Personal Information and Privacy Protection Policy of DBS Bank (China) Limited

Personal Information and Privacy Protection Policy of DBS Bank (China) Limited

Updated on:        [29 October] 2021
Effective as of:    [1 November] 2021


DBS Bank (China) Limited ("DBS", the "Bank", "we" or "us") understands how important your personal information means to you, takes the confidentiality and security of personal information very seriously, and strives at all times to protect your personal information and privacy according to law. We therefore formulate this Personal Information and Privacy Protection Policy (this "Policy") in accordance with current regulations and policies to help you understand the purposes, methods, and scope of our collection and use of personal information, our practices regarding personal information and privacy protection, your rights and interests relating to personal information and privacy and how to safeguard your rights and interests. We have always been committed to maintaining your trust in us and will stick to the following principles to protect your personal information: legitimacy, rightfulness, necessity, good faith, transparency, etc.


We strive to use plain and concise language to prepare this Policy. The terms of this Policy which are closely related to your rights and interests and the sensitive personal information involved in this Policy are highlighted in bold for your special attention. Therefore, please make sure you have carefully read and fully understood this Policy before using our products or services, and do not use any of our products or services until you have fully understood and agreed to this Policy. The key points of this Policy are as follows:

  1. For your convenience to understand the types and purposes of personal information we need to collect when you use our services, we will explain the types, causes for use and collection methods of your personal information by the particular service scenario.
     
  2. When you use certain business function, we will collect your sensitive personal information (e.g., biometric information) after you give us your consent. Refusal to provide such information will affect your normal use of related function, but will not affect your use of other services we provide.
  3. To provide the service per you request, we might need to share your personal information with a third party. We will assess the legitimacy, rightfulness, and necessity of the collection of information by such third party. We will ask the relevant third party to take measures to protect your information and strictly comply with relevant laws and regulations and regulatory requirements. Subject to the requirements of laws and regulations, we will ask for your consent or ask the relevant third party to demonstrate they have obtained your consent via confirmation agreement, page prompt in specific scenario, interaction process, agreement, etc.
     

This Policy applies to the personal information of you and relevant parties that may be involved when you visit, browse, or use our website or mobile device applications (including but not limited to mobile banking application, WeChat official account and online direct banking platform), apply for or use any product or service of us or any third party, handle any business or make any transaction with us, participate in any of our marketing events and surveys, apply for a position at the Bank, and in any way contact or communicate with us, no matter the information is provided by you or relevant parties on an unsolicited basis, or collected or acquired by us from other sources according to laws, regulations, or regulatory provisions, or based on your or relevant parties' authorisation or consent. If you want to know more about this Policy, please read the corresponding chapters based on the following table of contents:

I.    How We Protect Your Personal Information
II.    How We Collect Your Personal Information
III.   How We Use Your Personal Information
IV.   How We Store Your Personal Information
V.    How We Entrust Processing of, Share, Transfer and Publicly Disclose Your Personal Information
VI.   Special Circumstances for Information Processing
VII.   How We Use Cookies and Other Technologies
VIII.  Your Rights Relating to Personal Information
IX.    How to Contact Us
X.    Protection of Minors' Personal Information
XI.    Formulation, Effectiveness and Update of this Policy and Others

We will collect, use, store, provide, and protect your and relevant parties' personal information in accordance with this Policy. We may separately formulate special personal information protection policy tailor-made for specific channels, products, services, business and activities (e.g. personal information protection policy for digital banking). The special personal information protection policy so formulated, if any, shall apply in the specific scenarios as prescribed in such policy. If there is any discrepancy between this Policy and other agreements entered into or other terms and conditions agreed between you (or relevant parties represented by or connected with you) and us, such other agreements or terms and conditions shall prevail.

I.  How We Protect Your Personal Information

  1. Information security is our top priority. We will endeavour at all times to protect your personal information acquired by us and prevent any accidental or unauthorised illegal access, reproduction, alteration, transmission, loss, destruction, processing or use of your personal information. We maintain this commitment to information security by implementing appropriate security technologies, security management and other measures to protect your personal information. We will be held liable in accordance with law if your information suffers from unauthorised access, public disclosure, tempering or damage for any reason attributable to us and so impairs your lawful rights and interests.
     
  2. Our website supports advanced content encryption technology to protect the personal information of our customers, which is a prevailing industry standard for protection of data security on the Internet. When you provide sensitive personal information through our website and applications, it will be automatically encrypted so as to ensure secure transmission afterwards. Our web servers are protected behind firewalls and our systems are monitored to prevent any unauthorized access.
     
  3. We maintain strict security system to prevent unauthorized access to your information. We exercise strict management over our staff members who may have access to your information, including but not limited to access control applied to different positions, contractual obligation of confidentiality agreed with relevant staff members, formulation and implementation of information confidentiality and security related policies and procedures, and relevant training offered to staff members.
     
  4. We will not provide your personal information to any third party, unless the provision is made to comply with laws, regulations and regulatory provisions, or according to this Policy or other agreement (if any), or based on your or relevant parties' separate consent or authorisation. When we need to use services provided by external service providers (entities or individuals), we also impose strict confidentiality obligations on them and request them to comply with the requirements of applicable laws and regulations when processing personal information.
     
  5. For the security of your information, you take on the same responsibility as us. You shall properly take care of your personal information, such as your bank account information, identity verification information (e.g., user name, password, other dynamic password, verification code, etc.), including all the documents, devices or other media that may record or otherwise relate to such information, and shall ensure your personal information and relevant documents, devices or other media are used only in a secure environment. You shall not, at any time, disclose to any other person or allow any other person to use such information or relevant documents, devices or other media. It is suggested that you take active actions to ensure the security of your personal information, such as changing the password to your account regularly and not disclosing your account number and password or other personal information to others. Once you think your personal information and/or relevant documents, devices or other media have been disclosed, lost or stolen, which may endanger your relationship with us or may otherwise affect the security of your use of our products, devices or services, you shall notify us immediately so that we may take appropriate measures to prevent further loss from being incurred.
     
  6. We will organize regular staff training and related drills on emergency response for them to understand their duties and emergency response strategies and procedures. If unfortunately a personal information security incident occurs, we will take emergency measures to mitigate the severity and losses in connection therewith. Meanwhile, we will, following the applicable requirements of laws and regulations, inform you of the basic information of the security incident and its possible impact, the actions and measures we have taken or will take, suggestions on how you can prevent and mitigate the risk, and applicable remedial measures etc. We will inform you about the security incident by email, mail, call, SMS, push notification or through other methods as appropriate in a timely manner. Where it is difficult to notify each information subject, we will issue a public announcement in a reasonable and effective way. Meanwhile, we will report such personal information security incident and its disposition in accordance with the requirements of laws and regulations and regulators.
     

II.    How We Collect Your Personal Information

  1. For the purpose of complying with laws, regulations and regulatory provisions, or as required for us to provide you or relevant parties with various products and services and improve the quality of our products and services, or in order to contact or communicate with you, understand the needs of you or relevant parties, establish, review, maintain and develop our relationship with you or relevant parties, we may receive or keep the personal information provided by you or relevant parties on an unsolicited basis, or, according to laws, regulations, regulatory provisions, or your or relevant parties' authorisation or consent, collect, enquire about, and verify by proper methods your and relevant parties' personal information from/with members of the DBS Group or other third parties (including but not limited to credit reference agencies, information service providers, non-banking payment institutions, clearing institutions, employers, counterparties, joint applicants, contact persons, close relatives and other individuals or entities that lawfully keep your information).
     
  2. The personal information we collect may be in paper, electronic (for example, without limitation, information collected through such channels as the Bank's website, online banking, direct banking platform, mobile banking, self-service machines, QR codes and other mobile device applications in offline events or on roadshow platforms, email, SMS, and telephone banking) or any other forms.
     
  3. When you visit, browse or use our website and/or applications, for the purpose of maintaining the normal operation of services and protecting the security of your transactions, we may collect information about your electronic devices (including device model, operating system, unique device identifier, login IP address, network access methods, types and status, operating system version and browser version, etc.) and operation log information. Such information is the basic information we must collect to provide you with services to ensure your normal and safe use of our services. We use cookies and other similar technologies to collect such information. You may disable cookies by changing your settings (please refer to Article VII of this Policy "How We Use Cookies and Other Technologies" for details).

    The technical information which cannot identify any individual will not be treated as personal information. However, when such technical information can identify you alone or in combination with other information, we will protect it as your personal information.

    We may invite you to subscribe to our publications, newsletters or alerts or to participate in our marketing events, surveys or recruitment events via our website and/or parts of the applications (such as our WeChat official account). If you accept relevant invitation, we may collect the personal information you provide to us by filling out contact forms,
    questionnaires, etc., such as name, telephone number, email address, employer, and job position. It is completely up to you to decide whether to provide such information. Refusal to provide such information will not affect your visiting, browsing or using our website and/or applications.
     
  4. When you are our prospective or existing individual customer, in order for us to provide you with our products/services and to handle relevant banking business, we may collect the following personal information upon your authorisation or consent:
    Purposes or Functions (Products/Services/Business) Information We May Need to Collect
    To open bank account; to apply for/collect bank card; to process savings, money receiving, payment or transfer, or loan business; to purchase investment, wealth management, insurance and other financial products; to maintain normal and secure operation of banking business and services, and to prevent and control relevant risk (1) Personal identity information, including name, sex, nationality, citizenship, registered residence (Hu Kou), ethnic, type/number/validity period of ID certificate, occupation, education, diploma, working experience, telephone number, e-mail, contact information, age, birth date, place of birth, marital status, health status, family status, place of residence and date of moving to current residence, mailing address, work address, photo, social security information, employment information, personal virtual identity and authentication information (e.g., Internet banking account information), any relationship with politically exposed person ("PEP") or senior officer of international organisation and relevant information, etc.;
    (2) Personal property information, including personal income, owned real property, owned movable property (e.g., vehicle, financial assets, etc.), indebtedness, investment, tax payment amount, tax residence, taxpayer identification number, payment amount of housing fund contribution, etc.;
    (3) Personal biometric information, such as signature, handwriting, portrait, audio and video recording, voice, face recognition information, etc.;
    (4) Personal account information, including account number, time of account opening, institution with which the account is opened, account balance, account transaction information, etc.;
    (5) Personal credit information, including credit card, loan and other credit transaction information, litigation, investigation and punishment information, and any other information that may reflect personal credit status;
    (6) Personal financial transaction information, including personal information acquired and kept in the course of any payment, settlement, investment, wealth management, safe deposit box or other banking business, personal information generated from business dealings entered into through us with any third-party institution like insurance company, securities company, fund management company, futures company or payment institution, etc.;
    (7) Derivative information, including personal consumption habits, product, service or network use habits, transaction or risk appetite, risk tolerance, investment conditions, investment intention, goals, knowledge and experience, as well as other information formed through processing and analysis of original information that reflects certain aspects of a particular person;

    (8) Any other personal information acquired and kept during the establishment or maintenance of business or other relationship with individuals for the performance of contracts or legal and regulatory compliance obligations, e.g. personal views on our products and services (e.g. response to survey questionnaire), time/location (including geographic location and network address) of transaction or service use, browsing, using, clicking and operation logs on website/software/applications, correspondence and other communication records with us (including audio and video recording, call records and correspondence records and contents), model, identifier, identification code, hardware serial number, operating system version, software version, IP address, and network service provider of the device used, etc.;
    (9) Personal information involved in customer investigation, e.g., personal information to be collected during customer due diligence, sanctions, and anti-money laundering investigations.
     

    The above information is necessary for us to provide you with products or services, perform our agreements with you, and enable us to perform our legal and regulatory compliance obligations. If you fail to provide the requested information (or the information so provided is incomplete, inaccurate or untrue), we will not be able to provide relevant products or services to you.

  5. When you handle business for or provide or propose to provide personal guarantee for obligations owed to us by our individual customers or non-individual customers (including companies, enterprises, institutions and other entities), we may collect the following personal information upon your or relevant customer's authorisation or consent:

    Purposes or Functions (Products/Services/Business) Information We May Need to Collect
    To provide or propose to provide personal guarantee for obligations owed to us by our individual customers or non-individual customers; to maintain normal and secure operation of banking business and services, and to prevent and control relevant risk (1) Personal identity information, including name, sex, nationality, type/number/validity period of ID certificate, employer, job position, relationship with relevant customer (such as employment/shareholding/investment relationship), telephone number, e-mail, contact information, birth date, place of birth, place of residence, work address, photo, and any relationship with PEP or senior officer of international organisation and relevant information;
    (2) Personal property information, including personal income, owned real property, owned movable property (e.g., vehicle, financial assets, etc.), indebtedness, investment, tax payment amount, tax residence, taxpayer identification number, payment amount of housing fund contribution, etc.;
    (3) Personal biometric information, such as signature, handwriting, portrait, audio and video recording, fingerprint, voice, face recognition information, etc.;
    (4) Personal account information, including account number, time of account opening, institution with which the account is opened, account balance, account transaction information, etc.;
    (5) Personal credit information, including credit card, loan and other credit transaction information, litigation, investigation and punishment information, and any other information that may reflect personal credit status;
    (6) Personal information involved in customer investigation, e.g., personal information to be collected during customer due diligence, sanctions, and anti-money laundering investigations;

    (7) Any other personal information acquired and kept during the establishment or maintenance of business or other relationship with individuals for the performance of contracts or legal and regulatory compliance obligations, e.g., personal information included in customer documents, personal information required to detect and investigate any suspicious and unusual activity, correspondence and other communication records with us (audio and video recording, call records and correspondence records and contents), model, identifier, identification code, hardware serial number, operating system version, software version, IP address, and network service provider of the device used, etc.
     

    The above information is necessary for us to handle relevant guarantee business, provide relevant customers with products or services, perform our agreements with you or relevant customers, and enable us to perform our legal and regulatory compliance obligations. If you refuse to provide those information (or the information so provided is incomplete, inaccurate or untrue), we may not be able to provide relevant products or services to or handle relevant business for you or relevant customers.

  6. When you are a connected person of our non-individual customers or applicants, or of companies, enterprises, institutions or other entities having a business relationship with us (for the purpose of this Policy, connected person means any person with whom our non-individual customer or applicant, or a company, enterprise, institution or other entity having a business relationship with us has a relationship, including but not limited to a director, supervisor or employee of a company, a partner or member of a partnership, a shareholder, substantial owner or controlling person, the beneficial owner, trustee, settlor or protector of a trust, account holder of a designated account, payee of a designated payment, representative, agent or nominee of the account holder, or the account holder's principal where the account holder is acting on another's behalf), subject to compliance with laws and regulations, we may collect the following personal information upon your or relevant customer's/entity's authorisation or consent:
     

    Purposes or Functions (Products/Services/Business) Information We May Need to Collect
    To provide banking products/services to or handle banking business for relevant customers; to maintain normal and secure operation of banking business and services, and to prevent and control relevant risk (1) Personal identity information, including name, sex, nationality, type/number/validity period of ID certificate, employer, job position, relationship with relevant customer (such as employment/shareholding/investment relationship), telephone number, e-mail, contact information, birth date, place of birth, place of residence, work address, photo, personal virtual identity and authentication information (e.g. login credentials required for access to corporate banking website and applications), and any relationship with PEP or senior officer of international organisation and relevant information;
    (2) Personal biometric information, such as signature, handwriting, portrait, audio and video recording, voice, and face recognition information;
    (3) Personal credit information, including sources of personal wealth and funds, litigation, investigation and punishment information, and any other information that may reflect personal credit status;
    (4) Personal information involved in customer investigation, e.g., personal information to be collected during customer due diligence, sanctions, and anti-money laundering investigations;

    (5) Any other information acquired during the establishment or maintenance of business relationship for the performance of contracts or legal and regulatory compliance obligations, e.g. personal information included in customer documents, personal information required to detect and investigate any suspicious and unusual activity, correspondence and other communication records with us (audio and video recording, call records and correspondence records and contents), model, identifier, identification code, hardware serial number, operating system version, software version, IP address, and network service provider of the device used, etc.
     

    The above information is necessary for us to provide relevant customers with products or services, perform our agreements with you or relevant customers, and enable us to perform our legal and regulatory compliance obligations. If you refuse to provide those information (or the information so provided is incomplete, inaccurate or untrue), we may not be able to provide relevant products or services to or handle relevant business for you or relevant customers.

  7. You may decide, at your free choice, to provide us with, or allow us to collect from you or any third party as you may agree, the relevant information for specific purposes or functions, e.g., the personal information that you provide to us for the purpose of improving service experience, participating in our marketing events or surveys, making an appointment to open an account or for other business. You can choose not to provide such information. Your failure to provide such information will prevent you from participating or enjoying the corresponding convenience or functions, but will not affect your normal use of other services.
     

  8. Please understand that the services we provide are constantly evolving and developing. If you or relevant customers choose to use any other service not listed above for which we have to collect your personal information, we will separately explain to you or relevant customers the purposes, methods, and scope of collection of personal information, etc. through reminder, alert, interaction process, agreement or other appropriate methods, and ask for your or relevant customers' consent to the extent required by applicable laws and regulations. We will use, store, provide, and protect your information in accordance with this Policy and other agreements (if any). If you or relevant customers choose not to provide the relevant information, you or relevant customers may be unable to use certain service or certain part thereof, but your or relevant customers' use of other services we provide will not be affected.

III.    How We Use Your Personal Information

  1. We will use the personal information authorised by you for the purposes mentioned in Article II of this Policy "How We Collect Your Personal Information", in order to realize the functions of our products and/or services.
     
  2. When you visit, browse or use our website and/or applications as a visitor, we may use your information for the following purposes:
    (1)    to respond to your enquiries and requests;
    (2)    to provide you with information, products or services that you request from us or may have interest in, subject to your prior consent;
    (3)    to perform contracts or agreements entered into between you and us;
    (4)    to allow you to interact with us on our website and/or applications;
    (5)    to notify you of changes to our website and/or applications;
    (6)    to enable the contents of our website and/or applications to be presented in an effective manner on your device;
    (7)    to maintain normal and secure operation of our website and/or applications as well as banking business or services, to prevent and control risk, or to detect and prevent any misuse of our website, applications, products or services;
    (8)    to perform the compliance obligations of the Bank and the DBS Group, or to comply with or enforce any applicable laws and regulations;
    (9)    to conduct statistics and analysis regarding the use of our business, products, services or functions. However, such statistics will not contain any of your personally identifiable information.
     
  3. When you are our prospective or existing individual customer, or handle business on behalf of our customer, or provide personal guarantee in favour of us, we may use your information for the following purposes:
    (1)    to provide you or relevant parties with products or services, to identify you or verify your identity, or to examine and approve, manage, handle, execute or effect transactions requested or authorised by you or relevant parties;
    (2)    to comply with or enforce any Applicable Laws ("Applicable Laws" refer to any local or foreign law, regulation, ordinance, rule, judgment, decree, self-discipline code, directive, sanction regime or court order applicable to any member of the DBS Group, any agreement between any member of the DBS Group and any authority, or any agreement or treaty between authorities applicable to the Bank or any member of the DBS Group) or any order or requirement from any authority;
    (3)    to perform the compliance obligations of the Bank and the DBS Group (including regulatory compliance, tax compliance and compliance with any Applicable Laws or requirements of any authority), or to implement any policy or procedure formulated by the Bank and the DBS Group for the performance of compliance obligations;
    (4)    to ensure the security and stability of financial services, to prevent or prohibit activities in violation of laws or regulations, to control or mitigate risk, to detect, investigate and prevent any real, suspected or potential financial crime (including money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanction and/or violation of any Applicable Laws relating to these matters, or acts or attempts to circumvent or violate any Applicable Laws relating to these matters), or to manage the risk of financial crime;
    (5)    to collect any amounts due from any debtor;
    (6)    to conduct credit or credit reference checks, or to verify, obtain or provide credit reference or credit information;
    (7)    to enforce or defend the rights of the Bank or any member of the DBS Group, or to perform the obligations of the Bank or any member of the DBS Group;
    (8)    to fulfil the reasonable operational requirements of the Bank or the DBS Group (including for credit and risk management, data statistics, analysis, processing, handling, archiving and backing up, system, product and service design, research, development and improvement, planning, insurance, audit and administrative purposes);
    (9)    subject to your or relevant parties' authorisation, to market or promote relevant products or services to you or relevant parties, to assess your or relevant parties' interests in relevant products or services, or to conduct market research or survey or satisfaction survey;
    (10)    to obtain or utilize administrative, consultancy, telecommunications, computer, payment, data storage/processing, outsourcing and/or other third-party services.
     
  4. The above contents of this Policy on the collection and use of personal information shall not affect our use of your information for the purposes as otherwise specifically agreed between you or and us.
     
  5.  When we intend to use your personal information for any purpose other than those specified herein or use your personal information collected for a specific purpose for any other purpose, we will inform you of such use, and obtain your consent before using your personal information for such additional purposes to the extent required by applicable laws and regulations.

IV.    How We Store Your Personal Information

  1. We comply with the laws, regulations and codes of the People's Republic of China on data storage. When we collect or process your information, we will, according to laws and regulations, regulatory provisions, archiving, accounting, auditing or reporting requirements, and the purposes set forth in this Policy, keep your information for a period as minimum as necessary to fulfil the purposes of information collection.
  2. To provide cross-border services (e.g., cross-border remittance), after obtaining your authorisation or consent, your personal information may be transferred to another country or region. Under such circumstance, we will adopt appropriate, necessary and effective measures (e.g., encrypted transmission) to protect your information security. After the retention period expires, we will destroy, delete or anonymize relevant information, or where the destruction, deletion or anonymization is not possible, store your personal information securely and strictly control its access. The aforementioned requirements do not apply to the information that needs to be retained according to laws and regulations, regulatory provisions, archiving, accounting, auditing or reporting requirements, special agreement between you or relevant customers and us, or for settlement of indebtedness between you or relevant customers and us, or for record check or enquiry from you, relevant customers, regulators or other authorities.

V.    How We Entrust Processing of, Share, Transfer and Publicly Disclose Your Personal Information

  1. Entrusted Processing and Sharing
    For the purposes set out above in this Policy, we may provide all or part of your personal information to the following recipients to the extent that such provision is necessary and is made with proper protective measures (refer to Article I of this Policy "How We Protect Your Personal Information") and the recipients may also, for the aforesaid purposes, use, process or provide the information they receive provided that corresponding protective measures are adopted pursuant to the applicable laws or our requirements:
    (1)    any member of the DBS Group;
    (2)    any contractor, subcontractor, agent, service or product supplier, licensor, professional consultant, business partner, or associated person of the DBS Group (including their employees, directors and officers);
    (3)    any regulator of the Bank or any member of the DBS Group or any other authority, or any entity or individual designated by such regulator or authority;
    (4)    anyone acting on your or relevant customers' behalf according to your or relevant customers' authorisation or according to law, payees, beneficiaries, account nominees, intermediaries, correspondent and agent banks (e.g. those for CHAPS, BACS and SWIFT), clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories, stock exchanges, companies in which you have an interest in securities (where such securities are held by us for you or relevant customers), or anyone making any payment to you or relevant customers;
    (5)    any person or relevant party who has right or obligation, acquires an interest or assumes risk, in or in connection with any product or service you or relevant customers receive from the Bank, or any business you or relevant customers handle at the Bank or any transaction you or relevant customers make with the Bank (e.g. the person who provides or proposes to provide any mortgage or other security for any of your or relevant customers' obligations to the Bank, or the beneficiary of the insurance product that the Bank distributes to you);
    (6)    other financial institutions, industrial associations, bank card organisations, credit rating agencies, credit reference agencies (including but not limited to the Basic Financial Credit Information Database) and information service providers;
    (7)    any third-party asset manager providing you or relevant customers with asset management services through us;
    (8)    any intermediary broker providing referral, agency or intermediary service to us, or any third party to whom we provide referral, agency or intermediary service;
    (9)    any party in connection with any business/asset transfer, restructure, disposal (including securitisation), merger, spin-off or acquisition transaction of the Bank;
    (10)    any person to whom the Bank or any member of the DBS Group is obliged or required to make information available for the purposes specified;
    (11)    relevant third parties as set out in the agreements and/or the terms and conditions governing the relationship between the Bank and you or the Bank's customers.
    Such provision will involve cross-border transfer of personal information, including information being transmitted to or being accessed from overseas, when and only when the abovementioned recipient is an overseas entity/individual.
    According to applicable laws and regulations, your personal information will be protected by a code of confidentiality and security which the Bank, members of the DBS Group, their staff and third parties are subject to, whether it is processed domestically or overseas.
    To the extent required by applicable laws and regulations, we will inform you about our provision of your personal information to third parties, including the recipient's identity, contact information, purpose of processing, method of processing and the types of personal information provided (if cross-border data transfer is involved, we will also inform you of the methods and procedures by which you may exercise your rights against the overseas recipient of your personal information), and seek your prior consent to the extent required by applicable laws and regulations.
     
  2. Transfer
    Without your authorisation or consent, we will not transfer your personal information to any other company, organization or individual, except in the case of any business/asset transfer, restructure, disposal (including securitisation), merger, spin-off or acquisition transaction of the Bank where the transfer is necessary. In such case, we will inform you of the identity and contact information of the personal information recipient according to the requirements of applicable laws and regulations and request the personal information recipient to comply with this Policy. If the personal information recipient changes the purposes or methods of personal information processing under this Policy, it shall re-obtain your consent.
     
  3. Public Disclosure
    We will not disclose your personal information to the public unless we have your separate consent.

VI.    Special Circumstances for Information Processing

Please understand that we will generally process your personal information (e.g., collection, storage, use, processing, transfer, provision and public disclosure) based on your consent. However, we may process your personal information without your consent under the following circumstances:

  1. where it is necessary for entering into or performing a contract to which you are a party;
     
  2. where it is necessary for performance of a statutory duty or statutory obligation;
  3. where it is necessary in order to respond to a public health emergency or protect your or other individuals' life, health and property in an emergency;
  4. where it is conducted to a reasonable extent in order to carry out news coverage or media supervision for public interest;
  5. where it is conducted to a reasonable extent according to applicable laws and regulations to process any personal information made public by yourself or in any other legal manner;
  6. other circumstances prescribed by laws and administrative regulations

 

VII.    How We Use Cookies and Other Technologies

The Bank's website and applications (each, an "Application") use cookies. Cookies are small text files that are placed on your computer or mobile device when you visit the website or use an Application. Cookies collect information about users and how they visit the website or use an Application, such as their Internet Protocol (IP) address, how they arrive at the website (e.g., through a search engine or a link from another website), and how they navigate within the website or Application. We use cookies and other technologies to facilitate your Internet sessions and your use of our Applications, to provide products and/or services based on your preferred settings, to track the use of our website and Applications, and to compile statistics on the activities conducted on our website and/or Applications.
Pixel tags (also known as web beacons) are invisible tags placed on some pages of our website but not on your computer. Pixel tags are often used in combination with cookies to monitor the behaviour of users who visit our website.
You can set your Web browser to block cookies, thereby disabling pixel tags to monitor your website visits. You can also delete cookies stored on your computer or mobile device. However, if you block cookies and pixel tags, you may not be able to use some of the functions and features of our website.
Further, we may also engage third party companies to research the traffic and other activities on our website and/or Applications. Such companies may use web beacons, cookies and other technologies to find out more about visitors of our website and/or Applications (e.g., user demographics and behaviours and use patterns) and improve the effectiveness of our marketing efforts. They aggregate the information collected and then provide it to us, but we will not provide to or acquire from such companies personally identifiable information about you. If you want to disable cookies related to these technologies, you can change the settings of your browser and/or Applications. However, you may not be able to access some parts of the website and/or Applications after the change of settings.

 

VIII.    Your Rights Relating to Personal Information

  1.  You have the right to request us to safeguard the security of your personal information in accordance with the provisions of laws, regulations and this Policy, and to exercise your rights relating to personal information conferred by applicable laws and regulations.
     
  2. You have the right to check with us whether we hold your personal information, and to access and copy the personal information you have provided to us.
     
  3. You have the right to change the scope of your authorisation or withdraw your authorisation, and to exercise such right by the method set forth in Article IX "How to Contact Us" of this Policy. We will not further process the relevant personal information once you change the scope of your authorisation. However, the withdrawal of consent will not affect the lawfulness of our processing based on your consent before its withdrawal.
     
  4.  You have the right and obligation to promptly update your personal information with us to ensure that all the relevant information is accurate and up-to-date. You have the right to request us to provide convenience for you to update your personal information with us and to correct any of your information that is inaccurate.
     
  5.  In relation to personal credit, guarantee, etc., you have the right to request to be informed of your personal information that is provided to credit reference agencies by us, so as to enable you to request the relevant credit reference agencies for access to and correction of your information.
     
  6. You have the right to request us to properly dispose of your personal information beyond retention period in accordance with the applicable laws and regulations, this Policy, and other agreement between you or relevant customers and us. In the event that we cease operations, we will promptly cease the collection of your personal information, notify you of the cessation of operations by personal service or public announcement, and properly dispose of your personal information that we hold, unless otherwise required by laws, regulations or regulators. In addition, we will preserve the information generated during the period in which you use our services for the time required by regulators and cooperate with relevant authorities in making lawful enquiries during such preservation period.
     
  7. You have the right to ascertain our policies regarding the protection of personal information and privacy. If you have any queries about this Policy, you are entitled to request us to give explanations to you so as to help you further understand our practices in relation to the protection of personal information and privacy and possible consequences and your rights and interests in relation to personal information and privacy under this Policy.
     
  8. This Policy does not restrict other rights enjoyed by you as the subject of personal information under applicable laws and regulations.

IX.    How to Contact Us

  1. Requests for access to, correction or deletion of personal information, withdrawal of authorisation or change of scope of authorisation, or disposal of personal information beyond retention period, for a copy of this Policy, or enquiries about our practices regarding personal information and privacy protection, or for the exercise of any other right relating to your personal information conferred by laws and regulations, should be addressed to:

    Company name: DBS Bank (China) Limited
    Office address: 1318 Lujiazui Ring Road, China (Shanghai) Pilot Free Trade Zone
    Customer service hotline: 400-820-8988 (if you are an individual customer), or 400-821-8881 (if you act on behalf of a corporate customer)
     
  2. For security purpose, you may need to provide the request in written form or use other methods to prove your identity. We may request you to verify your identity before processing your request.
     
  3. Upon the receipt of your request, we will reply within 15 working days or such shorter period as may be prescribed by laws and regulations (if any).
     
  4. We will not charge fees for the processing of your above-mentioned reasonable requests for accessing, correcting or otherwise disposing of your personal information.

    Notwithstanding the foregoing, we may reject your request that is illegal, non-compliant, or unnecessarily repeated, needs excessive technical means (for example, the need to develop new information systems or fundamentally change current practices), brings risks to the legitimate rights and interests of others, or is unreasonable or technically impracticable.
    We may not be able to respond to your request under any of the following circumstances:
    (1)    where the request is in relation to our performance of obligations under laws and regulations or financial regulatory compliance obligations;
    (2)    where the request is in direct relation to state security or national defence security;
    (3)    where the request is in direct relation to public security, public health, or major public interest;
    (4)    where the request is in direct relation to criminal investigation, prosecution, trial, enforcement of judgment, etc.;
    (5)    where we have sufficient evidence that you are intentionally malicious or abuse your rights;
    (6)    where the purpose is to protect your or other individuals' life, property or other material legitimate rights and interests but it is difficult to obtain your authorisation;
    (7)    where responding to your request will lead to significant damage to your or any other individual or entity's legitimate rights and interests;
    (8)    where the request involves any trade secret.

     
  5. Unless we have your prior consent, we will not send you marketing messages directly. If you would like us to cease using or providing to others your personal information for advertising and promotion purposes, you are entitled to exercise your opt-out right by giving a notice to us and refuse to receive such advertising and promotion messages. If you so choose to refuse to receive advertising and promotion messages, please contact our call centre. Upon receipt of your request, we will, as soon as practical (usually no later than 15 working days), take actions to ensure that no more advertising and promotion messages would be sent to you.
     
  6. You may supervise or make suggestions on our practices regarding personal information and privacy protection, and file complaints or seek compensation according to law for any violation of your rights and interests relating to personal information and privacy by us or our staff.
     
  7.  If you have any query, complaint, feedback, comment or suggestion, please contact us. You may contact us by calling our hotline or visiting our branches or sub-branches.

X.    Protection of Minors' Personal Information

  1. We pay particular attention to the protection of minors' personal information. We have no intention to collect any personal information of minors, unless we have the consent of their parents or other guardians and it is necessary for us to provide relevant products or services to them (e.g., the minors may be the holders of the junior accounts opened with us, the beneficiaries of the insurance products we distribute, or the successors in title of our customers etc,).
     
  2.  If you are under 18 years of age, it is suggested that your parents or other guardians should carefully read this Policy and your personal information should be provided only after obtaining consent from them. Meanwhile, it is suggested that your use of our products and services should be under the guidance of your parents or guardians. If they do not give consent to your provision of your personal information or your use of any of our products or services, you should immediately stop providing the information or stop using our product or service. Please notify us of such circumstance as soon as possible, so as to allow us to take appropriate actions accordingly.
     
  3.  If you are under 18 years of age, for the personal information we collect with the consent of your parents or guardians, we will only use or provide such personal information to the extent permitted by laws and regulations or expressly consented to by your parents or guardians or necessary for the protection of minors' rights and interests.

XI.    Formulation, Effectiveness and Update of this Policy and Others

  1. This Policy is formulated by us and released on our website, which takes effect as of the effective date first above written. This Policy may be amended or updated (including modification of its name) from time to time for the purpose of providing better services to you or with the development of our business or changes in applicable laws and regulations, particularly upon the occurrence of any of the following major changes:
    (1)    major changes in our service model, such as changes in the purpose of processing personal information, the types of personal information being processed, the manners in which personal information is used, the period of retention, etc.;
    (2)    major changes in our ownership structure, organisational structure, etc. resulting in changes in the persons that actually collect and process your personal information, such as changes in owners as a result of business adjustments, bankruptcy, mergers and acquisitions, etc.;
    (3)    changes in the main targets with/to whom personal information is shared, transferred or publicly disclosed;
    (4)    major changes in your rights to participate in the processing of personal information or the manners in which such rights may be exercised;
    (5)    changes in our contact details for personal information security related requests/enquiries, or channels for filing of complaints;
    (6)    other changes which may materially affect your rights and interests relating to personal information.
    We will release updated versions of this Policy on our official website or client applications and remind you of the relevant updates by issuing an announcement on our website or by other appropriate means before such updates become effective, so that you can know the latest version of this Policy in a timely manner. By giving your consent and continuing to use our products or services, you agree to this Policy (including updated versions). No change in this Policy shall impair or restrict your rights as the subject of personal information under applicable laws and regulations. All communications and transactions between you and the Bank shall be governed by the latest version of this Policy then in effect, whether the name of this Policy is "Privacy Policy" or "Personal Information and Privacy Protection Policy" or other names that convey the same meaning.
     
  2.  If you provide us with any personal information of another person, you should ensure that such person has knowledge of this Policy, inform such person how we may collect and use his/her personal information in particular and obtain the authorisation/consent of such person. You may remind such person to read this Policy in advance and may also give him/her a copy of this Policy.