This Statement explains why the Bank collects your personal data, how the Bank uses and handles your personal data, and other matters relating to your personal data or the Personal Data (Privacy) Ordinance, Cap. 486 Laws of Hong Kong (Ordinance).

    Collection of personal data

  1. The Bank may collect your personal data and the personal data of other individuals connected with you from time to time. If you do not supply the personal data, the Bank may be unable to open or continue accounts for you or provide or continue to provide services to you.
  2. The Bank may also compile further personal data about you and the other individuals during the continuation of the banking relationship.
  3. Types of personal data

  4. The personal data collected and compiled by the Bank usually includes full name, identity card number, date of birth, biometric data, address, contact details and information relating to accounts and transactions.
  5. Use of personal data

  6. The Bank may use the personal data for one or more of the following purposes from time to time:
    1. assessing and processing your applications or requests for accounts, services, products or activities;
    2. providing, maintaining and managing the accounts, services, products and activities provided by the Bank, and enabling you to use and operate them;
    3. establishing and verifying identity as required or appropriate from time to time;
    4. conducting ongoing assessment on whether it is appropriate for the Bank to provide or continue to provide accounts, services, products and activities to you;
    5. conducting credit checks at the time of application for credit and at the time of regular or special reviews which normally takes place one or more times each year;
    6. creating and maintaining the Bank’s credit scoring and risk management models;
    7. creating and maintaining credit history and records about you and the other individuals;
    8. assisting other financial institutions to conduct credit checks, if requested by you or if required or permitted by regulatory requirements or industry practices;
    9. assessing and ensuring your ongoing credit worthiness;
    10. designing financial services or related products for you or for the Bank's customers generally;
    11. marketing services, products and other subjects (please see further details in paragraph (7) below);
    12. determining amounts owed to or by you, and enforcing the Bank's rights and powers in connection with the accounts, services, products or activities provided by the Bank to you, including recovering any amount payable to the Bank;
    13. complying with the obligations, requirements or arrangements for disclosing and using personal data that apply to the Bank or that the Bank is expected to comply according to:
    14.                         (1)        any law in or outside Hong Kong, whether existing currently or in the future, including the laws relating to the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions or other unlawful activities, and/or acts or attempts to circumvent or violate these laws (Crime-countering Matters) (e.g. the Hong Kong Inland Revenue Ordinance requiring automatic exchange of financial account information amongst tax authorities in Hong Kong and overseas);

                              (2)        any guideline, direction, demand or request issued by any local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, self-regulatory or industry bodies of financial institutions, or stock exchanges (Authorities and Organisations), whether existing currently or in the future, including those relating to any law or Crime-countering Matters (e.g. guideline issued by the Hong Kong Inland Revenue Department on automatic exchange of financial account information);

                              (3)        any present or future contractual or other commitment with any of the Authorities and Organisations  that is assumed by or imposed on the Bank by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant Authority or Organisation;

    15. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing personal data and information within the group of the Bank and/or any other use of personal data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
    16. enabling an actual or proposed assignee of the Bank, or participant or sub-participant of the Bank's rights in respect of you to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
    17. comparing or matching personal data, whether or not for the purpose of taking adverse action against you; and
    18. purposes relating thereto.
  7. Disclosure of personal data

  8. Personal data held by the Bank will be kept confidential but the Bank may provide the personal data to the following persons from time to time for the purposes set out in paragraph 4 above:
    1. any agent, contractor or third party service provider who provides services or technology to the Bank in connection with the Bank's business and operation, including administrative, telecommunications, data processing, computer, electronic, digital or mobile services or technology, payment services or technology, handling and processing disputes and investigation relating to transactions or card schemes, telemarketing or direct sales, customer service centre, or other services or technology to the Bank in connection with the operation of its business;
    2. any other person under a duty of confidentiality to the Bank including a group company of the Bank which has undertaken to keep the personal data confidential;
    3. any other financial institution or any other person who needs to be provided with the personal data in order for the Bank to provide or for you to use the accounts, services, products and activities;
    4. credit reference agencies, and in the event of default, to debt collection agencies;
    5. any person to whom the Bank is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to the Bank, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any Authorities and Organisations with which the Bank are expected to comply, or any disclosure pursuant to any contractual or other commitment of the Bank with any Authorities and Organisations, all of which may be within or outside Hong Kong and may be existing currently and in the future;
    6. any actual or proposed assignee of the Bank or participant or sub-participant or transferee of the Bank's rights in respect of you; and
    7. (1) the Bank's group companies;
      (2) third party financial institutions and providers or operators of card schemes, payment systems or payment network;
      (3) third party reward, loyalty, co-branding and privileges programme providers;
      (4) co-branding partners of the Bank and the Bank’s group companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
      (5) charitable or non-profit making organisations.
  9. Your personal data may be transferred to a place outside Hong Kong.
  10. Use of personal data in direct marketing

  11. The Bank intends to use your personal data in direct marketing and the Bank requires your consent for that purpose.  In this connection, please note that:
    1. your name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data held by the Bank from time to timemay be used by the Bank in direct marketing;
    2. the following classes of services, products and subjects may be marketed:
    3. (1)       financial, insurance, cards (including credit card, debit card, payment card and stored value card), banking and related services and products;
      (2)        reward, loyalty or privileges programmes and related services and products;
      (3)        services and products offered by the Bank's co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
      (4)        donations and contributions for charitable and/or non-profit making purposes;

    4. the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Bank and/or:
    5.                        
      (1)        the Bank's group companies;
      (2)        third party financial institutions, insurers, card companies, securities and investment services providers;
      (3)        third party reward, loyalty, co-branding or privileges programme providers;
      (4)        co-branding partners of the Bank and the Bank's group companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
      (5)        charitable or non-profit making organisations;

    6. in addition to marketing the above services, products and subjects itself, the Bank also intends to provide the personal data described in paragraph (7)(a) above to all or any of the persons described in paragraph (7)(c) above for use by them in marketing those services, products and subjects, and the Bank requires your written consent for that purpose; and
    7. the Bank may receive money or other property in return for providing the personal data to the other persons in paragraph (7)(d) above and, when requesting your consent as described in paragraph (7)(d) above, the Bank will inform you if it will receive any money or other property in return for providing the personal data to the other persons.
  12. If you do not wish the Bank to use or provide to other persons your personal data for use in direct marketing as described above, you may exercise your opt-out right by notifying the Bank.

    Code of Practice on Consumer Credit Data

  13. Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data, you have the right:
    1. to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
    2. in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Bank to a credit reference agency, to instruct the Bank, upon termination of the account by full repayment, to make a request to the credit reference agency to delete such account data from its database, as long as the instruction is given within five years of termination and at no time was thereany default of payment in relation to the account, lasting in excess of 60 days within five years immediately before account termination. "Account repayment data" include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by the Bank to a credit reference agency), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).
  14. In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data (as defined in paragraph (8)(b) above) may be retained by the credit reference agency until the expiry of five years from the date of final settlement of the amount in default.
  15. In the event any amount in an account is written-off due to a bankruptcy order being made against you, the account repayment data (as defined in paragraph (8)(b) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until the expiry of five years from the date of final settlement of the amount in default or the expiry of five years from the date of discharge from a bankruptcy as notified by you with evidence to the credit reference agency, whichever is earlier.
  16. The Bank may have obtained a credit report on you from a credit reference agency in considering any application for credit.  In the event you wish to access the credit report, the Bank will advise you of the contact details of the relevant credit reference agency.  
  17. Your right of access and correction of your personal data

  18. You have the right:
    1. to check whether the Bank holds your personal data and to access your personal data held by the Bank;
    2. to require the Bank to correct any of your personal data which is inaccurate; and
    3. to ascertain the Bank's policies and practices in relation to personal data and to be informed of the kind of personal data held by the Bank.
  19. In order to enable the Bank to process any data access or data correction request, you will have to provide information to verify your identity and your right to access or correct the personal data. The Bank may charge a fee for processing a data access request which must not be excessive.
  20. Please address your data access and data correction requests or requests for information about the Bank's personal data policies and practices to the Bank's [Data Protection Officer] as follows:

    The Data Protection Officer
    Ping An OneConnect Bank (Hong Kong) Limited
    Room 1903-04, 19/F, NEO,
    No.123 Hoi Bun Road,
    Kwun Tong, Kowloon,
    Hong Kong.
  21. The Bank's privacy policy

  22. The Bank's privacy policy sets out its security policy and practices in handling personal data, including the Bank's policy in using "cookies". You may read the privacy policy which is available here.
  23. Nothing in this Statement shall limit your rights under the Ordinance.
  24. If there is any inconsistency between the English version and Chinese version of this Statement, the English version shall prevail.