The Personal Data (Privacy) Ordinace ("Ordinance") is to protect an individual’s right to privacy. Any information collected and recorded, whether in writing, on disk, on film or on computer, in relation to an individual by the Bank will be subject to the provisions and data protection principles in the Ordinance and the Code of Practice on Consumer Credit Data ("Code") (which is issued by the Privacy Commissioner for Personal Data under the Ordinance). This Privacy Policy applies to an individual who is a customer of the Bank and includes a borrower, guarantor, third party security provider, depositor or otherwise. The information collected falls within the definition of "personal data" in the Ordinance or "consumer credit data" in the Code. The Ordinance aims to control the collection, holding, processing and use of personal data and the Code provides guidance in the handling of consumer credit data and its sharing and use. Personal data or consumer credit data in this Privacy Policy shall be referred to as "data".

From time to time, it is necessary for customers to supply the Bank with data in connection with a banking relationship including but not necessarily confined to the opening or continuation of accounts and the establishment or continuation of banking facilities, credit facilities or provision of securities and financial services.

Failure to supply such data may result in the Bank being unable to open or continue accounts or establish or continue banking facilities, credit facilities, credit card facilities or provide securities and financial services.

It is also the case that data are collected from customers in the ordinary course of the continuation of the banking relationship, for example, when customers write cheques, deposit money, use phone banking services, effect an banking transaction or effect a financial transaction at an automated teller machine.

The purposes for which data relating to a customer may be used are as follows:-

(i)	the daily operation of the securities, banking and financial services and credit facilities provided to customers;
(ii)	conducting credit checks or performing credit assessments at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year;
(iii)	creating and maintaining the Bank's credit scoring models;
(iv)	assisting other financial institutions or banks to conduct credit checks and collect debts;
(v)	ensuring ongoing credit worthiness of customers;
(vi)	designing banking and financial services or related products for customers' use;
(vii)	marketing banking and financial services or related products of the Bank and/or selected companies;
(viii)	determining the amount of indebtedness owed to or by customers;
(ix)	collection of amounts outstanding from customers and those providing security for customers' obligations;
(x)	meeting the requirements to make disclosure under the requirements of any law binding on the Bank or any of its branches or other distribution outlets;
(xi)	enabling an actual or proposed assignee of the Bank, or participant or sub-participant of the Bank's rights in respect of the customer to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
(xii)	conducting matching procedures; and
(xiii)	all other incidental and associated purposes relating thereto.

Data held by the Bank relating to a customer will not affect the Bank's duty of confidentiality towards the data and will continue to be kept confidential and safeguarded diligently in accordance with the Bank's internal policies as well as guidelines issued by the Government of the Hong Kong Special Administrative Region ("Hong Kong") but the Bank may provide such information to the following parties (whether in Hong Kong or elsewhere) for the purposes set out in paragraph 1.4 above;

(i)	any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to the Bank in connection with the operation of its business;
(ii)	any other branch of the Bank including any subsidiaries of the Bank;
(iii)	any other person under a duty of confidentiality to the Bank including a group company of the Bank (which shall include any subsidiary or affiliate company of the Bank's major shareholder whose principal places of business or registered offices are in Taiwan) which has undertaken to keep such information confidential;
(iv)	any financial institution, or bank with which the customer has or proposes to have dealings;
(v)	any actual or proposed assignee of the Bank or participant or sub-participant or transferee of the Bank's rights in respect of the customer;
(vi)	any credit reference agency ("CRA") and in the event of default any debt collection agency or solicitor firm (together, "DCA");
(vii)	any court, supervisory authority, government department or other competent authority (including but not limited to tax authorities) under any law binding on the Bank, any of its branches or any agent, contractor or third party service provider (whether in Hong Kong or elsewhere) mentioned in paragraph 1.6(i) above;
(viii)	the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer; and
(ix)	selected companies for the purpose of informing customer of services which the Bank believes will be of interest to customers.

The Hong Kong Monetary Authority ("HKMA") has issued a guideline on the sharing and use of consumer credit data through the credit reference services of the CRA. The HKMA expects that all authorised institutions, which include the Bank, involved in the provision of consumer credit to participate as fully as possible in the sharing and use of consumer credit data through the CRA within the framework of the Code. The Code provides for certain notifications which are required to be given to a customer.

Under the Code, the Bank will provide consumer credit data of a customer to a CRA or in the event of default, to a DCA. The Code provides that on or before the Bank collects the data of a customer applying for consumer credit (or providing a guarantee or security in connection with consumer credit), the following information is required to be drawn to the attention of the customer:-

(i)	the data may be so supplied to a CRA and/or, in the event of default to a DCA;
(ii)	the customer has the right to be informed, upon request, about which items of data are routinely so disclosed, and the customer's right to be provided with further information to enable the making of a data access and correction request to the relevant CRA or DCA, as the case may be;
(iii)	in the event of any default in repayment, unless the amount in default is fully repaid before the expiry of 60 days from the date such default occurred, otherwise the customer shall be liable to have his account data retained by the CRA until the expiry of 5 years from the date of final settlement of the amount in default; and, where applicable,
(iv)	(where the consumer credit applied for does not involve a residential mortgage loan) the customer, upon termination of the account by full repayment and on condition that there has not been, within 5 years immediately before account termination, any material default on the account, will have the right to instruct the Bank to make a request to the CRA to delete from its database any account data relating to the terminated account.

Where the Bank has provided consumer credit to the customer and the account is subsequently in default and unless the amount in default is fully repaid before the expiry of 60 days from the date of the default, otherwise the customer shall be liable to have account data retained by the CRA until the expiry of 5 years from the date of final settlement of the amount in default or 5 years from the date of the customer's discharge from bankruptcy as notified to the CRA, whichever is earlier.

Upon the termination of the account by full repayment (excluding payment by refinancing of the debit balance on the account by the credit provider), the customer has a right (on condition that there has not been, within 5 years immediately before account termination, any material default on the account) to instruct the Bank to make a request to the CRA to delete from its database any account data relating to the terminated account.

When the Bank considers an application for consumer credit from a customer, the Bank may access and consider a credit report on the customer from a CRA in its credit decision process. In the event the customer wishes to access the credit report, the Bank will advise the contact details of the CRA.

Where the Bank has provided consumer credit which is subject to review from time to time in relation to an increase in the credit amount, the curtailing of credit (including the cancellation of credit or a decrease in the credit amount) or the putting in place or implementation of a scheme of arrangement, then in order for the Bank to conduct such reviews during the subsistence of the account, the Bank will access and make use of a credit report from a CRA.

Under and in accordance with the terms of the Personal Data (Privacy) Ordinance ("Ordinance") and the Code of Practice on Consumer Credit Data approved and issued under the Ordinance, any customer:-

(i)	has the right to check whether the Bank holds data about him and the right of access to such data;
(ii)	has the right to require the Bank to correct any data relating to him which is inaccurate;
(iii)	has the right to ascertain the Bank's policies and practices in relation to data and to be informed of the kind of personal data and consumer credit data held by the Bank; and
(iv)	in relation to consumer credit, upon request to be informed which items of data are routinely disclosed to CRAs or DCAs, and be provided with further information to enable the making of an access and correction request to the relevant CRA or DCA.

In accordance with the terms of the Ordinance, the Bank has the right to charge a reasonable fee for the processing of any data access request.

Nothing in this Privacy Policy shall limit the rights of customers under the Ordinance.

This Privacy Policy shall upon a customer's receipt, be deemed an integral part of all contracts, agreements, credit/banking facility letters, account mandates, and other binding arrangements which the customer has entered into or intends to enter into with the Bank.

The Bank may, in its absolute and sole discretion, amend, modify or vary this Privacy Policy by giving the customer written notice. Such amendment, modification or variation shall take effect thirty (30) days (or a shorter period if such change is necessary or required due to events, circumstances or reasons beyond the Bank’s reasonable control) from the date of such notice.

When using the Website and/or the Fubon Business Online Service, you may provide the Bank with certain kinds of your personal data ("Personal Data"), as defined in the Ordinance, such as your name, address, date of birth, address and bank account information. You have certain rights in relation to your Personal Data. By using the Website and/or the Fubon Business Online Service, you consent to the capture and use of your Personal Data in accordance with this Privacy Policies posted on the Website.

Unless otherwise required by the prevailing laws and regulations or any court of competent jurisdiction and except as referred to in their respective privacy policies, the Bank will use its best endeavours to maintain and keep your Personal Data confidential and will not reveal such Personal Data to any individual or party without your authorisation save as provided in this Privacy Policy.

The Personal Data gathered on the Website by the Bank is only used for processing Transactions or otherwise executing Instructions and is only available to staff within the Bank for operations purpose. The Personal Data will not be disclosed to any third-party company, save as provided in this Privacy Policy and save for the use of such data for improving the Fubon Business Online Service, in which case the data may be used in an aggregate manner.

During your use of the Website and/or the Fubon Business Online Service, blocks of data known as "cookies" may be issued to or requested by your computer. You must not alter any cookies sent to your computer from the Website.

You acknowledge that certain Transactions cannot be processed on the Website without the use of cookies. These cookies are not used to track your online activities nor visitors to the Website.

Data Protection Officer

Data Protection Officer

The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed as follows:-

Fubon Bank (Hong Kong) Limited

38 Des Voeux Road Central

Hong Kong