In compliance with the Data Privacy Act of 2012 and applicable policies issued by the National Privacy Commission (NPC) and Department of Information and Communications Technology (DICT), the following terms and conditions shall apply:

---

1. Collection of Personal Data

• Account registration and authentication
• AFP pensioner identity verification
• Validation of pension-related records
• Secure access to authorized online services
• Fraud prevention and system security monitoring

---

2. Lawful Processing of Information

All collected data shall be processed in accordance with the principles of:

• Transparency
• Legitimate Purpose
• Proportionality

as mandated under Republic Act No. 10173.

---

3. Security and Protection Measures

The system implements appropriate organizational, physical, and technical security measures consistent with government cybersecurity standards and DICT information security policies.

• Protection against unauthorized access
• Protection against data breaches
• Protection against disclosure or misuse
• Protection against alteration or destruction
• Protection against cybersecurity threats

---

4. Use of Bank Account Information

Your bank account number and pension-related information shall be used exclusively for:

• AFP pensioner status validation
• Identity verification
• Prevention of fraudulent registrations
• Secure pension-related transactions

---

5. Confidentiality and Non-Disclosure

Your personal data shall not be disclosed, shared, transferred, or sold to unauthorized third parties without your consent, except when required by:

• Philippine laws and regulations
• Lawful court orders
• Government audit requirements
• National security mandates
• Other lawful government processes

---

6. Authorized Access and Monitoring

Access to personal records shall be restricted only to authorized personnel performing official functions.

For security and audit purposes, the system may record:

• Login activities
• IP addresses
• Device and browser information
• Access timestamps
• System activity logs

---

7. Data Retention and Disposal

Personal data shall be retained only for the duration necessary to fulfill operational, legal, administrative, and security requirements.

After the retention period, records shall be securely archived, anonymized, or disposed of in accordance with government data retention policies.

---

8. Rights of the Data Subject

Under the Data Privacy Act of 2012, you have the right to:

• Access your personal data
• Correct inaccurate information
• Request data update or deletion
• Object to unlawful processing
• Request suspension or blocking of processing
• Be informed regarding the handling of your information

---

9. User Consent and Agreement

By proceeding with registration, you certify that:

• The information provided is true and correct
• You have read and understood this Privacy Notice
• You voluntarily consent to the collection and processing of your personal data