We respect your privacy and are committed to keeping your personal information and other data confidential and secure

Personal data is information that either identifies you or is about you, and we may collect it from a few different sources. This includes collecting personal data directly from you, third parties acting for you or who are related to you, from companies, businesses or organisations who are our clients that you represent or are related to you, from other members of the Standard Chartered Group and from other organisations, or publicly available sources.

Personal data we collect in respect to corporate client relationships is primarily limited to the information on directors and officers, other employees, direct and indirect beneficial owners and authorised persons we need to enable us to meet our due diligence obligations, signatory details and contact information of individuals we interact with and process to enable the provision of services to clients.

If you give us someone else’s personal data, you must have their permission as required by applicable laws and explain to them how we’ll use it.

We may collect the following different types of personal data, depending on whether you bank with us as a client, that is either as an individual, company, business or organisation or you are related to or represent such individual, company, business or organisation, where it’s relevant and allowed by law:

• Identification data – information that identifies (uniquely or semi uniquely) you. For example, your name, your date of birth, your place of birth, your registered place of birth, your photographs, CCTV and video recordings of you and other identifiers, including official/government identifiers such as national identification number, passport number, tax identification number, driver’s license number, license plate, social security number and health insurance card number
•  Contact data – information that allows addressing, sending or communicating a message to you. For example, your email address, your phone or mobile number, your residential or business address, place of permanent residence, place of temporary residence, current place of residence, hometown and contact address
• Professional data – information about your educational or professional background
• Behavioural data – information relating to your behaviour, activities or actions, both online and off-line. For example, your browsing behaviour and how you interact with our online products and services, or those provided by third-party organisations, such as our advertising partners and social media companies
• Personal relationship data – information about associations or close connections between individuals or entities that can determine your identity. For example, marital status, parent, child, spouse or employer relationships
• Communications data – information relating to you contained in voice, messaging, email and other communications we have with you. For example, service requests and digital account information, such as personal data that reflects activities and activity history in cyberspace.

We may sometimes need to collect more sensitive personal data from you, but we only do this if it’s necessary and with your consent, or where allowed by law. Sensitive personal data (sometimes known as special category personal data) refers to personal data in association with individual privacy which, when being infringed, will directly affect an individual’s legal rights and interests,  may include things like:

• Financial and commercial data – information that identifies your financial position, status and history, where relevant. For example, information on clients of credit institutions, foreign bank branches, payment service providers and other licensed institutions, including customer identification as prescribed by law, accounts, deposits, deposited assets, transactions, organisations and individuals that are guarantors at credit institutions, bank branches, and payment service providers,, debit or credit card details, source of funds, financial and credit rating history.
• Geo-location data – information that provides or contains a device’s location. For example, your internet protocol (IP) address or your cookies identifier
• Racial or ethnic origin data – information which reveals your racial or ethnic origin
• Political data – information which reveals your political opinions
• Religious or philosophical data – information which reveals religious or philosophical beliefs
• Biometric data – information that identifies you physically. For example, facial recognition information, your fingerprint or voice recognition information
• Health data – information relating to your health status. For example, disability information relevant to accessibility, which may affect how you interact with our products and services
• Criminal convictions, proceedings or allegations data – information about criminal convictions or related information that we identify in relation to our financial crime prevention obligations, for example, details about any criminal convictions or related information. This includes details of offences or alleged offences or convictions.

We usually get your personal data directly from you, but we may also obtain your personal data from elsewhere as follows:

• People you know – such as:
  • parents or guardians of children. If you are a child (this means if you are under 16 years old), we will also get your parent or guardian’s consent in addition to your consent (if applicable) before collecting and processing your personal data.
  • your joint account holders
  • your referees; and
  • other people you appoint or authorise to act on your behalf
• Businesses and other organisations – such as:
  • your employer and/or company, business or organisation you represent or is related to you
  • other financial institutions and financial service providers
  • credit reference and fraud prevention agencies
  • regulatory and other entities with authority over the Standard Chartered Group, such as tax authorities, law enforcement or authorities imposing financial sanctions
• Our corporate and business clients – where you receive the benefit of our services in relation to our contract with the company, business or organisation you interact with. For example, resolving payment disputes with our merchant clients
• Publicly available resources – such as online registers or directories or online publications, social media posts and other information that is publicly available
• Cookies – when you visit, browse, or use our websites, online banking or mobile applications, we may use cookies to automatically collect certain information from your device. We may use such information, where relevant, for internal analysis and troubleshooting, to recognise you and remember your preferences, to improve the quality of and to personalise our content and to determine the security status of your account. For more information on how we use cookies and how you can control them when visiting our websites, please see our Cookies Policy at www.sc.com/vn/en/cookie-policy/.

We collect your personal data so that we can provide our products and services, manage our relationship with our clients and operate our business. This is necessary when you hold your own bank account with us and also when you represent, or are associated with, other individuals or organisations who bank with us, for example, if you act as a guarantor, employee, shareholder, director, officer or authorised person.

If you have or are associated with more than one account with Standard Chartered Group, we may link all your accounts and personal data to enable us to have an overall picture of our client relationships.

What we use your personal data for is often referred to as our purposes of processing and these are detailed below. We may not be able to offer or provide our products and services if you do not provide us with or want us to process the personal data that we consider is necessary and/or is required to meet our legal and regulatory obligations.

We generally process your personal data with your consent where required by law or where otherwise permitted or required by applicable law including for the following lawful reasons:

• Contract – when we’re performing contractual obligations under a contract to which you are a party
• Legal Obligation – when we’re required to comply with laws and regulations
• Life and Health Protection – when we’re processing personal data to protect an individual’s life and health

Purposes of Processing

We process your personal data for the following purposes, as relevant, depending on whether you have your own bank account with us or you represent, or are associated with, other individuals or organisations who bank with us.

Assessing and providing products and services to our clients (Legal basis: Consent, Contract or Legal Obligation)

This includes:

• assessing eligibility and suitability of product and service applications for clients; we may retain a record of the application if our eligibility criteria are not met
• assessing your suitability as an individual guarantor
• conducting relevant due diligence and know-your-customer (KYC) checks as required by applicable law
• conducting credit checks and financial assessments
• setting credit limits for clients
• obtaining quotations for clients from third-party product providers, such as insurance products from insurance providers we partner with and assisting such providers to manage insurance products, including wealth management products.

Managing banking relationships and administering client accounts (Legal basis: Consent, Contract or Legal Obligation)

This includes:

• establishing, continuing and managing banking relationship and account with us or, where applicable, any member of the Standard Chartered Group
• providing clients with appropriate access to our products and services, such as our online and mobile banking platforms
• operating, providing and evaluating the products and services for clients
• effecting transactions and acting on instructions or requests, such as transferring money between accounts and making payments to third parties for clients
• maintaining up-to-date records of authorised persons and signature lists
• administering, for example, credit facilities or loans for clients
• maintaining contact information
• responding to questions or managing any complaints, including monitoring social media conversations and posts to identify conversations, sentiments, and complaints about the Standard Chartered Group
• issuing notifications about changes to the terms and conditions of our products and services
• recording our communications for record-keeping and evidential purposes including online messages, email and telephone
• contacting clients relating to the products and services we are providing
• facilitating open banking for clients, including with Account Information Service Providers (AISPs).

Operating our business (Legal basis: Consent, Contract or Legal Obligation)

This includes:

• managing authentication and user access controls for clients, for example, for online and mobile banking
• creating and maintaining our credit scoring models relating to clients
• conducting credit management activities, which includes maintaining client credit history and ensuring ongoing credit worthiness
• assisting other banks and third parties recover funds that have entered client accounts as a result of erroneous payments
• engaging in business operational management, such as performing administrative tasks relating to the products and services we provide, monitoring and reporting of our financial portfolio, risk management activities, audits and ensuring operation and security of our communications and processing systems, systems development and testing, business planning and decision-making.

Improving our products and services to our clients (Legal basis: Consent)

This includes:

• developing, testing and analysing our systems, products and services
• monitoring and recording our communications with you, for example, phone calls, for training and quality purposes
• conducting customer satisfaction surveys
• gathering insights by aggregating data from the use of our products and services and our applications to provide you with more tailored products and services.

Keeping you and our people safe (Legal basis: Consent, Legal Obligation or Life and Health Protection)

This includes:

• conducting identity verification security checks for building access
• using CCTV surveillance recordings at our branches, premises and ATMs for the purposes of preventing and detecting fraud and/or other crimes, such as theft
• investigating and reporting on incidents or emergencies on our properties and premises
• for the security of our systems and networks in order to keep your data safe and confidential
• for other health and safety compliance purposes
• monitoring social media conversations and posts to protect clients from sharing data publicly that could be used for fraud.

Detecting, investigating and preventing financial crimes (Legal basis: Consent, Contract or Legal Obligation)

This includes:

• conducting identity verification security checks against government and other official centralised databases, as required by law
• monitoring and recording our communications and screening applications and transactions in connection with actual or suspected fraud, financial crime or other criminal activities
• recording and monitoring your electronic communications with us, to the extent permitted by applicable law, to ensure compliance with our legal and regulatory obligations and internal policies
• conducting checks against government and non-government third parties’ fraud prevention and other financial crime prevention databases to prevent money laundering, terrorism, fraud and other financial crimes, to protect you, our clients and the integrity of the financial market. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services or employment to you.

Complying with applicable laws, regulations and other requirements (Legal basis: Consent or Legal Obligation)

This includes:

• identifying and investigating compliance with our own Standard Chartered Group policies
• complying with relevant local and foreign law, regulations, rules, directives, judgments or court orders, requests, guidelines, government sanctions, embargo, reporting requirements, restrictions, demands or agreements with any authority (including domestic or foreign tax authorities), court or tribunal, enforcement agency or exchange body in any relevant jurisdiction where the Standard Chartered Group operates
• following any voluntary guidelines or recommendations from industry bodies or associations.

Exercising our legal rights and conducting legal proceedings (Legal basis: Consent or Legal Obligation)

This includes:

• tracing and exercising our rights and protecting ourselves against harm to our rights and interests
• retaining records as may be necessary as evidence for any potential litigation or investigation
• recovering debts and arrears
• obtaining professional advice
• investigating or making an insurance claim
• responding to any insurance related matter, action or proceeding
• defending or responding to any current or prospective legal, regulatory, or industry bodies or association related matter, action or proceeding.

Facilitating Standard Chartered Group mergers, acquisitions, and divestments (Legal basis: Consent)

This includes:

• evaluating our business and providing continuity of services to you after a transfer of our business as a result of a merger, acquisition, sale or divestment.

We may sometimes, and with your consent if required by applicable law, use your contact details to send relevant marketing communications (such as by post, email, telephone, SMS, secure messages, mobile app or social media). You may withdraw your consent at any time by contacting us using the details below.

We may send the following communications:

• news, offers and promotions about our products and services
• competitions and lucky draws
• appeals for charitable non-profit making donations, sponsorships and contributions
• seminars and webinars
• other events or opportunities.

If you bank with us as an individual client, to the extent permitted by applicable law, we may share limited information about you with social media and advertising companies we engage with for the purpose of online advertising. For example, to check whether you have an account with social media companies, so we can ask them to display more relevant marketing messages to you about our products and services or to exclude you from receiving advertisements for our products and services which you already use.

We may use the personal data we collect to conduct data analytics, including profiling and behavioural analysis, to make quicker automated decisions in our business operations and to evaluate your personal characteristics to predict outcomes and risks. We require that rules followed by such automated systems are designed to make fair and objective decisions. We may use artificial intelligence and machine learning to help improve our communications and client experience, make our business operational processes safer and more efficient and enable us to provide faster responses and improve turnaround time. For example, we may use automated decision-making for the following:

• Client digital onboarding processes – account opening approval processes using electronic Know-Your-Customer (eKYC) checks by verifying the authenticity of scanned identification documents and a photo through biometric facial recognition and liveliness check
• Operational efficiency – voicebots for call centre identification verification
• Personal banking client engagement – client marketing campaigns and communications to recommend more tailored products and services based on insights from your personal data and interactions with robo advisors and chatbots.
• Risk management – monitoring of accounts and transactions to detect unusual activities to prevent fraud or money laundering, terrorism and other financial crimes (for example, detecting whether the use of your credit card may be fraudulent) and approval of loan applications and credit decisions based on credit-scoring models.

We may share your personal data within the Standard Chartered Group. Standard Chartered Group may share your personal data for the purposes of processing as set out in this privacy notice, including with our service providers, our business partners, other third parties and as required by law or requested by any authority. Who these are depends on your interactions with us as an individual client or as a representative for another individual or organisation that banks with us.

We limit how, and with whom, we share your personal data, and take steps to ensure your personal data is kept confidential and protected when we share it. We may share your personal data for our purposes of processing with the following, where relevant and allowed by law:

• Other members of the Standard Chartered Group
• Authorised third parties
  • legal guardians, joint account holders, actual or intended guarantors/sureties, trustees, beneficiaries, executors, or authorised persons of our clients, any actual or potential participants or sub-participants in relation to any of our obligations in respect of any banking agreement, assignees, novatees or transferees (or any officers, employees, agents or advisers of any of them)
  • any other person you have authorised us by your consent to share your personal data with.
• Third parties that can verify your information
  • credit bureaus or credit reference agencies (including the operator of any centralised database used by credit reference agencies), credit protection providers, rating agencies, debt collection agencies, fraud prevention agencies and organisations
  • other non-government third parties’ that conduct financial crime prevention databases checks to prevent money laundering, terrorism, fraud and other financial crimes.
• Our service partners
  • professional advisers such as auditors, legal counsel, conveyancers and asset valuation specialists
  • insurers or insurance brokers
  • service providers (such as operational, administrative, data processing and technology service providers), including anyone engaged or partnered with to analyse and facilitate improvements or enhancements in Standard Chartered Group’s operations or provision of products and services
  • providers of professional services, such as market researchers, forensic investigators and management consultants
  • third-party product providers including fund managers and insurance companies.
• Strategic referral partners
  • business alliance, co-branding partners or other companies or organisations that the Standard Chartered Group cooperates with based on contractual arrangements or other joint ventures
  • social media and advertising companies
  • charitable and non-profit organisations.
• Other financial services organisations
  • other financial institutions, such as merchant banks, correspondent banks or national banks
  • market infrastructure providers
  • payment service providers, including merchants, payment processors and card association members, payment-initiation and card-based payment instrument service providers such as VISA and Mastercard
  • Account Information Service Providers (AISP).
• Government and law enforcement agencies
  • as required by law or requested by any authority, which includes any government, quasi-government, regulator, administrative, regulatory or supervisory body, court, tribunal, enforcement agency, exchange body or domestic or foreign tax authorities, having jurisdiction over any Standard Chartered Group member whether within or outside your jurisdiction and whether or not that Standard Chartered Group member has a relationship with you.
• Other third parties
  • the individual, company, business or organisation, as applicable, that you represent or is related to you
  • third parties in case of a merger, acquisition or divestment: if we transfer (or plan to transfer) any part of our business or assets. If the transaction goes ahead, the interested party may use or disclose your personal information in the same way as set out in this privacy notice, and subsequently notify you of any changes they may make in terms with how they process your personal data.

Your personal data may be stored, shared and transferred by us within the Standard Chartered Group or with other third parties for the purposes described in this privacy notice. We do this in order to operate effectively, efficiently and securely in facilitating transactions and providing products and services to our clients, to improve and support our processes and business operations and to comply with our legal and regulatory obligations. This may involve storing, sharing and transferring your personal data cross border to other jurisdictions.

Where recipients of your personal data are in jurisdictions that are outside Vietnam, and local laws may not have similar data protection laws as the jurisdiction where you are or where we have a relationship, we will take all reasonable steps necessary to ensure that your personal data has an appropriate adequate level of protection and safeguards to comply with applicable law.

We take the privacy and security of your personal data very seriously. To protect your data, we have put in place a range of technical, physical and organisational measures to protect and keep your personal data confidential. Standard Chartered Group has implemented information security policies, rules and technical measures to protect personal data and to comply with legal and regulatory requirements. We train and require staff who access your personal data to comply with our data privacy and security standards. We require our service providers, or other third parties we engage with and to whom we disclose your personal data to implement similar confidentiality, data privacy and security standards and measures when they handle, access or process your personal data.

Nevertheless, please understand that the transmission of information via the internet is not completely secure. Although we strive our best to securely store your personal data, we cannot guarantee that our security measures will prevent third parties such as hackers from illegally obtaining access to your personal data.

Your personal data will be processed at any time subject to your consent, unless otherwise provided by applicable regulations, and will be stopped processing when you withdraw your consent or when required by applicable regulations.

We keep your personal data for business or legal reasons while you engage with us, and for a period of time afterwards for the purposes described in this privacy notice in accordance with our data retention policy standards and as required by applicable law. Unless otherwise required by applicable laws and regulations, we will delete, anonymise, destroy and/or stop using personal data when we no longer need it.

We respect your personal data, and you have the following rights about how we use your information:

• Right to be informed
• Right to give consent
• Right to access or be provided with your data – you are entitled to access your data and can ask us for a copy of the personal data we have about you and how we’ve used it.
• Right to correct your data – if your personal information is incorrect, you can rectify the data yourself or ask us to update
• Right to delete your data – you can ask us to delete your personal data. However, we may need certain personal details to provide our products and services to you.
• Right to restrict or object to processing – you can ask us to stop using your data or change how we use it, including but not limited to objecting to our use or disclosure of data for advertising purposes. However, we may need certain personal details to engage with you or provide our products and services to you.
• Right to change or withdraw consent – if we ask for your consent to use your personal data, you can change your mind at any time. If you withdraw your consent, you acknowledge and agree that we may retain and process your personal data according to the requirements under applicable regulations or by competent authorities. In addition, you understand and acknowledge that we may not provide our banking products and/or services to you without processing your personal data. As a result, when you withdraw your consent, we have the right to terminate the relevant product(s) and/or service(s) and you are obliged to fulfil all your obligations owed to us upon the termination of our products and/or services.
• Right to file complaints, denunciations and lawsuits
• Right to claim damage
• Right to self-protection

You can also play a part in protecting your personal data:

• Protect your own personal data and request us or other relevant organisations and individuals to protect your personal data.
• Respect and protect others’ personal data.
• Provide complete and accurate personal data once you have consented to the processing of your personal data.
• Participate in the dissemination of personal data protection skills.
• Comply with applicable laws and regulations on protection of personal data and participate in prevention of violations of such laws and regulations.
• Other obligations as provided under applicable laws and regulations.

We will respond to requests to exercise your personal data rights in line with applicable law. If you have any questions about your rights, please contact us using the details below.

The following Standard Chartered Group company acts as the controller and processor of your personal data in Vietnam:

• Standard Chartered Bank (Vietnam) Limited

Address:

Standard Chartered Bank (Vietnam) Limited,

Level 3, Capital Place,

29 Lieu Giai, Ba Dinh,

Hanoi, Vietnam

Contacting us by phone:

You can contact our Data Privacy Officer at Vietnam.DPO@sc.com.

Or by post at:

Standard Chartered Bank (Vietnam) Limited

Level 3, Capital Place,

29 Lieu Giai, Ba Dinh,

Hanoi, Vietnam

Got a complaint?

If you have any concerns or complaints about how we’re using your personal data, please talk to us. You can contact your branch or your Relationship Manager or get in touch with our Data Privacy Officer.

Cookies

Please see our separate Cookie Policy at www.sc.com/vn/en/cookie-policy/.

Other Terms and Conditions

There may be specific terms and conditions in our banking and product agreements that govern the collection, use and disclosure of your personal data. Such other terms and conditions must be read in conjunction with this privacy notice.

This privacy notice was updated on 23 June 2023.

Personal data is information that either identifies you or is about you, and we may collect it from a few different sources. This includes collecting personal data directly from you, third parties acting for you or who are related to you, from companies, businesses or organisations who are our clients that you represent or are related to you, from other members of the Standard Chartered Group and from other organisations, or publicly available sources.

If you give us someone else’s personal data, you must have their permission as required by applicable laws and explain to them how we’ll use it.

If you are:

• a visitor to our websites, social media pages, premises or ATMs
• a marketing recipient, for example, where you take part in responding to our surveys, quizzes, invitations to events or webinars
• a sponsorship or donation beneficiary
• a subscriber, where you subscribe to receive our publications, reports and research
• someone who contacts us for information
• someone who reports an issue or complaint, for example, via an online form or through email
• a payment transaction beneficiary or remitter; or
• any other individual who is not a client or related to a client, a recruitment job applicant, a vendor/service provider or a shareholder then,

we may collect the following different types of personal data from you, where it’s relevant and allowed by law:

• Identification data – information that identifies (uniquely or semi uniquely) you. For example, your name, your photographs, CCTV and video recordings of you, building access data to our premises and social media profile details. We may also collect other identifiers, including official/government identifiers such as national identification number, passport number and tax identification number if you make a report, for example, via an online form or through email
• Contact data – information that allows addressing, sending or communicating a message to you. For example, your email address, your phone or mobile number and your residential or business address, place of permanent residence, place of temporary residence, current place of residence, hometown and contact address.
• Professional data – information about your educational or professional background, for example, if you make a report via an online form or through email
• Behavioural data – information relating to your behaviour, activities or actions, both online and off-line. For example, your browsing behaviour and how you interact with our online advertisements, or those provided by third-party organisations, such as our advertising partners and social media companies
• Personal relationship data – information about associations or close connections between individuals or entities thatcan determine your identity. For example, the agency, company, business or organisation you represent or is related to you
• Communications data – information relating to you contained in voice, messaging, email and other communications we have with you. For example, via online forms, online subscriptions and/or digital account information, such as personal data that reflects activities and activity history in cyberspace.

We may sometimes need to collect more sensitive personal data from you if you make a report, for example, via an online form or through email, but we only do this if it’s necessary and with your consent, or where allowed by law. Sensitive personal data (sometimes known as special category personal data) refers to personal data in association with individual privacy which, when being infringed, will directly affect an individual’s legal rights and interests, may include things like:

• Financial and commercial data – information that identifies your financial history. For example, your bank account number when you are the recipient of a payment by our client
• Geo-location data – information that provides or contains a device’s location. For example, your internet protocol (IP) address or your cookies identifier
• Racial or ethnic origin data – information which reveals your racial or ethnic origin
• Political data – information which reveals your political opinions
• Religious or philosophical data – information which reveals religious or philosophical beliefs
• Trade union data – information which reveals trade union membership, if relevant in certain jurisdictions
• Health data – information relating to your health status
• Sexual orientation and gender identity data – information concerning your sex life or sexual orientation
• Criminal convictions, proceedings or allegations data – information about criminal convictions or related information that we identify in relation to our financial crime prevention obligations, for example, details about any criminal convictions or related information. This includes details of offences or alleged offences or convictions.

We usually get your personal data directly from you, but we may also obtain your personal data from elsewhere as follows:

• People you know – such as parents or guardians of children. If you are a child (this means if you are under 16 years old), we will get your parent or guardian’s consent in addition to your consent (if applicable) before collecting, processing or sharing your personal data
• Businesses and other organisations – such as:
  • the agency, company, business or organisation you represent or is related to you
  • other financial institutions and financial service providers
• Publicly available resources – such as online registers or directories or online publications, social media posts and other information that is publicly available
• Cookies – when you visit, browse, or use our websites, online banking or mobile applications, we may use cookies to automatically collect certain information from your device. We may use such information, where relevant, for internal analysis and troubleshooting, to recognise you and remember your preferences, to improve the quality of and to personalise our content and to determine the security status of your account. For more information on how we use cookies and how you can control them when visiting our websites, please see our Cookies Policy at www.sc.com/vn/en/cookie-policy.

We collect your personal data so that we manage our relationship with you, respond to your requests, operate our business and provide our products and services.

What we use your personal data for is often referred to as our purposes of processing and these are detailed below. We may not be able to offer or provide our products and services if you do not provide us with or want us to process the personal data that we consider is necessary and/or is required to meet our legal and regulatory obligations.

We generally process your personal data with your consent where required by law or where otherwise permitted or required by applicable law including for the following lawful reasons:

• Contract – when we’re performing contractual obligations under a contract to which you are a party
• Legal Obligation – when we’re required to comply with laws and regulations
• Life and Health Protection – when we’re processing personal data to protect an individual’s life and health

Purposes of Processing

We process your personal data for the following purposes, as relevant:

Operating our business (Legal basis: Consent or Legal Obligation)

This includes:

• engaging in business operational management, such as performing administrative tasks, risk management activities, audits and ensuring operation and security of our communications and processing systems
• developing, testing and analysing our systems, products and services, for example, to offer a well-functioning website or other applications to users
• monitoring and recording our communications with you, for example, phone calls, for training and quality purposes.

Promoting and protecting our brand (Legal basis: Consent)

This includes:

• branding and corporate affairs management, creating publications, marketing campaigns and producing advertisements
• gathering insights by aggregating data from the use of our products and services and our applications, for example, social media listening to identify, assess and discover key
• social media monitoring to identify our brand mentions to protect our brand and reputation
• facilitating sponsorship, donations and events.

Getting in touch with you (Legal basis: Consent or Legal Obligation)

This includes:

• sending you requested publications, newsletters, reports and relevant content
• providing you with information and our range of products and services as requested
• responding to your reports of wrongdoing and complaints, including whistleblowing.

Keeping you and our people safe (Legal basis: Consent, Legal Obligation or Life and Health Protection)

This includes:

• conducting identity verification security checks for building access
• using CCTV surveillance recordings at our branches, premises and ATMs for the purposes of preventing and detecting fraud and/or other crimes, such as theft
• investigating and reporting on incidents or emergencies on our properties and premises
• for the security of our systems and networks in order to keep your data safe and confidential.
• for other health and safety compliance purposes.

Detecting, investigating and preventing financial crimes (Legal basis: Consent, Contract or Legal Obligation)

This includes:

• monitoring and recording our communications and screening applications and transactions in connection with actual or suspected fraud, financial crime or other criminal activities
• recording and monitoring your electronic communications with us, to the extent permitted by applicable law, to ensure compliance with our legal and regulatory obligations and internal policies.

Complying with applicable laws, regulations and other requirements (Legal basis: Consent or Legal Obligation)

This includes:

• identifying and investigating compliance with our own Standard Chartered Group policies
• complying with relevant local and foreign law, regulations, rules, directives, judgments or court orders, requests, guidelines, government sanctions, embargo, reporting requirements, restrictions, demands or agreements with any authority (including domestic or foreign tax authorities), court or tribunal, enforcement agency or exchange body in any relevant jurisdiction where the Standard Chartered Group operates
• following any voluntary guidelines or recommendations from industry bodies or associations.

Exercising our legal rights and conducting legal proceedings (Legal basis: Consent or Legal Obligation)

This includes:

• tracing and exercising our rights and protecting ourselves against harm to our rights and interests
• retaining records as may be necessary as evidence for any potential litigation or investigation
• recovering debts and arrears
• obtaining professional advice
• investigating or making an insurance claim
• responding to any insurance related matter, action or proceeding
• defending or responding to any current or prospective legal, regulatory, or industry bodies or association related matter, action or proceeding.

Facilitating Standard Chartered Group mergers, acquisitions, and divestments (Legal basis: Consent)

This includes:

• evaluating our business and providing continuity of services to you after a transfer of our business as a result of a merger, acquisition, sale or divestment.

We may sometimes, and with your consent if required by applicable law, use your contact details to send relevant marketing communications (such as by post, email, telephone, SMS, secure messages, mobile app or social media). You may withdraw your consent at any time by contacting us using the details below.

We may send the following communications:

• news, offers and promotions about our products and services
• competitions and lucky draws
• appeals for charitable non-profit making donations, sponsorships and contributions
• seminars and webinars
• other events or opportunities.

To the extent permitted by applicable law, we may share limited information about you with social media and advertising companies for the purpose of online advertising. For example, to check whether you have an account with social media companies, so we can ask them to display more relevant marketing messages to you about our products and services or to exclude you from receiving advertisements for services which you already use.

We may share your personal data within the Standard Chartered Group. Standard Chartered Group may share your personal data for the purposes of processing as set out in this privacy notice, including with our service providers, our business partners, other third parties and as required by law or requested by any authority. Who these are depends on your interactions with us.

We limit how, and with whom, we share your personal data, and take steps to ensure your personal data is kept confidential and protected when we share it. We may share your personal data for our purposes of processing with the following, where relevant and allowed by law:

• Other members of the Standard Chartered Group
• Authorised third parties
  • any other person you have authorised us by your consent to share your personal data with.
• Third parties that can verify your information
  • other non-government third parties’ that conduct financial crime prevention databases checks to prevent money laundering, terrorism, fraud and other financial crimes.
• Our service partners
  • professional advisers such as auditors and legal counsel
  • insurers or insurance brokers
  • service providers (such as operational, administrative, data processing and technology service providers), including anyone engaged or partnered with to analyse and facilitate improvements or enhancements in Standard Chartered Group’s operations or provision of products and services
  • providers of professional services, such as market researchers, forensic investigators and management consultants.
• Strategic referral partners
  • business alliance, co-branding partners or other companies or organisations that the Standard Chartered Group cooperates with based on contractual arrangements or other joint ventures
  • social media and advertising companies
  • charitable and non-profit organisations.
• Other financial services organisations
  • other financial institutions, such as merchant banks, correspondent banks or national banks
  • payment service providers, including merchants, payment processors and card association members, payment-initiation and card-based payment instrument service providers such as VISA and Mastercard.
• Government and law enforcement agencies
  • as required by law or requested by any authority, which includes any government, quasi-government, regulator, administrative, regulatory or supervisory body, court, tribunal, enforcement agency, exchange body or domestic or foreign tax authorities, having jurisdiction over any Standard Chartered Group member whether within or outside your jurisdiction and whether or not that Standard Chartered Group member has a relationship with you.

Your personal data may be stored, shared and transferred by us within the Standard Chartered Group or with other third parties for the purposes described in this privacy notice. We do this in order to operate effectively, efficiently and securely in facilitating transactions and providing products and services to our clients, to improve and support our processes and business operations and to comply with our legal and regulatory obligations. This may involve storing, sharing and transferring your personal data cross border to other jurisdictions.

Where recipients of your personal data are in jurisdictions that are outside Vietnam, and local laws may not have similar data protection laws as the jurisdiction where you are or where we have a relationship, we will take all reasonable steps necessary to ensure that your personal data has an appropriate adequate level of protection and safeguards to comply with applicable law.

We take the privacy and security of your personal data very seriously. To protect your data, we have put in place a range of technical, physical and organisational measures to protect and keep your personal data confidential. Standard Chartered Group has implemented information security policies, rules and technical measures to protect personal data and to comply with legal and regulatory requirements. We train and require staff who access your personal data to comply with our data privacy and security standards. We require our service providers, or other third parties we engage with and to whom we disclose your personal data to implement similar confidentiality, data privacy and security standards and measures when they handle, access or process your personal data.

Nevertheless, please understand that the transmission of information via the internet is not completely secure. Although we strive our best to securely store your personal data, we cannot guarantee that our security measures will prevent third parties such as hackers from illegally obtaining access to your personal data.

Your personal data will be processed at any time subject to your consent, unless otherwise provided by applicable regulations, and will be stopped processing when you withdraw your consent or when required by applicable regulations.

We keep your personal data for business or legal reasons while you engage with us, and for a period of time afterwards for the purposes described in this privacy notice in accordance with our data retention policy standards and as required by applicable law.

Unless otherwise required by applicable laws and regulations, we will delete, anonymise, destroy and/or stop using personal data when we no longer need it.

We respect your personal data, and you have the following rights about how we use your information:

• Right to be informed
• Right to given consent
• Right to access your data – you are entitled to access your data and can ask us for a copy of the personal data we have about you and how we’ve used it.
• Right to correct your data – if your personal information is incorrect, you can rectify the data yourself or ask us to update
• Right to delete your data – you can ask us to delete your personal data. However, we may need certain personal details to provide our products and services to you.
• Right to restrict or object to processing – you can ask us to stop using your data or change how we use it, including but not limited to objecting to our use or disclosure of data for advertising purposes. However, we may need certain personal details to engage with you or provide our products and services to you.
• Right to change or withdraw consent – if we ask for your consent to use your personal data, you can change your mind at any time. If you withdraw your consent, you acknowledge and agree that we may retain and process your personal data according to the requirements under applicable regulations or by competent authorities. In addition, you understand and acknowledge that we may not provide our banking products and/or services to you without processing your personal data. As a result, when you withdraw your consent, we have the right to terminate the relevant product(s) and/or service(s) and you are obliged to fulfil all your obligations owed to us upon the termination of our products and/or services.
• Right to file complaints, denunciations and lawsuits
• Right to claim damage
• Right to self-protection

You can also play a part in protecting your personal data:

• Protect your own personal data and request us or other relevant organisations and individuals to protect your personal data.
• Respect and protect others’ personal data.
• Provide complete and accurate personal data once you have consented to the processing of your personal data.
• Participate in the dissemination of personal data protection skills.
• Comply with applicable laws and regulations on protection of personal data and participate in prevention of violations of such laws and regulations.
• Other obligations as provided under applicable laws and regulations.

We will respond to requests to exercise your personal data rights in line with applicable law. If you have any questions about your rights, please contact us using the details below.

The following Standard Chartered Group company acts as the controller and processor of your personal data in Vietnam:

• Standard Chartered Bank (Vietnam) Limited

Address:

Standard Chartered Bank (Vietnam) Limited

Level 3, Capital Place,

29 Lieu Giai, Ba Dinh,

Hanoi, Vietnam

You can contact our Data Privacy Officer at Vietnam.DPO@sc.com.

Or by post at:

Standard Chartered Bank (Vietnam) Limited

Level 3, Capital Place,

29 Lieu Giai, Ba Dinh,

Hanoi, Vietnam

Got a complaint?

If you have any concerns or complaints about how we’re using your personal data, please talk to us. You can contact your branch or your Relationship Manager or get in touch with our Data Privacy Officer.

Cookies

Please see our separate Cookie Policy at www.sc.com/vn/en/cookie-policy.

This privacy notice was updated on 23 June 2023.

Personal data is information that either identifies you or is about you, and we may collect it from a few different sources. This includes collecting personal data directly from you, third parties acting for you or who are related to you, from companies, businesses or organisations who are related to you, from other members of the Standard Chartered Group and from other organisations, or publicly available sources.

If you give us someone else’s personal data, you must have their permission as required by law and explain to them how we’ll use it.

We may collect the following different types of personal data when you apply for a job with us or are engaged to provide services to us, where it’s relevant and allowed by law:

• Identification data – information that identifies (uniquely or semi uniquely) you. For example, your name, your gender, your date of birth, your place of birth, your registered place of birth, your nationality, your photographs, CCTV and video recordings of you, video, photographic images or audio recordings submitted as part of the recruitment process, and other identifiers, including official/government identifiers such as national identification number, passport number, tax identification number, social security number and health insurance card number.
• Contact data – information that allows addressing, sending or communicating a message to you. For example, your email address, your phone or mobile number, your business address, place of permanent residential address, place of temporary residence, current place of residence, hometown and contact address
• Professional data – information about your educational or professional background. For example, academic background (such as your university or school diplomas/certificates and other educational achievements), current and previous employment details (including salary/bonus and employee benefits scheme), curriculum vitae/resume, professional qualifications, references and work visa
• Behavioural data – information relating to your behaviour, activities or actions, both online and off-line, for example, results of any pre-employment testing such as psychometric testing
• Personal relationship data – information about associations or close connections between individuals or entities that can determine your identity. For example, politically exposed person, public official, client, marital status, parent, child, close personal or close financial relationships
• Communications data – information relating to you contained in voice, messaging, email and other communications we have with you, for example, via online forms.

We may sometimes need to collect more sensitive personal data from you, but we only do this if it’s necessary and with your consent or where allowed by law. Sensitive personal data (sometimes known as special category personal data) refers to personal data in association with individual privacy which, when being infringed, will directly affect an individual’s legal rights and interests, may include things like:

• Financial and commercial data – information that identifies your financial position, status and history, where relevant. For example, payslips and other financial information
• Geo-location data – information that provides or contains a device’s location. For example, your internet protocol (IP) address or your cookies identifier
• Racial or ethnic origin data – information which reveals your racial or ethnic origin
• Political data – information which reveals your political opinions
• Religious or philosophical data – information which reveals religious or philosophical beliefs
• Biometric data – information that identifies you physically
• Health data – information relating to your health status
• Sexual orientation and gender identity data – information concerning your sex life or sexual orientation
• Trade union membership – if relevant in certain jurisdictions
• Criminal convictions, proceedings or allegations data – information about criminal convictions or related information that we identify in relation to our financial crime prevention obligations, for example, details about any criminal convictions or related information. This includes details of offences or alleged offences or convictions.

We are committed to providing equal opportunities and fair treatment in employment and recruitment. As part of this, we ask optional demographic questions as part of our application process. These questions are asked for the purposes of furthering those aims, addressing underrepresentation and creating a diverse and inclusive working environment. The answers to these questions are not shared with the hiring manager or relevant decision makers as part of the recruitment process. You have the choice not to answer these questions.

We usually get your personal data directly from you, but we may also obtain your personal data from elsewhere as follows:

• People you know – such as:
  • friends or relatives who have referred you to us
  • your previous employers
  • recruitment agencies
  • other people you appoint or authorise to act as your referees
  • other people you appoint or authorise to act on your behalf
• Businesses and other organisations – such as:
  • your employer and/or company, business or organisation you represent or is related to you
  • credit reference and fraud prevention agencies
  • criminal records bureau
  • Standard Chartered career webpage
  • social network sites, for example LinkedIn, Facebook and Google+
• Publicly available resources – such as online directories, career platforms, publications, social media posts and other information that is publicly available
• Cookies – when you visit, browse, or use our websites, online banking or mobile applications, we may use cookies to automatically collect certain information from your device. We may use such information, where relevant, for internal analysis and troubleshooting, to recognise you and remember your preferences, to improve the quality of and to personalise our content and to determine the security status of your account. For more information on how we use cookies and how you can control them when visiting our websites, please see our Cookies Policy at sc.com/vn/en/cookie-policy/.

Our recruitment activities are generally not aimed at minors (normally this means if you are under 18 years old, but this might be younger depending on where you live).  If you are a minor in the relevant jurisdiction, you must obtain the consent of your parents or guardian before contacting us in relation to recruitment.

We collect your personal data so that we can manage our recruitment process and operate our business.

What we use your personal data for is often referred to as our purposes of processing and these are detailed below. We may not be able to proceed with your job application if you do not provide us with or want us to process the personal data that we consider is necessary and/or is required to meet our legal and regulatory obligations.

We generally process your personal data with your consent where required by law or where otherwise permitted or required by applicable law including for the following lawful reasons:

• Contract – when we’re performing contractual obligations under a contract to which you are a party
• Legal Obligation – when we’re required to comply with laws and regulations
• Life and Health Protection – when we’re processing personal data to protect an individual’s life and health

Purposes of Processing

We process your personal data for the following purposes, as relevant:

Assessing and processing your job application (Legal basis: Contract, Legal Obligation or Consent)

This includes:

• reviewing your application (which may include interview videos)
• assessing your skills, qualifications and suitability for the job role or engagement you applied for (including results of psychometric tests)
• processing your application
• conducting pre-employment or pre-engagement searches, background checks to verify your identity
• obtaining references
• communicating with you in relation to your application. We may also notify you of other potential career opportunities or job vacancies that we think might suit you.

Improving our applicant screening procedures (Legal basis: Consent)

This includes:

• engaging in business operational management, such as performing administrative tasks, risk management activities, audits and ensuring operation and security of our communications and processing systems
• auditing business operations
• gathering insights by aggregating data from our recruitment process to improve the recruitment process, including the process of screening job applicants.

Keeping you and our people safe (Legal basis: Consent, Legal Obligation or Life and Health Protection)

This includes:

• conducting identity verification security checks for building access
• using CCTV surveillance recordings at our branches, premises and ATMs for the purposes of preventing and detecting fraud and/or other crimes, such as theft
• investigating and reporting on incidents or emergencies on our properties and premises
• for the security of our systems and networks in order to keep your data safe and confidential
• for other health and safety compliance purposes.

Detecting, investigating and preventing financial crimes (Legal basis: Consent, Contract or Legal Obligation)

This includes

• conducting pre-employment or engagement identity verification screening, including searches with a credit reference agency, sanctions screening checks and criminal record checks to the extent permitted by applicable law
• recording and monitoring your electronic communications with us, to the extent permitted by applicable law, to ensure compliance with our legal and regulatory obligations and internal policies.

Complying with applicable laws, regulations and other requirements (Legal basis: Consent or Legal Obligation)

This includes:

• identifying and investigating compliance with our own Standard Chartered Group policies
• complying with relevant local and foreign law, regulations, rules, directives, judgments or court orders, requests, guidelines, government sanctions, embargo, reporting requirements, restrictions, demands or agreements with any authority (including domestic or foreign tax authorities), court or tribunal, enforcement agency or exchange body in any relevant jurisdiction where the Standard Chartered Group operates
• following any voluntary guidelines or recommendations from industry bodies or associations.

Exercising our legal rights and conducting legal proceedings (Legal basis: Consent or Legal Obligation)

This includes:

• tracing and exercising our rights and protecting ourselves against harm to our rights and interests
• retaining records as may be necessary as evidence for any potential litigation or investigation
• obtaining professional advice
• investigating or making an insurance claim
• responding to any insurance related matter, action or proceeding
• defending or responding to any current or prospective legal, regulatory, or industry bodies or association related matter, action or proceeding.

Facilitating Standard Chartered Group mergers, acquisitions, and divestments (Legal basis: Consent)

This includes:

• evaluating our business and providing continuity of services to you after a transfer of our business as a result of a merger, acquisition, sale or divestment.

We may sometimes, and with your consent if required by applicable law, use your contact details to send relevant marketing communications (such as by post, email, telephone, SMS, secure messages, mobile app or social media). You may withdraw your consent at any time by contacting us using the details below.

We may send the following communications:

• job opportunities
• seminars and webinars
• other events or opportunities.

To the extent permitted by applicable law, we may share limited information about you with social media and advertising companies for the purpose of online advertising. For example, to check whether you have an account with social media companies, so we can ask them to display more relevant marketing messages to you about our job opportunities.

We may use the personal data we collect to conduct data analytics, including profiling and behavioural analysis, to make quicker automated decisions in our business operations and to evaluate your personal characteristics to predict outcomes and risks. We require that rules followed by such automated systems are designed to make fair and objective decisions. We may use artificial intelligence and machine learning to help improve our communications and candidate experience, make our recruitment process safer and more efficient and enable us to provide faster responses and improve turnaround time. For example, we may use automated decision-making for psychometric testing in the recruitment process.

We may share your personal data within the Standard Chartered Group. Standard Chartered Group may share your personal data for the purposes of processing as set out in this privacy notice, including with our service providers, our business partners, other third parties and as required by law or requested by any authority. Who these are depends on your interactions with us.

We limit how, and with whom, we share your personal data, and take steps to ensure your personal data is kept confidential and protected when we share it. We may share your personal data for our purposes of processing with the following, where relevant and allowed by law:

• Other members of the Standard Chartered Group
• Authorised third parties
  • any other person you have authorised us by your consent to share your personal data with.
• Third parties that can verify your information
  • ex-employers
  • credit bureaus or credit reference agencies (including the operator of any centralised database used by credit reference agencies), credit protection providers, rating agencies, debt collection agencies, fraud prevention agencies and organisations
• Our service partners
  • recruitment agencies
  • professional advisers such as auditors and legal counsel
  • insurers or insurance brokers
  • service providers (such as operational, administrative, data processing and technology service providers), including anyone engaged or partnered with to analyse and facilitate improvements or enhancements in Standard Chartered Group’s operations or provision of products and services
  • providers of professional services, such as screening and authentication providers, pre-employment health test providers, market researchers and management consultants.
• Government and law enforcement agencies
  • as required by law or requested by any authority, which includes any government, quasi-government, regulator, administrative, regulatory or supervisory body, court, tribunal, enforcement agency, exchange body or domestic or foreign tax authorities, having jurisdiction over any Standard Chartered Group member whether within or outside your jurisdiction and whether or not that Standard Chartered Group member has a relationship with you.
• Other third parties
  • third parties in case of a merger, acquisition or divestment: if we transfer (or plan to transfer) any part of our business or assets. If the transaction goes ahead, the interested party may use or disclose your personal information in the same way as set out in this privacy notice, and subsequently notify you of any changes they may make in terms with how they process your personal data.

Your personal data may be stored, shared and transferred by us within the Standard Chartered Group or with other third parties for the purposes described in this privacy notice. We do this in order to improve and support our processes and business operations and to comply with our legal and regulatory obligations. This may involve storing, sharing and transferring your personal data cross border to other jurisdictions.

Where recipients of your personal data are in jurisdictions that are outside Vietnam, and local laws may not have similar data protection laws as the jurisdiction where you are or where we have a relationship, we will take all reasonable steps necessary to ensure that your personal data has an appropriate adequate level of protection and safeguards to comply with applicable law.

We take the privacy and security of your personal data very seriously. To protect your data, we have put in place a range of technical, physical and organisational measures to protect and keep your personal data confidential. Standard Chartered Group has implemented information security policies, rules and technical measures to protect personal data and to comply with legal and regulatory requirements. We train and require staff who access your personal data to comply with our data privacy and security standards. We require our service providers, or other third parties we engage with and to whom we disclose your personal data to implement similar confidentiality, data privacy and security standards and measures when they handle, access or process your personal data.

Nevertheless, please understand that the transmission of information via the internet is not completely secure. Although we strive our best to securely store your personal data, we cannot guarantee that our security measures will prevent third parties such as hackers from illegally obtaining access to your personal data.

Your personal data will be processed at any time subject to your consent, unless otherwise provided by applicable regulations, and will be stopped processing when you withdraw your consent or when required by applicable regulations.

We keep your personal data for business or legal reasons while you engage with us, and for a period of time afterwards for the purposes described in this privacy notice in accordance with our data retention policy standards and as required by applicable law. Unless otherwise required by applicable laws and regulations, we will delete, anonymise, destroy and/or stop using personal data when we no longer need it.

We respect your personal data, and you have the following rights about how we use your information:

• Right to be informed
• Right to give consent
• Right to access or provided with your data – you are entitled to access your data and can ask us for a copy of the personal data we have about you and how we’ve used it.
• Right to correct your data – if your personal information is incorrect, you can rectify the data yourself or ask us to update
• Right to delete your data – you can ask us to delete your personal data. However, we may need certain personal details to provide our products and services to you.
• Right to restrict or object to processing – you can ask us to stop using your data or change how we use it, including but not limited to objecting to our use or disclosure of data for advertising purposes. However, we may need certain personal details to engage with you or provide our products and services to you.
• Right to change or withdraw consent – if we ask for your consent to use your personal data, you can change your mind at any time. If you withdraw your consent, you acknowledge and agree that we may retain and process your personal data according to the requirements under applicable regulations or by competent authorities.
• Right to file complaints, denunciations and lawsuits
• Right to claim damages
• Right to self-protection

You can also play a part in protecting your personal data:

• Protect your own personal data and request us or other relevant organisations and individuals to protect your personal data.
• Respect and protect others’ personal data.
• Provide complete and accurate personal data once you have consented to the processing of your personal data.
• Participate in the dissemination of personal data protection skills.
• Comply with applicable laws and regulations on protection of personal data and participate in prevention of violations of such laws and regulations.
• Other obligations as provided under applicable laws and regulations.

We will respond to requests to exercise your personal data rights in line with applicable law. If you have any questions about your rights, please contact us using the details below.

How to get in touch

The following Standard Chartered Group company acts as the controller and processor of your personal data in Vietnam:

• Standard Chartered Bank (Vietnam) Limited

Address:

Standard Chartered Bank (Vietnam) Limited

Level 3, Capital Place,

29 Lieu Giai, Ba Dinh,

Hanoi, Vietnam

You can contact our Data Privacy Officer at Vietnam.DPO@sc.com.

Or by post at:
Standard Chartered Bank (Vietnam) Limited
Level 3, Capital Place,
29 Lieu Giai, Ba Dinh,
Hanoi, Vietnam

Got a complaint?

If you have any concerns or complaints about how we’re using your personal data, please talk to us. You can get in touch with our Data Privacy Officer.

Cookies

Please see our separate Cookie Policy at www.sc.com/vn/en/cookie-policy.

Other Terms and Conditions

There may be specific terms and conditions in our recruitment process that govern the collection, use and disclosure of your personal data. Such other terms and conditions must be read in conjunction with this privacy notice.

This privacy notice was updated on 23 June 2023.

The following Standard Chartered Group company acts as the controller and processor of your personal data in Vietnam:

• Standard Chartered Bank (Vietnam) Limited

Address:

Standard Chartered Bank (Vietnam) Limited

Level 3, Capital Place,

29 Lieu Giai, Ba Dinh,

Hanoi, Vietnam

You can contact our Data Privacy Officer at Vietnam.DPO@sc.com.

Or by post at:
Standard Chartered Bank (Vietnam) Limited
Level 3, Capital Place,
29 Lieu Giai, Ba Dinh,
Hanoi, Vietnam

Got a complaint?

If you have any concerns or complaints about how we’re using your personal data, please talk to us. You can get in touch with our Data Privacy Officer.

Cookies

Please see our separate Cookie Policy at www.sc.com/vn/en/cookie-policy.

Other Terms and Conditions

There may be specific terms and conditions in our recruitment process that govern the collection, use and disclosure of your personal data. Such other terms and conditions must be read in conjunction with this privacy notice.

This privacy notice was updated on 23 June 2023.

Personal data is information that either identifies you or is about you, and we may collect it from a few different sources. This includes collecting personal data directly from you, third parties acting for you or who are related to you, from companies, businesses or organisations who are our clients that you represent or are related to you, from other members of the Standard Chartered Group and from other organisations, or publicly available sources.

Personal data we collect in respect to our vendors is primarily limited to the information on directors and officers, other employees, direct and indirect beneficial owners and authorised persons we need to enable us to meet our due diligence obligations, signatory details and contact information of individuals we interact with and process to enable the provision of services to Standard Chartered Group.

If you give us someone else’s personal data, you must have their permission as required by applicable laws and explain to them how we’ll use it.

We may collect the following different types of personal data, depending on whether you provide goods and/or services to us directly or you are related to or represent such individual, company, business or organisation, where it’s relevant and allowed by law:

• Identification data – information that identifies (uniquely or semi uniquely) you. For example, your name, your gender, your date of birth, place of birth, your registered place of birth, your nationality, your photographs, CCTV and video recordings of you, building access data to our premises and social media profile details. We may also collect other identifiers, including official/government identifiers such as national identification number, passport number and tax identification number
• Contact data – information that allows addressing, sending or communicating a message to you. For example, your email address, your phone or mobile number, your business address, place of permanent residence, place of temporary residence, current place of residence, hometown and contact address
• Professional data – information about your educational or professional background. For example, occupation, title, licenses, and professional memberships, documents evidencing industrial track-record, client testimonials, current and previous employment details, curriculum vitae/resume, professional qualifications, references and work visa
• Behavioural data – information relating to your behaviour, activities or actions, both online and off-line. For example, your browsing behaviour and how you interact with our online products and services, or those provided by third-party organisations, such as our advertising partners and social media companies
• Personal relationship data – information about associations or close connections between individuals or entities that can determine your identity. For example, the agency, company, business or organisation you represent or is related to you
• Communications data – information relating to you contained in voice, messaging, email and other communications we have with you. For example, via online forms and online subscriptions

We may sometimes need to collect more sensitive personal data from you, but we only do this if it’s necessary and with your consent, or where allowed by law. Sensitive personal data (sometimes known as special category personal data) refers to personal data in association with individual privacy which, when being infringed, will directly affect an individual’s legal rights and interests, may include things like:

• Financial and commercial data – information that identifies your financial position, status and history. For example, your account details when you are the recipient of a payment by us, your background information, such as your business financial credit report and score
• Geo-location data – information that provides or contains a device’s location. For example, your internet protocol (IP) address or your cookies identifier
• Racial or ethnic origin data – information which reveals your racial or ethnic origin
• Criminal convictions, proceedings or allegations data – information about criminal convictions or related information that we identify in relation to our financial crime prevention obligations, for example, details about any criminal convictions or related information. This includes details of offences or alleged offences or convictions.

We usually get your personal data directly from you, but we may also obtain your personal data from elsewhere as follows:

• People you know – such as such as your colleagues, contractors and associates
• Businesses and other organisations – such as:
  • your employer and/or company, business or organisation you represent or is related to you
  • other financial institutions and financial service providers
• Publicly available resources – such as online registers or directories or online publications, social media posts and other information that is publicly available
• Cookies – when you visit, browse, or use our websites, online banking or mobile applications, we may use cookies to automatically collect certain information from your device. We may use such information, where relevant, for internal analysis and troubleshooting, to recognise you and remember your preferences, to improve the quality of and to personalise our content and to determine the security status of your account. For more information on how we use cookies and how you can control them when visiting our websites, please see our Cookies Policy at www.sc.com/vn/en/cookie-policy/.

We collect your personal data so that we can manage our relationship with you, or the organisation you represent, and operate our business.

What we use your personal data for is often referred to as our purposes of processing and these are detailed below. You or the individual, company, business or organisation that you are related to or represent, may not be able to offer or provide products and/or services to us if you do not provide us with or want us to process the personal data that we consider is necessary.

We generally process your personal data with your consent where required by law or where otherwise permitted or required by applicable law including for the following lawful reasons:

• Contract – when we’re performing contractual obligations under a contract to which you are a party
• Legal Obligation – when we’re required to comply with laws and regulations
• Life and Health Protection – when we’re processing personal data to protect an individual’s life and health

Purposes of Processing

We process your personal data for the following purposes, as relevant, depending on whether you provide goods and/or services to us directly or you represent, or are associated with, other individuals or organisations who provide goods and/or services to us.

Onboarding, managing and monitoring our vendor relationships (Legal basis: Consent, Contract or Legal Obligation)

This includes:

• conducting vendor due diligence at onboarding, contract renewal and as required during the contract performance
• engaging with you as a representative of our vendor/service provider for the purpose of providing goods and/or services to us
• creating and maintaining our vendor account
• contacting you
• monitoring the performance of vendor contracts
• settling bills and accounts

Operating our business (Legal basis: Consent or Legal Obligation)

This includes:

• engaging in business operational management, such as performing administrative tasks, risk management activities, audits and ensuring operation and security of our communications and processing systems
• developing, testing and analysing our systems, products and services, for example, to offer a well-functioning website or other applications to users
• monitoring and recording our communications with you, for example, phone calls, for training and quality purposes.

Keeping you and our people safe (Legal basis: Consent, Legal Obligation or Life and Health Protection)

This includes:

• conducting identity verification security checks for building access
• using CCTV surveillance recordings at our premises for the purposes of preventing and detecting fraud and/or other crimes, such as theft
• investigating and reporting on incidents or emergencies on our properties and premises
• for the security of our systems and networks in order to keep your data safe and confidential
• for other health and safety compliance purposes.

Detecting, investigating and preventing financial crimes (Legal basis: Consent, Contract or Legal Obligation)

This includes:

• conducting identity verification security checks against government and other official centralised databases, as required by law
• monitoring and recording our communications and screening applications and transactions in connection with actual or suspected fraud, financial crime or other criminal activities
• recording and monitoring your electronic communications with us, to the extent permitted by applicable law, to ensure compliance with our legal and regulatory obligations and internal policies.

Complying with applicable laws, regulations and other requirements (Legal basis: Consent or Legal Obligation)

This includes:

• identifying and investigating compliance with our own Standard Chartered Group policies
• complying with relevant local and foreign law, regulations, rules, directives, judgments or court orders, requests, guidelines, government sanctions, embargo, reporting requirements, restrictions, demands or agreements with any authority (including domestic or foreign tax authorities), court or tribunal, enforcement agency or exchange body in any relevant jurisdiction where the Standard Chartered Group operates
• following any voluntary guidelines or recommendations from industry bodies or associations.

Exercising our legal rights and conducting legal proceedings (Legal basis: Legal Obligation)

This includes:

• tracing and exercising our rights and protecting ourselves against harm to our rights and interests
• retaining records as may be necessary as evidence for any potential litigation or investigation
• recovering debts and arrears
• obtaining professional advice
• investigating or making an insurance claim
• responding to any insurance related matter, action or proceeding
• defending or responding to any current or prospective legal, regulatory, or industry bodies or association related matter, action or proceeding.

We may share your personal data within the Standard Chartered Group. Standard Chartered Group may share your personal data for the purposes of processing as set out in this privacy notice, including with our other service providers, our business partners, other third parties and as required by law or requested by any authority. Who these are depends on whether you provide goods and/or services to us directly or you represent, or are associated with, other individuals or organisations who provide goods and/or services to us.

We limit how, and with whom, we share your personal data, and take steps to ensure your personal data is kept confidential and protected when we share it. We may share your personal data for our purposes of processing with the following, where relevant and allowed by law:

• Other members of the Standard Chartered Group
• Authorised third parties
  • any other person you have authorised us by your consent to share your personal data with.
• Third parties that can verify your information
  • credit bureaus or credit reference agencies (including the operator of any centralised database used by credit reference agencies) and fraud prevention agencies and organisations
  • other non-government third parties’ that conduct financial crime prevention databases checks to prevent money laundering, terrorism, fraud and other financial crimes.
• Our service partners
  • professional advisers such as auditors and legal counsel
  • insurers or insurance brokers
  • service providers (such as operational, administrative, data processing and technology service providers), including anyone engaged or partnered with to analyse and facilitate improvements or enhancements in Standard Chartered Group’s operations or provision of products and services
  • providers of professional services, such as market researchers, forensic investigators and management consultants.
• Other financial services organisations
  • other financial institutions, such as merchant banks, correspondent banks or national banks.
• Government and law enforcement agencies
  • as required by law or requested by any authority, which includes any government, quasi-government, regulator, administrative, regulatory or supervisory body, court, tribunal, enforcement agency, exchange body or domestic or foreign tax authorities, having jurisdiction over any Standard Chartered Group member whether within or outside your jurisdiction and whether or not that Standard Chartered Group member has a relationship with you.
• Other third parties
  • the individual, company, business or organisation, as applicable, that you represent or is related to you
  • third parties in case of a merger, acquisition or divestment: if we transfer (or plan to transfer) any part of our business or assets. If the transaction goes ahead, the interested party may use or disclose your personal information in the same way as set out in this privacy notice, and subsequently notify you of any changes they may make in terms with how they process your personal data.

Your personal data may be stored, shared and transferred by us within the Standard Chartered Group or with other third parties for the purposes described in this privacy notice. We do this in order to operate effectively, efficiently and securely in facilitating transactions and providing products and services to our clients, to improve and support our processes and business operations and to comply with our legal and regulatory obligations. This may involve storing, sharing and transferring your personal data cross border to other jurisdictions.

Where recipients of your personal data are in jurisdictions that are outside Vietnam, and local laws may not have similar data protection laws as the jurisdiction where you are or where we have a relationship, we will take all reasonable steps necessary to ensure that your personal data has an appropriate adequate level of protection and safeguards to comply with applicable law.

We take the privacy and security of your personal data very seriously. To protect your data, we have put in place a range of technical, physical and organisational measures to protect and keep your personal data confidential. Standard Chartered Group has implemented information security policies, rules and technical measures to protect personal data and to comply with legal and regulatory requirements. We train and require staff who access your personal data to comply with our data privacy and security standards. We require our service providers, or other third parties we engage with and to whom we disclose your personal data to implement similar confidentiality, data privacy and security standards and measures when they handle, access or process your personal data.

Nevertheless, please understand that the transmission of information via the internet is not completely secure. Although we strive our best to securely store your personal data, we cannot guarantee that our security measures will prevent third parties such as hackers from illegally obtaining access to your personal data.

Your personal data will be processed at any time subject to your consent, unless otherwise provided by applicable regulations, and will be stopped processing when you withdraw your consent or when required by applicable regulations.

We keep your personal data for business or legal reasons while you engage with us, and for a period of time afterwards for the purposes described in this privacy notice in accordance with our data retention policy standards and as required by applicable law. Unless otherwise required by applicable laws and regulations, we will delete, anonymise, destroy and/or stop using personal data when we no longer need it.

We respect your personal data, and you have the following rights about how we use your information:

• Right to be informed
• Right to give consent
• Right to access or provided with your data – you are entitled to access your data and can ask us for a copy of the personal data we have about you and how we’ve used it.
• Right to correct your data – if your personal information is incorrect, you can rectify the data yourself or ask us to update
• Right to delete your data – you can ask us to delete your personal data. However, we may need certain personal details to provide our products and services to you.
• Right to restrict or object to processing – you can ask us to stop using your data or change how we use it, including but not limited to objecting to our use or disclosure of data for advertising purposes. However, we may need certain personal details to engage with you or provide our products and services to you.
• Right to change or withdraw consent – if we ask for your consent to use your personal data, you can change your mind at any time. If you withdraw your consent, you acknowledge and agree that we may retain and process your personal data according to the requirements under applicable regulations or by competent authorities.
• Right to file complaints, denunciations and lawsuits
• Right to claim damage
• Right to self-protection

You can also play a part in protecting your personal data:

• Protect your own personal data and request us or other relevant organisations and individuals to protect your personal data.
• Respect and protect others’ personal data.
• Provide complete and accurate personal data once you have consented to the processing of your personal data.
• Participate in the dissemination of personal data protection skills.
• Comply with applicable laws and regulations on protection of personal data and participate in prevention of violations of such laws and regulations.
• Other obligations as provided under applicable laws and regulations.

We will respond to requests to exercise your personal data rights in line with applicable law. If you have any questions about your rights, please contact us using the details below.

The following Standard Chartered Group company acts as the controller and processor of your personal data in Vietnam:

• Standard Chartered Bank (Vietnam) Limited

Address:

Standard Chartered Bank (Vietnam) Limited

Level 3, Capital Place,

29 Lieu Giai, Ba Dinh,

Hanoi, Vietnam

You can contact our Data Privacy Officer at Vietnam.DPO@sc.com.

Or by post at:

Standard Chartered Bank (Vietnam) Limited,

Level 3, Capital Place,

29 Lieu Giai, Ba Dinh,

Hanoi, Vietnam

Got a complaint?

If you have any concerns or complaints about how we’re using your personal data, please talk to us. You can get in touch with our Data Privacy Officer.

Cookies

Please see our separate Cookie Policy at www.sc.com/vn/en/cookie-policy.

Other Terms and Conditions

There may be specific terms and conditions in our vendor agreements that govern the collection, use and disclosure of your personal data. Such other terms and conditions must be read in conjunction with this privacy notice.

This privacy notice was updated on 23 June 2023.