, including for direct marketing, automated processing, or profiling. Nevertheless, Tonik may continue to process and disclose your Personal Data in situations permitted by applicable laws, rules, and regulations, including but not limited to the following instances:
      1. if the Personal Data is required pursuant to a subpoena;
      2. when the collection or processing is necessary for the performance of or in relation to a contract or service between you and Tonik, such as, but not limited to, your continued use of the Application or our website; and,
      3. when the Personal Data is collected and processed to comply with a legal obligation on our part;
    4. Right to object to receiving commercial messages – you have the right to object to receiving marketing or promotional messages about Tonik’s products and services, or those of our partners. You can opt out or unsubscribe at any time. Even if you opt out, we may still send you important service notifications, such as alerts on your transactions or account activities.
      1. When you become a Tonik customer, we may ask whether you would like to receive offers or updates about Tonik’s products and services, as well as those from our designated and/or third-party partners. You can always change your mind by opting out or unsubscribing from our marketing emails;
      2. We may contact you through newsletters, emails, phone calls, messaging platforms such as Viber and WhatsApp, Voice over Internet Protocol (VoIP) app channels, or mobile notifications about these products and services. If you no longer wish to receive such messages, you have the right to object or to withdraw your consent at any time;
      3. However, even when you opt out of commercial messages, we may still send you important service notifications, such as alerts about transactions, card blocking, or activities from unusual locations;
    5. Right to data deletion – you have the right to request the deletion of your Personal Data when it is allowed by regulatory agencies or government authorities, if it is no longer necessary for its original purpose, it was processed unlawfully, you have withdrawn your consent, or you have objected to its processing;
    6. Right to complain – You have the right to file a complaint with the National Privacy Commission (NPC) if you are not satisfied with how we handle your Personal Data. If you wish to raise a concern about how we use your Personal Data, please contact us first, and we will address your concern promptly and appropriately. Complaints related to data processing performed by Tendo on our behalf will be coordinated with Tendo for proper resolution. If we fail to address your concern, you may also file a complaint directly with our regulators, particularly the Bangko Sentral ng Pilipinas (BSP) and the NPC, consistent with your rights under applicable laws and regulations;
    7. Right to be informed of a data breach – you have the right to be promptly notified if a data breach occurs that involves your Personal Data processed by Tonik so that you can take appropriate actions. In case of a data breach involving information processed by Tendo, affected individuals will likewise be informed in accordance with applicable legal requirements; and,
    8. Right to indemnification – As a data subject, you have the right to be compensated for any damages you may suffer as a result of inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your Personal Data, taking into account any violation of your rights and freedoms under applicable laws.
  2. When you exercise your rights, we may ask for identification details to verify your identity. We may deny your request if there is a lawful reason to do so, and we will inform you of such reason, if permitted by law. We may also charge a reasonable fee to cover the cost of processing your request, depending on its nature and complexity. You will be informed of any applicable fee before you proceed. If there is any delay in our response, we will notify you promptly and explain the reason for the delay.

HOW WE KEEP YOUR DATA SAFE

  1. We implement appropriate technical, physical, and organizational measures, including, but not limited to, internal policies and procedures, IT security systems, and operational procedures, to protect the confidentiality and integrity of your Personal Data and how it is processed. Our internal policy framework is regularly updated to reflect new regulations and industry best practices. We will ensure that our Merchant-Partners and their sub-processors apply the same level of protection, processing your Personal Data strictly under our instructions and in compliance with all applicable data protection laws. Our Merchant-Partners will be required to use appropriate safeguards to prevent any unauthorized access, alteration, disclosure, or destruction of your Personal Data. Our Merchant-Partners are contractually obligated to use your Personal Data solely for authorized and specified purposes.
  2. The Personal Data we process is stored in a secure cloud environment protected by firewalls and strict access controls to prevent unauthorized access, use, or alterations. Any third-party environments we use are subject to the same security standards and regulatory requirements that Tonik follows.
  3. We retain your Personal Data in accordance with BSP regulations:
    1. Transaction records are kept for five (5) years from the date of transaction, unless specific laws and/or regulations require a longer retention period; and,
    2. Financial data and documents related to taxable transactions are retained for ten (10) years, in line with the Bureau of Internal Revenue (BIR) regulations.
  4. After the applicable retention period, we will either:
    1. securely and permanently delete or destroy the relevant Personal Data; or,
    2. anonymize or de-identify it so it can no longer be linked to you.
  5. In addition, all Tonik employees are bound by strict confidentiality obligations and are trained to handle your Personal Data properly. If you suspect that your Personal Data may have been compromised, you may contact us through the Application, via email at dataprivacy@tonikbank.com or through our customer care hotline at +63 2 5322 2645.

MISCELLANEOUS

  1. We may update or amend this Statement from time to time to comply with changes in laws and regulations, and/or to reflect updates in how we process your Personal Data. You will be notified before any changes take effect.
  2. To learn more about Tonik’s data privacy practices and policies, how we use your Personal Data, and/or to exercise your data protection rights (including those related to processing activities performed by our processor, Tendo), you may contact us through the Application, by email at dataprivacy@tonikbank.com, or by calling our customer care hotline at +63 2 5322 2645. If your concern involves processing conducted by Tendo, Tonik will coordinate with Tendo to ensure your inquiry or request is handled promptly and appropriately.

 

 

  1. You may also contact our Data Protection Officer at:

DATA PRIVACY OFFICE

Tonik Digital Bank, Inc.

Unit 605B, 6/F, West Wing

The Offices at Estancia

Meralco Avenue, Pasig City 1605

 

Last updated: November 1, 2025

 
seal