Table of Contents
(1) Introduction
(2) Collection of Personal Data On-Line
(3) Kinds of Personal Data Held By the Group
(4) Direct Marketing
(5) Data Access Requests and Data Correction Requests
(6) Contacts of Group Data Protection Officer
(1) Introduction
This Statement concerns the Privacy Policy (Customers) Statement ("Statement") of UniCap Asia Ltd. S.A. ("UniCap") and its subsidiaries ("Group"). This Statement is an extract of the Group's Privacy Policy Statement. This extract outlines the general policy and practices of the Group in relation to the collection, holding and use of data collected on-line. This Statement shall only apply to members of the Group who are engaged in banking business and other financial services and such members do not establish a separate Statement.
(2) Collection of Personal Data On-Line
When collecting personal data on-line (e.g. via Internet), the Group shall follow the relevant guidelines issued by the Privacy Commissioner for Personal Data from time to time.
In the course of collecting personal data through Group websites, the Group will provide individuals with a Personal Information Collection Statement informing them of the purpose of data collection, parties to whom the data may be transferred, their rights to access and correct data, and other relevant information.
Customers are informed of the following practices in relation to personal data:
(a) Security
The Group will follow strict standards of security and confidentiality to protect any information provide by the customers to the Group. Encryption technology is employed for sensitive data transmission on the Internet to protect customers' privacy.
Whenever other organisations are hired to provide support services, they will be required to conform to the Ordinance.
(b) Cookies
Cookies are small pieces of data transmitted from a web server to a web browser. Cookie data is stored on a local hard drive such that the web server can later read back the cookie data from a web browser. This is useful for allowing a website to maintain information on a particular user.
Cookies are designed to be read only by the website that provides them. Cookies cannot be used to obtain data from a user's hard drive, get a user's e-mail address or gather a user's sensitive information.
As cookies record the browsing preference and relay that information back to the web server on subsequent visits to the web server, there are some common uses of cookies. For example, cookies are widely used in on-line ordering systems for storing user's choice of items. Users can get their selected items some time later, even if they have disconnected the session. In addition, the cookie data which indicates user's preference for a particular site can be used for site personalization and targeted marketing.
The Group will only use cookies as a session identifier and will not store user's sensitive information in cookies. Once a session is established, all the communications will use the cookie to identify a user. The cookie will expire once the session is closed. If users try to disable cookies from their web browsers, they will not be able to access our Internet banking services.
(c) Accuracy
Personal data provided to the Group through on-line facility, once submitted, cannot be deleted, corrected or updated on-line. If deletion, correction and updates are required, users should approach relevant Group members, departments or branches.
(d) Retention
The personal data collected on-line will be transferred to relevant members of the Group, departments or branches for processing. Personal data will be retained in the website normally for a period of not longer than six months.
(e) Minors
In general, no personal data will be collected from minors under the age of 13 without the consent of a person with parental responsibility for the individual.
(f) Disclosure
No customer information will be disclosed to any external organizations unless the Group has previously informed the customer in disclosures or agreements, or has been authorised by the customer, or is required to do so by law.
The Group will always maintain control over the confidentiality of customer information. The Group may, however, facilitate offers to customers from reputable third party companies. Such companies are prohibited to retain any customer information unless the customer has specifically expressed interest in their products or services.
(3) Kinds of Personal Data Held By the Group
Personal data held by the Group regarding customers may include the following:
(a) name and address, occupation, contact details, date of birth and nationality of customers and spouses of customers and their identity card and/or passport numbers and place and date of issue thereof;
(b) current employer, nature of position, annual salary and other benefits of customers and spouses of customers;
(c) details of properties, assets or investments held by customers and their spouses;
(d) details of all other assets or liabilities (actual or contingent) of customers and their spouses;
(e) information obtained by the Group in the ordinary course of the continuation of the banking relationship;
(f) information as to credit standing provided by a referee, credit reference agency or debt collection agency in connection with a request to collect a debt due from any customer to the Group; and
(g) information which is in the public domain.
The Group may hold other kinds of personal data which it needs in the light of experience and the specific nature of its business.
(4) Direct Marketing
It is the policy of the Group that when using the personal data obtained from any sources for conducting direct marketing, the Group shall, on the first occasion on which it so uses those personal data, inform such persons that they may, without charge, request the Group to cease to using their data for direct marketing purposes.
If direct marketing is conducted by means of information or goods sent to any person by mail, facsimile transmission, electronic mail, or other similar means of communication, where the information or goods are addressed to a specific person or specific persons by name on the basis of personal data held by the Group.
Direct Marketing Approaches Opt-out Choice form will be enclosed or an appropriate column will be printed on the application form for completion by the individual who opts not to receiving future direct marketing approaches from the Group. Upon receipt of a completed Opt-out Choice form or an opt-out request as indicated on the application form, Individual Data Protection Officers will inform the Group Data Protection Officer who will update the Group opt-out list as a result of which no further direct marketing activities will be conducted by the Group on the basis of that personal data.
(5) Data Access Requests and Data Correction Requests
It is the policy of the Group to comply with all data access and correction requests, for all staff to be familiar with the requirements for assisting individuals to make such requests, and to process such requests in accordance with the provisions of the Ordinance.
The Group may, subject to the Ordinance, impose a fee for complying with a data access request. If a person making a data access request requires an additional copy of the personal data, the Group may charge a fee to cover the full administrative and other costs incurred in supplying that additional copy.
|
