Personal Data Policy Statement
The Personal Data Policy Statement for Bank of Asia (BVI) Limited (the "Policy")
(Effective as of 18 September 2017)
Terms not defined here have the same meaning as in the Terms and Conditions for the Bank of Asia (BVI) Limited Online User Agreement, (Effective as of 18 September 2017) (the "Terms and Conditions")
The words "you" and "your" refer to any holder of the accounts maintained with us and including one or more individuals, sole proprietorships, partnerships, corporations and unincorporated associations or bodies.
The words "we" and "us" refer to Bank of Asia (BVI) Limited (the "Bank" or "BoA").
"Affiliate" means any person or entity who directly or indirectly through one or more intermediates controls, is controlled by, or is under common control with, the relevant party or in relation to a body corporate, any subsidiary, subsidiary undertaking or holding company of such body corporate, and any subsidiary or subsidiary undertaking of any such holding company for the time being."
"Personal Data" refers to any data or information about you which can be identified either (a) from that data; or (b) from that data and other information to which the Bank have or are likely to have access.
2. OBJECTIVES AND RELATIONSHIP TO THE TERMS AND CONDITIONS
2.1 Your privacy is important to the Bank. This Policy outlines how your Personal Data is managed. This Policy sets out (1) the Bank's purposes of data collection, (2) the controls the Bank employs for protection of Personal Data, (3) the classes of persons the Bank can transfer Personal Data to, and (4) your access and correction rights in relation to Personal Data and other related or relevant data.
2.2 You agree and consent to the Bank as well as its respective agents, authorised service providers and relevant third parties collecting, using, disclosing and/or sharing your Personal Data in the manner set forth in this Policy. This Policy is a supplement to but does not supersede nor replace any other consents which you may provide to the Bank nor does it affect any rights that the Bank may have at law in connection with the collection, use and/or disclosure of Personal Data.
2.3 The Bank may from time to time update this Policy to ensure it is consistent with the Bank's future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, the prevailing terms of the Policy shall apply.
2.4 This Policy forms a part of the Terms and Conditions governing your relationship with the Bank and should be read in conjunction with such terms and conditions. In the event of any conflict or inconsistency between the provisions of this Policy and the terms and conditions, the provisions of the Terms and Conditions shall prevail.
3. PERSONAL DATA
3.1 It is necessary, from time to time, for you to supply the Bank with Personal Data in connection with (a) the opening or continuation of accounts, (b) the establishment or continuation of banking and or credit facilities (c) or the provision of banking and or financial services.
3.2 Failure by you to provide such Personal Data may result in the Bank being unable to process accounts or financial services as set out at clause 3.1 above and in more detail in the Terms and Conditions.
3.3 It is also the case that data are collected from you in the ordinary course of the continuation of the banking or financial relationship, for example, when you transfer fund, deposit money, effect transactions through cards or discusses /arrange banking / credit facilities for yourself or for any third party.
3.4 In this Policy, examples of Personal Data include, but are not limited to, the following:
- Your name, passport or other identification number, telephone number(s), mailing address, email address and any other information relating to the information provided to the Bank in any forms that have been submitted, or in other forms of interaction;
- Information about your use of Bank 's website and services, including cookies, IP address, policy and claims history information;
- Employment history, education background, and income levels;
- Transaction related information, such as bank account details or credit card information, along with credit history; and
- Information regarding the usage of and interaction with the Bank's website and/or services including computer and connection information, device capability, bandwidth, statistics on page views, and traffic to and from the website.
4. Purposes for the Collection, Use and Disclosure of Personal Data
4.1 The purposes for which Personal Data may be used by the Bank are as, but not necessarily limited to, the following:
- Evaluating and providing advice and/or recommendations to you regarding the type of products and services;
- Assessing and processing any applications or requests made by you for products and services offered by the Bank;
- Communicating with you to inform of changes and updates to policies, terms and conditions and other administrative information, including without limitation for the purposes of servicing you in relation to products and services offered;
- Administering, maintaining, managing and operating the products and services offered to the you, including government-driven schemes;
- Processing and administering benefits or entitlements in connection with the Bank's services which have been applied for, including the administration of loyalty and rewards programs;
- Verification of your identity for the purpose of providing you with the Bank's Services;
- Responding to your queries and requests and handling complaints;
- Providing you with personalised service;
- Conducting market research for statistical profiling and other purposes to understand and determine your preferences and demographics in order for the Bank to review, develop and improve the products and services which are being provided to you (including without limitation to ensure that the products and services offered are relevant to you);
- Conducting financial reporting and analysis related to the Bank's business operations;
- Managing infrastructure and business operations and complying with internal policies and procedures;
- Archival of documents and records in both electronic and physical form for record keeping purposes;
- Maintaining records of your instructions, whether through phone recordings, hard copy documents, soft copy documents or instructions given via electronic or other means;
- Conducting credit checks and ensuring your ongoing creditworthiness, and the collection of amounts outstanding from you and any person providing security or guarantees for your obligations;
- Determining the amount of indebtedness owed to or by you;
- Facilitating business asset transactions (which may extend to any merger, acquisition or asset sale);
- Facilitating the verification and checks of your Personal Data in order to provide you with the Bank's products and services which have been requested;
- Preventing, detecting and investigating crime, including fraud and any form of financial crime, and analysing and managing other commercial risks;
- Compliance with any applicable local or foreign statute, rule, law, regulation, judgment, decree, directive, code of practice, guideline, administrative requirement, sanctions regime, court order, agreement between the Bank and an authority, agreement or treaty between authorities, international guidance and internal policies or procedures, which may apply to the Bank or which any such company is subject to, or to assist in or with law enforcement and investigations by any authority or to comply with any request from an authority; and
- Subject to applicable law, or any other purpose set out in the Terms and Conditions.
4.2 You are responsible for ensuring that all Personal Data submitted to the Bank is complete, accurate, true and correct. Failure to do so may result in the inability of the Bank to provide you with products and services that have been requested. Where Personal Data is submitted by you on behalf of another individual or another individual other than you (or, in the case of situations where a representative of a company or organisation, is submitting the Personal Data of individuals as part of the disclosures by the company or organisation to the Bank) represents and warrants to the Bank that all the necessary consents have been obtained from the relevant individuals and that you has retained proof of these consents, such proof is to be provided upon the Bank's request.
5. Collection of Personal Data
5.1 Generally, the Bank collects Personal Data from you in the, but not necessarily limited to the, following ways:
- When you have registered a new account with the Bank;
- When a website has been accessed or when performing an online transaction;
- When interacting with any of the Bank employees;
- When an application has been submitted to purchase products or use services from the Bank;
- When the you respond to a request for additional Personal Data;
- When you ask to be included in an email or other mailing list;
- When you request to be contacted;
- When you respond to initiatives or promotions given by the Bank; and
- When Personal Data has been submitted to the Bank for any other reason.
6. Types of Personal Data Held
6.1 There are two main categories of Personal Data held in the Bank. They comprise Personal Data contained in the following:
- Client Records
These are necessary for you to supply to the Bank from time to time in connection with matters such as:
- The opening or operation of accounts;
- The establishment or maintenance of facilities; and
- The establishment or operation or provision of products or services offered by or through the Bank (which include banking, cards, financial, fiduciary, securities and/or investments products and services as well as products and services relating to these); (collectively, facilities, products and services); and/or the receipt of supplies and services to the Bank.
- Personnel Records
This includes but is not limited to curriculum vitaes; application forms; references; appraisal and disciplinary records; salary, pension and benefits details; results of medical, security and financial checks; sickness records; personal contact details; bank account and tax details of employees (including potential employees, as applicable).
7. Retention of Personal Data
7.1 Personal Data provided by you and employees is retained for as long as the purposes for which such data were collected continue. As a general rule the minimum retention period is 7 years.
8. Sharing and/or Transfer of Personal Data
8.1 Sharing and/or of Personal Data with third parties not known to the Bank, such as vendors or suppliers, who lack appropriate security safeguards or restrictions on information use is prohibited.
8.2 Personal Data is kept confidential but, subject to the provisions of any applicable law, may be provided to:
- Any of the Bank's Affiliates, any person associated with the Bank, any reinsurance company, claims investigation company, your broker, industry association or federation, fund management company or financial institution;
- The Bank for any of the purposes and for the following additional bank related purposes: ensuring ongoing credit worthiness of you, creating and maintaining credit and risk related models, providing the Personal Data to credit reference agencies for the purposes of conducting credit checks and other directly related purposes, determining the amount of indebtedness owed to or by you and collection of amounts outstanding from you and those providing security for your obligations;
- Any person (including private investigators) in connection with any claims made by or against or otherwise involving you in respect of any products/services provided by the Bank and/or its Affiliates;
- Any agent, contractor or third party who provides administrative, technology or other services (including direct marketing services) to the Bank and/or its Affiliates in the specific countries or elsewhere and who has a duty of confidentiality to the same;
- Credit reference agencies or, in the event of default, debt collection agencies;
- Any actual or proposed assignee, transferee, participant or sub-participant of the Bank's rights or business; and
- Any government department or other appropriate governmental or regulatory authority.
9. Use and Provision of Personal Data in Direct Marketing
9.1 The Bank may:
- Use your name, contact details, products and services portfolio information, transaction pattern and behavior, financial background and demographic data held by the Bank from time to time for direct marketing; and
- Conduct direct marketing (including but not limited to providing reward, loyalty or privileges programmes) in relation to the following classes of products and services that the Bank, its Affiliates, co-branding partners and business partners may offer:
- Insurance, banking, provident fund or scheme, financial services, securities and related products and services;
- Products and services on health, wellness and medical, food and beverage, sporting activities and membership, entertainment, spa and similar relaxation activities, travel and transportation, household; and
- Apparel, education, social networking, media and high-end consumer products.
9.2 The above products and services may be provided by the Bank and/or:
- Any of the Bank's Affiliates;
- Third party financial institutions;
- Business partners or co-branding partners of the Bank and/or Affiliates providing the products and services set out above; and
- Third party reward, loyalty or privileges programme providers supporting the Bank or any of the above listed entities.
9.3 The Bank may at its own discretion seek your written consent before using Personal Data for the purposes and providing to the transferees set out above at paragraph 8.2.
9.4 The Bank may at its own discretion seek your written consent, and after having obtained such written consent, may use and provide Personal Data for any promotional or marketing purpose.
9.5 If the Bank seeks your consent, you may withdraw your consent to the use and provision of Personal Data for direct marketing.
10. YOUR RIGHTS TO ACCESS YOUR DATA
10.1 Under and in accordance with the terms of this Policy and any supplemental information to this Policy the Bank may publish on its website, you have the right:
- to check whether the Bank holds data about you and access to such data;
- to require the Bank to correct any data relating to you which is inaccurate;
- to ascertain the Bank's policies and practices in relation to data and to be informed of the kind of Personal Data held by the Bank;
- to request to be informed which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency, as the case may be; and
- in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Bank to a credit reference agency, to instruct the Bank, upon termination of an account by full repayment, to make a request to the credit reference agency to delete such data from its database.
10.2 Your Personal Data and other related or relevant data may be processed, kept, transferred or disclosed in and to any country as the Bank or any person who has obtained such data from the Bank considers appropriate. Such data may also be processed, kept, transferred or disclosed in accordance with the local practices and laws, rules and regulations (including any governmental acts and orders) in such country.
10.3 The Bank has the right to charge a reasonable fee for the processing of any data access request.
10.4 In relation to the Bank, requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be sent to the following email address: email@example.com.
11.1 For additional enquiries in respect of this Policy, please contact the Customer Service at the following email address: firstname.lastname@example.org