Latest Revision Date: 15 August 2018
DBS Bank (China) Company Limited (“DBS”, “the Bank”, “we” or “us”) deeply understand the importance of personal information to you. We take personal information confidentiality and security very seriously, and we strive at all times to protect your personal information and privacy according to law. We therefore formulate this Personal Information and Privacy Protection Policy (this “Policy”), and we collect, use, disclose and protect your personal information (including the personal information of the person you represent) in accordance with this Policy.
Please be advised to read this Policy carefully to fully understand the purposes, methods, and scope of personal information we collect and use, our practices regarding personal information and privacy protection, your rights and interests with regard to personal information and privacy and how to assert your rights and interests. The table of content of this Policy is set out as below:
I. Personal Information and Privacy Protection Policy Overview – How We Protect Your Personal Information
II. What Personal Information We Collect
III. How We Use or Disclose Your Personal Information
IV. Use of Personal Information for Marketing Purposes
VI. Your Rights Relating to Personal Information
VII. How We Handle Minors’ Personal Information
VIII. Amendments and Updates of This Policy
If you have any query, comment or suggestion, you may contact us by calling the Bank’s hotline or visiting the Bank’s branches or sub-branches. You may also visit the Bank’s official website www.dbs.com.cn or official WeChat account “星展丰盛理财” (WeChat ID: DBSTreasures) to enquire at the nearby branches or sub-branches.
This Policy shall apply to your and related parties’ personal information that may be involved when you visit, browse, use any website or mobile device application of the Bank (including but not limited to mobile banking application, WeChat official account, online direct banking platform etc.), apply for or use any product or service of the Bank or third party partner, handle any business at the Bank or make any transaction with the Bank, participate in any marketing campaigns, (corporate) events and surveys of the Bank, apply for any position at the Bank, and/or in any way contact or correspond with the Bank, regardless of whether the information is provided by yourself or by the related parties, or collected or acquired by the Bank from other sources in compliance with law, regulation, regulatory provision, or based on your or related parties’ authorisation or consent. The Bank may collect, verify, store, use, process, disclose, transfer, protect your and related parties’ personal information in accordance with this Policy and other terms and conditions otherwise agreed between you and the Bank. If there is any discrepancy between this Policy and the other terms and conditions agreed between you and the Bank, such other terms and conditions shall prevail.
To preserve the confidentiality, security and privacy of all personal information you provide to us, we follow the principle of reasonableness, legitimacy and rightfulness, and adopt the following policies to protect personal information and privacy:
We only collect personal information that we believe to be relevant and required for us to comply with law, regulation and regulatory provision, understand your needs, build up, review, maintain and develop our relationship with you, provide you with products and services, and continuously improve our products and services.
We use your personal information with the aim to comply with law, regulation and regulatory provision, provide you with better products and services, and build up, review, maintain and develop our relationship with you.
We may for specific purposes provide your personal information to other members of the DBS Group, our respective agents or other third parties, as permitted by law. “DBS Group” means DBS Bank Ltd., its related corporations, affiliates and branches.
We will not disclose your personal information to any third party, unless the disclosure is made to comply with law, regulation and regulatory provision or in accordance with this Policy or other agreement between you and the Bank.
We may be required from time to time to disclose your personal information to our regulators, other governmental or judicial bodies or agencies, but we will only do so following the requirement of law and regulation, our regulators or other authorities and to the extent that is necessary.
We aim to keep your personal information on our records accurate and up-to-date.
We maintain strict security systems designed to prevent unauthorised access to your personal information.
All members of the DBS Group, all our staff and all third parties with permitted access to your personal information are specifically required or legally obliged to perform confidentiality obligations.
By maintaining our commitment to these policies, we at DBS will ensure that we uphold the trust that you place in us.
B. Information Security
We place high importance on information security. And we maintain our commitment to information security by implementing appropriate physical, electronic and managerial measures to secure your personal information.
The secure area of the website of the Bank supports the use of Transport Layer Security (TLS) protocol and 256-bit encryption technology - an existing industry standard for encryption over the Internet to protect data. When you provide personal sensitive information through the website of the Bank, it will be automatically converted into codes so as to ensure secure transfer afterwards. Our web servers are protected behind “firewalls” and our systems are monitored to prevent any unauthorised access.
We exercise strict management over our staff who may have access to your personal information, including but not limited to imposing confidentiality obligation by contract on relevant staff, formulation and implementation of information confidentiality and security related policies and procedures, and delivering related training to staff. When we use services provided by external service providers (entities or individuals), we also impose strict confidentiality obligations on them and request them to abide by our security standards when processing personal information.
For the security of your personal information, you take on the same level of responsibility as us. You shall keep your personal information secret and confidential, such as your account information, identity verification information (e.g. user name, password, dynamic password, verification code, etc.), and all the documents, materials, devices or other media that may contain or record or otherwise relate to such information, and shall ensure your personal information and relevant documents, materials, devices or other media are used only in a secured environment. You shall not, at any time, disclose to any other person or allow any other person to use such information and relevant documents, materials, devices or other media. Once you think your personal information and/or relevant documents, materials, devices or other media have been disclosed, lost or stolen and may so endanger the relation between you and the Bank or cause your bank account being used for any unauthorised transaction, you shall notify us immediately so that we may take appropriate measures to prevent further loss from occurring.
If unfortunately personal information security incident occurs, we will adopt emergency plan and take relevant actions and remediation measures to mitigate the severity and losses in connection therewith. Meanwhile, we will report such personal information security incident and our actions in accordance with law, regulation and regulatory provision.
We will retain your personal information for so long as the purpose for which it was collected remains and until it is no longer necessary for any other legal, regulatory or business purposes.
1. As required for us to provide you with various products and services and continuously improve our products and services, or in order to contact or communicate with you, understand your needs, build up, review, maintain and develop our relationship with you, or for the purpose of complying with law, regulation and regulatory provision, during the time when you visit, browse, use any website or mobile device application of the Bank, apply for or use any product, device or service of the Bank, handle any business at the Bank or conduct any transaction with the Bank, participate in any marketing campaigns and (corporate) events and surveys of the Bank, apply for any position at the Bank, and/or in any way contact or correspond with the Bank, the Bank may receive and keep the personal information provided by yourself or by related parties, or, according to law, regulation, regulatory provision, or with your authorisation or consent, collect, enquire, verify by proper methods your and/or related parties’ personal information from/with members of the DBS Group or other third parties (including but not limited to credit reference agencies, information service providers, relevant authorities, employers, counterparties, other relevant entities, joint applicants, contact persons, close relatives and other persons).
The personal information we so collect may include information in paper, electronic (for example but not limited to information collected through any of the Bank’s website, Internet Banking, direct banking platform, Mobile Banking, self-service machine, QR code for offline marketing events and business development campaigns and/or other mobile devices applications, email, SMS or Phone Banking) or any other forms.
2. The Bank may for various purposes collect necessary personal information according to this Policy and other agreement between you and the Bank. Personal information the Bank may collect mainly includes:
(1) Personal identity information, including name, sex, nationality, citizenship, registered residence (Hu Kou), ethnic, type/number/validity period of Identification (ID) certificate, occupation, education, diploma, working experience, directorships and other positions held, telephone number, e-mail, contact information, age, birth date, place of birth, marital status, health status, family status, place of residence, work address, photo, social security information, personal virtual identity and authentication information (e.g. Internet Banking account information), etc.;
(2) Personal property information, including personal income, real property, movable property (e.g. vehicle, financial assets, etc.), indebtedness, investment, tax-paid amount, tax resident status, taxpayer identification number, amount paid for the provident fund, etc.;
(3) specimen signatures(s), handwriting;
(4) Personal biometrics information, such as portrait, fingerprint, voice, iris, face recognition information, etc.;
(5) Personal account information, including account number, account opening time, institution with which the account is opened, account balance, account transaction information, etc.;
(6) Personal credit information, including credit card, loan and other credit transaction information and any other information about personal credit status;
(7) Personal financial transaction information, including personal information acquired, kept, recorded during any payment, settlement, wealth management, safe deposit box or other banking business, as well as personal information generated from transactions made through banks with any third party institution like insurance company, securities company, fund house, futures company or payment agency, and etc.;
(8) Derivative information, including consumption habit, product/service/internet use habit, transaction or risk preference, risk appetite, investment intention, investment goal, knowledge and experience, and other information about particular person’s situation derived from processing and analysis of raw data;
(9) Any other personal information acquired or kept during the establishment or maintenance of business or other relationship with individuals, e.g. personal opinions on our services and products (e.g. feedback or responses to surveys), time/location (including geographic location and network address) of service use, log information related to browse/use/clicking/operation of website/software/application, image and video record, audio record, voice recordings of our conversations with you, correspondence record and contents, device identifier and code, hardware type and serial number, operating system version, etc..
3. To the extent allowed by laws and regulations, we may collect and use your personal information without the necessity to get your consent under any of the following circumstances:
(1) where the collection and use are directly related to state security or national defense security;
(2) where the collection and use are in direct relation to the public security, public sanitation, or significant public benefits;
(3) where the collection and use are in direct relation to investigations into crimes, prosecutions, court trials, and enforcement of rulings, etc.;
(4) where the collection and use are for the sake of safeguarding your or other’s life, property or other significant rights and interests but it is difficult to obtain your consent;
(5) where the personal information collected is the information voluntarily disclosed by yourself to the public;
(6) where the personal information is collected from information that has been legally and publicly disclosed, such as legal news reports and government information publicity channel;
(7) where the collection and use are necessary for concluding and performing contracts as required by you;
(8) Other circumstances specified by law and regulation.
A．The purposes for which your personal information may be used will vary depending on the nature of your relationship with us. Broadly, they may comprise any or all of the following purposes:
to provide you with banking facilities, products or services (whether made available by us or through us), to identify or verify your identity, to approve, manage, handle, execute or effect transactions requested or authorised by you;
to contact or communicate with you, e.g. providing you with updates on changes to products, services and banking facilities (whether made available by us or through us) including any additions, expansions, suspensions and replacements of or to such products, services and banking facilities and their terms and conditions.
to comply with any Applicable Laws (“Applicable Laws” refer to any applicable local or foreign statute, law, regulation, ordinance, rule, judgment, decree, voluntary code, directive, sanctions regime, court order applicable to any member of the DBS Group, agreement between any member of the DBS Group and any authority, or agreement or treaty between authorities and applicable to the Bank or a member of the DBS Group) and any order or requirement from any authority;
to perform the Bank and/or the DBS Group’s compliance obligations (including regulatory compliance, tax compliance and/or compliance with any Applicable Laws or requirement of any authority), or to implement any policy or procedure made by the Bank and/or the DBS Group for performance of their compliance obligations;
to detect, investigate and prevent any real, suspected or potential financial crime (including money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions, and/or violations, or acts or attempts to circumvent or violate any Applicable Laws relating to these matters) and to manage financial crime risk;
to collect any amounts due from any debtor, or enforcing obligations owed to us;
to comply with obligations and requirements imposed on us from time to time by any credit bureau or credit reference agencies, and to conduct credit or credit reference checks, to verify, obtain or provide credit references or credit information;
to contact or communicate with you, understand your needs, build up, review, maintain and develop the Bank’s or any member of the DBS Group’s overall relationship with you (including to assess your interests in relevant products or services, to conduct market research or survey or satisfaction survey, to review, approve or handle your application for any position at the Bank, etc.);
to manage our infrastructure and business operations and to comply with internal policies and procedures (including for credit and risk management, creating and maintaining credit and risk related models; data statistics, analysis, processing and handling, system, product and service design, research, development and improvement, as well as for planning, insurance, audit and administrative purposes);
to enforce or defend rights of the Bank or any member of the DBS Group, or to perform the obligations of the Bank or any member of the DBS Group (whether statutory obligations or contractual obligations, including but not limited to the Bank’s obligations under any agreement entered into with any real or potential business and/or asset assignee, business partner, transaction participator or member banks of joint facility offering mechanism);
to obtain or utilize administrative, consultancy, telecommunications, computer, payment, data storage, processing, outsourcing and/or other products or services;
to respond to queries or feedback;
to address or investigate any complaints, claims or disputes;
to conduct credit checks, screenings or due diligence checks as may be required under applicable law and/or regulation;
to monitor products and services provided by or made available through us;
financial reporting, regulatory reporting, management reporting, risk management (including monitoring credit exposures), audit and record keeping purposes;
to enable any actual or proposed assignee or transferee of DBS’s rights or obligations to evaluate any proposed transaction; and/or
to seek professional external advice, including but not limited to legal advice.
We may also use personal information for purposes set out in the terms and conditions that govern our relationship with you or our customer.
B. Disclosure and Sharing of Your Personal Information
For the purposes set out above, the Bank may on confidential basis provide or disclose all or part of your personal information to the following recipients (the recipients may also, for the aforesaid purposes, use, process and further disclose the information they receive):
any member of the DBS Group;
any contractor, subcontractor, agent, third party product or service provider, licensor, professional advisor, business partner, or associated person of the DBS Group (including their employees, directors and officers);
any regulator or other authority of the Bank or any member of the DBS Group, or any organisation or person designed by such regulators or authorities;
anyone acting on your behalf, payment recipients, beneficiaries, account nominees, intermediary, correspondent and agent banks (e.g. for CHAPS, BACS, SWIFT), clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories, stock exchanges, companies in which you have an interest in securities (where such securities are held by the Bank for you), or anyone making any payment to you;
any person or related party who has the right or obligation, acquires an interest or assumes risk, in or in connection with any product or service you receive from the Bank, or any business you handle at the Bank or any transaction you make with the Bank (for example, the person who provides or intends to provide any mortgage or other security for any of your debt to the Bank);
other financial institutions, industrial associations, bank card organisations, credit rating agencies or credit bureaus (including without limitation the People’s Bank of China’s credit information database), information service providers;
any third party fund manager providing you with asset management services;
any broker that provides referral, agency or intermediary service to the Bank, or any third party to whom the Bank provides referral, agency or intermediary service;
any party in connection with any business/asset transfer, restructure, disposal (including securitization), merger, spin-off or acquisition transactions of the Bank;
any person to whom the Bank or any member of the DBS Group is under an obligation or otherwise required to make disclosure for the aforesaid purposes.
other relevant third party as set out in the agreement(s) and/or terms and conditions that govern our relationship with you or our customer.
We wish to emphasise that DBS does not sell personal information to any third party and we shall remain fully compliant of any duty or obligation of confidentiality imposed on us under the applicable agreement(s) and/or terms and conditions (if any) that govern our relationship with you or our customer and/or any applicable laws and regulations.
To the extent permitted by applicable laws and regulations, we may transfer, store, process and/or deal with your personal information outside Mainland China (including jurisdictions which do not have data protection laws that provide the same level of protection as the jurisdiction in which the Bank is located). In doing so, we will comply with any and all requirements imposed on us by such applicable laws and regulations.
We may use your personal information to offer you products or services, including special offers, promotions, contests or entitlements that may be of interest to you or for which you may be eligible. Such marketing messages may be sent to you in various modes including but not limited to social media (wechat enterprise account subscription), electronic mail, direct mailers, short message service, telephone calls, facsimile and other mobile messaging services. In doing so, we will comply with all applicable personal information and privacy protection laws and regulations.
In respect of sending telemarketing messages to your telephone number maintained with us via social media, short message service, telephone calls, facsimile and other mobile messaging services, please be assured that we shall only do so if we have your clear consent to do so and we have not received your request that we stop contacting you for marketing purpose. If we have an ongoing relationship with you and you have not indicated to us that you do not wish to receive telemarketing messages sent to your telephone number, we may send you telemarketing messages to that number related to our ongoing relationship via short message service, facsimile and other mobile messaging services.
You may request that we stop contacting you for marketing purposes via our hotline 4008208988 (for individual customer) or 4008218881 (for corporate customer), if you cannot visit our branch in person.
Nothing in this section shall vary or supersede the terms and conditions that govern our relationship with you.
A pixel tag, also known as a web beacon, is an invisible tag placed on certain pages of our web site but not on your computer. Pixel tags are usually used in conjunction with cookies and are used to monitor the behaviour of users visiting the web site.
You may set up your web browser to block cookies which will in turn disable the pixel tags from monitoring your web site visit. You may also remove cookies stored from your computer or mobile device. However, if you do block cookies and pixel tags, you may not be able to use certain features and functions of our web sites.
In addition, the Bank’s website and/or application may also work with third parties to research certain usage and other activities on the website and/or application. They may use technologies such as web beacons and "Cookies" etc. to collect more information about users (e.g. user demographics and behaviour and usage patterns) and to improve the effectiveness of our marketing. They aggregate the information collected and then share it with us. No personally identifiable information about you is collected from or shared to such company by us. Should you wish to disable the Cookies associated with these technologies, you may do so by changing the setting on your browser and/or application. However, after changing the setting you may not be able to enter certain part(s) of our website and/or application.
You have the right to request us to protect and secure your personal information in accordance with the provisions of laws, regulations and this Policy.
You have the right to check with the Bank whether the Bank holds your personal formation and to check the personal information you have provided to the Bank.
You have the right to check with the Bank for the Bank’s policies on personal information and privacy protection. When you have any query about this Policy, you have the right to seek explanation/interpretation from the Bank to help you understand our practices regarding personal information and privacy protection and their possible consequence, and understand your rights and interests under this Policy in relation to personal information and privacy.
You have the right and obligation to update your personal information at the Bank to ensure all information be accurate and up-to-date. You have the right to request the Bank to provide convenience for you to update your personal information at the Bank and to correct any of your information that is inaccurate.
In relation to consumer credit, you have the right to request to be informed of your personal information that is disclosed to credit reference agencies by the Bank, so as to enable your request to the relevant credit reference agency for an access to and correction of your information.
You may request access or make corrections to your personal information held by DBS. DBS reserves the right to charge a reasonable fee for processing of any data access request. Such a fee depends on the nature and complexity of your access or correction request.
You may supervise or make suggestions for the Bank’s practices regarding personal information and privacy protection, and to lodge complaints or demand compensation according to law against the Bank or its staff for any infringement of your rights and interests in your personal information and privacy.
Nothing in this Policy shall limit the rights you should have as a personal information subject under Chinese law.
To contact us on any aspect of this Policy or your personal information or to provide any feedback that you may have, please visit any of our branches or get in touch with our customer centre officer in the following ways:
If you are our personal banking customer or a non-customer, you may call our hotline at 4008208988.
If you are our business banking customer, you may call our hotline at 400 821 8881.
Upon the receipt of your request, we will reply to you within a period of no longer than 30 days or a shorter period as prescribed by law and regulation (if any).
Due to the requirements of law and regulation, we may not be able to respond your request under any of the following circumstances:
(1) where the request is in direct relation to state security or national defense security;
(2) where the request is in direct relation to public security, public sanitation, or significant public benefits;
(3) where the request is in direct relation to investigations into crimes, prosecutions, court trials, execution of rulings, etc.;
(4) where there is sufficient evidence that you are intentionally malicious or abuses your rights;
(5) where responses to your request will give rise to serious damage to your or any other individual or organization’s legal rights and interests; and
(6) where the request involves any business secret.
We attach great importance on protecting the minors’ personal information. If you are under 18 years old, it is suggested that your parents or guardians shall carefully read this Policy and you shall submit your personal information only after seeking consent from them. Meanwhile, it is suggested that your use of our product and service is conducted under the guidance of your parents or guardians. If they do not agree for you to submit your personal information or to use any product or service of the Bank, you shall immediately stop doing so and notify us as soon as possible, so as to allow us to take effective measures.
If you are under 18 years old, for those personal information collected with consent of your parents or guardians, we will only use or disclose such information to the extent allowed by law and regulation or expressly consented by your parents or guardians or where it is necessary for the protection of your interests.
We may amend this policy from time to time to ensure that it is consistent with any developments to the way DBS uses your personal information or any changes to the laws and regulations applicable to DBS. We will make available the latest version of this Policy on our web site and/or relevant applications. Changes to this Policy will not impair or limit the rights you should have as a personal information subject under Chinese law. All communications, transactions and dealings with us shall be subject to the latest version of this Policy in force at the time.
Where you provide to us personal information about another person, you should ensure that person acknowledges this Policy and, in particular, tell him/her how we may use his/her information. You should remind that person to read this Policy in advance and may also give him/her a copy of this Policy.
Our web sites/online service platform may contain links to other web sites/online service platform which are not maintained by DBS. When visiting such third party web sites/ online service platforms, you should read their privacy policies which will apply to your use of their web sites/online service platforms.
In the event of any inconsistency between the English and Chinese versions of this Policy, the Chinese version shall prevail.