Privacy Policy Statement  | 
PC
Back

SHANGHAI COMMERCIAL BANK LIMITED

INTERNET PRIVACY POLICY STATEMENT

Welcome to the Web Site of Shanghai Commercial Bank Limited ("the Bank"). This section explains our policy regarding any personal information you might supply to us when you visit this site. The Bank adopts a high standard to respect the privacy of its customers and keep the information relating to a customer secure and confidential. The Bank also educates and conducts regular training programs to all staff to keep them aware of the importance of customers' privacy and requires them to comply with strict standards of security and confidentiality. Information is collected on the use of web site from the Bank's customers and the Bank's web site visitors. If you do provide personal information, such as address, e-mail, telephone and fax numbers, as well as demographic and customer identification, please read our Circular to Customers and Other Individuals relating to the Personal Data (Privacy) Ordinance ("the Circular") below in advance. We will maintain the personal information as well as your business activities and transactions, according to our usual strict security and confidentiality standard.

Data Collection and Usage
The Bank collects personal data from the Bank's web site visitors on a voluntary basis. Personal information may include name, title, e-mail address etc. Personal information held by the Bank is kept confidential and the Bank does not use customers' personal information for any purposes other than those already specified to customers herein or in the Circular or unless such usage is permitted or required by law.

When an individual visits this web site, the Bank records the visit as a "hit", and gathers and analyses this information to compile general statistics about usage of the Bank's web site. Information related to session management, user preferences and service entitlements may be stored in Cookies. Cookies are small pieces of information stored on a web browser that can be retrieved by this web site. For those customers using the real time quote services in Internet/Mobile Stock Trading, the Bank will assign an identifier which will be stored in the Cookies after login. Customers may disable Cookies from their web browser, and if this is the case, they may be unable to access the Internet/Mobile Stock Trading services, some functions of the Bank's Internet Banking services and other before login financial services.

Data Disclosure Restrictions
The Bank follows strict privacy procedures in regard to protection of personal data. No disclosure of personal identifiable information to third parties is allowed except with the consent of the relevant customer or the disclosure has already been authorized in the Circular or otherwise is permitted or required by law.

Data Retention
The Bank retains all records of online transactions for validation and auditing purposes. Information will not be kept longer than is necessary for the fulfilment of the purpose for which the same are to be used. Those information that is no longer required will be erased and destroyed.

Data Security
All personal data provided to the Bank is secured with restricted access by authorized personnel who are properly trained in the handling of customer information and the protection of the privacy of personal data of customers. The authorized personnel report to the Bank's Data Protection Officer who exercises routine supervision to ensure compliance with high security and confidentiality standard. Encryption technology is employed for sensitive data to protect customers' privacy during data transmission.

Enquiries
For further details of the policy and practice and the kind of data held by the Bank, please contact our Data Protection Officer as follows:-

The Data Protection Officer
Shanghai Commercial Bank Limited
G.P.O Box 139 Hong Kong
Fax:(852)2525 2336

Shanghai Commercial Bank Limited and its subsidiaries

Circular to Customers and Other Individuals relating to the Personal Data (Privacy) Ordinance

This Circular is brought to the attention of various individuals including without limitations bank customers, individuals to whom services or products may be provided by the Group (as hereinafter defined), applicants for banking services and facilities, sureties and persons providing security or guarantee for credit facilities, as well as shareholders, directors, officers and managers of corporate customers or applicants and other contractual counterparties ("Customers") so that Customers may have a better understanding of the rights under the Personal Data (Privacy) Ordinance of the Hong Kong Special Administrative Region (the "Ordinance") and the reasons and necessities of providing personal data to Shanghai Commercial Bank Limited and/or its subsidiaries (the "Group").

  
A.From time to time, it is necessary for Customers to supply the Group with data in connection with the opening or continuation of accounts and the establishment or continuation of banking facilities or provision of banking or other financial services or tenancy and property management services.
B.Failure to supply such data may result in the Group being unable to open or continue accounts or establish or continue banking facilities or provide banking or other financial services.
C.It is also the case that data are collected from Customers in the ordinary course of the continuation of the business relationship, for example, when Customers write cheques, deposit money, repay indebtedness, use electronic banking services, conduct transactions in relation to securities, insurance or cards, or generally communicate verbally or in writing with the Group.
D.Where applicable, the purposes for which data relating to a Customer may be used, processed, stored, transferred, disclosed and/or exchanged by the Group (whether in the Hong Kong Special Administrative Region or elsewhere) are as follows: -

  1. the processing of applications for services and credit facilities;

  2. the daily operation of the services and credit facilities provided to Customers, including for credit assessment, statistical or behaviour analysis, or creating and maintaining the Group's credit scoring models;

  3. provision of reference;

  4. conducting credit and status checks (including without limitations upon applications for consumer credit and periodic or special reviews of such credit);

  5. assisting other financial institutions, card issuers or credit reference agencies to conduct credit checks and collect debts;

  6. maintaining application and credit history of Customers for internal reference, and ensuring ongoing credit worthiness of Customers;

  7. researching, designing financial services or related products for Customers' use;

  8. marketing services, products and other subjects (in respect of which the Group may or may not be remunerated) (please see further details in Paragraph (G) below);

  9. determining the amount of indebtedness owed to or by Customers;

  10. collection of amounts outstanding from Customers and those providing security for Customers' obligations;

  11. complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Group or any of its branches or that it is expected to comply according to:

    1. any law binding or applying to it within or outside the Hong Kong Special Administrative Region existing currently and in the future;

    2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Hong Kong Special Administrative Region existing currently and in the future;

    3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Group or any of its branches by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;

  12. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Group and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;

  13. enabling an actual or proposed assignee of the Group, or participant or sub-participant of the Group's rights in respect of the Customer to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;

  14. the performance of procedures for comparing (whether by manual or automated means) the Customer's data with other information supplied by the Customers (for whatever purposes), including without limitation, procedures undertaken for the purpose of taking adverse action against Customers;

  15. giving effect to the Customer's orders relating to transactions or otherwise, and carrying out instructions of the Customer;

  16. providing services in connection with the accounts, whether the services are provided by or through, the Group or any other person;

  17. exchanging information with merchants accepting credit cards issued by the Group and organizations with whom the Group provides affinity/co-branded/private label credit card services; and

  18. all other incidental and associated purposes relating to any of the above.

E.Data held by the Group relating to a Customer will be kept confidential but the Group may provide such information to the following parties, where applicable, for the purposes set out in Paragraph (D): -

  1. any agent, contractor, claim adjuster or third party service provider who provides administrative, data processing, financial information, telecommunications, computer, debt collection, technology outsourcing, payment or securities clearing, insurance or other services to the Group in connection with the operation of its business;

  2. any other person under a duty of confidentiality to the Group including a group company of the Group, a business partner or other merchant or affinity entity which has undertaken expressly or impliedly to keep such information confidential;

  3. the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;

  4. credit reference agencies, and, in the event of default, to debt collection agencies;

  5. any person to whom the Group is under an obligation or otherwise required to make disclosure for public interest or under the requirements of any law, regulation or court order binding on or applying to the Group or any of its branches and offices or any disclosure under and for the purposes of any codes, guidelines, circulars or directions issued by any legal, regulatory, government, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Group or any of its branches and offices are expected to comply, or any disclosure pursuant to any contractual or other commitment of the Group or any of its branches with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside the Hong Kong Special Administrative Region and may be existing currently and in the future;

  6. any actual or proposed assignee of the Group or participant or sub-participant or transferee of the Group's rights in respect of the Customer;

    1. the Group;

    2. third party financial institutions, insurers, credit card companies, securities and investment services providers;

    3. third party reward, loyalty or privileges programme providers;

    4. co-branding partners of the Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);

    5. charitable or non-profit making organizations; and

    6. external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Group engages for the purposes set out in Paragraph (D)(viii);

    Such information may be transferred to a place outside the Hong Kong Special Administration Region.

  8. any nominees in whose names securities or other assets may be registered or custodians who may hold securities or other assets;

  9. any person with whom the Group enters into or proposes to enter into a transaction on behalf or on account of the Customer, or persons representing the same;

  10. any assignee, transferee, participant, sub-participant, delegate, successor or person to whom the securities account agreement is novated;

  11. any person with the express or implied consent of the Customers; and

  12. any third party in connection with Paragraph (D)(x).

F.Customers' data may be processed, stored and transferred or disclosed in and to another jurisdiction outside the Hong Kong Special Administrative Region as the Group or data recipient referred to in Paragraph (E) considers appropriate and necessary. Such data may also be processed, stored, released or disclosed in accordance with the local practices and laws, rules and regulations (including any governmental acts and orders), codes, guidelines, circulars and directions issued by regulatory or other authorities in such jurisdiction.
G.The Group intends to use a customer's data in direct marketing and the Group requires the Customer's consent (which includes an indication of no objection) for that purpose. In this connection, please note that:

  1. the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of a Customer held by the Group from time to time may be used by the Group in direct marketing;

  2. the following classes of services, products and subjects may be marketed:

    1. financial, insurance, credit card, banking and related services and products;

    2. reward, loyalty or privileges programmes and related services and products;

    3. services and products offered by the Group's co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and

    4. donations and contributions for charitable and/or non-profit making purposes;

  3. the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Group and/or:

    1. third party financial institutions, insurers, credit card companies, securities and investment services providers;

    2. third party reward, loyalty, co-branding or privileges programme providers;

    3. co-branding partners of the Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);and

    4. charitable or non-profit making organisations

  4. in addition to marketing the above services, products and subjects itself, the Group also intends to provide the data described in Paragraph (G)(i) above to all or any of the persons described in Paragraph (G)(iii) above for use by them in marketing those services, products and subjects, and the Group requires the Customer's written consent (which includes an indication of no objection) for that purpose;

  5. The Group may receive money or other property in return for providing the data to the other persons in Paragraph (G)(iv) above and, when requesting the Customer's consent or no objection in Paragraph (G)(iv) above, the Group will inform the Customer if it will receive any money or other property in return for providing the data to the other persons.

If a Customer does not wish the Group to use or provide to other persons his data for use in direct marketing as described above, the Customer may exercise his opt-out right by notifying the Group.
H.Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data approved and issued with revisions from time to time under the Ordinance: -

  1. any relevant individual has the right:-

    1. to check whether the Group holds data about him and of access to such data;

    2. to require the Group to correct any data relating to him which is inaccurate;

    3. to ascertain the Group's policies and practices in relation to data and to be informed of the kind of personal data held by the Group;

    4. to be informed, upon request, about which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and

    5. in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Group to a credit reference agency, to instruct the Group upon termination of the account by full repayment to make a request to the credit reference agency to delete such account data from its database, as long as the instruction is given within 5 years of termination and at no time was there any default of payment in relation to the account, lasting in excess of 60 days within 5 years immediately before account termination (as determined by the Group). Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by the Group to a credit reference agency), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).

  2. where applicable, the Group may from time to time access the consumer credit data of an individual held by any credit reference agency in the course of the consideration of any grant of consumer credit or the review or renewal of existing consumer credit facilities granted to the individual as borrower or to another person for whom the individual proposes to act or acts as mortgagor or guarantor or for the purpose of the reasonable monitoring of the indebtedness of the individual while there is currently a default by the individual as borrower, mortgagor or guarantor. In particular, the Group may from time to time access the consumer credit data for the purpose of the review of the existing consumer credit facilities granted to assist the Group in considering any of the following matters: -

    1. an increase in the credit amount;

    2. the curtailing of credit (including the cancellation of credit or a decrease in the credit amount); and

    3. the putting in place or the implementation of a scheme of arrangement with the individual Customer.

  3. in relation to consumer credit, in the event of any default in repayment, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days (as measured by the Group) from the date such default occurred, the individual Customer will be liable to have his/her account repayment data retained by any credit reference agency to which the Group has provided his/her data until the expiry of 5 years from the date of final settlement of the amount in default.

  4. in the event any amount in an account is written-off due to a bankruptcy order being made against a Customer, the account repayment data (as defined in Paragraph (H)(i)(5) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until the expiry of 5 years from the date of final settlement of the amount in default or the expiry of 5 years from the date of discharge from a bankruptcy as notified by the Customer with evidence to the credit reference agency, whichever is earlier.

I.In relation to the mortgage applications received by the Group on or after 1 April 2011, of all the data which may be collected or held by the Group from time to time in connection with mortgages, the following data relating to the Customers (including any updated data of any of the following data) will be provided by the Group to the credit reference agency: -

  1. full name;

  2. capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in the customer's sole name or in joint names with others);

  3. Hong Kong Identity Card Number or travel document number;

  4. date of birth;

  5. correspondence address;

  6. mortgage account number in respect of each mortgage;

  7. type of the facility in respect of each mortgage;

  8. mortgage account status in respect of each mortgage (e.g., active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order); and

  9. if any, mortgage account closed date in respect of each mortgage.

The credit reference agency will use the above data supplied by the Group for the purposes of compiling a count of the number of mortgages from time to time held by the Customers, as borrower, mortgagor or guarantor respectively and whether in the Customer's sole name or in joint names with others, for sharing in the consumer credit database of the credit reference agency by credit providers (subject to the requirements of the Code of Practice on Consumer Credit Data approved and issued under the Ordinance. For any account relating to a mortgage loan which already existed prior to 1 April 2011 and continues to exist after that date, the Group will not provide the above data to the credit reference agency unless (1) the prescribed consent of the Customer has been obtained for the disclosure; or (2) the repayment of such account reveal a currently outstanding material default.
J.The Group may have obtained a credit report on the Customer from a credit reference agency in considering any application for credit. In the event the Customer wishes to access the credit report, the Group will advise the contact details of the relevant credit reference agency.
K.In accordance with the terms of the Ordinance, the Group has the right to charge a reasonable fee for the processing of any data access request.
L.The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed as follows: -

The Data Protection Officer
Shanghai Commercial Bank Limited
GPO Box 139 Hong Kong
Fax: (852) 2525 2336

M.Customers may, at any time and without charges, choose not to receive our promotional material. Please contact the Group's staff for details when necessary.
N.Customers acknowledge that telephone calls with the Group's staff may be recorded and used as evidence by the Group without further notice.
O.Nothing in this Circular shall limit the rights of Customers under the Ordinance.
P.In the event of any inconsistency between the English and Chinese versions of this Circular, the English version shall prevail.
Q.This Circular as may be revised, amended or updated from time to time shall be deemed an integral part of all contracts, agreements, credit facility letters, account mandates and other binding arrangements which the Customer has entered into or intend to enter into with the Group.

(c)Shanghai Commercial Bank Limited Effective Date: 1 March 2016


Back Top
Terms and Conditions / Disclaimer / Privacy Policy Statement
Copyright © Shanghai Commercial Bank Limited. All rights reserved.