The purpose of this document ("Data Protection Policy") is to inform you of how Bank of Singapore Limited and Bank of Singapore Nominees Pte Ltd manage Personal Data (as defined below) which is subject to the Singapore Personal Data Protection Act (No. 26 of 2012) ("the Act"). Please take a moment to read this Data Protection Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.
By interacting with us, submitting information to us, or signing up for any products or services offered by us, you agree and consent to Bank of Singapore Limited and Bank of Singapore Nominees Pte Ltd (including their related corporations and overseas branches and offices) (collectively, the "Companies"), as well as their respective representatives and/or agents ("Representatives") (the Companies and Representatives collectively referred to herein as "BOS", "us", "we" or "our") collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to the Companies' authorised service providers and relevant third parties in the manner set forth in this Data Protection Policy.
This Data Protection Policy supplements but does not supersede nor replace any other consents you may have previously provided to BOS in respect of your Personal Data, and your consents herein are additional to any rights which any of the Companies may have at law to collect, use or disclose your Personal Data.
BOS may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of the Data Protection Policy as updated from time to time on our website http://www.bankofsingapore.com/Data-Protection-Policy.html. Please check back regularly for updated information on the handling of your Personal Data.
In this Data Protection Policy, "Personal Data" refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.
Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address, transactional data and any other information relating to any individuals which you have provided us in any forms you may have submitted to us (including in the form of biometric data), or via other forms of interaction with you.
Generally, we collect Personal Data in the following ways:
When you browse our website and platforms, you generally do so anonymously but please see the section below on cookies. We do not, at our website and platforms, automatically collect Personal Data, including your email address unless you provide such information or login with your account credentials.
If you provide us with any Personal Data relating to a third party (for example, information of your spouse, children, parents, or a Connected Person), by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with his/her Personal Data for the respective purposes.
"Connected Person" may include but is not limited to any beneficial owner, authorised signatory, director, shareholder, officer of a company, partner or member of a partnership, settlor, trustee, beneficial owner, protector or grantor of trust, mandate holder, power of attorney holder, surety, third party security provider, provider of funds, founder and/or employee, payee of designated payment, representatives, agents or nominees.
You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested. You agree to inform BOS immediately of any change of facts or circumstances which may render any information or Personal Data previously provided inaccurate, untrue or incorrect and provide any information or documentation as BOS may reasonably require for the purposes of verifying the accuracy of the updated information or Personal Data.
Generally, BOS collects, uses and discloses your Personal Data for the following purposes:
These purposes may also apply even if you do not maintain any account(s) with us, or have terminated these account(s).
In addition, BOS collects, uses and discloses your Personal Data for the following purposes depending on the nature of our relationship:
In addition, where permitted under the Act, BOS may also collect, use and disclose your Personal Data for the following purposes (which we may describe in our documents and agreements as "Additional Purposes" for the handling of Personal Data):
If you have provided your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, BOS may contact you using such Singapore telephone number(s) (including via voice calls, text , fax or other means) with information about our products and services (including discounts and special offers).
In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
BOS will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be provided, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:
Our websites and platforms use cookies and other technologies. Cookies are small text files stored in your computing or other electronic devices when you visit our website and platforms for record keeping purposes. Cookies are stored in your browser’s file directory, and the next time you visit the website or platform, your browser will read the cookie and relay the information back to the website, platform or element that originally set the cookie. Depending on the type of cookie it is, cookies may store user preferences and other information.
Web beacons (also known as pixel tags and clear GIFs) involve graphics that are not apparent to the user. Tracking links and/or similar technologies consist of a few lines of programming code and can be embedded in our websites or platforms. Web beacons are usually used in conjunction with cookies and primarily used for statistical analysis purposes. This technology can also be used for tracking traffic patterns on websites and platforms, as well as finding out if an e-mail has been received and opened and to see if there has been any response.
We may employ cookies and other technologies as follows:
Some cookies we use are from third party companies to provide us with web analytics and intelligence about our websites and platforms. These companies collect information about your interaction with our websites and platforms. We use such information to compile statistics about visitors who interact with the websites, platforms and other OCBC online content, to gauge the effectiveness of our communications, and to provide more pertinent information to our visitors.
If you do not agree to such use of cookies, you can adjust your browser settings. Unless you have adjusted your browser settings to block cookies, our system will issue cookies as soon as you visit our site or click on a link in a targeted email that we have sent you, even if you have previously deleted our cookies
The way which cookies can be managed depends on your browser. The following links provide information on how to configure or disable cookies in each browser:
If you do not agree to our use of cookies and other technologies as set out in this Data Protection Policy, you should delete or disable the cookies associated with our websites and platforms by changing the settings on your browser accordingly. However, you may not be able to enter certain part(s) of our websites or platforms. This may also impact your user experience while on our websites or platforms.
BOS will take reasonable efforts to protect Personal Data in our possession or our control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. However, we cannot completely guarantee the security of any Personal Data we may have collected from or about you, or that for example no harmful code will enter our website (for example viruses, bugs, trojan horses, spyware or adware). You should be aware of the risks associated with using websites and take any necessary precautions.
While we strive to protect your Personal Data, we cannot ensure the security of the information you transmit to us via the Internet or electronic communication or when you use our electronic services, and we urge you to take every precaution to protect your Personal Data when you use such platforms. We recommend that you change your passwords often, use a combination of letters and numbers, and ensure that you use a secure browser.
If applicable, you undertake to keep your username and password secure and confidential and shall not disclose or permit it to be disclosed to any unauthorised person, and to inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorised transactions have taken place. We are not liable for any damages resulting from any security breaches, on unauthorised and/or fraudulent use of your username and password.
Our website may contain links to other websites operated by third parties. We are not responsible for the privacy practices of websites operated by third parties that are linked to our website. We encourage you to learn about the privacy policies of such third party websites. Some of these third party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable privacy policy of the third party website to determine how they will handle any information they collect from you.
If you:
Email: | dpo@bankofsingapore.com |
---|---|
Call: | +65 6559 8000 |
Write in: | Data Protection Officer Bank of Singapore Limited 63 Market Street #22-00 Bank of Singapore Centre Singapore 048942 |
Please note that if your Personal Data has been provided to us by a third party (for example, The Central Depository Pte Ltd), you should contact that such party directly to make any queries, feedback and access and correction requests to BOS on your behalf.
If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, BOS or any of the Companies may not be in a position to continue to provide its products or services to you, administer any contractual relationship in place, may also result in the termination of any agreements you have entered into with BOS or any of the Companies, and your being in breach of your contractual obligations or undertakings, and BOS’s or the Company’s legal rights and remedies in such event are expressly reserved.
This Data Protection Policy and your use of this website shall be governed in all respects by the laws of Singapore.
The purpose of this document ("Data Protection Policy") is to inform you of how BOS Trustee Limited manages Personal Data (as defined below) which is subject to the Singapore Personal Data Protection Act (No. 26 of 2012) ("the Act"). Please take a moment to read this Data Protection Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.
By interacting with us, submitting information to us, or signing up for any Services (as defined in paragraph 2.1(a) below) offered by us, you agree and consent to BOS Trustee Limited (including its related corporations and business units) (collectively, the "Companies"), as well as their respective representatives and/or agents ("Representatives") (the Companies and Representatives collectively referred to herein as "BOSTL", "us", "we" or "our") collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to the Companies' authorised service providers and relevant third parties in the manner set forth in this Data Protection Policy.
This Data Protection Policy supplements but does not supersede nor replace any other consents you may have previously provided to BOSTL in respect of your Personal Data, and your consents herein are additional to any rights which to any of the Companies may have at law to collect, use or disclose your Personal Data.
BOSTL may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of the Data Protection Policy as updated from time to time on our website http://www.bankofsingapore.com/Data-Protection-Policy.html. Please check back regularly for updated information on the handling of your Personal Data.
In this Data Protection Policy, "Personal Data" refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.
Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address, transactional data and any other information relating to any individuals which you have provided us in any forms you may have submitted to us (including in the form of biometric data), or via other forms of interaction with you.
Generally, we collect Personal Data in the following ways:
If you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children, parents, beneficial owners, authorised signatories, directors, shareholders, officers of a company, partners or members of a partnership, settlor, trustees, beneficiaries, protectors or grantors of trust, power of attorney holders, surety, third party security providers, provider of funds, founders, employers, business partners and/or employees, payees of designated payments, representatives, agents or nominees), by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with their Personal Data for the respective purposes.
You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the Services you have requested. You agree to inform BOSTL immediately of any change of facts or circumstances which may render any information or Personal Data previously provided inaccurate, untrue or incorrect and provide any information or documentation as BOSTL may reasonably require for the purposes of verifying the accuracy of the updated information or Personal Data.
Generally, BOSTL collects, uses and discloses your Personal Data for the following purposes:
These purposes may also apply even if you do not maintain any account(s) with us, or have terminated these account(s).
In addition, BOSTL collects, uses and discloses your Personal Data for the following purposes depending on the nature of our relationship:
In addition, where permitted under the Act, BOSTL may also collect, use and disclose your Personal Data to send you details of Services either to our customers generally, or which we have identified may be of interest to you (which we may describe in our documents and agreements as "Additional Purposes" for the handling of Personal Data).
If you have provided your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, BOSTL may contact you using such Singapore telephone number(s) (including via voice calls, text , fax or other means) with information about our Services (including discounts and special offers).
In relation to particular Services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
BOSTL will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be provided, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:
If you:
Email: | dpo.sg@BOSTrustee.com |
---|---|
Call: | +65 6818 6478 |
Write in: | Data Protection Officer Data Protection & Governance Office BOS Trustee Limited 63 Market Street #14-00 Bank of Singapore Centre Singapore 048942 |
Please note that if your Personal Data has been provided to us by a third party (e.g. The Central Depository Pte Ltd), you should contact such party directly to make any queries, feedback, and access and correction requests to BOSTL on your behalf.
If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, BOSTL may not be in a position to continue to provide its Services to you, administer any contractual relationship in place, may also result in the termination of any agreements with BOSTL, and your being in breach of your contractual obligations or undertakings, and BOSTL’s legal rights and remedies in such event are expressly reserved.
This Data Protection Policy and your use of this website shall be governed in all respects by the laws of Singapore.
In this privacy notice, ‘we’ us’ and ‘our’ means:
Bank of Singapore Limited, 63 Market Street, #22-00 Bank of Singapore Centre, Singapore 048942, and the Bank of Singapore Limited (Dubai International Financial Centre Branch), Office 30-32, Level 28, Central Park Tower, Dubai International Financial Centre, Bank of Singapore Limited, Hong Kong Branch, 34/F & 35F One International Finance Centre, 1 Harbour View Street, Central, Hong Kong, (collectively, the “Bank”) and BOS Trustee Limited, 63 Market Street #14-00 Bank of Singapore Centre Singapore 048942 (the “Trustee”).
We are committed to protecting your privacy and ensuring the highest level of security for your personal information. This Privacy Notice explains the types of personal information we collect, how we use that information, who we share it with, and how we protect that information. It also provides information about your rights.
Please read the following carefully to understand our views and practices regarding your personal information.
Depending on which of our products and services you ask us about, buy or use, different companies within our organisation will process your information. Generally, the Bank provides private banking services, while the Trustee provides trustee and trust administration services to clients of the Bank.
This Privacy Notice applies to any individual located within the European Economic Area1 (“EEA”, i.e. EU member states including Norway, Liechtenstein and Iceland) who enquire about, purchase or make use of our products and services provided by the Bank and/or Trustee.
1For the purposes of this Privacy Notice, the European Economic Area shall comprise the following countries: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the UK, Iceland, Liechtenstein and Norway. (Iceland, Liechtenstein and Norway are not part of the EU, but are part of the European Economic Area, and the GDPR applies to them as well.)
We may collect information about you from the following sources:
We obtain personal information about you through your interactions with us generally, including by telephone calls (which may be recorded), by email, via our websites, via application or other forms or face to face (e.g. in meetings). We collect personal information (such as your name, contact details, financial details, employment and education details, nationality, date and place of birth, marital status, passport or other identification details and details of visits to our premises) that you provide to us when you:
We collect information about you by monitoring your access to our premises (e.g. CCTV). We also collect information about how you interact with our website, including IP addresses or other device information (you’ll find more information about this in our Cookie Statement).
We receive information about you from third parties (e.g. credit reference agencies).
We process two categories of personal information about you:
We process your personal information for the purposes set out in this notice. Different legal grounds apply depending on what category of personal information we process. Standard personal information is normally processed by us on the basis that it is necessary for the performance of a contract, our or a third parties’ legitimate interests or law. Further information about this and special category processing grounds is set out below.
We process the following information: |
For the following purpose(s): |
Based on the following justification: |
|
|
|
Name, ID Number, Nationality, Passport Information, Tax Details, Date of Birth, Place of Birth, Residential Address, Business Address, Occupation, Signature, Employment History, Education Background, Financial Details, Criminal Records |
To facilitate our account opening process, our trust and other entities establishment process, our customer due diligence process and our vendor due diligence process, as well as to prevent fraud and abuse of our services. |
Necessary to perform our contract, to comply with our regulatory requirements and more generally in order to pursue our legitimate interest (see below) of managing our administrative and business operations and complying with internal policies and procedures. |
Financial and Transactional (e.g. details about your accounts with us and payments to and from your accounts with us) |
To enable us to process your transactions. To fulfil our Regulatory Reporting processes and facilitate fraud case handling and reporting (where required) |
Necessary to perform our contract and to comply with our regulatory requirements and more generally in order to pursue our legitimate interests (See below). |
Telephone Calls |
Monitoring of regulated activities, training and development |
To comply with our regulatory requirements and to pursue our legitimate interest (see below) to enhance the quality of our service. |
Particulars of any complaints |
To facilitate complaints handling and reporting |
To comply with our regulatory requirements |
Legitimate interest is one of the legal reasons why we may process your personal information. We process your personal information for a number of legitimate interests, including managing all aspects of our relationship with you, for marketing, to help us improve our services and products, and in order to exercise our rights or handle claims.
Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:
With your permission, we may send you carefully selected information about our products and services. You have the right to opt out of receiving direct marketing at any time by contacting your Relationship Manager
We share your information for the purposes set out in this privacy policy, with the following categories of recipients :
In the course of providing such services, these service providers may have access to your personal information. However, we will only provide our service providers with personal information which is necessary for them to perform their services, and we require them not to use your information for any other purpose. We will use our best efforts to ensure that all our service providers keep your personal information secure.
We may also disclose your personal information to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our contracts or protect your rights or those of the public.
We will not sell your personal information to third parties.
Please note our website may, from time to time, contain links to and from the websites of our partners or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we have no control over how they may use your personal information. You should check the privacy policies of third party websites before you submit any personal information to them.
We use global information systems. As a result, The Bank and Trustee transfers and processes your information to countries outside of the EEA to Singapore, Hong Kong, Dubai, and Philippines. This list of jurisdictions may be subject to change. We take steps to ensure that when your personal information is transferred internationally, it is subject to appropriate safeguards in accordance with applicable data protection laws. Often, these safeguards include contractual safeguards. More information about these safeguards can be obtained by contacting:
Email: dpo@bankofsingapore.com
Write in: Data Protection Officer, Bank of Singapore Limited, 63 Market Street, #22-00 bank of Singapore Centre, Singapore 048942.
The data protection laws in the EEA and in some other countries provide individuals with the following rights:
These rights may not apply in all cases. If we are not able to comply with your request, we will explain why. In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If you would like more information about your rights or to exercise any of your rights, please contact:
Email: dpo@bankofsingapore.com
Write in: Data Protection Officer, Bank of Singapore Limited, 63 Market Street, #22-00 bank of Singapore Centre, Singapore 048942.
You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. If you are based in, or the issue relates to, the UK, the Information Commissioner’s Office can be contacted as follows:
Telephone: +44 0303 123 1113
Email: casework@ico.org.uk
Website: www.ico.org.uk
Web-form: www.ico.org.uk/concerns/
Address: Water Lane, Wycliffe House, Wilmslow, Cheshire, SK9 5AF
If you are in the EEA, you can also lodge a complaint with another supervisory authority which is based in the country or territory where:
a. you are living,
b. you work, or
c. the alleged infringement took place.
A list of the EU data protection supervisory authorities is available here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
We have implemented technical and organisational security measures to safeguard the personal information in our custody and control. Such measures include, for example, limiting access to personal information only to employees and authorised service providers who need to know such information for the purposes described in this Privacy Notice; adopting security protocols on networks and systems; using email security settings when sending and/or receiving highly confidential emails; applying physical access controls such as marking confidential documents clearly and prominently, storing confidential documents in locked file cabinets; restricting access to confidential documents on a need-to-know basis; using privacy filters; disposal of confidential documents that are no longer needed, through shredding or similar means; using a mode of delivery or transmission of personal data that affords the appropriate level of security (e.g. registered post instead of normal post where appropriate); confirming the intended recipient of personal data as well as other administrative, technical and physical safeguards.
While we endeavour to protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.
We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent permitted by applicable laws. In general, we will keep your personal data for between seven (7) to twelve (12) years (depending on the type of information, and in accordance with our internal policies) after your relationship with us is terminated. However, there may be circumstances that mean we must retain your personal information for longer. In order to determine how long it is necessary to retain your personal information, we calculate retention periods in accordance with the following criteria:
Our services are not intended to be provided to children and we will never knowingly collect personal information from individuals under the age of thirteen (13) years without first obtaining verifiable parental consent. If you are under the age of 13 you should not provide information to us. If we become aware that a person under 13 has provided personal information to us without verifiable parental consent, we will remove such personal information from our files.
If there are any questions or concerns regarding this Privacy Notice, please contact us as follows:
Email: dpo@bankofsingapore.com
Write in: Data Protection Officer, Bank of Singapore Limited, 63 Market Street,#22-00 bank of Singapore Centre, Singapore 048942.
This Privacy Notice is written in English and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.
We reserve the right to change our Privacy Notice from time to time. If we decide to change our Privacy Notice we will notify you of these changes.
18th Oct 2019
In order to meet customer expectations and improve the services offered on our website, Bank of Singapore Limited, 63 Market Street, #22-00 Bank of Singapore Centre, Singapore 048942 may use cookies. If you want to learn more about what are cookies, how they're used and what your choices are, you can read more here.
Cookies are small text files stored in your computing or other electronic devices which allow us to remember you or other data about you. The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on an electronic device. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on that visitor.
Cookies are used for different purposes. We may employ cookies in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor's IP address, and a visitor's click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
Cookies can generally be put into one of the following four categories:
We use the following cookies on our website:
Cookie name |
Category |
Purpose |
First / Third Party |
JSESSIONID |
Strictly necessary cookies |
This is required to have client session stickiness with application server |
First Party |
WASSID & WSATAR |
Strictly necessary cookies |
Used to track and authenticate user login |
First Party |
AMCV_###@AdobeOrg |
Functionality and performance cookies |
This cookie is used by our analytics software, Adobe Analytics, to identify a unique visitor. |
First and Third Party |
gpv |
Functionality and performance cookies |
This cookie stores the quantity of pages you view when visiting the Websites |
First and Third Party |
s_cc |
Functionality and performance cookies |
This cookie allows Adobe Analytics to determine whether or not cookies are enabled in your browser. |
First and Third Party |
s_ppv |
Functionality and performance cookies |
Stores information on the percentage of the page displayed |
First and Third Party |
s_ppvl |
Functionality and performance cookies |
Stores information on the percentage of the page displayed to you |
First and Third Party |
s_sq |
Functionality and performance cookies |
This cookie is set and read by the JavaScript code when the ClickMap functionality and the Activity Map functionality are enabled; it contains information about the previous links that you clicked on the Websites. |
First Party |
_ga |
Functionality and performance cookies |
Google Analytics to determine that two distinct hits belong to the same user across sessions |
First and Third Party |
_gat |
Functionality and performance cookies |
Google analytics to measure how users interact with website content as a user journey between web pages |
Third Party |
_gid |
Functionality and performance cookies |
To store and update a unique value for each page visited for google analytics |
Third Party |
Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain parts of our website.
To learn more about cookies and how to manage or delete them, just visit allaboutcookies.org and the help section of your browser. In the settings for browsers like Internet Explorer, Safari, Firefox or Chrome, you can set which cookies to accept and which to reject. Where you find these settings depends on your browser – use the "Help" function in your browser to locate the settings you need.
You can also find helpful information about cookies at http://www.youronlinechoices.eu and http://www.international-chamber.co.uk/our-expertise/digitaleconomy.
If you have any questions, suggestions, or comments about this Cookie Statement, send an email to dpo@bankofsingapore.com. Our Cookie Statement may also be amended from time to time – so visit this page regularly to stay up to date.
PRELIMINARY PROVISIONS
BOS Wealth Management Europe S.A. (“BOSWME”) is committed to protecting your privacy and ensuring the highest level of security for your personal data. This Data Privacy Notice explains the types of personal data we collect, how we use that data, who we share it with, and how we protect that data
The information sets-out in this Data Privacy Notice will continue to apply even after the termination of your agreement with us for the provision of our services.
Please read the following carefully to understand our views and practices with respect to personal data.
Wherever we’ve said “you” or “your”, this means you or any person connected to you namely any authorised person, anyone who deals with us for you (e.g. trustees or executors, attorneys, external asset managers) and
other related people (including but not limited to authorised signatories, partners, members, directors, beneficial owners of companies, beneficiaries of trusts).
Wherever we’ve said ‘we’ or ‘our’, this means BOSWME.
For the purposes of applicable data protections laws, the data controller is BOS Wealth Management Europe S.A. 33 Rue Sainte Zithe, L-2763 Luxembourg, Luxembourg.
This Data Privacy Notice applies to personal data processed by BOSWME which means data that (either in isolation or in combination with other data) enables you to be identified directly or indirectly.
We may collect data about you from the following sources:
We may collect personal data (such as name, contact details, financial details, employment and education details, nationality, date and place of birth, marital status, passport or other identification details and details of visits to our premises) that you provide us, inter alia:
We may also collect personal data from you when you interact with our staff, including customer service officers, relationship managers, other representatives, for example, via telephone calls (which may be recorded), letters, faxes, face-to-face meetings and emails
This includes:
We process the following information: |
For the following purpose(s): |
Based on the following justification: |
|
|
|
Name, ID Number, Nationality, Passport Data, Tax Details, Date of Birth, Place of Birth, Residential Address, Business Address, Occupation, Signature, Employment History, Education Background, |
To conduct our required customer due diligence |
Necessary to perform our contract, to comply with our |
Financial and Transactional (e.g. details about your accounts with us and payments to and from your accounts with us). |
To enable us to process your transactions. To fulfill our regulatory reporting duties. |
Necessary to perform our contract and to comply with our regulatory requirements. |
CCTV Video images (of visitors to our Office). |
Crime prevention, detection and prosecution, security health and safety |
In order to pursue our legitimate interest in managing the safety and security of our premises and services. |
Telephone Calls |
Monitoring of regulated activities, training and |
To comply with our regulatory requirements and to pursue our legitimate interest to enhance the quality of our service. |
Fraudulent Activity |
To facilitate fraud case handling and reporting |
To comply with our regulatory requirements and in order to pursue our legitimate interest in |
Particulars of any complaints |
To facilitate complaints handling and reporting |
To comply with our regulatory requirements and to pursue our legitimate interest of enhancing our products and services |
Your personal data may be processed for the purposes of direct marketing and we will do this on the basis that it is in our legitimate interest. With your permission, we may send you marketing messages by email and/or contact you by telephone to provide you with information about our products and services. You have the right at any time to object to the use of your personal data for marketing purposes by contacting us using the contact details set out in “How can you contract us?” section below.
Your personal data are intended for BOSWME but may be shared with third parties in certain circumstances:
To companies pertaining to the same group: In order to optimize the quality and efficiency of its services for its clients, BOSWME relies on the resources, skills and operational support of its branch established in the United Kingdom. For the same purposes, BOSWME also relies on the branch of OCBC Bank established in the United
Kingdom (the “OCBC Branch”), its ultimate parent company OCBC Bank (established in Singapore) as well as its parent company, Bank of Singapore Limited (established in Singapore), their subsidiaries, branches, representative offices and other entities belonging to the OCBC and Bank of Singapore group (together, the “Recipients”).
We may share your personal data to the Recipients in order to administer our services and products, provide you with customer support, process your instructions, understand your preferences, send you information about products and services that may be of interest to you and conduct the other activities described in this Data Privacy Notice.
Additionally, we may share your personal data with the Recipient where we have a legitimate reason for doing so e.g. to manage risk, to verify your identify, or to assess your suitability for products and services. Our service providers: We use other companies, agents or contractors to perform services on our behalf or to
assist us with the provision of our services and products to you. We may share personal data with the following categories of service provider:
a. infrastructure and IT service providers, including for email archiving.
b. marketing, advertising and communications agencies.
c. credit reference agencies.
d. external auditors and advisers.
e. offsite archival storage providers
In the course of providing such services, these service providers may have access to your personal data. However, we will only provide our service providers with personal data which is necessary for them to perform their services, and we obligate them not to use your information for any other purpose. We will seek to ensure on a best efforts basis that all our service providers keep your personal data secure.
Third parties permitted by law: In certain circumstances, we may be required to disclose or share your personal data in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal data to the police, regulators, government agencies or to judicial or administrative authorities).
We may also disclose your personal data to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our contracts or protect your rights or those of the public.
Third parties connected with business transfers: We may transfer your personal data to third parties in connection with a reorganisation, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal data in a manner consistent with this Privacy Notice.
We will not sell your personal data to third parties.
Please note our website may, from time to time, contain links to and from the websites of our partners or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we have no control over how they may use your personal data. You should check the privacy policies of third party websites before you submit any personal data to them.
Your personal data may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) including to locations which may not have the same level of protection for personal data as in the EEA.
For the purposes mentioned in the “With which third parties do we share your personal data?” section, personal data may be transferred to Recipients located in Singapore, Hong Kong and their office located in Philippines and Dubai. Despite the existence of comprehensive data protection laws in Singapore and Hong Kong, those countries are not part of the limited list of countries offering an adequate level of protection for personal data set out by the European Commission. For this reason, BOSWME, acting as data controller, has taken all reasonable steps necessary to ensure that your personal data is treated securely and in accordance with this Data Privacy Notice as well as applicable data protection laws, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the EEA (available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contractstransfer-personal-data-third-countries_en).
The Recipients will also monitor the compliance by their sub-contractors with the terms of those contractual arrangements. BOSWME may also transfer Personal Data to third-parties such as governmental or regulatory agencies in or outside the European Union, in accordance with applicable laws and regulations
If you are in the European Economic Area, you have the following rights (if applicable):
a. Access. You have the right to request a copy of the personal data we are processing about you. For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information.
b. Rectification. You have the right to have incomplete or inaccurate personal data that we process about you rectified.
c. Deletion. You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
d. Restriction. You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
e. Portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you.
f. Objection. Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
g. Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.
You can make a request to exercise any of these rights in relation to your personal data by sending the request by mail to: Head of Compliance, BOS Wealth Management Europe S.A., 33 Rue Sainte Zithe, L-2763 Luxembourg, Luxembourg.
You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. If you are based in, or the issue relates to, Luxembourg, the National Data Protection Commission (CNPD) can be contacted as follows:
Telephone: (+352) 26 10 60 -1
Email: info@cnpd.lu
Website: https://www.cnpd.lu
Address: 1, avenue du Rock’n’Roll, L-4361 Esch-sur-Alzette, Luxembourg
If you are based in, or the issue you would like to complain about took place, elsewhere in the European Economic Area (EEA), please click here for a list of local data protection authorities in the other EEA countries: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
We have implemented technical and organisational security measures to safeguard the personal data in our custody and control. Such measures include, for example, limiting access to personal data only to employees and authorised service providers who need to know such information for the purposes described in this Data Privacy Notice; adopting security protocols on networks and systems; using email security settings when sending and/or receiving highly confidential emails; applying physical access controls such as marking confidential documents clearly and prominently, storing confidential documents in locked file cabinets; restricting access to confidential documents on a need-to-know basis; using privacy filters; disposal of
confidential documents that are no longer needed, through shredding or similar means; using a mode of delivery or transmission of personal data that affords the appropriate level of security (e.g. registered post instead of normal post where appropriate); confirming the intended recipient of personal data as well as other administrative, technical and physical safeguards.
While we endeavour to protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.
We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent permitted by applicable laws. When we no longer need to use personal data, we will remove it from our systems and records and/or take steps to anonymise it so that you can no longer be identified from it.
We will never knowingly collect personal data from individuals under the age of sixteen (16) years without first obtaining verifiable parental consent. If you are under the age of 16 you should not provide information to us. If we become aware that a person under 16 has provided personal data to us without verifiable parental consent, we will remove such personal data from our files.
If there are any questions or concerns regarding this Data Privacy Notice, please contact us as follows:
Head of Compliance, BOS Wealth Management Europe S.A., 33 Rue Sainte Zithe, L-2763 Luxembourg, Luxembourg.
This Data Privacy Notice is written in English and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.
We reserve the right to change our Data Privacy Notice from time to time. If we decide to change our Data Privacy Notice we will notify you of these changes.
BOS Wealth Management Europe S.A. acting though its UK Branch (“BOSWME”) is committed to protecting your privacy and ensuring the highest level of security for your personal data. This Data Privacy Notice explains the types of personal data we collect, how we use that data, who we share it with, and how we protect that data.
The information sets-out in this Data Privacy Notice will continue to apply even after the termination of your agreement with us for the provision of our services.
Please read the following carefully to understand our views and practices with respect to personal data.
Wherever we’ve said “you” or “your”, this means you or any person connected to you namely any authorised person, anyone who deals with us for you (e.g. trustees or executors, attorneys, external asset managers) and
other related people (including but not limited to authorised signatories, partners, members, directors, beneficial owners of companies, beneficiaries of trusts).
Wherever we’ve said ‘we’ or ‘our’, this means BOSWME.
For the purposes of applicable data protections laws, the data controller is BOS Wealth Management Europe S.A., UK Branch, 3rd Floor, The Rex Building 62 Queen Street, London EC4R 1EB, United Kingdom.
This Data Privacy Notice applies to personal data processed by BOSWME which means data that (either in isolation or in combination with other data) enables you to be identified directly or indirectly.
We may collect data about you from the following sources:
We may collect personal data (such as name, contact details, financial details, employment and education details, nationality, date and place of birth, marital status, passport or other identification details and details of visits to our premises) that you provide us, inter alia:
We may also collect personal data from you when you interact with our staff, including customer service officers, relationship managers, other representatives, for example, via telephone calls (which may be recorded), letters, faxes, face-to-face meetings and emails
This includes:
We process the following information: |
For the following purpose(s): |
Based on the following justification: |
|
|
|
Name, ID Number, Nationality, Passport Data, Tax Details, Date of Birth, Place of Birth, Residential Address, Business Address, Occupation, Signature, Employment History, Education Background, Financial Details, Criminal Records |
To conduct our required customer due diligence processes when you enter into a business relationship with us, to facilitate other entities establishment and our vendor due diligence process |
Necessary to perform our contract, to comply with our regulatory requirements and in order to pursue our legitimate interest of managing our administrative and business operations and complying with internal policies and procedures. |
Financial and Transactional (e.g. details about your accounts with us and payments to and from your accounts with us). |
To enable us to process your transactions. To fulfill our regulatory reporting duties. |
Necessary to perform our contract and to comply with our regulatory requirements. |
CCTV Video images (of visitors to our Office). |
Crime prevention, detection and prosecution, security health and safety |
In order to pursue our legitimate interest in managing the safety and security of our premises and services. |
Telephone Calls |
Monitoring of regulated activities, training and development. |
To comply with our regulatory requirements and to pursue our legitimate interest to enhance the quality of our service. |
Fraudulent Activity |
To facilitate fraud case handling and reporting |
To comply with our regulatory requirements and in order to pursue our legitimate interest in preventing, detecting and investigating crime, including fraud and money-laundering or terrorist financing, and additionally, to analyse and manage commercial risks. |
Particulars of any complaints |
To facilitate complaints handling and reporting |
To comply with our regulatory requirements and to pursue our legitimate interest of enhancing our products and services |
Your personal data may be processed for the purposes of direct marketing and we will do this on the basis that it is in our legitimate interest. With your permission, we may send you marketing messages by email and/or contact you by telephone to provide you with information about our products and services. You have the right at any time to object to the use of your personal data for marketing purposes by contacting us using the contact details set out in “How can you contract us?” section below.
Your personal data are intended for BOSWME but may be shared with third parties in certain circumstances:
To companies pertaining to the same group: In order to optimize the quality and efficiency of its services for its clients, BOSWME relies on the resources, skills and operational support of its mother company established in Luxembourg, the branch of OCBC Bank established in the United Kingdom (the “OCBC Branch”), its ultimate parent company OCBC Bank (established in Singapore) as well as its parent company, Bank of Singapore Limited (established in Singapore), their subsidiaries, branches, representative offices and other entities belonging to the OCBC and Bank of Singapore group (together, the “Recipients”).
We may share your personal data to the Recipients in order to administer our services and products, provide you with customer support, process your instructions, understand your preferences, send you information about products and services that may be of interest to you and conduct the other activities described in this Data Privacy Notice.
Additionally, we may share your personal data with the Recipient where we have a legitimate reason for doing so e.g. to manage risk, to verify your identify, or to assess your suitability for products and services.
Our service providers: We use other companies, agents or contractors to perform services on our behalf or to assist us with the provision of our services and products to you. We may share personal data with the following categories of service provider:
a. infrastructure and IT service providers, including for email archiving.
b. marketing, advertising and communications agencies.
c. credit reference agencies.
d. external auditors and advisers.
e. offsite archival storage providers
In the course of providing such services, these service providers may have access to your personal data. However, we will only provide our service providers with personal data which is necessary for them to perform their services, and we obligate them not to use your information for any other purpose. We will seek to ensure on a best efforts basis that all our service providers keep your personal data secure.
Third parties permitted by law: In certain circumstances, we may be required to disclose or share your personal data in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal data to the police, regulators, government agencies or to judicial or administrative authorities).
We may also disclose your personal data to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our contracts or protect your rights or those of the public.
Third parties connected with business transfers: We may transfer your personal data to third parties in connection with a reorganisation, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal data in a manner consistent with this Privacy Notice.
We will not sell your personal data to third parties.
Please note our website may, from time to time, contain links to and from the websites of our partners or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we have no control over how they may use your personal data. You should check the privacy policies of third party websites before you submit any personal data to them.
Your personal data may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) including to locations which may not have the same level of protection for personal data as in the EEA.
For the purposes mentioned in the “With which third parties do we share your personal data?” section, personal data may be transferred to Recipients located in Singapore, Hong Kong and their office located in Philippines and Dubai. Despite the existence of comprehensive data protection laws in Singapore and Hong Kong, those countries are not part of the limited list of countries offering an adequate level of protection for personal data set out by the European Commission. For this reason, BOSWME, acting as data controller, has taken all reasonable steps necessary to ensure that your personal data is treated securely and in accordance with this Data Privacy Notice as well as applicable data protection laws, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the EEA (available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en).
The Recipients will also monitor the compliance by their sub-contractors with the terms of those contractual arrangements. BOSWME may also transfer Personal Data to third-parties such as governmental or regulatory agencies in or outside the European Union, in accordance with applicable laws and regulations
If you are in the European Economic Area, you have the following rights (if applicable):
a. Access. You have the right to request a copy of the personal data we are processing about you. For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information.
b. Rectification. You have the right to have incomplete or inaccurate personal data that we process about you rectified.
c. Deletion. You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
d. Restriction. You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
e. Portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you.
f. Objection. Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
g. Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.
You can make a request to exercise any of these rights in relation to your personal data by sending the request by mail to: Head of Compliance, BOS Wealth Management Europe S.A., UK Branch, The Rex Building, 3rd Floor, 62 Queen Street, London. EC4R 1EB.
You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. If you are based in, or the issue relates to, the UK, the Information Commissioner’s Office can be contacted as follows:
Telephone: +44 0303 123 1113
Email: casework@ico.org.uk
Website: www.ico.org.uk
Web-form: www.ico.org.uk/concerns/
Address: Water Lane, Wycliffe House, Wilmslow, Cheshire, SK9 5AF
If you are based in, or the issue you would like to complain about took place, elsewhere in the European Economic Area (EEA), please click here for a list of local data protection authorities in the other EEA countries: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
We have implemented technical and organisational security measures to safeguard the personal data in our custody and control. Such measures include, for example, limiting access to personal data only to employees and authorised service providers who need to know such information for the purposes described in this Data Privacy Notice; adopting security protocols on networks and systems; using email security settings when sending and/or receiving highly confidential emails; applying physical access controls such as marking confidential documents clearly and prominently, storing confidential documents in locked file cabinets; restricting access to confidential documents on a need-to-know basis; using privacy filters; disposal of
confidential documents that are no longer needed, through shredding or similar means; using a mode of delivery or transmission of personal data that affords the appropriate level of security (e.g. registered post instead of normal post where appropriate); confirming the intended recipient of personal data as well as other administrative, technical and physical safeguards.
While we endeavour to protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.
We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent permitted by applicable laws. When we no longer need to use personal data, we will remove it from our systems and records and/or take steps to anonymise it so that you can no longer be identified from it.
We will never knowingly collect personal data from individuals under the age of thirteen (13) years without first obtaining verifiable parental consent. If you are under the age of 13 you should not provide information to us. If we become aware that a person under 13 has provided personal data to us without verifiable parental consent, we will remove such personal data from our files.
If there are any questions or concerns regarding this Data Privacy Notice, please contact us as follows:
Head of Compliance, BOS Wealth Management Europe S.A., UK Branch, The Rex Building, 3rd Floor, | 62 Queen Street, London EC4R 1EB.
This Data Privacy Notice is written in English and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.
We reserve the right to change our Data Privacy Notice from time to time. If we decide to change our Data Privacy Notice we will notify you of these changes.
The purpose of this document ("Data Protection Policy") is to inform you of how Bank of Singapore Limited, DIFC branch (“BOS DIFC”) manages Personal Data (as defined below) which is subject to the Dubai International Financial Centre ("DIFC") Data Protection Law (DIFC Law No. 5 of 2020) (the "Law"). Please take a moment to read this Data Protection Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.
By interacting with us, submitting information to us, or signing up for any products or services offered by us, you acknowledge that BOS DIFC(including its respective representatives and/or agents ("Representatives") (BOS DIFC and its Representatives collectively referred to herein as "BOS DIFC", "us", "we" or "our") may collect, use, disclose and share amongst themselves your Personal Data, and disclose such Personal Data to BOS DIFC’s authorised service providers and relevant third parties, including BOS DIFC’s related corporations, head office and overseas branches and offices and overseas branches and officers of BOS DIFC’s related corporations (the “Companies” and each, a “Company”)in the manner set forth in this Data Protection Policy.
BOS DIFC may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. You acknowledge that you have reviewed and understood the terms of this Data Protection Policy as updated from time to time on our website http://www.bankofsingapore.com/Data-Protection-Policy.html. Please check back regularly for updated information on the handling of your Personal Data
In this Data Protection Policy, "Personal Data" refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.
Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, national identity card, passport or other identification number, telephone number(s), mailing address, email address, transactional data and any other information relating to any individuals which you have provided us in any forms you may have submitted to us (including in the form of biometric data), or via other forms of interaction with you.
Generally, we collect Personal Data in the following ways:
When you browse our website and platforms, you generally do so anonymously but please see the section below on cookies. We do not, at our website and platforms, automatically collect Personal Data, including your email address unless you provide such information or login with your account credentials.
If you provide us with any Personal Data relating to a third party (for example, information of your spouse, children, parents, or a Connected Person), by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with his/her Personal Data for the respective purposes.
"Connected Person" may include but is not limited to any beneficial owner, authorised signatory, director, shareholder, officer of a company, partner or member of a partnership, settlor, trustee, beneficial owner, protector or grantor of trust, mandate holder, power of attorney holder, surety, third party security provider, provider of funds, founder and/or employee, payee of designated payment, representatives, agents or nominees.
You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested. You acknowledge that you should inform BOS DIFC immediately of any change of facts or circumstances which may render any information or Personal Data previously provided inaccurate, untrue or incorrect and provide any information or documentation as BOS DIFC may reasonably require for the purposes of verifying the accuracy of the updated information or Personal Data.
Generally, BOS DIFC collects, uses and discloses your Personal Data for the following purposes:
These purposes may also apply even if you do not maintain any account(s) with us, or have terminated these account(s) arranged by us.
In addition, BOS DIFC collects, uses and discloses your Personal Data for the following purposes depending on the nature of our relationship:
In addition, where permitted under the Law, BOS DIFC may also collect, use and disclose your Personal Data for the following purposes (which we may describe in our documents and agreements as "Additional Purposes" for the handling of Personal Data):
If you have provided your telephone number(s) you consent to receiving marketing or promotional information via your telephone number(s), then from time to time, BOS DIFC may contact you using such telephone number(s) (including via voice calls, text , fax or other means) with information about our products and services (including discounts and special offers). If you specifically instruct us in writing objecting to our use of personal data for direct marketing purposes we will stop using the data in such manner.
In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
BOS DIFC will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be provided, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas, including the United Arab Emirates outside the DIFC and Singapore, or in the DIFC:
Our websites and platforms use cookies and other technologies. Cookies are small text files stored in your computing or other electronic devices when you visit our website and platforms for record keeping purposes. Cookies are stored in your browser’s file directory, and the next time you visit the website or platform, your browser will read the cookie and relay the information back to the website, platform or element that originally set the cookie. Depending on the type of cookie it is, cookies may store user preferences and other information.
Web beacons (also known as pixel tags and clear GIFs) involve graphics that are not apparent to the user. Tracking links and/or similar technologies consist of a few lines of programming code and can be embedded in our websites or platforms. Web beacons are usually used in conjunction with cookies and primarily used for statistical analysis purposes. This technology can also be used for tracking traffic patterns on websites and platforms, as well as finding out if an e-mail has been received and opened and to see if there has been any response.
We may employ cookies and other technologies as follows:
Some cookies we use are from third party companies to provide us with web analytics and intelligence about our websites and platforms. These companies collect information about your interaction with our websites and platforms. We use such information to compile statistics about visitors who interact with the websites, platforms and other online content belonging to Oversea-Chinese Banking Corporation (“OCBC”), to gauge the effectiveness of our communications, and to provide more pertinent information to our visitors.
If you do not agree to such use of cookies, you can adjust your browser settings. Unless you have adjusted your browser settings to block cookies, our system will issue cookies as soon as you visit our site or click on a link in a targeted email that we have sent you, even if you have previously deleted our cookies.
The way which cookies can be managed depends on your browser. The following links provide information on how to configure or disable cookies in each browser:
If you do not agree to our use of cookies and other technologies as set out in this Data Protection Policy, you should delete or disable the cookies associated with our websites and platforms by changing the settings on your browser accordingly. However, you may not be able to enter certain part(s) of our websites or platforms. This may also impact your user experience while on our websites or platforms.
BOS DIFC will take appropriate efforts to protect Personal Data in our possession or our control by making appropriate security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. We have put in place procedures to deal with any suspected data security breach and will notify you and the data protection regulator, the DIFC Commissioner of Data Protection (the "Commissioner") of a suspected breach where we are legally required to do so or we consider it appropriate to do so. Although we will implement appropriate measures to keep your data secure, we cannot completely guarantee the security of any Personal Data we may have collected from or about you, or that for example no harmful code will enter our website (for example viruses, bugs, trojan horses, spyware or adware). No communication over public internet can be guaranteed to be secure. You should be aware of the risks associated with using websites and the internet and take any necessary precautions.
While we strive to protect your Personal Data, we cannot ensure the security of the information you transmit to us via the Internet or other electronic communications or when you use our electronic services, and we urge you to take every precaution to protect your Personal Data when you transmit your Personal Data via the Internet or other electronic communications. We recommend that you change your passwords often, use a combination of letters and numbers, and ensure that you use a secure browser.
If applicable, you acknowledge that you should keep your username and password secure and confidential and should not disclose or permit it to be disclosed to any unauthorised person, and to inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorised transactions have taken place.
Our website may contain links to other websites operated by third parties. We do not control the privacy practices of websites operated by third parties that are linked to our website. We do not endorse or make any representations about third-party websites. We encourage you to learn about the privacy policies of such third party websites. Some of these third party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable privacy policy of the third party website to determine how they will handle any information they collect from you.
Under certain circumstances, you may exercise any of the following rights:
If you:
Email: | ae.difc.dpo@bankofsingapore.com |
---|---|
Call: | +971 4 4277100 |
Write in: | Data Protection Officer Bank of Singapore Limited, DIFC Branch P O Box 4296, Dubai – UAE |
If you feel that we do not comply with the Law, you may lodge a complaint with the Commissioner.
We confirm that we will not discriminate against you if you exercise any of your rights under this Data Protection Policy.
Please note that if your Personal Data has been provided to us by a third party, we recommend that you contact that party directly to make any queries, feedback and requests to BOS DIFC on your behalf.
If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, BOS DIFC may not be in a position to continue to provide its products or services to you, administer any contractual relationship in place, may also result in the termination of any agreements you have entered into with BOS DIFC, which could have adverse impacts on your financial situation.
From time to time, it may be necessary for the Bank to collect data of clients and other individuals (for example, persons giving or proposing to give guarantees or third party security for obligations owed to the Bank, persons linked to a client that is not an individual, including the beneficial owners and officers of that client, or in the case of a trust, the trustees, settlors, protectors and beneficiaries of the trust and other persons who are relevant to a client’s relationship with the Bank) in connection with the purposes set out in this Statement. Clients and other individuals are collectively, referred to as “you” and/or ‘data subject’ in this Statement.
Failure to supply such data may result in the Bank being unable to open, provide or continue to provide banking services, banking facilities or investment related services to you or being unable to comply with any laws or guidelines issued by regulatory or other authorities.
It is also the case that data are collected from data subjects in the ordinary course of the continuation of the banking relationship, for example, when data subjects write cheques, deposit money, apply for credit or give instructions. This includes information obtained from credit reference agencies. Data may be collected directly from you, or from someone acting on your behalf or from other sources and combined with other data available to the Bank Group (as defined below).
The purposes for which data relating to a data subject may be used are as follows: -
Data held by the Bank relating to a data subject will be kept confidential but the Bank or any of the Bank Group may provide such information to the following parties (whether inside or outside Hong Kong) for the purposes set out in paragraph (d) above except that any transfer of data to another person for it to use in direct marketing will be subject to paragraph (k) below:-
Such information may be transferred to a place outside Hong Kong.
We may provide the following data relating to you (whether in sole name or joint names with others) to a credit reference agency (“CRA”):
The CRA will use the Mortgage Account General Data supplied by the Bank to generate the Mortgage Count (as defined below) for sharing in the consumer credit database of the CRA by credit providers (subject to the requirements of the Code of Practice on Consumer Credit Data approved and issued under the Ordinance).
You can instruct us to make a request to the relevant CRA to delete from its database any account data relating to any credit that has been terminated by full repayment provided that there has not been, within five (5) years immediately before such termination, a default in payment under the credit for a period in excess of sixty (60) days according to our records.
If there is any default in payment, unless the amount in default is fully repaid or written off (other than due to bankruptcy order) before the expiry of sixty (60) days from the date of default, your account repayment data may be retained by the CRA until the expiry of five (5) years from the date of final settlement of the amount in default.
In the event of any amount being written off due to a bankruptcy order being made against you, the CRA may retain your account repayment data until the earlier of (i) the expiry of five (5) years from the date of final settlement of the amount in default, or (ii) the expiry of five (5) years from the date of your discharge from bankruptcy as notified to the CRA by you with evidence.
For the purposes of paragraphs (8) and (9) above, account repayment data are the amount last due, amount of payment made during the last reporting period, remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in material default (that is, default in payment for a period in excess of sixty (60) days) (if any)).
“Mortgage Count” refers to the total number of outstanding mortgage loans held by a data subject from time to time with credit providers in Hong Kong (whether as a borrower, mortgagor or guarantor, and whether in the data subject’s sole name or in joint names with others).
USE OF DATA IN DIRECT MARKETING
Where the data subject is a client, the Bank intends to use the data subject’s data in direct marketing and the Bank requires the data subject’s consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
Where you provide to the Bank data about another person, you should give to that person a copy of this Statement and, in particular, tell him/her how we may use his/her data.
Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data approved and issued under the Ordinance, any data subject has the right: -
In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of sixty (60) days from the date such default occurred, the account repayment data(as defined in paragraph(8)(e) above) may be retained by the credit reference agency until the expiry of five(5) years from the date of final settlement of the amount in default.
In the event any amount in an account is written off due to a bankruptcy order being made against a data subject, the account repayment data (as defined in paragraph (8)(e) above) may be retained by the CRA, regardless of whether the account repayment data reveal any default of payment lasting in excess of sixty (60) days, until the expiry of five (5) years from the date of final settlement of the amount in default or the expiry of five (5) years from the date of discharge from a bankruptcy as notified by the data subject with evidence to the credit reference agency, whichever is earlier.
Data of a data subject may be processed, kept and transferred or disclosed in and to any country as the Bank or any person who has obtained such data from the Bank referred to in (5) above considers appropriate. Such data may also be processed, kept, transferred or disclosed in accordance with the local practices and laws, rules and regulations (including any governmental acts and orders) in such country.
In accordance with the terms of the Ordinance, the Bank has the right to charge a reasonable fee for the processing of any data access request.
The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed is as follows:-
Data Protection Officer
Bank of Singapore Limited (Hong Kong Branch)
34/F, One International Finance Centre
1 Harbour View Street Central,
Hong Kong Telephone: +852 2846 3800
Fax: +852 2295 3332
The Bank may have obtained a credit report on the data subject from a CRA in considering any application for credit. In the event the data subject wishes to access the credit report, the Bank will advise the contact details of the relevant CRA.
Nothing in this Statement shall limit the rights of data subjects under the Ordinance.
Capitalised terms used shall have the following meanings:
“Authorities” means judicial, regulatory, public, government agency authorities, Tax Authorities, securities or futures exchange, or law enforcement bodies having jurisdiction over any part of the Bank Group or any agents thereof;
“Bank Group” means collectively and individually, the head office of the Bank, parent bank and its subsidiaries and affiliates, and “any member of the Bank Group” has the same meaning; and
“Tax Authorities” means domestic or foreign tax, revenue, fiscal or monetary authorities.