Issued on: Aug 2, 2024
Effective as of: Aug 9, 2024
DBS Bank (China) Limited ("DBS China", “DBS Bank”, the "Bank", "we" or "us") understands how important your personal information means to you, takes the confidentiality and security of personal information very seriously, and strives at all times to protect your personal information and privacy according to law. We therefore formulate this DBS China Mobile Banking Personal Information and Privacy Protection Policy (this "Policy" or “Privacy Policy”), and will collect, store, use, provide, publicly disclose, delete, and protect your personal information (including personal information of persons represented by you).
This Policy applies to the App (name as DBS digibank CN the "Mobile Banking App",“Mobile Banking”) for DBS China mobile banking service (the "Mobile Banking Service"). If there is any discrepancy between this Policy and other terms and conditions agreed between you and us, such other agreements shall prevail.
Please be sure to read this Policy carefully before applying for or using the Mobile Banking Service, signing the relevant agreement, or browsing, logging in, or using the Mobile Banking App, to help you understand the purposes, methods, and scope of our processing of personal information, our practices regarding personal information and privacy protection, your rights and interests relating to personal information and privacy and how to safeguard your rights and interests.
We strive to use plain and concise language in preparing this Policy. The terms of this Policy which are closely related to your rights and interests and the sensitive personal information are highlighted in bold for your special attention.
By clicking on the “Agree” button or checking the "Agree" box, you are deemed to have agreed to this Policy and consented to the collection, storage, use, provision, public disclosure and deletion of your information by the Bank in accordance with this Policy.
If you have any questions about this Policy when reading it, you may contact the Bank for enquiries by any of methods set out in Section IX of this Policy.
This Policy includes the following contents:I. How We Protect Your Personal InformationII. How We Collect Your Personal InformationIII How We Store Your Personal InformationIV. How We Use, Entrust the Processing of, Share, Transfer and Publicly Disclose Your Personal InformationV. How We Use Cookies and Relevant TechnologiesVI. Your Rights Relating to Personal InformationVII. How We Process and Protect Minors' Personal InformationVIII. Amendment and Update of this PolicyIX. How to Contact UsX. Others
A. Overview
In order to protect the confidentiality, security and privacy of the personal information you provide to us, we follow the principles of reasonableness, legality and legitimacy and comply with the following policies regarding personal information and privacy protection:
We abide by our commitment to the above policies, do our best to maintain the trust you have placed in us.B. Security Protection Measures
1. In order to provide you with the Mobile Banking Service and to ensure its security, you need to provide us with, or allow us to collect from you or (per your consent) a third party, necessary information for the purposes or service functions provided below.
Your ID number, a one-time dynamic verification code sent to your preset mobile number.
If you use the facial recognition service, you will need to provide facial recognition information, but we will not retain your facial features and movements for our own sake.
If you use the Bank’s debit card for verification, you will need to provide your DBS China debit card number and card PIN.
Your username, your preset login password, a one-time dynamic verification code sent to your preset mobile phone.
Maintaining the normal and safe operation of the Mobile Banking Service and Mobile Banking App, and ensuring the security of transactions, preventing and controlling transactional risks
If you refuse to provide such information, you will not be able to complete your registration, log in or use the Mobile Banking Service or Mobile Banking App functions safely and properly.2. You may choose to use the following mobile banking functions at your own discretion. To use the following functions, you need to provide us with, or allow us to collect from you or (per your consent) a third party, the relevant information.
One-time dynamic verification code sent to your preset mobile number.
Domestic fund transfer and payee management: payee’s name, account opening bank information for the receiving account, receiving account number.
your fingerprint and/or facial biometric verification result generated from your mobile device
Your name, mobile phone number, registered e-mail address (if applicable)
When you make a appointment, the above information will be displayed for your confirmation based on your registered information.
perform suitability assessment, risk matching and other statutory obligations
If you refuse to provide such information, you will not be able to use the corresponding service functions, but this will not affect your use of other Mobile Banking Service or Mobile Banking App functions.3. Our Mobile Banking App may request system permission from you for the following authorized functions and collect your personal information based on your authorization.
You can choose whether or not to authorize system permissions when prompted to do so. Refusal to grant permission will prevent you from using the corresponding authorized functions, but will not affect your access to other functions of the Mobile Banking App.4. When you use the Bank's Mobile Banking Service or Mobile Banking App functions, we may use software development kits ("SDK(s)") provided by third party service providers to provide you with the services. Only by allowing such third party SDKs to process your information, will the Bank be able to implement responsive functions. For the purpose of providing such services, these third party SDKs may collect information from you as follows:
Yun Zheng Tong (CFCA) SDK
Purpose:
In order to provide you with Yun Zheng Tong e-signature (digital certificate) service, we use the Yun Zheng Tong (CFCA) SDK for implementing e-signature (digital certificate) function
Information fields collected by SDK:
Common fields:
Customer name, customer ID type, ID number
iOS device-specific:
Mobile device model, system version, IP address, network connection, IDFV (IdentifierForVendor), whether mobile is jailbreak, APP creation time, APP Bundle ID, APP version, whether the phone has TEE, SE module, Keychain information (used to obtain a unique identifier)
Android device-specific:
MAC address, system version, device name, model and manufacturer, hardware name, serial number and manufacturer, Android ID, APP producer information, whether mobile is ROOT, Android Keystore logo, whether the phone has TEE, SE module
Required system permissions:
None
In order to provide you with live facial recognition & verification function, we will use the Live Recognition (CFCA) SDK, obtain camera access, to securely verify your identity by recognizing your facial features and movements, but we will not retain your facial features and movements for our own sake.
Facial recognition information, customer name, customer ID type, ID number
To enable you to share relevant pages in the Mobile Banking App (such as product pages) to the WeChat platform
Unique device identifier, Device MAC address
Required system permissions:None
Android specific (for China Android market), no such SDK in iOS
Used for message push notification
Android ID, Device Info
Required system permissions:NotificationPhone (device info and network info)External StorageSpecial Note:
Used for message push notificationInformation fields collected by SDK:Android ID,Device info,App package name、version no, running statusRequired system permissions:NotificationPhone (device info and network info)Refer to Xiaomi push SDK privacy policy:https://dev.mi.com/console/doc/detail?pId=1822
Used for message push notificationInformation fields collected by SDK:Device info (IMEI, OAID,Serial Number,IMSI,User ID,Android ID,Google Advertising ID, Region setting,device model,quantity of phone's electricity,version of phone's OS, language), App info (package name, version code, SDK version), network info (connection with IP or domain, network type), notification info(result of message delivering, permission of notification showing, notification clicking), screen lock (if screen lock or not, if allow to show notification when screen lock)Required system permissions:NotificationPhone (device info and network info)External StorageRefer to Oppo push privacy policy:https://open.oppomobile.com/new/developmentDoc/info?id=10288
To assess and protect the security of Mobile Banking App running in installed device
Running processesSystem versionMobile device modelInstalled list of Apps infoAndroid IDSSID (not collect yet)BSSID (not collect yet)
Phone (device info and network info)
Note:
As this SDK is used to ensure the safety of the Mobile Banking App, this SDK cannot be turned off specifically
Provide end-to-end visibility on the performance of mobile applications as well as help customer troubleshoot problems such as slow mobile network requests and crashes.
Mobile Carrier NameNetwork Connection TypeDevice ModelApp VersionOS VersionIP Address App Crash infoNetwork requests and responses info including errors
Android specific (for Overseas Android market), no such SDK in iOS
Application Version OS VersionDevice Model Name Device Model IDDevice BrandAPP that was used to install our Digibank App (like Google Play Store)Firebase SDK version
Android specific, no such SDK in iOS
One tool SDK used for implementation to let user to share some page of the App (like public product info page) or information to Wechat platform
Information fields collected by SDK:NoneRequired system permissions:None
One tool SDK used for implementation to realize App related front-end functions
One tool SDK used to check whether phone has Google Play service or not
One tool SDK used in implementation to support Android old versions
One tool SDK by utilizing its network libraries to realize related features during App implementation.
One tool SDK by utilizing its native Java library (JDK8) to realize related features during App implementation.
One tool SDK to realize PDF display
One tool SDK to realize shimmer effect of UI display
One tool SDK for App frontend images fast loading and display
One tool SDK used to realize Wechat sharing function
iOS specific, no such SDK in Android
One tool SDK used for front-end UI layout display
One tool SDK used for App localization
One tool SDK used for front-end charts display
Adobe SDK
Collection of clickstream data, including user interactions, page views, app usage, and event tracking, from mobile apps and other digital platforms for advanced analytics and insights
Shanghai Junyu Technology Co. ltd.
One tool SDK used by Live Recognition (CFCA) SDK to support live facial recognition & verification function.
If you do not agree to the above information collection by the above third party service provider SDKs, you may not be able to receive the corresponding services, but this will not affect your normal use of other Mobile Banking Services or Mobile Banking App functions. If any of the above third party service providers that collect the above information causes leakage of the information or uses such information in violation of the law, the third party service provider shall bear the corresponding legal liability.5. Please understand that the Mobile Banking Services we provide to you will be constantly updated and developed. If you choose to use other services that are not covered in the preceding description, for which we need to collect your information, we will separately explain to you the purpose, method and scope of information to be collected through reasonable means such as prompts, interactive processes, agreements, etc., and obtain your consent. We will use, store, provide and protect your information in accordance with this Policy and any other agreements (if any); if you choose not to provide such information, you may not be able to use a particular service or part of a service, but this will not affect your use of other services provided by us.6. To the extent permitted by laws and regulations, in the following circumstances, we may collect and use your personal information without your consent:
(1) where it is in relation to our performance of obligations under laws and regulations;
(2) where it is in direct relation to state security or national defense security;
(3) where it is in direct relation to public security, public health, or major public interest;
(4) where it is in direct relation to criminal investigation, prosecution, trial, enforcement of judgment, etc.;
(5) where the purpose is to protect your or other individuals' life, property or other material legitimate rights and interests but it is difficult to obtain your consent;
(6) where the personal information involved is disclosed by you to the public at your own discretion;
(7) where it is necessary for the conclusion and performance of a contract at your request;
(8) where personal information is collected from lawful public disclosures, such as lawful news reports, government information disclosure and other channels;
(9) where it is necessary for maintaining the safe and stable operation of the products or services provided, such as discovering, handling product or service failures;
(10) other circumstances provided by laws and regulations.
We comply with the laws and regulations of the People's Republic of China on data storage, store your personal information collected or generated in the People’s Republic of China, within the territory of the People’s Republic of China. And will, according to and to the extent necessary for complying with laws and regulations, regulatory rules, archiving, accounting, auditing or reporting requirements, and the purposes set forth in this Policy, retain your personal information for a minimum period.
To the extent permitted by laws and regulations, for the purpose such as providing cross-border services (e.g. cross-border remittance), your personal information may be transmitted to another country or region. Under such circumstances, we will obtain your consent according to the requirements under laws and regulations, and adopt appropriate, necessary and effective measures (e.g. encrypted transmission) to safeguard the security of your information.
After the retention period expires, we will destroy, delete or anonymize relevant information, except for those that need to be retained for settlement of indebtedness between you and us, resolving complaints and disputes related to you, or providing records to or responding to enquiry request by you, regulators or other authorities. In such case, we will not further use the information for additional daily business operation purpose.
A. We will use your information in the following circumstances:
B. Marketing and PromotionThe above-mentioned information collection and use set out herein does not affect our use of your information in accordance with the purpose that you have otherwise specially agreed with us. If we want to use your personal information for other purposes other than those stated in this Policy or otherwise agreed between you and us, we shall re-obtain your consent before using it.
Only upon your prior consent and to the extent no subsequent request to withdraw the consent has been received from you, will the Bank directly send you marketing messages, including special offers, promotions and activities that you may be interested in or eligible for. Such marketing messages may be sent to you in various forms, including but not limited to social media (such as WeChat push), email, direct mail, SMS, telephone, fax and other mobile communication services, but excluding personalized targeted push via the Mobile Banking App. When sending you marketing messages, the Bank will comply with all applicable personal information and privacy protection laws and regulations.
If you do not want us to use your personal information for marketing purposes, you may notify us to exercise your right to opt out of receiving such marketing messages. If you choose not to receive marketing messages, please call our hotline at 4008208988. We will, as soon as possible after receiving your request (usually no later than 15 working days after receiving your request), take relevant measures to ensure that marketing messages will no longer be sent to you.
Currently, the Bank will not provide personalized targeted push on the Mobile Banking App based on your personal information.C. Entrusted Processing and Sharing
The Bank will not provide your personal information to any other companies, organizations or individuals, unless we obtain your explicit consent or authorization. We will only entrust third parties to process your personal information or share your personal information (to the extent related to specific purposes) with third parties for legitimate, justifiable, necessary and specific purposes.
When we entrust a third party to process your personal information, we will agree with the third party on matters such as the processing purpose, time period, method, type of personal information involved, protection measures, rights and obligations of the parties. We will supervise the personal information processing activities of the third party by adopting standards no lower than our own personal information protection standards.
If the Bank needs to share your personal information with another party, we will fulfill the obligation to notify you and obtain your consent in accordance with the law.
For the purposes listed above in this Policy, the Bank will provide and disclose part or all of your personal information to the following recipients on confidential basis and to the extent that such provision is necessary and is made with proper protective measures (the recipients may also, subject to relevant laws and regulations, use, process and disclose the received information for the above purposes, provided that it takes appropriate protective measures in accordance with applicable laws and regulations or our requirements):
(1) any member of the DBS Group;
(2) any contractor, subcontractor, agent, service or product supplier, licensor, professional consultant, business partner, or associated person (including employees, directors and officers) of the DBS Group;
(3) any related regulator or other competent authorities, or any entity or individual designated by such regulator or competent authorities;
(4) anyone acting on your behalf according to your authorization or per law, payees, beneficiaries, account nominees, intermediaries, correspondent and agent banks (e.g. those for CHAPS, BACS and SWIFT), clearing houses, clearing or settlement systems, upstream withholding agents, swap or trade repositories, stock exchanges, companies in which you have an interest in securities (where such securities are held by us for you), or anyone making any payment to you;
(5) any person or relevant party who has right or obligation, acquires an interest or assumes risk, in or in connection with any product or service you receive from the Bank, or any business you conduct at the Bank or any transaction you make with the Bank (e.g. the person who provides or proposes to provide any mortgage or other security for any of your debts to the Bank, or the beneficiary of the insurance product that the Bank distributes to you);
(6) other financial institutions, industry associations, bank card organizations, credit rating agencies, credit reference agencies (including but not limited to the Basic Financial Credit Information Database) and information service providers;
(7) any third party asset manager providing you with asset management services through us;
(8) any third party to whom we provide referral, agency or intermediary service;
(9) any person to whom the Bank or any member of the DBS Group is obliged or required to disclose information for the purposes specified herein;
(10) relevant third parties as set out in the agreements and/or the terms and conditions governing the relationship between the Bank and you.
Since we rely on the group's global resources to provide products or services, to the extent permitted by laws and regulations, we may use intra-group systems located overseas (such as Singapore) to process your personal information, which means that your personal information may be transferred to offshore entity(ies) within the DBS Group. Meanwhile, we may need to provide your personal information to relevant overseas partners or service providers for the purpose of conducting cross-border business, for example, in order to provide cross-border remittance service(s) to you or your affiliate(s), provide your personal information to third party participants such as overseas intermediary bank(s) and receiving bank(s); or provide your personal information to our cooperation bank(s) in Hong Kong for the purpose of providing Great Bay Area Wealth Management products/services to you or your affiliate(s). For the aforementioned cross-border information transfer, you may seek further information on the recipient, the type of information to be transferred and other specific information in relevant business documents or by contacting us via the contact information listed in "IX. How to Contact Us" of this Policy. If we provide your personal information overseas, we will comply with provisions and requirements on cross-border personal information transfer under laws and regulations. According to applicable laws and regulations, your personal information will be protected by a code of confidentiality and security which the Bank, members of the DBS Group, their staff and third parties are subject to, whether it is processed domestically or overseas.
D. Transfer
Without your explicit consent, we will not transfer your personal information to any other company, organization or individual, except where it is necessary in the case of our business/asset transfer, restructuring, disposal (including securitization), merger, spin-off or acquisition transaction of the Bank. In such case, we will inform you of the identity and contact information of the personal information recipient via methods such as email, private message, online announcement in accordance with law. The Bank will request the new company, organization or entity holding your personal information to continue to be bound by this Policy. If the personal information recipient intends to change the processing purposes or methods of personal information, we will request it to re-obtain your consent according to the requirements of applicable laws and regulations then in force.E. Public Disclosure
F. Exemptions to Authorization and ConsentAccording to relevant laws and regulations, regulatory requirements, and national standards, the Bank may share, transfer, publicly disclose your information without your prior authorization and consent in the following circumstances:
When you visit, browse and use the Mobile Banking App, the App will record to analyze the number of visitors to the application, general usage patterns and your personal usage patterns and optimize your experience. Some information will be collected through "Cookies". Cookies are small text files placed on your mobile device when you use an application. Cookies collect information about users and how they use an application, such as their Internet Protocol (IP) address, and how they navigate within the application. We use cookies and other technologies to facilitate your use of our application, to provide products and/or services based on your preferred settings, to track the use of our application, and to compile statistics on the activities conducted on our application.
You may manage or delete Cookies according to your preference, including removing all the Cookies stored on your mobile device from local terminal. However, after changing the setting you may not be able to enjoy the convenience that Cookies bring, but your normal use of other functions of the Mobile Banking App will not be affected.
In addition, the Bank's Mobile Banking App may also engage third-party companies to investigate application traffic and other activities on the application. Such companies may use Cookies and other technologies to collect more information about the visitors to the Bank's applications (such as user distribution, behavior and usage patterns) and to improve the efficiency of the Bank's marketing. Such companies will provide the Bank with the information collected in a consolidated manner, and the Bank will not provide to or obtain from such companies personal data that can identify you.
1.The Bank reserves the right to update or amend this Policy from time to time, to ensure this Policy is in line with the developments of how your personal information is used or changes in applicable laws and regulations. The change to this Policy will not restrict or reduce the rights you have under the PRC laws as a personal information subject.2. We will release the changes to this Policy or the updated Policy on relevant pages of the Mobile Banking App via push notifications, pop-up prompts, announcements, etc. and notify you to re-consent. For material changes, we will notify you via pop-up prompts or emails, and provide necessary explanations on the materials changes.
Material changes referred to in this Policy include without limitation:
(1) major changes in our service model, such as changes in the purpose of personal information processing, the types of personal information being processed, the manners in which personal information is used, etc.;
(2) major changes in our ownership structure, organizational structure, etc., such as changes in owners as a result of business adjustments, bankruptcy, mergers, acquisitions and etc.;
(3) changes in the main recipients with/to whom personal information is shared, transferred or publicly disclosed;
(4) major changes in your rights to participate in the processing of your personal information or the manners in which such rights may be exercised;
(5) changes in our contact details to deal with your personal information request, or changes in channels for complaints filing;
If you do not agree on the updated content, please stop using the Mobile Banking Service immediately and deregister the relevant account; if you continue to use the Mobile Banking Service or Mobile Banking App after the update of this Policy, you will be deemed as having fully read, understood and accepted the updated version of this Policy and agree to the Bank’s collection, storage, use, provision, disclosure, deletion and protection of your relevant personal information in accordance with the updated Policy.3. You may access and view this Policy on the Mobile Banking App via “More-Privacy Policy”.
If you have any question, comment or suggestion, or any relevant complaints, whistle-blowing, please contact the Bank. You may contact us by calling the Bank’s customer service hotline (4008208988) or visit the branch office of the Bank, you may also visit the Bank’s official website (www.dbs.com.cn) or the WeChat public account “DBS Treasures” (WeChat account: DBSTreasures) to check the nearby business outlets. The Bank will process your comment, suggestion and relevant questions in a timely manner. Under normal circumstances, the Bank will reply within 15 working days or the shorter period stipulated by laws and regulations (if applicable) after receiving your request.
Company name: DBS Bank (China) Limited
Address: Unit 1301, 1306, 1701 and 1801, DBS Bank Tower, 1318, Lujiazui Ring Road, Pudong New Area, Shanghai
Email address for personal information protection: chinahotline@dbs.com
Customer service hotline: 4008208988 (7*24 hours)
Notwithstanding the foregoing, we may reject your request that is illegal, in violation of regulatory rules, repeated without ground, unreasonable or technically impracticable. According to laws and regulations, we may not be able to respond to your request under any of the following circumstances:
(1) where the request is in relation to our performance of obligations under laws and regulations;
(2) where the request is in direct relation to state security or national defense security;
(3) where the request is in direct relation to public security, public health, or major public interest;
(4) where the request is in direct relation to criminal investigation, prosecution, trial, enforcement of judgment, etc.;
(5) where we have sufficient evidence of malice or abuse of rights on your part;
(6) where the purpose is to protect your or other individuals' life, property or other material legitimate rights and interests but it is difficult to obtain your consent;
(7) where responding to your request will lead to significant damage to the legitimate rights and interests of you or any other individual or entity;
(8) where the request involves any trade secret.
If you are not satisfied with our reply, especially if you believe that the Bank's processing of personal information have damaged your legitimate rights and interests and cannot be resolved through effective communication with the Bank, you can also file a complaint or report to the regulatory authorities such as Cyberspace Administration, Ministry of Industry and Information Technology, Ministry of Public Security, and Administration for Market Regulation, or seek solutions by filing a lawsuit with the competent people's court where the Bank is domiciled.
Customer Service & Complaint Hotline: 400 820 8988
Customer Service & Complaint Email: [email protected]
Or have someone contact you
Complaint Procedure