Hang Seng Bank (China) Limited ("Hang Seng", "the
Bank", "we" or "us"), with the register office 34/F, 36/F & 46F, Hang Seng Bank
Tower, 1000 Lujiazui Ring Road, Free Trade Zone, Shanghai, China, take personal
information confidentiality and security very seriously, and strive at all times to
protect our customers’ and related parties’ personal information and privacy when we
provide our good services with you. We therefore formulate this Personal Information
and Privacy Protection Policy (this “Policy”) to comply with the laws, regulations,
rules and regulatory requirements.
Important Notice: This Policy shall apply to personal information of
you when you visit, browse, use our website or mobile device application, apply
for or use any product, service or device of the Bank, handle any business, make
any transaction or sign any agreement with the Bank, , participate in any
marketing events and surveys of the Bankor communicate or liaise with the bank
through other methods. If there is any discrepancy between this Policy and the
other agreements entered into or other terms and conditions agreed between you
and us, such other agreements or terms and conditions shall prevail. You agree
and understand the Bank may collect, store, use, process, transfer, provide,
disclose, delete or use other methods to process your personal information.
In the context of corporate business, we understand that you have agreed that
Relevant Customers can use your personal information for the purpose described
in this Policy, and therefore, we treat Relevant Customers as your authorized
representatives related to your personal data processing
activities.
If you have any query, comment or suggestion, please contact us. You may contact
us through below contact detail or “contact us” which is stated in our official
website
(www.hangseng.com.cn)or mobile device application.
Contact Us: DATA PRIVACY OFFICER (DPO)
https://www.hangseng.com.cn/1/2/contact-us-chi/email-us
Hotline:400 830 8008
This Policy include below content:
I. Personal Information and Privacy Protection Policy Overview – How We Protect
Your Personal Information
II. How we collect your personal information
III. How we use your personal information
IV. How we share, transfer your personal information
V. How we store and cross border transfer your Personal Information
VI. Special Circumstances for Information Processing
VII. How we Use Cookies and Other Technologies
VIII. Your Rights relating to Personal Information
IX. How to Contact Us
X. How We Handle Minors' Personal Information
XI. Update of this Policy and Others
I. Personal Information and Privacy Protection Policy Overview – How We
Protect Your Personal Information
1. Overview
To preserve the confidentiality, security and privacy of all personal information
you provide to us, we follow the principle of reasonableness, legitimacy
rightfulness and honest, and adopt below principle of public and transparent to
protect and process your personal information:
(1) We only collect personal information that we believe to be relevant and
required for us to comply with law, perform a statutory responsibility or
statutory obligation, understand your or relevant client’s needs, build up,
review, maintain and develop our relationship with you or relevant clients,
provide you with materials of relevant products and services.
(2) We may for specific purposes provide your personal information to other
members of the HSBC Group, our agents or other third parties, as permitted by
law. We will obtain your consent to comply with the laws.
(3) We will not transfer or provide your personal information to any third party,
unless it is made to comply with law, perform a statutory responsibility,
statutory obligation or perform the agreement, or in accordance with this Policy
or other agreement between you and the Bank.
(4) We may be required from time to time to disclose your personal information to
our regulators, other governmental or judicial bodies or agencies, but we will
only do so following the requirement of law, performance of statutory
responsibility, requirement of regulator and government, performance of
statutory obligation or agreement to the extent that we deem necessary.
(5) We will not publicly disclose your personal information and we will obtain
your separate consent and inform you the purpose, style and method of the
personal information which is publicly disclosed.
(6) We aim to keep your personal information on our records accurate and
up-to-date. You can contact us to modify or supplement as per the contact detail
stated in this Policy.
(7) We maintain strict security systems and perform necessary inspection and
filing procedure to comply with laws to prevent unauthorised access to your
personal information by anyone.
(8) All members of the HSBC Group, all our staff and all third parties with
permitted access to your personal information are specifically required to take
necessary measures to ensure the process of personal data is equivalent to the
standard of personal information protection as stipulated in this Policy
By maintaining our commitment to these policies, we will ensure that we respect
the inherent trust that you place in us.
2. Information Security
(1) Information security is our top priority. We will endeavor at all times to
safeguard your personal information against unauthorised or accidental access,
processing or damage. We maintain this commitment to information security by
implementing appropriate security and managerial measures to secure your
personal information.
(2) We will strictly comply with the requirements of "Measures for the
Administration of Electronic Banking" to keep the personal information provided
by the users and customers of the Bank's website and e-banking confidential and
store such personal information securely. To enable you to use the Bank's
website and e-banking safely, we will provide the bank level information
protection. The Bank's website and e- Banking will be accessed to by using
encryption mode (such as HTTPs and TLS) and the transfer and encryption of the
relevant data should be conducted under the Bank's security standard so as to
satisfy the bank level security requirements.
(3) We have a dedicated team for business management, technology support and
security protection to operate and manage the Bank's website and e-banking
services. The team has clear and specific responsibilities for information
security and the team leader will ensure these responsibilities to be performed.
In addition, the Bank also sets up a series of management mechanism for system
access, data privacy and security safeguard.
(4) The servers of the Bank's website and e-banking services are deployed in the
unified data center of our Group. We effectively prevent network attacks by
properly setting up and using the firewall and antivirus applications within a
highly secured environment. In addition, we catch all abnormal status through
real-time monitoring system, such as low disk space, IP attack etc., which will
trigger system alerts to administer and security team by SMS and emails to
ensure the fast response.
(5) We exercise strict management over our staff members who may have access to
your personal information, including but not limited to access control applied
to different positions, contractual obligation of confidentiality agreed with
relevant staff members, formulation and implementation of information security
related policies and procedures, and related training offered to staff. When we
use services provided by external service providers (entities or individuals),
we also impose strict confidentiality obligations on them and request them to
abide by our security standards when processing personal information.
(6) For the security of your personal information, you take on the
same responsibility as us. You shall keep your personal information secret and
confidential, such as your account information, identity verification
information (e.g. user name, password, dynamic password, verification code,
etc.), and all the documents, devices or other media that may record or
otherwise relate to such information, and shall ensure your personal information
and relevant documents, devices or other media are used only in a secured
environment. You shall not, at any time, disclose to any other person or allow
any other person to use such information and relevant documents, devices or
other media. Once you think your personal information and/or relevant documents,
devices or other media have been disclosed, lost or stolen, or may otherwise
affect the security of your use of our products, devices or services, you shall
notify us immediately so that we may take appropriate measures to prevent
further loss from occurring.
(7) If unfortunately, personal information security incident occurs, we will
adopt emergency plan and take relevant actions and remediation measures to
mitigate the severity and losses in connection therewith. Meanwhile, we will,
following the applicable requirements set out in law and regulation, inform you
of the basic information of the security incident and its possible impact, the
actions and measures we have taken or will take, suggestions for you to prevent
and mitigate the risk, and applicable remediation measures. We will inform you
about the security incident by email, mail, call, SMS, push notification or
through other methods as appropriate in a timely manner. Where it is difficult
to notify each Personal Information Subject, we will post public notice in a
reasonable and effective way. Meanwhile, we will report such personal
information security incident and our actions in accordance with applicable law,
regulation and regulatory requirements.
II. How we collect your personal information
1. Personal information refers to any kind of information related to an
identified or identifiable natural person as electronically or otherwise
recorded, excluding information that has been anonymized. Personal information
include name, birth date, ID certificate information (ID card, passport and
etc.,), personal biometrics recognition, information, contact information,
address, account information, property status, location and etc., Sensitive
personal information refers to personal or property information that, once
leaked or illegally provided or misused, may harm personal or property safety
and will easily lead to infringement of the personal reputation, human dignity,
physical or psychological health, or discriminatory treatment. Such information
mainly includes ID certificate information (ID card, passport and etc.,),
personal biometrics recognition, bank account, credit information, property
information, transaction information, location, medical and health, biometrics
recognition, specific identity, financial account, as well as any personal
information of a minor under the age of 14.
The processing of sensitive personal information has a significant impact on your
personal rights and interests. Once leaked or illegally used, it may endanger
your personal and property safety. We will carry out information processing
activities in accordance with laws, regulations, regulatory requirements and
your agreement, and take appropriate security measures to protect your personal
information. If you refuse to provide such sensitive personal information or do
not have the participation of such sensitive personal information, our bank will
not be able to provide you with specific products or services, nor supervise and
manage the daily business operations.
2. For the purpose of complying with law, regulation and regulatory provision,
or as required for us to provide you with various products and services and
continuously improve our products and services , or in order to contact or
communicate with you or Relevant Customers, understand the needs of you or
Relevant Customers, build up, review, maintain and develop our relationship with
you or Relevant Customers, we may receive and keep the personal information
provided by yourself or Relevant Customers, or, according to law, regulation,
regulatory provision, your or Relevant Customers authorisation or consent,
collect, enquire, and verify by proper methods from/with members of the HSBC
Group or other third parties (including but not limited to credit reference
agencies, information service providers, relevant authorities, employers,
counterparties, joint applicants, contact persons, close relatives and other
entities/individuals).
3. The personal information we collect may be recorded in paper, electronic means
(for example, including but without limitation to the information we collect by
way of automated machine, website, online banking, mobile banking or other
mobile device application, email, text message, telephone banking or other
channels) or any other means.
4. When you visit, browse, use our website and/or applications as a visitor, we
may collect information about the browser or device you use (such as IP address,
operating system, and browser version), your browsing actions and patterns. We
use Cookies and similar technologies to collect above information. You may
disable Cookies by changing your settings (for details, please refer to Article
VII of this Policy “How We Use Cookies and Other Technologies”).
The technical information which cannot identify any individual will
not be treated as personal information. However, when such technical
information can identify the individual alone or in combination with other
information, we will protect it as your personal
information.
We may invite you to subscribe to our newsletter, updates, alerts or to
participate in our marketing events or survey via our website and/or
applications (such as our WeChat subscription account). If you accept relevant
invitation, we may collect the information you provide to us by filling out
contact forms or questionnaires, etc. The said information may include name,
telephone number, mobile phone number, email, employer name, and job position
etc. Refusal to provide such information will not affect your visiting, browsing
or using our website and/or applications.
5. When you are our prospect or existing individual customer, or when you give
or propose to give guarantees for obligations owed by our individual customers
to us, in order for us to provide you with our products/services and to
handle relevant banking business, we may collect the following information upon
your consent or authorization or in accordance with applicable laws and
regulations:
In order for us to provide you with Banking services, you need to provide us or
allow us to collect from you the following information necessary for the
following purposes or functions. If you refuse to provide those personal
information (or the information so provided is incomplete, inaccurate or
untrue), you will not be able to use our relevant banking products or services
we provide:
(1) Registering e-Banking account:
If you hold CAT I settlement account with us, you need to
provide your bank card number and password, or your phone banking number
and phone banking PIN to register your e-Banking account;
If you hold CAT II settlement account with us, you need to provide Your
name, mobile phone number, ID type, ID number and facial biometrics
information to register your e-Banking account.
(2) Logging on e-Banking account, retrieving logon username or password:
Logging on e-Banking account: Your e-Banking username, logon password,
second password, security code and security password pre- set by you or
created or sent via security device, mobile phone number, other equipment or
methods (collectively “password”);
For retrieving logon username: Your name, Your ID type, ID number, and SMS
verification code;
If you hold CAT II settlement account with us, you need to provide your
e-Banking username, SMS verification code and facial biometrics information
to retrieve your e-Banking logon password.
(3) Maintaining proper and secure operation of e-Banking, preventing and
controlling e-Banking related risks:
We may collect the technical information such as your device type,
operating system, unique device identifier, software version, International
Mobile Equipment Identity (IMEI), logon IP/MAC address, internet service
provider (ISP). If above information cannot be used to identify
your identity or retrieved to personal information, we will not treat it as your
personal information. If the information alone or in combination with other
information may be used to identify your identity, we will treat it as your
personal information and have it properly protected.
You may decide, at your free choice, to provide us with your personal biological
identification information for the following purpose or functions.
(1) Logon Mobile banking
In order to allow you to logon Mobile banking safely and conveniently,
if your device is an Apple mobile device that supports fingerprint/facial
recognition functions, you can choose to activate fingerprint/facial
recognition to logon Mobile banking. Such information is processed
and stored by the mobile phone terminals. We only collect the fingerprint/facial
recognition result, rather than keep the raw biometric information. If you do
not want to use fingerprint/facial recognition, you can also logon mobile
banking via other methods which we provide.
(2) The functions based on fingerprint/facial recognition
In order to allow you to use mobile banking safely, including register e-Banking
account for CAT II customers, Mobile Phone Receive Money Settings, update ID
information, and update personal information, we need to collect and
save your facial information for retention, auxiliary identification and
verification during your business process to ensure your normal use of this
service. We may encrypt your facial information and send it to the Ministry
of Public Security for verification and accept the verification results. We
will store the facial information separately from the personal identity
information, and take security measures such as encrypted storage. The
retention period is an additional five years from the end of your
relationship with our bank. Upon expiration of the above retention period,
we will delete or anonymize your personal biometric information and
transaction information.
You may decide, at your free choice, to provide us with your personal
information for the following functions. If you fail or refuse to
provide the following information, you are not able to use the relevant
functions, but your use of other functions of our Banking will
not be adversely affected.
(1) Home Loan Mortgage
1) Personal identity information, including your name, gender,
nationality, ethic group, date of birth, ID certificate information
(including certificate type, number, date of expiry, issue country/region,
certificate images), residence address and date of moving to the residence
address, contact information (including fixed telephone, mobile phone
number, email address, mailing address), employment status (including
industry, occupation, position, workplace and unit address, whether
self-employed etc), address of house, length of service, marital status
(including spouse information, household registration information page), and
educational background etc;
2) Personal property information, including your personal or family income
status, personal or household liabilities and contingent liabilities, the
net assets and the premises status of the individual or household, the
collateral etc;
3) Personal credit information, we may inquire about your credit information
and/or credit reports from the Basic Financial Credit Information Database,
public sources and other legally established credit reference agencies,
including your credit card, loans, and other credit transaction information,
contingent liabilities, litigation, investigation, punishment information,
and other information that reflects your personal credit profile etc;
4) Other information relevant to the determination of the eligibility for
purchasing the premises, including the number of premises the family
(including the applicant himself or herself, spouse and minors) currently
owns, real estate transaction information, social security information,
qualification certificate, and property donation status etc;
5) The personal information of your connected individuals, including
information about your spouse, minors, joint applicant/borrower (and their
spouse) etc. The collection of personal information of the foregoing person
shall not exceed the scope of personal information collected from you under
this service.
(2) Personal loan (expect Home Loan Mortgage)
1) Personal identity information, including your name, gender,
nationality, ethic group , ID certificate information (including certificate
type, number, date of expiry, issue country/region, certificate images),
date of birth, marital status, household registration information, residence
address, contact information (including fixed telephone, mobile phone
number, email address, mailing address), employment status (including
industry, occupation, position, employer and employer address), and facial
recognition photos etc;
2) Personal account information (if applicable), including your account
number, account type, account opening date, account opening institution etc;
3) Personal property information, including your personal income status,
liabilities and contingent liabilities, as well as net asset information if
required etc;
4) Personal credit information, we may inquire your credit information
and/or credit reports from the Basic Financial Credit Information Database,
public sources and other legally established credit reference agencies,
including your credit card, loans, and other credit transaction information,
contingent liabilities, litigation, investigation, punishment information,
and other information that reflects your personal credit profile etc;
5) Other personal information arising from customer investigation, including
personal information collected during customer due diligence, sanctions and
anti-money laundering checks etc;
(3) Transfer and Remittance
To provide you with transfer and remittance service, we need to collect
from you the name of payee, beneficiary bank account number(or card number)
and the name of beneficiary bank.
If you want to transfer by using “Mobile Phone Number Transfer” function,
you need to provide the payee mobile phone number, the payee name and the
name of beneficiary bank(optional).
If you want to set “Mobile Phone Receive Money” function, we need to collect
your mobile phone number, your receiving account number, and we will use
your facial biometrics information and SMS verification code to verify your
identity.
To provide you with overseas transfer and remittance service, we need to
collect from you the payee’s name and address, the name of beneficiary bank,
beneficiary account number, country/region where beneficiary bank is located
or transfer purpose.
You need to provide security code via security device or SMS verification
code, for approving and processing transaction requests or instructions. We
will also collect the records of these transactions for your check or
enquiry.
We will collect your account balance information for the purpose of
notifying you with your account balance update via SMS or APP Push
Notification function.
(4) Risk Profiling Questionnaire
Your age, family assets, income information, investment experience,
investment preference and risk tolerance, planned investment products and
tenor.
(5) Purchasing and selling foreign currencies, foreign currencies exchanging,
purchase of financial products such as deposit and mutual fund
Your name, ID type, ID number, purpose of purchasing or selling foreign
currencies.
You need to provide security code via security device or SMS verification
code for approving and processing transaction requests or instructions. We
will also collect the records of these transactions for your check or
enquiry.
We will collect your payment transactions information for the purpose of
notifying you with your account balance update via SMS or APP Push
Notification function.
(6) Deposit and Structured Deposit
Your name, ID type, ID number, tax residence, taxpayer identification
number.
You need to provide security code via security device or SMS verification
code for approving and processing transaction requests or instructions. We
will also collect the records of these transactions for your check or
enquiry.
We will collect your payment transactions information for the purpose of
notifying you with your account balance update via SMS or APP Push
Notification function.
(7) Local Unit Trust Fund,Mutual Recognition Fund, Segregated Account and QDII
Products
Your name, ID type, ID number, tax residence, taxpayer identification
number, account information (account number, currency type, account
balance), funds transaction information and the way of share out bonus, your
written signature.
You need to provide security code via security device or SMS verification
code for approving and processing transaction requests or instructions. We
will also collect the records of these transactions for your check or
enquiry.
We will collect your payment transactions information for the purpose of
notifying you with your account balance update via SMS or APP Push
Notification function.
(8) Hang Seng Greater China Prestige
If you apply for the " Hang Seng Greater China Prestige" service, you
need to provide us with additional information or allow us to collect the
first 9 digits of your Hang Seng Hong Kong Prestige Banking account number
with the same name from you, and authorize our bank to regularly Verify the
authenticity and validity of the account information you provide with Hang
Seng Hong Kong to confirm that you meet the application qualifications for
the "Hang Seng Greater China Prestige" service.
(9) Financial Planning Questionnaire
Relevant information will be collected according to the family structure
of your choice, includes: year of birth, annual income (family or
individual), total loan amount (family or individual), retirement age,
post-retirement expenditure (family or individual), estimated education
funds for children.
(10) Insurance application
Your Name, Gender, nationality, place of birth, date of birth, ID
certificate information (including certificate type, number, date of expiry,
certificate images and signature), residence address, contact information
(including fixed telephone, mobile phone number, email address, mailing
address, postal code ), employment status (including industry, occupation,
position, and employer), personal or family income status, marital status,
family member information, and relationship with the insured, Tax Resident
Identity,Account Information (account number, account type, opening bank,
currency type, account balance). According to different insurance products,
further information will be collected including insured product information
(including product name, insured amount, payment period etc.), the insured's
name, gender, nationality, place of birth, date of birth, and identity
document information (including document type, number, validity period,
certificate images and signature), residence address, contact information
(including fix telephone, mobile phone number, email address, mailing
address and postal code), employment status (including industry, occupation,
position and employer), tax resident identity information, annual income,
health information of the insured related to insurance products, height and
weight of the insured, beneficiary information, and insurance policy
information.
You need to provide security code via security device or SMS verification
code for approving and processing requests or instructions for insurance
transactions. We will also collect the electronic policies for your future
enquiry.
We will collect your payee’s account number and balance for the purpose of
notifying you with your account balance update via SMS or APP Push
Notification function.
(11) Update the certificate information
Photo of front side and back side of your ID certificate, ID information
including your name, ID number, date of birth, effective date and tenor of
the certificate.
We will also use your facial biometrics information and SMS verification
code to verify your identity.
(12) Update personal information
Upon the updated information you provided, we will collect your name,
nationality, residential information (including residential country/region,
residential address, beginning date of your residence, home phone number);
mailing information ( including mailing country/region, address and
postcode(optional) ); job information ( including your profession,
occupation, industry, company’s name and address, office phone
number(optional), country/region you work, income ); and other information (
including marital status, education, and email address (optional) ).
We will also use your facial biometrics information, password sent by the
security device or SMS verification code to verify your
identity.
(13) Update the information of CAT I account bind with CAT II account
Your name, Debit Card number of CAT I account, the name of CAT I account
bank, mobile phone number, you need to provide SMS verification code to
verify your identify.
(14) Alipay Service Setting
Your Name, Debit card number, Alipay account number, mobile phone
number, and you need to provide SMS verification code to verify your
identify.
(15) Privileges and Reward Mall
When you use reward mall service, your name, reward account status,
reward balance and the code of gift coupon will be provided to HUGME
MARKETING, Reward Mall service provider (contact phone number is
400-608-1001).
(16) Bank Card and Pinless Setting
Your bank card number, bank account type and number.
You need to provide security code via security device or SMS verification
code for verifying your identify, approving and processing transaction
requests or instructions.
(17) Finding branches nearby
Your geographic location information for showing the nearby
branches
(18) Account opening appointment
Your name, title, contact number, city you are living in.
(19) Feedback/Complaint
We set up feedback/complaint files in accordance with the requirements
for complaint handling and management, and collect the names, ID types and
numbers, contact information (including phone number, email or mailing
address) of the complainant and the respondent, and the names, ID types and
numbers, contact information (including phone number, email or mailing
address) of the complaint agent of the legal person or other
organization.
(20) Contact us
Your name, title, contact number, email address, city you are living in,
details about what you enquire.
(21) Establishing corporate WeChat:
Your mobile phone number is used to add WeChat Enterprise of the Bank,
your WeChat nickname and profile picture information, your chat record with
WeChat Enterprise, browsing history of links sent by WeChat Enterprise, and
form questionnaire information (the specific details are subject to the page
and the information you actively provide).
In addition, our mobile banking applications may also invite your permissions
for the following system functions relating to personal information and will
collect and use the information for the permitted functions based on your
permission:
Items |
Permitted
Functions |
Fingerprint
logon |
Identity recognition, logon,
and verification using fingerprint(s) |
Face ID
|
Logon mobile banking via facial
recognition on some types of Apple device |
Camera
|
Facial recognition, ID
identification, bill scanning, QR code payment and recognize other
transaction instructions |
Photos
|
Upload ID certificate photos
and other pictures |
Location
|
Improve the location accuracy
of nearby branches, security verification, push messages, recognize and
control transaction risk. |
Telephone
|
Dial the phone number of
branches to enquire about banking business by one-touch |
Notifications
|
Push messages with alerts,
sounds, and icon tags (manage notification on the app through More >
Setting > Notifications) |
Device Information (to
read device call status, identifier, and network access in iOS
system) |
Maintain proper and secure
operation of digital banking services, prevent and control fraud risk,
dial the phone number by one-touch, and access to network |
For those functions that need your permission, you may, at your free choice,
decide whether to additionally grant the permission for the said functions on
mobile banking applications. If you refuse to grant permission for a
specific function, you are not able to use that specific function,
but your use of other functions in our mobile banking will not be adversely
affected.
For example, APP may support to cancel your previous function permission. You
may choose to turn off relevant system permissions, setting path as below:
For Android: Setting-Application-Permissions
For Apple IOS: Setting-Privacy-Permissions-Application
If you cancel the system permissions, we will no longer process relevant
personal information. However, the above cancellation would not impact the
processing of your personal information based on your previous system
permissions.
When you use our Mobile Banking Service, under certain particular scenarios, we
will use the software service toolkit provided by third party (“SDK”). To
provide the service to you, SDK will collect your information:
Third Party
SDK |
Scope and purpose of
collection |
AutoNavi Software Co., Ltd. (
Gaode SDK) |
To provide the location-based
service, we use your access permission, IMEI number, latitude and
longitude information, MAC address, running program.
Privacy Policy:
https://lbs.amap.com/pages/privacy/ |
Industrial Digital Financial
Services (Shanghai) Co., Ltd.(CibFintech SDK) |
To quickly verify your identity
by obtaining and recognizing your face feature and action.
Privacy Policy: https://open.cibfintech.com/portal/private.html
|
Tencent Computer Systems
Company Limited(WeChat SDK) |
For sharing to weChat, but
weChat will not collect your personal information.
Privacy Policy:
https://weixin.qq.com/cgi-bin/readtemplate?lang=zh_cn&t=weixin_agreement&s=privacy
|
AppDynamics SDK |
To analyze the performance of
e-Banking, we will use AppDynamics SDK to obtain your mobile IP, mobile
manufacturer, mobile type, network type, visit length information.
Privacy
Policy:
https://www.appdynamics.com/legal/privacy-policy
|
Tealium SDK |
To do visit statistics survey
and client behavior analysis, we use Thallium SDK to access to your
mobile IP, mobile manufacturer, network type, browser type, system
operation version, system operation type, and pages you visit or click.
Privacy Policy: https://tealium.com/privacy/
|
Transmit SDK |
For providing logon and
identity recognition function, we will use Transmit SDK to obtain your
telecom operator information (country code), mobile phone IP, device
manufacturer, mobile phone model, network type and operation system
version.
Privacy Policy:
https://www.transmitsecurity.com/legal/transmit-security-privacy-statement
|
Baiduyun SDK (integrated by
Baidu, Huawei, Xiaomi, OPPO, vivo, Meizu push SDK) |
For providing push notification
function, we will use Baiduyun SDK (Huawei, Xiaomi, OPPO, vivo, Meizu
device users will use relevant push SDK of the manufacturer, other
devices will use Baidu push SDK)
The push SDKs obtain mobile phone IP, OAID (xiaomi, vivo, OPPO), Android
ID, storage permission, device model. operation system version telecom
operator (name, country code), and network type.
Privacy Policy:
https://cloud.baidu.com/doc/Agreements/s/Kjwvy245m
|
Baidu Map SDK |
For providing trade tracker
function, we use Baidu map SDK to obtain your network type, device
identifier (Android ID, IDFV), and system information (operation system
version. device brand/model, device configuration).
Privacy Policy:
https://lbsyun.baidu.com/index.php?title=openprivacy
|
OneSpan RASP SDK |
To fortify the app and
proactively deter users from running the client mobile app on devices
with identified security vulnerabilities, we will use OneSpan RASP SDK
to access inventory of installed software throughout the utilization of
the mobile app.
Privacy Policy: https://
www.onespan.com/privacy-center
|
Beijing Digital Certification
Co., Ltd. Collaborative Signature Terminal SDK |
To perform login and
transaction operation we will use Beijing Digital Certification
Collaborative Signature Terminal SDK to obtain your device information
(unique device identifier: iOS will collect UUID, Android OS will
collect Android ID, device type, operating system) to apply for
electronic digital certificates and to perform data signing.
Privacy
Policy: https://service.isignet.cn/private/businessRules.html
|
If you refuse the listed SDK(s) to collect your information, you may
not be able to access these services, but you or relevant party can still access
to other functions or services on e-Banking.
6. In the case you are a connected person of our prospect or existing
Relevant Customers (for the purpose of this Policy, connected person means any
person with whom our entity customer or business applicant has a relationship,
including but not limited to, a legal representative, responsible person,
director, supervisor, officer or employee, partners or members of a partnership,
any shareholder, substantial owner, controlling person, or beneficial owner,
trustee, settler or protector of a trust, account holder of a designated
account, payee of a designated payment, representative, agent or nominee of our
entity customer or business applicant); or in the case you are a security
provider or a connected person of the security provider in the context of
corporate business, we may collect following personal information from our
entity customer or business applicant or security provider, for the purpose of
providing banking products, services, and performing banking business to the
relevant customer or business applicant, maintaining proper and secure operation
of banking business and services, preventing and controlling related risks, and
providing or proposing to provide security for liabilities owed to use by our
entity customer or business applicant. But we shall ensure such indirect
collection of information is limited to the minimum level which is necessary for
the related business. We will require the entity customer or business applicant
or security provider to assure the legitimacy of the source of your personal
information they provided, and have acquire your authorization for us to process
your personal information for above purposes.
(1) Personal identity information, including name, gender, nationality,
type/number/validity period of ID certificate, occupation, job position,
relationship with relevant customers (such as employment/shareholding/investment
relationship), telephone number, e-mail, contact information, birth date, place
of birth, place of residence, work address, photo, any relationship with
politically exposed person and relevant information etc.;
(2) Personal property information, including personal income, real property,
movable property (e.g. vehicle, financial assets, etc.), indebtedness,
investment, tax-paid amount, tax residence, taxpayer identification number,
amount paid for the provident fund, etc.;
(3) Personal biometrics information, such as signature, handwriting, portrait,
fingerprint, voice, face recognition information, etc.;
(4) Personal account information, including account number, time of account
opening, institution with which the account is opened, account balance, account
transaction information, etc.;
(5) Personal credit information, including credit card, loan and other credit
transaction information, litigation and investigation information, penalty and
any other information about personal credit status;
(6) Personal information arising from customer investigation, e.g. personal
information collected during customer due diligence, sanctions or anti-money
laundering checks etc.;
(7) Any other personal information acquired during the establishment or
maintenance of business relationship for the performance of contracts or for
compliance with laws and regulatory requirements, e.g. person information
included in the customer documentation, personal information arising from any
suspicious and unusual activity investigation, correspondence or other
communication records(including video or audio records, call log and
correspondence records and contents), device identifier and code, hardware type
and serial number, operating system version, software version, IP address,
network service provider etc.
The aforementioned information is required for the Security, providing products
or services to the relevant customer, fulfilling the agreement between you or
relevant customer and us, and enabling us to perform our obligation under laws
and regulations. If you refuse to provide such information (or the information
you provided is incomplete, inaccurate or not real), we may not be able to
provide the corresponding product, or service or perform the business for your
or any relevant customer.
7. Please understand that the services we provide are constantly
evolving. If you or Relevant Customers choose to use any other service not
listed above for which we have to collect your information, we will separately
explain to you or Relevant Customers, the purposes, methods, and scope of
personal information we collect, through reminders on pages, interaction with
you or Relevant Customers, agreements entered into with you or Relevant
Customers or other appropriate method, and obtain your or Relevant Customers’
consent for that. We will use, store, disclose, and protect your information in
accordance with this Policy and other agreements (if any) between you or
Relevant Customers and us. If you or Relevant Customers choose not to provide
certain information, you or Relevant Customers may be unable to use certain or
part of the service, but your or Relevant Customers’ use of other services we
provide will not be affected.
III. How we use your personal information
1. When you visit, browse, use our website and/or applications as a visitor, we
may use your information for the following purposes:
(1) to respond to your queries and requests;
(2) to provide you with information, products or services that you request from
us or which we feel may interest you, subject to your prior consent;
(3) to perform contracts or agreements entered into between you and us;
(4) to allow you to interact with us at our website and/or applications;
(5) to notify you about changes to our website and/or applications;
(6) to ensure the content of our website and/or application is presented in an
effective manner on your device;
(7) to maintain proper and secure operation of website and/or applications as
well as banking business or services, to prevent and control risk, or to detect
and prevent misuse or abuse of our website, applications, products or services;
(8) to meet the compliance obligations of us or the HSBC Group, or to comply
with any applicable laws and regulations that we and HSBC Group are subject to;
and
(9) to make statistics and analysis of the use of our business, products,
services or functions. But such statistics will not contain any of your
personally identifiable information.
2. When you are our prospect or existing individual customer, or providing
personal guarantee to our individual customer, or when you are a
connected person of our prospect or existing Relevant Customers, or you are a
security provider or a connected person of the security provider in the context
of corporate business, we may use your information for the following purposes:
(1) to provide you or Relevant Customers with products or services, handle
relevant personal guarantee business, to recognize or verify the identity of you
or Relevant Customers, or to approve, manage, handle, execute or effect
transactions requested or authorised by you or Relevant Customers;
(2) to comply with applicable laws and regulations (including anyapplicable law,
regulation, act, rules, court decision, arbitration judgment, self-discipline
rules, order, sanction, court order applicable to HSBC group member and any
covenant between HSBC group member and authority, and agreement between
authorities that is applicable to us or HSBC group member), or orders and
requirements of any authority;
(3) to perform the Bank's and/or the HSBC Group's compliance obligations
(including regulatory compliance, tax compliance and/or compliance with any
Applicable Laws or requirement of any authority), or to implement any policy or
procedure made by the Bank and/or the HSBC Group for the performance of
compliance obligations;
(4) to ensure safe and stable financial services, prevention or prohibition of
illegal or incompliant activities, to control or reduce risks, to detect,
investigate and prevent any real, suspected or potential financial crime
(including money laundering, terrorist financing, bribery, corruption, tax
evasion, fraud, evasion of economic or trade sanctions, and/or violations, or
acts or attempts to circumvent or violate any Applicable Laws relating to these
matters) and to manage financial crime risk;to collect any amounts due from any
debtor;
(5) to conduct credit or credit reference checks, to verify, obtain or provide
credit references or credit information;
(6) to enforce or defend the Bank or any member of the HSBC Group’s rights, or
to perform the Bank or any member of the HSBC Group’s obligations, by agreement
or by law, including without limitation, the performance of any contract between
us and any current or potential assignee, partner, or dealer in any business or
assets transaction.
(7) as required by or to fulfil the Bank or the HSBC Group’s reasonable
operational requirements (including for credit and risk management, data
statistics, analysis, processing and handling, archiving and recording, system,
product and service design, research, development and improvement, planning,
insurance, audit and administrative purposes) ;
(8) to introduce and demonstrate our services and products that might interest
you and improve our understanding on your interest in related services and
products, to provide you or Relevant Customers with business massage and
marketing information that you or Relevant Customers may have interest in, and
to conduct market researches and satisfaction surveys. If you would
not like to receive any of such information or be involved in any of such
activities, we provide instructions to help you refuse
them.
(9) to obtain or utilize administrative, consultancy, telecommunications,
computer, payment, data storage, processing, outsourcing and/or other products
or services.
3. The above information collection and use in this Policy shall not
impact our use of your information for the purposes as otherwise agreed
between you and us.
4. If we use your personal information for the purposes other than the purposes
of collection and use as set forth in this Policy or in other agreement between
you and us, we shall inform you how we use this information and obtain consent
from you before using your personal information for such additional purposes as
per applicable laws and regulations.
IV. How we share, transfer your personal information
1.Entrusted Processing and Sharing
(1) Unless otherwise agreed by you in express, we will not share with, publish or
disclose any of your personal information to any third party other than HSBC
group member. Only for legislative, reasonable, necessary and specific purpose
will we provide related personal information of yours to a third party. When we
entrust a third party to process your personal information, we will have binding
contract with the third party on the purpose, term, methodology, information
type, information security measures, etc., and monitor the third party
activities as related to information process. Further delegation will not be
allowed by us before we have your prior consent.
(2) For the purposes set out above in this Policy, we may provide or disclose
all or part of your personal information to the following recipients under the
preconditions that such provision or disclosure is necessary and is made with
proper protective measures provided that we or the recipients inform you of the
name of recipient, contact information, purpose of disposal, the type of
information that will be disposed and you grant specific consent to do so, and
in case any of your personal information is to be disposed in any other
methodology or for any other purpose, we will seek your further consent in
advance (unless any of such specific consent is exempted by law):
(a) a member of the HSBC Group (for instance, we may engage another HSBC group
member to dispose your personal information so as to extend the availability of
our service to you);
(b) any contractor, subcontractor, agent, third party product or service
provider, licensor, professional consultant, business partner, or associated
person of the HSBC Group (including their employees, directors and officers)
(for instance, we may provider telecom service provider with your mobile
phone number, transactional type, transaction amount and account balance
information so that the telecom service provider could inform you
of such information);
(c) any regulator of the Bank or any member of the HSBC Group or any other
authority, or any organisation or individual designated by such regulators or
authorities;
(d) anyone acting on your behalf according to your authorisation or according to
law, payment recipients, beneficiaries, account nominees, correspondent and
agent banks (e.g. for CHAPS, BACS, SWIFT, CIPS and CNAPS), clearing houses,
clearing or settlement systems, market counterparts, upstream withholding
agents, swap or trade repositories, stock exchanges, companies in which you have
an interest in securities (where such securities are held by us for you), or
anyone making any payment to you;
(e) any person or related party who has the right or obligation, acquires an
interest or assumes risk, in or in connection with any product or service you or
Relevant Customers receive from the Bank, or any business you or Relevant
Customers handle at the Bank or any transaction you or Relevant Customers make
with the Bank (for example, the person who provides or intends to provide any
mortgage or other security for any of your debt to the Bank, or the beneficiary
of the insurance product that the Bank distributes to you);
(f) other financial institutions, industrial associations, bank card
organizations, credit rating agencies, credit reference agencies (including
without limitation, the People’s Bank of China’s credit information database)
and information service providers (for instance, we may provide credit reference
agencies with such information as related to your application for loans and
performance of repayment, to facilitate objective reflection of your credit
status);
(g) any third party fund manager providing you with asset management services or
insurance companies providing you with insurance services (for instance, we will
provide your account information to finance institutes from which you have
obtained assets management service or insurance service so as for the institutes
to identify your payment);
(h) any third party that provides us with referral, agency or intermediary
service, or to whom we provide referral, agency or intermediary service;
2.Transfer
We will not transfer your personal information to any other company, organization
or individual, except for the following,
1) Where in compliance with applicable law, upon your request we will transfer in
such manner that is available by us, to the recipient you designate;
2) in the case of business/asset transfer, restructure, disposal (including
securitization), merger, spin-off, acquisition transactions, dismissal or
bankruptcy of us where the transfer of your personal information is necessary.
In such cases, we will inform you of the identity and contact method
of the personal information recipient as per applicable laws and regulations
as well as request said recipient to comply with this Policy. If the
personal information recipient changes the purposes and methods of personal
information processing activities under this Policy, it shall re-obtain the
consent from you.
V. How we store and cross border transfer your Personal
Information
1. In principle, the personal information we collected and generated
in our domestic operation will be stored within the territory of People's
Republic of China (the “PRC”).
2. However, as part of a global financial institution, we provide
products or services through globally deployed resources and applications. We
also accept the products and services from the HSBC Group and its vendors, or
conduct other business with them. Therefore, to realize the purposes described
in this Policy and other relevant legal documents, we will cross-border transfer
your personal information to offshore jurisdictions where HSBC Group and its
vendors are located, or be subject to visits from these areas or jurisdictions.
We will provide your personal information to overseas recipients subject to
applicable laws or regulations, and notify you of the name and contact
information of the specific overseas recipients, the purposes and methods of
processing, the types of personal information processed, and the methods and
procedures for exercising your rights subject to applicable laws and regulations
to overseas recipients. For details, please refer to the List for Personal
Information Cross-border Transfer (Individual Version) (see
https://www.hangseng.com.cn/1/PA_esf-ca-app-content/content/pws/home/pdf/NLforPIC
_en.pdf ) or the List for Personal Information Cross-border Transfer (Entity
Version) (see
https://www.hangseng.com.cn/1/PA_esf-ca-app-content/content/pws/home/pdf/NLforPIC_Entity_en.pdf
for details).The List for Personal Information Cross-border Transfer (Individual
Version) and the List for Personal Information Cross-border Transfer (Entity
Version) are in addition to this Policy and, together with this Policy, form a
complete set of rules for us to process your personal information.
3. We will take necessary measures to your personal information
provided to offshore and request offshore recipient to abide by our personal
information protection standard stipulated to comply with laws, regulations and
this Policy.
VI. Special Circumstances for Information Processing
We will process your personal information (such as information
collection, storage, use, analysis, transfer, provision, disclosure) based on
your consent. To the extent allowed by laws and regulations, we may process your
personal information without your consent under the following circumstances:
1. where it is necessary for entering into a contract or the
performance of a contract to which you are the party;
2. where it is necessary for compliance with a legal obligation to which we
are subject;
3. where it is necessary in order to protect your or others’ vital interests
related to life and property in an emergency or respond to public health
emergencies;
4. where it is within reasonable limits in order to carry out news coverage
or media supervision for the public interest;
5. where it is within reasonable range according to law to process the
information which has been legally made public or publicized by yourself; or
6. other circumstances stipulated by laws and regulations.
VII. How We Use Cookies and Other Technologies
1. Your visit, browse, use of any website, electronic business platform or mobile
device application of the Bank may be recorded for analysis on the number of
visitors to the site and general usage patterns, helping you reduce the number
and frequency of information entry or assisting determine the security status of
your account. Some of this information will be gathered through the use of
"Cookies". Cookies can enable us to provide safer and more useful features for
website or application users. The information collected by "Cookies" is
unidentified aggregated research data, and contains no name or address
information or any information that will enable anyone to contact you via
telephone, email or any other means. Most browsers and/or applications are
initially set to accept Cookies. You can manage or delete Cookies as per your
preference. Should you wish to disable Cookies, you may do so by changing the
setting on your browser and/or application.However, by disabling them, you may
not be able to take full advantage of our website and/or application.
2. The website and/or application may also work with third parties to research
certain usage and other activities on the website and/or application. These
third parties include without limitation to Adobe, etc. They use technologies
such as "Cookies" etc. to collect information for such research. They use the
information collected through such technologies (i) to find out more about
users, including user demographics and behavior and usage patterns, (ii) for
more accurate reporting and
(iii) to improve the effectiveness of our marketing. They aggregate the
information collected and then share it with us. No personally identifiable
information about you is collected or shared by Adobe with us as a result of
this research. Should you wish to disable the Cookies associated with these
technologies, you may do so by changing the setting on your browser and/or
application. However, after changing the setting you may not be able to enter
certain part(s) of our website and/or application.
VIII. Your Rights relating to Personal Information
1. You have the right to request us to protect and secure your personal
information in accordance with the provisions of the applicable laws and this
Policy. You have the right to exercise your rights of individual granted by
applicable laws and regulations.
2. You have the right to check with us whether we hold your personal information
as well as to access and copy your personal information.
3. You have the right to change the scope of authorization or withdraw your
consent(XI. How to Contact Us ). We will not further process the related
information once you change your authorization. Please note the withdrawal of
consent will not affect the lawfulness of processing based on consent given by
you before its withdrawal.
4. You have the right and obligation to update your personal information at the
Bank to ensure all information be accurate and up-to-date. You have the right to
require the Bank to provide convenience for you to update your personal
information at the Bank and to correct any of your information that is
inaccurate.
5. In relation to personal credit or guarantee, you have the right to request to
be informed of your personal information that is disclosed to credit reference
agencies by us, so as to enable your request to the relevant credit reference
agencies for access to and correction of your information.
6. We will only retain your personal information within the time limit necessary
to achieve the purpose of our bank’s services and within the time limit allowed
by applicable laws, regulations or separately agreed between our bank and you,
unless otherwise required or allowed by the applicable laws. If we will respond
to your request of deletion in accordance with applicable laws or regulations,
we will also notify the third party which obtained your personal information
from us and request them to delete such information in a timely manner, unless
otherwise stipulated by laws or regulations, or if the third party has obtained
your separate authorization.
When we delete your personal information from our service system, your personal
information which stored in backup system might be hard to delete at the same
time. However, we assure to delete your personal information when next backup
system updates immediately. If one of the following occurs, we will delete your
personal information on our own initiative or at your request, unless to comply
with the requirements of applicable laws, archives, accounting, auditing and
reporting, or to perform the other agreement between you and us, or to clean up
the credit and debt relationship between you and us, or to provide information
inquiry to you, regulators or other organs to delete your personal
information:
(1) the service purpose of the bank has been realized, cannot be achieved or no
longer necessary to provide the service;
(2) the bank ceases to provide services, or the storage period has expired or
exceed;
(3) you withdraw your consent to us in accordance with the contact information
stipulated in the Policy;
(4) we violate laws or regulations or this Policy to deal with your personal
information.
7. When you use the mobile device applications provided by us, you have the
right to uninstall the mobile device applications or stop using the mobile
device applications to refuse us to further obtain your personal information.
Please note that to uninstall the mobile device applications will not close your
digital banking account. . You have the right to close your digital
banking account (by closing your bank account or disabling the digital
banking functions of your bank account, for the sake of account safety you
should visit our branches or sub-branches in person for such closure. If you
hold CAT II settlement account with us, please call 24- hour customer
service hotline at 4008-30-8008 for closing your bank account after all
funds has been transferred out.) and request for deletion of your personal
information in accordance with the applicable law and regulation, this
Policy, and other agreement between you and us, we will handle your request
within 15 working days after receiving your request. After you close your
digital banking account, we will no longer collect your information through
relevant channel, and will delete relevant personal information in
accordance with the applicable law and regulation, this Policy, and other
agreement between you and us.
8. Nothing in this Policy will shall limit the other rights you should have as a
Personal Information Subject under applicable laws and regulations.
IX. How to Contact Us
1. Requests to access, copy, transfer, correct, supplement, delete, and restrict
the processing of personal information, change/withdraw of authorisation or
dispose of personal information beyond retention period, for a copy of this
Policy, enquiries about our practices regarding personal information and privacy
protection, or exercising other rights you are granted by the applicable laws
and regulations, should be addressed to:
https://www.hangseng.com.cn/1/2/contact-us-chi/email-us
Hotline:400 830 8008
“Contact US” on the HANG SENG China APP
our branches or sub- branches
Upon the receipt of your request, we will handle your request and reply to you
within 15 working days.
2. For security purpose, you may need to raise your request in written form or
use other methods to prove your identity. We may request you to verify your
identity before processing your request.
3. Normally the Bank will not charge fees for the processing of your
above-mentioned reasonable requests related to personal information.
Nevertheless, for the frequently repeated and unreasonable requests, the Bank
will charge certain fees as the case may be to the extent allowed by the law and
regulation.
Notwithstanding the foregoing, we may reject your request if it is
illegal, noncompliant, or unnecessarily repeated, needs excessive technical
means (for example, the need to develop information systems or fundamentally
change current practices), brings risks to the legitimate rights and
interests of others, is unreasonable or technically impracticable.
We may not be able to respond to your request under any of the following
circumstances:
(1) where the request is in relation to our legal and financial compliance
obligation under laws and regulations;
(2) where the request is in direct relation to state security or national
defence security;
(3) where the request is in direct relation to public security, public
sanitation, or major public interests;
(4) where the request is in direct relation to criminal investigations,
prosecutions, trials, execution of rulings, etc.;
(5) where there is sufficient evidence that you are intentionally malicious
or abuse your rights;
(6) where the purpose is to protect you or other individual’s life, property
and other substantial legal interests but difficult to acquire your consent;
(7) where responses to your request will give rise to serious damage to your
or any other individual or organisation’s legal rights and interests; or
(8) where the request involves any trade secret.
4. You may supervise or make suggestions for our practices regarding personal
information and privacy protection, and lodge complaints or demand compensation
according to law against us or our staff for any infringement of your rights and
interests in your personal information and privacy. This Policy will be governed
by the laws of the People’s Republic of China. Any disputes related to this
Policy shall be resolved by consultation. If it could not be resolved, you agree
the disputes shall be submitted to the People’s Court of Pudong New District,
Shanghai.
X. How We Handle Minors' Personal Information
1. Using our products and services by minors must be carried out under the
supervision of their parents or guardians. We will abide by laws and
regulations, this Policy and Provisions on the Cyber Protection of Personal
Information of Children to give special protection to minor’s personal
information. If you are a parent or guardian of a minor, when you have any
questions about the information processing of the minor under your guardianship,
please contact us through the contact method stipulated in this Policy.
2. We understand the importance of protecting the minors' personal information
with extra caution. If you are under 18 years old, it is suggested that your
parents or guardians shall carefully read this Policy and you shall submit your
personal information only after seeking consent from them. Meanwhile, it is
suggested that your use of our product and service is conducted under the
guidance of your parents or guardians. If they do not agree you to submit your
personal information or to use any product or service of the Bank, you shall
immediately stop submitting your information or using the product and service of
the Bank. In addition, please notify such event to us as soon as possible, so as
to allow us to take effective measures.
3. If you are under 14 years old, you should and only obtain the consent of your
parents or guardians to use any product or services of the bank or provide your
personal information to the bank. We will process with personal information of
minors in accordance with Provisions on the Cyber Protection of Personal
Information of Children and with the permission of laws and regulations and the
explicit consent of your parents or guardians. If we find ourselves are
processing personal information of minors without the consent of verifiable
parents or guardians, we will try to delete such personal information as soon as
possible.
XI. Update of this Policy and Others
1. This Policy (including the
List for Personal Information Cross-border Transfer(Individual Version)
and the
List for Personal Information Cross-border Transfer (Entity Version))may
be amended or updated from time to time. We will publish such changes at our
website and/or relevant applications. You should keep an eye on relevant
releases from time to time. We also will inform you of the contents of the
publication by means of information push, short message and telephone
notification as appropriate. And such amendments and updates will take effect
from the expiration of the publication period and replace previous relevant
contents. If you don’t agree to modify and update the content of this
Policy, you should immediately stop using relevant products and services of
the bank. If you don’t agree to modify and update the content of this
Policy, you should immediately stop using relevant products and services of
the bank. If you continue to use relevant products and services, it will be
deemed that you agree to accept the modification. Change of this Policy
should not unreasonably reduce or restrict your rights as the personal
information subject according to the applicable laws.
2. If you provide the personal information of other third parties to the Bank, we
have the right to know the legitimacy of the source of the information and you
have obtained authorization of the third party for us to process the personal
information for specific purposes. If we need to process the personal
information of the third party to carry out business beyond the scope of
authorization of the third party, we will obtain the separate consent of the
third party again through you. You should ensure that the third party is aware
of this Policy (including the
List for Personal Information Cross-border Transfer (Individual Version)
,List
for Personal Information Cross-border Transfer (Entity Version)),
and their subsequent updates from time to time, should specifically inform the
third party how the Bank will process its personal information in accordance
with this Policy and should ensure that you have obtained the full, informed and
valid consent of the third party(including the separate consent and/or written
consent as required by applicable laws). You may remind the person to read this
Policy beforehand, or you may provide a copy of this Policy to the person.
3. We may use indirect collection to obtain your personal information from third
parties, but we will ensure that such indirect collection follows the principle
of minimum quantity. We will ask the third party to assure the legitimacy of the
source of your personal information provided, and confirm they have obtained
your authorization for us to process personal information for specific purposes.
4. When you accept specific products or services provided by a third party
through the products or services of our bank, you confirm that the products or
services provided by the third party are operated independently by the third
party. The third party shall independently assume full responsibility for the
disputes arising from the handing of your personal information by the third
party, and we will do our best to assist you in business. If a third party
processes your personal information when providing you with products or
services, you and the third party shall reach a separate agreement in according
with applicable laws.
5. The policy is subject to the Chinese version, and the English translation (if
any) is for reference only.
|