The purpose of this Data Privacy Statement (“Statement”) is to establish the policies and practices of Bank of China (Hong Kong) Limited - Manila Branch (“Bank”). The Bank highly values personal privacy and strives to preserve the confidentiality and security of all the personal information which the Bank may collect so as to strengthen the trust and confidence between you and the Bank.
 
This Statement applies to the processing of all types of personal information and to any natural or juridical person involved in personal information processing. The privacy practices described herein are designed to comply with the Data Privacy Act of 2012 (R.A. 10173).
 
Personal Data Held 
Personal data held by the Bank include, among others:
 
• Proof of identification (e.g., name, age, date and place of birth, specimen signature, and biometric information; constitutional, governmental, organizational or incorporation IDs or documents, list of investors or stockholders, business licenses and permits).
• Contact information (e.g. telephone and mobile numbers, personal and business address, personal and business email addresses). Profession, job, occupation, business and trade.
• Financial and credit position, status or background.
• Account and financial information (e.g. source of funds, expenses, balances, investments, tax insurance, financial and transaction history, etc.).
• Referees (personal or business).
• Business interests and assets.
• Images via CCTV and other similar recording devices and processes, which may be observed when visiting the Bank’s office.
• Voice recordings of the Bank’s representatives with clients.
• All other personal data submitted as part of the Bank’s KYC (Know-Your-Customer) and on-boarding requirements.
 
The Bank, when necessary, may seek to verify or augment the information with third-party representatives or entities including government regulators, judicial, supervisory bodies, tax authorities or courts of competent jurisdiction and, in the process, gain additional information about you.
 
In the course of availing the products and services, the Bank also collects information about your transactions and dealings, which include account activities, movements and interactions with third parties, such as merchants and utility companies.
 
In the course of using the Bank’s network of websites and electronic platforms, the Bank may collect non-personal information, such as those provided by devices, which may include the IP address, operating system, browser type and version, and other machine identifiers.
 
The Bank may also collect, use and keep personal opinions and/or comments made known via feedback or responses to surveys or any other interaction that you may have with the Bank’s employees, authorized representatives, agents and service providers.
 
Use of Personal Data 
The Bank uses your personal data and/or information collected to:
 
1. Assess your merits and suitability as actual or potential applicants for financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities and/or processing and/or approving their applications, variation, renewals, cancellations, reinstatements and claims;

2. Facilitate the daily operation of the services, credit facilities provided, and/or insurance policies issued, to you;

3. Conduct credit checks whenever appropriate (including, without limitation, at the time of application for credit and at the time of regular or special reviews, which normally will take place one or more times each year) and carry out matching procedures (as defined in the Ordinance);

4. Create and maintain the Bank’s scoring models;

5. Provide reference;

6. Assist other financial institutions in conducting credit checks and collecting debts;

7. Ensure your ongoing credit worthiness;

8. Research, customer profile and segment and/or design financial, insurance, credit card, securities, commodities, investment, banking and related services and products and facilities for your use;

9. Market services, products and other subjects;

10. Determine amounts owed to or by you;

11. Enforce your obligations, including without limitation the collection of your amounts outstanding and those providing security for your obligations;

12. Comply with the obligations, requirements or arrangements for disclosing and using data that apply to the Bank or any of its branches or that it is expected to comply according to:

a. Any laws binding or applying to it within or outside the Philippines, which are existing currently and in the future;

b. Any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Philippines existing currently and in the future (e.g. guidelines or guidance given or issued including those concerning automatic exchange of financial account information);

c. Any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Bank or any of its branches by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;

13. Comply with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Group and/or any other use of data and information in accordance with any group-wide programs for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities. For the purposes of this Statement, "Group" means the Bank, its offshore counterparties and its holding companies, branches, subsidiaries, representative offices and affiliates, wherever situated. Affiliates include branches, subsidiaries, representative offices and affiliates of the Parent Bank’s holding companies, wherever situated.

14. Enable an actual or proposed assignee of the Bank, or participant or sub-participant of the Bank to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;

15. Compare your or other person’s data for credit checking, data verification or otherwise produce or verify data, whether or not for the purpose of taking adverse action against you;

16. Maintain a credit history or a record for present and future reference; and

17. Purposes incidental, associated or relating to the abovementioned purposes.
 
The Bank may process your personal data for any of the purposes stated above for the duration of the contract with any member of the Bank and for such period as allowed under the Data Privacy Act to process or retain clients’ personal data. In no case shall the Bank use personal data outside the purposes stated.
 
Sharing of Personal Data
The Bank may share your personal information with subsidiaries, affiliates and third parties, under an obligation of confidentiality, to: 

Better understand the way you use the products and services. This will allow the Bank to improve the services and offer opportunities to obtain such other useful products and services that may deliver greater value to you.

• Offer you with additional products and services.
• Engage support in delivering services to you. These may involve anonymous or aggregated information to help improve products, services and content.
• Help operate the business. These may include the following:

     o Complying with legal requirements such as court orders;
     o Enforcing the Bank’s terms of use including, among others, our rights as creditor to customers availing of loan products,    or such other applicable policies with respect to the services that the Bank provides;
     o Addressing fraud, security or technical issues, to respond to an emergency or otherwise to protect the rights, property or security of customers or third parties; and,
     o Carrying out all other purposes set out above.
 
The Bank may transfer, store and/or process your personal data outside the Philippines, in accordance and conjunction to the instructions of the Parent Bank. In doing so, the Bank will comply with the Data Privacy Act and its implementing rules and regulations.
 
The Bank wishes to assure you that the Bank does not, and will not, sell your personal data to any third parties. All the engagements with the third parties shall be fully compliant with the obligation of confidentiality imposed under the applicable agreements and/or terms and conditions or any applicable laws that govern the banking relationship with you.
 
Exemptions
Subject to the governing conditions provided under the Data Privacy Act of 2012, you have the right to:

• Be informed whether your personal data shall be, is being, or has been processed;
• Object to the processing of your personal data; Reasonable access to your personal data;
• Dispute inaccuracy or error in your personal data and have the Bank’s representatives or authorized personnel correct said inaccurate and incorrect data accordingly;
• Suspend, withdraw or order the blocking, removal or destruction of your personal data from the Bank’s filing system;
• Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of your personal data.
 
Retention of Personal Data  
The personal data and information you provided will not be kept longer than necessary for the fulfillment of the purposes for which the personal data and information are or are to be used at the time of the collection and for compliance with the legal, regulatory and accounting requirements from time to time.
 
Disclosure of Personal Data 
Your personal data and information would not be disclosed to other parties unless such disclosure is made in accordance with DPN and/or (as and where applicable) the relevant Notice in connection with the collection of your records and/or have been previously consented to and/or the disclosure is permitted or required by any law binding on the Bank.
 
Security of Personal Data 
Your personal data and information are secured with restricted access by authorized personnel. Encryption technology is employed for sensitive data to protect your privacy during data transmission.
 
If the Bank engages service providers to handle or process your personal data (whether within or outside Hong Kong) on the Bank's behalf, the Bank would adopt contractual or other means to prevent unauthorized or accidental access, processing, erasure, loss or use of the data transferred to the service providers for processing.
 
Changes to the Data Privacy Statement 
The contents of this Statement may be amended from time to time. Please approach the Bank regularly for the Bank's latest privacy policy.
 
Data Access Requests and Data Correction Requests 
The Bank would comply with and process all data access and correction requests in accordance with the provisions of the Data Privacy Act of 2012 and/or other applicable laws or internal rules and regulations.
 
The Bank may impose a reasonable fee for complying with a data access request in accordance with the Bank’s internal rules and regulations.
 
Contact Details
The persons to whom requests for access to data or correction of data or for complaints and/or information regarding policies and practices and kinds of data held are to be addressed to:

Data Privacy Officer
Bank of China (Hong Kong) Limited - Manila Branch
Email: DataProtectionOffice_ph@bankofchina.com.ph
Phone Number: 8297 7851 / 8297 7888 local 844