This Statement explains why the Bank collects your personal data, how the Bank uses and handles your personal data, and other matters relating to your personal data or the Personal Data (Privacy) Ordinance, Cap. 486 Laws of Hong Kong (Ordinance).

    Collection of personal data

  1. The Bank may collect your personal data and the personal data of other individuals connected with you from time to time. If you do not supply the personal data, the Bank may be unable to open or continue accounts for you or provide or continue to provide services to you.
  2. The Bank may also compile further personal data about you and the other individuals during the continuation of the banking relationship.
  3. Types of personal data

  4. The personal data collected and compiled by the Bank usually includes full name, identity card number, date of birth, biometric data, address, contact details and information relating to accounts and transactions.
  5. Use of personal data

  6. The Bank may use the personal data for one or more of the following purposes from time to time:
    1. assessing and processing your applications or requests for accounts, services, products or activities;
    2. providing, maintaining and managing the accounts, services, products and activities provided by the Bank, and enabling you to use and operate them;
    3. establishing and verifying identity as required or appropriate from time to time;
    4. conducting ongoing assessment on whether it is appropriate for the Bank to provide or continue to provide accounts, services, products and activities to you;
    5. conducting credit checks at the time of application for credit and at the time of regular or special reviews which normally takes place one or more times each year;
    6. creating and maintaining the Bank’s credit scoring and risk management models;
    7. creating and maintaining credit history and records about you and the other individuals;
    8. assisting other financial institutions to conduct credit checks, if requested by you or if required or permitted by regulatory requirements or industry practices;
    9. assessing and ensuring your ongoing credit worthiness;
    10. designing financial services or related products for you or for the Bank's customers generally;
    11. marketing services, products and other subjects (please see further details in paragraph (7) below);
    12. determining amounts owed to or by you, and enforcing the Bank's rights and powers in connection with the accounts, services, products or activities provided by the Bank to you, including recovering any amount payable to the Bank;
    13. complying with the obligations, requirements or arrangements for disclosing and using personal data that apply to the Bank or that the Bank is expected to comply according to:
    14.                         (1)        any law in or outside Hong Kong, whether existing currently or in the future, including the laws relating to the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions or other unlawful activities, and/or acts or attempts to circumvent or violate these laws (Crime-countering Matters) (e.g. the Hong Kong Inland Revenue Ordinance requiring automatic exchange of financial account information amongst tax authorities in Hong Kong and overseas);

                              (2)        any guideline, direction, demand or request issued by any local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, self-regulatory or industry bodies of financial institutions, or stock exchanges (Authorities and Organisations), whether existing currently or in the future, including those relating to any law or Crime-countering Matters (e.g. guideline issued by the Hong Kong Inland Revenue Department on automatic exchange of financial account information);

                              (3)        any present or future contractual or other commitment with any of the Authorities and Organisations  that is assumed by or imposed on the Bank by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant Authority or Organisation;

    15. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing personal data and information within the group of the Bank and/or any other use of personal data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
    16. enabling an actual or proposed assignee of the Bank, or participant or sub-participant of the Bank's rights in respect of you to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
    17. comparing or matching personal data in which:
    18.                         (1)        comparing personal data for credit checking, data verification or otherwise producing or verifying data; or

                              (2)        matching personal data (as defined in the Ordinance), but broadly includes comparison of two or more sets of your data

      for purposes of taking adverse action against you such as declining an application or purposes specifically provided for in any particular service or facility offered by the Bank; and

    19. purposes relating thereto.
  7. Disclosure of personal data

  8. Personal data held by the Bank will be kept confidential but the Bank may provide the personal data to the following persons from time to time for the purposes set out in paragraph 4 above:
    1. any agent, contractor or third party service provider who provides services or technology to the Bank in connection with the Bank's business and operation, including administrative, telecommunications, data processing, computer, electronic, digital or mobile services or technology, payment services or technology, handling and processing disputes and investigation relating to transactions or card schemes, telemarketing or direct sales, customer service centre, or other services or technology to the Bank in connection with the operation of its business;
    2. any other person under a duty of confidentiality to the Bank including a group company of the Bank which has undertaken to keep the personal data confidential;
    3. any other financial institution or any other person who needs to be provided with the personal data in order for the Bank to provide or for you to use the accounts, services, products and activities;
    4. credit reference agencies, and in the event of default, to debt collection agencies;
    5. any person to whom the Bank is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to the Bank, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any Authorities and Organisations with which the Bank are expected to comply, or any disclosure pursuant to any contractual or other commitment of the Bank with any Authorities and Organisations, all of which may be within or outside Hong Kong and may be existing currently and in the future;
    6. any actual or proposed assignee of the Bank or participant or sub-participant or transferee of the Bank's rights in respect of you; and
    7. (1) the Bank's group companies;
      (2) third party financial institutions and providers or operators of card schemes, payment systems or payment network;
      (3) third party reward, loyalty, co-branding and privileges programme providers;
      (4) co-branding partners of the Bank and the Bank’s group companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
      (5) charitable or non-profit making organisations.
  9. Your personal data may be transferred to a place outside Hong Kong.
  10. Use of personal data in direct marketing

  11. The Bank intends to use your personal data in direct marketing and the Bank requires your consent for that purpose.  In this connection, please note that:
    1. your name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data held by the Bank from time to timemay be used by the Bank in direct marketing;
    2. the following classes of services, products and subjects may be marketed:
    3. (1)       financial, insurance, cards (including credit card, debit card, payment card and stored value card), banking and related services and products;
      (2)        reward, loyalty or privileges programmes and related services and products;
      (3)        services and products offered by the Bank's co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
      (4)        donations and contributions for charitable and/or non-profit making purposes;

    4. the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Bank and/or:
    5.                        
      (1)        the Bank's group companies;
      (2)        third party financial institutions, insurers, card companies, securities and investment services providers;
      (3)        third party reward, loyalty, co-branding or privileges programme providers;
      (4)        co-branding partners of the Bank and the Bank's group companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
      (5)        charitable or non-profit making organisations;

    6. in addition to marketing the above services, products and subjects itself, the Bank also intends to provide the personal data described in paragraph (7)(a) above to all or any of the persons described in paragraph (7)(c) above for use by them in marketing those services, products and subjects, and the Bank requires your written consent for that purpose; and
    7. the Bank may receive money or other property in return for providing the personal data to the other persons in paragraph (7)(d) above and, when requesting your consent as described in paragraph (7)(d) above, the Bank will inform you if it will receive any money or other property in return for providing the personal data to the other persons.
  12. If you do not wish the Bank to use or provide to other persons your personal data for use in direct marketing as described above, you may exercise your opt-out right by notifying the Bank.

    Code of Practice on Consumer Credit Data

  13. Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data, you have the right:
    1. to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
    2. in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Bank to a credit reference agency, to instruct the Bank, upon termination of the account by full repayment, to make a request to the credit reference agency to delete such account data from its database, as long as the instruction is given within five years of termination and at no time was thereany default of payment in relation to the account, lasting in excess of 60 days within five years immediately before account termination. "Account repayment data" include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by the Bank to a credit reference agency), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).
  14. In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data (as defined in paragraph (8)(b) above) may be retained by the credit reference agency until the expiry of five years from the date of final settlement of the amount in default.
  15. In the event any amount in an account is written-off due to a bankruptcy order being made against you, the account repayment data (as defined in paragraph (8)(b) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until the expiry of five years from the date of final settlement of the amount in default or the expiry of five years from the date of discharge from a bankruptcy as notified by you with evidence to the credit reference agency, whichever is earlier.
  16. The Bank may have obtained a credit report on you from a credit reference agency in considering any application for credit.  In the event you wish to access the credit report, the Bank will advise you of the contact details of the relevant credit reference agency.  
  17. Your right of access and correction of your personal data

  18. You have the right:
    1. to check whether the Bank holds your personal data and to access your personal data held by the Bank;
    2. to require the Bank to correct any of your personal data which is inaccurate; and
    3. to ascertain the Bank's policies and practices in relation to personal data and to be informed of the kind of personal data held by the Bank.
  19. In order to enable the Bank to process any data access or data correction request, you will have to provide information to verify your identity and your right to access or correct the personal data. The Bank may charge a fee for processing a data access request which must not be excessive.
  20. Please address your data access and data correction requests or requests for information about the Bank's personal data policies and practices to the Bank's [Data Protection Officer] as follows:

    The Data Protection Officer
    Ping An OneConnect Bank (Hong Kong) Limited
    Room 1903-04, 19/F, NEO,
    No.123 Hoi Bun Road,
    Kwun Tong, Kowloon,
    Hong Kong.
  21. The Bank's privacy policy

  22. The Bank's privacy policy sets out its security policy and practices in handling personal data, including the Bank's policy in using "cookies". You may read the privacy policy which is available here.
  23. Nothing in this Statement shall limit your rights under the Ordinance.
  24. If there is any inconsistency between the English version and Chinese version of this Statement, the English version shall prevail.



Privacy Policy

1. Introduction

Ping An OneConnect Bank (Hong Kong) Limited, together with its affiliates (“we”, “the Bank” or “PAOB”) are committed to protecting personal data in accordance with the Hong Kong Personal Data (Privacy) Ordinance (the “PDPO”).

We will only collect, use, transfer or disclose personal data in accordance with the PDPO, our Personal Information Collection Statement (“PICS”) and this Privacy Policy (the “Privacy Policy”).

We may amend this Privacy Policy at any time and for any reason. The updated version will be available on our website at www.paob.com.hk. You should check the Privacy Policy regularly for changes.

In this Privacy Policy, “personal data” means any data:

(a) relating directly or indirectly to a living individual;

(b) from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and

(c) in a form in which access to or processing of the data is practicable.

2. When and what personal data do we collect?

The types of personal data we collect from you will depend on the circumstances in which that information is collected. If the personal data that we request from you is not provided, we may be unable to provide or continue to provide products and services to you.

The personal data collected and compiled by PAOB usually includes your full name, identity card number, date of birth, address, contact details, information relating to bank accounts and transactions, and biometric data.
We may collect personal data about you when you:

  • use our online platform and request for services, product or activities – including your identity and contact details, your biometric data, financial information about you, information about your income and existing investments;
  • apply to open an account with us and use this account, and during the continuation of the bank-customer relationship – including financial information about you, information about your income and existing investments;
  • are a signatory or director or officer or guarantor of a corporation opening an account with us – including your identity and contact details;
  • apply for employment with us – including your identity and contact details, information about your skills and abilities, bank account information for payroll purposes, details regarding family members for medical insurance purposes, information about criminal record and other information relevant to our compliance obligations; or
  • send us correspondence – including your contact details in order to respond to you.

3. What do we use personal data for?

The purposes for which your personal data may be used will depend on the circumstances in which that personal data is collected.

We will inform you of the purposes for which we intend to use your personal data and the classes of persons to whom his data may be transferred (among other things) in the PICS at or before the time we collect your personal data.

Generally, we may use your personal data for:

  • the purpose for which you provided it to us;
  • purposes which are directly related to the purpose for which you provided it to us;
  • any other purposes to which you have consented;
  • complying with any law and regulation binding on us, and any guideline or notice issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations in connection with us and our products and services;
  • complying with the obligations, requirements or arrangements for disclosing and using personal data that apply to the Bank or that the Bank is expected to comply according to:

    (1) any law in or outside Hong Kong, whether existing currently or in the future, including the laws relating to the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions or other unlawful activities, and/or acts or attempts to circumvent or violate these laws ("Crime-countering Matters") (e.g. the Hong Kong Inland Revenue Ordinance requiring automatic exchange of financial account information amongst tax authorities in Hong Kong and overseas);

    (2) any guideline, direction, demand or request issued by any local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, self-regulatory or industry bodies of financial institutions, or stock exchanges ("Authorities and Organisations"), whether existing currently or in the future, including those relating to any law or Crime-countering Matters (e.g. guideline issued by the Hong Kong Inland Revenue Department on automatic exchange of financial account information);

    (3) any present or future contractual or other commitment with any of the Authorities and Organisations that is assumed by or imposed on the Bank by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant Authority or Organisation; and

  • comparing or matching personal data, whether or not for the purpose of taking adverse action against you.

For example, we may use your personal data when you:

  • use our online platform – to process and evaluate your application, open and administer an account, verify your identity, provide services to you, conduct credit checks and providing credit facilities to you, assist other financial institutions to conduct credit checks, collect amounts from you and pay amounts to you, provide security for your obligations, design new financial services and products, detect, investigate and prevent fraudulent or criminal activities and make any disclosure or transfer that is permitted or required by law;
  • apply to open an account with us – to process and evaluate your application, open and administer an account, provide services to you, conduct credit checks and providing credit facilities to you, assist other financial institutions to conduct credit checks, collect amounts from you and pay amounts to you, provide security for your obligations, design new financial services and products, and make any disclosure or transfer that is permitted or required by law;
  • are a signatory or director or officer or guarantor of a corporation opening an account with us – to register you as a signatory or guarantor and comply with legal requirements;
  • apply for employment with us – to evaluate your application, administer payroll, benefits and taxation, performance evaluations, promotions, disciplinary matters, contingency planning, training, recruitment, diversity planning, provision of references to third parties, internal reorganisation of employees, and comply with legal requirements, and make any disclosure or transfer that is permitted or required by law; and
  • send us correspondence – to respond to you.

4. Our use of cookies

By accessing our online platform, you acknowledge that you have been informed of the practice of using cookies and authorise us to use any information collected through our use of cookies in connection with the purpose set out in this Privacy Policy. “Cookies” are data files stored on your electronic devices (such as your computer or mobile phone) after you access certain websites or mobile applications.

Cookies are primarily used to identify visitors when they return to a site, so that certain information already provided by the visitor to a site is not required to be provided again. Cookies are also used to gather data on which areas of a site or app are visited frequently and which are not. Keeping data on which areas of a site are most popular allows a site operator to better plan and enhance the site.

We use the following cookies:

Strictly Necessary Cookies: These are essential for the running of our website and mobile apps. They are required to:

  • Allow our web server to determine the cookies setting and whether data can be collected from your web browser
  • Temporarily allow you to carry information between pages in our website to avoid re-enter that information
  • Temporarily identify your devices after log-in and maintain a dialogue between our web server and your web browser in order to maintain certain activities
  • We use the following Strictly Necessary Cookies:

    • _ga
    • _gat

Performance Cookies: These cookies are only used to improve our websites and identify issues that you may have when using our services. They help us to improve the customer experience and help us to provide better services to you. The information collected in these cookies are anonymous.

Functionality and Profile Cookies: These cookies help our website to remember your preferences and can help us to provide tailor services and features to you. These cookies may be used to ensure that all our services and communications are relevant to you. The tracking is only within PAOB websites or apps and the information in these cookies collect cannot track your browsing activity on other websites. Our website cannot remember your choices previously made or personalized your browsing experience without these cookies.

Marketing Cookies: These cookies and similar technologies are used to get the information about browsing habits. They remember a previous visit and may share this information with others, such as marketing companies and advertisers in order to deliver contents that are more relevant to your interests. Although these cookies and similar technologies are capable of tracking visits to other websites, they usually do not know who you are.

We acknowledge that you may wish to disable cookies. This can be done by changing your web browser settings, but may result in more limited functionality and you may not be able to utilize or activate certain functions available on our online platform.

5. Do we use personal data for direct marketing?

We do use some of the personal data we collect to send marketing material and special offers to the intended recipients via telemarketing, electronic means, direct mail or such other appropriate means, but only in accordance with the rules about direct marketing contained in the PDPO.

Personal data used in direct marketing may include your name, contact details, products and services portfolio information, transaction pattern and behavior, financial background and demographic data held by the Bank from time to time.

If we intend to use your personal data for direct marketing purposes or provide your personal data to third parties for direct marketing purposes, we will inform you beforehand in the PICS or in any other manner. We will provide you with an opportunity to opt-out of direct marketing at that time.

If you do not opt-out of direct marketing at that time, but you later decide that you no longer wish to receive direct marketing, you may ask us to cease any further direct marketing by contacting the Data Protection Officer at the address below.

The following classes of services, products and subjects may be marketed:

  • financial, insurance, cards (including credit card, debit card, payment card and stored value card), banking and related services and products;
  • reward, loyalty or privileges programmes and related services and products;
  • services and products offered by the Bank's co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
  • donations and contributions for charitable and/or non-profit making organisations.

6. To whom do we disclose personal data?

Personal data held by us will be kept confidential but we may provide or disclose the personal data to third parties from time to time for the following purposes.

The classes of third parties to whom we may disclose your personal data are set out in the PICS.

Generally, we may disclose your personal data as necessary for:

  • the purpose for which you provided it to us;
  • purposes which are directly related to the purpose for which you provided it to us; and
  • any other purposes to which you have consented.

For example, we may disclose your personal data to:

  • third party agents, contractors, advisors who provide administrative, communications, computer, payment, security or other services which assist us to carry out the above purposes (including telemarketers, mailing houses, IT service providers, data processors, etc.);
  • our legal and professional advisors;
  • our related companies (as that term is defined in the Hong Kong Companies Ordinance);
  • any other person under a duty of confidentiality to the Bank including a group company of the Bank which has undertaken to keep the personal data confidential;
  • government agencies and authorities as required by any law, regulation, rule or codes binding on us or our related companies; and
  • any other person to whom you have consented.

Where personal data is transferred to place(s) outside of Hong Kong in connection with such purposes, such place(s) may or may not offer the same or a similar level of personal data protection as in Hong Kong.

7. How is personal data secured?

We will take all reasonably practicable steps to ensure that your personal data is protected against unauthorised access, disclosure, processing, erasure, loss or use. These steps include restricting access to personal data to the relevant officers and employees of the Bank, providing relevant training to the officers and employees of the Bank regarding proper handling of personal data, and applying encryption or other technology to protect the personal data.

8. Retention of personal data

We will take all reasonably practicable steps to ensure that your personal data is not kept longer than is necessary for the fulfillment of the purposes for which the data is collected.

9. Accessing and correcting your personal data

You may contact us to seek access to or seek to correct the personal data which we hold about you or enquire about our data privacy policies and practices. There are certain exemptions under the PDPO which may apply to personal data access and correction requests. We may require the person making a data access or correction request to provide necessary information to verify his/her identity and right to access or correct the personal data. We may charge an administration fee for complying with a data access request which must not be excessive.

Requests for access or correct personal data or enquiries about our data privacy policies and practices should be addressed to:

The Data Protection Officer
Ping An OneConnect Bank (Hong Kong) Limited
Rooms 1903-1904, 19th Floor, NEO Building
123 Hoi Bun Road
Kowloon
Hong Kong