Privacy Policy Statement

Statement of Policy and Practices

This Statement is made by Bank of Shanghai (Hong Kong) Limited (the "Bank") in accordance with the Personal Data (Privacy) Ordinance (the "Ordinance") of the Hong Kong Special Administrative Region ("Hong Kong"), and intended to notify you why personal data is collected, how it will be used and to whom data access requests are to be addressed. This Statement is also to set out the policies and practices of the Bank for protecting personal data privacy in accordance with the provisions of the Personal Data (Privacy) Ordinance.


When the Bank collects personal data from individuals,  the Notice relating to the Personal Data (Privacy) Ordinance (the "Ordinance") of the Bank (the "PDPO Notice") will be provided to them on or before the collection in an appropriate format and manner (e.g. in the same paper form or web page that collects the personal data).


Bank's Privacy Principles

To preserve the confidentiality of the information that the Bank obtained, we follow and maintain the following principles:

a.
The Bank only collects  personal data for a lawful purpose directly related to a function or activity of the data user who is to use the data; which is necessary for or directly related to that purpose; and the data is adequate but not excessive in relation to that purpose;
b.
The Bank would take all practicable steps to procure accuracy of personal information held on our records and ensure them up-to-date having regard to the purpose (including any directly related purpose) for which the personal data is or is to be used;
c.
The Bank only uses personal data for the purposes described in the following and without the consent of the data subject, the personal data shall not be used for a new purpose;
d.
The Bank may be required from time to time to disclose personal data to a third party (including but not limited to Governmental or judicial bodies or agencies or our regulators), but we will only do so under proper authority, applicable laws and court orders.
e.
Data subjects have rights of access to and correction of their personal data.
f.
The Bank maintains strict internal control and security systems to keep the personal data confidential and prevent unauthorised access to personal information by anyone, including staff of the Bank.

A.  Kind of Personal Data Held by the Bank
There are two broad categories of personal data held by the Bank. They are personal data related to customers and employees (including potential, current and former ones) of the Bank.

Personal data held by the Bank regarding customers may include the following:
a.
name and address, occupation, contact details, date of birth and nationality of customers and marital status of customers and their identity card and/or passport numbers and place and date of issue thereof;
b.
current employer, nature of position and annual salary of customers;
c.
information obtained by the Bank in the ordinary course of the continuation of the business relationship (for example, personal data collected when customers deposit money or generally communicate verbally or in writing with the Bank, by means of documentation or telephone recording system, as the case may be); and
d.
Information received and collected from handling complaint cases lodged by customers.
 
Personal data relating to employment held by the Bank may include, but not limited to, name, information of identification documents, address, contact information, educational background, qualifications, career history, outside employment, medical records, curriculum vitae and relevant personal data of family members of employees.

The Bank may hold other kinds of personal data which it needs in the light of experience and the specific nature of its business.

B.  Collecting, processing and use of your personal data
In the course of collecting personal data, the Bank will provide the individuals concerned with the Notice relating to the Personal Data (Privacy) Ordinance (the "Ordinance") (the "PDPO Notice") informing them of the purpose of collection, classes of persons to whom the data may be transferred/disclosed, their rights to access and correct the data, and other relevant information.

The purposes for which data relating to a customer may be used are as follows:

(i)
 processing of applications for banking and/or other financial services and facilities;
(ii)
 the daily operation of the services and credit facilities provided to or secured by you;
(iii)
 conducting credit checks at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year;
(iv)
 creating and maintaining the Bank's credit scoring models;
(v)
 assisting other financial institutions to conduct credit checks and collect debts;
(vi)
 ensuring your ongoing credit worthiness;
(vii)
 conducting customer surveys and/or designing financial services or related products for customers’ use;
(viii)
 marketing services, products and other subjects (please see further details in paragraph D below);
(ix)
 determining amounts owed to or by you;
(x)
 enforcing the Bank’s rights, including without limitation, collection of amounts outstanding from you and those providing security for your obligations;
(xi)
 complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Bank or that it is expected to comply according to:
 
(1)
any law binding or applying to it within or outside the Hong Kong existing currently and in the future (e.g. Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information);
(2)
any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Hong Kong existing currently and in the future (e.g. guidelines or guidance given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information); or
(3)
any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Bank by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
(xii)
 complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the group of the Bank and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
(xiii)
 enabling an actual or proposed assignee of the Bank, or participant or sub-participant of the Bank's rights in respect of you to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and
(xiv)
 updating, comparing and/or verifying any and all of your personal information that may be held by any affiliates, group companies, agents or service providers of the Bank; and
(xv)
 purposes relating thereto.

The purposes for which data relating to employees and potential employees may be used are as follows:
(xvi)
   processing employment applications;
(xvii)
   determining and reviewing salaries, bonuses and other benefits;
(xviii)
   consideration for promotion, training, secondment or transfer;
(xix)
   consideration of eligibility for employee benefits and entitlements;
(xx)
   providing employee references;
(xxi)
   monitoring compliance with internal rules of the Bank;
(xxii)
   meeting the requirements to make disclosure under the requirements of any law binding on the Bank and for the purposes of any guidelines issued by regulatory or other authorities with which the Bank are expected to comply;
(xxiii)
   administering any affairs or benefits relating to the retirement and insurance plan of employees and their family members; and
(xxiv)
   purposes relating thereto.

C.  Disclosure of Personal Data

Data held by the Bank relating to you will be kept confidential but the Bank may provide such data to the following parties (whether within or outside Hong Kong) for the purposes set out in paragraph B above and such data may be transferred to a place outside Hong Kong:

(i)
any agent, contractor or third party service provider (including any of the Bank’s group companies) who provides administrative, telecommunications, computer, payment or clearing or other services to the Bank in connection with the operation of its business, including mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies that the Bank engages for the purposes set out in paragraph B(viii) above;
(ii)
any other person under a duty of confidentiality to the Bank including a group company of the Bank which has undertaken to keep such information confidential;
(iii)
the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
(iv)
credit reference agencies, and, in the event of default, to debt collection agencies;
(v)
any person to whom the Bank is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to the Bank, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Bank is expected to comply, or any disclosure pursuant to any contractual or other commitment of the Bank with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside the Hong Kong Special Administrative Region and may be existing currently and in the future; and
(vi)
any actual or proposed assignee of the Bank or participant or sub-participant or transferee of the Bank's rights in respect of you;
(vii)
any party giving or proposing to give a guarantee or third party security to guarantee or secure the customer’s obligations;
(viii)
(1)
the Bank’s group companies;
 
(2)
third party financial institutions, insurers, credit card companies, securities and investment services providers;
(3)
third party reward, loyalty, co-branding and privileges programme providers;
(4)
co-branding partners of the Bank and the Bank’s group companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
(5)
charity or non-profit making organisations;
(6)
external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Bank engages for the purposes set out in paragraph B (vii) and/or B (viii) above.

D.  Use of Personal Data in Direct Marketing
Where you are a customer, the Bank intends to use your personal data in direct marketing and the Bank requires your consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
(i)
your name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data held by the Bank from time to time may be used by the Bank in direct marketing;
(ii)
the following classes of services, products and subjects may be marketed:
 
(1)
financial, insurance, credit card, banking and related services and products;
(2)
reward, loyalty or privileges programmes and related services and products;
(3)
services and products offered by the co-branding partners of the Bank or the Bank's group companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
(4)
donations and contributions for charitable and/or non-profit making purposes;
(iii)
the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Bank and/or:
 
(1)
the Bank's group companies;
(2)
third party financial institutions, insurers, credit card companies, securities and investment services providers;
(3)
third party reward, loyalty, co-branding or privileges programme providers;
(4)
co-branding partners of the Bank or the Bank's group companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
(5)
charitable or non-profit making organisations;
(iv)
in addition to marketing the above services, products and subjects itself, the Bank also intends to provide your data described in paragraph D (i) above to all or any of the persons described in paragraph D (iii) above for use by them in marketing those services, products and subjects, and the Bank requires your written consent (which includes an indication of no objection) for that purpose;
(v)
the Bank may receive money or other property in return for providing your data to the other persons as contemplated in paragraph D (iv) above and, when requesting your consent or no objection as described in paragraph D (iv) above, the Bank will inform you if it will receive any money or other property in return for providing your data to the other persons.

If you do not wish the Bank to use or provide to other persons your data for use in direct marketing as described above, you may exercise your opt-out right by notifying the Bank without charge.

E.  Provision of Another Person’s Data
Where you provide to us data about another person, you should give to that person a copy of this Notice and, in particular, tell him/her how we may use his/her data.

F.  Retention of Personal Data
The Bank takes practicable steps to ensure that personal data will not be kept longer than necessary for the fulfillment of the purposes (including any directly related purpose) for which the data are or are to be used and the compliance of all applicable statutory and regulatory requirements and contractual obligations. Different retention periods apply to the various kinds of personal data collected and held by the Bank in accordance with internal customer document retention and destruction policy subject to the legal and regulatory requirements.

G.  Security of Personal Data
The Bank ensures an appropriate level of protection for personal data in order to prevent unauthorized or accidental access, processing, erasure, loss or other use of that data.

Access and Correction
You have the right to access and update your information and contact us. It is the policy of the Bank to comply with and process all data access and correction requests in accordance with the provisions of the Ordinance, and for all staff concerned to be familiar with the requirements for assisting individuals to make such requests. The Bank may charge a fee for processing your request for access. Such a fee depends on the nature and complexity of your access request.

Enquiries
If you have any question about our Privacy Policy Statement, or how you may request access, correct or exercise your rights with respect to the processing of your personal data, please write to us at:
Data Protection Officer
Bank of Shanghai (Hong Kong) Limited
34/F, Champion Tower, Three Garden Road, Central, Hong Kong
E-mail Address:info@bosc-hk.com


Notice relating to the Personal Data (Privacy) Ordinance (the "Ordinance") for Bank of Shanghai (Hong Kong) Limited
For more information, please click English Version  /  中文版