INTERNET PRIVACY POLICY STATEMENT
Welcome to the Web Site of Shanghai Commercial Bank Limited ("the Bank"). This section explains our policy regarding any personal information you might supply to us when you visit this site. The Bank adopts a high standard to respect the privacy of its customers and keep the information relating to a customer secure and confidential. The Bank also educates and conducts regular training programs to all staff to keep them aware of the importance of customers' privacy and requires them to comply with strict standards of security and confidentiality. Information is collected on the use of web site from the Bank's customers and the Bank's web site visitors. If you do provide personal information, such as address, e-mail, telephone and fax numbers, as well as demographic and customer identification, please read our Circular to Customers and Other Individuals relating to the Personal Data (Privacy) Ordinance ("the Circular") below in advance. We will maintain the personal information as well as your business activities and transactions, according to our usual strict security and confidentiality standard.
Data Collection and Usage The Bank collects personal data from the Bank's web site visitors on a voluntary basis. Personal information may include name, title, e-mail address etc. Personal information held by the Bank is kept confidential and the Bank does not use customers' personal information for any purposes other than those already specified to customers herein or in the Circular or unless such usage is permitted or required by law. When an individual visits this web site, the Bank records the visit as a "hit", and gathers and analyses this information to compile general statistics about usage of the Bank's web site. Information related to session management, user preferences and service entitlements may be stored in Cookies. Cookies are small pieces of information stored on a web browser that can be retrieved by this web site. For those customers using the real time quote services in Internet/Mobile Stock Trading, the Bank will assign an identifier which will be stored in the Cookies after login. Customers may disable Cookies from their web browser, and if this is the case, they may be unable to access the Internet/Mobile Stock Trading services, some functions of the Bank's Internet Banking services and other before login financial services.
Data Disclosure Restrictions The Bank follows strict privacy procedures in regard to protection of personal data. No disclosure of personal identifiable information to third parties is allowed except with the consent of the relevant customer or the disclosure has already been authorized in the Circular or otherwise is permitted or required by law.
Data Retention The Bank retains all records of online transactions for validation and auditing purposes. Information will not be kept longer than is necessary for the fulfilment of the purpose for which the same are to be used. Those information that is no longer required will be erased and destroyed.
Data Security All personal data provided to the Bank is secured with restricted access by authorized personnel who are properly trained in the handling of customer information and the protection of the privacy of personal data of customers. The authorized personnel report to the Bank's Data Protection Officer who exercises routine supervision to ensure compliance with high security and confidentiality standard. Encryption technology is employed for sensitive data to protect customers' privacy during data transmission.
Enquiries For further details of the policy and practice and the kind of data held by the Bank, please contact our Data Protection Officer as follows:-
This Circular is brought to the attention of various individuals including without limitations bank customers, individuals to whom services or products may be provided by the Group (as hereinafter defined), applicants for banking services and facilities, sureties and persons providing security or guarantee for credit facilities, as well as shareholders, directors, officers and managers of corporate customers or applicants and other contractual counterparties ("Customers") so that Customers may have a better understanding of the rights under the Personal Data (Privacy) Ordinance of the Hong Kong Special Administrative Region (the "Ordinance") and the reasons and necessities of providing personal data to Shanghai Commercial Bank Limited and/or its subsidiaries (the "Group").
the processing of applications for services and credit facilities;
the daily operation of the services and credit facilities provided to Customers, including for credit assessment, statistical or behaviour analysis, or creating and maintaining the Group's credit scoring models;
provision of reference;
conducting credit and status checks (including without limitations upon applications for consumer credit and periodic or special reviews of such credit);
assisting other financial institutions, card issuers or credit reference agencies to conduct credit checks and collect debts;
maintaining application and credit history of Customers for internal reference, and ensuring ongoing credit worthiness of Customers;
researching, designing financial services or related products for Customers' use;
marketing services, products and other subjects (in respect of which the Group may or may not be remunerated) (please see further details in Paragraph (G) below);
determining the amount of indebtedness owed to or by Customers;
collection of amounts outstanding from Customers and those providing security for Customers' obligations;
complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Group or any of its branches or that it is expected to comply according to:
any law binding or applying to it within or outside the Hong Kong Special Administrative Region existing currently and in the future;
any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Hong Kong Special Administrative Region existing currently and in the future;
any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Group or any of its branches by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Group and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
enabling an actual or proposed assignee of the Group, or participant or sub-participant of the Group's rights in respect of the Customer to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
the performance of procedures for comparing (whether by manual or automated means) the Customer's data with other information supplied by the Customers (for whatever purposes), including without limitation, procedures undertaken for the purpose of taking adverse action against Customers;
giving effect to the Customer's orders relating to transactions or otherwise, and carrying out instructions of the Customer;
providing services in connection with the accounts, whether the services are provided by or through, the Group or any other person;
exchanging information with merchants accepting credit cards issued by the Group and organizations with whom the Group provides affinity/co-branded/private label credit card services; and
all other incidental and associated purposes relating to any of the above.
any agent, contractor, claim adjuster or third party service provider who provides administrative, data processing, financial information, telecommunications, computer, debt collection, technology outsourcing, payment or securities clearing, insurance or other services to the Group in connection with the operation of its business;
any other person under a duty of confidentiality to the Group including a group company of the Group, a business partner or other merchant or affinity entity which has undertaken expressly or impliedly to keep such information confidential;
the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
credit reference agencies, and, in the event of default, to debt collection agencies;
any person to whom the Group is under an obligation or otherwise required to make disclosure for public interest or under the requirements of any law, regulation or court order binding on or applying to the Group or any of its branches and offices or any disclosure under and for the purposes of any codes, guidelines, circulars or directions issued by any legal, regulatory, government, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Group or any of its branches and offices are expected to comply, or any disclosure pursuant to any contractual or other commitment of the Group or any of its branches with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside the Hong Kong Special Administrative Region and may be existing currently and in the future;
any actual or proposed assignee of the Group or participant or sub-participant or transferee of the Group's rights in respect of the Customer;
the Group;
third party financial institutions, insurers, credit card companies, securities and investment services providers;
third party reward, loyalty or privileges programme providers;
co-branding partners of the Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
charitable or non-profit making organizations; and
external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Group engages for the purposes set out in Paragraph (D)(viii);
Such information may be transferred to a place outside the Hong Kong Special Administration Region.
any nominees in whose names securities or other assets may be registered or custodians who may hold securities or other assets;
any person with whom the Group enters into or proposes to enter into a transaction on behalf or on account of the Customer, or persons representing the same;
any assignee, transferee, participant, sub-participant, delegate, successor or person to whom the securities account agreement is novated;
any person with the express or implied consent of the Customers; and
any third party in connection with Paragraph (D)(x).
the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of a Customer held by the Group from time to time may be used by the Group in direct marketing;
the following classes of services, products and subjects may be marketed:
financial, insurance, credit card, banking and related services and products;
reward, loyalty or privileges programmes and related services and products;
services and products offered by the Group's co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
donations and contributions for charitable and/or non-profit making purposes;
the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Group and/or:
third party reward, loyalty, co-branding or privileges programme providers;
co-branding partners of the Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);and
charitable or non-profit making organisations
in addition to marketing the above services, products and subjects itself, the Group also intends to provide the data described in Paragraph (G)(i) above to all or any of the persons described in Paragraph (G)(iii) above for use by them in marketing those services, products and subjects, and the Group requires the Customer's written consent (which includes an indication of no objection) for that purpose;
The Group may receive money or other property in return for providing the data to the other persons in Paragraph (G)(iv) above and, when requesting the Customer's consent or no objection in Paragraph (G)(iv) above, the Group will inform the Customer if it will receive any money or other property in return for providing the data to the other persons.
any relevant individual has the right:-
to check whether the Group holds data about him and of access to such data;
to require the Group to correct any data relating to him which is inaccurate;
to ascertain the Group's policies and practices in relation to data and to be informed of the kind of personal data held by the Group;
to be informed, upon request, about which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Group to a credit reference agency, to instruct the Group upon termination of the account by full repayment to make a request to the credit reference agency to delete such account data from its database, as long as the instruction is given within 5 years of termination and at no time was there any default of payment in relation to the account, lasting in excess of 60 days within 5 years immediately before account termination (as determined by the Group). Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by the Group to a credit reference agency), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).
where applicable, the Group may from time to time access the consumer credit data of an individual held by any credit reference agency in the course of the consideration of any grant of consumer credit or the review or renewal of existing consumer credit facilities granted to the individual as borrower or to another person for whom the individual proposes to act or acts as mortgagor or guarantor or for the purpose of the reasonable monitoring of the indebtedness of the individual while there is currently a default by the individual as borrower, mortgagor or guarantor. In particular, the Group may from time to time access the consumer credit data for the purpose of the review of the existing consumer credit facilities granted to assist the Group in considering any of the following matters: -
an increase in the credit amount;
the curtailing of credit (including the cancellation of credit or a decrease in the credit amount); and
the putting in place or the implementation of a scheme of arrangement with the individual Customer.
in relation to consumer credit, in the event of any default in repayment, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days (as measured by the Group) from the date such default occurred, the individual Customer will be liable to have his/her account repayment data retained by any credit reference agency to which the Group has provided his/her data until the expiry of 5 years from the date of final settlement of the amount in default.
in the event any amount in an account is written-off due to a bankruptcy order being made against a Customer, the account repayment data (as defined in Paragraph (H)(i)(5) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until the expiry of 5 years from the date of final settlement of the amount in default or the expiry of 5 years from the date of discharge from a bankruptcy as notified by the Customer with evidence to the credit reference agency, whichever is earlier.
full name;
capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in the customer's sole name or in joint names with others);
Hong Kong Identity Card Number or travel document number;
date of birth;
correspondence address;
mortgage account number in respect of each mortgage;
type of the facility in respect of each mortgage;
mortgage account status in respect of each mortgage (e.g., active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order); and
if any, mortgage account closed date in respect of each mortgage.
The Data Protection Officer Shanghai Commercial Bank Limited GPO Box 139 Hong Kong Fax: (852) 2525 2336