1. Introduction

Ping An OneConnect Bank (Hong Kong) Limited, together with its affiliates (“we”, “the Bank” or “PAOB”) are committed to protecting personal data in accordance with the Hong Kong Personal Data (Privacy) Ordinance (the “PDPO”).

We will only collect, use, transfer or disclose personal data in accordance with the PDPO, our Personal Information Collection Statement (“PICS”) and this Privacy Policy (the “Privacy Policy”).

We may amend this Privacy Policy at any time and for any reason. The updated version will be available on our website at www.paob.com.hk. You should check the Privacy Policy regularly for changes.

In this Privacy Policy, “personal data” means any data:

(a) relating directly or indirectly to a living individual;

(b) from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and

(c) in a form in which access to or processing of the data is practicable.

2. When and what personal data do we collect?

The types of personal data we collect from you will depend on the circumstances in which that information is collected. If the personal data that we request from you is not provided, we may be unable to provide or continue to provide products and services to you.

The personal data collected and compiled by PAOB usually includes your full name, identity card number, date of birth, address, contact details, information relating to bank accounts and transactions, and biometric data.
We may collect personal data about you when you:

  • use our online platform and request for services, product or activities – including your identity and contact details, your biometric data, financial information about you, information about your income and existing investments;
  • apply to open an account with us and use this account, and during the continuation of the bank-customer relationship – including financial information about you, information about your income and existing investments;
  • are a signatory or director or officer or guarantor of a corporation opening an account with us – including your identity and contact details;
  • apply for employment with us – including your identity and contact details, information about your skills and abilities, bank account information for payroll purposes, details regarding family members for medical insurance purposes, information about criminal record and other information relevant to our compliance obligations; or
  • send us correspondence – including your contact details in order to respond to you.

3. What do we use personal data for?

The purposes for which your personal data may be used will depend on the circumstances in which that personal data is collected.

We will inform you of the purposes for which we intend to use your personal data and the classes of persons to whom his data may be transferred (among other things) in the PICS at or before the time we collect your personal data.

Generally, we may use your personal data for:

  • the purpose for which you provided it to us;
  • purposes which are directly related to the purpose for which you provided it to us;
  • any other purposes to which you have consented;
  • complying with any law and regulation binding on us, and any guideline or notice issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations in connection with us and our products and services;
  • complying with the obligations, requirements or arrangements for disclosing and using personal data that apply to the Bank or that the Bank is expected to comply according to:

    (1) any law in or outside Hong Kong, whether existing currently or in the future, including the laws relating to the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions or other unlawful activities, and/or acts or attempts to circumvent or violate these laws ("Crime-countering Matters") (e.g. the Hong Kong Inland Revenue Ordinance requiring automatic exchange of financial account information amongst tax authorities in Hong Kong and overseas);

    (2) any guideline, direction, demand or request issued by any local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, self-regulatory or industry bodies of financial institutions, or stock exchanges ("Authorities and Organisations"), whether existing currently or in the future, including those relating to any law or Crime-countering Matters (e.g. guideline issued by the Hong Kong Inland Revenue Department on automatic exchange of financial account information);

    (3) any present or future contractual or other commitment with any of the Authorities and Organisations that is assumed by or imposed on the Bank by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant Authority or Organisation; and

  • comparing or matching personal data, whether or not for the purpose of taking adverse action against you.

For example, we may use your personal data when you:

  • use our online platform – to process and evaluate your application, open and administer an account, verify your identity, provide services to you, conduct credit checks and providing credit facilities to you, assist other financial institutions to conduct credit checks, collect amounts from you and pay amounts to you, provide security for your obligations, design new financial services and products, detect, investigate and prevent fraudulent or criminal activities and make any disclosure or transfer that is permitted or required by law;
  • apply to open an account with us – to process and evaluate your application, open and administer an account, provide services to you, conduct credit checks and providing credit facilities to you, assist other financial institutions to conduct credit checks, collect amounts from you and pay amounts to you, provide security for your obligations, design new financial services and products, and make any disclosure or transfer that is permitted or required by law;
  • are a signatory or director or officer or guarantor of a corporation opening an account with us – to register you as a signatory or guarantor and comply with legal requirements;
  • apply for employment with us – to evaluate your application, administer payroll, benefits and taxation, performance evaluations, promotions, disciplinary matters, contingency planning, training, recruitment, diversity planning, provision of references to third parties, internal reorganisation of employees, and comply with legal requirements, and make any disclosure or transfer that is permitted or required by law; and
  • send us correspondence – to respond to you.

4. Our use of cookies

By accessing our online platform, you acknowledge that you have been informed of the practice of using cookies and authorise us to use any information collected through our use of cookies in connection with the purpose set out in this Privacy Policy. “Cookies” are data files stored on your electronic devices (such as your computer or mobile phone) after you access certain websites or mobile applications.

Cookies are primarily used to identify visitors when they return to a site, so that certain information already provided by the visitor to a site is not required to be provided again. Cookies are also used to gather data on which areas of a site or app are visited frequently and which are not. Keeping data on which areas of a site are most popular allows a site operator to better plan and enhance the site.

We use the following cookies:

Strictly Necessary Cookies: These are essential for the running of our website and mobile apps. They are required to:

  • Allow our web server to determine the cookies setting and whether data can be collected from your web browser
  • Temporarily allow you to carry information between pages in our website to avoid re-enter that information
  • Temporarily identify your devices after log-in and maintain a dialogue between our web server and your web browser in order to maintain certain activities
  • We use the following Strictly Necessary Cookies:

    • _ga
    • _gat

Performance Cookies: These cookies are only used to improve our websites and identify issues that you may have when using our services. They help us to improve the customer experience and help us to provide better services to you. The information collected in these cookies are anonymous.

Functionality and Profile Cookies: These cookies help our website to remember your preferences and can help us to provide tailor services and features to you. These cookies may be used to ensure that all our services and communications are relevant to you. The tracking is only within PAOB websites or apps and the information in these cookies collect cannot track your browsing activity on other websites. Our website cannot remember your choices previously made or personalized your browsing experience without these cookies.

Marketing Cookies: These cookies and similar technologies are used to get the information about browsing habits. They remember a previous visit and may share this information with others, such as marketing companies and advertisers in order to deliver contents that are more relevant to your interests. Although these cookies and similar technologies are capable of tracking visits to other websites, they usually do not know who you are.

We acknowledge that you may wish to disable cookies. This can be done by changing your web browser settings, but may result in more limited functionality and you may not be able to utilize or activate certain functions available on our online platform.

5. Do we use personal data for direct marketing?

We do use some of the personal data we collect to send marketing material and special offers to the intended recipients via telemarketing, electronic means, direct mail or such other appropriate means, but only in accordance with the rules about direct marketing contained in the PDPO.

Personal data used in direct marketing may include your name, contact details, products and services portfolio information, transaction pattern and behavior, financial background and demographic data held by the Bank from time to time.

If we intend to use your personal data for direct marketing purposes or provide your personal data to third parties for direct marketing purposes, we will inform you beforehand in the PICS or in any other manner. We will provide you with an opportunity to opt-out of direct marketing at that time.

If you do not opt-out of direct marketing at that time, but you later decide that you no longer wish to receive direct marketing, you may ask us to cease any further direct marketing by contacting the Data Protection Officer at the address below.

The following classes of services, products and subjects may be marketed:

  • financial, insurance, cards (including credit card, debit card, payment card and stored value card), banking and related services and products;
  • reward, loyalty or privileges programmes and related services and products;
  • services and products offered by the Bank's co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
  • donations and contributions for charitable and/or non-profit making organisations.

6. To whom do we disclose personal data?

Personal data held by us will be kept confidential but we may provide or disclose the personal data to third parties from time to time for the following purposes.

The classes of third parties to whom we may disclose your personal data are set out in the PICS.

Generally, we may disclose your personal data as necessary for:

  • the purpose for which you provided it to us;
  • purposes which are directly related to the purpose for which you provided it to us; and
  • any other purposes to which you have consented.

For example, we may disclose your personal data to:

  • third party agents, contractors, advisors who provide administrative, communications, computer, payment, security or other services which assist us to carry out the above purposes (including telemarketers, mailing houses, IT service providers, data processors, etc.);
  • our legal and professional advisors;
  • our related companies (as that term is defined in the Hong Kong Companies Ordinance);
  • any other person under a duty of confidentiality to the Bank including a group company of the Bank which has undertaken to keep the personal data confidential;
  • government agencies and authorities as required by any law, regulation, rule or codes binding on us or our related companies; and
  • any other person to whom you have consented.

Where personal data is transferred to place(s) outside of Hong Kong in connection with such purposes, such place(s) may or may not offer the same or a similar level of personal data protection as in Hong Kong.

7. How is personal data secured?

We will take all reasonably practicable steps to ensure that your personal data is protected against unauthorised access, disclosure, processing, erasure, loss or use. These steps include restricting access to personal data to the relevant officers and employees of the Bank, providing relevant training to the officers and employees of the Bank regarding proper handling of personal data, and applying encryption or other technology to protect the personal data.

8. Retention of personal data

We will take all reasonably practicable steps to ensure that your personal data is not kept longer than is necessary for the fulfillment of the purposes for which the data is collected.

9. Accessing and correcting your personal data

You may contact us to seek access to or seek to correct the personal data which we hold about you or enquire about our data privacy policies and practices. There are certain exemptions under the PDPO which may apply to personal data access and correction requests. We may require the person making a data access or correction request to provide necessary information to verify his/her identity and right to access or correct the personal data. We may charge an administration fee for complying with a data access request which must not be excessive.

Requests for access or correct personal data or enquiries about our data privacy policies and practices should be addressed to:

The Data Protection Officer
Ping An OneConnect Bank (Hong Kong) Limited
Rooms 1903-1904, 19th Floor, NEO Building
123 Hoi Bun Road
Kowloon
Hong Kong