Standard Chartered Bank (China) Limited Mobile Baking Privacy Policy

 

Standard Chartered Bank (China) Limited (“we”, “us” or “SCB China”) is fully aware of the importance of personal information to you and strives at all times to respect and protect your privacy. We therefore formulate this Mobile Banking Privacy Policy (this “Policy”) to better explain how we collect, store, protect, use and disclose personal information and to help you understand the rights you have.

This Policy applies only to the “Standard Chartered Bank China” mobile application (the “App”) operated by Standard Chartered Bank (China) Limited. We will collect, store, use and disclose your information (including sensitive personal information) in accordance with this Policy when you use the services within the App to, among others, manage your bank accounts, make payments and fund transfers, trade in foreign exchange, make time deposits, purchase wealth management products, and purchase domestic bank-distributed fund products and market-linked series products (save for services subject to a separate privacy policy or governed by any user agreement that provides otherwise). This Policy is closely related to your use of our services through the App. We advise you to carefully read and understand this Policy in full. The provisions in this Policy which have a material bearing on your rights and interests and the sensitive personal information are IN BOLD for your special attention. Please do not use the App if you do not understand or accept this Policy in full.

This Privacy Policy Effective Date: 2020/10/23.

This Policy was released on 2020/10/22.

 

Should you have any question, comment or suggestion, please contact us at:

 

This Policy will help you to understand:

 

I.  How we collect and use your personal information

II. Cookies and similar technologies

III. How we share, transfer and publicly disclose your personal information

IV.Exceptions to obtaining consent

V. How we protect your personal information

VI. How you could manage your personal information

VII. How we protect the personal information of minors

VIII. How we update this Policy

IX. How to contact us

 

I.  How we collect and use your personal information

Personal information refers to any kind of information whether recorded in an electronic or other form that can be used alone or in combination with other information to identify, or reflect the activities of, a specific natural person.

(A) How we collect your personal information

When you use the App, we will collect the information that you voluntarily provide in the process of using our services or that derives from your use of our services on a lawful, just and need-to basis if by doing so it allows us to provide you with the products and services in accordance with applicable laws and regulations, to improve the quality of our services, to maintain the safety of your accounts and funds, and to fulfill our legal obligations. We will collect your information under the following circumstances:

  1. To meet our anti-money laundering obligations and to implement the real-name system in accordance with laws, regulations and regulatory requirements.

When you register an account with the App, we will verify your registered mobile phone number with us that is used to receive SMS verification code, the card number and the transaction password of your debit card or the initial username and initial password of your online banking account.

According to the requirements in relation to real-name authentication under Chinese laws and regulations, we must collect your name, ID number, gender, ethnicity, date of birth, address, validity period of your ID, photo of front and back sides of your ID, and your facial image, and will send your name, ID number and facial image to a legitimate third party to verify your identity. Your registration application will be automatically approved once the verification is completed.

  1. In the process of your use of the App, we will collect the following information of yours on a lawful, just, and need-to basis to the extent necessary for us to provide you with the relevant services through our mobile banking Please note that if you do not provide the information below, you would not be able to access and use the relevant services within the App.

(1) You are required to provide your username and password to log in to the App. We may also offer you several alternative ways to verify your identity. You may choose to use your static password or dynamic passcode, or if you choose to use our FaceID Login Service to access the App, you need to register your face ID on your device.

(2) When you activate your debit card in the App, we will collect the card number and expiration date of your debit card.

(3) When you use the basic mobile banking functions in the App, you are required to provide certain personal information, which mainly includes:

  • Registering for and using the mobile phone funds transfer service: your mobile phone number, name, ID number, personal facial information, transaction details and the payee’s mobile phone number;
  • Making domestic or overseas funds transfers or using the Global Link Transfer service: your account details and the account details of the payee (including the payee’s name, account number, branch or sub-branch of the bank, SWIFTCODE, the payee’s address and any other information that may be necessary pursuant to local laws and regulatory requirements of the relevant jurisdiction). Meanwhile, we will record the details of the funds transfer transaction (including the payer’s name, the payee’s name, the payer’s account number, the name of the paying bank, the banking office of the paying bank, the payee’s account number, the name of the receiving bank, the banking office of the receiving bank, the method of transfer, the amount transferred, the time of transfer, the agreed frequency of transfer, the transaction notes, and the status, date and time of the transaction) for your inquiry;
  • Opening a Type II or Type III account: your IP address, equipment information, name, mobile phone number, home location of your mobile number, ID card number, debit card number, location, FATCA U.S. Person information, CRS tax residency information (Country/Jurisdiction of Tax Residence and Taxpayer Identification Number), address, facial attributes, marital status, occupation, email address, personal facial information and any other information that may be necessary for the verification of your identity as required under local laws and regulatory requirements of the relevant jurisdiction;
  • Having or updating a client investment assessment: your age, level of education, financial status, investment objectives, knowledge of the investment products and investment experience;
  • Purchasing wealth management products, bank-distributed funds, private equity asset management schemes, and market-linked series products; creating Fixed Deposits, Call Deposit 2.0, Certificates of Deposit, Step-Up Time Deposit, Mileage Time Deposit and other financial products: your identity information (including type of ID, ID number, name, gender, mobile phone number, residential address, annual household income, source of income, occupation, account details, transaction details (including transaction amount and transaction account number), FATCA U.S. Person information and CRS tax residency information (Country/Jurisdiction of Tax Residence and Taxpayer Identification Number);
  • Using the foreign exchange trading platform and the foreign currency conversion channels in the App: your transaction details (including the basic information of foreign exchange trading/settlement such as transaction account, transaction amount, time and purpose of use of the foreign currency); adding bill payees in the App (limited to users in Shanghai): your mobile phone number and frequently used account number for making bill payments, the city in which you are located, the billing type, the billing agency and the transaction amount;
  • Other information you are required to provide in using the abovementioned functions by applicable laws, regulations and regulatory requirements as amended from time to time.

(4) In order to ensure the safe and normal operation of the App, prevent exposure to transactional and fund risks, and protect the safety of your account, we need to record the model, operation system, unique equipment identifier, mobile banking software version number, login IP address, operation logs and other basic information of the devise you use. In addition, in order to verify the accuracy and completeness of the information you provide, we will check with the State organs, financial institutions, enterprises or public institutions that lawfully hold your information. If, for the purpose of such verification and check, we need to collect your information from any of the foregoing entities, we will request the relevant entity to specify its source of personal information and confirm the lawfulness of such source in accordance with applicable laws, regulations or regulatory requirements.

(5) In the event that you provide any feedback, make a customer service call, or lodge a complaint, or take part in our marketing activities or surveys through the App, we need to collect the information you submit in such process and the information relating to your operation so as to contact you or provide follow-up responses and services.

(6) When you use the functions and services of the App, under certain circumstances, we may need to use the software service toolkit or code (“SDK”) provided by a qualified third-party service provider in order to provide the service for you, where the third-party  service provider will collect the necessary information about you, including:

  • EXOCR SDK: we use EXOCR to identify your personal facial features. This SDK requires access to your name, ID number and personal visual image to enable the online opening of Type II and Type III Renminbi accounts.
  • TMX SDK: we use TMX to guarantee security of funds, prevent anyone from harming your rights and interests in and to your account and mitigate transactional risks. This SDK requires access to your location, ID number, mobile phone number, address, age, IP address, card number of the card linked in the App, account type, name of the issuing bank of the card linked in the App, IMEI (international mobile equipment identity) information, and account opening date in order to meet the requirements of local laws and regulations of relevant jurisdiction for verifying your location and transaction details when you open a Type II or Type III Renminbi account, log in or make funds transfers, and further to improve the risk control for mobile banking.
  • Samsung Pass SDK: we use Samsung Pass to enable easier login to the App with your fingerprint. This SDK requires access to the fingerprint information you have registered on your current device to enable fingerprint log-in service.

If you do not agree the said third-party service providers to collect the information they require, you could be refused certain services. However, it would not affect your use of the other services within the App.

Please understand that the services we provide to you are updating and developing constantly. If you choose to use any service not specified hereinabove, and we need to collect your information in light of your use of such service, we will send you separate notices of the scope and purpose of, and obtain your consent to, such collection by means of pop-up message, webpage prompt, interactive process, agreement or an update of this Policy. We will use, store, disclose and protect your information in accordance with this Policy and the corresponding user agreement. Should you choose not to provide any of the information specified hereinabove, you may be refused certain services or parts of services, but your use of the other services provided by us would not be affected.

(B) How we use your personal information

We will use your information to abide by applicable laws, regulations and regulatory requirements, to provide services for you and improve the quality of the services provided for you, and to guarantee the security of your accounts and funds. In particular:

  1. We will use your personal information that we collect to make available our services or functions to you in accordance with the provisions of this Policy;
  2. To ensure the stability and security of our services, your information may be used for verifying identity, safeguarding, monitoring fraud, preventing or prohibiting illegal activities, minimizing risks or for archival and backup purposes;
  3. To invite you to take part in customer surveys on our services, products or functions;
  4. To report to the relevant authorities in accordance with applicable laws, regulations or regulatory requirements;
  5. In order to provide you with more accurate, personalized, smooth and easy-to-access services, or to seek for your help with evaluating, improving or designing our products, services and operational activities, we may use technical means to de-identify or desensitize your information and aggregate them for analysis and processing. Such de-identified information can no longer be used to identify the personal information subjects and therefore is not personal information, which may be used by us directly as permitted by law. We also have the right to employ the results of analysis of our user database in commercial use as such results cannot be used to identify the personal information subjects either. When we aggregate data on the use of the App services or functions, as such data do not contain any of your identifiable information, we may share these data with the public or third parties to demonstrate the overall usage of the services or functions within the App.

We will ask for your prior consent if we need to use any information for any purpose other than the one for which it is collected.

(C) In rendering our services, we may ask you for certain access permissions on your device to guarantee your use of our services, maintain the normal functioning of our services, improve and optimize the user experience, and safeguard the security of your account. In particular, we may ask you for the following personal access permissions:

  1. Camera and Photo Albums: to help identify your personal facial features so that we can send your personal facial information to the National Citizen Identity Information Centre for verification of face and other identity information in providing the services of opening Type II or Type III Renminbi accounts as well as the services for the registration, change and cancellation of mobile phone numbers;
  2. Contacts: to help you quickly select the phone number of the payee when using the mobile phone funds transfer service;
  3. Location: to access your location data for the purpose of implementing risk control in mobile banking transactions and verifying your location pursuant to local laws and regulatory requirements of the relevant jurisdiction when you open a Renminbi account (Type II or Type III), log in and transfer funds;
  4. Microphone: to help you call our customer service hotline using the Click2Chat call function.

Please note that by turning on these permissions, you grant us the right to collect and use the aforementioned information to enable the above functions. You can also turn off part or all of these permissions at any time in the settings on your mobile device. If you turn off these permissions, we will no longer collect the relevant information from you and will not be able to provide you with the function that requires such permission. The display and turn-off of such permissions may vary on different mobile devices. Please refer to the instructions or guidelines from the developer of the device or system for details.

II. Cookies and similar technologies

To ensure normal and safe operation of the App, when you use the services provided in the App, we may use Cookies to store the information required for security authentication or to help assess the security status of your account. Cookies store anonymous statistics only and do not touch on name, address, telephone, email address and other personal contact information. You may choose to erase all Cookies stored on your mobile device at any time.

III. How we share, transfer, and publicly disclose your personal information

(A) Sharing

We will not share your personal information with any company, organization or individual other than SCB China, except in the following circumstances:

  1. Sharing with explicit consent: we will share your personal information with others upon obtaining your explicit consent;
  2. We may disclose your personal information as required under applicable laws and regulations or in accordance with the mandatory requirements of relevant government authorities, courts, regulators, tax authorities, or any other authorities (including any authority that investigates criminal activities);
  3. Disclosure to professional advisors (including auditors) or insurers for risk diversification and assessment purposes;
  4. Disclosure to third-party service providers, agents or independent contracted employees who provide services in support of our business;
  5. Disclosure to your legal guardian or heir upon your death or loss of legal capacity so that he/she may make payments from your account;
  6. Sharing with our affiliates: your personal information may be shared with SCB China’s branches and sub-branches to the extent necessary and solely for the purposes stated in this Policy. We will seek your consent if there is any change in the purpose of use of your personal information by any of our affiliates.
  7. Sharing with the functional departments of our group: we will disclose the FATCA U.S. Person information and the CRS tax residency information (Country/Jurisdiction of Tax Residence and Taxpayer Identification Number) to the relevant functional departments of the Standard Chartered Group.
  8. Sharing with our authorized partners: for the sole purpose of serving the purposes stated in this Policy, some of our services will be provided by our authorized partners in the course of performance of our agreement with you, or your personal information has to be provided to our partners in order to fulfill the purpose of your transaction. For such purpose and to such extent, we will only share your personal information for lawful, just, necessary, particular and specific purposes, and we will only share the personal information that is necessary for the provision of services. Our partners have no right to use the personal information we share with them for any other purposes.

Our authorized partners mainly include the following two types:

(1) Our supplies, service providers and other partners. We will need to disclose your login, account or transaction details (including name, ID number, personal visual image, geographical location, mobile phone number, bank card number, payer’s name, payee’s name, payer’s account number, name of the paying bank, banking office of the paying bank, payee’s account number, name of the receiving bank, banking office of the receiving bank, method of transfer, amount transferred, time of transfer, agreed frequency of transfer, transaction notes, status, date and time of the transaction, and water, electricity and gas billing accounts) to the supplies, service providers and other partners who support our business by, for example, providing technical infrastructure services, providing customer services, facilitating payments, joining in lucky draw, competition or similar promotional activities.

(2)     The financial institutions we cooperate with, including the managers and issuers of the products sold by SCB China as an agent (e.g. onshore fund companies). We will need to disclose your fund investment information (including the investor’s name, the number, type, expiration date of the investor’s ID, the investor’s gender and date and city of birth, the investor’s tax resident country or region, taxpayer identification number, the investor’s occupation code, the investor’s mobile phone number, residence phone number and office phone number, the investor’s email address, fax number and postcode, the investor’s annual income, the investor’s current residence country or region and current address, the name of the investor’s employer, the investor’s IP address and MAC address, the account name and number of the investor’s receiving account, the bank with which the investor opens its receiving account, connected persons, the investor’s fund account, Get Investor Certificate flag, Non-Resident flag, transaction product details (amount and units)) to the abovementioned entities in order to filfill your transaction purposes.

We will sign strict non-disclosure agreements with the companies, organizations and individuals that we share personal information with and require them to deal with personal information in compliance with our instructions, this Policy and any other relevant confidentiality and security measures.

(B)     Transfer

We will not transfer your personal information to any companies, organizations or individuals, except:

  1. We may transfer your personal information to others after obtaining your explicit consent;
  2. In the case of mergers, acquisitions, bankruptcy, liquidation, transfer of assets or other similar transactions where transfer of personal information is required, we will request the succeeding company or organization holding your personal information to be bound by this Policy; otherwise, we will require such company or organization to seek separate consent from you.

(C)     Public Disclosure

We will only disclose your personal information to the public in the following circumstances:

  1. After obtaining your explicit consent;
  2. Disclosure according to law: we may disclose your personal information to the public if so required mandatorily by law, legal proceedings, litigations or governmental authorities.

IV. Exceptions to obtaining consent

According to the relevant laws and regulations, regulatory requirements and national standards, we may collect, use or disclose your personal information without otherwise obtaining your authorization and consent under the following circumstances:

  1. Where it directly relates to national security and national defence security;
  2. Where it directly relates to public security, public health or major public interest;
  3. Where it directly relates to criminal investigations, prosecutions, trials or execution of rulings, etc.;
  4. Where it’s required to protect your or others’ life, property or other material legitimate rights and interests while it is difficult to obtain your consent;
  5. Where the personal information collected is made available to the public by yourself;
  6. Where the personal information is collected from legitimate public sources such as legitimate news reports, disclosure by government, etc.;
  7. Where it is necessary to enter into and perform a contract at your request;
  8. Where it is necessary to maintain the safe and stable operation of the products or services provided, such as discovering and disposing of failures in products or services;
  9. Where it is necessary to aggregate data or conduct academic research for the public interest, and when the results of such academic research or description are disclosed, the personal information contained in the results is de-identified;
  10. Other circumstances provided for under laws, regulations and regulatory requirements.

V. How we protect your personal information

(A)     We have used safety measures up to industry standards to protect the personal information you provide and to prevent the data from unauthorized access, disclosure, use, modification, damage or loss. We will take all reasonably practical measures to protect your personal information. For example, we will perform safety scans on the App and safety penetration tests on a regular basis, and we have put in place a series of identity and access management, encryption, safety risk management and other rules and systems to ensure that your information is processed safely. In addition, your browser is protected by SSL encryption when exchanging data with the App. We will deploy an access control mechanism based on minimum access and behaviour traceability requirements to make sure that only authorized persons have access to your personal information. We will organize security and privacy protection training courses to enhance our employees’ awareness of the importance of protecting personal information.

(B)     We will take all reasonably practical measures to ensure that no irrelevant personal information is collected. We will only store and retain your personal information for a period as minimum as necessary to fulfill the purposes stated in this Policy unless we need to extend the retention period or where laws and regulations permit.

(C)     The Internet is not an absolutely safe place. E-mails, instant messages, and communications with other App users are not encrypted; therefore, we strongly recommend that you do not send any personal information through these ways. Please use complex passwords to help us keep your account safe.

(D)     We will regularly/irregularly assess safety risks and personal information safety implications.

(E)     The Internet is not absolutely safe, and we will take every effort to guarantee the security of the information you send us. We will take responsibility in accordance with the law if your information suffers from unauthorised access, public disclosure, erasure or damage as a result of any damage to our physical, technical or management protection facilities and your lawful rights and interests are so impaired.

(F)     If unfortunately a personal information security incident occurs, we will, in accordance with the requirements of laws and regulations, promptly inform you of the basic information of the incident and its possible impact, the actions and measures we have taken or will take, suggestions on what you can do to prevent and mitigate risks, and remedial measures to be taken for you, etc. We will promptly inform you about the incident by email, SMS, letter, call or other means. Where it is difficult to inform each personal information subject, we will give a public notice in a reasonable and effective way.

Meanwhile, we will report the handling of such personal information security incident on our initiative in accordance with the requirements of regulatory authorities.

VI. How you could manage your personal information

In accordance with the relevant laws, regulations and standards of the People’s Republic of China as well as the common practices in other countries and regions, we guarantee that you may exercise the following rights in relation to your personal information:

(A)     Access and correct your personal information

You may view or update your personal information by logging in to the App or through our online banking or telephone banking services or at any of our counters, unless otherwise provided by laws, regulations or regulatory policies.

You have the right and obligation to update your personal information in a timely manner to ensure that such information is accurate. To protect the safety of your account, you may need to access and correct certain personal information through online banking or at our counters. For example, if you wish to modify your contact information and correspondence address, please log in as a user on www.sc.com/cn, click “Change contact information or change correspondence address” on the “My Online Banking” page, select the item you wish to modify and enter the new information.

When you change any of your information through our online banking service, we will send a one-time SMS verification code to the mobile number you register with SCB China for the safety of your account.

(B)     Delete your personal information

To delete any information you provide in the App in relation to the frequent billing accounts (such as water, electricity, and gas billing accounts) and the payee of domestic and overseas funds transfers, you may log in as a user on www.sc.com/cn, click “Pay a Bill” on the “Pay Bills” page or click “To a Local Account” or “To Overseas” on the “Transfer Money” page and select the information that you wish to delete.

If you find that our collection or use of your personal information is in violation of laws and regulations or the agreement between you and us, you may request us to delete your personal information in accordance with the law.

When you delete information from our App, we may not immediately delete the information from our backup system but we will delete such information at the time of next update of our backup.

Please note that uninstalling the App will not lead to the cancellation of your account or the deletion of your personal information.

(C)     Change the scope of your authorization and consent

You may change the scope of your authorization for us to collect your personal information or withdraw your consent by turning off certain functions on your device. However, your decision to withdraw your consent will not affect any collection of personal information based on your consent prior to such withdrawal.

(D)     Cancel your account

Since your account with the App is the same as your online banking account, if you wish to cancel your App account (i.e., cancel your online banking account), you may do so at a branch or sub-branch of SCB China or by calling our customer service hotline (400-888-8083). Please follow the instructions to complete the verification of your identity at the branch or sub-branch or in the service call and, after the verification is completed, you may submit an application for cancelling your SCB online banking account (including your App account). We will verify and process your application within 15 working days after receiving it.

After you meet all the conditions for cancellation according to law and your online banking account is cancelled, you will no longer have access to the SCB online banking account and the App. Unless otherwise provided in laws, regulations, regulatory requirements or special agreements or for the purpose of settling certain specific debtor-creditor relationships, the information relating to your App account will also be deleted. We will no longer collect or use the personal information relating to such account through SCB online banking or the App. In addition, we still need to retain the information provided by you or generated during the term of your use of the App service for a period of time as required by regulatory authorities (no less than 5 years after you cancel your App account) and to cooperate with inquiries or other requirements of relevant authorities in accordance with law during such retention period.

(E)     Response to your requests above

For your security, you may need to submit a written request or identify yourself through other ways. We may ask you to verify your identity before processing your request. Unless otherwise specifically provided in laws and regulations, we will, in principle, review and process your requests for correcting your personal information, deleting or cancelling your account with the App submitted in accordance with the procedures described in this Policy within 15 working days:

According to the requirements of applicable laws and regulations, we will not be able to respond to your request under the following circumstances:

  1. Where it directly relates to national security and national defence security;
  2. Where it directly relates to public security, public health or major public interest;
  3. Where it directly relates to criminal investigations, prosecutions, trials or execution of rulings, etc.;
  4. Where there is sufficient evidence showing that you are intentionally malicious or abuse your rights;
  5. Where responding to your request will cause serious damage to the legitimate rights and interests of yours or of other individuals or organizations.
  6. Where the request involves any trade secret.

VII.    How we protect the personal information of minors

We expect parents or guardians to guide the minors in their use of our services. We will protect the confidentiality and security of the minors’ information in accordance with applicable laws and regulations of the People’s Republic of China.

If you are a minor, we suggest that you read this Policy together with your parent(s) or guardian(s). For the personal information we collect with the consent of your parent(s) or guardian(s), we will only use or publicly disclose such information to the extent permitted by law or necessary for protecting you or with the express consent of your parent(s) or guardian(s). If your parent or guardian does not agree you to use our services or provide information to us in accordance with this Policy, please stop using our services immediately.

VIII.   How we update this Policy

Our Privacy Policy may be updated from time to time. Once it is updated, we will notify you about the latest version of our Privacy Policy through pop-ups within the App.

We will not reduce your rights under this Policy without your explicit consent. You can read the Standard Chartered Bank (China) Limited Mobile Banking Privacy Policy as updated from time to time by visiting “More” – “About SCB” – “Privacy Policy” within the App. If you do not agree with any or all of the terms of this Policy, please stop using the App.

IX. How to contact us

If you have any question, comment or suggestion about the App, especially those regarding personal information or this Policy, please contact us through the means set forth below and we will in principle respond within 15 working days of receiving your question, comment or suggestion:

  • Company Name: Standard Chartered Bank (China) Limited
  • Address: 201 Century Avenue, Pudong New Area, China
  • Customer Service Hotline: 4008888083
  • Contact us via our official website: https://www.sc.com/cn/contact-us/

If you are not satisfied with our reply, and in particular consider that our processing of personal information has caused harm to your legitimate rights and interests, you may also resort to a people’s court of competent jurisdiction within Pudong New Area, Shanghai in accordance with the laws of the People’s Republic of China or seek solutions through other means as provided in applicable laws and regulations.