Personal Data Policy Statement

The Personal Data Policy Statement for Bank of Asia (BVI) Limited (the "Policy")

(Effective as of 18 September 2017)

1. DEFINITIONS
Terms not defined here have the same meaning as in the Terms and Conditions for the Bank of Asia (BVI) Limited Online User Agreement, (Effective as of 18 September 2017) (the "Terms and Conditions")

The words "you" and "your" refer to any holder of the accounts maintained with us and including one or more individuals, sole proprietorships, partnerships, corporations and unincorporated associations or bodies.

The words "we" and "us" refer to Bank of Asia (BVI) Limited (the "Bank" or "BoA").

"Affiliate" means any person or entity who directly or indirectly through one or more intermediates controls, is controlled by, or is under common control with, the relevant party or in relation to a body corporate, any subsidiary, subsidiary undertaking or holding company of such body corporate, and any subsidiary or subsidiary undertaking of any such holding company for the time being."

"Personal Data" refers to any data or information about you which can be identified either (a) from that data; or (b) from that data and other information to which the Bank have or are likely to have access.


2. OBJECTIVES AND RELATIONSHIP TO THE TERMS AND CONDITIONS
2.1 Your privacy is important to the Bank. This Policy outlines how your Personal Data is managed. This Policy sets out (1) the Bank's purposes of data collection, (2) the controls the Bank employs for protection of Personal Data, (3) the classes of persons the Bank can transfer Personal Data to, and (4) your access and correction rights in relation to Personal Data and other related or relevant data.

2.2 You agree and consent to the Bank as well as its respective agents, authorised service providers and relevant third parties collecting, using, disclosing and/or sharing your Personal Data in the manner set forth in this Policy. This Policy is a supplement to but does not supersede nor replace any other consents which you may provide to the Bank nor does it affect any rights that the Bank may have at law in connection with the collection, use and/or disclosure of Personal Data.

2.3 The Bank may from time to time update this Policy to ensure it is consistent with the Bank's future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, the prevailing terms of the Policy shall apply.

2.4 This Policy forms a part of the Terms and Conditions governing your relationship with the Bank and should be read in conjunction with such terms and conditions. In the event of any conflict or inconsistency between the provisions of this Policy and the terms and conditions, the provisions of the Terms and Conditions shall prevail.


3. PERSONAL DATA
3.1 It is necessary, from time to time, for you to supply the Bank with Personal Data in connection with (a) the opening or continuation of accounts, (b) the establishment or continuation of banking and or credit facilities (c) or the provision of banking and or financial services.

3.2 Failure by you to provide such Personal Data may result in the Bank being unable to process accounts or financial services as set out at clause 3.1 above and in more detail in the Terms and Conditions.

3.3 It is also the case that data are collected from you in the ordinary course of the continuation of the banking or financial relationship, for example, when you transfer fund, deposit money, effect transactions through cards or discusses /arrange banking / credit facilities for yourself or for any third party.

3.4 In this Policy, examples of Personal Data include, but are not limited to, the following:
4. PURPOSES FOR THE COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
4.1 The purposes for which Personal Data may be used by the Bank are as, but not necessarily limited to, the following: 4.2 You are responsible for ensuring that all Personal Data submitted to the Bank is complete, accurate, true and correct. Failure to do so may result in the inability of the Bank to provide you with products and services that have been requested. Where Personal Data is submitted by you on behalf of another individual or another individual other than you (or, in the case of situations where a representative of a company or organisation, is submitting the Personal Data of individuals as part of the disclosures by the company or organisation to the Bank) represents and warrants to the Bank that all the necessary consents have been obtained from the relevant individuals and that you has retained proof of these consents, such proof is to be provided upon the Bank's request.


5. COLLECTION OF PERSONAL DATA
5.1 Generally, the Bank collects Personal Data from you in the, but not necessarily limited to the, following ways:
6. TYPES OF PERSONAL DATA HELD
6.1 There are two main categories of Personal Data held in the Bank. They comprise Personal Data contained in the following:
7. RETENTION OF PERSONAL DATA
7.1 Personal Data provided by you and employees is retained for as long as the purposes for which such data were collected continue. As a general rule the minimum retention period is 7 years.


8. SHARING AND/OR TRANSFER OF PERSONAL DATA
8.1 Sharing and/or of Personal Data with third parties not known to the Bank, such as vendors or suppliers, who lack appropriate security safeguards or restrictions on information use is prohibited.

8.2 Personal Data is kept confidential but, subject to the provisions of any applicable law, may be provided to:
9. USE AND PROVISION OF PERSONAL DATA IN DIRECT MARKETING
9.1 The Bank may:
9.2 The above products and services may be provided by the Bank and/or: 9.3 The Bank may at its own discretion seek your written consent before using Personal Data for the purposes and providing to the transferees set out above at paragraph 8.2.

9.4 The Bank may at its own discretion seek your written consent, and after having obtained such written consent, may use and provide Personal Data for any promotional or marketing purpose.

9.5 If the Bank seeks your consent, you may withdraw your consent to the use and provision of Personal Data for direct marketing.


10. YOUR RIGHTS TO ACCESS YOUR DATA
10.1 Under and in accordance with the terms of this Policy and any supplemental information to this Policy the Bank may publish on its website, you have the right: 10.2 Your Personal Data and other related or relevant data may be processed, kept, transferred or disclosed in and to any country as the Bank or any person who has obtained such data from the Bank considers appropriate. Such data may also be processed, kept, transferred or disclosed in accordance with the local practices and laws, rules and regulations (including any governmental acts and orders) in such country.

10.3 The Bank has the right to charge a reasonable fee for the processing of any data access request.

10.4 In relation to the Bank, requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be sent to the following email address: service@bankasia.com.


11. ENQUIRIES
11.1 For additional enquiries in respect of this Policy, please contact the Customer Service at the following email address: service@bankasia.com