Data Protection Policy

The purpose of this document ("Data Protection Policy") is to inform you of how Bank of Singapore Limited and Bank of Singapore Nominees Pte Ltd manage Personal Data (as defined below) which is subject to the Singapore Personal Data Protection Act (No. 26 of 2012) ("the Act"). Please take a moment to read this Data Protection Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.

By interacting with us, submitting information to us, or signing up for any products or services offered by us, you agree and consent to Bank of Singapore Limited and Bank of Singapore Nominees Pte Ltd (including their related corporations and overseas branches and offices) (collectively, the "Companies"), as well as their respective representatives and/or agents ("Representatives") (the Companies and Representatives collectively referred to herein as "BOS", "us", "we" or "our") collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to the Companies' authorised service providers and relevant third parties in the manner set forth in this Data Protection Policy.

This Data Protection Policy supplements but does not supersede nor replace any other consents you may have previously provided to BOS in respect of your Personal Data, and your consents herein are additional to any rights which any of the Companies may have at law to collect, use or disclose your Personal Data.

BOS may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of the Data Protection Policy as updated from time to time on our website http://www.bankofsingapore.com/Data-Protection-Policy.html. Please check back regularly for updated information on the handling of your Personal Data.

  1. Personal Data

    In this Data Protection Policy, "Personal Data" refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.

    Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address, transactional data and any other information relating to any individuals which you have provided us in any forms you may have submitted to us (including in the form of biometric data), or via other forms of interaction with you.

  2. Collection of Personal Data

    1. Generally, we collect Personal Data in the following ways:

      1. when you submit any form, including but not limited to application forms or other forms relating to any of our products or services or any investments which you purchase through the Companies;
      2. when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
      3. when you interact with our staff, including relationship managers and their assistants, example via telephone calls (which may be recorded), letters, fax, face-to-face meetings and emails;
      4. when your images are captured by us via closed-circuit television cameras ("CCTVs") while you are within our premises, or via photographs or videos taken by us or our representatives when you attend events hosted by us;
      5. when you use some of our services provided through online and other technology platforms, such as websites and apps, including when you establish any online accounts with us;
      6. when you request that we contact you, or include you in an email or other mailing list; or when you respond to our request for additional Personal Data, our promotions and other initiatives;
      7. when you are contacted by, and respond to, our marketing representatives, agents and other service providers;
      8. when we seek information about you and receive your Personal Data from third parties in connection with your relationship with us, for example, from referrers, business partners, external or independent asset managers, public agencies or the relevant authorities;
      9. through physical access, internet and information technology monitoring processes;
      10. in connection with any investigation, litigation, registration or professional disciplinary matter, criminal prosecution, inquest or inquiry which may relate to you or any Connected Person; and/or
      11. when you submit your Personal Data to us for any other reason.
    2. When you browse our website and platforms, you generally do so anonymously but please see the section below on cookies. We do not, at our website and platforms, automatically collect Personal Data, including your email address unless you provide such information or login with your account credentials.

    3. If you provide us with any Personal Data relating to a third party (for example, information of your spouse, children, parents, or a Connected Person), by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with his/her Personal Data for the respective purposes.
      "Connected Person" may include but is not limited to any beneficial owner, authorised signatory, director, shareholder, officer of a company, partner or member of a partnership, settlor, trustee, beneficial owner, protector or grantor of trust, mandate holder, power of attorney holder, surety, third party security provider, provider of funds, founder and/or employee, payee of designated payment, representatives, agents or nominees.

    4. You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested. You agree to inform BOS immediately of any change of facts or circumstances which may render any information or Personal Data previously provided inaccurate, untrue or incorrect and provide any information or documentation as BOS may reasonably require for the purposes of verifying the accuracy of the updated information or Personal Data.

  3. Purposes for the Collection, Use and Disclosure of Your Personal Data

    1. Generally, BOS collects, uses and discloses your Personal Data for the following purposes:

        1. responding to, processing and handling your complaints, queries, requests, feedback and suggestions;
        2. verifying your identity and customer due diligence;
        3. managing the administrative and business operations of the Companies and complying with internal policies and procedures (including but not limited to facilitating business continuity planning);
        4. audit purposes;
        5. verifying or confirming trade orders or instructions from you or for your account (including but not limited to instructions on fund transfers or remittances);
        6. facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving any of the Companies;
        7. matching any Personal Data held which relates to you for any of the purposes listed herein;
        8. resolving complaints and handling requests and enquiries;
        9. preventing, detecting and investigating crime, including fraud and money-laundering or terrorist financing, and analysing and managing commercial risks (including but not limited to preventing and detecting loss of BOS’ proprietary and sensitive information);
        10. project management;
        11. providing media announcements and responses, for example in relation to complaints or law suits;
        12. requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to design our products, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our products and services;
        13. managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
        14. managing and preparing reports on incidents and accidents;
        15. organising events, seminars or trainings;
        16. complying with any applicable rules, laws and regulations, codes of practice or guidelines, obligations, requirements or arrangements for collecting, using and disclosing Personal Data that apply to BOS or that it is expected to comply, according to:
          1. any law binding or applying to it within or outside Singapore existing currently and in the future;
          2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Singapore existing currently and in the future;
          3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on BOS by reason of its financial, commercial, business, or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations;
        17. to assist in law enforcement and investigations by relevant authorities;
        18. in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
        19. archival management (including but not limited to warehouse storage and retrievals); and/or
        20. any other purpose relating to any of the above.

      These purposes may also apply even if you do not maintain any account(s) with us, or have terminated these account(s).

    2. In addition, BOS collects, uses and discloses your Personal Data for the following purposes depending on the nature of our relationship:

      1. If you are a prospective customer:
        1. evaluating your eligibility to open an account with us and your financial and banking needs and providing recommendations to you as to the type of products and services suited to your needs;
        2. assessing and processing any applications or requests made by you for products and services offered by BOS; and/or
        3. any other purpose relating to any of the above.
      2. If you are a customer holding an account with BOS or a Connected Person or an administrator, executor, liquidator, official assignee, receiver, judicial manager or other similar official who has been so appointed pursuant to bankruptcy or insolvency proceedings instituted in Singapore or elsewhere in respect of a BOS customer or any security provider:
        1. opening, maintaining or closing of accounts and our establishing or providing banking and trust services to you;
        2. processing fund transfers or any other instructions provided in relation to the account of a BOS customer;
        3. where account or relationship managers or agents have been assigned to service your account or portfolio, using your telephone number(s) to contact you from time to time in order to take your instructions, and/or provide you with information, updates, or recommendations and / or in accordance with the terms and conditions of our agreement with you;
        4. processing applications for and facilitating the daily operation of services and credit facilities provided to you or other persons or corporations for whom you act as surety or third party service provider;
        5. conducting credit checks at the time of application for credit and at the time of regular or special credit reviews;
        6. facilitating or processing your application for insurance products and/or trust services offered by BOS and its business partners;
        7. carrying out client reviews, for example, annual reviews of your portfolio;
        8. to establish your financial situation, risk profile, investment experience and investment objectives to help you consider the suitability of the products you have invested or intend to invest;
        9. providing internet banking services (including but not limited to carrying out special handling requests for PIN mailers and tokens);
        10. networking to maintain customer relationship;
        11. providing client servicing (including but not limited to responding to individual requests by customers, mailing services, reconciliation services and providing customer satisfaction);
        12. facilitating the transfer of funds within BOS banking accounts or from BOS accounts to external banking accounts and vice versa;
        13. administering exceptional approvals, fee adjustments or waivers;
        14. dealing with and designing investment products (for example, bonds, derivatives, equities, funds);
        15. registering the pledge or charge that you or the surety or the third party security provider has granted in favour of BOS as security for the credit facilities granted by BOS to you; 
        16. administering credit and debit cards (including but not limited to processing card applications, transactions and credit limit approvals); 
        17. providing cheque deposits and issuance services;
        18. determining and collecting amounts owed by you or the borrower for whom you act as surety or third party security provider or those providing security or acting as surety for your liabilities and obligations;
        19. enabling any Company or third party to perform the functions that BOS may have outsourced to it in relation to the management of your account or transactions;
        20. enabling an actual or proposed assignee of BOS, or participant or sub-participant or transferee of BOS’ rights, liabilities or obligations in respect of (1) you or (2) a security provider who provides security or acts as surety for your liabilities and obligations to evaluate the transaction intended to be the subject of the assignment, participation, sub-participation or transfer; and/or
        21. any other purpose relating to any of the above.
      3. If you are an employee or agent of a referrer or other intermediary:
        1. marketing services and products;
        2. processing commission remuneration;
        3. performing due diligence and reference checks; and/or
        4. any other purpose relating to any of the above.
      4. If you are an employee, officer or owner of an external service provider or vendor outsourced or prospected by BOS;
        1. managing project tenders or the supply of goods and services;
        2. processing and payment of vendor invoices;
        3. complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (which includes disclosure to regulatory bodies or audit checks); and/or
        4. any other purpose relating to any of the above.
      5. If you are a party or counterparty to a transaction (for example, a beneficiary of a fund transfer or payment):
        1. providing cash, payment and transactional services (including but not limited to the execution, settlement, reporting and/or clearing of the relevant transaction); and/or
        2. any other purpose relating to any of the above.
      6. If you sit on the BOS Board of Directors:
        1. facilitating appointment to the Board (including but not limited to managing the publication of directors’ statistics on annual reports and circulars);
        2. complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (including but not limited to disclosures to regulatory bodies or conducting due diligence);
        3. administrative matters (including but not limited to the maintenance of statutory registers and lodgement of directors’ fee);
        4. managing insurance programmes; and/or
        5. any other purpose relating to any of the above.
    3. In addition, where permitted under the Act, BOS may also collect, use and disclose your Personal Data for the following purposes (which we may describe in our documents and agreements as "Additional Purposes" for the handling of Personal Data):

      1. providing or marketing services, products and benefits to you, including promotions, loyalty and reward programmes;
      2. matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the customisation, provision or offering of products and services, marketing or promotions, whether by BOS or other third parties;
      3. sending you details of products, services, special offers and rewards, investment or research reports or guides, either to our customers generally, or which we have identified may be of interest to you; and/or
      4. conducting market research, understanding and analysing customer behaviour, location, preferences and demographics for us to offer you products and services as well as special offers and marketing programmes which may be relevant to your preferences and profile.
    4. If you have provided your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, BOS may contact you using such Singapore telephone number(s) (including via voice calls, text , fax or other means) with information about our products and services (including discounts and special offers).

    5. In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.

  4. Disclosure of Personal Data

    1. BOS will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be provided, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:

      1. BOS’s related corporations and overseas branches and offices;
      2. counterparties and their respective banks in relation to transactions for your account including purchasing and selling of securities and investment products, fund transfers, payments, issuance of standby letters of credit, banker’s guarantees or letters of undertaking and drawing of cheques;
      3. third party recipients of reference letters;
      4. companies providing services relating to insurance and/or reinsurance to BOS;
      5. insurers or brokers in relation to the insurance products or services that you have applied for or purchased;
      6. trustees, attorneys and asset managers appointed by you to manage your account held with BOS;
      7. referrers who have referred you to BOS;
      8. any person (1) who provides security or acts as surety for your liabilities and obligations to BOS or (2) for whom you act as surety or third party security provider;
      9. agents, contractors, vendors, installers, or third party service providers who provide administrative or operational services to BOS, such as courier services, telecommunications, information technology, payment, payroll, processing, training, market research, storage, archival, customer support investigation services or other services to BOS;
      10. agents, contractors, vendors or other third party service providers in connection with marketing, products and services offered by BOS;
      11. analytics, search engine providers or third party service providers that assist us in delivering our products, services, websites and platforms as well as improving and optimising the same;
      12. credit reporting agencies;
      13. debt collection agencies;
      14. your employers which are financial institution, for their internal surveillance or monitoring purposes;
      15. any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or any debt or asset sale) involving any of the Companies;
      16. credit card companies and their respective service providers in respect of credit cards held by you;
      17. translators;
      18. our professional advisers such as our auditors and lawyers;
      19. third parties who provide corporate advisory services or due diligence services in connection with you, any Connected Person or your account held with BOS;
      20. relevant government regulators, government ministries, exchange, statutory boards or authorities or law enforcement agencies who have jurisdiction over BOS or any Company or over any transaction entered into by you, such as the Monetary Authority of Singapore, Singapore Exchange Limited, the Accounting and Corporate Regulatory Authority, the Insolvency and Public Trustee Office, the Inland Revenue Authority of Singapore and the Commissioner of Charities, as well as to comply with listing and other requirements or directions of Singapore Exchange Limited and/or any other relevant securities exchange;
      21. any liquidator, receiver, administrator, judicial manager, trustees-in-bankruptcy, custodian or other similar official who has been so appointed, pursuant to bankruptcy, winding-up or insolvency proceedings instituted in Singapore or elsewhere, in respect of you or your assets;
      22. third parties who carry out registration of charge or pledge over the assets that you have pledged or charged to BOS;
      23. corporate service providers or lawyers, who are appointed by you;
      24. surveyors or valuers or other third parties in relation to assets which you will be charging or mortgaging to BOS;
      25. the Central Provident Fund (“CPF”) Board in relation to CPF investment products;
      26. financial institutions, brokerage houses, clearing houses, depository, depository agents, managers, administrators, fund houses, registrars, custodians, external banks, the Central Depository, nominee banks and investment vehicles in relation to asset management and investment product settlement processing;
      27. collection and repossession agencies in relation to the enforcement of repayment obligations for loans;
      28. third parties who organise promotional or marketing events, seminars or trainings;
      29. any actual or proposed assignee of BOS or participant or sub-participant or transferee of BOS’ rights, liabilities or obligations in respect of (1) you or (2) a security provider who provides security or acts as surety for your liabilities and obligations to evaluate the transaction intended to be the subject of the assignment, participation, sub-participation or transfer;
      30. any person to whom BOS or any of the Companies is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to BOS or any of the Companies, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which BOS or any of the Companies are expected to comply, or any disclosure pursuant to any contractual or other commitment of BOS or any of the Companies with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or industry bodies or associations of financial services providers, all of which may be within or outside Singapore and may be existing currently and in the future; and/or
      31. any other party to whom you authorise us to disclose your Personal Data to.
  5. Use of Cookies and Related Technologies

    1. Our websites and platforms use cookies and other technologies. Cookies are small text files stored in your computing or other electronic devices when you visit our website and platforms for record keeping purposes. Cookies are stored in your browser’s file directory, and the next time you visit the website or platform, your browser will read the cookie and relay the information back to the website, platform or element that originally set the cookie. Depending on the type of cookie it is, cookies may store user preferences and other information.

    2. Web beacons (also known as pixel tags and clear GIFs) involve graphics that are not apparent to the user. Tracking links and/or similar technologies consist of a few lines of programming code and can be embedded in our websites or platforms. Web beacons are usually used in conjunction with cookies and primarily used for statistical analysis purposes. This technology can also be used for tracking traffic patterns on websites and platforms, as well as finding out if an e-mail has been received and opened and to see if there has been any response.

    3. We may employ cookies and other technologies as follows:

      1. tracking information such as the number of visitors and their frequency of use, profiles of visitors and their preferred sites;
      2. making our websites and platforms easier to use. For example, cookies may be used to help speed up your future interactions with our websites and platforms;
      3. to better tailor our products and services to your interests and needs. For example, cookies information may be identified and disclosed to our vendors and business partners to generate consumer insights;
      4. collating information on a user’s search and browsing history;
      5. when you interact with us on our websites and platforms, we may automatically receive and record information on our server logs from your browser. We may collect for the purposes of analysis, statistical and site-related information including, without limitation, information relating to how a visitor arrived at the website or platform, the browser used by a visitor, the operating system a visitor is using, a visitor's IP address, and a visitor's click stream information and time stamp (which may include for example, information about which pages they have viewed, the time the pages were accessed and the time spent per web page);
      6. using such information to understand how people use our websites and platforms, and to help us improve their structure and contents;
      7. using cookies that are necessary in order to enable our websites and platforms to operate, for example, cookies that enable you to log onto secure parts of our websites and platforms; and/or
      8. personalising the website and platform for you, including delivering advertisements which may be of particular interest to you and using cookie related information to allow us to understand the effectiveness of our advertisements.
    4. Some cookies we use are from third party companies to provide us with web analytics and intelligence about our websites and platforms. These companies collect information about your interaction with our websites and platforms. We use such information to compile statistics about visitors who interact with the websites, platforms and other OCBC online content, to gauge the effectiveness of our communications, and to provide more pertinent information to our visitors.

    5. If you do not agree to such use of cookies, you can adjust your browser settings. Unless you have adjusted your browser settings to block cookies, our system will issue cookies as soon as you visit our site or click on a link in a targeted email that we have sent you, even if you have previously deleted our cookies

    6. The way which cookies can be managed depends on your browser. The following links provide information on how to configure or disable cookies in each browser:

      1. Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
      2. Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
      3. Internet Explorer: http://windows.microsoft.com/en-SG/internet-explorer/delete-manage-cookies#ie=ie-9
      4. Safari: http://support.apple.com/kb/HT1677?utm_source=Agillic%20Dialogue
      5. Safari for iPhone: http://support.apple.com/kb/ta38619
      6. Chrome for Android: https://support.google.com/chrome/answer/2392971?hl=en

      If you do not agree to our use of cookies and other technologies as set out in this Data Protection Policy, you should delete or disable the cookies associated with our websites and platforms by changing the settings on your browser accordingly. However, you may not be able to enter certain part(s) of our websites or platforms. This may also impact your user experience while on our websites or platforms.

  6. Data Security

    1. BOS will take reasonable efforts to protect Personal Data in our possession or our control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. However, we cannot completely guarantee the security of any Personal Data we may have collected from or about you, or that for example no harmful code will enter our website (for example viruses, bugs, trojan horses, spyware or adware). You should be aware of the risks associated with using websites and take any necessary precautions.

    2. While we strive to protect your Personal Data, we cannot ensure the security of the information you transmit to us via the Internet or electronic communication or when you use our electronic services, and we urge you to take every precaution to protect your Personal Data when you use such platforms. We recommend that you change your passwords often, use a combination of letters and numbers, and ensure that you use a secure browser.

    3. If applicable, you undertake to keep your username and password secure and confidential and shall not disclose or permit it to be disclosed to any unauthorised person, and to inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorised transactions have taken place. We are not liable for any damages resulting from any security breaches, on unauthorised and/or fraudulent use of your username and password.

  7. Third-Party Sites

    1. Our website may contain links to other websites operated by third parties. We are not responsible for the privacy practices of websites operated by third parties that are linked to our website. We encourage you to learn about the privacy policies of such third party websites. Some of these third party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable privacy policy of the third party website to determine how they will handle any information they collect from you.

  8. Contacting Us – Feedback, Withdrawal of Consent, Access and Correction of your Personal Data

    1. If you:

      1. have any questions or feedback relating to your Personal Data or our Data Protection Policy;
      2. would like to withdraw your consent to any use of your Personal Data as set out in this Data Protection Policy; or
      3. would like to obtain access and make corrections to your Personal Data records, please contact us as follows:
        Email: dpo@bankofsingapore.com
        Call: +65 6559 8000
        Write in: Data Protection Officer
        Bank of Singapore Limited
        63 Market Street
        #22-00 Bank of Singapore Centre
        Singapore 048942
    2. Please note that if your Personal Data has been provided to us by a third party (for example, The Central Depository Pte Ltd), you should contact that such party directly to make any queries, feedback and access and correction requests to BOS on your behalf.

    3. If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, BOS or any of the Companies may not be in a position to continue to provide its products or services to you, administer any contractual relationship in place, may also result in the termination of any agreements you have entered into with BOS or any of the Companies, and your being in breach of your contractual obligations or undertakings, and BOS’s or the Company’s legal rights and remedies in such event are expressly reserved.

  9. Governing Law

    1. This Data Protection Policy and your use of this website shall be governed in all respects by the laws of Singapore.

The purpose of this document ("Data Protection Policy") is to inform you of how BOS Trustee Limited manages Personal Data (as defined below) which is subject to the Singapore Personal Data Protection Act (No. 26 of 2012) ("the Act"). Please take a moment to read this Data Protection Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.

By interacting with us, submitting information to us, or signing up for any Services (as defined in paragraph 2.1(a) below) offered by us, you agree and consent to BOS Trustee Limited (including its related corporations and business units) (collectively, the "Companies"), as well as their respective representatives and/or agents ("Representatives") (the Companies and Representatives collectively referred to herein as "BOSTL", "us", "we" or "our") collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to the Companies' authorised service providers and relevant third parties in the manner set forth in this Data Protection Policy.

This Data Protection Policy supplements but does not supersede nor replace any other consents you may have previously provided to BOSTL in respect of your Personal Data, and your consents herein are additional to any rights which to any of the Companies may have at law to collect, use or disclose your Personal Data.

BOSTL may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of the Data Protection Policy as updated from time to time on our website http://www.bankofsingapore.com/Data-Protection-Policy.html. Please check back regularly for updated information on the handling of your Personal Data.

  1. Personal Data

    In this Data Protection Policy, "Personal Data" refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.

    Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address, transactional data and any other information relating to any individuals which you have provided us in any forms you may have submitted to us (including in the form of biometric data), or via other forms of interaction with you.

  2. Collection of Personal Data

    1. Generally, we collect Personal Data in the following ways:

      1. when you submit any forms, for example, application forms or other forms or documents relating to any of our services, including but not limited to trust services or company management / administration services (the "Services");
      2. when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our Services;
      3. when you interact with our BOSTL staff, whether directly or through the relationship managers, marketing associates and wealth planners of the Companies, for example, via telephone calls (which may be recorded), letters, fax, face-to-face meetings and emails;
      4. when your images are captured by us via closed-circuit television cameras ("CCTV") while you are within our premises, or via photographs or videos taken by us or our representatives when you attend events hosted by us;
      5. you request that we contact you, or include you in an email or other mailing list; or when you respond to our request for additional Personal Data;
      6. when we seek information about you and receive your Personal Data from third parties in connection with the Services, for example, from referrers, insurance brokers, any of the Companies, business partners, public agencies or the relevant authorities; and/or
      7. when you submit your Personal Data to us for any other reason.
    2. If you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children, parents, beneficial owners, authorised signatories, directors, shareholders, officers of a company, partners or members of a partnership, settlor, trustees, beneficiaries, protectors or grantors of trust, power of attorney holders, surety, third party security providers, provider of funds, founders, employers, business partners and/or employees, payees of designated payments, representatives, agents or nominees), by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with their Personal Data for the respective purposes.

    3. You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the Services you have requested. You agree to inform BOSTL immediately of any change of facts or circumstances which may render any information or Personal Data previously provided inaccurate, untrue or incorrect and provide any information or documentation as BOSTL may reasonably require for the purposes of verifying the accuracy of the updated information or Personal Data.

  3. Purposes for the Collection, Use and Disclosure of Your Personal Data

    1. Generally, BOSTL collects, uses and discloses your Personal Data for the following purposes:

        1. responding to, processing and handling your complaints, queries, requests, feedback and suggestions;
        2. verifying your identity and customer due diligence;
        3. managing the administrative and business operations of the Companies and complying with internal policies and procedures;
        4. verifying or confirming trade orders or instructions from you or for your account, including but not limited to instructions on fund transfers or remittances;
        5. facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving any of the Companies;
        6. matching any Personal Data held which relates to you for any of the purposes listed herein;
        7. preventing, detecting and investigating crime, including fraud and money-laundering or terrorist financing, and analysing and managing commercial risks;
        8. managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
        9. managing and preparing reports on incidents and accidents;
        10. providing media announcements and responses, for example, in relation to complaints or law suits;
        11. complying with any applicable rules, laws and regulations, codes of practice or guidelines, obligations, requirements or arrangements for collecting, using and disclosing Personal Data that apply to BOSTL or that it is expected to comply, according to:
          1. any law binding or applying to it within or outside Singapore existing currently and in the future;
          2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Singapore existing currently and in the future;
          3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on BOSTL by reason of its financial, commercial, business, or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations;
        12. to assist in law enforcement and investigations by relevant authorities;
        13. in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
        14. archival management (including but not limited to warehouse storage and retrievals); and/or
        15. any other purpose relating to any of the above.

      These purposes may also apply even if you do not maintain any account(s) with us, or have terminated these account(s).

    2. In addition, BOSTL collects, uses and discloses your Personal Data for the following purposes depending on the nature of our relationship:

      1. If you are a prospective customer:
        1. evaluating your needs and objectives and providing recommendations to you as to the type of Services suited to your needs;
        2. assessing and processing any applications or requests made by you for the Services offered by BOSTL; and/or
        3. any other purpose relating to any of the above.
      2. If you are a customer, settlor, beneficiary or a "Trust Relevant Party" as defined under MAS Notice TCA-N03, ultimate beneficial owner, appointed representative (including but not limited an individual having a power of attorney), employee, director, shareholder, guarantor or such other individual related to a trust or company managed/administered by BOSTL:
        1. opening, maintaining or closing of accounts and our establishing or providing the Services;
        2. where account or relationship managers or agents have been assigned to service your account or portfolio, using your telephone number(s) to contact you from time to time in order to take your instructions, and/or provide you with information, updates, or recommendations and / or in accordance with the terms and conditions of our agreement with you;
        3. facilitating the continuation or termination of the trust or company management/administration relationship or the daily operation of the Services and providing client servicing (including but not limited to responding to individual requests by customers, and providing customer satisfaction);
        4. facilitating the transfer of funds within banking accounts held with any of the Companies or from such accounts to external banking accounts and vice versa;
        5. administering exceptional approvals, fee adjustments or waivers;
        6. dealing with investment products (for example, bonds, derivatives, equities, funds);
        7. customer outreach and relationship management;
        8. designing services or related products for customers’ use; and/or
        9. any other purpose relating to any of the above.
      3. If you are an employee or agent of a referrer or other intermediary:
        1. marketing services and products;
        2. processing commission remuneration;
        3. performing due diligence and reference checks; and/or
        4. any other purpose relating to any of the above.
      4. If you are an employee, officer or owner of an external service provider or vendor outsourced or prospected by BOSTL:
        1. managing project tenders or the supply of goods and services;
        2. processing and payment of vendor invoices; and/or
        3. any other purpose relating to any of the above.
      5. If you are a party or a counterparty to a transaction (for example, a beneficiary of a fund transfer or payment):
        1. providing cash, payment and transactional services; and/or
        2. any other purpose relating to any of the above.
      6. If you sit on the BOSTL Board of Directors:
        1. facilitating appointment to the Board (including but not limited to managing the publication of directors’ statistics on annual reports and circulars);
        2. complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (including but not limited to disclosures to regulatory bodies or conducting due diligence);
        3. administrative matters (including but not limited to the maintenance of statutory registers and lodgement of directors’ fee);
        4. managing insurance programmes; and/or
        5. any other purpose relating to any of the above.
    3. In addition, where permitted under the Act, BOSTL may also collect, use and disclose your Personal Data to send you details of Services either to our customers generally, or which we have identified may be of interest to you (which we may describe in our documents and agreements as "Additional Purposes" for the handling of Personal Data).

    4. If you have provided your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, BOSTL may contact you using such Singapore telephone number(s) (including via voice calls, text , fax or other means) with information about our Services (including discounts and special offers).

    5. In relation to particular Services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.

  4. Disclosure of Personal Data

    1. BOSTL will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be provided, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:

      1. BOSTL’s related corporations;
      2. counterparties and their respective banks in relation to fund transfers for your account, including fund transfers, payments and drawing of cheques;
      3. third party recipients of BOSTL reference letters;
      4. companies providing services relating to insurance and/or reinsurance to BOSTL;
      5. agents, contractors, vendor, installer or third party service providers who provide operational services to BOSTL, such as courier services, telecommunications, information technology, payment, payroll, processing, training, market research, storage, archival, customer support investigation services or other services to BOSTL;
      6. vendors or other third party service providers in connection with the Services offered by BOSTL;
      7. credit reporting agencies;
      8. any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or any debt or asset sale) involving any of the Companies;
      9. credit card companies and their respective service providers in respect of credit cards held by you;
      10. our professional advisers such as our auditors and lawyers;
      11. lawyers who are appointed by you;
      12. third parties who provide due diligence services in connection with you or any individual in relation to your trust or company;
      13. relevant government regulators, government ministries, statutory boards or authorities or law enforcement agencies, whether local or overseas, including the Monetary Authority of Singapore, Inland Revenue Authority of Singapore, Commissioner of Charities, the Accounting and Corporate Regulatory Authority and the Insolvency and Public Trustee Office, to comply with any directions, laws, rules, guidelines, regulations or schemes issued or administered by any of them, as well as to comply with listing and other requirements or directions of Singapore Exchange Limited and/or any other relevant securities exchange;
      14. surveyors, auctioneers, valuers or other third parties in relation to loans and other credit facilities such as mortgages;
      15. the Central Provident Fund Board ("CPF") and its agent banks in relation to CPF investment products, payment schemes and processing excess payment refunds;
      16. financial institutions, brokerage houses, clearing houses, depository, depository agents, managers, administrators, fund houses, registrars, custodians, external banks, the Central Depository, nominee banks, and investment vehicles in relation to asset management and investment product settlement processing;
      17. Credit Counselling Singapore, and collection and repossession agencies in relation to the enforcement of repayment obligations for loans and other credit facilities;
      18. external business and charity partners in relation to corporate promotional events;
      19. third parties who organise promotional or marketing events, seminars or trainings;
      20. telecommunications companies, the National Trades Union Congress, Singapore Press Holdings and local town councils and any other billing entities in relation to processing the payment of bills;
      21. any person to whom BOSTL or any of the Companies is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to BOSTL or any of the Companies, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which BOSTL or any of the Companies are expected to comply, or any disclosure pursuant to any contractual or other commitment of BOSTL or any of the Companies with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or industry bodies or associations of financial services providers, all of which may be within or outside Singapore and may be existing currently and in the future; and/or
      22. any other party to whom you authorise us to disclose your Personal Data to.
  5. Contacting Us – Feedback, Withdrawal of Consent, Access and Correction of your Personal Data

    1. If you:

      1. have any questions or feedback relating to your Personal Data or our Data Protection Policy;
      2. would like to withdraw your consent to any use of your Personal Data as set out in this Data Protection Policy; or
      3. would like to obtain access and make corrections to your Personal Data records, please contact BOSTL as follows:
        Email: dpo.sg@BOSTrustee.com
        Call: +65 6818 6478
        Write in: Data Protection Officer
        Data Protection & Governance Office
        BOS Trustee Limited
        63 Market Street
        #14-00
        Bank of Singapore Centre
        Singapore 048942
    2. Please note that if your Personal Data has been provided to us by a third party (e.g. The Central Depository Pte Ltd), you should contact such party directly to make any queries, feedback, and access and correction requests to BOSTL on your behalf.

    3. If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, BOSTL may not be in a position to continue to provide its Services to you, administer any contractual relationship in place, may also result in the termination of any agreements with BOSTL, and your being in breach of your contractual obligations or undertakings, and BOSTL’s legal rights and remedies in such event are expressly reserved.

  6. Governing Law

    1. This Data Protection Policy and your use of this website shall be governed in all respects by the laws of Singapore.

In this privacy notice, ‘we’ us’ and ‘our’ means:

Bank of Singapore Limited, 63 Market Street, #22-00 Bank of Singapore Centre, Singapore 048942, and the Bank of Singapore Limited (Dubai International Financial Centre Branch), Office 30-32, Level 28, Central Park Tower, Dubai International Financial Centre, Bank of Singapore Limited, Hong Kong Branch, 34/F & 35F One International Finance Centre, 1 Harbour View Street, Central, Hong Kong, (collectively, the “Bank”) and BOS Trustee Limited, 63 Market Street #14-00 Bank of Singapore Centre Singapore 048942 (the “Trustee”).

We are committed to protecting your privacy and ensuring the highest level of security for your personal information. This Privacy Notice explains the types of personal information we collect, how we use that information, who we share it with, and how we protect that information. It also provides information about your rights.

Please read the following carefully to understand our views and practices regarding your personal information.

  1. Who are we?

    Depending on which of our products and services you ask us about, buy or use, different companies within our organisation will process your information. Generally, the Bank provides private banking services, while the Trustee provides trustee and trust administration services to clients of the Bank.

  2. Scope of this Privacy Notice

    This Privacy Notice applies to any individual located within the European Economic Area1 (“EEA”, i.e. EU member states including Norway, Liechtenstein and Iceland) who enquire about, purchase or make use of our products and services provided by the Bank and/or Trustee.

    1For the purposes of this Privacy Notice, the European Economic Area shall comprise the following countries: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the UK, Iceland, Liechtenstein and Norway. (Iceland, Liechtenstein and Norway are not part of the EU, but are part of the European Economic Area, and the GDPR applies to them as well.)

  3. Ways in which we obtain personal information

    We may collect information about you from the following sources:

    1. Information we receive from you

      We obtain personal information about you through your interactions with us generally, including by telephone calls (which may be recorded), by email, via our websites, via application or other forms or face to face (e.g. in meetings). We collect personal information (such as your name, contact details, financial details, employment and education details, nationality, date and place of birth, marital status, passport or other identification details and details of visits to our premises) that you provide to us when you:

      1. enquire about our products and services;
      2. submit applications to open an account or to establish a trust or other entities forming part of the trust assets; and
      3. subsequently correspond with us.
    2. Information we collect about you

      We collect information about you by monitoring your access to our premises (e.g. CCTV). We also collect information about how you interact with our website, including IP addresses or other device information (you’ll find more information about this in our Cookie Statement).

    3. Information we receive from third parties

      We receive information about you from third parties (e.g. credit reference agencies).

  4. Categories of personal information

    We process two categories of personal information about you:

    1. Standard personal information (e.g. information we use to contact you, identify you or manage our relationship with you).
    2. Sometimes you may choose to give us special category information about you or others which may attract extra protections under data protection laws (e.g. information about sexual orientation may be revealed if you tell us that you are married or in a relationship and you also give us the name of your partner).
  5. How do we use your personal information?

    We process your personal information for the purposes set out in this notice. Different legal grounds apply depending on what category of personal information we process. Standard personal information is normally processed by us on the basis that it is necessary for the performance of a contract, our or a third parties’ legitimate interests or law. Further information about this and special category processing grounds is set out below.

    We process the following information:

    For the following purpose(s):

    Based on the following justification:

     

     

     

    Name, ID Number, Nationality, Passport Information, Tax Details, Date of Birth, Place of Birth, Residential Address, Business Address, Occupation, Signature, Employment History, Education Background, Financial Details, Criminal Records

    To facilitate our account opening process, our trust and other entities establishment process, our customer due diligence process and our vendor due diligence process, as well as to prevent fraud and abuse of our services.

    Necessary to perform our contract, to comply with our regulatory requirements and more generally in order to pursue our legitimate interest (see below) of managing our administrative and business operations and complying with internal policies and procedures.

    Financial and Transactional (e.g. details about your accounts with us and payments to and from your accounts with us)

    To enable us to process your transactions. To fulfil our Regulatory Reporting processes and facilitate fraud case handling and reporting (where required)

    Necessary to perform our contract and to comply with our regulatory requirements and more generally in order to pursue our legitimate interests (See below).

    Telephone Calls

    Monitoring of regulated activities, training and development

    To comply with our regulatory requirements and to pursue our legitimate interest (see below) to enhance the quality of our service.

    Particulars of any complaints

    To facilitate complaints handling and reporting

    To comply with our regulatory requirements

  6. Legitimate interests

    Legitimate interest is one of the legal reasons why we may process your personal information. We process your personal information for a number of legitimate interests, including managing all aspects of our relationship with you, for marketing, to help us improve our services and products, and in order to exercise our rights or handle claims.

    Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:

    1. to manage our relationship with you, our business and third parties who provide products or services for us;
    2. to make sure that complaints or queries are handled efficiently and to enhance our products and services;
    3. to keep our records up to date and to provide you with marketing as allowed by law;
    4. to develop and carry out marketing activities and to show you information that is of interest to you, based on our understanding of your preferences;
    5. to monitor how well we are meeting our performance expectations in the delivery of our services (e.g. call recording);
    6. to pursue our legitimate interest in managing the safety and security of our premises and services for the prevention, detection and prosecution of crime, security health and safety (e.g. CCTV Video images);
    7. to enforce or apply our website terms of use, our policy terms and conditions or other contracts, or to protect our (or our customers’ or other people’s) rights, property or safety;
    8. to exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with; and
    9. to take part in, or be the subject of, any sale, purchase, merger or takeover of all or part of our business.
  7. Do we use your personal information for direct marketing?

    With your permission, we may send you carefully selected information about our products and services. You have the right to opt out of receiving direct marketing at any time by contacting your Relationship Manager

  8. With which third parties do we share your personal information?

    We share your information for the purposes set out in this privacy policy, with the following categories of recipients :

    1. The Bank’s group of companies: We share your personal information among our group of companies, including our branches, subsidiaries, representative offices, parent company Oversea-Chinese Banking Corporation Limited (“OCBC”) and branches and subsidiaries of OCBC, in order to open your account with us, administer our services and products, provide you with customer support, process your payments, understand your preferences, send you information about products and services that may be of interest to you and conduct the other activities described in this Privacy Notice.
    2. Our service providers: We use other companies, agents or contractors to perform services on our behalf or to assist us with the provision of our services and products to you, including:
      1. infrastructure and IT service providers, including for email archiving.
      2. marketing, advertising and communications agencies.
      3. credit reference agencies
      4. external auditors and advisers.
      5. offsite archival storage providers

      In the course of providing such services, these service providers may have access to your personal information. However, we will only provide our service providers with personal information which is necessary for them to perform their services, and we require them not to use your information for any other purpose. We will use our best efforts to ensure that all our service providers keep your personal information secure.

    3. Third parties permitted by law: In certain circumstances, we may be required to disclose or share your personal information in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal information to the police, regulators, government agencies or to judicial or administrative authorities).

      We may also disclose your personal information to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our contracts or protect your rights or those of the public.

    4. Third parties connected with business transfers:We may transfer your personal information to third parties in connection with a reorganisation, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal information in a manner consistent with this Privacy Notice.

      We will not sell your personal information to third parties.

      Please note our website may, from time to time, contain links to and from the websites of our partners or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we have no control over how they may use your personal information. You should check the privacy policies of third party websites before you submit any personal information to them.

  9. Do we transfer personal information outside the EEA?

    We use global information systems. As a result, The Bank and Trustee transfers and processes your information to countries outside of the EEA to Singapore, Hong Kong, Dubai, and Philippines. This list of jurisdictions may be subject to change. We take steps to ensure that when your personal information is transferred internationally, it is subject to appropriate safeguards in accordance with applicable data protection laws. Often, these safeguards include contractual safeguards. More information about these safeguards can be obtained by contacting:


    Email: dpo@bankofsingapore.com


    Write in: Data Protection Officer, Bank of Singapore Limited, 63 Market Street, #22-00 bank of Singapore Centre, Singapore 048942.

  10. What are your rights?

    The data protection laws in the EEA and in some other countries provide individuals with the following rights:

    1. Right of subject access: The right to make a written request for details of personal information we hold about you and to request a copy of that personal information.
    2. Right to rectification: The right to have inaccurate information about you rectified.
    3. Right to erasure ('right to be forgotten'): The right to have certain personal information about you erased.
    4. Right to restriction of processing: The right to request that your personal information is only used for restricted purposes.
    5. Right to object: The right to object to the use of personal information (including the right to object to marketing).
    6. Right to data portability: The right to ask for personal information you have made available to us to be transferred to you or a third party in machine-readable formats.
    7. Right to withdraw consent: We do not normally rely on consent as a basis for processing your personal information. We will only ask for your consent in very limited circumstances and, if we do so, will make it obvious to you when we are asking for that consent and what that is for. You have the right to withdraw any consent you have given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of use of your personal information prior to the withdrawal of your consent.

    These rights may not apply in all cases. If we are not able to comply with your request, we will explain why. In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If you would like more information about your rights or to exercise any of your rights, please contact:


    Email: dpo@bankofsingapore.com


    Write in: Data Protection Officer, Bank of Singapore Limited, 63 Market Street, #22-00 bank of Singapore Centre, Singapore 048942.


    You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. If you are based in, or the issue relates to, the UK, the Information Commissioner’s Office can be contacted as follows:


    Telephone: +44 0303 123 1113


    Email: casework@ico.org.uk


    Website: www.ico.org.uk


    Web-form: www.ico.org.uk/concerns/


    Address: Water Lane, Wycliffe House, Wilmslow, Cheshire, SK9 5AF


    If you are in the EEA, you can also lodge a complaint with another supervisory authority which is based in the country or territory where:


    a. you are living,


    b. you work, or


    c. the alleged infringement took place.


    A list of the EU data protection supervisory authorities is available here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

  11. How do we protect your personal information?

    We have implemented technical and organisational security measures to safeguard the personal information in our custody and control. Such measures include, for example, limiting access to personal information only to employees and authorised service providers who need to know such information for the purposes described in this Privacy Notice; adopting security protocols on networks and systems; using email security settings when sending and/or receiving highly confidential emails; applying physical access controls such as marking confidential documents clearly and prominently, storing confidential documents in locked file cabinets; restricting access to confidential documents on a need-to-know basis; using privacy filters; disposal of confidential documents that are no longer needed, through shredding or similar means; using a mode of delivery or transmission of personal data that affords the appropriate level of security (e.g. registered post instead of normal post where appropriate); confirming the intended recipient of personal data as well as other administrative, technical and physical safeguards.


    While we endeavour to protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.

  12. How long do we keep your personal information?

    We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent permitted by applicable laws. In general, we will keep your personal data for between seven (7) to twelve (12) years (depending on the type of information, and in accordance with our internal policies) after your relationship with us is terminated. However, there may be circumstances that mean we must retain your personal information for longer. In order to determine how long it is necessary to retain your personal information, we calculate retention periods in accordance with the following criteria:

    1. the currency of your relationship with us and the types of products or services you have with us;
    2. the length of time it is reasonable to keep records to demonstrate that we have fulfilled our obligations to you and under law;
    3. any limitation periods within which claims might be made;
    4. any retention periods prescribed by law or recommended by regulators, industry bodies or associations; and
    5. the existence of any relevant proceedings.
  13. How do we deal with children's privacy?

    Our services are not intended to be provided to children and we will never knowingly collect personal information from individuals under the age of thirteen (13) years without first obtaining verifiable parental consent. If you are under the age of 13 you should not provide information to us. If we become aware that a person under 13 has provided personal information to us without verifiable parental consent, we will remove such personal information from our files.

  14. How can you contact us?

    If there are any questions or concerns regarding this Privacy Notice, please contact us as follows:


    Email: dpo@bankofsingapore.com


    Write in: Data Protection Officer, Bank of Singapore Limited, 63 Market Street,#22-00 bank of Singapore Centre, Singapore 048942.

  15. Which version of this Privacy Notice applies?

    This Privacy Notice is written in English and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.

    We reserve the right to change our Privacy Notice from time to time. If we decide to change our Privacy Notice we will notify you of these changes.


    18th Oct 2019

  16. Cookie Statement

    In order to meet customer expectations and improve the services offered on our website, Bank of Singapore Limited, 63 Market Street, #22-00 Bank of Singapore Centre, Singapore 048942 may use cookies. If you want to learn more about what are cookies, how they're used and what your choices are, you can read more here.

    1. What are cookies?

      Cookies are small text files stored in your computing or other electronic devices which allow us to remember you or other data about you. The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on an electronic device. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on that visitor.

    2. How are cookies used?

      Cookies are used for different purposes. We may employ cookies in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor's IP address, and a visitor's click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).

    3. What types of cookies do we use?

      Cookies can generally be put into one of the following four categories:

      1. Strictly necessary cookies, which enable services you have specifically asked for
      2. Performance cookies, which collect anonymous information on the pages you have visited
      3. Functionality cookies, which remember the choices you have made to improve your experience
      4. Targeting cookies, which collect information about your browsing habits in order to make advertising relevant to you and your interests

      We use the following cookies on our website:

      Cookie name

      Category

      Purpose

      First / Third Party

      JSESSIONID

      Strictly necessary cookies

      This is required to have client session stickiness with application server

      First Party

      WASSID & WSATAR

      Strictly necessary cookies

      Used to track and authenticate user login

      First Party

      AMCV_###@AdobeOrg

      Functionality and performance cookies

      This cookie is used by our analytics software, Adobe Analytics, to identify a unique visitor.

      First and Third Party

      gpv

      Functionality and performance cookies

      This cookie stores the quantity of pages you view when visiting the Websites

      First and Third Party

      s_cc

      Functionality and performance cookies

      This cookie allows Adobe Analytics to determine whether or not cookies are enabled in your browser.

      First and Third Party

      s_ppv

      Functionality and performance cookies

      Stores information on the percentage of the page displayed

      First and Third Party

      s_ppvl

      Functionality and performance cookies

      Stores information on the percentage of the page displayed to you

      First and Third Party

      s_sq

      Functionality and performance cookies

      This cookie is set and read by the JavaScript code when the ClickMap functionality and the Activity Map functionality are enabled; it contains information about the previous links that you clicked on the Websites.

      First Party

      _ga

      Functionality and performance cookies

      Google Analytics to determine that two distinct hits belong to the same user across sessions

      First and Third Party

      _gat

      Functionality and performance cookies

      Google analytics to measure how users interact with website content as a user journey between web pages

      Third Party

      _gid

      Functionality and performance cookies

      To store and update a unique value for each page visited for google analytics

      Third Party

    4. What are your choices?

      Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain parts of our website.


      To learn more about cookies and how to manage or delete them, just visit allaboutcookies.org and the help section of your browser. In the settings for browsers like Internet Explorer, Safari, Firefox or Chrome, you can set which cookies to accept and which to reject. Where you find these settings depends on your browser – use the "Help" function in your browser to locate the settings you need.


      You can also find helpful information about cookies at http://www.youronlinechoices.eu and http://www.international-chamber.co.uk/our-expertise/digitaleconomy.


      If you have any questions, suggestions, or comments about this Cookie Statement, send an email to dpo@bankofsingapore.com. Our Cookie Statement may also be amended from time to time – so visit this page regularly to stay up to date.

PRELIMINARY PROVISIONS

BOS Wealth Management Europe S.A. (“BOSWME”) is committed to protecting your privacy and ensuring the highest level of security for your personal data. This Data Privacy Notice explains the types of personal data we collect, how we use that data, who we share it with, and how we protect that data

The information sets-out in this Data Privacy Notice will continue to apply even after the termination of your agreement with us for the provision of our services.

Please read the following carefully to understand our views and practices with respect to personal data.

Wherever we’ve said “you” or “your”, this means you or any person connected to you namely any authorised person, anyone who deals with us for you (e.g. trustees or executors, attorneys, external asset managers) and
other related people (including but not limited to authorised signatories, partners, members, directors, beneficial owners of companies, beneficiaries of trusts).

Wherever we’ve said ‘we’ or ‘our’, this means BOSWME.

  1. Who are we?

    For the purposes of applicable data protections laws, the data controller is BOS Wealth Management Europe S.A. 33 Rue Sainte Zithe, L-2763 Luxembourg, Luxembourg.

  2. What data is covered by this Data Privacy Notice?

    This Data Privacy Notice applies to personal data processed by BOSWME which means data that (either in isolation or in combination with other data) enables you to be identified directly or indirectly.

  3. What data do we collect from you?

    We may collect data about you from the following sources:

    1. Data we receive from you

      We may collect personal data (such as name, contact details, financial details, employment and education details, nationality, date and place of birth, marital status, passport or other identification details and details of visits to our premises) that you provide us, inter alia:   

      • for the process to enter into a business relationship with us, for example when you fill out our documentation, forms; and
      • subsequently correspond with us.
    2. Data we collect about you

      We may also collect personal data from you when you interact with our staff, including customer service officers, relationship managers, other representatives, for example, via telephone calls (which may be recorded), letters, faxes, face-to-face meetings and emails

    3. Data we obtain from other sources

      This includes:

      • Communications data (e.g. email data, third party data, chat data, instant messages, corporate and media broadcasts, disputes/litigation, correspondence between legal advisers and stakeholders and transcripts or minutes); and
      • Combined data from external sources (e.g. data pertaining to social interactions between individuals, organizations, prospects and other stakeholders acquired from companies that collect combined data and data from fraud avoidance systems).
  4. How do we use your personal data?

    We process the following information:

    For the following purpose(s):

    Based on the following justification:

     

     

     

    Name, ID Number, Nationality, Passport Data, Tax Details, Date of Birth, Place of Birth, Residential Address, Business Address, Occupation, Signature, Employment History, Education Background,
    Financial Details, Criminal Records.

    To conduct our required customer due diligence
    processes when you enter into a business relationship with us, to facilitate other entities establishment and our vendor due diligence process.

    Necessary to perform our contract, to comply with our
    regulatory requirements and in order to pursue our legitimate interest of managing our administrative and business operations and complying with internal policies and procedures.

    Financial and Transactional (e.g. details about your accounts with us and payments to and from your accounts with us).

    To enable us to process your transactions. To fulfill our regulatory reporting duties.

    Necessary to perform our contract and to comply with our regulatory requirements.

    CCTV Video images (of visitors to our Office).

    Crime prevention, detection and prosecution, security health and safety

    In order to pursue our legitimate interest in managing the safety and security of our premises and services.

    Telephone Calls

    Monitoring of regulated activities, training and
    development. 

    To comply with our regulatory requirements and to pursue our legitimate interest to enhance the quality of our service.

    Fraudulent Activity

    To facilitate fraud case handling and reporting

    To comply with our regulatory requirements and in order to pursue our legitimate interest in
    preventing, detecting and investigating crime, including fraud and money-laundering or
    terrorist financing, and additionally, to analyse and manage commercial risks.

    Particulars of any complaints

    To facilitate complaints handling and reporting

    To comply with our regulatory requirements and to pursue our legitimate interest of enhancing our products and services

  5. Do we use your personal data for direct marketing?

    Your personal data may be processed for the purposes of direct marketing and we will do this on the basis that it is in our legitimate interest. With your permission, we may send you marketing messages by email and/or contact you by telephone to provide you with information about our products and services. You have the right at any time to object to the use of your personal data for marketing purposes by contacting us using the contact details set out in “How can you contract us?” section below.

  6. With which third parties do we share your personal data?

    Your personal data are intended for BOSWME but may be shared with third parties in certain circumstances:

    To companies pertaining to the same group: In order to optimize the quality and efficiency of its services for its clients, BOSWME relies on the resources, skills and operational support of its branch established in the United Kingdom. For the same purposes, BOSWME also relies on the branch of OCBC Bank established in the United
    Kingdom (the “OCBC Branch”), its ultimate parent company OCBC Bank (established in Singapore) as well as its parent company, Bank of Singapore Limited (established in Singapore), their subsidiaries, branches, representative offices and other entities belonging to the OCBC and Bank of Singapore group (together, the “Recipients”).

    We may share your personal data to the Recipients in order to administer our services and products, provide you with customer support, process your instructions, understand your preferences, send you information about products and services that may be of interest to you and conduct the other activities described in this Data Privacy Notice.

    Additionally, we may share your personal data with the Recipient where we have a legitimate reason for doing so e.g. to manage risk, to verify your identify, or to assess your suitability for products and services. Our service providers: We use other companies, agents or contractors to perform services on our behalf or to
    assist us with the provision of our services and products to you. We may share personal data with the following categories of service provider:

    a. infrastructure and IT service providers, including for email archiving.
    b. marketing, advertising and communications agencies.
    c. credit reference agencies.
    d. external auditors and advisers.
    e. offsite archival storage providers

    In the course of providing such services, these service providers may have access to your personal data. However, we will only provide our service providers with personal data which is necessary for them to perform their services, and we obligate them not to use your information for any other purpose. We will seek to ensure on a best efforts basis that all our service providers keep your personal data secure.

    Third parties permitted by law: In certain circumstances, we may be required to disclose or share your personal data in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal data to the police, regulators, government agencies or to judicial or administrative authorities).

    We may also disclose your personal data to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our contracts or protect your rights or those of the public.

    Third parties connected with business transfers: We may transfer your personal data to third parties in connection with a reorganisation, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal data in a manner consistent with this Privacy Notice.

    We will not sell your personal data to third parties.

    Please note our website may, from time to time, contain links to and from the websites of our partners or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we have no control over how they may use your personal data. You should check the privacy policies of third party websites before you submit any personal data to them.

  7. Do we transfer personal data outside the EEA?

    Your personal data may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) including to locations which may not have the same level of protection for personal data as in the EEA. 

    For the purposes mentioned in the “With which third parties do we share your personal data?” section, personal data may be transferred to Recipients located in Singapore, Hong Kong and their office located in Philippines and Dubai. Despite the existence of comprehensive data protection laws in Singapore and Hong Kong, those countries are not part of the limited list of countries offering an adequate level of protection for personal data set out by the European Commission. For this reason, BOSWME, acting as data controller, has taken all reasonable steps necessary to ensure that your personal data is treated securely and in accordance with this Data Privacy Notice as well as applicable data protection laws, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the EEA (available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contractstransfer-personal-data-third-countries_en).

    The Recipients will also monitor the compliance by their sub-contractors with the terms of those contractual arrangements. BOSWME may also transfer Personal Data to third-parties such as governmental or regulatory agencies in or outside the European Union, in accordance with applicable laws and regulations

  8. What are your rights?

    If you are in the European Economic Area, you have the following rights (if applicable):

    a. Access. You have the right to request a copy of the personal data we are processing about you. For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information. 

    b. Rectification. You have the right to have incomplete or inaccurate personal data that we process about you rectified.

    c. Deletion. You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.

    d. Restriction. You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.

    e. Portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you.

    f. Objection. Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.

    g. Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us. 

    You can make a request to exercise any of these rights in relation to your personal data by sending the request by mail to: Head of Compliance, BOS Wealth Management Europe S.A., 33 Rue Sainte Zithe, L-2763 Luxembourg, Luxembourg.

    You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. If you are based in, or the issue relates to, Luxembourg, the National Data Protection Commission (CNPD) can be contacted as follows: 

    Telephone: (+352) 26 10 60 -1
    Email: info@cnpd.lu
    Website: https://www.cnpd.lu
    Address: 1, avenue du Rock’n’Roll, L-4361 Esch-sur-Alzette, Luxembourg

    If you are based in, or the issue you would like to complain about took place, elsewhere in the European Economic Area (EEA), please click here for a list of local data protection authorities in the other EEA countries: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

  9. How do we protect your personal data?

    We have implemented technical and organisational security measures to safeguard the personal data in our custody and control. Such measures include, for example, limiting access to personal data only to employees and authorised service providers who need to know such information for the purposes described in this Data Privacy Notice; adopting security protocols on networks and systems; using email security settings when sending and/or receiving highly confidential emails; applying physical access controls such as marking confidential documents clearly and prominently, storing confidential documents in locked file cabinets; restricting access to confidential documents on a need-to-know basis; using privacy filters; disposal of
    confidential documents that are no longer needed, through shredding or similar means; using a mode of delivery or transmission of personal data that affords the appropriate level of security (e.g. registered post instead of normal post where appropriate); confirming the intended recipient of personal data as well as other administrative, technical and physical safeguards.

    While we endeavour to protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from  intrusion by others, such as hackers.

  10. How long do we keep your personal data?

    We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent permitted by applicable laws. When we no longer need to use personal data, we will remove it from our systems and records and/or take steps to anonymise it so that you can no longer be identified from it.

  11. How do we deal with children’s privacy?

    We will never knowingly collect personal data from individuals under the age of sixteen (16) years without first obtaining verifiable parental consent. If you are under the age of 16 you should not provide information to us. If we become aware that a person under 16 has provided personal data to us without verifiable parental consent, we will remove such personal data from our files.

  12. How can you contract us?

    If there are any questions or concerns regarding this Data Privacy Notice, please contact us as follows:

    Head of Compliance, BOS Wealth Management Europe S.A., 33 Rue Sainte Zithe, L-2763 Luxembourg, Luxembourg.

  13. Which version of this Data Privacy Notice applies?

    This Data Privacy Notice is written in English and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.

    We reserve the right to change our Data Privacy Notice from time to time. If we decide to change our Data Privacy Notice we will notify you of these changes.

  1. From time to time, it may be necessary for the Bank to collect data of clients and other individuals (for example, persons giving or proposing to give guarantees or third party security for obligations owed to the Bank, persons linked to a client that is not an individual, including the beneficial owners and officers of that client, or in the case of a trust, the trustees, settlors, protectors and beneficiaries of the trust and other persons who are relevant to a client’s relationship with the Bank) in connection with the purposes set out in this Statement. Clients and other individuals are collectively, referred to as “you” and/or ‘data subject’ in this Statement.

BOS Wealth Management Europe S.A. acting though its UK Branch (“BOSWME”) is committed to protecting your privacy and ensuring the highest level of security for your personal data. This Data Privacy Notice explains the types of personal data we collect, how we use that data, who we share it with, and how we protect that data.

The information sets-out in this Data Privacy Notice will continue to apply even after the termination of your agreement with us for the provision of our services.

Please read the following carefully to understand our views and practices with respect to personal data.

Wherever we’ve said “you” or “your”, this means you or any person connected to you namely any authorised person, anyone who deals with us for you (e.g. trustees or executors, attorneys, external asset managers) and
other related people (including but not limited to authorised signatories, partners, members, directors, beneficial owners of companies, beneficiaries of trusts).

Wherever we’ve said ‘we’ or ‘our’, this means BOSWME.

  1. Who are we?

    For the purposes of applicable data protections laws, the data controller is BOS Wealth Management Europe S.A., UK Branch, 3rd Floor, The Rex Building 62 Queen Street, London EC4R 1EB, United Kingdom.

  2. What data is covered by this Data Privacy Notice?

    This Data Privacy Notice applies to personal data processed by BOSWME which means data that (either in isolation or in combination with other data) enables you to be identified directly or indirectly.

  3. What data do we collect from you?

    We may collect data about you from the following sources:

    1. Data we receive from you

      We may collect personal data (such as name, contact details, financial details, employment and education details, nationality, date and place of birth, marital status, passport or other identification details and details of visits to our premises) that you provide us, inter alia:   

      • for the process to enter into a business relationship with us, for example when you fill out our documentation, forms; and
      • subsequently correspond with us.
    2. Data we collect about you

      We may also collect personal data from you when you interact with our staff, including customer service officers, relationship managers, other representatives, for example, via telephone calls (which may be recorded), letters, faxes, face-to-face meetings and emails

    3. Data we obtain from other sources

      This includes:

      • Communications data (e.g. email data, third party data, chat data, instant messages, corporate and media broadcasts, disputes/litigation, correspondence between legal advisers and stakeholders and transcripts or minutes); and
      • Combined data from external sources (e.g. data pertaining to social interactions between individuals, organizations, prospects and other stakeholders acquired from companies that collect combined data and data from fraud avoidance systems).
  4. How do we use your personal data?

    We process the following information:

    For the following purpose(s):

    Based on the following justification:

     

     

     

    Name, ID Number, Nationality, Passport Data, Tax Details, Date of Birth, Place of Birth, Residential Address, Business Address, Occupation, Signature, Employment History, Education Background, Financial Details, Criminal Records

    To conduct our required customer due diligence processes when you enter into a business relationship with us, to facilitate other entities establishment and our vendor due diligence process

    Necessary to perform our contract, to comply with our regulatory requirements and in order to pursue our legitimate interest of managing our administrative and business operations and complying with internal policies and procedures.

    Financial and Transactional (e.g. details about your accounts with us and payments to and from your accounts with us).

    To enable us to process your transactions. To fulfill our regulatory reporting duties.

    Necessary to perform our contract and to comply with our regulatory requirements.

    CCTV Video images (of visitors to our Office).

    Crime prevention, detection and prosecution, security health and safety

    In order to pursue our legitimate interest in managing the safety and security of our premises and services.

    Telephone Calls

    Monitoring of regulated activities, training and development. 

    To comply with our regulatory requirements and to pursue our legitimate interest to enhance the quality of our service.

    Fraudulent Activity

    To facilitate fraud case handling and reporting

    To comply with our regulatory requirements and in order to pursue our legitimate interest in preventing, detecting and investigating crime, including fraud and money-laundering or terrorist financing, and additionally, to analyse and manage commercial risks.

    Particulars of any complaints

    To facilitate complaints handling and reporting

    To comply with our regulatory requirements and to pursue our legitimate interest of enhancing our products and services

  5. Do we use your personal data for direct marketing?

    Your personal data may be processed for the purposes of direct marketing and we will do this on the basis that it is in our legitimate interest. With your permission, we may send you marketing messages by email and/or contact you by telephone to provide you with information about our products and services. You have the right at any time to object to the use of your personal data for marketing purposes by contacting us using the contact details set out in “How can you contract us?” section below.

  6. With which third parties do we share your personal data?

    Your personal data are intended for BOSWME but may be shared with third parties in certain circumstances:

    To companies pertaining to the same group: In order to optimize the quality and efficiency of its services for its clients, BOSWME relies on the resources, skills and operational support of its mother company established in Luxembourg, the branch of OCBC Bank established in the United Kingdom (the “OCBC Branch”), its ultimate parent company OCBC Bank (established in Singapore) as well as its parent company, Bank of Singapore Limited (established in Singapore), their subsidiaries, branches, representative offices and other entities belonging to the OCBC and Bank of Singapore group (together, the Recipients”).

    We may share your personal data to the Recipients in order to administer our services and products, provide you with customer support, process your instructions, understand your preferences, send you information about products and services that may be of interest to you and conduct the other activities described in this Data Privacy Notice.

    Additionally, we may share your personal data with the Recipient where we have a legitimate reason for doing so e.g. to manage risk, to verify your identify, or to assess your suitability for products and services. 

    Our service providers: We use other companies, agents or contractors to perform services on our behalf or to assist us with the provision of our services and products to you. We may share personal data with the following categories of service provider:

    a. infrastructure and IT service providers, including for email archiving.
    b. marketing, advertising and communications agencies.
    c. credit reference agencies.
    d. external auditors and advisers.
    e. offsite archival storage providers

    In the course of providing such services, these service providers may have access to your personal data. However, we will only provide our service providers with personal data which is necessary for them to perform their services, and we obligate them not to use your information for any other purpose. We will seek to ensure on a best efforts basis that all our service providers keep your personal data secure.

    Third parties permitted by law: In certain circumstances, we may be required to disclose or share your personal data in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal data to the police, regulators, government agencies or to judicial or administrative authorities).

    We may also disclose your personal data to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our contracts or protect your rights or those of the public.

    Third parties connected with business transfers: We may transfer your personal data to third parties in connection with a reorganisation, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal data in a manner consistent with this Privacy Notice.

    We will not sell your personal data to third parties.

    Please note our website may, from time to time, contain links to and from the websites of our partners or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we have no control over how they may use your personal data. You should check the privacy policies of third party websites before you submit any personal data to them.

  7. Do we transfer personal data outside the EEA?

    Your personal data may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) including to locations which may not have the same level of protection for personal data as in the EEA. 

    For the purposes mentioned in the “With which third parties do we share your personal data?” section, personal data may be transferred to Recipients located in Singapore, Hong Kong and their office located in Philippines and Dubai. Despite the existence of comprehensive data protection laws in Singapore and Hong Kong, those countries are not part of the limited list of countries offering an adequate level of protection for personal data set out by the European Commission. For this reason, BOSWME, acting as data controller, has taken all reasonable steps necessary to ensure that your personal data is treated securely and in accordance with this Data Privacy Notice as well as applicable data protection laws, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the EEA (available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en).

    The Recipients will also monitor the compliance by their sub-contractors with the terms of those contractual arrangements. BOSWME may also transfer Personal Data to third-parties such as governmental or regulatory agencies in or outside the European Union, in accordance with applicable laws and regulations

  8. What are your rights?

    If you are in the European Economic Area, you have the following rights (if applicable):

    a. Access. You have the right to request a copy of the personal data we are processing about you. For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information. 

    b. Rectification. You have the right to have incomplete or inaccurate personal data that we process about you rectified.

    c. Deletion. You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.

    d. Restriction. You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.

    e. Portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you.

    f. Objection. Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.

    g. Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us. 

    You can make a request to exercise any of these rights in relation to your personal data by sending the request by mail to: Head of Compliance, BOS Wealth Management Europe S.A., UK Branch, The Rex Building, 3rd Floor, 62 Queen Street, London. EC4R 1EB.

    You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. If you are based in, or the issue relates to, the UK, the Information Commissioner’s Office can be contacted as follows: 

    Telephone: +44 0303 123 1113
    Email: casework@ico.org.uk
    Website: www.ico.org.uk
    Web-form: www.ico.org.uk/concerns/
    Address: Water Lane, Wycliffe House, Wilmslow, Cheshire, SK9 5AF

    If you are based in, or the issue you would like to complain about took place, elsewhere in the European Economic Area (EEA), please click here for a list of local data protection authorities in the other EEA countries: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

  9. How do we protect your personal data?

    We have implemented technical and organisational security measures to safeguard the personal data in our custody and control. Such measures include, for example, limiting access to personal data only to employees and authorised service providers who need to know such information for the purposes described in this Data Privacy Notice; adopting security protocols on networks and systems; using email security settings when sending and/or receiving highly confidential emails; applying physical access controls such as marking confidential documents clearly and prominently, storing confidential documents in locked file cabinets; restricting access to confidential documents on a need-to-know basis; using privacy filters; disposal of
    confidential documents that are no longer needed, through shredding or similar means; using a mode of delivery or transmission of personal data that affords the appropriate level of security (e.g. registered post instead of normal post where appropriate); confirming the intended recipient of personal data as well as other administrative, technical and physical safeguards.

    While we endeavour to protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from  intrusion by others, such as hackers.

  10. How long do we keep your personal data?

    We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent permitted by applicable laws. When we no longer need to use personal data, we will remove it from our systems and records and/or take steps to anonymise it so that you can no longer be identified from it.

  11. How do we deal with children’s privacy?

    We will never knowingly collect personal data from individuals under the age of thirteen (13) years without first obtaining verifiable parental consent. If you are under the age of 13 you should not provide information to us. If we become aware that a person under 13 has provided personal data to us without verifiable parental consent, we will remove such personal data from our files.

  12. How can you contract us?

    If there are any questions or concerns regarding this Data Privacy Notice, please contact us as follows:

    Head of Compliance, BOS Wealth Management Europe S.A., UK Branch, The Rex Building, 3rd Floor, | 62 Queen Street, London EC4R 1EB.

  13. Which version of this Data Privacy Notice applies?

    This Data Privacy Notice is written in English and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.

    We reserve the right to change our Data Privacy Notice from time to time. If we decide to change our Data Privacy Notice we will notify you of these changes.

The purpose of this document ("Data Protection Policy") is to inform you of how Bank of Singapore Limited, DIFC branch (“BOS DIFC”) manages Personal Data (as defined below) which is subject to the Dubai International Financial Centre ("DIFC") Data Protection Law (DIFC Law No. 5 of 2020) (the "Law"). Please take a moment to read this Data Protection Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.

By interacting with us, submitting information to us, or signing up for any products or services offered by us, you acknowledge that BOS DIFC(including its respective representatives and/or agents ("Representatives") (BOS DIFC and its Representatives collectively referred to herein as "BOS DIFC", "us", "we" or "our") may collect, use, disclose and share amongst themselves your Personal Data, and disclose such Personal Data to BOS DIFC’s authorised service providers and relevant third parties, including BOS DIFC’s related corporations, head office and overseas branches and offices and overseas branches and officers of BOS DIFC’s related corporations (the “Companies” and each, a “Company”)in the manner set forth in this Data Protection Policy.

BOS DIFC may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. You acknowledge that you have reviewed and understood the terms of this Data Protection Policy as updated from time to time on our website http://www.bankofsingapore.com/Data-Protection-Policy.html. Please check back regularly for updated information on the handling of your Personal Data

  1. Personal Data

    In this Data Protection Policy, "Personal Data" refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.

    Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, national identity card, passport or other identification number, telephone number(s), mailing address, email address, transactional data and any other information relating to any individuals which you have provided us in any forms you may have submitted to us (including in the form of biometric data), or via other forms of interaction with you.

  2. Collection of Personal Data

    1. Generally, we collect Personal Data in the following ways:

      1. when you submit any form, including but not limited to application forms or other forms relating to any of our products or services or any investments which you purchase through BOS DIFC and/or the Companies;
      2. when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
      3. when you interact with our staff, including relationship managers and their assistants, example via telephone calls (which may be recorded), letters, fax, face-to-face meetings and emails;
      4. when your images are captured by us via closed-circuit television cameras ("CCTVs") while you are within our premises, or via photographs or videos taken by us or our representatives when you attend events hosted by us;
      5. when you use some of our services provided through online and other technology platforms, such as websites and apps, including when you establish any online accounts arranged by us;
      6. when you request that we contact you, or include you in an email or other mailing list; or when you respond to our request for additional Personal Data, our promotions and other initiatives;
      7. when you are contacted by, and respond to, our marketing representatives, agents and other service providers;
      8. when we seek information about you and receive your Personal Data from third parties in connection with your relationship with us, for example, from referrers, business partners, external or independent asset managers, public agencies or the relevant authorities;
      9. through physical access, internet and information technology monitoring processes;
      10. in connection with any investigation, litigation, registration or professional disciplinary matter, criminal prosecution, inquest or inquiry which may relate to you or any Connected Person; and/or
      11. when you submit your Personal Data to us for any other reason.
    2. When you browse our website and platforms, you generally do so anonymously but please see the section below on cookies. We do not, at our website and platforms, automatically collect Personal Data, including your email address unless you provide such information or login with your account credentials.

    3. If you provide us with any Personal Data relating to a third party (for example, information of your spouse, children, parents, or a Connected Person), by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with his/her Personal Data for the respective purposes.

      "Connected Person" may include but is not limited to any beneficial owner, authorised signatory, director, shareholder, officer of a company, partner or member of a partnership, settlor, trustee, beneficial owner, protector or grantor of trust, mandate holder, power of attorney holder, surety, third party security provider, provider of funds, founder and/or employee, payee of designated payment, representatives, agents or nominees.

    4. You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested. You acknowledge that you should inform BOS DIFC immediately of any change of facts or circumstances which may render any information or Personal Data previously provided inaccurate, untrue or incorrect and provide any information or documentation as BOS DIFC may reasonably require for the purposes of verifying the accuracy of the updated information or Personal Data.

  3. Purposes for the Collection, Use and Disclosure of Your Personal Data

    1. Generally, BOS DIFC collects, uses and discloses your Personal Data for the following purposes:

        1. responding to, processing and handling your complaints, queries, requests, feedback and suggestions;
        2. verifying your identity and customer due diligence;
        3. managing the administrative and business operations of BOS DIFC or the Companies and complying with internal policies and procedures (including but not limited to facilitating business continuity planning);
        4. audit purposes;
        5. verifying or confirming trade orders or instructions from you or for your account (including but not limited to instructions on fund transfers or remittances);
        6. facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving any of BOS DIFC or the Companies;
        7. matching any Personal Data held which relates to you for any of the purposes listed herein;
        8. resolving complaints and handling requests and enquiries;
        9. preventing, detecting and investigating crime, including fraud and money-laundering or terrorist financing, and analysing and managing commercial risks (including but not limited to preventing and detecting loss of BOS DIFC’s proprietary and sensitive information);
        10. project management;
        11. providing media announcements and responses, for example in relation to complaints or law suits;
        12. requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to design our products, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our products and services;
        13. managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
        14. managing and preparing reports on incidents and accidents;
        15. organising events, seminars or trainings;
        16. complying with any applicable rules, laws and regulations, codes of practice or guidelines, obligations, requirements or arrangements for collecting, using and disclosing Personal Data that apply to BOS DIFC or that it is expected to comply, according to:
          1. any law binding or applying to it within or outside the DIFC existing currently and in the future;
          2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the DIFC existing currently and in the future;
          3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on BOS DIFC by reason of its financial, commercial, business, or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations;
        17. to assist in law enforcement and investigations by relevant authorities;
        18. in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
        19. archival management (including but not limited to warehouse storage and retrievals); and/or
        20. any other purpose relating to any of the above.

      These purposes may also apply even if you do not maintain any account(s) with us, or have terminated these account(s) arranged by us.

    2. In addition, BOS DIFC collects, uses and discloses your Personal Data for the following purposes depending on the nature of our relationship:

      1. If you are a prospective customer:
        1. evaluating your eligibility to open an account arranged by us and your financial and banking needs and providing recommendations to you as to the type of products and services suited to your needs;
        2. assessing and processing any applications or requests made by you for products and services offered by BOS DIFC; and/or
        3. any other purpose relating to any of the above.
      2. If you are a customer holding an account arranged by BOS DIFC or a Connected Person or an administrator, executor, liquidator, official assignee, receiver, judicial manager or other similar official who has been so appointed pursuant to bankruptcy or insolvency proceedings instituted in the DIFC or elsewhere in respect of a BOS DIFC customer or any security provider:
        1. Arranging the opening, maintaining or closing of accounts and our providing advisory services to you;
        2. Arranging the processing of fund transfers or any other instructions provided in relation to the account of a BOS DIFC customer;
        3. where account or relationship managers or agents have been assigned to service your account or portfolio, using your telephone number(s) to contact you from time to time in order to take your instructions, and/or provide you with information, updates, or recommendations and / or in accordance with the terms and conditions of our agreement with you;
        4. processing applications for and arranging the daily operation of services and arranging credit facilities provided to you or other persons or corporations for whom you act as surety or third party service provider;
        5. conducting credit checks at the time of application for credit and at the time of regular or special credit reviews;
        6. carrying out client reviews, for example, annual reviews of your portfolio;
        7. to establish your financial situation, risk profile, investment experience and investment objectives to help you consider the suitability of the products you have invested or intend to invest;
        8. arranging the provision of internet banking services (including but not limited to carrying out special handling requests for PIN mailers and tokens);
        9. networking to maintain customer relationship;
        10. providing client servicing (including but not limited to responding to individual requests by customers, mailing services, reconciliation services and providing customer satisfaction);
        11. facilitating the arrangement for transfer of funds;
        12. administering exceptional approvals, fee adjustments or waivers;
        13. enabling any Company or third party to perform the functions that BOS DIFC may have outsourced to it in relation to the management of your account or transactions; and/or
        14. any other purpose relating to any of the above.
      3. If you are an employee or agent of a referrer or other intermediary:
        1. marketing services and products;
        2. processing commission remuneration;
        3. performing due diligence and reference checks; and/or
        4. any other purpose relating to any of the above.
      4. If you are an employee, officer or owner of an external service provider or vendor outsourced or prospected by BOS DIFC;
        1. managing project tenders or the supply of goods and services;
        2. processing and payment of vendor invoices;
        3. complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (which includes disclosure to regulatory bodies or audit checks); and/or
        4. any other purpose relating to any of the above.
      5. If you are a party or counterparty to a transaction (for example, a beneficiary of a fund transfer or payment):
        1. If you are a party or counterparty to a transaction (for example, a beneficiary of a fund transfer or payment):
        2. any other purpose relating to any of the above.
    3. In addition, where permitted under the Law, BOS DIFC may also collect, use and disclose your Personal Data for the following purposes (which we may describe in our documents and agreements as "Additional Purposes" for the handling of Personal Data):

      1. providing or marketing services, products and benefits to you, including promotions, loyalty and reward programmes;
      2. matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the customisation, provision or offering of products and services, marketing or promotions, whether by BOS DIFC or other third parties;
      3. sending you details of products, services, special offers and rewards, investment or research reports or guides, either to our customers generally, or which we have identified may be of interest to you; and/or
      4. conducting market research, understanding and analysing customer behaviour, location, preferences and demographics for us to offer you products and services as well as special offers and marketing programmes which may be relevant to your preferences and profile.
    4. If you have provided your telephone number(s) you consent to receiving marketing or promotional information via your telephone number(s), then from time to time, BOS DIFC may contact you using such telephone number(s) (including via voice calls, text , fax or other means) with information about our products and services (including discounts and special offers). If you specifically instruct us in writing objecting to our use of personal data for direct marketing purposes we will stop using the data in such manner.

    5. In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.

  4. Disclosure of Personal Data

    1. BOS DIFC will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be provided, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas, including the United Arab Emirates outside the DIFC and Singapore, or in the DIFC:

      1. the Companies;
      2. counterparties and their respective banks in relation to transactions for your account including purchasing and selling of securities and investment products, fund transfers, payments, issuance of standby letters of credit, banker’s guarantees or letters of undertaking and drawing of cheques;
      3. third party recipients of reference letters;
      4. companies providing services relating to insurance and/or reinsurance;
      5. insurers or brokers in relation to the insurance products or services that you have applied for or purchased;
      6. trustees, attorneys and asset managers appointed by you to manage your account;
      7. referrers who have referred you to BOS DIFC;
      8. agents, contractors, vendors, installers, or third party service providers who provide administrative or operational services to BOS DIFC, such as courier services, telecommunications, information technology, payment, payroll, processing, training, market research, storage, archival, customer support investigation services or other services to BOS DIFC;
      9. agents, contractors, vendors or other third party service providers in connection with marketing, products and services offered by BOS DIFC;
      10. analytics, search engine providers or third party service providers that assist us in delivering our products, services, websites and platforms as well as improving and optimising the same;
      11. credit reporting agencies;
      12. debt collection agencies;
      13. your employers which are financial institution, for their internal surveillance or monitoring purposes;
      14. any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or any debt or asset sale) involving any of BOS DIFC or the Companies;
      15. credit card companies and their respective service providers in respect of credit cards held by you;
      16. translators;
      17. our professional advisers such as our auditors and lawyers;
      18. third parties who provide corporate advisory services or due diligence services in connection with you, any Connected Person or your account held with BOS DIFC;
      19. relevant government regulators, government ministries, exchange, statutory boards or authorities or law enforcement agencies who have jurisdiction over BOS DIFC or any Company or over any transaction entered into by you, such as the Dubai Financial Services Authority and where applicable, competent authorities in the United Arab Emirates outside the DIFC, the Monetary Authority of Singapore and other relevant authority;
      20. any liquidator, receiver, administrator, judicial manager, trustees-in-bankruptcy, custodian or other similar official who has been so appointed, pursuant to bankruptcy, winding-up or insolvency proceedings instituted in the DIFC or elsewhere, in respect of you or your assets;
      21. third parties who carry out registration of charge or pledge over the assets that you have pledged or charged to BOS;
      22. corporate service providers or lawyers, who are appointed by you;
      23. providers of the DIFC Employee Workplace Savings Scheme (DEWS);
      24. financial institutions, brokerage houses, clearing houses, depository, depository agents, managers, administrators, fund houses, registrars, custodians, external banks, nominee banks and investment vehicles in relation to asset management and investment product settlement processing;
      25. collection and repossession agencies in relation to the enforcement of repayment obligations for loans;
      26. third parties who organise promotional or marketing events, seminars or trainings;
      27. any person to whom BOS DIFC or any of the Companies is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to BOS DIFC or any of the Companies, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which BOS DIFC or any of the Companies are expected to comply, or any disclosure pursuant to any contractual or other commitment of BOS DIFC or any of the Companies with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or industry bodies or associations of financial services providers, all of which may be within or outside the DIFC and may be existing currently and in the future; and/or
      28. any other party to whom you authorise us to disclose your Personal Data to.

      When transferring your Personal Data overseas to countries which do not have data protection laws or to countries where your privacy will not be protected as extensively, including transfers out of the DIFC to other parts of the United Arab Emirates, we will implement appropriate measures to ensure that your Personal Data remains protected and secure while and for as long as it remains under our control, for example, by implementing specific contractual clauses with the entities to whom we share your personal data.

  5. Use of Cookies and Related Technologies

    1. Our websites and platforms use cookies and other technologies. Cookies are small text files stored in your computing or other electronic devices when you visit our website and platforms for record keeping purposes. Cookies are stored in your browser’s file directory, and the next time you visit the website or platform, your browser will read the cookie and relay the information back to the website, platform or element that originally set the cookie. Depending on the type of cookie it is, cookies may store user preferences and other information.

    2. Web beacons (also known as pixel tags and clear GIFs) involve graphics that are not apparent to the user. Tracking links and/or similar technologies consist of a few lines of programming code and can be embedded in our websites or platforms. Web beacons are usually used in conjunction with cookies and primarily used for statistical analysis purposes. This technology can also be used for tracking traffic patterns on websites and platforms, as well as finding out if an e-mail has been received and opened and to see if there has been any response.

    3. We may employ cookies and other technologies as follows:

      1. tracking information such as the number of visitors and their frequency of use, profiles of visitors and their preferred sites;
      2. making our websites and platforms easier to use. For example, cookies may be used to help speed up your future interactions with our websites and platforms;
      3. to better tailor our products and services to your interests and needs. For example, cookies information may be identified and disclosed to our vendors and business partners to generate consumer insights;
      4. collating information on a user’s search and browsing history;
      5. when you interact with us on our websites and platforms, we may automatically receive and record information on our server logs from your browser. We may collect for the purposes of analysis, statistical and site-related information including, without limitation, information relating to how a visitor arrived at the website or platform, the browser used by a visitor, the operating system a visitor is using, a visitor's IP address, and a visitor's click stream information and time stamp (which may include for example, information about which pages they have viewed, the time the pages were accessed and the time spent per web page);
      6. using such information to understand how people use our websites and platforms, and to help us improve their structure and contents;
      7. using cookies that are necessary in order to enable our websites and platforms to operate, for example, cookies that enable you to log onto secure parts of our websites and platforms; and/or
      8. personalising the website and platform for you, including delivering advertisements which may be of particular interest to you and using cookie related information to allow us to understand the effectiveness of our advertisements.
    4. Some cookies we use are from third party companies to provide us with web analytics and intelligence about our websites and platforms. These companies collect information about your interaction with our websites and platforms. We use such information to compile statistics about visitors who interact with the websites, platforms and other online content belonging to Oversea-Chinese Banking Corporation (“OCBC”), to gauge the effectiveness of our communications, and to provide more pertinent information to our visitors.

    5. If you do not agree to such use of cookies, you can adjust your browser settings. Unless you have adjusted your browser settings to block cookies, our system will issue cookies as soon as you visit our site or click on a link in a targeted email that we have sent you, even if you have previously deleted our cookies.

    6. The way which cookies can be managed depends on your browser. The following links provide information on how to configure or disable cookies in each browser:

      1. Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
      2. Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
      3. Internet Explorer: http://windows.microsoft.com/en-SG/internet-explorer/delete-manage-cookies#ie=ie-9
      4. Safari: http://support.apple.com/kb/HT1677?utm_source=Agillic%20Dialogue
      5. Safari for iPhone: http://support.apple.com/kb/ta38619
      6. Chrome for Android: https://support.google.com/chrome/answer/2392971?hl=en

      If you do not agree to our use of cookies and other technologies as set out in this Data Protection Policy, you should delete or disable the cookies associated with our websites and platforms by changing the settings on your browser accordingly. However, you may not be able to enter certain part(s) of our websites or platforms. This may also impact your user experience while on our websites or platforms.

  6. Data Security

    1. BOS DIFC will take appropriate efforts to protect Personal Data in our possession or our control by making appropriate security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. We have put in place procedures to deal with any suspected data security breach and will notify you and the data protection regulator, the DIFC Commissioner of Data Protection (the "Commissioner") of a suspected breach where we are legally required to do so or we consider it appropriate to do so. Although we will implement appropriate measures to keep your data secure, we cannot completely guarantee the security of any Personal Data we may have collected from or about you, or that for example no harmful code will enter our website (for example viruses, bugs, trojan horses, spyware or adware). No communication over public internet can be guaranteed to be secure. You should be aware of the risks associated with using websites and the internet and take any necessary precautions.

    2. While we strive to protect your Personal Data, we cannot ensure the security of the information you transmit to us via the Internet or other electronic communications or when you use our electronic services, and we urge you to take every precaution to protect your Personal Data when you transmit your Personal Data via the Internet or other electronic communications. We recommend that you change your passwords often, use a combination of letters and numbers, and ensure that you use a secure browser.

    3. If applicable, you acknowledge that you should keep your username and password secure and confidential and should not disclose or permit it to be disclosed to any unauthorised person, and to inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorised transactions have taken place.

  7. Third-Party Sites

    1. Our website may contain links to other websites operated by third parties. We do not control the privacy practices of websites operated by third parties that are linked to our website. We do not endorse or make any representations about third-party websites. We encourage you to learn about the privacy policies of such third party websites. Some of these third party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable privacy policy of the third party website to determine how they will handle any information they collect from you.

  8. Contacting Us – Feedback and Requests relating to your Rights under the Law

    1. Under certain circumstances, you may exercise any of the following rights:

      1. Access your data – to request a copy of your Personal Data that we process about you;
      2. Rectify your data – to request us to amend or update your Personal Data where it is inaccurate or incomplete;
      3. Erase your data – to request us to delete your Personal Data where it is no longer necessary for the purpose(s) for which your information was originally collected;
      4. Restrict your data – to request us temporarily or permanently to stop processing all or some of your Personal Data;
      5. Object to the use of your data – at any time, to object to us processing your Personal Data where it is based exclusively on our legitimate interests (see above) or for direct marketing purposes;
      6. Receive or transmit your data in a machine-readable and structured format (otherwise known as "data portability") – to request the receipt or transmission of your Personal Data to another organisation, in a structured and machine-readable format;
      7. Object to any automated decision-making – to request us not to subject you to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect; and
      8. Withdraw your consent – withdraw your consent at any time to the use of your Personal Data for a particular purpose (where we have asked you for consent to use your information for that particular purpose).
    2. If you:

      1. have any questions or feedback relating to your Personal Data or our Data Protection Policy;
      2. would like to withdraw your consent to any use of your Personal Data as set out in this Data Protection Policy; or
      3. would like to exercise any of your other rights in relation to your Personal Data as set out in section 8.1 above, please contact us as follows:

        Email: ae.difc.dpo@bankofsingapore.com
        Call: +971 4 4277100
        Write in: Data Protection Officer
        Bank of Singapore Limited, DIFC Branch
        P O Box 4296,
        Dubai – UAE
    3. If you feel that we do not comply with the Law, you may lodge a complaint with the Commissioner.

    4. We confirm that we will not discriminate against you if you exercise any of your rights under this Data Protection Policy.

    5. Please note that if your Personal Data has been provided to us by a third party, we recommend that you contact that party directly to make any queries, feedback and requests to BOS DIFC on your behalf.

    6. If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, BOS DIFC may not be in a position to continue to provide its products or services to you, administer any contractual relationship in place, may also result in the termination of any agreements you have entered into with BOS DIFC, which could have adverse impacts on your financial situation.

  1. From time to time, it may be necessary for the Bank to collect data of clients and other individuals (for example, persons giving or proposing to give guarantees or third party security for obligations owed to the Bank, persons linked to a client that is not an individual, including the beneficial owners and officers of that client, or in the case of a trust, the trustees, settlors, protectors and beneficiaries of the trust and other persons who are relevant to a client’s relationship with the Bank) in connection with the purposes set out in this Statement. Clients and other individuals are collectively, referred to as “you” and/or ‘data subject’ in this Statement.

  2. Failure to supply such data may result in the Bank being unable to open, provide or continue to provide banking services, banking facilities or investment related services to you or being unable to comply with any laws or guidelines issued by regulatory or other authorities.

  3. It is also the case that data are collected from data subjects in the ordinary course of the continuation of the banking relationship, for example, when data subjects write cheques, deposit money, apply for credit or give instructions. This includes information obtained from credit reference agencies. Data may be collected directly from you, or from someone acting on your behalf or from other sources and combined with other data available to the Bank Group (as defined below).

  4. The purposes for which data relating to a data subject may be used are as follows: -

      1. the daily operation of the services (including but not limited to the processing of applications for banking and/or other financial services and facilities and updating, comparing and/or verifying customer’s data that may be held by any member of the Bank Group) and credit facilities provided to data subjects;
      2. conducting credit checks whenever applicable (including at the time of application for credit/banking facilities and at the time of regular or special reviews which normally will take place one or more times each year) and for managing legal, regulatory, credit and operational risks;
      3. creating and maintaining the Bank’s credit scoring and risk related models;
      4. assisting other financial institutions to provide services to the data subjects or conduct credit checks or collect debts;
      5. ensuring on-going credit worthiness and good standing of data subjects;
      6. conducting surveys, designing financial products and services (including credit card, banking, securities, fiduciary and investment services or related products) for data subject’s use;
      7. marketing services, products and other subjects (please see further details in paragraph (11) below);
      8. determining amounts owed to or by data subjects;
      9. enforcing the Bank’s rights, including without limitation, collection of amounts outstanding from data subjects and exercising the Bank’s our rights under security documents executed in farvour of the Bank;
      10. complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Bank and/ or the Bank Group or that any member of the Bank Group is expected to comply according to:
        1. any law binding or applying to it within or outside the Hong Kong Special Administrative Region of the People’s Republic of China (“Hong Kong”) existing currently and in the future (for example, the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information)
        2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently and in the future (e.g. guidelines, guidance or requests given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information) and any international guidance, internal policies or procedures;
        3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on any member of the Bank Group (collectively, the
          “Authorities” and each an “Authority”) that is assumed by, imposed on or applicable to the Bank of any member of the Bank Group;
        4. any agreement or treaty between the Authorities;
      11. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Bank Group and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money-laundering, terrorist financing or other unlawful activities;
      12. conducting any action to meet the Bank’s obligations or those of any member of the Bank Group to comply with laws or international guidance or regulatory requests relating to or in connection with the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions and/or any acts or attempts to circumvent or violate any laws relating to these matters;
      13. meeting our obligations or those of any member of the Bank Group to comply with any demand or request from the Authorities;
      14. enabling an actual or proposed assignee of the Bank, or participant or sub-participant or transferee of the Bank’s rights, liabilities or obligations in respect of a the data subject to evaluate the transaction intended to be the subject of the assignment, participation, sub-participation or transfer and enabling the actual assignee(s) to use a data subject’s data in the operation of the business or rights assigned; and
      15. purposes relating thereto.
  5. Data held by the Bank relating to a data subject will be kept confidential but the Bank or any of the Bank Group may provide such information to the following parties (whether  inside or outside Hong Kong) for the purposes set out   in paragraph (d) above except that any transfer of data to another person for it to use in direct marketing will be subject to paragraph (k) below:-

      1. any agent, supplier, contractor, sub-contractor, associate of the Bank Group (including their employees, officers, agents, contractors and professional advisers) or third party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to the Bank in connection with the operation of its business or in respect of a data subject’s account;
      2. any Authorities;
      3. any other person under a duty of confidentiality (whether expressly or impliedly undertaken) to the Bank including any other member of the Bank Group which has undertaken to keep such information confidential;
      4. the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
      5. credit reference agencies, and, in the event of default, to debt collection agencies;
      6. any persons acting on your behalf whose data are provided, payment recipients, beneficiaries, account nominees, intermediary, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories, stock exchanges, companies in which you have an interest in securities (where such securities are held by us or any member of the Bank Group) or any persons making any payment into a customer’s account;
      7. any person (1) who provides security or acts as surety for a data subject’s liabilities and obligations to the Bank or (2) whose liabilities or obligations to the Bank the data subject has provided security or acted as surety for;
      8. any person to whom any member of the Bank Group is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to any member of the Bank Group, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which any member of the Bank Group is expected to comply, or any disclosure pursuant to any contractual or other commitment of any member of the Bank Group with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside Hong Kong and may be existing currently and in the future;
      9. any governmental body, exchange, market, or other authority or regulatory body having jurisdiction over any member of the Bank Group or over any transactions effected by the data subject or for the data subject’s account;
      10. any liquidator, receiver, administrator, judicial manager, trustee-in-bankruptcy, custodian or other similar official who has been so appointed, pursuant to bankruptcy, winding-up or insolvency proceedings instituted in Hong Kong or elsewhere, in respect of the data subject, the data subject’s asset, any security provider who has provided security or acts as surety for the data subject’s liabilities and obligations or such security provider’s or surety’s assets;
      11. Any financial institution and merchant acquiring company with which a data subject has or proposes to have dealings:
        1. any other member of the Bank Group (given that the data subject’s account may be opened and held with the Bank’s head office in Singapore, the data subject’s relationship manager may be based in Singapore or any other jurisdiction, the Bank may have outsourced certain functions in relation to the management of the data subject’s account or transactions to any other member of the Bank Group, or for administration or other purposes)
        2. auditors and professional advisers of any member of the Bank Group;
        3. third party financial institutions, insurers, credit card companies, securities and investment services providers including but not limited to any counterparty, broker, asset manager, agent, custodian, clearing house, depository or depository agent, or manager, administrator or custodian of mutual funds or private equity funds in connection with any services to the data subject or any transaction effected by the data subject or for the data subject’s account;
        4. third party reward, loyalty, co-branding and privileges programme providers;
        5. co-branding partners of any member of the Bank Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
        6. external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, event management companies, call centres, data processing companies and information technology companies) that the Bank engages for the purposes set out in paragraph (4)(f) above; and
        7. payment beneficiaries, clearing houses, settlement systems, market counterparties, swap or trade repositories, stock exchanges, companies in which the data subject has an interest in securities where such securities are held by the Bank Group for the data subject, or persons acting on behalf of the data subject for the purpose of providing the services.

    Such information may be transferred to a place outside Hong Kong.

  6. We may provide the following data relating to you (whether in sole name or joint names with others) to a credit reference agency (“CRA”):

      1. full name;
      2. capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in your sole name or in joint names with others);
      3. Hong Kong Identity Card Number or travel document number (individual) or certificate of incorporation number;
      4. date of birth (individual) or date of incorporation;
      5. correspondence address;
      6. mortgage account number in respect of each mortgage;
      7. type of the facility in respect of each mortgage;
      8. mortgage account status in respect of each mortgage (e.g. active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order); and
      9. if any, mortgage account closed date in respect of each mortgage, (collectively “Mortgage Account General Data”).

    The CRA will use the Mortgage Account General Data supplied by the Bank to generate the Mortgage Count (as defined below) for sharing in the consumer credit database of the CRA by credit providers (subject to the requirements of the Code of Practice on Consumer Credit Data approved and issued under the Ordinance).

  7. You can instruct us to make a request to the relevant CRA to delete from its database any account data relating to any credit that has been terminated by full repayment provided that there has not been, within five (5) years immediately before such termination, a default in payment under the credit for a period in excess of sixty (60) days according to our records.

  8. If there is any default in payment, unless the amount in default is fully repaid or written off (other than due to bankruptcy order) before the expiry of sixty (60) days from the date of default, your account repayment data may be retained by the CRA until the expiry of five (5) years from the date of final settlement of the amount in default.

  9. In the event of any amount being written off due to a bankruptcy order being made against you, the CRA may retain your account repayment data until the earlier of (i) the expiry of five (5) years from the date of final settlement of the amount in default, or (ii) the expiry of five (5) years from the date of your discharge from bankruptcy as notified to the CRA by you with evidence.

  10. For the purposes of paragraphs (8) and (9) above, account repayment data are the amount last due, amount of payment made during the last reporting period, remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in material default (that is, default in payment for a period in excess of sixty (60) days) (if any)).

    “Mortgage Count” refers to the total number of outstanding mortgage loans held by a data subject from time to time with credit providers in Hong Kong (whether as a borrower, mortgagor or guarantor, and whether in the data subject’s sole name or in joint names with others).

  11. USE OF DATA IN DIRECT MARKETING

    Where the data subject is a client, the Bank intends to use the data subject’s data in direct marketing and the Bank requires the data subject’s consent (which includes an indication of no objection) for that purpose. In this connection, please note that:

        1. the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of a data subject held by the Bank from time to time may be used by the Bank in direct marketing;
        2. the following classes of services, products and subjects may be marketed:
          1. financial, insurance, credit card, banking, securities, fiduciary, investment and related services and products;
          2. reward, loyalty or privileges programmes and related services and products;
          3. services and products offered by the co-branding partners of any member of the Bank Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
          4. donations and contributions for charitable and/or non-profit making purposes;
        3. the above services, products and subjects may be provided or solicited by the Bank and/or:
          1. any other member of the Bank Group;
          2. third party financial institutions, insurers, credit card companies, securities and investment services providers;
          3. co-branding partners of any member of the Bank Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
          4. charitable or non-profit making organisations
        4. in addition to marketing the above services, products and subjects itself, the Bank also intends to provide the data described in paragraph (11)(a) above to any other member of the Bank Group for use by it in marketing the above services, products and subjects, and the Bank requires the data subject’s written consent (which includes an indication of no objection) for that purpose.

    If the data subject does not wish the Bank to use or provide to other persons his/her data for use in direct marketing as described in (11)(a) to (d), the data subject may exercise his/her opt-out right by notifying the Bank without charge.
  12. Where you provide to the Bank data about another person, you should give to that person a copy of this Statement and, in particular, tell him/her how we may use his/her data.

  13. Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data approved and issued under the Ordinance, any data subject has the right: -

      1. to check whether the Bank holds data about him and of access to such data;
      2. to require the Bank to correct any data relating to him which is inaccurate;
      3. to ascertain the Bank’s policies and practices in relation to data and to be informed of the kind of personal data held by the Bank;
      4. in relation to consumer credit, to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
      5. in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Bank to a CRA, to instruct the Bank, upon termination of the account by full repayment, to make a request to the CRA to delete such account data from its database, as long as the instruction is given within five (5) years of termination and at no time did the account have a default of payment in relation to the account (lasting in excess of sixty (60) days) within five (5) years immediately before account termination. Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding thirty one (31) days immediately preceding the last contribution of account data by the Bank to a CRA), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date a final settlement of amount in default lasting in excess of sixty (60) days (if any)).
  14. In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of sixty (60) days from the date such default occurred, the account repayment data(as defined in paragraph(8)(e) above) may be retained by the credit reference agency until the expiry of five(5) years from the date of final settlement of the amount in default.

  15. In the event any amount in an account is written off due to a bankruptcy order being made against a data subject, the account repayment data (as defined in paragraph (8)(e) above) may be retained by the CRA, regardless of whether the account repayment data reveal any default of payment lasting in excess of sixty (60) days, until the expiry of five (5) years from the date of final settlement of the amount in default or the expiry of five (5) years from the date of discharge from a bankruptcy as notified by the data subject with evidence to the credit reference agency, whichever is earlier.

  16. Data of a data subject may be processed, kept and transferred or disclosed in and to any country as the Bank or any person who has obtained such data from the Bank referred to in (5) above considers appropriate. Such data may also be processed, kept, transferred or disclosed in accordance with the local practices and laws, rules and regulations (including any governmental acts and orders) in such country.

  17. In accordance with the terms of the Ordinance, the Bank has the right to charge a reasonable fee for the processing of any data access request.

  18. The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed is as follows:-

    Data Protection Officer
    Bank of Singapore Limited (Hong Kong Branch)
    34/F, One International Finance Centre
    1 Harbour View Street Central,
    Hong Kong Telephone: +852 2846 3800
    Fax: +852 2295 3332

  19. The Bank may have obtained a credit report on the data subject from a CRA in considering any application for credit. In the event the data subject wishes to access the credit report, the Bank will advise the contact details of the relevant CRA.

  20. Nothing in this Statement shall limit the rights of data subjects under the Ordinance.

  21. Capitalised terms used shall have the following meanings:
    “Authorities” means judicial, regulatory, public, government agency authorities, Tax Authorities, securities or futures exchange, or law enforcement bodies having jurisdiction over any part of the Bank Group or any agents thereof;
    “Bank Group” means collectively and individually, the head office of the Bank, parent bank and its subsidiaries and affiliates, and “any member of the Bank Group” has the same meaning; and
    “Tax Authorities” means domestic or foreign tax, revenue, fiscal or monetary authorities.


In the event of discrepancies between the English and Chinese versions of this Statement, the English version shall apply and prevail.