Hang Seng Bank (China) Limited ("Hang Seng", "the Bank", "we" or "us") take personal information confidentiality and security very seriously, and strive at all times to protect our customers’ and related parties’ personal information and privacy when we provide our good services with you. We therefore formulate this Personal Information and Privacy Protection Policy (this “Policy”). Please be advised to read this Policy carefully to fully understand methods, and scope of personal information we collect and use, Hang Seng’s practices regarding personal information and privacy protection before you use our products and services.
The table of content of this Policy is set out as below:
I. Personal Information and Privacy Protection Policy Overview – How We Protect Your Personal Information
II. How We Collect Your Personal Information
IV. How We Use or Disclose Your Personal Information
V. Your Rights Relating to Personal Information
VI. How We Handle Minors’ Personal Information
VII. Update of this Policy
VIII. How to Contact Us
If you have any query, comment or suggestion, please contact us. You may contact us by calling the Bank’s hotline or visiting the Bank’s branches or sub-branches.
This Policy shall apply to your and related parties’ personal information that may be involved when you visit, browse, use any website or mobile device application of the Bank (including but not limited to mobile banking application, WeChat official account application and etc.), apply for or use any product, device or service of the Bank, handle any business at the Bank or make any transaction with the Bank, participate in any marketing events and surveys of the Bank, apply for any position at the Bank, and/or in any way contact or correspond with the Bank, no matter the information is provided by yourself or by the related parties, or collected or acquired by the Bank from other sources according to law, regulation, regulatory provision, or based on your or related parties’ authorisation or consent. The Bank may collect, verify, store, use, process, disclose, transfer, protect your and related parties’ personal information in accordance with this Policy and other terms and conditions otherwise agreed between you and the Bank. If there is any discrepancy between this Policy and the other terms and conditions agreed between you and the Bank, such other terms and conditions shall prevail.?
I. Personal Information and Privacy Protection Policy Overview – How We Protect Your Personal Information
To preserve the confidentiality, security and privacy of all personal information you provide to us, we follow the principle of reasonableness, legitimacy and rightfulness, and maintain the following policies to protect personal information and privacy:
1. We only collect personal information that we believe to be relevant and required for us to comply with law, regulation and regulatory provision, understand your needs, build up, review, maintain and develop our relationship with you, provide you with products and services, and continuously improve our products and services.
2. We use your personal information with the aim to comply with law, regulation and regulatory provision, provide you with better products and services, and build up, review, maintain and develop our relationship with you.
3. We may for specific purposes provide your personal information to other members of the HSBC Group, our agents or other third parties, as permitted by law.
4. We will not disclose your personal information to any third party, unless the disclosure is made to comply with law, regulation and regulatory provision or in accordance with this Policy or other agreement between you and the Bank.
5. We may be required from time to time to disclose your personal information to our regulators, other governmental or judicial bodies or agencies, but we will only do so following the requirement of law and regulation, our regulators or other authorities and to the extent that we deem necessary.
6. We aim to keep your personal information on our records accurate and up-to-date.
7. We maintain strict security systems designed to prevent unauthorised access to your personal information by anyone.
8. All members of the HSBC Group, all our staff and all third parties with permitted access to your personal information are specifically required or legally responsible to observe our confidentiality obligations.
By maintaining our commitment to these policies, we will ensure that we respect the inherent trust that you place in us.
1. Information security is our top priority. We will endeavour at all times to safeguard your personal information against unauthorised or accidental access, processing or erasure. We maintain this commitment to information security by implementing appropriate physical, electronic and managerial measures to secure your personal information.
2. We will strictly comply with the requirements of “Measures for the Administration of Electronic Banking” to keep the personal information provided by the users and customers of the Bank’s website and e-banking confidential and store such personal information securely. To enable you to use the Bank’s website and e-banking safely, we will provide the bank level information protection. The Bank’s website will be accessed to by using encryption mode (such as HTTPs and TLS) and the transfer and encryption of the relevant data should be conducted under the Bank’s security standard so as to satisfy the bank level security requirements.
3. We have a dedicated team for business management, technology support and security protection to operate and manage the Bank’s website and e-banking services. The team has clear and specific responsibilities for information security and the team leader will ensure these responsibilities to be performed. In addition, the Bank also sets up a series of management mechanism for system access, data privacy and security safeguard.
4. The servers of the Bank’s website and e-banking services are deployed in the unified data center of our Group. We effectively prevent network attacks by properly setting up and using the firewall and antivirus applications within a highly secured environment. In addition, we catch all abnormal status through real-time monitoring system, such as low disk space, IP attack etc., which will trigger system alerts to administers and security team by SMS and emails to ensure the fast response.
5. We exercise strict management over our staff members who may have access to your personal information, including but not limited to access control applied to different positions, contractual obligation of confidentiality agreed with relevant staff members, formulation and implementation of information security related policies and procedures, and related training offered to staff. When we use services provided by external service providers (entities or individuals), we also impose strict confidentiality obligations on them and request them to abide by our security standards when processing personal information.
6. For the security of your personal information, you take on the same responsibility as us. You shall keep your personal information secret and confidential, such as your account information, identity verification information (e.g. user name, password, dynamic password, verification code, etc.), and all the documents, materials, devices or other media that may contain or record or otherwise relate to such information, and shall ensure your personal information and relevant documents, materials, devices or other media are used only in a secured environment. You shall not, at any time, disclose to any other person or allow any other person to use such information and relevant documents, materials, devices or other media. Once you think your personal information and/or relevant documents, materials, devices or other media have been disclosed, lost or stolen and may so endanger the relation between you and the Bank or cause your bank account being used for any unauthorised transaction, you shall notify us immediately so that we may take appropriate measures to prevent further loss from occurring.
7. If unfortunately personal information security incident occurs, we will adopt emergency plan and take relevant actions and remediation measures to mitigate the severity and losses in connection therewith. Meanwhile, we will report such personal information security incident and our actions in accordance with law, regulation and regulatory provision.
8. We will comply with all statutory and regulatory requirements concerning the retention of identifiable personal information. We will retain your personal information for the period necessary for the purposes set out in this Policy or other agreement between you and the Bank, unless a longer retention period is required or permitted by law, regulation or regulatory provision.
II. How We Collect Your Personal Information
1. As required for us to provide you with various products and services and continuously improve our products and services, or in order to contact or communicate with you, understand your needs, build up, review, maintain and develop our relationship with you, or for the purpose to comply with law, regulation and regulatory provision, during the time when you visit, browse, use any website or mobile device application of the Bank, apply for or use any product, device or service of the Bank, handle any business at the Bank or make any transaction with the Bank, participate in any marketing events and surveys of the Bank, apply for any position at the Bank, and/or in any way contact or correspond with the Bank, the Bank may receive and keep the personal information provided by yourself or by related parties, or, according to law, regulation, regulatory provision, your authorisation or consent, collect, enquire, verify by proper methods your and/or related parties’ personal information from/with members of the HSBC Group or other third parties (including but not limited to credit reference agencies, information service providers, relevant authorities, employers, counterparties, other relevant entities, joint applicants, contact persons, close relatives and other persons).
The personal information we so collect may include information in paper, electronic (for example but not limited to information collected through any of the Bank’s self-service machine, website, e-banking, Mobile Banking, and other mobile devices applications, email, text message or Phone Banking) or any other forms.
2. For above various purposes, the Bank may collect necessary personal information according to this Policy and other agreement between you and the Bank. Personal information the Bank may collect mainly includes:
(1) Personal identity information, including name, sex, nationality, citizenship, registered residence (Hu Kou), ethnic, type/number/validity period of ID certificate, occupation, education, diploma, working experience, telephone number, e-mail, contact information, age, birth date, place of birth, marital status, health status, family status, place of residence, work address, photo, social security information, personal virtual identity and authentication information (e.g. e-banking account information), etc.;
(2) Personal property information, including personal income, real property, movable property (e.g. vehicle, financial assets, etc.), indebtedness, investment, tax-paid amount, tax residence, taxpayer identification number, amount paid for the provident fund, etc.;
(3) Personal biometrics information, such as signature, handwriting, portrait, fingerprint, voice, iris, face recognition information, etc.;
(4) Personal account information, including account number, time of account opening, institution with which the account is opened, account balance, account transaction information, etc.;
(5) Personal credit information, including credit card, loan and other credit transaction information and any other information about personal credit status;
(6) Personal financial transaction information, including personal information acquired, kept, recorded during any payment, settlement, wealth management, safe deposit box or other banking business, personal information generated from transactions made through banks with any third party institution like insurance company, securities company, fund house, futures company or payment agency, and etc.;
(7) Derivative information, including consumption habit, product/service/internet use habit, transaction or risk preference, risk appetite, investment intention, investment goal, knowledge and experience, and other information about particular person’s situation derived from processing and analysis of raw data;
(8) Any other personal information acquired or kept during the establishment or maintenance of business or other relationship with individuals, e.g. time/location (including geographic location and network address) of service use, log information related to browse/use/clicking/operation of website/software/application, image and video record, audio record, correspondence record and contents, device identifier and code, hardware type and serial number, operating system version, etc..
3. To the extent allowed by law and regulation, we may collect and use your personal information, without your consent under any of the following circumstances:
(1) where the collection and use are in direct relation to state security or national defense security;
(2) where the collection and use are in direct relation to the public security, public sanitation, or major public benefits;
(3) where the collection and use are in direct relation to investigations into crimes, prosecutions, court trials, execution of rulings, etc.;
(4) where the collection and use are for the sake of safeguarding your or other’s significant legal rights and interests, such as the life and property, but it is difficult to obtain your consent;
(5) where the personal information collected is the information voluntarily disclosed by you to the public;
(6) where the personal information is collected from information that has been legally and publicly disclosed, such as legal news reports and information published by the government;
(7) where the collection and use are necessary for concluding and performing contracts as required by you;
(8) Other circumstances specified by law and regulation.
4. When you use the functions or services on our digital banking services, under some specific circumstances, we will use software development kit (“SDK”) provided by third party service provider to serve you or Relevant Customers. For the purpose of providing the services, SDK of third party service providers will correspondingly collect the following information:
SDK of third party service provider
Scope, function and purpose of information collection
In order to count and analyze the performance of digital banking services, we will use AppDynamics SDK to obtain your mobile phone IP, device manufacturer, mobile phone model, network type and visit period.
In order to count page view volume and analyze user’s behaviors, we will use Tealium SDK to obtain your mobile phone IP, device manufacturer, mobile phone model, network type and browser type.
If you do not agree the above information to be collected by SDK of third party service provider, you or Relevant Customers may not be able to use or enjoy relevant services or functions, but use of other functions in our digital banking services will not be adversely affected.
1. Your visit, browse, use of any website or mobile device application of the Bank may be recorded for analysis on the number of visitors to the site and general usage patterns. Some of this information will be gathered through the use of “Cookies”. Cookies can enable us to provide safer and more useful features for website or application users. ?The information collected by “Cookies” is anonymous aggregated research data, and contains no name or address information or any information that will enable anyone to contact you via telephone, email or any other means. Most browsers and/or applications are initially set to accept Cookies. You can manage or delete Cookies as per your preference. Should you wish to disable Cookies, you may do so by changing the setting on your browser and/or application. However, by disabling them, you may not be able to take full advantage of our website and/or application.
2. The website and/or application may also work with third parties to research certain usage and other activities on the website and/or application. These third parties include without limitation to Adobe, etc. They use technologies such as "Cookies" etc. to collect information for such research. They use the information collected through such technologies (i) to find out more about users, including user demographics and behaviour and usage patterns, (ii) for more accurate reporting and (iii) to improve the effectiveness of our marketing. They aggregate the information collected and then share it with us. No personally identifiable information about you is collected or shared by Adobe with us as a result of this research. Should you wish to disable the Cookies associated with these technologies, you may do so by changing the setting on your browser and/or application. However, after changing the setting you may not be able to enter certain part(s) of our website and/or application.
However, after changing the setting you may not be able to enter certain part(s) of our website and/or application.
IV. How We Use or Disclose Your Personal Information
1. Use of Personal Information
Your personal information and data collected by the Bank may be used for the following purposes (or any of them, depending on the nature of your relationship with the Bank):
(1) to provide you with products or services, to identify or verify your identity, to approve, manage, handle, execute or effect transactions requested or authorised by you;
(2) to comply with any Applicable Laws (“Applicable Laws” refer to any applicable local or foreign statute, law, regulation, ordinance, rule, judgment, decree, voluntary code, directive, sanctions regime, court order applicable to any member of the HSBC Group, agreement between any member of the HSBC Group and an authority, or agreement or treaty between authorities and applicable to the Bank or a member of the HSBC Group) and any order or requirement from any authority;
(3) to perform the Bank and/or the HSBC Group’s compliance obligations (including regulatory compliance, tax compliance and/or compliance with any Applicable Laws or requirement of any authority), or to implement any policy or procedure made by the Bank and/or the HSBC Group for performance of their compliance obligations;
(4) to detect, investigate and prevent any real, suspected or potential financial crime (including money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions, and/or violations, or acts or attempts to circumvent or violate any Applicable Laws relating to these matters) and to manage financial crime risk;
(5) to collect any amounts due from any debtor;
(6) to conduct credit or credit reference checks, to verify, obtain or provide credit references or credit information;
(7) to enforce or defend the Bank or any member of the HSBC Group’s rights, or to perform the Bank or any member of the HSBC Group’s obligations (whether statutory obligations or contractual obligations, including but not limited to the Bank’s obligations under any agreement entered into with any real or potential business and/or asset assignee, business partner or transaction participator);
(8) as required by or to fulfil the Bank or the HSBC Group’s internal operational requirements (including for credit and risk management, data statistics, analysis, processing and handling, system, service and product design, research, development and improvement, planning, insurance, audit and administrative purposes);
(9) to contact or communicate with you, understand your needs, build up, review, maintain and develop the Bank’s or any member of the HSBC Group’s overall relationship with you (including to market or promote relevant products or services to you, to assess your interests in relevant products or services, to conduct market research or survey or satisfaction survey, to review, approve or handle your application for any position at the Bank, etc.),
(10) to obtain or utilize administrative, consultancy, telecommunications, computer, payment, data storage, processing, outsourcing and/or other products or services.
2. Disclosure of Personal Information
For the purposes set out above, the Bank may provide or disclosure your personal information to the following recipients (the recipients may also, for the aforesaid purposes, use, process and further disclose the information they receive):
(1) any member of the HSBC Group;
(2) any contractor, subcontractor, agent, third party product or service provider, licensor, professional consultant, business partner, or associated person of the HSBC Group (including their employees, directors and officers);
(3) any regulator or other authority of the Bank or any member of the HSBC Group, or any organisation or individual designated by such regulators or authorities;
(4) anyone acting on your behalf, payment recipients, beneficiaries, account nominees, intermediary, correspondent and agent banks (e.g. for CHAPS, BACS, SWIFT), clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories, stock exchanges, companies in which you have an interest in securities (where such securities are held by the Bank for you), or anyone making any payment to you;
(5) any person or related party who has the right or obligation, acquires an interest or assumes risk, in or in connection with any product or service you receive from the Bank, or any business you handle at the Bank or any transaction you make with the Bank (for example, the person who provides or intends to provide any mortgage or other security for any of your debt to the Bank);
(6) other financial institutions, industrial associations, bank card organisations, credit reference agencies or credit bureaus (including without limitation the People’s Bank of China’s credit information database), information service providers;
(7) any third party fund manager providing you with asset management services;
(8) any broker that provides referral, agency or intermediary service to the Bank, or any third party to whom the Bank provides referral, agency or intermediary service;
(9) any party in connection with any business/asset transfer, restructure, disposal (including securitization), merger, spin-off or acquisition transactions of the Bank;
(10) any person to whom the Bank or any member of the HSBC Group is under an obligation or otherwise required to make disclosure for the aforesaid purposes.
Such provision or disclosure may involve cross border transmission of personal information, including information being transmitted to or being accessed by jurisdictions which do not have data protection laws that provide the same level of protection as the jurisdiction in which the Bank is located. Whether it is processed in a home jurisdiction or overseas, in accordance with applicable data protection legislation, your personal information will be protected by a strict code of secrecy and security which all members of the HSBC Group, their staff and third parties are subject to.
V. Your Rights Relating to Personal Information
1. You have the right to request us to protect and secure your personal information in accordance with the provisions of the law, regulation and this Policy.
2. You have the right to check with the Bank whether the Bank holds your personal information and to check the personal information you have provided to the Bank.
3. You have the right to check with the Bank for the Bank’s policies on personal information and privacy protection. When you have any query about this Policy, you have the right to seek explanation/interpretation from the Bank to help you understand our practices regarding personal information and privacy protection and their possible consequence, and understand your rights and interests under this Policy in relation to personal information and privacy.
4. You have the right and obligation to update your personal information at the Bank to ensure all information be accurate and up-to-date. You have the right to require the Bank to provide convenience for you to update your personal information at the Bank and to correct any of your information that is inaccurate.
5. In relation to consumer credit, you have the right to request to be informed of your personal information that is disclosed to credit reference agencies by the Bank, so as to enable your request to the relevant credit reference agency for an access to and correction of your information.
6. Requests for access to or correction or deletion of personal information, withdrawal of authorisation when you no longer use our product or service, or closure of account, you may contact us by calling the Bank’s hotline or visiting the Bank’s branches or sub-branches. Upon the receipt of your request, we will reply to you within 15 days or shorter period as prescribed by law and regulation (if any). Normally the Bank will not charge fees for the processing of your above-mentioned reasonable requests related to personal information. Nevertheless, for the frequently repeated and unreasonable requests, the Bank will charge certain fees as the case may be to the extent allowed by the law and regulation.
Due to the requirements of law and regulation, we may not to be able to respond your request under any of the following circumstances:
(1)where the request is in direct relation to state security or national defense security;
(2)where the request is in direct relation to public security, public sanitation, or major public benefits;
(3)where the request is in direct relation to investigations into compliance, regulatory requirements, crimes, prosecutions, court trials, execution of rulings, etc.;
(4)where there is sufficient evidence that you are intentionally malicious or abuses your rights;
(5)where responses to your request will give rise to serious damage to your or any other individual or organization’s legal rights and interests; and
(6)where the request involves any trade secret.
7. You may request us to delete your personal information under the following circumstances:
(1) if our processing of your personal information has violated the laws or regulations;
(2) if we collect or use your personal information without your consent；
(3) if our processing of your personal information has violated the agreement between you and us;
(4) if you no longer use our product or service, or you close your account;
(5) if we no longer provide product or service to you.
8. You have the right to uninstall digital banking services related applications. Please note that to uninstall the applications will not close digital banking service account of Relevant Customers. Such digital banking service account closure shall be proceeded by Relevant Customers. After Relevant Customers close their digital banking service accounts, we will no longer collect your information through relevant channel, and will delete relevant personal information in accordance with the applicable law and regulation, this Policy, and other agreement between you/Relevant Customers and us, except for those we keep according to the applicable laws and regulations, regulatory, archival, accounting, auditing and reporting requirements, agreement between you/Relevant Customers and us, or for settlement of any indebtedness between you/Relevant Customers and us, or for record check or enquiry from you, Relevant Customers, regulators or other authorities.
9. If at any time you would like us to cease using or providing to others your personal information for advertisement promotion purpose, you are entitled to notify the Bank and exercise your right of choice not to receive such advertisement promotion any more. If you so choose to reject advertisement promotion message, you may contact us by calling the Bank’s hotline or visiting the Bank’s branches or sub-branches to raise your request.
11. Nothing in this Policy shall limit the rights you should have as a personal information subject under Chinese law.
10. You may supervise or make suggestions for the Bank’s practices regarding personal information and privacy protection, and to lodge complaints or demand compensation according to law against the Bank or its staff for any infringement of your rights and interests in your personal information and privacy.
VI. How We Handle Minors' Personal Information
1. We understand the importance of protecting the minors’ personal information with extra caution. If you are under 18 years old, it is suggested that your parents or guardians shall carefully read this Policy and you shall submit your personal information only after seeking consent from them. Meanwhile, it is suggested that your use of our product and service is conducted under the guidance of your parents or guardians. If they do not agree you to submit your personal information or to use any product or service of the Bank, you shall immediately stop submitting the information or using the product and service of the Bank. In addition, please notify such event to us as soon as possible, so as to allow us to take effective measures.
2. If you are under 18 years old, for those personal information collected with consent of your parents or guardians, we will only use or disclose such information to the extent allowed by law and regulation or expressly consented by your parents or guardians or necessary for the protection of the interests of minors.
VII. Update of this Policy
This Personal Information and Privacy Protection Policy may be amended or updated from time to time. We will publish such changes at our website and/or relevant applications. Changes to this Policy will not impair or limit the rights you should have as a personal information subject under Chinese law.
VIII. How to contact us
Your query, feedback, suggestion or complaint regarding this personal information and privacy protection policy, should be addressed to:
Hang Seng Bank (China) Limited
34/F & 36/F, Hang Seng Bank Tower, 1000 Lujiazui Ring Road, Pudong, Shanghai, 200120
Tel: +86 400-830-8008
Normally we will reply to you within 15 working days.
1. Where you provide to us personal information about another person, you should ensure that person acknowledges this Policy and, in particular, tell him/her how we may use his/her information. You should remind that person to read this Policy in advance and may also give him/her a copy of this Policy.
2. In case of discrepancy between the Chinese and English versions of this Policy, the Chinese version shall apply and prevail.
3. IMPORTANT reminder: Before you apply for or use any product, device or service of the Bank, handle any business at the Bank, make any transaction or enter into relevant agreement with the Bank, visit, browse, use any website or mobile device application of the Bank, participate in any marketing events and surveys of the Bank, apply for any position at the Bank, and in any way contact or correspond with the Bank, please be advised to read this Policy carefully. You shall understand and agree that the Bank may collect, verify, store, use, process, disclose, transfer and protect your personal information according to this Policy.