This Notice sets out the data policies of Chiyu Banking Corporation Ltd. and each of its subsidiaries,(for so long as such subsidiary remains a subsidiary of Chiyu Banking Corporation Limited.)(each a "Company") in respect of their respective data subjects (as hereinafter defined). The rights and obligations of each Company under this Notice are several and not joint. No Company shall be liable for any act or omission by another Company.
For the purposes of this Notice, the "Group" means the Company and its holding companies, branches, subsidiaries, representative offices and affiliates, wherever situated, together with Xiamen International Bank Co. Ltd.. Affiliates include the Company's holding companies and Xiamen International Bank Co. Ltd. and their branches, subsidiaries, representative offices and affiliates, wherever situated.
The term "data subject(s)", wherever mentioned in this Notice, includes the following categories of individuals:
applicants for or customers, authorized signatories, policy holders, beneficiaries and other users of financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities and so forth provided by a Company;
sureties, guarantors and parties providing security, guarantee or any form of support for obligations owed to a Company;
directors, shareholders, officers and managers of any corporate applicants and data subjects/users; and
suppliers, contractors, service providers and other contractual counterparties of the Company.
For the avoidance of doubt, "data subjects" shall not include any incorporated bodies. The contents of this Notice shall apply to all data subjects and form part of any contracts for services that the data subjects have or may enter into with the Company from time to time. If there is any inconsistency or discrepancy between this Notice and the relevant contract, this Notice shall prevail insofar as it relates to the protection of the data subjects' personal data. Nothing in this Notice shall limit the rights of the data subjects under the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong) (the "Ordinance").
From time to time, it is necessary for the data subjects to supply the Company with data in connection with the opening or continuation of accounts and the establishment or continuation of banking facilities or provision of financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities.
Failure to supply such data may result in the Company being unable to open or continue accounts or establish or continue banking facilities or provide financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities.
Data relating to the data subjects are collected or received by the Company from various sources from time to time. Such data may include, but not limited to, data collected from data subjects in the ordinary course of the continuation of the relationship between the Company and data subjects, for example, when data subjects write cheques, deposit money, effect transactions through credit cards issued or serviced by the Company or generally communicate verbally or in writing with the Company, and data obtained from other sources (for example, information obtained from credit reference agencies approved for participation in the Multiple Credit Reference Agencies Model (hereinafter referred to as "credit reference agencies")). Data may also be generated or combined with other information, available to the company or any member of the Group.
The purposes for which the data relating to the data subjects may be used are as follows:
assessing the merits and suitability of the data subjects as actual or potential applicants for financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities and/or processing and/or approving their applications, variation, renewals, cancellations, reinstatements and claims;
facilitating the daily operation of the services, credit facilities provided to and/or insurance policies issued to the data subjects;
conducting credit checks whenever appropriate (including, without limitation, at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year) and carrying out matching procedures (as defined in the Ordinance);
creating and maintaining the Company's scoring models;
providing reference;
assisting other credit providers in Hong Kong approved for participation in the Multiple Credit Reference Agencies Model (hereinafter referred to as “credit providers” ) to conduct credit checks and collect debts;
ensuring ongoing credit worthiness of data subjects;
researching, customer profiling and segmentation and/or designing financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities for data subjects' use;
marketing services, products and other subjects (please see further details in paragraph 10 below);
determining amounts owed to or by the data subjects;
enforcing data subjects' obligations, including without limitation the collection of amounts outstanding from data subjects and those providing security for data subjects' obligations;
complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Company or any of its branches or that it is expected to comply according to:
any law binding or applying to it within or outside the Hong Kong Special Administrative Region existing currently and in the future(e.g. the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information); and
any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Hong Kong Special Administrative Region existing currently and in the future(e.g. guidelines or guidance given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information);
any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Company or any of its branches by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Group and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
enabling an actual or proposed assignee of the Company, or participant or sub-participant of the Company's rights in respect of the data subjects to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
comparing data of data subjects or other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking adverse action against the data subjects;
maintaining a credit history or otherwise, a record of data subjects (whether or not there exists any relationship between data subjects and the Company) for present and future reference; and
purposes incidental, associated or relating to Paragraph 7.
Data held by the Company relating to data subjects will be kept confidential but the Company may provide and disclose (as defined in the Ordinance) such data to the following parties for the purposes set out in the previous paragraph:
any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to the Company in connection with the operation of its business, wherever situated;
any other person under a duty of confidentiality to the Company including any member of the Group which has undertaken to keep such information confidential;
the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
any person making payment into the data subject's account;
any person receiving payment from the data subject, the banker of such person and any intermediaries which may handle or process such payment;
credit reference agencies (including the operator of any centralized database used by credit reference agencies), and, in the event of default, to debt collection agencies;
any financial institutions, charge or credit card issuing companies, insurance company, securities and investment company with which the data subjects have or propose to have dealings; and any reinsurance and claims investigation companies, insurance industry associations and federations and their members;
any person to whom the Company or any of its branches is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to the Company or any of its branches, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Company or any of its branches are expected to comply, or any disclosure pursuant to any contractual or other commitment of the Company or any of its branches with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside the Hong Kong Special Administrative Region and may be existing currently and in the future;
any actual or proposed assignee of the Company or participant or sub-participant or transferee of the Company's rights in respect of the data subject; and
any member of the Group;
third party financial institutions, insurers, credit card companies, securities,commodities and investment services providers;
third party reward, loyalty, co-branding and privileges programme providers;
co-branding partners of the Company and the Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
charitable or non-profit making organisations; and
external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Company engages for the purposes set out in paragraph (7)(i) above, wherever situated.
The Company may from time to time transfer the data relating to the data subjects to a place outside Hong Kong Special Administrative Region for the purposes set out in paragraph 7 above.
With respect to data in connection with mortgages applied by the data subject (if applicable, and whether as a borrower, mortgagor or guarantor and whether in the data subject's sole name or in joint names with others) on or after 1 April 2011, the following data relating to the data subject (including any updated data of any of the following data from time to time) may be provided by the Company, on its own behalf and/or as agent, to credit reference agencies:
full name;
capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in the data subject's sole name or in joint names with others);
identity card number or travel document number ;
date of birth;
correspondence address;
mortgage account number in respect of each mortgage;
type of the facility in respect of each mortgage;
mortgage account status in respect of each mortgage (e.g., active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order); and
if any to be informed to be informed, mortgage account closed date in respect of each mortgage.
Credit reference agencies will use the above data supplied by the Company for the purposes of compiling a count of the number of mortgages from time to time held by the data subject with credit providers, as borrower, mortgagor or guarantor respectively and whether in the data subject's sole name or in joint names with others, for sharing in the consumer credit databases of credit reference agencies by credit providers (subject to the requirements of the Code of Practice on Consumer Credit Data approved and issued under the Ordinance).
USE OF DATA IN DIRECT MARKETING The Company intends to use the data subject's data in direct marketing and the Company requires the data subject's consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of the data subject held by the Company from time to time may be used by the Company in direct marketing;
the following classes of services, products and subjects may be marketed:
financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities;
reward, loyalty or privileges programmes and related services and products;
services and products offered by the Company's co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
donations and contributions for charitable and/or non-profit making purposes;
the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Company and/or:
any member of the Group;
third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
third party reward, loyalty, co-branding or privileges programme providers;
co-branding partners of the Company and the Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
charitable or non-profit making organisations;
in addition to marketing the above services, products and subjects itself, the Company also intends to provide the data described in paragraph 10(a) above to all or any of the persons described in paragraph 10(c) above for use by them in marketing those services, products and subjects, and the Company requires the data subject's written consent (which includes an indication of no objection) for that purpose;
If a data subject does not wish the Company to use or provide to other persons his data for use in direct marketing as described above, the data subject may exercise his opt-out right by notifying the Company.
TRANSFER OF PERSONAL DATA TO DATA SUBJECT’S THIRD PARTY SERVICE PROVIDERS USING BANK APPLICATION PROGAMMING INTERFACES (“API”)The Company may, in accordance with the data subject’s instructions to the Bank or third party service providers engaged by the data subject, transfer data subject’s data to third party service providers using the Bank’s API for the purposes notified to the data subject by the Bank or third party service providers and/or as consented to by the data subject in accordance with the Ordinance.
Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data, any data subject has the right:
to check whether the Company holds data about him and of access to such data;
to require the Company to correct any data relating to him which is inaccurate;
to ascertain the Company's policies and practices in relation to data and to be informed of the kind of personal data held by the Company;
to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of access and correction requests to the relevant credit reference agency(ies) or debt collection agency(ies); and
in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Company to a credit reference agency, to instruct the Company, upon termination of the account by full repayment, to make a request to the credit reference agency to delete such account data from its database, as long as the instruction is given within five years of termination and at no time was there any default of payment in relation to the account, lasting in excess of 60 days within five years immediately before account termination. Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by the Company to the credit reference agency), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).
In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data (as defined in paragraph 12(e) above) may be retained by credit reference agencies until the expiry of five years from the date of final settlement of the amount in default.
In the event any amount in an account is written-off due to a bankruptcy order being made against the data subject, the account repayment data (as defined in paragraph 12(e) above) may be retained by credit reference agencies, regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until the expiry of five years from the date of final settlement of the amount in default or the expiry of five years from the date of discharge from a bankruptcy as notified by the data subject with evidence to the credit reference agency(ies), whichever is earlier.
In accordance with the terms of the Ordinance, the Company has the right to charge a reasonable fee for the processing of any data access request.
The persons to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed is as follows: The Data Protection Officer Chiyu Banking Corporation Ltd. 78 Des Voeux Road Central Hong Kong Facsimile: (852) 2810 4207
The Company may have obtained credit report(s) on the data subject from credit reference agency(ies) in considering any application for credit. In the event that the data subject wishes to access the credit report(s), the Company will advise the contact details of the relevant credit reference agency(ies).
If there is any inconsistency between the English version and the Chinese version of this Notice, the Chinese version shall prevail in relation to any matters arising in the Mainland China exclusive of the Hong Kong Special Administrative Region, the English version shall prevail in relation to any matters arising in the Hong Kong Special Administrative Region and elsewhere.
