1. Compliance with the Personal Data (Privacy) Ordinance
   The protection of your privacy is important to us. We will always follow and comply with the requirements under the Personal Data (Privacy) Ordinance (“PDPO”) when handling your personal data.
2. Only collect necessary personal data
   Whether you are a current customer or just visiting our website, we will safeguard your information. We will only collect personal data that is necessary from existing or prospective customers, so that we can better provide and/or market our services and products to such customers.
3. How we handle your personal data in general
   Any collected personal data will only be used for specified purposes and not for any other purposes, except when existing or prospective customers have consented for us to use their data for a new purpose. All practicable steps will be taken to ensure customers’ personal data are kept secure, confidential, and accurate. Such personal data will not be retained for longer than it is necessary. Only authorised members of staff can access or process the personal data. Customers or prospective customers have the right to request for accessing or correcting their personal data (where applicable).

We hold two broad categories of personal data. They are as follows:

1. Customers or Prospective Customers' Personal Data

   It includes personal data necessary for us to:

   1. open or maintain bank accounts,
   2. establish or maintain banking / credit facilities or
   3. provide banking and/or any other financial services.
2. Our Employees' Personal Data or the Data Collected from our Job Applicants

   It includes but not limited to the following:

   1. the name,
   2. information or identification documents,
   3. contact information,
   4. educational background and
   5. curriculum vitae of employees.

Definition

1. “Bank Group Company” means the following:
   1. any subsidiary of the Bank,
   2. any direct or indirect holding company of the Bank,
   3. any subsidiary of any such holding company or
   4. any of their related companies (being a company in which an equity interest is held by any of the companies listed from iii(a)-(c))
2. “Matching procedure” means a procedure whereby personal data is collected for all 4 criteria below:
   1. there is a comparison of two sets of personal data, each of which is collected for different purposes, e.g. one set of personal data collected for purposes A and B and a second set collected for purposes X and Y;
   2. each comparison involves the personal data of 10 or more data subjects;
   3. the comparison is not carried out by manual means, e.g. it is carried out by using a computer program designed and applied for performing the comparison process; and
   4. the end result of the comparison may be used for the purpose of taking adverse action against any of the data subjects concerned.

1. If you are an existing customers or prospective customer, your personal data will be used for the following purposes:
   1. to process your application for banking and/or any other financial services and facilities;
   2. to provide you with banking services and banking/credit facilities;
   3. to conduct credit or other status checks when:
      1. you apply for credit or
      2. when there is a need for a credit review and
      3. when we or the Bank Group Company need to carry out Matching Procedures.
   4. to create and maintain the credit scoring models of the Bank or any Bank Group Company;
   5. to assist other financial institutions to conduct credit checks and collect debts from data subjects;
   6. to ensure your ongoing credit worthiness;
   7. to design banking and/or financial services or related products for your use;
   8. to determine amounts owed to or by data subjects;
   9. to collect outstanding amounts from data subjects and those providing security for data subjects' obligations;
   10. to conduct insurance claims or analysis;
   11. for operational purposes, credit assessment or statistical analysis (including behaviour analysis) of the Company or any Bank Group Company;
   12. to maintain a credit history of data subjects (whether or not there exists any relationship between data subjects and the Company) for present and future reference of the Company or any Bank Group Company;
   13. to comply with disclosure obligations, requirements, or arrangements and using data that apply to the Company or any Bank Group Company or that it is expected to comply according to:
       1. any applicable legal obligations from within or outside the Hong Kong Special Administrative Region (“HKSAR”);
       2. any guidelines that were issued by any authorities of financial services providers within or outside the HKSAR;
       3. any contractual or other commitment with local or foreign authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Company or any Bank Group Company by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign authorities or self-regulatory or industry bodies or associations;
   14. to comply with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Bank Group Company and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or to prevent or detect money laundering, terrorist financing or other unlawful activities;
   15. to enable an actual or proposed assignee of the Company or any Bank Group Company, or a participant, a sub-participant or a transferee of the rights of the Company or any Bank Group Company in respect of the data subjects, to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and
   16. subject to customers or prospective customers' consent, to market services and products to such customers.
   17. Our job applicants' data is used for:
       1. Recruitment;
       2. Other employment-related purposes, including but not limited to selection, qualification assessment, employer reference, remuneration determination and other employment opportunities.

       To comply with the requirements of the Ordinance, on or before we collecting personal data, we will notify our customers / prospective customers / job applicants of our purpose of collection of data, classes of persons to whom the data may be transferred, their rights to access and correct their data and other relevant information by providing a personal information collection statement or by other means which is deemed appropriate by the Bank.

       For details about our handling on customers' personal data, please read our Notice to Customers and Other Individuals relating to the Personal Data (Privacy) Ordinance.

We take all reasonably practicable means to protect the data, such as, by restricting the data access by authorised personnel only and incorporating security measures into equipment in which data is held. Encryption is employed for sensitive data transmission. If we engage data processors to handle or process personal data on our behalf (whether within or outside Hong Kong), we would adopt contractual or other means to prevent any unauthorized or accidental access, processing, erasure, loss or use of the transferred data by the data processors.

The collected personal data will not be kept longer than necessary for the fulfilment of the purposes for which the personal data are or are to be used at the time of collection and for compliance with the legal, regulatory and accounting requirements from time to time. In related to customers' data, we shall continue to hold data relating to the customer(s) after the closure of account / termination of service or such other period as prescribed by applicable laws and regulations.

Unless we have obtained your consent, or are required to do so by law, otherwise, we will not disclose, share, sell or divulge your data to other external parties. For details about the possible classes of transferees for our customers' data, please refer to our Notice to Customers and Other Individuals relating to the Personal Data (Privacy) Ordinance.

This Privacy Policy Statement is subject to review and change from time to time. Please approach our branches or visit the Bank's website for the latest Statement regularly.

The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed as follows using the prescribed data access/correction request form issued by the PCPD:

The Data Protection Officer, OCBC Bank (Hong Kong) Limited, 161 Queen's Road Central, Hong Kong
Email: enquiry_hk@ocbc.com

Subject to your consent, the Bank Group may use or provide your personal data to other persons (whether or not such persons are members of the Bank Group) for the purpose of direct marketing. If you do not wish us to do so, please contact the Data Protection Officer in writing at 161 Queen's Road Central, Hong Kong with your name and account number stated. No fee will be charged. For any enquiries, please email to enquiry_hk@ocbc.com.

All information provided at your discretion will be deemed and remain the property of the Bank Group. Such information will be passed to any company within the Bank Group and related business partners who have undertaken to keep the information confidential.

1. We may use certain algorithms and big data analytics and artificial intelligence (“BDAI”) technologies and applications when considering and processing your application for account opening, the establishment of facilities, products and services. BDAI involves computers generally to mimic human intelligence, so that they can learn, sense, think and act to achieve automation and gain analytics insights from large volumes of structured and unstructured data created by the preservation and logging of activity from human, tools and machines. Examples of BDAI include as follows:
   1. machine learning,
   2. biometric authentication technology, which includes the collection and use of your biometric data that identifies you physically, such as facial recognition information, your fingerprint or voice recognition information, and
   3. natural language processing and decision tree, etc.
2. The algorithms and BDAI may provide automatic assessments and decisions based on the data we collected from you, which may be personal and non-personal data. Use of BDAI by us in relation to personal data is governed by this Privacy Policy and Personal Information Collection Statement and the Notice to Customers and Other Individuals relating to the PDPO. The parameters used in these assessments would have been selected to provide a fair and objective assessment of your data and tested for reliability and fairness. We have in place robust policies and procedures to ensure the security and integrity of data, and the use of BDAI is fair and in accordance with applicable laws and regulations. In addition, we may by ourselves, or via our service providers, use BDAI for:
   1. analysing statistics, trends, markets, behaviour, usage patterns, customer segments and pricing;
   2. planning, research and developments, designing services or products, improving customer experience;
   3. predicative modelling;
   4. performing credit, anti-money laundering, fraud prevention and other risk assessments; and
   5. any other purposes relating thereto.
3. Accuracy of assessments and decisions generated by the algorithms will largely depend on the accuracy of the personal data provided. If we are uncertain about the accuracy of the data that may be used in an algorithmic assessment, we will endeavour to seek clarification from you. You may also enquire or request reviews on the decisions made by our BDAI applications via the channels which we may designate from time to time. There may be certain other risks associated with the use of algorithms, including, but not limited to, risks related to input data (e.g. a mismatch between the data used for training the algorithms and the data inputted for the purposes of the establishment and the use of any account(s) and/or any products or services), algorithm design (e.g. coding errors) as well as output decisions (e.g. incorrect interpretation of the output).

Important Notice:

By signing up for OCBC Bank's Personal or Business eBanking Services, you agree to our Terms and Conditions (“Terms”) for using these services. We encourage you to read these Terms carefully before registering and using eBanking Services.

Please note that this information is a general overview. If there are any differences between this overview and the detailed Terms and Conditions, the detailed Terms will take precedence. The terms used here have the same meanings as defined in the detailed Terms, unless stated otherwise.

All fees and charges which will apply to eBanking Services
This excerpt outlines the terms and conditions regarding fees and charges associated with eBanking Services provided by the Bank. Here’s a summary of the key points:

1. Right to Charge Fees: The Bank reserves the right to impose fees and charges related to eBanking Services.
2. Notice of Changes: The Bank will notify the Customer of any changes to these fees and charges at least 30 days in advance. This notification can be delivered through any method the Bank deems appropriate.
3. External Charges: Customers are responsible for any fees imposed by their telecommunications or Internet service providers related to the use of eBanking Services. This includes charges for services like PNETS, IDD, and roaming.
4. Payment of Fees: Customers agree to pay all fees as specified by the Bank, and they authorize the Bank to deduct these fees directly from their Primary Account.
5. Non-Refundable Fees: All fees are to be paid in advance and are non-refundable.

This clause emphasises the Customer's responsibility for understanding and accepting the fees associated with eBanking Services, as well as the Bank's authority to modify these fees with proper notice.

Customer's obligations in relation to security for eBanking Services

You understand that your eBanking Identification Number, User ID, PIN, and any other secret codes or identifiers (we’ll call these your “Personal Identifiers”) are very important and should be kept confidential.

If you accidentally or intentionally share your Personal Identifiers or fail to keep them secure, you may be responsible for any losses or damages that occur as a result.

It’s important for you to keep your Personal Identifiers safe. You are responsible for taking all necessary steps to protect them. Here are some helpful tips to ensure your information stays secure:

1. avoid using easily guessable identifiers. Instead of using personal identifiers like the Hong Kong Identity Card number, telephone number, date of birth, or recognizable parts of a name;
2. do not use the same personal identifiers which the Customer is using for other internet services, for accessing eBanking Services;
3. do not disclose the Personal Identifiers to any person (including the Bank's staff and police), or any doubtful website and do not record it anywhere without disguising them;
4. do not use the Personal Identifiers for other on-line services (e.g. e-mail and internet access);
5. do not use links in e-mails or internet search engines to log on eBanking Services but log on eBanking Services direct at the Bank’s website (www.ocbc.com.hk);
6. before logging on eBanking Services, close all browser windows to protect his financial information from unauthorized access from another website and log off after each access to eBanking Services;
7. never access eBanking Services from a public computer (e.g. those at cyber cafés); and
8. check your bank balance and transactions regularly and upon discovery of any error or unauthorized transaction, notify the Bank of the same as soon as reasonably practicable.

Please note that the Bank will not ask you for your Personal Identifiers, so to ensure that you will be the only person who knows your own Personal Identifiers.

A Customer who acts fraudulently or with gross negligence ( e.g. failing to take necessary measures to safeguard the secrecy of or knowingly allowing any other person to use the Customer’s Personal Identifiers) will be held liable for all losses and consequences arising from or in connection with such use of eBanking Services.

Customer's liability for unauthorized transactions
Please note that if anyone uses your Personal Identifiers—whether you authorised them or not—it will be considered as you using the eBanking Services. If you ever suspect that your Personal Identifiers have been compromised, lost, or stolen, or if you notice any unauthorized transactions on your account, please let us know as soon as possible. We recommend that you also change your Personal Identifiers right away.

To help protect your account, it’s important to notify us promptly. If you don’t, you may be responsible for any losses that occur. Until we receive your notification, we won’t be able to process any claims related to unauthorized use of your eBanking Services.