Important Notice and Privacy Policy Statement

(Note: Chiyu is no longer member of BOCHK Group. The relevant webpage will be updated as soon as possible.) 

Bank of China (Hong Kong) Limited

Disclaimer

Products and services described herein are not available to all persons in all geographic locations. Only persons who are permitted by applicable law may browse the information and/or accept the services and product offered on this website. Persons accessing these pages are required to ensure that they are aware of and observe all relevant restrictions that apply to them and are responsible for satisfying themselves that they may do so under the laws or the jurisdiction from which access is obtained to this site.

  • The information contained on this website is for general information only and is provided on an "as is" basis without warranty of any kind and may be changed at any time without prior notice.
  • No information contained in this website should be regarded as an offer to sell, to subscribe to, or provide any recommendation to any browser. Browsers should consult their own professional adviser before making any investment, financial decision or purchasing any product.
  • To the extent permitted by applicable law, the Company disclaims liability for any error, omissions or inaccuracies in the information and material provided on this website and for any loss or damages incidental or consequential, resulting from its use or inability to use by any party, or in connection with any error, interruption, delay in operation or incomplete transmission, line or system failure.
  • All materials on this website are protected by copyright. All copyright and other intellectual property rights of any nature in or relating to our services, website, materials or documentation vest in us or are held by our group companies. No permission or license is granted to use (including without limitation to modify, reproduce, transmit or distribute in any format) or reference the company name, business name, brand name, logos, trademarks or other intellectual property rights of any nature owned by or licensed to us or our group companies without the prior written consent of us or the group companies concerned.
  • Use of hyperlinks to other internet sites or resources are at the browser's own risks. The Company expressly disclaims any responsibility for the accuracy or availability of the information provided by those sites or for the safety of information which the browser may provide to any third party.
  • The viewer should be aware that any information regarding stock prices presented on this website is on a delayed basis. The Company will endeavour to ensure the accuracy and reliability of the information provided but do not guarantee its accuracy or reliability and accept no liability (whether in tort or contract or otherwise) for any loss or damage arising from any inaccuracies or omissions.
  • By using this website, the viewer agrees to be bound by the content of this disclaimer as it may be amended by the Company from time to time and posted on this website.

The term "the Company" used in the above disclaimer refers to Bank of China (Hong Kong) Limited.

 

Collection of Information

  • The Company will record the information of visitors visiting the Company's Website www.bochk.com through the web server access log (including the clicking date and time, IP address,  pages clicked, browser type, device, operating system and Internet Banking account number (if applicable)). The Company might use the visitors’ record (and may combine with other personal information of the visitors) for the purposes of improving the operation of this website, statistical analysis and marketing. The Company will keep the relevant information for an appropriate period of time based on the actual needs. The Company’s web server access log will record the visitors’ information automatically by default.  By continuing browsing the Company’s Website, visitors are deemed to have given their consent for the Company to store, use and transfer the information in the above manner.
  • The Company may also work with DoubleClick, the research agency, to track website usage and activities at the Company’s Website.

  • DoubleClick may use technologies such as spotlight tags, web beacons and cookies, etc. to research certain usage and activities on parts of the Company’s Website on behalf of the Company. The information collected through these technologies and applications are used to find out more about our visitors, including visitor demographics, behaviour and usage patterns, for more accurate reporting and to improve the effectiveness of our marketing campaigns to visitors. Information recorded through the use of these devices are aggregated. However, no personally identifiable information about visitors is collected or shared by DoubleClick with the Company as a result of this research and no visitors’ personal data is stored. Should visitors wish not to be tracked by cookies associated with these technologies such as spotlight tags and web beacons and applications such as Sizmek, Bing, DoubleClick Bid Manager/ Google Adwords, Facebook, WebTrends, Yahoo, theTradeDesk and Adobe, etc., visitors may do so by changing the setting on visitors’ browser. No personally identifiable information about visitors is collected or shared by the above listed technologies and applications with the Company as a result of this research.
  • Some additional information may be gathered through the use of "cookies". Cookies are small bits of information that are automatically stored in the web browser in a visitor's computer that can be retrieved by this site. Only anonymous visitor's information will be collected by cookies and no visitor’s personal data is stored.
  • For Internet Banking and Mobile Banking services, a cookie with a unique identifier assigned by the Company will be stored in the visitor’s web browser(s) throughout the session after login. It is a common practice to enhance the Internet Banking or Mobile Banking experience. If the cookies are not used, visitors might need to provide login credentials (user ID and password) repeatedly when accessing each new page of the Internet Banking or Mobile Banking services. Cookies will be expired upon logging off.
  • Should visitors wish to disable these cookies, they may do so by changing the setting of their browsers. However, visitors will then not be able to log into our Internet Banking and Mobile Banking services.
  • The Company respects personal data privacy and commits to observe the provisions of the Personal Data (Privacy) Ordinance.

The term "the Company" used in the above disclaimer refers to Bank of China (Hong Kong) Limited.

Chiyu Banking Corporation Limited

Disclaimer

Products and services described herein are not available to all persons in all geographic locations. Only persons who are permitted by applicable law may browse the information and/or accept the services and product offered on this website. Persons accessing these pages are required to ensure that they are aware of and observe all relevant restrictions that apply to them and are responsible for satisfying themselves that they may do so under the laws or the jurisdiction from which access is obtained to this site.

  • The information contained on this website is for general information only and is provided on an "as is" basis without warranty of any kind and may be changed at any time without prior notice.
  • No information contained in this website should be regarded as an offer to sell, to subscribe to, or provide any recommendation to any browser. Browsers should consult their own professional adviser before making any investment, financial decision or purchasing any product.
  • To the extent permitted by applicable law, the Company disclaims liability for any error, omissions or inaccuracies in the information and material provided on this website and for any loss or damages incidental or consequential, resulting from its use or inability to use by any party, or in connection with any error, interruption, delay in operation or incomplete transmission, line or system failure.
  • All materials on this website are protected by copyright. All copyright and other intellectual property rights of any nature in or relating to our services, website, materials or documentation vest in us or are held by our group companies. No permission or licence is granted to use (including without limitation to modify, reproduce, transmit or distribute in any format) or reference the company name, business name, brand name, logos, trademarks or other intellectual property rights of any nature owned by or licensed to us or our group companies without the prior written consent of us or the group companies concerned.
  • Use of hyperlinks to other internet sites or resources are at the browser's own risks. The Company expressly disclaims any responsibility for the accuracy or availability of the information provided by those sites or for the safety of information which the browser may provide to any third party.
  • The viewer should be aware that any information regarding stock prices presented on this website is on a delayed basis. The Company will endeavour to ensure the accuracy and reliability of the information provided but do not guarantee its accuracy or reliability and accept no liability (whether in tort or contract or otherwise) for any loss or damage arising from any inaccuracies or omissions.
  • By using this website, the viewer agrees to be bound by the content of this disclaimer as it may be amended by the Company from time to time and posted on this website.

The term "the Company" used in the above disclaimer refers to Chiyu Banking Corporation Limited.

 

Collection of Information

  • The Company will record the information of visitors visiting the Company's Website www.chiyubank.com through the web server access log (including the clicking date and time, IP address,  pages clicked, browser type, device, operating system and Internet Banking account number (if applicable)). The Company might use the visitors’ record (and may combine with other personal information of the visitors) for the purposes of improving the operation of this website, statistical analysis and marketing. The Company will keep the relevant information for an appropriate period of time based on the actual needs. The Company’s web server access log will record the visitors’ information automatically by default.  By continuing browsing the Company’s Website, visitors are deemed to have given their consent for the Company to store, use and transfer the information in the above manner.
  • Some additional information may be gathered through the use of "cookies". Cookies are small bits of information that are automatically stored in the web browser in a visitor's computer that can be retrieved by this site. Only anonymous visitor's information will be collected by cookies and no visitor’s personal data is stored.
  • For Internet Banking and Mobile Banking services, a cookie with a unique identifier assigned by the Company will be stored in the visitor’s web browser(s) throughout the session after login. It is a common practice to enhance the Internet Banking or Mobile Banking experience. If the cookies are not used, visitors might need to provide login credentials (user ID and password) repeatedly when accessing each new page of the Internet Banking or Mobile Banking services. Cookies will be expired upon logging off.
  • Should visitors wish to disable these cookies, they may do so by changing the setting of their browsers. However, visitors will then not be able to log into our Internet Banking and Mobile Banking services.
  • The Company respects personal data privacy and commits to observe the provisions of the Personal Data (Privacy) Ordinance.

The term "the Company" used in the above disclaimer refers to Chiyu Banking Corporation Limited.

Privacy Policy Statement

BOC Hong Kong (Holdings) Limited and its subsidiaries

The purpose of this Privacy Policy Statement is to establish the policies and practices of BOC Hong Kong (Holdings) Limited and its subsidiaries, including Bank of China (Hong Kong) Limited, BOC Credit Card (International) Limited, BOC Group Life Assurance Company Limited, Po Sang Securities and Futures Limited, BOCHK Asset Management Limited (each a "Company", for so long as such Company remains a subsidiary of BOC Hong Kong (Holdings) Limited and notwithstanding any change in the name of the Company) towards the Company’s commitment in protecting personal data privacy in accordance with the provisions of the Personal Data (Privacy) Ordinance (the "Ordinance"). The Company highly values personal privacy and strives to preserve the confidentiality and security of all the personal information which the Company may collect so as to strengthen the trust and confidence between the Company and the Data Subjects, Employees, Users and Other Individuals (as hereinafter defined).

  1. The term "Data Subject(s)", wherever mentioned in this Statement, includes the following categories of individuals:

    1. applicants for or customers, authorized signatories, insured persons, policy holders, beneficiaries and other users of financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities and so forth provided by the Company;
    2. sureties, guarantors and parties providing security, guarantee or any form of support for obligations owed to the Company; and
    3. directors, shareholders, officers and managers of any corporate applicants and Data Subjects/users.
       

The term "Employee(s)", wherever mentioned in this Statement, includes employees and/or applicants for any openings offered by the Company.

The term "user(s)", wherever mentioned in this Statement, includes visitors and/or users of the Company's Website, or when the visitors and/or users communicate with the Company via any electronic devices including but not limited to computer and mobile phone ("Electronic Devices").

The term “Other Individuals”, wherever mentioned in this Statement, include suppliers, contractors, service providers, business partners, landlords, tenants, participants of seminars, visitors, other contractual counterparties of the Company and the employee(s) of the above-mentioned parties (if applicable).

For the purposes of this Statement, the "Group" means the Company and its holding companies, branches, subsidiaries, representative offices and affiliates, wherever situated. Affiliates include branches, subsidiaries, representative offices and affiliates of the Company's holding companies, wherever situated.

The rights and obligations of each Company under this Statement are several and not joint. No Company shall be liable for any act or omission by another Company.

Kinds of Personal Data Held
There are three broad categories of personal data held in the Company. They comprise personal data contained in the following:

  1. Data Subject records, which are necessary for Data Subjects to supply to the Company from time to time:
    1. in connection with the opening or continuation of accounts and the establishment or continuation of banking facilities or provision of financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities;
    2. in the ordinary course of the continuation of the relationship between the Company and Data Subjects, for example, when Data Subjects write cheques, deposit money, effect transactions through credit cards issued or serviced by the Company or generally communicate verbally or in writing with the Company.
  2. Employee records, which include but are not limited to the name, address, e-mail address, contact phone number, educational background, curriculum vitae and relevant personal data of family members of Employees.
  3. Other Individuals records, which include but not limited to the name, address, e-mail address, contact phone number of suppliers, contractors, service providers, business partners, landlords, tenants, participants of seminars, visitors, other contractual counterparties of the Company and the employee(s) of the above-mentioned parties (if applicable); and other operational and administrative records that contain personal data.


Purposes of Keeping Personal Data

  1. In relation to Data Subjects:
    The purposes for which the data relating to the Data Subjects may be used are as follows:
    1. assessing the merits and suitability of the Data Subjects as actual or potential applicants for financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities and/or processing and/or approving their applications, variation, renewals, cancellations, reinstatements and claims;
    2. facilitating the daily operation of the services, credit facilities provided to and/or insurance policies issued to the Data Subjects;
    3. conducting credit checks whenever appropriate (including, without limitation, at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year) and carrying out matching procedures (as defined in the Ordinance);
    4. creating and maintaining the Company’s scoring models;
    5. providing reference;
    6. assisting other financial institutions to conduct credit checks and collect debts;
    7. ensuring ongoing credit worthiness of Data Subjects;
    8. researching, customer profiling and segmentation and/or designing financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities for Data Subjects' use;
    9. marketing services, products and other subjects (please see further details in paragraph 10 of the Company’s Data Policy Notice (“DPN”));
    10. determining amounts owed to or by the Data Subjects;
    11. enforcing Data Subjects’ obligations, including without limitation the collection of amounts outstanding from Data Subjects and those providing security for Data Subjects' obligations;
    12. complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Company or any of its branches or that it is expected to comply according to:
      1. any law binding or applying to it within or outside the Hong Kong Special Administrative Region existing currently and in the future (e.g. the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information);
      2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Hong Kong Special Administrative Region existing currently and in the future (e.g. guidelines or guidance given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information);
      3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Company or any of its branches by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
    13. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Group and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
    14. enabling an actual or proposed assignee of the Company, or participant or sub-participant of the Company's rights in respect of the Data Subjects to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
    15. comparing data of Data Subjects or other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking adverse action against the Data Subjects;
    16. maintaining a credit history or otherwise, a record of Data Subjects (whether or not there exists any relationship between Data Subjects and the Company) for present and future reference; and
    17. purposes incidental, associated or relating to the abovementioned purposes.
       
  2. In relation to employees (as and where applicable):
    The purposes for which the data relating to the Employees may be used in connection with the employer and employee relationship and human resources management, including but not limited to the purposes as mentioned herein:
    1. processing employment application;
    2. determining and reviewing salaries, bonuses and other benefits should be employed;
    3. conducting reference check with previous employers;
    4. consideration for promotion, transfer or secondment;
    5. monitoring compliance with internal rules of the Company;
    6. any other purposes directly or indirectly relating to the compliance by the Company or any of the employment or statutory obligations; and 
    7. administering any affairs or benefits relating to the retirement and insurance plan of Employees.   
       
  3. In relation to Other Individuals(as and where applicable):
    The purposes for which the data relating to the Other Individuals may be used are as follows:
    1. engaging, managing, monitoring and assessing the business relationship with the suppliers, contractors, service providers, business partners and their staff who provide services to the Company;
    2. managing, monitoring and assessing the landlord and tenant relationship with the landlords and/or tenants;
    3. organizing and delivering seminars for the Company; and
    4. facilitating the daily operation and administration of the above.
       

Collection and Use of Personal Data

  1. In relation to the collection of the personal data, the Company will provide the Data Subjects with a copy of the DPN and/or (as and where applicable) the Employees with a copy of relevant Notice in connection with the collection of Employee records and/or (as and where applicable) will notify Other Individuals of the purpose of collection, classes of persons to whom the data may be transferred, their rights to access and correct the data, and other relevant information.
  2. In relation to the collection of the information and personal data on-line or when the Users communicate with the Company via Electronic Devices, the following provisions shall be applicable to the Company’s Website or when the Users communicate with the Company via the Electronic Devices:
    1. This section is limited to the information collected on the Company's Website, the Company's online advertisements and electronic communications. This section does not apply after the Users leave the Company's Website or when the users visit third-party's websites where the Company's online advertisements are displayed or links to third-party websites not operated or controlled by the Company.
    2. By browsing the Company’s Website, electronically responding to the Company’s online advertisements, communicating with the Company via any Electronic Devices, the Users’ consent to the Company’s use of cookies and the Company’s use of the Users’ Information in the manner as set out in this section. The Users do not proceed further and do not provide the Information unless the Users’ consent to the above.
    3. The Company will record the information of visitors visiting the Company's Website through the web server access log (including the clicking date and time, IP address, pages clicked, browser type, device, operating system and Internet Banking account number (if applicable)). The Company might use the Users’ record (and may combine with other personal information of the Users) for the purposes of improving the operation of this website, statistical analysis and marketing. The Company will keep the relevant information for an appropriate period of time based on the actual needs. The Company’s web server access log will record the Users’ information automatically by default. By continuing browsing the Company’s Website, users are deemed to have given their consent for the Company to store, use and transfer the information in the above manner. The Users’ visit to the Company’s Weixin Official Account may be recorded. The Company may also provide the record of users’ visit to Weixin Official Account above to BOC Credit Card (International) Limited for statistical purpose and for analysis on the number of users and general usage patterns. Some of the Users’ information including Users’ personalized settings information will be gathered through the use of “cookies”. Cookies are small bits of information that are automatically stored in the web browser in Users’ Electronic Devices that can be retrieved by the Company’s Website. The information collected by “cookies” is anonymous visitor’s personalized settings information and contain no name or address information or any information that will enable anyone to contact the Users via any means. No Users’ personal data will be collected or stored by the Company. For Internet Banking and Mobile Banking services, a “cookie” with a unique identifier assigned by the Company will be stored in the Users’ web browsers throughout the session after login. Cookies will be expired upon logging off. Should the Users wish to disable these cookies, the Users may do so by changing the setting of the browser. However, the Users will then not be able to login the Company’s Internet Banking and Mobile Banking services.
    4. There are sections of the Company’s Website and Weixin Official Account where the Company specifically asks for the Users’ personal data, for example, when completing online forms to submit an enquiry, applying for a particular product or service or if registering to use the online services, such as Internet Banking and Mobile Banking services. Please refer to and read the applicable terms and conditions for these products and services as well as the DPN informing the types of data collected, purposes of collection, classes of persons to whom the Users’ data may be transferred, the rights to access and correct the personal data, and other relevant information. If the Users do not consent to the same, please do not proceed further and do not provide the Users’ personal data to the Company and Weixin Official Account.
    5. Personal data collected by the Company through the Company's Website in connection with an application for employment (as and where applicable) will be used to assess the suitability of the applicant to the job application. The Company may collect the applicant's basic personal data including the name, e-mail address, contact phone number, educational background and curriculum vitae. Please refer to and read the relevant Notice in connection with Employee records when making job application through the Company's Website. Failure to supply such data may result in the Company being unable to process the applicant's employment application.
    6. For the purpose of Mobile Application services, unless the context otherwise requires, references in this Statement to "the Company's Website" shall be read as reference to "the Company's Mobile Application".
    7. When Users using the Company's Mobile Application services and the Company's Weixin Official Account services , the Company may access the Users' location data to search for the nearest ATM, branch or to conduct valuation of a nearby property. For Mobile Application services, the Company may also access the following of the Users' Electronic Devices: (i) installation identification number (ii) location data, (iii) microphone, (iv) camera, (v) phone book, (vi) calendar, (vii) biometric authentication module and (viii) speech recognition of the Users' Electronic Devices to provide the related Mobile Application services. However, the location, calendar, biometric data and the related information would not be stored or recorded in the database of the Company. If there is an SD card available to the Users' Electronic Devices, the Company may access the SD card for amending or deleting encrypted application data stored in the SD card so as to enable the operation of the Company's Mobile Application services. Users who do not allow the Company to use the information in the above manner may at any time change the setting of the Electronic Devices or uninstall the Mobile Application or unfollow the Company's Weixin Official Account. In such event, Users may only be able to partially use or may not be able to use the Company's Mobile Application or Weixin Official Account services.
    8. For "e-Wallet" application, the Company may collect and store the unique identifier of the user's mobile phone (i.e. IMEI number), of mobile phone SIM card and/or of "e-Wallet" application to enable the handset matching and service eligibility checking for the purpose of operating the mobile payment services. Users who do not allow the Company to use the information in the above manner may at any time uninstall the "e-Wallet" application. In such event, Users will not be able to use the Company's "e-Wallet" application services.
    9. After the Users follow the Company’s Weixin Official Account, the Company will access the Users’ Open ID, Profile Photo, Nickname, Gender, Country/Region/City, Follow/binding time and status of the Users’ Weixin Official Account from Weixin platform automatically for the purpose of pushing notification message, statistical and analysis purposes. The Company may also provide the information above to service provider(s) for the purposes of verifying User’s identity and pushing correspondent reply message (e.g. lucky draw result), if necessary. Users who do not allow the Company to use the information in the above manner may at any time unfollow the Company’s Weixin Official Account. In such event, Users may not be able to use the Company's Weixin Official Account services.
    10. Except for Internet Banking, Mobile Banking services, Commodities Internet Trading services, online forms, Mobile Application and Weixin Official Account services where the Company specifically asks for the Users' personal data, the Users can use the Company's Website without providing any of the Users' personal data.


Retention of Personal Data

The personal data and information provided by Data Subjects and/or the Employees  and/or the Users and/or Other Individuals will not be kept longer than necessary for the fulfillment of the purposes for which the personal data and information are or are to be used at the time of the collection and for compliance with the legal, regulatory and accounting requirements from time to time.

Disclosure of Personal Data
The personal data and information would not be disclosed to other parties unless such disclosure is made in accordance with DPN and/or (as and where applicable) the relevant Notice in connection with the collection of Employee records and/or the Data Subjects and/or the Employees and/or the Users and/or Other Individuals have been previously consented to and/or the disclosure is permitted or required by any law binding on the Company.

Security of Personal Data
The personal data and information provided to the Company are secured with restricted access by authorized personnel. Encryption technology is employed for sensitive data to protect the privacy of the Data Subjects, the Employees,  the Users and Other Individuals during data transmission.

If the Company engages service providers to handle or process personal data (whether within or outside Hong Kong) on the Company's behalf, the Company would adopt contractual or other means to prevent unauthorized or accidental access, processing, erasure, loss or use of the data transferred to the service providers for processing.

Changes to the Privacy Policy Statement
The contents of this Statement may be amended from time to time. Please approach the Company and/or visit the Company's Website regularly for the Company's latest privacy policy.

Data Access Requests and Data Correction Requests
The Company would comply with and process all data access and correction requests in accordance with the provisions of the Ordinance.

The Company may impose a reasonable fee for complying with a data access request in accordance with the Ordinance.

Contact Details
The persons to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed are as follows:

Bank of China (Hong Kong) Limited BOC Credit Card
(International) Limited
BOC Group Life Assurance Company Limited
The Data Protection Officer The Data Protection Officer The Data Protection Officer
Bank of China (Hong Kong) Limited BOC Credit Card
(International) Limited
BOC Group Life Assurance Company Limited
Bank of China Tower
1 Garden Road
Hong Kong
20/F., BOC Credit Card Centre
68 Connaught Road West
Hong Kong
13/F, Cityplaza One,
1111 King's Road, Taikoo Shing
Hong Kong

Facsimile: +852 2826 6860

 

Facsimile: +852 2541 5415

 

Facsimile: +852 2522 1219

 

Po Sang Securities and Futures Limited BOCHK Asset Management Limited  
The Data Protection Officer The Data Protection Officer  
Po Sang Securities and Futures Limited BOCHK Asset Management Limited  
1/F, Wing On House
71 Des Voeux Road Central
Hong Kong
5/F, Bank of China Building
2A Des Voeux Road Central
Hong Kong
 
Facsimile: +852 2854 1955 Facsimile: +852 2532 8216  


If there is any inconsistency between the English version and the Chinese version of this Statement, the Chinese version shall prevail in relation to any matters arising in the Mainland China exclusive of Hong Kong Special Administrative Region, the English version shall prevail in relation to any matters arising in Hong Kong Special Administrative Region and elsewhere.

August 2019

 

Chiyu Banking Corporation Limited

The purpose of this Privacy Policy Statement is to establish the policies and practices of Chiyu Banking Corporation Limited and its subsidiaries (each a "Company", for so long as such Company remains a subsidiary of Chiyu Banking Corporation Limited and notwithstanding any change in the name of the Company) towards the Company’s commitment in protecting personal data privacy in accordance with the provisions of the Personal Data (Privacy) Ordinance (the "Ordinance"). The Company highly values personal privacy and strives to preserve the confidentiality and security of all the personal information which the Company may collect so as to strengthen the trust and confidence between the Company and the Data Subjects, Employees, Users and Other Individuals (as hereinafter defined).

  1. The term "Data Subject(s)", wherever mentioned in this Statement, includes the following categories of individuals:

    1. applicants for or customers, authorized signatories, insured persons, policy holders, beneficiaries and other users of financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities and so forth provided by the Company;
    2. sureties, guarantors and parties providing security, guarantee or any form of support for obligations owed to the Company; and
    3. directors, shareholders, officers and managers of any corporate applicants and Data Subjects/users.
       

The term "Employee(s)", wherever mentioned in this Statement, includes employees and/or applicants for any openings offered by the Company.

The term "user(s)", wherever mentioned in this Statement, includes visitors and/or users of the Company's Website, or when the visitors and/or users communicate with the Company via any electronic devices including but not limited to computer and mobile phone ("Electronic Devices").

The term “Other Individuals”, wherever mentioned in this Statement, include suppliers, contractors, service providers, business partners, landlords, tenants, participants of seminars, visitors, other contractual counterparties of the Company and the employee(s) of the above-mentioned parties (if applicable).

For the purposes of this Statement, the "Group" means the Company and its holding companies, branches, subsidiaries, representative offices and affiliates, wherever situated. Affiliates include branches, subsidiaries, representative offices and affiliates of the Company's holding companies, wherever situated.

The rights and obligations of each Company under this Statement are several and not joint. No Company shall be liable for any act or omission by another Company.

Kinds of Personal Data Held
There are three broad categories of personal data held in the Company. They comprise personal data contained in the following:

  1. Data Subject records, which are necessary for Data Subjects to supply to the Company from time to time:
    1. in connection with the opening or continuation of accounts and the establishment or continuation of banking facilities or provision of financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities;
    2. in the ordinary course of the continuation of the relationship between the Company and Data Subjects, for example, when Data Subjects write cheques, deposit money, effect transactions through credit cards issued or serviced by the Company or generally communicate verbally or in writing with the Company.
  2. Employee records, which include but are not limited to the name, address, e-mail address, contact phone number, educational background, curriculum vitae and relevant personal data of family members of Employees.
  3. Other Individuals records, which include but not limited to the name, address, e-mail address, contact phone number of suppliers, contractors, service providers, business partners, landlords, tenants, participants of seminars, visitors, other contractual counterparties of the Company and the employee(s) of the above-mentioned parties (if applicable); and other operational and administrative records that contain personal data.


Purposes of Keeping Personal Data

  1. In relation to Data Subjects:
    The purposes for which the data relating to the Data Subjects may be used are as follows:
    1. assessing the merits and suitability of the Data Subjects as actual or potential applicants for financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities and/or processing and/or approving their applications, variation, renewals, cancellations, reinstatements and claims;
    2. facilitating the daily operation of the services, credit facilities provided to and/or insurance policies issued to the Data Subjects;
    3. conducting credit checks whenever appropriate (including, without limitation, at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year) and carrying out matching procedures (as defined in the Ordinance);
    4. creating and maintaining the Company’s scoring models;
    5. providing reference;
    6. assisting other financial institutions to conduct credit checks and collect debts;
    7. ensuring ongoing credit worthiness of Data Subjects;
    8. researching, customer profiling and segmentation and/or designing financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities for Data Subjects' use;
    9. marketing services, products and other subjects (please see further details in paragraph 10 of the Company’s Data Policy Notice (“DPN”));
    10. determining amounts owed to or by the Data Subjects;
    11. enforcing Data Subjects’ obligations, including without limitation the collection of amounts outstanding from Data Subjects and those providing security for Data Subjects' obligations;
    12. complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Company or any of its branches or that it is expected to comply according to:
      1. any law binding or applying to it within or outside the Hong Kong Special Administrative Region existing currently and in the future (e.g. the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information);
      2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Hong Kong Special Administrative Region existing currently and in the future (e.g. guidelines or guidance given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information);
      3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Company or any of its branches by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
    13. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Group and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
    14. enabling an actual or proposed assignee of the Company, or participant or sub-participant of the Company's rights in respect of the Data Subjects to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
    15. comparing data of Data Subjects or other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking adverse action against the Data Subjects;
    16. maintaining a credit history or otherwise, a record of Data Subjects (whether or not there exists any relationship between Data Subjects and the Company) for present and future reference; and
    17. purposes incidental, associated or relating to the abovementioned purposes.
       
  2. In relation to employees (as and where applicable):
    The purposes for which the data relating to the Employees may be used in connection with the employer and employee relationship and human resources management, including but not limited to the purposes as mentioned herein:
    1. processing employment application;
    2. determining and reviewing salaries, bonuses and other benefits should be employed;
    3. conducting reference check with previous employers;
    4. consideration for promotion, transfer or secondment;
    5. monitoring compliance with internal rules of the Company;
    6. any other purposes directly or indirectly relating to the compliance by the Company or any of the employment or statutory obligations; and 
    7. administering any affairs or benefits relating to the retirement and insurance plan of Employees.   
       
  3. In relation to Other Individuals(as and where applicable):
    The purposes for which the data relating to the Other Individuals may be used are as follows:
    1. engaging, managing, monitoring and assessing the business relationship with the suppliers, contractors, service providers, business partners and their staff who provide services to the Company;
    2. managing, monitoring and assessing the landlord and tenant relationship with the landlords and/or tenants;
    3. organizing and delivering seminars for the Company; and
    4. facilitating the daily operation and administration of the above.
       

Collection and Use of Personal Data

  1. In relation to the collection of the personal data, the Company will provide the Data Subjects with a copy of the DPN and/or (as and where applicable) the Employees with a copy of relevant Notice in connection with the collection of Employee records and/or (as and where applicable) will notify Other Individuals of the purpose of collection, classes of persons to whom the data may be transferred, their rights to access and correct the data, and other relevant information.
  2. In relation to the collection of the information and personal data on-line or when the Users communicate with the Company via Electronic Devices, the following provisions shall be applicable to the Company’s Website or when the Users communicate with the Company via the Electronic Devices:
    1. This section is limited to the information collected on the Company's Website, the Company's online advertisements and electronic communications. This section does not apply after the Users leave the Company's Website or when the users visit third-party's websites where the Company's online advertisements are displayed or links to third-party websites not operated or controlled by the Company.
    2. By browsing the Company’s Website, electronically responding to the Company’s online advertisements, communicating with the Company via any Electronic Devices, the Users’ consent to the Company’s use of cookies and the Company’s use of the Users’ Information in the manner as set out in this section. The Users do not proceed further and do not provide the Information unless the Users’ consent to the above.
    3. The Company will record the information of visitors visiting the Company's Website through the web server access log (including the clicking date and time, IP address, pages clicked, browser type, device, operating system and Internet Banking account number (if applicable)). The Company might use the Users’ record (and may combine with other personal information of the Users) for the purposes of improving the operation of this website, statistical analysis and marketing. The Company will keep the relevant information for an appropriate period of time based on the actual needs. The Company’s web server access log will record the Users’ information automatically by default. By continuing browsing the Company’s Website, users are deemed to have given their consent for the Company to store, use and transfer the information in the above manner. The Users’ visit to the Company’s Weixin Official Account may be recorded. The Company may also provide the record of users’ visit to Weixin Official Account above to BOC Credit Card (International) Limited for statistical purpose and for analysis on the number of users and general usage patterns. Some of the Users’ information including Users’ personalized settings information will be gathered through the use of “cookies”. Cookies are small bits of information that are automatically stored in the web browser in Users’ Electronic Devices that can be retrieved by the Company’s Website. The information collected by “cookies” is anonymous visitor’s personalized settings information and contain no name or address information or any information that will enable anyone to contact the Users via any means. No Users’ personal data will be collected or stored by the Company. For Internet Banking and Mobile Banking services, a “cookie” with a unique identifier assigned by the Company will be stored in the Users’ web browsers throughout the session after login. Cookies will be expired upon logging off. Should the Users wish to disable these cookies, the Users may do so by changing the setting of the browser. However, the Users will then not be able to login the Company’s Internet Banking and Mobile Banking services.
    4. There are sections of the Company’s Website and Weixin Official Account where the Company specifically asks for the Users’ personal data, for example, when completing online forms to submit an enquiry, applying for a particular product or service or if registering to use the online services, such as Internet Banking and Mobile Banking services. Please refer to and read the applicable terms and conditions for these products and services as well as the DPN informing the types of data collected, purposes of collection, classes of persons to whom the Users’ data may be transferred, the rights to access and correct the personal data, and other relevant information. If the Users do not consent to the same, please do not proceed further and do not provide the Users’ personal data to the Company and Weixin Official Account.
    5. Personal data collected by the Company through the Company's Website in connection with an application for employment (as and where applicable) will be used to assess the suitability of the applicant to the job application. The Company may collect the applicant's basic personal data including the name, e-mail address, contact phone number, educational background and curriculum vitae. Please refer to and read the relevant Notice in connection with Employee records when making job application through the Company's Website. Failure to supply such data may result in the Company being unable to process the applicant's employment application.
    6. For the purpose of Mobile Application services, unless the context otherwise requires, references in this Statement to "the Company's Website" shall be read as reference to "the Company's Mobile Application".
    7. For  Mobile Application services and “the Company’s Weixin Official Account”services , the Company may access the Users' location data to search for the nearest ATM or branch or to conduct valuation of a nearby property. For Mobile Application services, the Company may access the User’s installation identification number to deliver the "Location-based Privileges" and related push notification of our respective branches through the Microphone or Bluetooth of the Users' mobile devices, and through the camera of the Users' mobile devices to scan designed barcode to redeem electronic coupon. For fingerprint authentication service, the Company may access the fingerprint authentication module in order to perform the authentication.  However, the fingerprint data would not be stored or recorded in the database of the Company. For “Mortgage Expert” Mobile Application, the Company may access mobile device’s calendar for the purpose of synchronizing with the event updated by the  Mortgage Expert’s Calendar. However, no location or calendar data would be stored or recorded in the database of the Company. Furthermore, for the "Small Value Transfer" service of the Mobile Banking, the Company may access the phone book of the mobile device with the User's consent in order to enable the User to select the contact data from the phone book while conducting the Small Value Transfer transaction. However, the data of the phone book would not be stored or recorded in the database of the Company. If there is an SD card available to the Users' Electronic Devices, the Company may access the SD card for storing and retrieving encrypted application data so as to enable the operation of the Company’s Mobile Application services, in particular, the "e-Wallet" application. However, no such information would be stored or recorded in the database of the Company. Users who do not allow the Company to use the information in the above manner may at any time change the setting of the Electronic Devices or uninstall the Mobile Application or unfollow the Company’s Weixin Official Account. In such event, Users may only be able to partially use or may not be able to use the Company's Mobile Application or Weixin Official Account services.
    8. For "e-Wallet" application, the Company may collect and store the unique identifier of the user's mobile phone (i.e. IMEI number), of mobile phone SIM card and/or of "e-Wallet" application to enable the handset matching and service eligibility checking for the purpose of operating the mobile payment services. Users who do not allow the Company to use the information in the above manner may at any time uninstall the "e-Wallet" application. In such event, Users will not be able to use the Company's "e-Wallet" application services.
    9. After the Users follow the Company’s Weixin Official Account, the Company will access the Users’ Open ID, Profile Photo, Nickname, Gender, Country/Region/City, Follow/binding time and status of the Users’ Weixin Official Account from Weixin platform automatically for the purpose of pushing notification message, statistical and analysis purposes. The Company may also provide the information above to service provider(s) for the purposes of verifying User’s identity and pushing correspondent reply message (e.g. lucky draw result), if necessary. Users who do not allow the Company to use the information in the above manner may at any time unfollow the Company’s Weixin Official Account. In such event, Users may not be able to use the Company's Weixin Official Account services.
    10. Except for Internet Banking, Mobile Banking services, Commodities Internet Trading services, online forms, Mobile Application and Weixin Official Account services where the Company specifically asks for the Users' personal data, the Users can use the Company's Website without providing any of the Users' personal data.


Retention of Personal Data

The personal data and information provided by Data Subjects and/or the Employees  and/or the Users and/or Other Individuals will not be kept longer than necessary for the fulfillment of the purposes for which the personal data and information are or are to be used at the time of the collection and for compliance with the legal, regulatory and accounting requirements from time to time.

Disclosure of Personal Data
The personal data and information would not be disclosed to other parties unless such disclosure is made in accordance with DPN and/or (as and where applicable) the relevant Notice in connection with the collection of Employee records and/or the Data Subjects and/or the Employees and/or the Users and/or Other Individuals have been previously consented to and/or the disclosure is permitted or required by any law binding on the Company.

Security of Personal Data
The personal data and information provided to the Company are secured with restricted access by authorized personnel. Encryption technology is employed for sensitive data to protect the privacy of the Data Subjects, the Employees,  the Users and Other Individuals during data transmission.

If the Company engages service providers to handle or process personal data (whether within or outside Hong Kong) on the Company's behalf, the Company would adopt contractual or other means to prevent unauthorized or accidental access, processing, erasure, loss or use of the data transferred to the service providers for processing.

Changes to the Privacy Policy Statement
The contents of this Statement may be amended from time to time. Please approach the Company and/or visit the Company's Website regularly for the Company's latest privacy policy.

Data Access Requests and Data Correction Requests
The Company would comply with and process all data access and correction requests in accordance with the provisions of the Ordinance.

The Company may impose a reasonable fee for complying with a data access request in accordance with the Ordinance.

Contact Details
The persons to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed are as follows:

Chiyu Banking Corporation Limited
The Data Protection Officer
Chiyu Banking Corporation Limited
78 Des Voeux Road Central
Hong Kong
Facsimile: +852 2810 4207 


If there is any inconsistency between the English version and the Chinese version of this Statement, the Chinese version shall prevail in relation to any matters arising in the Mainland China exclusive of Hong Kong Special Administrative Region, the English version shall prevail in relation to any matters arising in Hong Kong Special Administrative Region and elsewhere.

August 2019

Data Policy Notice

BOC Hong Kong (Holdings) Limited and its subsidiaries

Data Policy Notice

  1. This Notice sets out the data policies of BOC Hong Kong (Holdings) Limited and its subsidiaries, including Bank of China (Hong Kong) Limited, BOC Credit Card (International) Limited, BOC Group Life Assurance Company Limited, Po Sang Securities and Futures Limited, BOCHK Asset Management Limited (each a "Company", for as long as such Company remains a subsidiary of BOC Hong Kong (Holdings) Limited and notwithstanding any change in the name of the Company) in respect of their respective data subjects (as hereinafter defined). The rights and obligations of each Company under this Notice are several and not joint. No Company shall be liable for any act or omission by another Company.

  2. For the purposes of this Notice, the “Group” means the Company and its holding companies, branches, subsidiaries, representative offices and affiliates, wherever situated. Affiliates include branches, subsidiaries, representative offices and affiliates of the Company’s holding companies, wherever situated.

  3. The term "data subject(s)", wherever mentioned in this Notice, includes the following categories of individuals :
    (a) applicants for or customers, authorized signatories, insured persons, policy holders, beneficiaries and other users of financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities and so forth provided by a Company;
    (b) sureties, guarantors and parties providing security, guarantee or any form of support for obligations owed to a Company;
    (c) directors, shareholders, officers and managers of any corporate applicants and data subjects/users; and
    (d) suppliers, contractors, service providers and other contractual counterparties of the Company.

    For the avoidance of doubt, "data subjects" shall not include any incorporated bodies. The contents of this Notice shall apply to all data subjects and form part of any contracts for services that the data subjects have or may enter into with the Company from time to time. If there is any inconsistency or discrepancy between this Notice and the relevant contract, this Notice shall prevail insofar as it relates to the protection of the data subjects' personal data. Nothing in this Notice shall limit the rights of the data subjects under the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong) (the "Ordinance").

  4. From time to time, it is necessary for the data subjects to supply the Company with data in connection with the opening or continuation of accounts and the establishment or continuation of banking facilities or provision of financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities.

  5. Failure to supply such data may result in the Company being unable to open or continue accounts or establish or continue banking facilities or provide financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities.

  6. Data relating to the data subjects are collected or received by the Company from various sources from time to time. Such data may include, but not limited to, data collected from data subjects in the ordinary course of the continuation of the relationship between the Company and data subjects, for example, when data subjects write cheques, deposit money, effect transactions through credit cards issued or serviced by the Company or generally communicate verbally or in writing with the Company, and data obtained from other sources (for example, credit reference agencies). Data may also be generated or combined with other information, available to the Company or any member of the Group.

  7. The purposes for which the data relating to the data subjects may be used are as follows:
    (a) assessing the merits and suitability of the data subjects as actual or potential applicants for financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities and/or processing and/or approving their applications, variation, renewals, cancellations, reinstatements and claims;
    (b) facilitating the daily operation of the services, credit facilities provided to and/or insurance policies issued to the data subjects;
    (c) conducting credit checks whenever appropriate (including, without limitation, at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year) and carrying out matching procedures (as defined in the Ordinance);
    (d) creating and maintaining the Company’s scoring models;
    (e) providing reference;
    (f) assisting other financial institutions to conduct credit checks and collect debts;
    (g) ensuring ongoing credit worthiness of data subjects;
    (h) researching, customer profiling and segmentation and/or designing financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities for data subjects' use;
    (i) marketing services, products and other subjects (please see further details in paragraph 10 below);
    (j) determining amounts owed to or by the data subjects;
    (k) enforcing data subjects’ obligations, including without limitation the collection of amounts outstanding from data subjects and those providing security for data subjects' obligations;
    (l) complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Company or any of its branches or that it is expected to comply according to:
     

    (i)
     

    any law binding or applying to it within or outside the Hong Kong Special Administrative Region existing currently and in the future (e.g. the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information);
     

    (ii)
     

    any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Hong Kong Special Administrative Region existing currently and in the future (e.g. guidelines or guidance given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information);
     

    (iii)

    any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Company or any of its branches by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
    (m) complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Group and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
    (n) enabling an actual or proposed assignee of the Company, or participant or sub-participant of the Company's rights in respect of the data subjects to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
    (o) comparing data of data subjects or other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking adverse action against the data subjects;
    (p) maintaining a credit history or otherwise, a record of data subjects (whether or not there exists any relationship between data subjects and the Company) for present and future reference; and
    (q) purposes incidental, associated or relating to Paragraph 7

  8. Data held by the Company relating to data subjects will be kept confidential but the Company may provide and disclose (as defined in the Ordinance) such data to the following parties for the purposes set out in the previous paragraph:
    (a) any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to the Company in connection with the operation of its business, wherever situated;
    (b) any other person under a duty of confidentiality to the Company including any member of the Group which has undertaken to keep such information confidential;
    (c) the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
    (d) any person making payment into the data subject’s account;
    (e) any person receiving payment from the data subject, the banker of such person and any intermediaries which may handle or process such payment;
    (f) credit reference agencies, and, in the event of default, to debt collection agencies;
    (g) any financial institutions, charge or credit card issuing companies, insurance company, securities and investment company with which the data subjects have or propose to have dealings; and any reinsurance and claims investigation companies, insurance industry associations and federations and their members;
    (h) any person to whom the Company or any of its branches is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to the Company or any of its branches, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Company or any of its branches are expected to comply, or any disclosure pursuant to any contractual or other commitment of the Company or any of its branches with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside the Hong Kong Special Administrative Region and may be existing currently and in the future;
    (i) any actual or proposed assignee of the Company or participant or sub-participant or transferee of the Company's rights in respect of the data subject; and
    (j)

    (i)
     

    any member of the Group;
     

    (ii)
     

    third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
     

    (iii)
     

    third party reward, loyalty, co-branding and privileges programme providers;
     

    (iv)
     

    co-branding partners of the Company and the Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
     

    (v)

    charitable or non-profit making organisations; and
     

    (vi)
     

    external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Company engages for the purposes set out in paragraph (7)(i) above, wherever situated.
    The Company may from time to time transfer the data relating to the data subjects to a place outside the Hong Kong Special Administrative Region for the purposes set out in paragraph 7 above.

  9. With respect to data in connection with mortgages applied by the data subject (if applicable, and whether as a borrower, mortgagor or guarantor and whether in the data subject’s sole name or in joint names with others) on or after 1 April 2011, the following data relating to the data subject (including any updated data of any of the following data from time to time) may be provided by the Company, on its own behalf and/or as agent, to a credit reference agency:
    (a) full name;
    (b) capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in the data subject’s sole name or in joint names with others);
    (c) identity card number or travel document number;
    (d) date of birth;
    (e) correspondence address;
    (f) mortgage account number in respect of each mortgage;
    (g) type of the facility in respect of each mortgage;
    (h) mortgage account status in respect of each mortgage (e.g., active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order); and
    (i) if any, mortgage account closed date in respect of each mortgage.
    The credit reference agency will use the above data supplied by the Company for the purposes of compiling a count of the number of mortgages from time to time held by the data subject with credit providers in Hong Kong Special Administrative Region, as borrower, mortgagor or guarantor respectively and whether in the data subject’s sole name or in joint names with others, for sharing in the consumer credit database of the credit reference agency by credit providers (subject to the requirements of the Code of Practice on Consumer Credit Data approved and issued under the Ordinance).

  10. USE OF DATA IN DIRECT MARKETING

    The Company intends to use the data subject's data in direct marketing and the Company requires the data subject's consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
    (a) the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of the data subject held by the Company from time to time may be used by the Company in direct marketing;
    (b) the following classes of services, products and subjects may be marketed:
     

    (i)
     

    financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities;
     

    (ii)
     

    reward, loyalty or privileges programmes and related services and products;
     

    (iii)
     

    services and products offered by the Company’s co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
     

    (iv)
     

    donations and contributions for charitable and/or non-profit making purposes;
    (c) the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Company and/or:
     

    (i)
     

    any member of the Group;
     

    (ii)

    third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
     

    (iii)
     

    third party reward, loyalty, co-branding or privileges programme providers;
     

    (iv)
     

    co-branding partners of the Company and the Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
     

    (v)
     

    charitable or non-profit making organisations;
    (d) in addition to marketing the above services, products and subjects itself, the Company also intends to provide the data described in paragraph 10(a) above to all or any of the persons described in paragraph 10(c) above for use by them in marketing those services, products and subjects, and the Company requires the data subject's written consent (which includes an indication of no objection) for that purpose;

    If a data subject does not wish the Company to use or provide to other persons his/her data for use in direct marketing as described above, the data subject may exercise his/her opt-out right by notifying the Company.


  11. Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data, any data subject has the right:
    (a) to check whether the Company holds data about him/her and of access to such data;
    (b) to require the Company to correct any data relating to him/her which is inaccurate;
    (c) to ascertain the Company's policies and practices in relation to data and to be informed of the kind of personal data held by the Company;
    (d) to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
    (e) in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Company to a credit reference agency, to instruct the Company, upon termination of the account by full repayment, to make a request to the credit reference agency to delete such account data from its database, as long as the instruction is given within five years of termination and at no time was there any default of payment in relation to the account, lasting in excess of 60 days within five years immediately before account termination. Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by the Company to a credit reference agency), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).

  12. In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data (as defined in paragraph 11(e) above) may be retained by the credit reference agency until the expiry of five years from the date of final settlement of the amount in default.

  13. In the event any amount in an account is written-off due to a bankruptcy order being made against the data subject, the account repayment data (as defined in paragraph 11(e) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until the expiry of five years from the date of final settlement of the amount in default or the expiry of five years from the date of discharge from a bankruptcy as notified by the data subject with evidence to the credit reference agency, whichever is earlier.

  14. In accordance with the terms of the Ordinance, the Company has the right to charge a reasonable fee for the processing of any data access request.

  15. The persons to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed are as follows:
    Bank of China (Hong Kong) Limited BOC Credit Card (International) Limited BOC Group Life Assurance Company Limited
    The Data Protection Officer The Data Protection Officer The Data Protection Officer
    Bank of China (Hong Kong) Limited BOC Credit Card (International) Limited BOC Group Life Assurance Company Limited
    Bank of China Tower
    1 Garden Road
    Hong Kong
    20/F, BOC Credit Card Centre
    68 Connaught Road West
    Hong Kong
    13/F, Cityplaza One
    1111 King's Road Taikoo Shing
    Hong Kong
    Facsimile: +852 2826 6860
     

    Facsimile: +852 2541 5415

    Facsimile: +852 2522 1219

    Po Sang Securities and Futures Limited

    BOCHK Asset Management Limited

     

    The Data Protection Officer The Data Protection Officer  
    Po Sang Securities and Futures Limited BOCHK Asset Management Limited  
    4/F, BOC Yuen Long Commercial Centre, 102-108 Castle Peak Road Yuen Long New Territories
    Hong Kong
    5/F, Bank of China Building
    2A Des Voeux Road Central
    Hong Kong
     
    Facsimile: +852 2905 1909 Facsimile: +852 2532 8216  
  16. The Company may have obtained a credit report on the data subject from a credit reference agency in considering any application for credit. In the event that the data subject wishes to access the credit report, the Company will advise the contact details of the relevant credit reference agency.

  17. If there is any inconsistency between the English version and the Chinese version of this Notice, the Chinese version shall prevail in relation to any matters arising in the Mainland China exclusive of the Hong Kong Special Administrative Region, and the English version shall prevail in relation to any matters arising in the Hong Kong Special Administrative Region and elsewhere.
     

Jan 2021

 

Chiyu Banking Corporation Limited

Data Policy Notice

  1. This Notice sets out the data policies of Chiyu Banking Corporation Ltd. and each of its subsidiaries, (for so long as such subsidiary remains a subsidiary of Chiyu Banking Corporation Limited.)(each a "Company") in respect of their respective data subjects (as hereinafter defined). The rights and obligations of each Company under this Notice are several and not joint. No Company shall be liable for any act or omission by another Company.

  2. For the purposes of this Notice, the “Group” means the Company and its holding companies, branches, subsidiaries, representative offices and affiliates, wherever situated, together with Xiamen International Bank Co. Ltd.. Affiliates include the Company’s  holding companies and Xiamen International Bank Co. Ltd. and their branches, subsidiaries, representative offices and affiliates, wherever situated.

  3. The term "data subject(s)", wherever mentioned in this Notice, includes the following categories of individuals :
    (a) applicants for or customers, authorized signatories, insured persons, policy holders, beneficiaries and other users of financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities and so forth provided by a Company;
    (b) sureties, guarantors and parties providing security, guarantee or any form of support for obligations owed to a Company;
    (c) directors, shareholders, officers and managers of any corporate applicants and data subjects/users; and
    (d) suppliers, contractors, service providers and other contractual counterparties of the Company.

    For the avoidance of doubt, "data subjects" shall not include any incorporated bodies. The contents of this Notice shall apply to all data subjects and form part of any contracts for services that the data subjects have or may enter into with the Company from time to time. If there is any inconsistency or discrepancy between this Notice and the relevant contract, this Notice shall prevail insofar as it relates to the protection of the data subjects' personal data. Nothing in this Notice shall limit the rights of the data subjects under the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong) (the "Ordinance").

  4. From time to time, it is necessary for the data subjects to supply the Company with data in connection with the opening or continuation of accounts and the establishment or continuation of banking facilities or provision of financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities.

  5. Failure to supply such data may result in the Company being unable to open or continue accounts or establish or continue banking facilities or provide financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities.

  6. Data relating to the data subjects are collected or received by the Company from various sources from time to time. Such data may include, but not limited to, data collected from data subjects in the ordinary course of the continuation of the relationship between the Company and data subjects, for example, when data subjects write cheques, deposit money, effect transactions through credit cards issued or serviced by the Company or generally communicate verbally or in writing with the Company, and data obtained from other sources (for example, credit reference agencies). Data may also be generated or combined with other information, available to the Company or any member of the Group.

  7. The purposes for which the data relating to the data subjects may be used are as follows:
    (a) assessing the merits and suitability of the data subjects as actual or potential applicants for financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities and/or processing and/or approving their applications, variation, renewals, cancellations, reinstatements and claims;
    (b) facilitating the daily operation of the services, credit facilities provided to and/or insurance policies issued to the data subjects;
    (c) conducting credit checks whenever appropriate (including, without limitation, at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year) and carrying out matching procedures (as defined in the Ordinance);
    (d) creating and maintaining the Company’s scoring models;
    (e) providing reference;
    (f) assisting other financial institutions to conduct credit checks and collect debts;
    (g) ensuring ongoing credit worthiness of data subjects;
    (h) researching, customer profiling and segmentation and/or designing financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities for data subjects' use;
    (i) marketing services, products and other subjects (please see further details in paragraph 10 below);
    (j) determining amounts owed to or by the data subjects;
    (k) enforcing data subjects’ obligations, including without limitation the collection of amounts outstanding from data subjects and those providing security for data subjects' obligations;
    (l) complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Company or any of its branches or that it is expected to comply according to:
     

    (i)
     

    any law binding or applying to it within or outside the Hong Kong Special Administrative Region existing currently and in the future (e.g. the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information);
     

    (ii)
     

    any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Hong Kong Special Administrative Region existing currently and in the future (e.g. guidelines or guidance given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information);
     

    (iii)

    any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Company or any of its branches by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
    (m) complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Group and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
    (n) enabling an actual or proposed assignee of the Company, or participant or sub-participant of the Company's rights in respect of the data subjects to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
    (o) comparing data of data subjects or other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking adverse action against the data subjects;
    (p) maintaining a credit history or otherwise, a record of data subjects (whether or not there exists any relationship between data subjects and the Company) for present and future reference; and
    (q) purposes incidental, associated or relating to Paragraph 7

  8. Data held by the Company relating to data subjects will be kept confidential but the Company may provide and disclose (as defined in the Ordinance) such data to the following parties for the purposes set out in the previous paragraph:
    (a) any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to the Company in connection with the operation of its business, wherever situated;
    (b) any other person under a duty of confidentiality to the Company including any member of the Group which has undertaken to keep such information confidential;
    (c) the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
    (d) any person making payment into the data subject’s account;
    (e) any person receiving payment from the data subject, the banker of such person and any intermediaries which may handle or process such payment;
    (f) credit reference agencies, and, in the event of default, to debt collection agencies;
    (g) any financial institutions, charge or credit card issuing companies, insurance company, securities and investment company with which the data subjects have or propose to have dealings; and any reinsurance and claims investigation companies, insurance industry associations and federations and their members;
    (h) any person to whom the Company or any of its branches is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to the Company or any of its branches, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Company or any of its branches are expected to comply, or any disclosure pursuant to any contractual or other commitment of the Company or any of its branches with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside the Hong Kong Special Administrative Region and may be existing currently and in the future;
    (i) any actual or proposed assignee of the Company or participant or sub-participant or transferee of the Company's rights in respect of the data subject; and
    (j)

    (i)
     

    any member of the Group;
     

    (ii)
     

    third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
     

    (iii)
     

    third party reward, loyalty, co-branding and privileges programme providers;
     

    (iv)
     

    co-branding partners of the Company and the Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
     

    (v)

    charitable or non-profit making organisations; and
     

    (vi)
     

    external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Company engages for the purposes set out in paragraph (7)(i) above, wherever situated.
    The Company may from time to time transfer the data relating to the data subjects to a place outside Hong Kong Special Administrative Region for the purposes set out in paragraph 7 above.

  9. With respect to data in connection with mortgages applied by the data subject (if applicable, and whether as a borrower, mortgagor or guarantor and whether in the data subject’s sole name or in joint names with others) on or after 1 April 2011, the following data relating to the data subject (including any updated data of any of the following data from time to time) may be provided by the Company, on its own behalf and/or as agent, to a credit reference agency:
    (a) full name;
    (b) capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in the data subject’s sole name or in joint names with others);
    (c) identity card number or travel document number;
    (d) date of birth;
    (e) correspondence address;
    (f) mortgage account number in respect of each mortgage;
    (g) type of the facility in respect of each mortgage;
    (h) mortgage account status in respect of each mortgage (e.g., active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order); and
    (i) if any, mortgage account closed date in respect of each mortgage.
    The credit reference agency will use the above data supplied by the Company for the purposes of compiling a count of the number of mortgages from time to time held by the data subject with credit providers in Hong Kong Special Administrative Region, as borrower, mortgagor or guarantor respectively and whether in the data subject’s sole name or in joint names with others, for sharing in the consumer credit database of the credit reference agency by credit providers (subject to the requirements of the Code of Practice on Consumer Credit Data approved and issued under the Ordinance).

  10. USE OF DATA IN DIRECT MARKETING

    The Company intends to use the data subject's data in direct marketing and the Company requires the data subject's consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
    (a) the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of the data subject held by the Company from time to time may be used by the Company in direct marketing;
    (b) the following classes of services, products and subjects may be marketed:
     

    (i)
     

    financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities;
     

    (ii)
     

    reward, loyalty or privileges programmes and related services and products;
     

    (iii)
     

    services and products offered by the Company’s co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
     

    (iv)
     

    donations and contributions for charitable and/or non-profit making purposes;
    (c) the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Company and/or:
     

    (i)
     

    any member of the Group;
     

    (ii)

    third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
     

    (iii)
     

    third party reward, loyalty, co-branding or privileges programme providers;
     

    (iv)
     

    co-branding partners of the Company and the Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
     

    (v)
     

    charitable or non-profit making organisations;
    (d) in addition to marketing the above services, products and subjects itself, the Company also intends to provide the data described in paragraph 10(a) above to all or any of the persons described in paragraph 10(c) above for use by them in marketing those services, products and subjects, and the Company requires the data subject's written consent (which includes an indication of no objection) for that purpose;

    If a data subject does not wish the Company to use or provide to other persons his data for use in direct marketing as described above, the data subject may exercise his opt-out right by notifying the Company.


  11. Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data, any data subject has the right:
    (a) to check whether the Company holds data about him and of access to such data;
    (b) to require the Company to correct any data relating to him which is inaccurate;
    (c) to ascertain the Company's policies and practices in relation to data and to be informed of the kind of personal data held by the Company;
    (d) to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
    (e) in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Company to a credit reference agency, to instruct the Company, upon termination of the account by full repayment, to make a request to the credit reference agency to delete such account data from its database, as long as the instruction is given within five years of termination and at no time was there any default of payment in relation to the account, lasting in excess of 60 days within five years immediately before account termination. Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by the Company to a credit reference agency), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).

  12. In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data (as defined in paragraph 11(e) above) may be retained by the credit reference agency until the expiry of five years from the date of final settlement of the amount in default.

  13. In the event any amount in an account is written-off due to a bankruptcy order being made against the data subject, the account repayment data (as defined in paragraph 11(e) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until the expiry of five years from the date of final settlement of the amount in default or the expiry of five years from the date of discharge from a bankruptcy as notified by the data subject with evidence to the credit reference agency, whichever is earlier.

  14. In accordance with the terms of the Ordinance, the Company has the right to charge a reasonable fee for the processing of any data access request.

  15. The persons to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed is as follows:

    The Data Protection Officer
    Chiyu Banking Corporation Limited
    78 Des Voeux Road Central
    Hong Kong

    Facsimile: +852 2810 4207
     

  16. The Company may have obtained a credit report on the data subject from a credit reference agency in considering any application for credit. In the event that the data subject wishes to access the credit report, the Company will advise the contact details of the relevant credit reference agency.

  17. If there is any inconsistency between the English version and the Chinese version of this Notice, the Chinese version shall prevail in relation to any matters arising in the Mainland China exclusive of the Hong Kong Special Administrative Region, the English version shall prevail in relation to any matters arising in the Hong Kong Special Administrative Region and elsewhere.
     

Jan 2020