Hang Seng Bank (China) Limited ("Hang Seng", "the Bank", "we" or "us"), with the register office 34/F, 36/F & 46F, Hang Seng Bank Tower, 1000 Lujiazui Ring Road, Free Trade Zone, Shanghai, China, take personal information confidentiality and security very seriously, and strive at all times to protect our customers’ and related parties’ personal information and privacy when we provide our good services with you. We therefore formulate this Personal Information and Privacy Protection Policy (this “Policy”) to comply with the laws, regulations, rules and regulatory requirements.
Important Notice: This Policy shall apply to personal information of you when you visit, browse, use our website or mobile device application, apply for or use any product, service or device of the Bank, handle any business, make any transaction or sign any agreement with the Bank, , participate in any marketing events and surveys of the Bankor communicate or liaise with the bank through other methods. If there is any discrepancy between this Policy and the other agreements entered into or other terms and conditions agreed between you and us, such other agreements or terms and conditions shall prevail. You agree and understand the Bank may collect, store, use, process, transfer, provide, disclose, delete or use other methods to process your personal information.
In the context of corporate business, we understand that you have agreed that Relevant Customers can use your personal information for the purpose described in this Policy, and therefore, we treat Relevant Customers as your authorized representatives related to your personal data processing activities.
If you have any query, comment or suggestion, please contact us. You may contact us through below contact detail or “contact us” which is stated in our official website
(www.hangseng.com.cn)or mobile device application.
Contact Us: DATA PRIVACY OFFICER (DPO)
https://www.hangseng.com.cn/1/2/contact-us-chi/email-us
Hotline:400 830 8008
This Policy include below content:
I. Personal Information and Privacy Protection Policy Overview – How We Protect Your Personal Information
II. How we collect your personal information
III. How we use your personal information
IV. How we share, transfer your personal information
V. How we store and cross border transfer your Personal Information
VI. Special Circumstances for Information Processing
VII. How we Use Cookies and Other Technologies
VIII. Your Rights relating to Personal Information
IX. How to Contact Us
X. How We Handle Minors' Personal Information
XI. Update of this Policy and Others
I. Personal Information and Privacy Protection Policy Overview – How We Protect Your Personal Information
1. Overview
To preserve the confidentiality, security and privacy of all personal information you provide to us, we follow the principle of reasonableness, legitimacy rightfulness and honest, and adopt below principle of public and transparent to protect and process your personal information:
(1) We only collect personal information that we believe to be relevant and required for us to comply with law, perform a statutory responsibility or statutory obligation, understand your or relevant client’s needs, build up, review, maintain and develop our relationship with you or relevant clients, provide you with materials of relevant products and services.
(2) We may for specific purposes provide your personal information to other members of the HSBC Group, our agents or other third parties, as permitted by law. We will obtain your consent to comply with the laws.
(3) We will not transfer or provide your personal information to any third party, unless it is made to comply with law, perform a statutory responsibility, statutory obligation or perform the agreement, or in accordance with this Policy or other agreement between you and the Bank.
(4) We may be required from time to time to disclose your personal information to our regulators, other governmental or judicial bodies or agencies, but we will only do so following the requirement of law, performance of statutory responsibility, requirement of regulator and government, performance of statutory obligation or agreement to the extent that we deem necessary.
(5) We will not publicly disclose your personal information and we will obtain your separate consent and inform you the purpose, style and method of the personal information which is publicly disclosed.
(6) We aim to keep your personal information on our records accurate and up-to-date. You can contact us to modify or supplement as per the contact detail stated in this Policy.
(7) We maintain strict security systems and perform necessary inspection and filing procedure to comply with laws to prevent unauthorised access to your personal information by anyone.
(8) All members of the HSBC Group, all our staff and all third parties with permitted access to your personal information are specifically required to take necessary measures to ensure the process of personal data is equivalent to the standard of personal information protection as stipulated in this Policy.
By maintaining our commitment to these policies, we will ensure that we respect the inherent trust that you place in us.
2. Information Security
(1) Information security is our top priority. We will endeavor at all times to safeguard your personal information against unauthorised or accidental access, processing or damage. We maintain this commitment to information security by implementing appropriate security and managerial measures to secure your personal information.
(2) We will strictly comply with the requirements of "Measures for the Administration of Electronic Banking" to keep the personal information provided by the users and customers of the Bank's website and e-banking confidential and store such personal information securely. To enable you to use the Bank's website and e-banking safely, we will provide the bank level information protection. The Bank's website and e- Banking will be accessed to by using encryption mode (such as HTTPs and TLS) and the transfer and encryption of the relevant data should be conducted under the Bank's security standard so as to satisfy the bank level security requirements.
(3) We have a dedicated team for business management, technology support and security protection to operate and manage the Bank's website and e-banking services. The team has clear and specific responsibilities for information security and the team leader will ensure these responsibilities to be performed. In addition, the Bank also sets up a series of management mechanism for system access, data privacy and security safeguard.
(4) The servers of the Bank's website and e-banking services are deployed in the unified data center of our Group. We effectively prevent network attacks by properly setting up and using the firewall and antivirus applications within a highly secured environment. In addition, we catch all abnormal status through real-time monitoring system, such as low disk space, IP attack etc., which will trigger system alerts to administer and security team by SMS and emails to ensure the fast response.
(5) We exercise strict management over our staff members who may have access to your personal information, including but not limited to access control applied to different positions, contractual obligation of confidentiality agreed with relevant staff members, formulation and implementation of information security related policies and procedures, and related training offered to staff. When we use services provided by external service providers (entities or individuals), we also impose strict confidentiality obligations on them and request them to abide by our security standards when processing personal information.
(6) For the security of your personal information, you take on the same responsibility as us. You shall keep your personal information secret and confidential, such as your account information, identity verification information (e.g. user name, password, dynamic password, verification code, etc.), and all the documents, devices or other media that may record or otherwise relate to such information, and shall ensure your personal information and relevant documents, devices or other media are used only in a secured environment. You shall not, at any time, disclose to any other person or allow any other person to use such information and relevant documents, devices or other media. Once you think your personal information and/or relevant documents, devices or other media have been disclosed, lost or stolen, or may otherwise affect the security of your use of our products, devices or services, you shall notify us immediately so that we may take appropriate measures to prevent further loss from occurring.
(7) If unfortunately, personal information security incident occurs, we will adopt emergency plan and take relevant actions and remediation measures to mitigate the severity and losses in connection therewith. Meanwhile, we will, following the applicable requirements set out in law and regulation, inform you of the basic information of the security incident and its possible impact, the actions and measures we have taken or will take, suggestions for you to prevent and mitigate the risk, and applicable remediation measures. We will inform you about the security incident by email, mail, call, SMS, push notification or through other methods as appropriate in a timely manner. Where it is difficult to notify each Personal Information Subject, we will post public notice in a reasonable and effective way. Meanwhile, we will report such personal information security incident and our actions in accordance with applicable law, regulation and regulatory requirements.
II. How we collect your personal information
1. Personal information refers to any kind of information related to an identified or identifiable natural person as electronically or otherwise recorded, excluding information that has been anonymized. Personal information include name, birth date, ID certificate information (ID card, passport and etc.,), personal biometrics recognition, information, contact information, address, account information, property status, location and etc., Sensitive personal information refers to personal or property information that, once leaked or illegally provided or misused, may harm personal or property safety and will easily lead to infringement of the personal reputation, human dignity, physical or psychological health, or discriminatory treatment. Such information mainly includes ID certificate information (ID card, passport and etc.,), personal biometrics recognition, bank account, credit information, property information, transaction information, location, medical and health, biometrics recognition, specific identity, financial account, as well as any personal information of a minor under the age of 14.
The processing of sensitive personal information has a significant impact on your personal rights and interests. Once leaked or illegally used, it may endanger your personal and property safety. We will carry out information processing activities in accordance with laws, regulations, regulatory requirements and your agreement, and take appropriate security measures to protect your personal information. If you refuse to provide such sensitive personal information or do not have the participation of such sensitive personal information, our bank will not be able to provide you with specific products or services, nor supervise and manage the daily business operations.
2. For the purpose of complying with law, regulation and regulatory provision, or as required for us to provide you with various products and services and continuously improve our products and services , or in order to contact or communicate with you or Relevant Customers, understand the needs of you or Relevant Customers, build up, review, maintain and develop our relationship with you or Relevant Customers, we may receive and keep the personal information provided by yourself or Relevant Customers, or, according to law, regulation, regulatory provision, your or Relevant Customers authorisation or consent, collect, enquire, and verify by proper methods from/with members of the HSBC Group or other third parties (including but not limited to credit reference agencies, information service providers, relevant authorities, employers, counterparties, joint applicants, contact persons, close relatives and other entities/individuals).
3. The personal information we collect may be recorded in paper, electronic means (for example, including but without limitation to the information we collect by way of automated machine, website, online banking, mobile banking or other mobile device application, email, text message, telephone banking or other channels) or any other means.
4. When you visit, browse, use our website and/or applications as a visitor, we may collect information about the browser or device you use (such as IP address, operating system, and browser version), your browsing actions and patterns. We use Cookies and similar technologies to collect above information. You may disable Cookies by changing your settings (for details, please refer to Article VII of this Policy “How We Use Cookies and Other Technologies”).
The technical information which cannot identify any individual will not be treated as personal information. However, when such technical information can identify the individual alone or in combination with other information, we will protect it as your personal information.
We may invite you to subscribe to our newsletter, updates, alerts or to participate in our marketing events or survey via our website and/or applications (such as our WeChat subscription account). If you accept relevant invitation, we may collect the information you provide to us by filling out contact forms or questionnaires, etc. The said information may include name, telephone number, mobile phone number, email, employer name, and job position etc. Refusal to provide such information will not affect your visiting, browsing or using our website and/or applications.
5. When you are our prospect or existing individual customer, or when you give or propose to give guarantees for obligations owed by our individual customers to us, in order for us to provide you with our products/services and to handle relevant banking business, we may collect the following information upon your consent or authorization or in accordance with applicable laws and regulations:
In order for us to provide you with Banking services, you need to provide us or allow us to collect from you the following information necessary for the following purposes or functions. If you refuse to provide those personal information (or the information so provided is incomplete, inaccurate or untrue), you will not be able to use our relevant banking products or services we provide:
(1) Registering e-Banking account:
If you holdI CAT I settlement account with us, you need to provide your Ibank card number and password, or your phone banking number and phone banking PIN to register your e-Banking account;
If you hold CAT II settlement account with us, you need to provide Your name, mobile phone number, ID type, ID number and facial biometrics information to register your e-Banking account.
(2) Logging on e-Banking account, retrieving logon username or password:
Logging on e-Banking account: Your e-Banking username, logon password, second password, security code and security password pre- set by you or created or sent via security device, mobile phone number, other equipment or methods (collectively “password”);
For retrieving logon username: Your name, Your ID type, ID number, and SMS verification code;
If you hold CAT II settlement account with us, you need to provide your e-Banking username, SMS verification code and facial biometrics information to retrieve your e-Banking logon password.
(3) Maintaining proper and secure operation of e-Banking, preventing and controlling e-Banking related risks:
We may collect the technical information such as your device type, operating system, unique device identifier, software version, International Mobile Equipment Identity (IMEI), logon IP/MAC address, internet service provider (ISP). If above information cannot be used to identify your identity or retrieved to personal information, we will not treat it as your personal information. If the information alone or in combination with other information may be used to identify your identity, we will treat it as your personal information and have it properly protected.
You may decide, at your free choice, to provide us with your personal biological identification information for the following purpose or functions.
(1) Logon Mobile banking
In order to allow you to logon Mobile banking safely and conveniently, if your device is an Apple mobile device that supports fingerprint/facial recognition functions, you can choose to activate fingerprint/facial recognition to logon Mobile banking. Such information is processed and stored by the mobile phone terminals. We only collect the fingerprint/facial recognition result, rather than keep the raw biometric information. If you do not want to use fingerprint/facial recognition, you can also logon mobile banking via other methods which we provide.
(2) The functions based on fingerprint/facial recognition
In order to allow you to use mobile banking safely, including register e-Banking account for CAT II customers, Mobile Phone Receive Money Settings, update ID information, and update personal information, we need to collect and save your facial information for retention, auxiliary identification and verification during your business process to ensure your normal use of this service. We may encrypt your facial information and send it to the Ministry of Public Security for verification and accept the verification results. We will store the facial information separately from the personal identity information, and take security measures such as encrypted storage. The retention period is an additional five years from the end of your relationship with our bank. Upon expiration of the above retention period, we will delete or anonymize your personal biometric information and transaction information.
You may decide, at your free choice, to provide us with your personal information for the following functions. If you fail or refuse to provide the following information, you are not able to use the relevant functions, but your use of other functions of our Banking will not be adversely affected.
(1) Home Loan Mortgage
1) Personal identity information, including your name, gender, nationality, ethic group, date of birth, ID certificate information (including certificate type, number, date of expiry, issue country/region, certificate images), residence address and date of moving to the residence address, contact information (including fixed telephone, mobile phone number, email address, mailing address), employment status (including industry, occupation, position, workplace and unit address, whether self-employed etc), address of house, length of service, marital status (including spouse information, household registration information page), and educational background etc;
2) Personal property information, including your personal or family income status, personal or household liabilities and contingent liabilities, the net assets and the premises status of the individual or household, the collateral etc;
3) Personal credit information, we may inquire about your credit information and/or credit reports from the Basic Financial Credit Information Database, public sources and other legally established credit reference agencies, including your credit card, loans, and other credit transaction information, contingent liabilities, litigation, investigation, punishment information, and other information that reflects your personal credit profile etc;
4) Other information relevant to the determination of the eligibility for purchasing the premises, including the number of premises the family (including the applicant himself or herself, spouse and minors) currently owns, real estate transaction information, social security information, qualification certificate, and property donation status etc;
5) The personal information of your connected individuals, including information about your spouse, minors, joint applicant/borrower (and their spouse) etc. The collection of personal information of the foregoing person shall not exceed the scope of personal information collected from you under this service.
(2) Personal loan (expect Home Loan Mortgage)
1) Personal identity information, including your name, gender, nationality, ethic group , ID certificate information (including certificate type, number, date of expiry, issue country/region, certificate images), date of birth, marital status, household registration information, residence address, contact information (including fixed telephone, mobile phone number, email address, mailing address), employment status (including industry, occupation, position, employer and employer address), and facial recognition photos etc;
2) Personal account information (if applicable), including your account number, account type, account opening date, account opening institution etc;
3) Personal property information, including your personal income status, liabilities and contingent liabilities, as well as net asset information if required etc;
4) Personal credit information, we may inquire your credit information and/or credit reports from the Basic Financial Credit Information Database, public sources and other legally established credit reference agencies, including your credit card, loans, and other credit transaction information, contingent liabilities, litigation, investigation, punishment information, and other information that reflects your personal credit profile etc;
5) Other personal information arising from customer investigation, including personal information collected during customer due diligence, sanctions and anti-money laundering checks etc;
(3) Transfer and Remittance
To provide you with transfer and remittance service, we need to collect from you the name of payee, beneficiary bank account number(or card number) and the name of beneficiary bank.
If you want to transfer by using “Mobile Phone Number Transfer” function, you need to provide the payee mobile phone number, the payee name and the name of beneficiary bank(optional).
If you want to set “Mobile Phone Receive Money” function, we need to collect your mobile phone number, your receiving account number, and we will use your facial biometrics information and SMS verification code to verify your identity.
To provide you with overseas transfer and remittance service, we need to collect from you the payee’s name and address, the name of beneficiary bank, beneficiary account number, country/region where beneficiary bank is located or transfer purpose.
You need to provide security code via security device or SMS verification code, for approving and processing transaction requests or instructions. We will also collect the records of these transactions for your check or enquiry.
We will collect your account balance information for the purpose of notifying you with your account balance update via SMS or APP Push Notification function.
(4) Risk Profiling Questionnaire
Your age, family assets, income information, investment experience, investment preference and risk tolerance, planned investment products and tenor.
(5) Purchasing and selling foreign currencies, foreign currencies exchanging, purchase of financial products such as deposit and mutual fund
Your name, ID type, ID number, purpose of purchasing or selling foreign currencies.
You need to provide security code via security device or SMS verification code for approving and processing transaction requests or instructions. We will also collect the records of these transactions for your check or enquiry.
We will collect your payment transactions information for the purpose of notifying you with your account balance update via SMS or APP Push Notification function.
(6) Deposit and Structured Deposit
Your name, ID type, ID number, tax residence, taxpayer identification number.
You need to provide security code via security device or SMS verification code for approving and processing transaction requests or instructions. We will also collect the records of these transactions for your check or enquiry.
We will collect your payment transactions information for the purpose of notifying you with your account balance update via SMS or APP Push Notification function.
(7) Local Unit Trust Fund,Mutual Recognition Fund, Segregated Account and QDII Products
Your name, ID type, ID number, tax residence, taxpayer identification number, account information (account number, currency type, account balance), funds transaction information and the way of share out bonus, your written signature.
You need to provide security code via security device or SMS verification code for approving and processing transaction requests or instructions. We will also collect the records of these transactions for your check or enquiry.
We will collect your payment transactions information for the purpose of notifying you with your account balance update via SMS or APP Push Notification function.
We will collect your payment transactions information for the purpose of notifying you with your account balance update via SMS or APP Push Notification function.
(8) Hang Seng Greater China Prestige
If you apply for the " Hang Seng Greater China Prestige" service, you need to provide us with additional information or allow us to collect the first 9 digits of your Hang Seng Hong Kong Prestige Banking account number with the same name from you, and authorize our bank to regularly Verify the authenticity and validity of the account information you provide with Hang Seng Hong Kong to confirm that you meet the application qualifications for the "Hang Seng Greater China Prestige" service.
(9) Financial Planning Questionnaire
Relevant information will be collected according to the family structure of your choice, includes: year of birth, annual income (family or individual), total loan amount (family or individual), retirement age, post-retirement expenditure (family or individual), estimated education funds for children.
(10) Insurance application
Your Name, Gender, nationality, place of birth, date of birth, ID certificate information (including certificate type, number, date of expiry, certificate images and signature), residence address, contact information (including fixed telephone, mobile phone number, email address, mailing address, postal code ), employment status (including industry, occupation, position, and employer), personal or family income status, marital status, family member information, and relationship with the insured, Tax Resident Identity,Account Information (account number, account type, opening bank, currency type, account balance). According to different insurance products, further information will be collected including insured product information (including product name, insured amount, payment period etc.), the insured's name, gender, nationality, place of birth, date of birth, and identity document information (including document type, number, validity period, certificate images and signature), residence address, contact information (including fix telephone, mobile phone number, email address, mailing address and postal code), employment status (including industry, occupation, position and employer), tax resident identity information, annual income, health information of the insured related to insurance products, height and weight of the insured, beneficiary information, and insurance policy information.
You need to provide security code via security device or SMS verification code for approving and processing requests or instructions for insurance transactions. We will also collect the electronic policies for your future enquiry.
We will collect your payee’s account number and balance for the purpose of notifying you with your account balance update via SMS or APP Push Notification function.
(11) Update the certificate information
Photo of front side and back side of your ID certificate, ID information including your name, ID number, date of birth, effective date and tenor of the certificate.
We will also use your facial biometrics information and SMS verification code to verify your identity.
(12) Update personal information
Upon the updated information you provided, we will collect your name, nationality, residential information (including residential country/region, residential address, beginning date of your residence, home phone number); mailing information ( including mailing country/region, address and postcode(optional) ); job information ( including your profession, occupation, industry, company’s name and address, office phone number(optional), country/region you work, income ); and other information ( including marital status, education, and email address (optional) ).
We will also use your facial biometrics information, password sent by the security device or SMS verification code to verify your identity.
(13) Update the information of CAT I account bind with CAT II account
Your name, Debit Card number of CAT I account, the name of CAT I account bank, mobile phone number, you need to provide SMS verification code to verify your identify.
(14) Alipay Service Setting
Your Name, Debit card number, Alipay account number, mobile phone number, and you need to provide SMS verification code to verify your identify.
(15) Privileges and Reward Mall
When you use reward mall service, your name, reward account status, reward balance and the code of gift coupon will be provided to HUGME MARKETING, Reward Mall service provider (contact phone number is 400-608-1001).
(16) Bank Card and Pinless Setting
Your bank card number, bank account type and number.
You need to provide security code via security device or SMS verification code for verifying your identify, approving and processing transaction requests or instructions.
(17) Finding branches nearby
Your geographic location information for showing the nearby branches
(18) Account opening appointment
Your name, title, contact number, city you are living in.
(19) Feedback/Complaint
We set up feedback/complaint files in accordance with the requirements for complaint handling and management, and collect the names, ID types and numbers, contact information (including phone number, email or mailing address) of the complainant and the respondent, and the names, ID types and numbers, contact information (including phone number, email or mailing address) of the complaint agent of the legal person or other organization.
(20) Contact us
Your name, title, contact number, email address, city you are living in, details about what you enquire.
(21) Establishing corporate WeChat:
Your mobile phone number is used to add WeChat Enterprise of the Bank, your WeChat nickname and profile picture information, your chat record with WeChat Enterprise, browsing history of links sent by WeChat Enterprise, and form questionnaire information (the specific details are subject to the page and the information you actively provide).
In addition, our mobile banking applications may also invite your permissions for the following system functions relating to personal information and will collect and use the information for the permitted functions based on your permission:
Items |
Permitted Functions |
Fingerprint logon |
Identity recognition, logon, and verification using fingerprint(s) |
Face ID |
Logon mobile banking via facial recognition on some types of Apple device |
Camera |
Facial recognition, ID identification, bill scanning, QR code payment and recognize other transaction instructions |
Photos |
Upload ID certificate photos and other pictures |
Location |
Improve the location accuracy of nearby branches, security verification, push messages, recognize and control transaction risk. |
Telephone |
Dial the phone number of branches to enquire about banking business by one-touch |
Notifications |
Push messages with alerts, sounds, and icon tags (manage notification on the app through More > Setting > Notifications) |
Device Information (to read device call status, identifier, and network access in iOS system) |
Maintain proper and secure operation of digital banking services, prevent and control fraud risk, dial the phone number by one-touch, and access to network |
For those functions that need your permission, you may, at your free choice, decide whether to additionally grant the permission for the said functions on mobile banking applications. If you refuse to grant permission for a specific function, you are not able to use that specific function, but your use of other functions in our mobile banking will not be adversely affected.
For example, APP may support to cancel your previous function permission. You may choose to turn off relevant system permissions, setting path as below:
For Android: Setting-Application-Permissions
For Apple IOS: Setting-Privacy-Permissions-Application
If you cancel the system permissions, we will no longer process relevant personal information. However, the above cancellation would not impact the processing of your personal information based on your previous system permissions.
When you use our Mobile Banking Service, under certain particular scenarios, we will use the software service toolkit provided by third party (“SDK”). To provide the service to you, SDK will collect your information:
Third Party SDK |
Scope and purpose of collection |
AutoNavi Software Co., Ltd. ( Gaode SDK) |
To provide the location-based service, we use your access permission, IMEI number, latitude and longitude information, MAC address, running program. Privacy Policy: https://lbs.amap.com/pages/privacy/ |
Industrial Digital Financial Services (Shanghai) Co., Ltd.(CibFintech SDK) |
To quickly verify your identity by obtaining and recognizing your face feature and action.
Privacy Policy: https://open.cibfintech.com/portal/private.html
|
Tencent Computer Systems Company Limited(WeChat SDK) |
For sharing to weChat, but weChat will not
collect your personal information. Privacy Policy:
https://weixin.qq.com/cgi-bin/readtemplate?lang=zh_cn&t=weixin_agreement&s=privacy
|
AppDynamics SDK |
To analyze the performance of e-Banking, we will use AppDynamics SDK to obtain your mobile IP, mobile manufacturer, mobile type, network type, visit length information. Privacy Policy:
https://www.appdynamics.com/legal/privacy-policy
|
Tealium SDK |
To do visit statistics survey and client behavior analysis, we use Thallium SDK to access to your mobile IP, mobile manufacturer, network type, browser type, system operation version, system operation type, and pages you visit or click.
Privacy Policy: https://tealium.com/privacy/
|
Transmit SDK |
For providing logon and identity recognition function, we will use Transmit SDK to obtain your telecom operator information (country code), mobile phone IP, device manufacturer, mobile phone model, network type and operation system version.
Privacy Policy:
https://www.transmitsecurity.com/legal/transmit-security-privacy-statement
|
Baiduyun SDK (integrated by Baidu, Huawei, Xiaomi, OPPO, vivo, Meizu push SDK) |
For providing push notification function, we will use Baiduyun SDK (Huawei, Xiaomi, OPPO, vivo, Meizu device users will use relevant push SDK of the manufacturer, other devices will use Baidu push SDK)
The push SDKs obtain mobile phone IP, OAID (xiaomi, vivo, OPPO), Android ID, storage permission, device model. operation system version telecom operator (name, country code), and network type.
Privacy Policy:
https://cloud.baidu.com/doc/Agreements/s/Kjwvy245m
|
Baidu Map SDK |
For providing trade tracker function, we use Baidu map SDK to obtain your network type, device identifier (Android ID, IDFV), and system information (operation system version. device brand/model, device configuration). Privacy Policy:
https://lbsyun.baidu.com/index.php?title=openprivacy
|
OneSpan RASP SDK |
To fortify the app and proactively deter users from running the client mobile app on devices with identified security vulnerabilities, we will use OneSpan RASP SDK to access inventory of installed software throughout the utilization of the mobile app. Privacy Policy: https:// www.onespan.com/privacy-center
|
If you refuse the listed SDK(s) to collect your information, you may not be able to access these services, but you or relevant party can still access to other functions or services on e-Banking.
6. In the case you are a connected person of our prospect or existing Relevant Customers (for the purpose of this Policy, connected person means any person with whom our entity customer or business applicant has a relationship, including but not limited to, a legal representative, responsible person, director, supervisor, officer or employee, partners or members of a partnership, any shareholder, substantial owner, controlling person, or beneficial owner, trustee, settler or protector of a trust, account holder of a designated account, payee of a designated payment, representative, agent or nominee of our entity customer or business applicant); or in the case you are a security provider or a connected person of the security provider in the context of corporate business, we may collect following personal information from our entity customer or business applicant or security provider, for the purpose of providing banking products, services, and performing banking business to the relevant customer or business applicant, maintaining proper and secure operation of banking business and services, preventing and controlling related risks, and providing or proposing to provide security for liabilities owed to use by our entity customer or business applicant. But we shall ensure such indirect collection of information is limited to the minimum level which is necessary for the related business. We will require the entity customer or business applicant or security provider to assure the legitimacy of the source of your personal information they provided, and have acquire your authorization for us to process your personal information for above purposes.
(1) Personal identity information, including name, gender, nationality, type/number/validity period of ID certificate, occupation, job position, relationship with relevant customers (such as employment/shareholding/investment relationship), telephone number, e-mail, contact information, birth date, place of birth, place of residence, work address, photo, any relationship with politically exposed person and relevant information etc.;
(2) Personal property information, including personal income, real property, movable property (e.g. vehicle, financial assets, etc.), indebtedness, investment, tax-paid amount, tax residence, taxpayer identification number, amount paid for the provident fund, etc.;
(3) Personal biometrics information, such as signature, handwriting, portrait, fingerprint, voice, face recognition information, etc.;
(4) Personal account information, including account number, time of account opening, institution with which the account is opened, account balance, account transaction information, etc.;
(5) Personal credit information, including credit card, loan and other credit transaction information, litigation and investigation information, penalty and any other information about personal credit status;
(6) Personal information arising from customer investigation, e.g. personal information collected during customer due diligence, sanctions or anti-money laundering checks etc.;
(7) Any other personal information acquired during the establishment or maintenance of business relationship for the performance of contracts or for compliance with laws and regulatory requirements, e.g. person information included in the customer documentation, personal information arising from any suspicious and unusual activity investigation, correspondence or other communication records(including video or audio records, call log and correspondence records and contents), device identifier and code, hardware type and serial number, operating system version, software version, IP address, network service provider etc.
The aforementioned information is required for the Security, providing products or services to the relevant customer, fulfilling the agreement between you or relevant customer and us, and enabling us to perform our obligation under laws and regulations. If you refuse to provide such information (or the information you provided is incomplete, inaccurate or not real), we may not be able to provide the corresponding product, or service or perform the business for your or any relevant customer.
7. Please understand that the services we provide are constantly evolving. If you or Relevant Customers choose to use any other service not listed above for which we have to collect your information, we will separately explain to you or Relevant Customers, the purposes, methods, and scope of personal information we collect, through reminders on pages, interaction with you or Relevant Customers, agreements entered into with you or Relevant Customers or other appropriate method, and obtain your or Relevant Customers’ consent for that. We will use, store, disclose, and protect your information in accordance with this Policy and other agreements (if any) between you or Relevant Customers and us. If you or Relevant Customers choose not to provide certain information, you or Relevant Customers may be unable to use certain or part of the service, but your or Relevant Customers’ use of other services we provide will not be affected.
III. How we use your personal information
1. When you visit, browse, use our website and/or applications as a visitor, we may use your information for the following purposes:
(1) to respond to your queries and requests;
(2) to provide you with information, products or services that you request from us or which we feel may interest you, subject to your prior consent;
(3) to perform contracts or agreements entered into between you and us;
(4) to allow you to interact with us at our website and/or applications;
(5) to notify you about changes to our website and/or applications;
(6) to ensure the content of our website and/or application is presented in an effective manner on your device;
(7) to maintain proper and secure operation of website and/or applications as well as banking business or services, to prevent and control risk, or to detect and prevent misuse or abuse of our website, applications, products or services;
(8) to meet the compliance obligations of us or the HSBC Group, or to comply with any applicable laws and regulations that we and HSBC Group are subject to; and
(9) to make statistics and analysis of the use of our business, products, services or functions. But such statistics will not contain any of your personally identifiable information.
2. When you are our prospect or existing individual customer, or providing personal guarantee to our individual customer, or when you are a connected person of our prospect or existing Relevant Customers, or you are a security provider or a connected person of the security provider in the context of corporate business, we may use your information for the following purposes:
(1) to provide you or Relevant Customers with products or services, handle relevant personal guarantee business, to recognize or verify the identity of you or Relevant Customers, or to approve, manage, handle, execute or effect transactions requested or authorised by you or Relevant Customers;
(2) to comply with applicable laws and regulations (including anyapplicable law, regulation, act, rules, court decision, arbitration judgment, self-discipline rules, order, sanction, court order applicable to HSBC group member and any covenant between HSBC group member and authority, and agreement between authorities that is applicable to us or HSBC group member), or orders and requirements of any authority;
(3) to perform the Bank's and/or the HSBC Group's compliance obligations (including regulatory compliance, tax compliance and/or compliance with any Applicable Laws or requirement of any authority), or to implement any policy or procedure made by the Bank and/or the HSBC Group for the performance of compliance obligations;
(4) to ensure safe and stable financial services, prevention or prohibition of illegal or incompliant activities, to control or reduce risks, to detect, investigate and prevent any real, suspected or potential financial crime (including money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions, and/or violations, or acts or attempts to circumvent or violate any Applicable Laws relating to these matters) and to manage financial crime risk;
(5) to collect any amounts due from any debtor;
(6) to conduct credit or credit reference checks, to verify, obtain or provide credit references or credit information;
(7) to enforce or defend the Bank or any member of the HSBC Group’s rights, or to perform the Bank or any member of the HSBC Group’s obligations, by agreement or by law, including without limitation, the performance of any contract between us and any current or potential assignee, partner, or dealer in any business or assets transaction.
(8) as required by or to fulfil the Bank or the HSBC Group’s reasonable operational requirements (including for credit and risk management, data statistics, analysis, processing and handling, archiving and recording, system, product and service design, research, development and improvement, planning, insurance, audit and administrative purposes) ;
(9) to introduce and demonstrate our services and products that might interest you and improve our understanding on your interest in related services and products, to provide you or Relevant Customers with business massage and marketing information that you or Relevant Customers may have interest in, and to conduct market researches and satisfaction surveys. If you would not like to receive any of such information or be involved in any of such activities, we provide instructions to help you refuse them.
(10) to obtain or utilize administrative, consultancy, telecommunications, computer, payment, data storage, processing, outsourcing and/or other products or services.
3. The above information collection and use in this Policy shall not impact our use of your information for the purposes as otherwise agreed between you and us.
4. If we use your personal information for the purposes other than the purposes of collection and use as set forth in this Policy or in other agreement between you and us, we shall inform you how we use this information and obtain consent from you before using your personal information for such additional purposes as per applicable laws and regulations.
IV. How we share, transfer your personal information
1.Entrusted Processing and Sharing
(1) Unless otherwise agreed by you in express, we will not share with, publish or disclose any of your personal information to any third party other than HSBC group member. Only for legislative, reasonable, necessary and specific purpose will we provide related personal information of yours to a third party. When we entrust a third party to process your personal information, we will have binding contract with the third party on the purpose, term, methodology, information type, information security measures, etc., and monitor the third party activities as related to information process. Further delegation will not be allowed by us before we have your prior consent.
(2) For the purposes set out above in this Policy, we may provide or disclose all or part of your personal information to the following recipients under the preconditions that such provision or disclosure is necessary and is made with proper protective measures provided that we or the recipients inform you of the name of recipient, contact information, purpose of disposal, the type of information that will be disposed and you grant specific consent to do so, and in case any of your personal information is to be disposed in any other methodology or for any other purpose, we will seek your further consent in advance (unless any of such specific consent is exempted by law):
(a) a member of the HSBC Group (for instance, we may engage another HSBC group member to dispose your personal information so as to extend the availability of our service to you);
(b) any contractor, subcontractor, agent, third party product or service provider, licensor, professional consultant, business partner, or associated person of the HSBC Group (including their employees, directors and officers) (for instance, we may provider telecom service provider with your mobile phone number, transactional type, transaction amount and account balance information so that the telecom service provider could inform you of such information);
(c) any regulator of the Bank or any member of the HSBC Group or any other authority, or any organisation or individual designated by such regulators or authorities;
(d) anyone acting on your behalf according to your authorisation or according to law, payment recipients, beneficiaries, account nominees, correspondent and agent banks (e.g. for CHAPS, BACS, SWIFT, CIPS and CNAPS), clearing houses, clearing or settlement systems, market counterparts, upstream withholding agents, swap or trade repositories, stock exchanges, companies in which you have an interest in securities (where such securities are held by us for you), or anyone making any payment to you;
(e) any person or related party who has the right or obligation, acquires an interest or assumes risk, in or in connection with any product or service you or Relevant Customers receive from the Bank, or any business you or Relevant Customers handle at the Bank or any transaction you or Relevant Customers make with the Bank (for example, the person who provides or intends to provide any mortgage or other security for any of your debt to the Bank, or the beneficiary of the insurance product that the Bank distributes to you);
(f) other financial institutions, industrial associations, bank card organizations, credit rating agencies, credit reference agencies (including without limitation, the People’s Bank of China’s credit information database) and information service providers (for instance, we may provide credit reference agencies with such information as related to your application for loans and performance of repayment, to facilitate objective reflection of your credit status);
(g) any third party fund manager providing you with asset management services or insurance companies providing you with insurance services (for instance, we will provide your account information to finance institutes from which you have obtained assets management service or insurance service so as for the institutes to identify your payment);
(h) any third party that provides us with referral, agency or intermediary service, or to whom we provide referral, agency or intermediary service;
2.Transfer
We will not transfer your personal information to any other company, organization or individual, except for the following,
1) Where in compliance with applicable law, upon your request we will transfer in such manner that is available by us, to the recipient you designate;
2) in the case of business/asset transfer, restructure, disposal (including securitization), merger, spin-off, acquisition transactions, dismissal or bankruptcy of us where the transfer of your personal information is necessary. In such cases, we will inform you of the identity and contact method of the personal information recipient as per applicable laws and regulations as well as request said recipient to comply with this Policy. If the personal information recipient changes the purposes and methods of personal information processing activities under this Policy, it shall re-obtain the consent from you.
V. How we store and cross border transfer your Personal Information
1. In principle, the personal information we collected and generated in our domestic operation will be stored within the territory of People's Republic of China (the “PRC”).
2. However, as part of a global financial institution, we provide products or services through globally deployed resources and applications. We also accept the products and services from the HSBC Group and its vendors, or conduct other business with them. Therefore, to realize the purposes described in this Policy and other relevant legal documents, we will cross-border transfer your personal information to offshore jurisdictions where HSBC Group and its vendors are located, or be subject to visits from these areas or jurisdictions. We will provide your personal information to overseas recipients subject to applicable laws or regulations, and notify you of the name and contact information of the specific overseas recipients, the purposes and methods of processing, the types of personal information processed, and the methods and procedures for exercising your rights subject to applicable laws and regulations to overseas recipients. For details, please refer to the List for Personal Information Cross-border Transfer (Individual Version) (see https://www.hangseng.com.cn/1/PA_esf-ca-app-content/content/pws/home/pdf/NLforPIC _en.pdf ) or the List for Personal Information Cross-border Transfer (Entity Version) (see https://www.hangseng.com.cn/1/PA_esf-ca-app-content/content/pws/home/pdf/NLforPIC_Entity_en.pdf for details).The List for Personal Information Cross-border Transfer (Individual Version) and the List for Personal Information Cross-border Transfer (Entity Version) are in addition to this Policy and, together with this Policy, form a complete set of rules for us to process your personal information.
3. We will take necessary measures to your personal information provided to offshore and request offshore recipient to abide by our personal information protection standard stipulated to comply with laws, regulations and this Policy.
VI. Special Circumstances for Information Processing
We will process your personal information (such as information collection, storage, use, analysis, transfer, provision, disclosure) based on your consent. To the extent allowed by laws and regulations, we may process your personal information without your consent under the following circumstances:
1. where it is necessary for entering into a contract or the performance of a contract to which you are the party;
3. We will take necessary measures to your personal information provided to offshore and request offshore recipient to abide by our personal information protection standard stipulated to comply with laws, regulations and this Policy.
VII. How We Handle Minors' Personal Information
1. Using our products and services by minors must be carried out under the supervision of their parents or guardians. We will abide by laws and regulations, this Policy and Provisions on the Cyber Protection of Personal Information of Children to give special protection to minor’s personal information. If you are a parent or guardian of a minor, when you have any questions about the information processing of the minor under your guardianship, please contact us through the contact method stipulated in this Policy.
2. where it is necessary for compliance with a legal obligation to which we are subject;
3. where it is necessary in order to protect your or others’ vital interests related to life and property in an emergency or respond to public health emergencies;
4. where it is within reasonable limits in order to carry out news coverage or media supervision for the public interest;
5. where it is within reasonable range according to law to process the information which has been legally made public or publicized by yourself; or
6. other circumstances stipulated by laws and regulations.
VII. How We Use Cookies and Other Technologies
1. Your visit, browse, use of any website, electronic business platform or mobile device application of the Bank may be recorded for analysis on the number of visitors to the site and general usage patterns, helping you reduce the number and frequency of information entry or assisting determine the security status of your account. Some of this information will be gathered through the use of "Cookies". Cookies can enable us to provide safer and more useful features for website or application users. The information collected by "Cookies" is unidentified aggregated research data, and contains no name or address information or any information that will enable anyone to contact you via telephone, email or any other means. Most browsers and/or applications are initially set to accept Cookies. You can manage or delete Cookies as per your preference. Should you wish to disable Cookies, you may do so by changing the setting on your browser and/or application.
However, by disabling them, you may not be able to take full advantage of our website and/or application.
2. The website and/or application may also work with third parties to research certain usage and other activities on the website and/or application. These third parties include without limitation to Adobe, etc. They use technologies such as "Cookies" etc. to collect information for such research. They use the information collected through such technologies (i) to find out more about users, including user demographics and behavior and usage patterns, (ii) for more accurate reporting and
(iii) to improve the effectiveness of our marketing. They aggregate the information collected and then share it with us. No personally identifiable information about you is collected or shared by Adobe with us as a result of this research. Should you wish to disable the Cookies associated with these technologies, you may do so by changing the setting on your browser and/or application. However, after changing the setting you may not be able to enter certain part(s) of our website and/or application.
VIII. Your Rights relating to Personal Information
1. You have the right to request us to protect and secure your personal information in accordance with the provisions of the applicable laws and this Policy. You have the right to exercise your rights of individual granted by applicable laws and regulations.
2. You have the right to check with us whether we hold your personal information as well as to access and copy your personal information.
3. You have the right to change the scope of authorization or withdraw your consent(XI. How to Contact Us ). We will not further process the related information once you change your authorization. Please note the withdrawal of consent will not affect the lawfulness of processing based on consent given by you before its withdrawal.
4. You have the right and obligation to update your personal information at the Bank to ensure all information be accurate and up-to-date. You have the right to require the Bank to provide convenience for you to update your personal information at the Bank and to correct any of your information that is inaccurate.
5. In relation to personal credit or guarantee, you have the right to request to be informed of your personal information that is disclosed to credit reference agencies by us, so as to enable your request to the relevant credit reference agencies for access to and correction of your information.
6. We will only retain your personal information within the time limit necessary to achieve the purpose of our bank’s services and within the time limit allowed by applicable laws, regulations or separately agreed between our bank and you, unless otherwise required or allowed by the applicable laws. If we will respond to your request of deletion in accordance with applicable laws or regulations, we will also notify the third party which obtained your personal information from us and request them to delete such information in a timely manner, unless otherwise stipulated by laws or regulations, or if the third party has obtained your separate authorization.
When we delete your personal information from our service system, your personal information which stored in backup system might be hard to delete at the same time. However, we assure to delete your personal information when next backup system updates immediately. If one of the following occurs, we will delete your personal information on our own initiative or at your request, unless to comply with the requirements of applicable laws, archives, accounting, auditing and reporting, or to perform the other agreement between you and us, or to clean up the credit and debt relationship between you and us, or to provide information inquiry to you, regulators or other organs to delete your personal information:
(1) the service purpose of the bank has been realized, cannot be achieved or no longer necessary to provide the service;
(2) the bank ceases to provide services, or the storage period has expired or exceed;
(3) you withdraw your consent to us in accordance with the contact information stipulated in the Policy;
(4) we violate laws or regulations or this Policy to deal with your personal information.
7. When you use the mobile device applications provided by us, you have the right to uninstall the mobile device applications or stop using the mobile device applications to refuse us to further obtain your personal information. Please note that to uninstall the mobile device applications will not close your digital banking account. You have the right to close your digital banking account (by closing your bank account or disabling the digital banking functions of your bank account, for the sake of account safety you should visit our branches or sub-branches in person for such closure. If you hold CAT II settlement account with us, please call 24- hour customer service hotline at 4008-30-8008 for closing your bank account after all funds has been transferred out.) and request for deletion of your personal information in accordance with the applicable law and regulation, this Policy, and other agreement between you and us, we will handle your request within 15 working days after receiving your request. After you close your digital banking account, we will no longer collect your information through relevant channel, and will delete relevant personal information in accordance with the applicable law and regulation, this Policy, and other agreement between you and us.
8. Nothing in this Policy will shall limit the other rights you should have as a Personal Information Subject under applicable laws and regulations.
IX. How to Contact Us
1. Requests to access, copy, transfer, correct, supplement, delete, and restrict the processing of personal information, change/withdraw of authorisation or dispose of personal information beyond retention period, for a copy of this Policy, enquiries about our practices regarding personal information and privacy protection, or exercising other rights you are granted by the applicable laws and regulations, should be addressed to:
https://www.hangseng.com.cn/1/2/contact-us-chi/email-us
Hotline:400 830 8008
“Contact US” on the HANG SENG China APP
our branches or sub- branches
Upon the receipt of your request, we will handle your request and reply to you within 15 working days.
2. For security purpose, you may need to raise your request in written form or use other methods to prove your identity. We may request you to verify your identity before processing your request.
3. Normally the Bank will not charge fees for the processing of your above-mentioned reasonable requests related to personal information. Nevertheless, for the frequently repeated and unreasonable requests, the Bank will charge certain fees as the case may be to the extent allowed by the law and regulation.
Notwithstanding the foregoing, we may reject your request if it is illegal, noncompliant, or unnecessarily repeated, needs excessive technical means (for example, the need to develop information systems or fundamentally change current practices), brings risks to the legitimate rights and interests of others, is unreasonable or technically impracticable.
We may not be able to respond to your request under any of the following circumstances:
(1) where the request is in relation to our legal and financial compliance obligation under laws and regulations;
(2) where the request is in direct relation to state security or national defence security;
(3) where the request is in direct relation to public security, public sanitation, or major public interests;
(4) where the request is in direct relation to criminal investigations, prosecutions, trials, execution of rulings, etc.;
(5) where there is sufficient evidence that you are intentionally malicious or abuse your rights;
(6) where the purpose is to protect you or other individual’s life, property and other substantial legal interests but difficult to acquire your consent;
(7) where responses to your request will give rise to serious damage to your or any other individual or organisation’s legal rights and interests; or
(8) where the request involves any trade secret.
4. You may supervise or make suggestions for our practices regarding personal information and privacy protection, and lodge complaints or demand compensation according to law against us or our staff for any infringement of your rights and interests in your personal information and privacy. This Policy will be governed by the laws of the People’s Republic of China. Any disputes related to this Policy shall be resolved by consultation. If it could not be resolved, you agree the disputes shall be submitted to the People’s Court of Pudong New District, Shanghai.
X. How We Handle Minors' Personal Information
1. Using our products and services by minors must be carried out under the supervision of their parents or guardians. We will abide by laws and regulations, this Policy and Provisions on the Cyber Protection of Personal Information of Children to give special protection to minor’s personal information. If you are a parent or guardian of a minor, when you have any questions about the information processing of the minor under your guardianship, please contact us through the contact method stipulated in this Policy.
2. We understand the importance of protecting the minors' personal information with extra caution. If you are under 18 years old, it is suggested that your parents or guardians shall carefully read this Policy and you shall submit your personal information only after seeking consent from them. Meanwhile, it is suggested that your use of our product and service is conducted under the guidance of your parents or guardians. If they do not agree you to submit your personal information or to use any product or service of the Bank, you shall immediately stop submitting your information or using the product and service of the Bank. In addition, please notify such event to us as soon as possible, so as to allow us to take effective measures.
3. If you are under 14 years old, you should and only obtain the consent of your parents or guardians to use any product or services of the bank or provide your personal information to the bank. We will process with personal information of minors in accordance with Provisions on the Cyber Protection of Personal Information of Children and with the permission of laws and regulations and the explicit consent of your parents or guardians. If we find ourselves are processing personal information of minors without the consent of verifiable parents or guardians, we will try to delete such personal information as soon as possible.
XI. Update of this Policy and Others
1. This Policy (including the List for Personal Information Cross-border Transfer(Individual Version) and the List for Personal Information Cross-border Transfer (Entity Version))may be amended or updated from time to time. We will publish such changes at our website and/or relevant applications. You should keep an eye on relevant releases from time to time. We also will inform you of the contents of the publication by means of information push, short message and telephone notification as appropriate. And such amendments and updates will take effect from the expiration of the publication period and replace previous relevant contents. If you don’t agree to modify and update the content of this Policy, you should immediately stop using relevant products and services of the bank. If you don’t agree to modify and update the content of this Policy, you should immediately stop using relevant products and services of the bank. If you continue to use relevant products and services, it will be deemed that you agree to accept the modification. Change of this Policy should not unreasonably reduce or restrict your rights as the personal information subject according to the applicable laws.
2. If you provide the personal information of other third parties to the Bank, we have the right to know the legitimacy of the source of the information and you have obtained authorization of the third party for us to process the personal information for specific purposes. If we need to process the personal information of the third party to carry out business beyond the scope of authorization of the third party, we will obtain the separate consent of the third party again through you. You should ensure that the third party is aware of this Policy (including the List for Personal Information Cross-border Transfer (Individual Version) ,List for Personal Information Cross-border Transfer (Entity Version)), and their subsequent updates from time to time, should specifically inform the third party how the Bank will process its personal information in accordance with this Policy and should ensure that you have obtained the full, informed and valid consent of the third party(including the separate consent and/or written consent as required by applicable laws). You may remind the person to read this Policy beforehand, or you may provide a copy of this Policy to the person.
3. We may use indirect collection to obtain your personal information from third parties, but we will ensure that such indirect collection follows the principle of minimum quantity. We will ask the third party to assure the legitimacy of the source of your personal information provided, and confirm they have obtained your authorization for us to process personal information for specific purposes.
4. When you accept specific products or services provided by a third party through the products or services of our bank, you confirm that the products or services provided by the third party are operated independently by the third party. The third party shall independently assume full responsibility for the disputes arising from the handing of your personal information by the third party, and we will do our best to assist you in business. If a third party processes your personal information when providing you with products or services, you and the third party shall reach a separate agreement in according with applicable laws.
5. The policy is subject to the Chinese version, and the English translation (if any) is for reference only.
|