Header

Personal Data (Privacy) Ordinance

STATE BANK OF INDIA, HONG KONG BRANCH (the “Bank”)

Notice to Customers relating to the Personal Data (Privacy) Ordinance (the “Ordinance”)

  • (a)From time to time, it is necessary for customers to supply the Bank with data in connection with the opening or continuation of accounts and the establishment or continuation of banking facilities or provision of banking services.
  • (b)Failure to supply such data may result in the Bank being unable to open or continue accounts or establish or continue banking facilities or provide banking services.
  • (c)It is also the case that data are collected from customers in the ordinary course of the continuation of the banking relationship, for example, when customers write cheques or deposit money.
  • (d)The purposes for which data relating to a customer may be used are as follows: –
    1. the daily operation of the services and credit facilities provided to customers;
    2. conducting credit checks at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year;
    3. creating and maintaining the Bank’s credit scoring models;
    4. assisting other financial institutions to conduct credit checks and collect debts;
    5. ensuring ongoing credit worthiness of customers;
    6. designing financial services or related products for customers’ use;
    7. marketing services, products and other subjects (please see further details in paragraph (g) below);
    8. determining amounts owed to or by customers;
    9. collection of amounts outstanding from customers and those providing security for customers’ obligations;
    10. complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Bank or any of its branches or that it is expected to comply according to:
      1. any law binding or applying to it within or outside the Hong Kong Special Administrative Region existing currently and in the future;
      2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Hong Kong Special Administrative Region existing currently and in the future;
      3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Bank or any of its branches by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
    11. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the group of the Bank and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
    12. enabling an actual or proposed assignee of the Bank, or participant or sub-participant of the Bank’s rights in respect of the customer to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and
    13. purposes relating thereto.
  • (e)Data held by the Bank relating to a customer will be kept confidential but the Bank may provide such information to the following parties for the purposes set out in paragraph (d) above: –
    1. any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to the Bank in connection with the operation of its business;
    2. any other person under a duty of confidentiality to the Bank including a group company of the Bank which has undertaken to keep such information confidential;
    3. the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
    4. credit reference agencies, and, in the event of default, to debt collection agencies;
    5. any person to whom the Bank or any of its branches is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to the Bank or any of its branches, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Bank or any of its branches are expected to comply, or any disclosure pursuant to any contractual or other commitment of the Bank or any of its branches with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside the Hong Kong Special Administrative Region and may be existing currently and in the future;
    6. any actual or proposed assignee of the Bank or participant or sub-participant or transferee of the Bank’s rights in respect of the customer; and
      1. the Bank’s group companies;
      2. third party financial institutions, insurers, credit card companies, securities and investment services providers;
      3. third party reward, loyalty, co-branding and privileges programme providers;
      4. co-branding partners of the Bank and the Bank’s group companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
      5. charitable or non-profit making organisations; and
      6. external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Bank engages for the purposes set out in paragraph (d)(vii) above.

      Such information may be transferred to a place outside Hong Kong.

  • (f) Data Security
    1. We will strive at all times to ensure that your personal data is protected against unauthorized or accidental access, processing or erasure. We maintain this commitment to data security by implementing appropriate physical, electronic and managerial measures to safeguard and secure your personal data.
    2. The Internet banking site use of 128-bit SSL encryption technology – an industry standard for encryption over the Internet to protect data.
    3. Our servers are behind “firewalls” and our systems are monitored to prevent any unauthorized access.
    4. We will take all practical steps to ensure that personal data will not be kept longer than necessary and that we will comply with all statutory and regulatory requirements in the Hong Kong Special Administrative Region concerning the retention of personal data or Reserve Bank of India Guidelines, whichever is stringent.
  • (g)With respect to data in connection with mortgages applied by a customer (whether as a borrower, mortgagor or guarantor and whether in the customer’s sole name or in joint names with others) on or after 1 April 2011, the following data relating to the customer (including any updated data of any of the following data from time to time) may be provided by the Bank, on its own behalf and/or as agent, to a credit reference agency: –
    1. full name;
    2. capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in the customer’s sole name or in joint names with others);
    3. Hong Kong Identity Card Number or travel document number;
    4. date of birth;
    5. correspondence address;
    6. mortgage account number in respect of each mortgage;
    7. type of the facility in respect of each mortgage;
    8. mortgage account status in respect of each mortgage (e.g., active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order); and
    9. if any, mortgage account closed date in respect of each mortgage.

    The credit reference agency will use the above data supplied by the Bank for the purposes of compiling a count of the number of mortgages from time to time held by the customer with credit providers in Hong Kong, as borrower, mortgagor or guarantor respectively and whether in the customer’s sole name or in joint names with others, for sharing in the consumer credit database of the credit reference agency by credit providers (subject to the requirements of the Code of Practice on Consumer Credit Data approved and issued under the Ordinance).

  • (h) USE OF DATA IN DIRECT MARKETINGUSE OF DATA IN DIRECT MARKETING The Bank intends to use a customer’s data in direct marketing and the Bank requires the customer’s consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
    1. (i) the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of a customer held by the Bank from time to time may be used by the Bank in direct marketing;
    2. the following classes of services, products and subjects may be marketed:
      1. financial, insurance, credit card, banking and related services and products;
      2. reward, loyalty or privileges programmes and related services and products;
      3. services and products offered by the Bank’s co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
      4. donations and contributions for charitable and/or non-profit making purposes;
    3. the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Bank and/or:
      1. the Bank’s group companies;
      2. third party financial institutions, insurers, credit card companies, securities and investment services providers;
      3. third party reward, loyalty, co-branding or privileges programme providers;
      4. co-branding partners of the Bank and the Bank’s group companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
      5. charitable or non-profit making organisations;
    4. in addition to marketing the above services, products and subjects itself, the Bank also intends to provide the data described in paragraph (g)(i) above to all or any of the persons described in paragraph (g)(iii) above for use by them in marketing those services, products and subjects, and the Bank requires the customer’s written consent (which includes an indication of no objection) for that purpose;
    5. The Bank may receive money or other property in return for providing the data to the other persons in paragraph (g)(iv) above and, when requesting the customer’s consent or no objection as described in paragraph (g)(iv) above, the Bank will inform the customer if it will receive any money or other property in return for providing the data to the other persons.

    If a customer does not wish the Bank to use or provide to other persons his data for use in direct marketing as described above, the customer may exercise his opt-out right by notifying the Bank.

  • (i)Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data, any customer has the right: –
    1. to check whether the Bank holds data about him and of access to such data;
    2. to require the Bank to correct any data relating to him which is inaccurate;
    3. to ascertain the Bank’s policies and practices in relation to data and to be informed of the kind of personal data held by the Bank;
    4. to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
    5. in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Bank to a credit reference agency, to instruct the Bank, upon termination of the account by full repayment, to make a request to the credit reference agency to delete such account data from its database, as long as the instruction is given within five years of termination and at no time was there any default of payment in relation to the account, lasting in excess of 60 days within five years immediately before account termination. Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by the Bank to a credit reference agency), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).
  • (j)In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data (as defined in paragraph (h)(v) above) may be retained by the credit reference agency until the expiry of five years from the date of final settlement of the amount in default.
  • (k)In the event any amount in an account is written-off due to a bankruptcy order being made against a customer, the account repayment data (as defined in paragraph (h)(v) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until the expiry of five years from the date of final settlement of the amount in default or the expiry of five years from the date of discharge from a bankruptcy as notified by the customer with evidence to the credit reference agency, whichever is earlier.
  • (l)In accordance with the terms of the Ordinance, the Bank has the right to charge a reasonable fee for the processing of any data access request.
  • (m)The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed is as follows: -The Data Protection Officer
    State Bank of India, Hong Kong Branch
    15th Floor, Central Tower, 28 Queen’s Road, Central, Hong Kong
    Telephone: (852) 25239643
    Fax: (852) 28681966
  • (n)The Bank may have obtained a credit report on the customer from a credit reference agency in considering any application for credit. In the event the customer wishes to access the credit report, the Bank will advise the contact details of the relevant credit reference agency.
  • (o)Nothing in this Notice shall limit the rights of customers under the Personal Data (Privacy) Ordinance.
Working Hours
Mondays to Fridays
9.30 am to 04.00 pm
[Except Saturdays, Sundays and Public Holidays]