INDUSTRIAL BANK CO., LTD. HONG KONG BRANCH (the "Bank" )
The Personal Data (Privacy) Ordinance (the "Ordinance" ) – Personal Information Collection Statement in relation to Internet Banking Services
- The Bank will ensure that all personal data submitted to it are handled in strict adherence to the relevant provisions of the Ordinance.
- From time to time, it is necessary for customers and various other individuals (including but not limited to applicants for banking/financial services and facilities, sureties and persons providing securities or guarantees for banking facilities, Authorised Persons and Authorised Users (including Authorised Transaction Persons, Makers and Approvers) (each as defined in the Terms and Conditions for the Bank's Corporate Internet Banking Services), shareholders, directors, officers and managers of corporate customers, and other contractual counterparties) (collectively, the "Data Subjects", each, a "Data Subject") to supply the Bank with personal data in connection with the opening, continuation or operation of accounts with the Bank and the establishment or continuation of banking facilities or provision of banking services by the Bank in compliance with any laws or guidelines issued by regulatory or other authorities ( "Services" ). The purposes for which personal data relating to the Data Subjects may be used by the Bank are divided into obligatory purposes and voluntary purposes.
- If the personal data are to be used for an obligatory purpose, the relevant Data Subject MUST provide his/her personal data to the Bank if he/she wants the Bank to provide the Services. Failure to supply such personal data may result in the Bank being unable to provide such Services. If the personal data are only to be used for a voluntary purpose, the relevant Data Subject can tell the Bank not to use his/her personal data for that purpose and the Bank will not do so.
- Personal data is collected from Data Subjects during the ordinary course of the continuation of the Bank's relationship with Data Subjects, such as when Data Subjects draw cheques, deposit money, apply for credit or repay loans. This includes information obtained from credit reference agencies.
-
The circumstances under which personal data relating to Data Subjects may be used for obligatory purpose (unless otherwise stated hereunder) are as follows:-
- the daily operation of the services and credit facilities provided to Data Subjects or the Bank's corporate customers;
- provision of bank references;
- conducting credit checks (including without limitation upon applications for credit and upon periodic or special reviews of credit) and carrying out matching procedures (as defined in the Ordinance);
- building and maintaining the Bank's credit and risk related systems;
- maintaining a credit track record of Data Subjects (whether or not there exists any relationship between Data Subjects and the Bank) for present and future reference;
- assisting other financial institutions, credit card issuing companies and debt collection agents to conduct credit checks and collect debts;
- monitoring ongoing credit worthiness of Data Subjects;
- designing banking/financial services or related products for Data Subjects' use;
- as a voluntary purpose, marketing of services or products and other subjects;
- determining the amounts of indebtedness owed to or by Data Subjects;
- enforcement of Data Subjects' obligations, collection of debts owed by Data Subjects and from those providing security for Data Subjects' obligations;
-
complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Bank or with which it is expected to comply according to:-
- any law binding or applying to it within or outside the Hong Kong Special Administrative Region ( "Hong Kong" ) existing currently and in the future;
- any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently and in the future; and
- any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Bank by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
- complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the group of the Bank and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
- enabling an actual or proposed assignee of the Bank, or participant or sub-participant of the Bank's rights in respect of Data Subjects to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and
- fulfilling any other purposes relating thereto.
-
The Bank would like to use personal data of Data Subjects for direct marketing purposes. The Bank cannot use a Data Subject's personal data for these purposes without first obtaining his or her consent (which can include an indication of no objection). In this connection, please note that:
- the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of a Data Subject held by the Bank from time to time ("Specified Data") may be used by the Bank in direct marketing;
-
the following classes of services, products and subjects ("Specified Services") may be marketed:
- financial related services and products; and
- reward, customer loyalty or privileges programmes and related services and products
-
the Specified Services may be provided or (in the case of donations and contributions) solicited by the Bank and/or the following persons (the "Marketing Users"):-
- the Bank's group companies;
- third party financial institutions, insurers, credit card companies, securities and investment services providers;
- third party reward, loyalty, co-branding or privileges programme providers;
- co-branding partners of the Bank and the Bank's group companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
- charitable or non-profit making organisations;
- in addition to marketing the Specified Services itself, the Bank also intends to provide the Specified Data to all or any of the Marketing Users for use by them in marketing the Specified Services, and the Bank requires the Data Subject's written consent (which includes an indication of no objection) for that purpose;
- the Bank may receive money or other property in return for providing the data to the Marketing Users in paragraph (f)(iv) above and, when requesting the Data Subject's consent or no objection as described in paragraph (f)(iv) above, the Bank will inform the Data Subject if it will receive any money or other property in return for providing the data to the other persons.
- the Bank and the Marketing Users may also, from time to time, engage third parties to provide marketing services on their behalf, and may share the Specified Data with these third parties for direct marketing purpose.
To indicate consent/ no consent to the use/provision of his/her personal data for direct marketing purpose as described in this paragraph, the relevant Data Subject is required to fill out an "Statement relating to the Use/Provision of Personal Data in Direct Marketing" provided by the Bank ("Statement") or provide the consent/no consent orally to the Bank, where applicable.
If a Data Subject does not wish the Bank to use or provide to other persons his/ her personal data for use in direct marketing as described above and also wants the Bank to advise other persons to stop using his/her data for such direct marketing purpose, the Data Subject may indicate so in the Statement or notify the Bank of the same at any other time.
-
Personal data held by the Bank relating to a Data Subject will be kept confidential but the Bank may provide such information to the following parties (whether within or outside Hong Kong) for the purposes set out in paragraph (e) above (all obligatory except paragraph (e)(ix) above):-
- head office of the Bank located in the People's Republic of China, any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment data processing or storage, securities clearing or other services to the Bank in connection with the operation of its business;
- any other person under a duty of confidentiality to the Bank including a group company of the Bank which has undertaken to keep such information confidential;
- the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
- a person making any payment into the Data Subject's account (by providing a copy of a deposit confirmation slip which may contain the name of the Data Subject);
- credit reference agencies, and, in the event of default, also to the debt collection agencies;
- any person to whom the Bank is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to the Bank, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Bank is expected to comply, or any disclosure pursuant to any contractual or other commitment of the Bank with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside Hong Kong and may be existing currently and in the future;
- any actual or proposed assignee of the Bank or participant or sub-participant or transferee of the Bank's rights in respect of the Data Subject;
- any party giving or proposing to give a guarantee or third party security to guarantee or secure the Data Subject's obligations; and
-
also the following parties:-
- the Bank's group companies;
- third party financial institutions, insurers, credit card companies, securities and investment services providers;
- third party reward, loyalty, co-branding and privileges programme providers;
- co-branding partners of the Bank and the Bank's group companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
- charitable or non-profit making organisations; and
- external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Bank engages for the purposes set out in paragraph (e)(ix) above.
The Bank may disclose data to any or all the parties stated above and may do so notwithstanding that the recipient's place of business is outside Hong Kong, including Mainland China, or that such information following disclosure will be collected, held, processed or used by such recipient in whole or part outside Hong Kong.
- The personal data and information provided by Data Subject would not be disclosed to parties other than set out in paragraph (f) above unless such disclosure is made with Data Subject consented to and/or the disclosure is permitted or required by any law binding on the Bank to the extent allowed under the Ordinance.
-
The Bank is committed to keeping secure the personal information held by us. The Bank will ensure an appropriate level of protection for personal data in order to prevent unauthorized or accidental access, processing, destruction, loss or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by occurrence of any of the said events. The Bank will take all reasonable precautions with a range of practices and policies in place to protect the personal information from misuse and loss and from unauthorized access, modification or disclosure and to provide a robust security environment. The Bank's security measures include, but are not limited to:-
- educating the Bank's staff as to their obligations with regard to personal information, including but not limited to data process, handling, storage, retention and destruction;
- employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorized persons and viruses from entering the Bank's systems;
- using dedicated secure networks or encryption when the Bank transmits electronic data for purposes of outsourcing; and
- ensuring physical security controls in place to protect against unauthorized access to buildings.
- If the Bank engages external service providers to handle or process personal data (whether within or outside Hong Kong) on the Bank's behalf, the Bank will adopt contractual or other means to prevent unauthorized or accidental access, processing, erasure, loss or use of the data transferred to the external service providers for processing.
- The personal data and information provided by Data Subjects will not be kept longer than necessary for the fulfillment of the purposes for which the personal data and information are or are to be used at the time of the collection and for compliance with the legal, regulatory and accounting requirements from time to time.
-
The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed is as follows:-
The Data Protection Officer
Industrial Bank Co., Ltd. Hong Kong Branch
| Address: |
12/F, One International Finance Centre, 1 Harbour View Street, Central, Hong Kong |
| Email: |
dataprotection@cibhk.com |
-
When handling a data access or correction request, the Bank will check the identity of the requestor to ensure that the requestor is the person legally entitled to make the data access or correction request. Data Subject should notify the Bank immediately if have any changes or/and correction regarding to the data. The bank will comply with such changes within 40 days after receiving the requests. In accordance with the terms of the Ordinance, the Bank has the right to charge a reasonable fee for the processing of any data access request.
A Data Subject may choose not to receive promotional material of the Bank at any time by notifying the Bank in writing.
- Nothing in this statement shall limit the rights of Data Subjects under the Ordinance.
- In case of discrepancies between the English and Chinese versions (if any) of this statement, the English version shall prevail.
Date: Jan 2019