Personal Information and Privacy Protection Policy of DBS Bank (China) Limited

    Personal Information and Privacy Protection Policy of DBS Bank (China) Limited

    Updated on:        July 5, 2022
    Effective as of:    July 5, 2022

    DBS Bank (China) Limited ("DBS", the "Bank", "we" or "us") understands how important your personal information means to you, takes the confidentiality and security of personal information very seriously, and strives at all times to protect your personal information and privacy according to law. We therefore formulate this Personal Information and Privacy Protection Policy (this "Policy") in accordance with current laws, regulations and policies to help you understand the purposes, methods, and scope of our collection and use of personal information, our practices regarding personal information and privacy protection, your rights and interests relating to personal information and privacy and how to safeguard your rights and interests. We have always been committed to maintaining your trust in us and will stick to the following principles to protect your personal information: legitimacy, rightfulness, necessity, good faith, transparency, etc.

    We strive to use plain and concise language to prepare this Policy. The terms of this Policy which are closely related to your rights and interests and the sensitive personal information involved in this Policy are highlighted in bold for your special attention. Therefore, please make sure you have carefully read and fully understood this Policy before using our products or services, and do not use any of our products or services until you have fully understood and agreed to this Policy. The key points of this Policy are as follows:

    1.  For your convenience to understand the types and purposes of personal information we need to collect when you or your affiliates (e.g. your relatives, the borrower for whom you provide guarantees/security, and business entities that you hold a position in, represent, invest in or have a transaction /financial relationship with) use our services, we will explain the types, causes for use and collection methods of your personal information by the particular service scenario.
       
    2.  When you use certain business function, we will collect your sensitive personal information (e.g., biometric information) after you give us your consent. Refusal to provide such information will affect your normal use of related function, but will not affect your use of other services we provide.
       
    3.  To provide the service per you request, we might need to share your personal information with a third party. We will assess the legitimacy, rightfulness, and necessity of the collection of information by such third party. We will ask the relevant third party to take measures to protect your information and strictly comply with relevant laws and regulations and regulatory requirements. Subject to the requirements of laws and regulations, we will ask for your consent or ask the relevant third party to demonstrate they have obtained your consent via confirmation agreement, page prompt in specific scenario, interaction process, agreement, etc.

    Unless otherwise stated, this Policy applies to the personal information of you or your affiliates when you or your affiliates visit, browse, or use our online service platforms such as our website or mobile device applications, apply for or use any product or service of us or any third party, handle any business or make any transaction with us, participate in any of our marketing events and surveys, and in any way contact or communicate with us, no matter the information is provided by you or your affiliates on an unsolicited basis, or collected or acquired by us from other sources according to laws, regulations, or regulatory provisions, or based on your or other relevant parties' authorisation or consent. If you want to know more about this Policy, please read the corresponding chapters based on the following table of contents:

    I.    How We Protect Your Personal Information
    II.   How We Collect Your Personal Information
    III.  How We Use Your Personal Information
    IV.   How We Store Your Personal Information
    V.    How We Entrust Processing of, Share, Transfer and Publicly Disclose Your Personal Information
    VI.   Special Circumstances for Information Processing
    VII.  How We Use Cookies and Other Technologies
    VIII. Your Rights Relating to Personal Information
    IX.   How to Contact Us
    X.    Protection of Minors' Personal Information
    XI.   Formulation, Effectiveness and Update of this Policy and Others

    We will collect, use, handle, transfer, store, provide, disclose, delete and protect your and relevant parties' personal information in accordance with this Policy. We may separately formulate special personal information protection policy tailor-made for specific channels, products, services, business and activities (e.g. personal information protection policy for DBS digibank CN mobile application). The special personal information protection policy so formulated, if any, shall apply in the specific scenarios as prescribed in such policy. 

    If there is any discrepancy between this Policy and other agreements entered into or other terms and conditions agreed between you (or your affiliates) and us, such other agreements or terms and conditions shall prevail.

    I.  How We Protect Your Personal Information

    1. Information security is our top priority. We will endeavour at all times to protect your personal information acquired by us and prevent any accidental or unauthorised illegal access, reproduction, alteration, transmission, loss, destruction, processing or use of your personal information. We maintain this commitment to information security by implementing appropriate security technologies, security management and other measures to protect your personal information. We will be held liable in accordance with law if your information suffers from unauthorised access, public disclosure, tempering or damage for any reason attributable to us and so impairs your lawful rights and interests.
       
    2. Our website supports advanced content encryption technology to protect personal information, which is a prevailing industry standard for protection of data security on the Internet. Our web servers are protected behind firewalls and our systems are monitored to prevent any unauthorized access.
       
    3. We maintain strict security system to prevent unauthorized access to your information. We exercise strict management over our staff members who may have access to your information, including but not limited to access control applied to different positions, contractual obligation of confidentiality agreed with relevant staff members, formulation and implementation of information confidentiality and security related policies and procedures, and relevant training offered to staff members.
       
    4. We will not provide your personal information to any third party, unless the provision is made to comply with laws, regulations and regulatory provisions, or according to this Policy or other agreement (if any), or based on your separate consent or authorisation. When we need to use services provided by external service providers (entities or individuals), we also impose strict confidentiality obligations on them and request them to comply with the requirements of applicable laws and regulations when processing personal information.
       
    5. For the security of your information, you take on the same responsibility as us. You shall properly take care of your personal information, such as your bank account information, identity verification information (e.g., user name, password, other dynamic password, verification code, etc.), including all the documents, devices or other media that may record or otherwise relate to such information, and shall ensure your personal information and relevant documents, devices or other media are used only in a secure environment. You shall not, at any time, disclose to any other person or allow any other person to use such information or relevant documents, devices or other media. It is suggested that you take active actions to ensure the security of your personal information, such as changing the password to your account regularly and not disclosing your account number and password or other personal information to others. Once you think your personal information and/or relevant documents, devices or other media have been disclosed, lost or stolen, which may endanger your relationship with us or may otherwise affect the security of your use of our products, devices or services, you shall notify us immediately so that we may take appropriate measures to prevent further loss from being incurred.
       
    6.  We will organize regular staff training and related drills on emergency response for them to understand their duties and emergency response strategies and procedures. If unfortunately, a personal information security incident occurs, we will take emergency measures to mitigate the severity and losses in connection therewith. Meanwhile, we will, following the applicable requirements of laws and regulations, inform you of the basic information of the security incident and its possible impact, the actions and measures we have taken or will take, suggestions on how you can prevent and mitigate the risk, and applicable remedial measures etc. We will inform you about the security incident by email, mail, call, SMS, push notification or through other methods as appropriate in a timely manner. Where it is difficult to notify each information subject, we will issue a public announcement in a reasonable and effective way. Meanwhile, we will report such personal information security incident and its disposition in accordance with the requirements of laws and regulations and regulators.
       

    II.    How We Collect Your Personal Information

    1. For the purpose of complying with laws, regulations and regulatory provisions, or as required for us to provide you or your affiliates with various products and services and improve the quality of our products and services, or in order to contact or communicate with you or your affiliates, understand the needs of you or your affiliates, establish, review, maintain and develop our relationship with you or your affiliates, we may receive or keep the personal information provided by you or your affiliates on an unsolicited basis, or, according to laws, regulations, regulatory provisions, or your authorisation or consent, collect, enquire about, and verify by proper methods your personal information from/with members of the DBS Group or other third parties (including but not limited to credit reference agencies, information service providers, non-banking payment institutions, clearing institutions, employers, counterparties, joint applicants, contact persons, close relatives and other individuals or entities that lawfully keep your information). For example, third parties with whom we have cooperation may on your consent, refer you to us as a potential client, and for such purpose, provide us with your basic personal information such as name, gender, contact information, so we may further communicate and keep in touch with you.
       
    2. The personal information we collect may be in paper, electronic (for example, without limitation, information collected through such channels as the Bank's website, online banking, WeChat platform, mobile banking, self-service machines, QR codes and other mobile device applications in offline events or on roadshow platforms, email, SMS, and telephone banking) or any other forms.
       
    3.  When you (in the name of yourself or your affiliates) visit, browse or use our website and/or applications, for the purpose of maintaining the normal operation of services and protecting the security of your transactions, we may collect information about your electronic devices (including device model, operating system, unique device identifier, login IP address, network access methods, types and status, operating system version and browser version, etc.) and operation log information. Such information is the basic information we must collect to provide you or your affiliate with services to ensure your or your affiliates' normal and safe use of our services. We use Cookies and other similar technologies to collect such information. You may disable Cookies by changing your settings (please refer to Article VII of this Policy "How We Use Cookies and Other Technologies" for details).
       
    4. When you log in and/or use our online business systems such as the online account opening system, in order to ensure the safe and stable operation of the system and related services, we may need to obtain the following system permissions, and collect information and data in relation to the device and network you use:
      System Permissions Authorized Functions/Purposes
      Permission for the program to access network status information of Wi-Fi To ensure normal network connection
      Permission for the program to open network sockets To ensure normal network connection and to implement the security detection function
      Permission for the program to access information about the GSM network To check the network status and to ensure normal network connection
      Permission for reading phone status To prevent account theft
      Write permission for the program To secure the stable operation of the application supporting the business system

       

    5. The technical information which cannot identify any individual will not be treated as personal information. However, when such technical information can identify you alone or in combination with other information, we will protect it as your personal information.
       

    6.  We may invite you to subscribe to our publications, newsletters or alerts or to participate in our marketing events, surveys or recruitment events via our website and/or parts of the applications (such as our WeChat official account). You may choose whether to accept the invitation or not. If you accept relevant invitation, we may collect the personal information such as name, gender, telephone number, email address, employer, and job position you provide to us during the subscription process and/or via interactive materials such as contact forms, questionnaires, etc. It is completely up to you to decide whether to provide such information. Refusal to provide such information will not affect your visiting, browsing or using our website and/or applications.
       

    7. When you (on behalf of yourself) apply for or use our services, in order for us to provide you with relevant products/services, attend to relevant banking business, and perform corresponding obligations of regulatory compliance and risk control and management, we may need to collect your following personal information:

      Purposes or Functions (Products/Services/Business) Information We May Need to Collect
      User registration When you register on our website, mobile application (including but not limited to DBS digibank CN mobile application, WeChat platform), in order to verify your identity and create relevant user account information, we will collect your personal information such as your ID number and one-time dynamic verification code sent to your preset mobile phone number, subject to the scope listed in the personal information protection policy for DBS digibank CN mobile application and other online platforms, or (when such information is in the possession of the Bank) retrieve such information for the said purpose.
      Account opening, modification and closing/deregistration

      In order to provide you with account opening, modification and deregistration services, we may collect your name, gender, nationality, place of birth (country/region), contact information, ID type, ID number and such other information listed in the respective application document(s) filled out, submitted and/or confirmed by you for account opening/modification/account closing.

      When you use our WeChat platform to register and open a Class-II account, for the purpose of identity verification, account binding and compliance & risk control, we may collect your name, mobile phone number, ID card number, ID card address, the validity period of ID card, the image of ID card, the face recognition information (if you choose to use the face recognition service), the number of the Class I account (opened with the Bank or another bank) to be linked with, and the IP address when you logging in to the relevant e-banking service terminal. At the same time, based on your true wishes, we will process the account verification transactions sent by China UnionPay and other clearing institutions, compare the name, mobile phone number, ID number and bank card number you have retained in the Class I account opening bank and issue verification result.
      Debit card application If you apply for a debit card of the Bank, we may collect information such as your name, gender, ID type, ID number and associated account, subject to the scope listed in the relevant application documents filled out, submitted and/or confirmed by you.
      Deposit and remittance In order to provide you with deposit and remittance services, we may collect your name, ID card number, account information such as the account number, the account bank, type, currency, amount, etc., as well as the amount of deposit/remittance and the payee's information (including but not limited to the name, region and receiving account information of the payee), subject to the scope listed in the relevant documents filled out, submitted and/or confirmed by you.
      Foreign currency exchange In order to provide you with foreign currency exchange services, we may need to collect the name and ID card number of you and your agent (if any), the transaction currency and amount, and other information you submit and confirm to us during the service application/confirmation process. 
       
      Personal consumption loans (including consumer credit products you apply for through third-party channels) For the purpose of application review, loan disbursement, related loan services provision, as well as relevant anti-money laundering review, risk control management, and post-lending management, to the extent permitted by laws and regulations, we may directly or through third-party platform(s), collect your following information:
      •  your basic personal information such as name, date of birth, ID card information (including the image and type of ID card and the information thereon), identity verification result(s), residential address, phone number, job, contact information.
      • if you choose to use the face recognition function, we may also collect your face recognition information (such as face image).
      • personal credit information (normal or negative), such as your credit information in the PBOC database, information relating to your loan application, loan contract, repayment performance, and litigation, administrative punishment, illegal or criminal behavior/record;
      • consumption capacity data;
      • bank card information, real estate information and other property information; and
      • other information required for providing loan services, fulfilling compliance obligations, or otherwise authorized by you.
      Personal mortgage loan In order to provide you with personal mortgage loan(s) (including relevant pre-lending review, lending and post-lending management), we may collect your name, date of birth, ID card number, nationality, household registration, marriage and the information of minor children, academic information, residential address, telephone number, email address, job information (length of service, employer, job title), income information, real estate information (type, lease contract, address, floor space, purchase price) and loan information (amount, interest rate, repayment period).
       
      Investment and wealth management (including funds, Great Bay Area Wealth Management Connection, structured investment, etc.) In order to provide you with investment and wealth management products/services (including carrying out related investor eligibility/risk tolerance assessment and compliance risk management), we may collect your name, ID type and number, fund settlement account number, investment account number, and such other information listed in the application form, subscription letter and other application document(s) or transaction document(s) filled out, submitted and/or confirmed by you, such as product category, transaction currency & amount, investment period, starting date, etc..
      Insurance distribution In order to provide you with insurance distribution services, we may collect:
      • the policy holder's information such as name, gender, age, date of birth, ID type, number and validity period;
      • the insured's information such as name, gender, age, date of birth, ID type, number and validity period;
      • The beneficiary's name, gender, age, date of birth, ID type, number, and validity period.
      The specific information scope is subject to the application document(s) or insurance document(s) such as the application form, insurance application form, and etc. that you fill out, submit and/or confirm.
      Single Passport Entry Privilege as Regional Treasures In order to provide you with account opening witness services, we may need to collect your personal information, which is subject to the scope listed in the relevant application form(s) filled out, submitted and/or confirmed by you.

      The above information is necessary for us to provide you with products or services, perform our agreements with you, and/or perform our legal and regulatory compliance obligations. If you fail to provide the requested information (or the information so provided is incomplete, inaccurate or untrue), we will not be able to provide relevant products or services to you.

    8. When you (on behalf of your affiliate(s)) apply for or use our services, in order to provide you with relevant products/services, attend to relevant banking business, and perform corresponding obligations of regulatory compliance and risk control and management, we may need to collect your following personal information:

      Purposes or Functions (Products/Services/Business) Information We May Need to Collect
      Secured loan (applicable to both corporate clients and individual clients) When you, acting as a guarantor/security provider, provide a guarantee/security for the debts of your affiliate(s) with the Bank, we may collect your following information for the purpose of reviewing, managing and implementing the guarantee/security provided by you:
      • personal identity information, including name, date of birth, gender, nationality, household registration, ID type, number, validity period and address listed in the ID card, marriage and information of minor children, academic information, job information (length of service, employer, job title, work address), relationship with relevant debtor (such as employment/shareholding/investment relationship), telephone number, e-mail, contact information, residential address;
      • personal property information, including personal income, owned real property, owned movable property (e.g., vehicle, financial assets, etc.), indebtedness, investment, tax payment amount, tax residence, taxpayer identification number, payment amount of housing fund contribution, etc.;
      • personal credit information, including credit card, loan and other credit transaction information, litigation, investigation and punishment information, and any other information that may reflect personal credit status;
      •  collateral information, such as real estate information (including type, lease contract, address, floor space, purchase price).;
      Corporate client products/services (corporate account opening, financing, online banking, financial consulting, cash management, etc.) In order to provide products/services to your affiliated companies or attend to relevant business for them, we may collect your following personal information:
      •  for the purpose of conducting due diligence on corporate clients, we may collect your ID card information (name, gender, ID card number, date of birth, ethnicity), personal financial information (account information, identification information, financial transaction information, personal identification information, property information, loan information, etc.), mobile phone number and signature information.
      • for the purpose of providing account opening services for corporate clients, we may collect your ID card information (name, gender, ID card number, date of birth, ethnicity), passport number, email address, mobile phone number, address and signature information.
      • for the purpose of reviewing and providing trade finance, financial advisory services, cash management, corporate finance, corporate online banking and other corporate financial products/services, we may collect your ID information (name, gender, ID card number, date of birth, ethnicity), email address, contact information (including fixed telephone number, mobile phone number, and etc.), signature information and/or (if you are the designated payee under corporate online banking, cash management and other services) account information and address information.
      • when you register, log in or use the Bank's online business system or related corporate service platform in the name of an affiliated company, we may collect the photo of your ID card and (where facial recognition function is triggered) your facial recognition information.

      The above information is necessary for us to provide products or services or attend to relevant business for your affiliate(s), perform our agreements with you or your affiliates, and/or perform our legal and regulatory compliance obligations. If you refuse to provide those information (or the information so provided is incomplete, inaccurate or untrue), we may not be able to provide relevant products or services to or attend to relevant business for your affiliate(s).

    9. In addition to the above scope, we may also collect your information for the following purposes

      i.    In order to provide you or your affiliates with relevant products/services, perform contractual and/or regulatory compliance obligations, we may also collect your other personal information obtained or retained during the process of establishing, maintaining business or other relationships with you or your affiliates, for example: additional information required for fulfilling anti-money laundering and other compliance obligations or at the request of relevant product/service provider(s) such as fund companies and insurance companies, information obtained from third party channels during our review on your identity and related business, financial transaction information generated when you or your affiliates handling relevant business, as well as communications and other correspondence records (audio and video recordings, call records, communications records and contents) formed during your or your affiliates' application for, use and/or deregistration of related products/services/businesses with us.

      ii.    At the request of relevant regulators/partners, some of the Bank's services (e.g. investment and wealth management, account opening witness) may need to be rendered over-the-counter and/or under "double recording (audio recording and video recording)", for and during which, we may need to collect your audio and/or video recording information. If you refuse us to collect the aforementioned information, we will not be able to provide you or your affiliate(s) with the relevant products or services or attend to the relevant business.
       

    10. You may decide, at your free choice, to provide us with, or allow us to collect from you or any third party as you may agree, the relevant information for specific purposes or functions, e.g., the personal information that you provide to us for the purpose of improving service experience, participating in our marketing events or surveys, making an appointment to open an account or for other business. You can choose not to provide such information. Your failure to provide such information will prevent you from participating or enjoying the corresponding convenience or functions, but will not affect your normal use of other services. In terms of any marketing activity notice, commercial electronic information or advertisement you may be interested in, that are provided by the Bank based on the aforementioned information, if you do not wish to receive such information, you may unsubscribe from these communications via the method listed in "IX. How to Contact Us"in this Policy.
       

    11. Please understand that the services we provide are constantly evolving and developing. If you or relevant customers choose to use any other service not listed above for which we have to collect your personal information, we will separately explain to you or relevant customers the purposes, methods, and scope of collection of personal information, etc. through reminder, alert, interaction process, agreement or other appropriate methods, and ask for your or relevant customers' consent to the extent required by applicable laws and regulations. We will use, store, provide, and protect your information in accordance with this Policy and other agreements (if any). If you or relevant customers choose not to provide the relevant information, you or relevant customers may be unable to use certain service or certain part thereof, but your or relevant customers' use of other services we provide will not be affected.

    III.    How We Use Your Personal Information

    1. We will use the personal information authorised by you for the purposes mentioned in Article II of this Policy "How We Collect Your Personal Information", in order to realize the functions of our products and/or services.
       
    2. When you visit, browse or use our website and/or applications as a visitor, we may use your information for the following purposes:

      (1)  to respond to your enquiries and requests;

      (2)  to provide you with information, products or services that you request from us or may have interest in, subject to your prior consent;

      (3)  to perform contracts or agreements entered into between you and us;

      (4)  to allow you to interact with us on our website and/or applications;

      (5)  to notify you of changes to our website and/or applications;

      (6)  to enable the contents of our website and/or applications to be presented in an effective manner on your device;

      (7)  to maintain normal and secure operation of our website and/or applications as well as banking business or services, to prevent and control risk, or to detect and prevent any misuse of our website, applications, products or services;

      (8)   to perform the compliance obligations of the Bank and the DBS Group, or to comply with or enforce any applicable laws and regulations;

      (9)  to conduct statistics and analysis regarding the use of our business, products, services or functions. However, such statistics will not contain any of your personally identifiable information.

    3. When you are our prospective or existing individual customer, or handle business on behalf of our customer, or provide personal guarantee in favour of us, we may use your information for the following purposes:

      (1)  to provide you or your affiliates with products or services, to identify you or verify your identity, or to examine and approve, manage, handle, execute or effect transactions requested or authorised by you or your affiliates;

      (2)  to comply with or enforce any Applicable Laws ("Applicable Laws" refer to any local or foreign law, regulation, ordinance, rule, judgment, decree, self-discipline code, directive, sanction regime or court order applicable to any member of the DBS Group, any agreement between any member of the DBS Group and any authority, or any agreement or treaty between authorities applicable to the Bank or any member of the DBS Group) or any order or requirement from any authority;

      (3)  to perform the compliance obligations of the Bank and the DBS Group (including regulatory compliance, tax compliance and compliance with any Applicable Laws or requirements of any authority), or to implement any policy or procedure formulated by the Bank and the DBS Group for the performance of compliance obligations;

      (4)  to ensure the security and stability of financial services, to prevent or prohibit activities in violation of laws or regulations, to control or mitigate risk, to detect, investigate and prevent any real, suspected or potential financial crime (including money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanction and/or violation of any Applicable Laws relating to these matters, or acts or attempts to circumvent or violate any Applicable Laws relating to these matters), or to manage the risk of financial crime;

      (5)  to collect any amounts due from any debtor;

      (6)  to conduct credit or credit reference checks, or to verify, obtain or provide credit reference or credit information;

      (7)  to enforce or defend the rights of the Bank or any member of the DBS Group, or to perform the obligations of the Bank or any member of the DBS Group;

      (8)  to fulfil the reasonable operational requirements of the Bank or the DBS Group (including for credit and risk management, data statistics, analysis, processing, handling, archiving and backing up, system, product and service design, research, development and improvement, planning, insurance, audit and administrative purposes);

      (9)  subject to your or your affiliates' authorisation, to market or promote relevant products or services to you or your affiliates, to assess your or your affiliates' interests in relevant products or services, or to conduct market research or survey or satisfaction survey;

      (10) to obtain or utilize administrative, consultancy, telecommunications, computer, payment, data storage/processing, outsourcing and/or other third-party services.

    4. The above contents of this Policy on the collection and use of personal information shall not affect our use of your information for the purposes as otherwise specifically agreed between you or and us.
       
    5. When we intend to use your personal information for any purpose other than those specified herein or use your personal information collected for a specific purpose for any other purpose, we will inform you of such use, and obtain your consent before using your personal information for such additional purposes to the extent required by applicable laws and regulations.

    IV.    How We Store Your Personal Information

    1. We comply with the laws, regulations and codes of the People's Republic of China on data storage. When we collect or process your information, we will, according to laws and regulations, regulatory provisions, archiving, accounting, auditing or reporting requirements, and the purposes set forth in this Policy, keep your information for a period as minimum as necessary to fulfil the purposes of information collection.
       
    2. After the retention period expires, we will destroy, delete or anonymize relevant information, or where the destruction, deletion or anonymization is not possible, store your personal information securely and strictly control its access. The aforementioned requirements do not apply to the information that needs to be retained according to laws and regulations, regulatory provisions, archiving, accounting, auditing or reporting requirements, special agreement between you or relevant customers and us, or for settlement of indebtedness between you or relevant customers and us, or for record check or enquiry from you, relevant customers, regulators or other authorities.

    V.    How We Entrust Processing of, Share, Transfer and Publicly Disclose Your Personal Information

    1. Entrusted Processing and Sharing
      For the purposes set out above in this Policy, we may provide all or part of your personal information to the following recipients to the extent that such provision is necessary and is made with proper protective measures (refer to Article I of this Policy "How We Protect Your Personal Information") and the recipients may also, for the aforesaid purposes, use, process or provide the information they receive provided that corresponding protective measures are adopted pursuant to the applicable laws or our requirements:

      (1)  any member of the DBS Group (please refer to here);

      (2)  any contractor, subcontractor, agent, service or product supplier, licensor, professional consultant, business partner, or associated person of the DBS Group (including their employees, directors and officers);

      (3)  any regulator or any other authority, or any entity or individual designated by such regulator or authority;

      (4)  anyone acting on your or relevant customers' behalf according to your or relevant customers' authorisation or according to law, payees, beneficiaries, account nominees, intermediaries, correspondent and agent banks (e.g. those for CHAPS, BACS and SWIFT), clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories, stock exchanges, companies in which you have an interest in securities (where such securities are held by us for you or relevant customers), or anyone making any payment to you or relevant customers;

      (5)  any person or relevant party who has right or obligation, acquires an interest or assumes risk, in or in connection with any product or service you or relevant customers receive from the Bank, or any business you or relevant customers handle at the Bank or any transaction you or relevant customers make with the Bank (e.g. the person who provides or proposes to provide any mortgage or other security for any of your or relevant customers' obligations to the Bank, or the beneficiary of the insurance product that the Bank distributes to you);

      (6)  other financial institutions, industrial associations, bank card organisations, credit rating agencies, credit reference agencies (including but not limited to the Basic Financial Credit Information Database) and information service providers;

      (7)  any third-party asset manager providing you or relevant customers with asset management services through us;

      (8)  any intermediary broker providing referral, agency or intermediary service to us, or any third party to whom we provide referral, agency or intermediary service;

      (9)  any party in connection with any business/asset transfer, restructure, disposal (including securitisation), merger, spin-off or acquisition transaction of the Bank;

      (10)  any person to whom the Bank or any member of the DBS Group is obliged or required to make information available for the purposes specified;

      (11)  relevant third parties as set out in the agreements and/or the terms and conditions governing the relationship between the Bank and you or the Bank's customers.

      Since we rely on the group's global resources to provide products or services, to the extent permitted by laws and regulations, we may use intra-group systems located overseas (such as Singapore) to process your personal information, which means that your personal information may be transferred to offshore entity(ies) within the DBS Group. Meanwhile, we may need to provide your personal information to relevant overseas partners or service providers for the purpose of conducting cross-border business, for example, in order to provide cross-border remittance service(s) to you or your affiliate(s), provide your personal information to third party participants such as overseas intermediary bank(s) and receiving bank(s); or provide your personal information to our cooperation bank(s) in Hong Kong for the purpose of providing Great Bay Area Wealth Management products/services to you or your affiliate(s). For the aforementioned cross-border information transfer, you may seek further information on the recipient, the type of information to be transferred and other specific information in relevant business documents or by contacting us via the contact information listed in "IX. How to Contact Us" of this Policy. If we provide your personal information overseas, we will comply with provisions and requirements on cross-border personal information transfer under laws and regulations. According to applicable laws and regulations, your personal information will be protected by a code of confidentiality and security which the Bank, members of the DBS Group, their staff and third parties are subject to, whether it is processed domestically or overseas.

      To the extent required by applicable laws and regulations, we will inform you about our provision of your personal information to third parties, including the recipient's identity, contact information, purpose of processing, method of processing and the types of personal information provided (if cross-border data transfer is involved, we will also inform you of the methods and procedures by which you may exercise your rights against the overseas recipient of your personal information), and seek your prior consent to the extent required by applicable laws and regulations.
       

    2. Transfer
      Without your authorisation or consent, we will not transfer your personal information to any other company, organization or individual, except in the case of any business/asset transfer, restructure, disposal (including securitisation), merger, spin-off or acquisition transaction of the Bank where the transfer is necessary. In such case, we will inform you of the identity and contact information of the personal information recipient according to the requirements of applicable laws and regulations and request the personal information recipient to comply with this Policy. If the personal information recipient changes the purposes or methods of personal information processing under this Policy, it shall re-obtain your consent.
       
    3. Public DisclosureWe
      will not disclose your personal information to the public unless we have your separate consent.

    VI.    Special Circumstances for Information Processing

    Please understand that we will generally process your personal information (e.g., collection, storage, use, processing, transfer, provision and public disclosure) based on your consent. However, we may process your personal information without your consent under the following circumstances:

    1. where it is necessary for entering into or performing a contract to which you are a party;
       
    2. where it is necessary for performance of a statutory duty or statutory obligation;
       
    3. where it is necessary in order to respond to a public health emergency or protect your or other individuals' life, health and property in an emergency;
       
    4. where it is conducted to a reasonable extent in order to carry out news coverage or media supervision for public interest;
       
    5. where it is conducted to a reasonable extent according to applicable laws and regulations to process any personal information made public by yourself or in any other legal manner;
       
    6. other circumstances prescribed by laws and administrative regulations.

    VII.    How We Use Cookies and Other Technologies

    The Bank's website and applications (each, an "Application") use Cookies. Cookies are small text files that are placed on your computer or mobile device when you visit the website or use an Application. Cookies collect information about users and how they visit the website or use an Application, such as their Internet Protocol (IP) address, how they arrive at the website (e.g., through a search engine or a link from another website), and how they navigate within the website or Application. We use Cookies and other technologies to facilitate your Internet sessions and your use of our Applications, to provide products and/or services based on your preferred settings, to track the use of our website and Applications, and to compile statistics on the activities conducted on our website and/or Applications.

    Pixel tags (also known as web beacons) are invisible tags placed on some pages of our website but not on your computer. Pixel tags are often used in combination with Cookies to monitor the behaviour of users who visit our website.

    You can set your Web browser to block Cookies, thereby disabling pixel tags to monitor your website visits. You can also delete Cookies stored on your computer or mobile device. However, if you block Cookies and pixel tags, you may not be able to use some of the functions and features of our website.

    Further, we may also engage third party companies to research the traffic and other activities on our website and/or Applications. Such companies may use web beacons, Cookies and other technologies to find out more about visitors of our website and/or Applications (e.g., user demographics and behaviours and use patterns) and improve the effectiveness of our marketing efforts. They aggregate the information collected and then provide it to us, but we will not provide to or acquire from such companies personally identifiable information about you. If you want to disable Cookies related to these technologies, you can change the settings of your browser and/or Applications. However, you may not be able to access some parts of the website and/or Applications after the change of settings.

     

    VIII.    Your Rights Relating to Personal Information

    1.  You have the right to request us to safeguard the security of your personal information in accordance with the provisions of laws, regulations and this Policy, and to exercise your rights relating to personal information conferred by applicable laws and regulations.
       
    2. You have the right to check with us whether we hold your personal information, and to access and copy the personal information you have provided to us.
       
    3. You have the right to change the scope of your authorisation or withdraw your authorisation, and to exercise such right by the method set forth in "IX How to Contact Us" of this Policy. We will not further process the relevant personal information once you change the scope of your authorisation. However, the withdrawal of consent will not affect the lawfulness of our processing based on your consent before its withdrawal.
       
    4. You have the right and obligation to promptly update your personal information with us to ensure that all the relevant information is accurate and up-to-date. You have the right to request us to provide convenience for you to update your personal information with us and to correct any of your information that is inaccurate.
       
    5. In relation to personal credit, guarantee, etc., you have the right to request to be informed of your personal information that is provided to credit reference agencies by us, so as to enable you to request the relevant credit reference agencies for access to and correction of your information.
       
    6.  You have the right to request us to properly dispose of your personal information beyond retention period in accordance with the applicable laws and regulations, this Policy, and other agreement between you or relevant customers and us. In the event that we cease operations, we will promptly cease the collection of your personal information, notify you of the cessation of operations by personal service or public announcement, and properly dispose of your personal information that we hold, unless otherwise required by laws, regulations or regulators. In addition, we will preserve the information generated during the period in which you use our services for the time required by regulators and cooperate with relevant authorities in making lawful enquiries during such preservation period.
       
    7. You have the right to ascertain our policies regarding the protection of personal information and privacy. If you have any queries about this Policy, you are entitled to request us to give explanations to you so as to help you further understand our practices in relation to the protection of personal information and privacy and possible consequences and your rights and interests in relation to personal information and privacy under this Policy.
       
    8. This Policy does not restrict other rights enjoyed by you as the subject of personal information under applicable laws and regulations.

    IX.    How to Contact Us

    1. Requests for access to, correction or deletion of personal information, withdrawal of authorisation or change of scope of authorisation, or disposal of personal information beyond retention period, for a copy of this Policy, or enquiries about our practices regarding personal information and privacy protection, or for the exercise of any other right relating to your personal information conferred by laws and regulations, should be addressed to:
      Company name: DBS Bank (China) Limited

      Office address: 1318 Lujiazui Ring Road, China (Shanghai) Pilot Free Trade Zone

      Customer service hotline: 400-820-8988 (if you are an individual customer), or 400-821-8881 (if you act on behalf of a corporate customer)
       

    2.  For security purpose, you may need to provide the request in written form or use other methods to prove your identity. We may request you to verify your identity before processing your request.
       

    3. Upon the receipt of your request, we will reply within 15 working days or such shorter period as may be prescribed by laws and regulations (if any).
       

    4. We will not charge fees for the processing of your above-mentioned reasonable requests for accessing, correcting or otherwise disposing of your personal information.
      Notwithstanding the foregoing, we may reject your request that is illegal, non-compliant, or unnecessarily repeated, needs excessive technical means (for example, the need to develop new information systems or fundamentally change current practices), brings risks to the legitimate rights and interests of others, or is unreasonable or technically impracticable.
      We may not be able to respond to your request under any of the following circumstances:

      (1)    where the request is in relation to our performance of obligations under laws and regulations or financial regulatory compliance obligations;

      (2)    where the request is in direct relation to state security or national defence security;

      (3)    where the request is in direct relation to public security, public health, or major public interest;

      (4)    where the request is in direct relation to criminal investigation, prosecution, trial, enforcement of judgment, etc.;

      (5)    where we have sufficient evidence that you are intentionally malicious or abuse your rights;

      (6)    where the purpose is to protect your or other individuals' life, property or other material legitimate rights and interests but it is difficult to obtain your authorisation;

      (7)    where responding to your request will lead to significant damage to your or any other individual or entity's legitimate rights and interests;

      (8)    where the request involves any trade secret.

    5. Unless we have your prior consent, we will not send you marketing messages directly. If you would like us to cease using or providing to others your personal information for advertising and promotion purposes, you are entitled to exercise your opt-out right by giving a notice to us and refuse to receive such advertising and promotion messages. If you so choose to refuse to receive advertising and promotion messages, please contact our call centre. Upon receipt of your request, we will, as soon as practical (usually no later than 15 working days), take actions to ensure that no more advertising and promotion messages would be sent to you.
       
    6. You may supervise or make suggestions on our practices regarding personal information and privacy protection, and file complaints or seek compensation according to law for any violation of your rights and interests relating to personal information and privacy by us or our staff.
       
    7. If you have any query, complaint, feedback, comment or suggestion, please contact us. You may contact us by calling our hotline or visiting our branches or sub-branches.

    X.    Protection of Minors' Personal Information

    1. We pay particular attention to the protection of minors' personal information. We have no intention to collect any personal information of minors, unless we have the consent of their parents or other guardians and it is necessary for us to provide relevant products or services to them (e.g., the minors may be the holders of the junior accounts opened with us, the beneficiaries of the insurance products we distribute, or the successors in title of our customers etc.).
       
    2.  If you are under 18 years of age, it is suggested that your parents or other guardians should carefully read this Policy and your personal information should be provided only after obtaining consent from them. Meanwhile, it is suggested that your use of our products and services should be under the guidance of your parents or guardians. If they do not give consent to your provision of your personal information or your use of any of our products or services, you should immediately stop providing the information or stop using our product or service. Please notify us of such circumstance as soon as possible, so as to allow us to take appropriate actions accordingly. If you are a child under the age of 14, you should use the services provided by us or provide your information to the Bank or third parties after obtaining consent of your parents or guardians.
       
    3. If you are under 18 years of age, for the personal information we collect with the consent of your parents or guardians, we will only use or provide such personal information to the extent permitted by laws and regulations or expressly consented to by your parents or guardians or necessary for the protection of minors' rights and interests. If you are a child under the age of 14, we will process your personal information in accordance with the provisions and requirements under the Provisions on the Cyber Protection of Children's Personal Information and other relevant laws and regulations.

    XI.    Formulation, Effectiveness and Update of this Policy and Others

    1. This Policy is formulated by us and released on our website, which takes effect as of the effective date first above written. This Policy may be amended or updated (including modification of its name) from time to time for the purpose of providing better services to you or with the development of our business or changes in applicable laws and regulations, particularly upon the occurrence of any of the following major changes:

      (1)  major changes in our service model, such as changes in the purpose of processing personal information, the types of personal information being processed, the manners in which personal information is used, the period of retention, etc.;

      (2)  major changes in our ownership structure, organisational structure, etc. resulting in changes in the persons that actually collect and process your personal information, such as changes in owners as a result of business adjustments, bankruptcy, mergers and acquisitions, etc.;

      (3)  changes in the main targets with/to whom personal information is shared, transferred or publicly disclosed;

      (4)  major changes in your rights to participate in the processing of personal information or the manners in which such rights may be exercised;

      (5)  changes in our contact details for requests of/enquiries on, or channels for filing of complaints in relation to personal information related rights;

      (6)  other changes which may materially affect your rights and interests relating to personal information.

      We will release updated versions of this Policy on our official website or client applications and remind you of the relevant updates by issuing an announcement on our website or by other appropriate means before such updates become effective, so that you can know the latest version of this Policy in a timely manner. By giving your consent and continuing to use our products or services, you agree to this Policy (including updated versions). No change in this Policy shall impair or restrict your rights as the subject of personal information under applicable laws and regulations. All communications and transactions between you and the Bank shall be governed by the latest version of this Policy then in effect, whether the name of this Policy is "Privacy Policy" or "Personal Information and Privacy Protection Policy" or other names that convey the same meaning.
       
    2.  If you provide us with any personal information of another person, you should ensure that such person has knowledge of this Policy, inform such person how we may collect and use his/her personal information in particular and obtain the authorisation/consent of such person. You may remind such person to read this Policy in advance and may also give him/her a copy of this Policy.