Personal Information Collection Statement

Personal Information Collection Statement

Chong Hing Bank Limited (the "Bank")
Notice to Customers and Other Persons relating to the Personal Data
(Privacy) Ordinance (the "Ordinance")

       
1. From time to time, it is necessary for customers and other persons (including applicants, corporate officers, persons providing security or guarantee for banking/credit facilities, and other individuals) (collectively “data subjects”) to supply the Bank with data in connection with the opening or continuation of operation of accounts, and/or the establishment or continuation of provision of banking facilities and/or the provision of banking, financial (which is defined as including but not limited to credit card, fiduciary, securities and/or investment services) and/or insurance services or compliance with any laws, guidelines or requests issued by regulatory or other authorities.
 
2. It is necessary for data subjects to provide personal data to the Bank as requested from time to time. Failure to supply such data may result in the Bank being unable to open or continue to operate the accounts, establish or continue to provide banking facilities, and/or provide banking, financial and/or insurance services.
 
3. Data are collected from data subjects in the ordinary course of the Bank’s daily operation, for example, when data subjects write cheques, deposit money, apply for or use the Bank’s services or facilities, or otherwise carry out transactions as part of the Bank’s services. The Bank will also collect data relating to the data subject from third parties, including third party service providers with whom the data subject interacts in connection with the marketing of the Bank’s products and services and in connection with the data subject’s application for the Bank’s products and services.
 
4. The Bank intends to use the personal data collected from a data subject for the following purposes:
 
  (a) in considering, assessing and processing any applications from data subjects concerning the provision of banking, financial and/or insurance services;
  (b) in the daily operation of the banking, financial and/or insurance services and facilities provided to data subjects;
  (c) in conducting credit checks at the time of application for credit and/or at the time of regular or special reviews which may take place on one or more occasions every year;
  (d) in creating and maintaining the Bank’s credit scoring and other risk models;
  (e) in assisting other financial institutions to conduct credit checks and collect debts;
  (f) in ensuring ongoing credit worthiness of data subjects;
  (g) in designing banking, financial and/or insurance services and products for data subjects’ use;
  (h) in marketing services, products and other programmes (please see further details in paragraph 8 below);
  (i) in determining amounts owed to or by data subjects;
  (j) in enforcing the Bank’s rights, including but not limited to the collection of amounts outstanding from data subjects and in providing security or guarantee for data subjects’ obligations;
  (k) in compliance with any requirements existing currently and in the future for disclosure and use of data that are applicable to or is expected to be complied with by the Bank, any of its holding company, subsidiary of any such holding company, controller of the Bank (as such terms are defined in the Banking Ordinance (Chapter 155 of the Laws of Hong Kong)), its subsidiary companies and/or any of the Bank’s branches and offices from time to time within and/or outside the jurisdiction of the Hong Kong Special Administrative Region (“HKSAR”) according to:
    (i) any law binding or applying to it (e.g. the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information);
    (ii) any Order/Judgment made by a competent Court or Tribunal;
    (iii) any guidelines or guidance of any local or foreign legal, regulatory, tax, governmental, law enforcement or other authorities, or self-regulatory or industrial bodies or associations of financial services providers (e.g. guidelines or guidance given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information); or
    (iv)   any present or future contractual or other commitment with legal, regulatory, tax, governmental, law enforcement or other authorities, or self-regulatory or industrial bodies or associations of financial services providers;
  (l) in compliance with any obligations, requirements, policies, procedures, measures or arrangements for disclosing or using data and information concerning the sanction, prevention, detection, investigation and/or prosecution of money laundering, terrorist financing or other unlawful activities within or outside the jurisdiction of the HKSAR;
  (m)   in enabling an actual or proposed assignee of the Bank or participant or sub-participant of the Bank’s rights in respect of the data subject to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and
  (n) any purposes relating thereto.
 
5. Personal data held by the Bank relating to a data subject will be kept confidential and secured but the Bank may provide or transfer such information to the following classes of persons within or outside the HKSAR for any of the purposes set out in paragraph 4 above or for other purposes specified herein below:
 
  (a) the Bank’s officers, employees and/or agents;
  (b) any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to the Bank in connection with the operation of its business;
  (c) any actual or proposed guarantor who secures the obligation of the data subject;
  (d) the drawee bank by providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
  (e) third party service providers with whom the data subject has chosen to interact with in connection with the data subject’s application for the Bank’s products and services;
  (f) credit reference agencies, and, in the event of default, debt collection agencies;
  (g) any person to whom the Bank or any of its branches and offices is required or expected to make disclosure under any law, pursuant to any Court Order, or pursuant to any guidelines of and/or any contractual or other commitment with any local or foreign legal, regulatory, tax, governmental, law enforcement or other authorities, or self-regulatory or industrial bodies or associations of financial services providers existing currently and in the future which are applicable to the Bank, any of its holding company, subsidiary of such holding company, controller of the Bank (as such terms are defined in the Banking Ordinance (Chapter 155 of the Laws of Hong Kong)), its subsidiary companies, and/or any of the Bank’s branches and offices from time to time within and/or outside the jurisdiction of the HKSAR;
  (h) any actual or proposed assignee of the Bank or participant or sub-participant or transferee of the Bank's rights in respect of the data subject ; and
  (i) (i) the Bank’s group companies and affiliates which provide banking, financial and/or insurance services;
    (ii) any holding company, subsidiary of any such holding company, and/or controller of the Bank (as such terms are defined in the Banking Ordinance (Chapter 155 of the Laws of Hong Kong)) which may be required to submit information to any local regulatory authority(-ies) for the purposes of enabling such holding company, subsidiary of such holding company and/or controller of the Bank to comply with such requirement and to fulfil its/their statutory obligations pursuant to the relevant law, including but not limited to the Banking Ordinance;
    (iii) third party financial institutions, merchant acquiring companies, insurers, credit card companies, securities and investment services providers;
    (iv) third party reward, loyalty, co-branding and privileges programme providers for the relevant services, products and/or programmes;
    (v) co-branding partners of the Bank and the Bank’s group companies for the relevant services, products and/or programmes;
    (vi) charitable or non-profit making organisations; and
    (vii)   external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Bank engages for marketing services, products and other matters as detailed in paragraph 8 below.
 
6. Subject to Paragraph 4, the Bank may access the database of any credit reference agency for the purpose of conducting credit reviews from time to time. In particular, the Bank may access the consumer credit data of the data subject held by any credit reference agency and/or obtain credit reports on data subjects from such credit reference agency for the purpose of reviewing their existing consumer credit facilities which may involve the consideration by the Bank of any of the following matters:
 
  (a) an increase in the credit amount;
  (b) the curtailing of credit (including the cancellation of credit or a decrease in the facility amount); or
  (c) the putting in place or the implementation of a scheme of arrangement with the data subject.
 
7. With respect to data in connection with mortgages applied by a data subject (whether as a borrower, mortgagor or guarantor and whether in the data subject’s sole name or in joint names with others) on or after 1 April 2011, the following data relating to the data subject (including any updated data of any of the following data from time to time) may be provided by the Bank, on its own behalf and/or as agent, to a credit reference agency:
 
  (a) full name;
  (b) capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in the data subject’s sole name or in joint names with others);
  (c) Hong Kong Identity Card Number or travel document number;
  (d) date of birth;
  (e) correspondence address;
  (f) mortgage account number in respect of each mortgage;
  (g) type of facility in respect of each mortgage;
  (h) mortgage account’s status in respect of each mortgage (e.g. active, closed, written-off (other than due to a bankruptcy order), written-off due to a bankruptcy order); and
  (i) if any, mortgage account’s closing date in respect of each mortgage.
 
  The credit reference agency will use the above data supplied by the Bank for the purposes of compiling a count of the number of mortgages from time to time held by the data subject with credit providers in Hong Kong, as borrower, mortgagor or guarantor respectively and whether in the data subject’s sole name or in joint names with others, for sharing in the consumer credit database of the credit reference agency by credit providers, information which the Bank may from time to time access to when it is required to do so (subject to the requirements of the Code of Practice on Consumer Credit Data approved and issued under the Ordinance).
 
8. USE OF DATA IN DIRECT MARKETING
  The Bank intends to use a data subject’s data in direct marketing and may not so use the data unless it has received the data subject’s consent (which includes an indication of no objection) to the intended use. Please note that:
 
  (a) the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of a data subject held by the Bank from time to time may be used by the Bank in direct marketing;
  (b) the following classes of services, products and/or programmes may be marketed:
    (i) banking, financial, insurance, credit card and related services and products;
    (ii) reward, loyalty, co-branding and privileges programmes and related services and products;
    (iii) services, products and/or programmes offered by the Bank’s co-branding partners and the Bank’s group companies; and
    (iv) donations and contributions for charitable or non-profit making purposes;
  (c) in addition, the Bank also intends to provide the data described in paragraph 8(a) above to the following classes of entities for use by them in direct marketing of services, products and/or programmes described in paragraph 8(b) above, and the Bank may not so provide the data unless it has received the data subject’s consent (which includes an indication of no objection) to the intended provision:
    (i) the Bank's group companies and affiliates which provide banking, financial and/or insurance services;
    (ii) third party financial institutions, insurers, credit card companies, securities and investment services providers;
    (iii) third party reward, loyalty, co-branding and privileges programme providers for the relevant services, products and/or programmes;
    (iv) co-branding partners of the Bank and the Bank's group companies for the relevant services, products and/or programmes; and
    (v) charitable or non-profit making organisations.
 
  If a data subject does not wish the Bank to use and/or provide to other parties his/her data for use in direct marketing as described above, the data subject may, at any time and without charge, exercise his/her opt-out right by notifying the Data Protection Officer of the Bank after which the Bank shall cease to use and/or provide to other parties his/her personal data in direct marketing. (To opt out from direct marketing, please complete and return to the Bank an opt-out form available on the Bank’s website www.chbank.com or from any branch of the Bank.)
 
9. Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data, a data subject has the right:
 
  (a) to check whether the Bank holds data about him/her;
  (b) to request access to such data;
  (c) to require the Bank to correct any data relating to him/her which is inaccurate;
  (d) to ascertain the Bank’s policies and practices in relation to data and be informed of the kind of personal data held by the Bank;
  (e) to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to request access to and/or correction of any data disclosed to the relevant credit reference agency or debt collection agency; and
  (f) in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Bank to a credit reference agency, to instruct the Bank, upon termination of the account by full repayment, to make a request to the credit reference agency to delete such account data from its database, as long as the instruction is given within five years from the account’s termination and there has been no default in payment in relation to the account lasting in excess of 60 days within the five year period immediately preceding the account’s termination. Account repayment data includes amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last time the account data was provided by the Bank to a credit reference agency), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).
 
10.  In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data (as mentioned in paragraph 9(f) above) may be retained by the credit reference agency until the expiry of five years from the date of final settlement of the amount in default.
 
11. In the event any amount in an account is written-off due to a bankruptcy order being made against a data subject , the account repayment data (as mentioned in paragraph 9(f) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveals any default of payment lasting in excess of 60 days, until the expiry of five years from the date of final settlement of the amount in default or the expiry of five years from the date of discharge of a bankruptcy order as notified by the data subject with evidence to the credit reference agency, whichever is earlier.
 
12. In accordance with the terms of the Ordinance, the Bank has the right to charge a reasonable fee for the processing of any data access request.
 
13. A data subject who requests access to data or correction of data or for information regarding policies and practices and kinds of data held should contact the following officer of the Bank:
 
                                                     The Data Protection Officer
                                                     Chong Hing Bank Limited
                                                     G. P. O. Box No. 2535
                                                     Hong Kong
                                                     Telephone: 3768 6888
                                                     Facsimile: 3768 1688
                                                     E-mail: dpo@chbank.com
 
14. The Bank may have obtained a credit report on the data subject from a credit reference agency in considering any application for credit. In the event the data subject wishes to access the credit report, the Bank will, upon request being made, advise the contact details of the relevant credit reference agency.
 
15. Nothing in this Statement shall limit the rights of data subjects under the Ordinance.
 
November 2021
 
(In case of any inconsistencies between the English and the Chinese versions of this Statement, the English version shall prevail.)