The purpose of this Privacy Policy Statement is to set out the policies and practices of the Bank’s commitment to protecting personal data privacy in accordance with the provisions of the Personal Data (Privacy) Ordinance (the “Ordinance”) of the Hong Kong Special Administrative Region.
It has been our policy and priority to safeguard any information provided by our customers or other data subjects. In addition to our duty of confidentiality to customers, we shall at all times fully observe the Ordinance in collecting, maintaining and using the personal data of customers. In particular, we observe the following principles, save otherwise appropriately agreed by the customers:
(i) | collection of personal data from customers shall be for purposes relating to the establishment or operation or continuation of accounts; the establishment or continuation of banking facilities; and/or provision of products or services offered by or through the Bank or related purposes; |
(ii) | all practical steps will be taken to ensure that personal data is accurate and will not be kept longer than necessary or will be destroyed in accordance with the internal retention period; |
(iii) | personal data will not be used for any purposes other than those intended at the time of collection or purposes directly related thereto; |
(iv) | personal data will be protected by strict security environment against unauthorized or accidental access, processing, erasure, loss or use of that data by any party, including our staff; |
(v) | customers have the right of access to and for correction of their personal data held by us and that customers' request for access or correction will be dealt with in accordance with the Ordinance; and |
(vi) | on customers’ first occasion of applying our services, customers will be provided with an opportunity to opt out from the use of their personal data in direct marketing. |
A customer's personal data is classified as confidential and can only be disclosed by us where permitted by the Ordinance or otherwise legally compelled to do so. However, to the extent permitted by law, customers’ personal data will be transferred to third parties who provide services to Fubon Bank (Hong Kong) Limited and its group members (together, the “Group”) in connection with the operation of its business.
There are two broad categories of personal data held in the Bank. They comprise personal data contained in the following:
1. |
Personal data related to customers, which are necessary for customers to supply to the Bank from time to time in connection with (i) opening or continuation of accounts; (ii) establishment or continuation of banking facilities; and/or (iii) provision of products or services offered by or through the Bank; and/or other purposes as set out in more detail in the Bank’s Notice to Customers and Other Individuals relating to the Personal Data (Privacy) Ordinance and Consumer Credit Data.
|
2. |
Personal data related to employment, which include but are not limited to resume, application forms, references, appraisal and disciplinary records; personal contact details; salary and incentive, bonus and double pay, pension and benefits; records of medical, security and financial checks; staff bank account and tax details; information of family member(s), etc.
|
For the Bank’s “Notice to Customers and Other Individuals relating to the Personal Data (Privacy) Ordinance and Consumer Credit Data”, please click here to download.
1. Personal data related to customers
The purposes for which data relating to our customers and/or data subjects may be used are as follows:
(i) | the daily operation of the securities, banking and financial services and credit facilities provided to customers and other data subjects; | ||||||
(ii) | conducting credit checks or performing credit assessment at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year; | ||||||
(iii) | creating and maintaining the Bank’s credit scoring models; | ||||||
(iv) | assisting other financial institutions to conduct credit checks and collect debts; | ||||||
(v) | ensuring ongoing credit worthiness of customers and other data subjects; | ||||||
(vi) | designing financial services or related products for customers’ and other data subjects’ use; | ||||||
(vii) | marketing services, products and other subjects; | ||||||
(viii) | determining amounts owed to or by customers and other data subjects; | ||||||
(ix) | collection of amounts outstanding from customers and other data subjects and those providing security for customers’ and other data subjects’ obligations; | ||||||
(x) | complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Bank or any entity of its group or their respective branches or that they are expected to comply according to:
|
||||||
(xi) | complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the group of the Bank and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities; | ||||||
(xii) | enabling an actual or proposed assignee of the Bank, or participant or sub-participant of the Bank’s rights in respect of the customers and other data subjects to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; | ||||||
(xiii) | exchanging information with merchants accepting credit cards issued by the Bank and entities with whom the Bank provides co-branded credit card services; | ||||||
(xiv) | conducting matching procedures; and | ||||||
(xv) | purposes relating thereto. |
2. Personal data related to employment (as and where applicable)
The purposes for which the data relating to employees and potential employees may be used are as follows:
(i) | processing and evaluating employment applications including pre-employment checks; |
(ii) | determining and reviewing salaries, incentives, bonuses and other benefits; |
(iii) | consideration for promotion, training, secondment or transfer; |
(iv) | consideration of eligibility for and administration of staff loans and other benefits and entitlements; |
(v) | providing employee references and for background screening/ vetting; |
(vi) | dealing with employment issues including but not limited to resignation, dismissal, retirement or suspension; |
(vii) | stating in internal employer circulars on joining, promotion, transfer and departure; |
(viii) | registering employees as intermediaries or licensees with statutory authorities or institutions for purposes directly related or associated to the employment; |
(ix) | monitoring compliance with internal rules of the Bank; |
(x) | meeting the requirements to make disclosure under the requirements of any law binding on the Bank or under and for the purposes of any guidelines issued by regulatory or other authorities with which the Bank is expected to comply with; and |
(xi) | all other incidental and associated purposes relating to the purposes stated above. |
We are committed to keeping secure the personal information held by us. It is the policy of the Bank to ensure an appropriate level of protection for personal data in order to prevent unauthorized or accidental access, processing, erasure, loss or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by occurrence of any of the said events. We take all reasonable precautions to protect the personal information we hold from misuse and loss and from unauthorized access, modification or disclosure. We have a range of practices and policies in place to provide a robust security environment. We ensure the ongoing adequacy of these measures by regularly reviewing them.
Our security measures include, but are not limited to:
• | educating our staff as to their obligations with regard to personal information; |
• | encrypting data sent from your computer or your mobile device to our systems during internet transactions and customer password transmitted across internet or application (“app”); |
• | employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorized persons and viruses from entering our systems; |
• | using dedicated secure networks or encryption when we transmit personal data for purposes of outsourcing; |
• | ensuring security controls in place to protect against unauthorized access of personal data maintained in the Bank’s premises as well as loss of personal data obtained in off-site venue for marketing activities. |
• | For personal data transferred to data processors (whether within or outside Hong Kong), the Bank must adopt contractual or other means to prevent such data from unauthorized or accidental access, processing, erasure, loss and use. |
We may share your personal information with other entities within the Group or our agents, as permitted by law. Except as described in this Policy, the Bank will not share the personal information you provide to us with third parties without your permission, unless we have your consent or are required by law or have previously informed you. We share personal information in the following ways:
(i) | We provide personal information to our affiliates within the Group or other trusted companies or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and other appropriate confidentiality and security measures; |
(ii) | We retain service providers to support our business operations. These providers may be located in Hong Kong or other overseas locations and include, for instance, credit card processors, debt collectors, outsourced personal data processors, IT support services, delivery services, etc. Service providers are required by contract to keep confidential and secure the information received from us and may not use it for any purpose other than to carry out the services they are performing for us. |
It is our policy to ensure accuracy of all personal data collected and processed by the Bank. The Bank has appropriate procedures in place and implemented to provide for all personal data held by the Bank are regularly updated so as to ensure that it is reasonably accurate having regard to the purposes for which that data is used.
All practicable steps will be taken to ensure that personal data will not be kept longer than necessary for the fulfillment of the purposes (including any directly related purpose) for which the data is or is to be used and the compliance of all applicable statutory and regulatory requirements. Different retention periods apply to the various kinds of personal data collected and held by the Bank in accordance with internal retention policy. For personal data transferred to data processors (whether within or outside Hong Kong), the Bank must adopt contractual or other means to prevent such data from being kept longer than is necessary for processing of the data.
According to the Bank’s policy and guidelines, the Bank will provide the individuals concerned with a “Notice to Customers and Other Individuals relating to the Personal Data (Privacy) Ordinance and Consumer Credit Data” or the “Circular to Applicants and Employees Relating to the Personal Data (Privacy) Ordinance” as applicable (collectively, the “Notice”) on or before the collection of personal information from them. The Notice sets out the purpose for which the personal data is to be used, classes of persons to whom the personal data may be transferred, their rights to access and correct the data, and other information. If the personal data is collected from minors, we will obtain the prior consent from a person with parental responsibility for the individual.
In relation to the collection of personal data online, we adopt the following practices:
• | Collection of personal information via website or app activity We follow strict standards of security and confidentiality to protect any personal information provided to us online. |
• | Cookies The Bank will not collect any personal information that identifies a visitor to the Bank’s website or app unless specified otherwise. Only the IP address of the visitor and the pages the visitor visited will be recorded. Such information will be used to prepare aggregate information about the number of visitors to the Bank’s website or app and general statistics on usage patterns of the Bank’s website or app. |
For further details of the Bank’s “General Terms and Conditions and Data Protection and Privacy Policy for e-banking and Mobile Banking Services, Website and Mobile Application of Fubon Bank (Hong Kong) Limited (the “Bank”)”, please click here to download.
From time to time, the Bank may collect personal information from our customers or other data subjects (who voluntarily provides us with their personal information). If no opt-out instructions are received by us, we may use such information to provide products, services and other marketing materials, which we consider, may be of interest to them.
In relation to the use of personal data by the Bank in direct marketing, please click here for the details set out in paragraph (g) of the Bank’s “Notice to Customers and Other Individuals relating to the Personal Data (Privacy) Ordinance and Consumer Credit Data”.
If a customer or data subject does not wish the Bank to use or provide to other persons his or her data for use in direct marketing, the customer or data subject may exercise his or her opt-out right by notifying the Bank.
You may, at any time, choose not to receive our promotional materials. Please call Fubon Bank Customer Service Hotline at 2566 8181 or notify us in writing to Fubon Bank (Hong Kong) Limited, GPO Box 9878 Hong Kong, to make your request without charge.
Customer or data subject has right to request access to and correction of his/her personal data held by the Bank. Request for access to data or correction of data or for information regarding policies and practices and kinds of data held should be addressed to:
The Data Protection Officer
Fubon Bank (Hong Kong) Limited
38 Des Voeux Road Central, Hong Kong
When handling a data access or correction request, the Bank will check the identity of the requestor to ensure that the requestor is the person legally entitled to make the data access or correction request. A fee is chargeable by the Bank for complying with a data access request.
January 2017