Privacy Notice – European Union General Data Protection Regulation
Our commitment to protecting your privacy and personal data
We are committed to ensuring that your personal data is used properly, your privacy is protected and the confidentiality of any personal data that you provide to us is safeguarded. This Privacy Notice explains how we use and protect the information we collect about you, how you can instruct us if you prefer to limit the use of that information and the procedures that we have in place to safeguard your privacy.
The controller of your personal data is The Bank of East Asia, Limited, registered in Singapore (“BEASG”) under UEN: S52FC1059A with its registered office address at:
BEA Building,
Singapore
068892
Collectively the terms “we,” “our,” or “us” in this Privacy Notice will refer to BEASG.
This Privacy Notice applies to the extent that the EU’s General Data Protection Regulation (“GDPR”) applies to our processing of personal data about you (i.e. customers or individuals which had personal data transferred from The Bank of East Asia, Limited UK Branches. If the GDPR does not apply to you, or if the processing activity is not subject to the GDPR, this Privacy Notice does not apply and you will be subject to our non-GDPR Privacy Notice at https://www.hkbea.com.sg/html/en/beasg-privacy-statement-personal-data-protection-act.html.
If you do not wish for your personal data to be used in the ways described within this Privacy Notice then you should not access or use the website that we make available for your use (“Website”) and/ or use the services we offer (“Services”). You also have the rights described under “Your Rights” below.
Quick guide to contents
- Information we collect about you
- Reasons we can collect and use your personal data
- Purpose
- How we protect your information
- Disclosure of your information
- Your rights
- No fee usually required
- What we may need from you
- Changes to our Privacy Notice
- Links to other websites
- How long your personal data will be kept
- Transferring personal data overseas
- Automated decision-making
- Consequences of not providing personal data required
- Cookies
- How do I control my cookie settings on my computer or device?
- How to contact us
Information we collect about you
Information you give us. This is information about you that you give us or other members of the Bank of East Asia Group (including The Bank of East Asia, Limited, UK Branches) by:
- applying for products and services; or
- corresponding with us by phone, letter, e-mail or otherwise.
This may include personal data such as your name, email address, postal address, employer, financial details and any additional details that you may provide us with.
Special categories of data.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
Reasons we can collect and use your personal data
The legal basis for the processing of your personal data is that:
Purpose
- manage your account, give you statements and provide our services, for assessment and analysis (including credit and/or behaviour scoring, market and product analysis), and to develop and improve our products and services. Any research and statistical analysis we use will not include information that can be used to identify any individual. We may also use the information to trace your whereabouts to recover debts and to help prevent fraud and/or money laundering;
- provide you with information about special features of our website or any other products or services we think may be of interest to you. If you would rather not receive this information, please write to us at our address provided below, you can contact us at one of our branches or send us email or letter;
- deliver the Services effectively and for internal operations, including technical administration, troubleshooting, data analysis, testing, research and statistical; and
- provide you with a better experience, to improve the quality, value, functionality and general user friendliness of the Website, and as part of our efforts to keep the Services safe and secure (collectively, the “Purposes”).
How we protect your information
We follow strict standards of security and confidentiality to protect any personal data you provide to us. Amongst other things, to safeguard your use of our online services, we use encryption when transmitting your information between your browser and BEASG.
While we do our best to protect your personal data, we cannot guarantee the security of your information transmitted to us over the email or through the Website; any such transmission is at your own risk.
Disclosure of your information
We will disclose your personal data to third parties only in the following exceptional cases to the extent permitted by law:
- where we are required or legally compelled to disclose, or to apply our Website Terms of Use and other agreements with you;
- where there is a duty to the public to disclose;
- where our interest requires disclosure (i.e. to prevent fraud), but this will not be used as a reason for disclosing information about you or your accounts to anyone else, including other companies in our group, for marketing purposes; and
- where disclosure is made at your request or with your explicit consent.
We also share your personal data with Credit Reference Agencies (“CRA”) if: (i) you have fallen behind with your payments; (ii) the amount owed is not in dispute; and/or (iii) if you have not made satisfactory proposals to us for repaying your debt following our formal demand.
We may also share your personal data with other BEA Group companies for internal reasons, primarily for business and operational purposes.
As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us your personal data will be disclosed to such entity. Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such information will be considered an asset of ours and as such it is possible they will be transferred to third parties.
Your rights
You have a number of rights in relation to how we process your personal data. These include:
| Your Rights | What does this mean? |
| The right to object | You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities). |
| The right to be informed | You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we’re providing you with the information in this Privacy Notice. |
| The right of access | You have the right to obtain access to your personal data (if we’re processing it), and other supplementary information (similar to that provided in this Privacy Notice). This is so you’re aware and can check that we’re using your personal data in accordance with the UK GDPR. Once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant personal data within 30 days. Where we are unable to respond to you within the said 30 days, we will notify you of the soonest possible time within which we can provide you with the personal data requested. |
| The right to rectification | You are entitled to have your personal data corrected if it’s inaccurate or incomplete. Once we have sufficient information from you to deal with the request, we will: (a) correct your personal data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction; and (b) unless you request for us to send the corrected personal data only to specific organisations to which the personal data was disclosed by us within a year before the correction was made, we will send the corrected personal data to every other organisation to which the personal data was disclosed by BEASG within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose. |
| The right to erasure | This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep using it. This is not a general right to erasure, there are exceptions. |
| The right to restrict processing | You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, we can still store your personal data, but may not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future. |
| The right to data portability | You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your personal data easily between our IT systems and theirs safely and securely, without affecting its usability. |
| The right to lodge a complaint | You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator. Where it is an email or a letter through which you are submitting a complaint, your indication at the subject header that it is a GDPR complaint would assist us in attending to your complaint speedily by passing it on to the relevant staff in our organization to handle. For example, you could insert the subject header as “GDPR Complaint”. We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly. |
| The right to withdraw consent | If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes. We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your personal data in the manner stated in your request. However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that we will not be able to continue with your existing relationship with us or the contract you have with us may have to be terminated. |
You may exercise these rights by contacting us using the details provided at the end of this Privacy Notice. Further information and advice about your rights can be obtained from the data protection regulator in your country.
No fee required usually
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Changes to our Privacy Notice
We may make changes to this Privacy Notice at any time. Any amended Privacy Notice will be published on BEASG website. We may communicate the updates to you by post.
Links to other websites
Our websites contains hyperlinks to other websites. We recommend you read the Privacy Notice on any external websites you visit. We have no control over external websites and therefore are not liable for your use of them.
How long your personal data will be kept
We will only retain your personal data for as long as is necessary for us to use your personal data as described in this Privacy Notice, where it is in our legitimate interest, or to comply with our legal obligations. However, please be advised that we may retain some of your personal data after you cease to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the personal data for tax and accounting purposes.
When determining the relevant retention periods, we will take into account factors including:
- our contractual obligations and rights in relation to the personal data involved;
- legal obligations under applicable law to retain data for a certain period of time;
- statute of limitations under applicable laws;
- (potential) disputes;
- if you have made a request to have your personal data deleted; and
- guidelines issued by relevant data protection authorities
Transferring personal data overseas
We may need to transfer personal data to other BEA Group companies, service providers or business partners in countries outside of your country.
From within the European Economic Area (EEA) to outside the EEA:
- We may need to transfer personal data outside of the EEA, i.e. Singapore
- When we send your personal data to a country that is not in the EEA, we will make sure that your personal data is properly protected. We will always ensure that there is a proper legal basis that covers the data transfer.
From within another country (not in the EEA) to outside of that country:
- We may need to transfer personal data outside of a country. When we send your personal data from a country (not in the EEA) outside of that country then we will make sure that your personal data is protected to at least the same standard as that which is required in the originating country and in line with all applicable laws. For example, we will always ensure that there is a proper legal basis that covers the data transfer.
If you have any questions about data transfers, please contact us using the details provided at the end of this Privacy Notice.
Automated decision-making including profiling
We do not make decisions and profiling based solely on automated processing in a way that significantly affects your rights. The UK GDPR applies to all automated individual decision-making and profiling. The UK GDPR has additional rules to protect individuals if an organisation carries out solely automated decision-making that has legal or similar significant effects on them.
Consequences of not providing personal data required
If you do not provide the personal data necessary, or withdraw your consent for the processing of your personal data (where relevant), where this information is necessary for us to provide our services to you, we will not be able to provide these services to you.
In circumstances where it is not necessary for us to provide services to you, there will be no impact on the services if you do not provide the personal data or withdraw your consent.
Cookies
We use cookies to distinguish you from other users of the Website. This helps us to provide you with a smooth experience when you visit the Website, and also allows us to improve the Website. A cookie is a small text file that can be placed on your computer or other device when using the Website.
What do we use cookies for?
The cookies on this website may be from any of two categories:
- Strictly Necessary cookies - these cookies are used for technical reasons and are necessary to enable the Website to operate efficiently so that you can navigate the Website with ease and use specific features. These include, for example, cookies that help us to debug any errors. If these cookies are blocked or disabled, some of the Website may not operate effectively.
- Functionality cookies - these cookies are used to improve the functionality of the Website and make it easier to use. They help us to identify you as a repeat user of the Website and help us remember your preferences (for example, your choice of language or region), improving your user experience.
How do I control my cookie settings on my computer or device?
Please be aware that if you decide to disable or block cookies, parts of the Website may not function correctly, or at all.
Should you choose however to disable or block our cookies on your computer or other device you will need to do this through your browser.
How to contact us
You must notify us of any changes to your details as soon as possible to safeguard the security of your information. We may request documentary evidence to support the changes. You should notify us of any change by writing to the address below.
We welcome your views about our website and our Privacy Notice. If you would like to contact us with any queries or comments, please write to the correspondence(s) below:
The Bank of East Asia, Limited
60 Robinson Road,
BEA Building, Singapore 068892
As we are based in Singapore, we have appointed a Data Protection Officer within the EEA. The contact detail is:
The Bank of East Asia, Limited
2nd floor, 77 Shaftesbury Avenue,
London W1D 5BB
Should you have any concerns about how we handle your personal data, please contact us in the first instance. We will do our best to resolve your concern. For further information about your rights, or to make a direct complaint, please contact your national data protection regulator.
