Data Protection Policy

BDO Unibank, Inc., Hong Kong Branch
(whose head office is a company incorporated in the Republic of the Philippines with limited liability, the “Bank”)

Notice to Customers and Other Individuals relating to The Personal Data (Privacy) Ordinance (the “Ordinance”)

(1) From time to time, it is necessary for customers and other individuals (including but not limited to applicants for banking/financial services and products and banking facilities; sureties and persons providing securities or guarantees for banking facilities; all of whom/which related to a Bank’s customer or an applicant, such as shareholders, directors, controlling persons, officers and managers of a body corporate, partners or members of a partnership, beneficial owners, trustees, settlors or protectors of a trust, account holders of a designated account and payers and payees of a designated payment; representatives, agents, nominees or any persons acting on behalf of a customer; and any other persons with whom a customer has a relationship that is relevant to the customer’s relationship with the Bank) (collectively, the “Data Subjects”, each, a “Data Subject”) to supply the Bank with personal data in connection with various matters such as the opening or continuation of accounts, the establishment or continuation of banking facilities, the provision of banking, financial, investment or other services and products by or through the Bank, or the compliance by the Bank or any other Bank Group Company with any applicable laws, regulations, court orders or guideline issued by regulatory, government or other competent authorities.  “Bank Group Company” or “member of BDO Group” means any company which is a member of the group of companies to which the Bank belongs that can be found on www.bdo.com.ph.

(2) Failure to supply such personal data may result in the Bank being unable to open or continue accounts, or provide or continue banking facilities, or provide banking, financial, investment or other services and products, or comply with any laws, regulations, court orders or guideline issued by regulatory, government or other competent authorities.

(3) It is also the case that personal data is collected from Data Subjects during the ordinary course of the continuation of the Bank’s relationship with Data Subjects, such as when Data Subjects write cheques, deposit money or apply for banking facilities.  Information relating to Data Subjects may also be obtained from other sources such as receiving personal data from credit reference agencies approved for participation in the Multiple Credit Reference Agencies Model (hereinafter referred to as “credit reference agencies”).

(4) The purposes for which personal data relating to a Data Subject may be collected, held and/or used will vary depending on the nature of the Data Subject’s relationship with the Bank.  Broadly, they may comprise all or any one or more of the following purposes:

_(a) considering and processing applications from Data Subjects for the establishment, variation and/or cancellation of the products, services and facilities;

_(b) the daily operation of the products, services and facilities provided to Data Subjects;

_(c)  the maintaining of the credit history of the Data Subjects for present and future references;

_(d) conducting credit checks, whether at time of application for facilities or regular reviews which usually will take place one or several times every year or special reviews, and carrying out matching procedures (as defined in the Ordinance);

_(e) creating and maintaining the Bank’s credit scoring and/or risk related system;   

_(f) assisting other financial institutions, credit card issuing companies and debt collection agencies to conduct credit checks and collect debts;

_(g) monitoring and ensuring ongoing credit worthiness of Data Subjects;

_(h) designing banking and financial services or related products for Data Subjects’ use;

_(i) marketing of services or products and other subjects (please see further details in paragraph (7) below);

_(j) determining the amounts of indebtedness owed to or by Data Subjects;

_(k) enforcement of Data Subjects’ obligations, and collection of debts owed and due by Data Subjects and from those providing security or guarantee for Data Subjects’ obligations;

_(l) complying with the obligations, requirements or arrangements, whether compulsory or voluntary, that apply to the Bank or a Bank Group Company or that any of them is expected to comply according to:

(A) any law, regulation, judgment, court order, voluntary code, sanctions regime binding or applying to it within or outside the Hong Kong Special Administrative Region (“Hong Kong”) existing currently and in the future (e.g. the Inland Revenue Ordinance (Cap. 112), including those concerning automatic exchange of financial account information;

(B) any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently and in the future and any international guidance, internal policies or procedures (e.g. guideline or guidance given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information);

(C) any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Bank or a Bank Group Company by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations;

_(m) complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing personal data and information within the group of the Bank and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;

_(n) enabling an actual or proposed assignee of the Bank, or participant or sub-participant of the Bank’s rights in respect of Data Subjects to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and

_(o) fulfilling any other purposes relating thereto.   

(5) Personal data held by the Bank relating to a Data Subject will be kept confidential but the Bank may provide and/or disclose such data to any one or more of the following parties (whether within or outside Hong Kong) for the purposes set out in paragraph (4) above:

_(a) any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment, data processing or storage, securities clearing, auditing, legal, accounting or other services to the Bank in connection with the establishment, operation and maintenance of its business;

_(b) any other person under a duty of confidentiality to the Bank including a Bank Group Company which has undertaken to keep such information confidential;

_(c)  the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;

_(d) any person receiving payment from the Data Subject, the banker of such person and any intermediaries which may handle or process such payment;

_(e) a person making any payment into the Data Subject’s account (by providing a copy of a deposit confirmation slip which may contain the name of the Data Subject);

_(f) credit reference agencies (including the operator of any centralized database used by credit reference agencies), and, in the event of default, to debt collection agencies and/or solicitor firms;

_(g) any person to whom the Bank or any Bank Group Company is under an obligation or otherwise required or is expected to make disclosure for, or in connection with, the purposes set out in paragraphs (4)(l) and (m) above;

_(h) any actual or proposed assignee of the Bank or participant or sub-participant or transferee of the Bank’s rights in respect of the Data Subjects;

_(i) any party giving or proposing to give a guarantee or third-party security to guarantee or secure the Data Subject’s obligations; and

_(j) also the following parties:

(A) any Bank Group Company;

(B) third party financial institutions, insurers, credit card companies, securities and investment services providers;

(C) third party reward, loyalty, co-branding and privileges programme providers;

(D) co-branding partners of the Bank and/or any Bank Group Company (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);

(E) charitable or non-profit making organisations; and

(F) external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Bank engages for the purposes set out in paragraph (4)(i) above.

(6) The Bank may from time to time transfer the data of the Data Subjects (including the personal data) outside Hong Kong for the purposes and parties specified in paragraphs (4) and (5) above.  Data transferred outside Hong Kong may be disclosed, used, processed or stored in accordance with the applicable laws, rules and regulations of the relevant jurisdiction.

(7) USE OF DATA IN DIRECT MARKETING:  The Bank intends to use a Data Subject’s personal data in direct marketing and the Bank requires the Data Subject’s consent (which includes an indication of no objection) for that purpose.  In this connection, please note that:

_(a) the name, contact details, products and other services portfolio information, transaction pattern and behaviour, financial background and demographic data of a Data Subject held by the Bank from time to time (the “Specified Data”) may be used by the Bank in direct marketing;

_(b) the following classes of services, products and subjects (the “Specified Services”) may be marketed:

(A) banking, financial, insurance, investment, credit card and related services and products;

(B) reward, loyalty or privileges programmes and related services and products;

(C) services and products offered by co-branding partners of the Bank or any Bank Group Company (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and

(D) donations and contributions for charitable and/or non-profit making purposes.

_(c)  the Specified Services may be provided or (in the case of donations and contributions) solicited by the Bank and/or the following persons (the “Users”):

(A) any Bank Group Company;

(B) third party financial institutions, insurers, credit card companies, securities and investment services providers;

(C) third party reward, loyalty or privileges programme providers;

(D)  co-branding partners of the Bank or any Bank Group Company (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and

(E) charitable or non-profit making organisations.

_(d) in addition to marketing the Specified Services by the Bank itself, the Bank also intends to provide the Specified Data to all or any of the Users for use by them in marketing the Specified Services, and the Bank requires the Data Subject’s written consent (which includes an indication of no objection) for that purpose.

If a Data Subject does not wish the Bank to use or provide to any User his / her Specific Data for use in direct marketing as described above, the Data Subject may exercise his / her opt-out right by sending an opt-out request to the Bank at the address set out in paragraph (15) below or such other ways as provided by the Bank from time to time.

(8) With respect to personal data in connection with mortgages applied by a Data Subject (whether as a borrower, mortgagor or guarantor and whether in the Data Subject’s sole name or in joint names with others) on or after 1 April 2011, the following data relating to the Data Subject (including any updated data of any of the following data from time to time) may be provided by the Bank, on its own behalf and/or as agent, to the credit reference agencies:

_(a) full name;

_(b) capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in the Data Subject’s sole name or in joint names with others);

_(c) Hong Kong Identity Card Number or travel document number;

_(d) date of birth;

_(e) correspondence address;

_(f) mortgage account number in respect of each mortgage;

_(g) type of the facility in respect of each mortgage;

_(h) mortgage account status in respect of each mortgage (e.g., active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order); and

_(i) if any, mortgage account closed date in respect of each mortgage.

The credit reference agencies will use the above data supplied by the Bank for the purposes of compiling a count of the number of mortgages from time to time held by a Data Subject with credit providers in Hong Kong, as borrower, mortgagor or guarantor respectively, whether in the Data Subject’s sole name or in joint names with others, for sharing in the consumer credit database of the credit reference agencies by credit providers (subject to the requirements of the Code of Practice on Consumer Credit Data approved and issued under the Ordinance (the “Code”)).

(9) Under and in accordance with the terms of the Ordinance and the Code, any Data Subject has the right:

_(a) to check whether the Bank holds data about him/her and access to such personal data;

_(b) to require the Bank to correct any data relating to him/her which is inaccurate;

_(c) to ascertain the Bank’s policies and practices in relation to data and to be informed of the kind of personal data held by the Bank;

_(d) in relation to consumer credit, to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agencies or debt collection agencies; and

_(e) in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Bank to the credit reference agencies, to instruct the Bank upon termination of the account by full repayment, to make a request to the credit reference agencies, to delete such account data from the database, as long as the instruction is given within 5 years of termination and at no time was there any default of payment in relation to the account, lasting in excess of 60 days within 5 years immediately before account termination. Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by the Bank to the credit reference agencies), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).

(10) In the event of any default in payment relating to an account, unless the amount in default is fully repaid or written-off (other than due to a bankruptcy order) before the expiry of 60 days as measured by the Bank from the date such default occurred, the account repayment data (as defined in paragraph (9)(e) above) of the Data Subject may be retained by the credit reference agencies until the expiry of 5 years from the date of final settlement of the amount in default.

(11) In the event any amount in an account is written-off due to a bankruptcy order being made against a Data Subject, the account repayment data (as defined in paragraph (9)(e) above) may be retained by the credit reference agencies, regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until the expiry of 5 years from the date of final settlement of the amount in default or the expiry of 5 years from the date of discharge from a bankruptcy as notified by the Data Subject with evidence to the credit reference agencies, whichever is earlier.

(12) The Bank may have obtained a credit report on the Data Subject and any of his / her sureties from the credit reference agencies in considering any application for credit.  If the Data Subject or any of his / her sureties wishes to access the credit report, the Bank will provide the contact details of the relevant credit reference agencies.

(13) The Bank may access the database of credit reference agencies for the purpose of credit review from time to time which may involve the consideration by the Bank of any of the following matters:

_(a) an increase in the credit limit;

_(b) the curtailing of credit (including the cancellation of credit or a decrease in the credit limit); or

_(c) the implementation of a scheme of arrangement with the Data Subject.

(14) In accordance with the terms of the Ordinance, the Bank has the right to charge a reasonable fee for the processing of any data access request.

(15) The person to whom requests for an opt-out from using his/her personal data in direct marketing, access to or correction of personal data held by the Bank or information regarding the Bank’s data policies and practices and kinds of data held by the Bank are to be addressed is as follows:

Data Protection Officer
BDO Unibank, Inc., Hong Kong Branch
Suite 1001, 10th Floor Central Tower, 28 Queens Road Central, Central Hong Kong
dpo@bdoub.com.hk

(16) Where a Data Subject is a Philippine citizen or resident and his/her personal data held by the Bank should be considered as the personal information and/or sensitive personal information under the Data Privacy Act of 2012 (a Philippine law), the Bank may (a) use, process and retain such data and information in accordance with the Data Privacy Act of 2012 and (b) disclose such data and information to any member of BDO Group which can use, process, retain and disclose such data and information in accordance with the Data Privacy Act of 2012.  Please refer to the “BDO Group Data Privacy Statement”, that can be found on www.bdo.com.ph/privacy-statement, for details of the policies and procedures of BDO Group in respect of the Data Privacy Act of 2012.

(17) Nothing in this notice shall limit the rights of Data Subjects under the Ordinance.

(18) In case of discrepancies between the English and Chinese versions of this notice, the English version shall prevail.

Nov 2024

[The Chinese translation of the notice is for reference only.]

金融銀行有限公司香港分行
(其總行是一家位於菲律賓共和國注冊成立的有限責任公司，「本行」)

《致客戶及其他人士關於個人資料（私隱）條例（「條例」）的通知》

(1) 客戶和其他個人（包括但不限於銀行/財務服務及產品和銀行授信的申請人，為銀行授信提供抵押或擔保的擔保人及人士，所有與本行客戶或申請人相關的人士例如法團的股東、董事、控制人、職員和管理人員、合夥企業的合夥人或成員、信託的實益擁有人、受託人、財產授予人或保障人、指定賬戶的賬戶持有人及指定付款的付款人及收款人，客戶的代表、代理、代名人或任何代表客戶行事的人士，及與客戶建立了關係而該關係關乎客戶及本行的關係的任何其他人士）（「資料當事人」），就各項事宜例如申請開立或延續賬戶，建立或延續銀行授信，本行或經由本行提供銀行、財務、投資或其他服務及產品時，或本行或銀行集團成員爲遵守任何適用法律、規例、法院命令或由監管、政府或其他主管機關發出的指引，而須不時向本行提供個人資料。「銀行集團成員」或「BDO集團成員」指本行所屬公司集團中之成員的任何公司，詳情可參閱 www.bdo.com.ph。

(2) 若未能向本行提供相關個人資料，可能會導致本行無法開立或延續賬戶，或提供或延續銀行授信，或提供銀行、財務、投資或其他服務及產品，或遵守任何法律、規例、法院命令或由監管、政府或其他主管機關發出的指引。

(3) 本行亦會從資料當事人與本行在關係持續的日常業務運作中收集資料當事人的資料，例如當資料當事人開出支票、存款或申請銀行授信時。本行也會從其他來源取得資料當事人的資料，例如從獲核准加入多家個人信貸資料服務機構模式的信貸資料服務機構獲取個人資料（以下稱為「信貸資料服務機構」）。

(4) 收集、持有及/或使用與資料當事人相關的個人資料之用途將根據資料當事人與本行關係的性質而有所不同。總括而言，可包括用於所有或任何一個或多個以下用途：

(a)  考慮及處理資料當事人建立、變更及/或取消產品、服務及授信的申請；

_(b)  提供予資料當事人之產品、服務和授信的日常運作；

_(c)  維持資料當事人的信貸記錄以供目前及將來參考之用；

_(d) 進行信貸調查（不論於授信申請時或定期審查（通常每年進行一次或數次）或特別審查），並開展匹配程序（定義詳見條例）；

_(e) 編制及維持本行的信貸及/或風險評分相關系統；

_(f) 協助其他財務機構、信用卡發行商及債務追收機構作信貸檢查及追討債務；

_(g) 監察及確保資料當事人信用維持良好；

_(h) 設計供資料當事人使用的銀行及財務服務或有關産品；

_(i)  推廣服務或産品，以及其他促銷目的（更多詳情請參閱以下第(7)段）；

_(j)  確定欠付資料當事人或其所欠的負債款額；

_(k) 執行資料當事人應承擔的義務，及向資料當事人及爲資料當事人的責任提供抵押或擔保的人士追收欠款；

_(l)  遵守根據以下適用於本行或銀行集團成員的責任、要求或安排，或任何本行或銀行集團成員根據以下預計需遵守的責任、要求或安排（無論強制或自願）：

(A)  在香港特別行政區（「香港」）境內或境外目前和將來存在對其具法律約束力或適用的任何法律、規例、判決、法院命令、自願守則、制裁制度（例如《稅務條例》（香港法例第112章），包括關於自動交換財務賬戶資料的條文）；

(B) 在香港境內或境外目前和將來存在之司法、監管、政府、稅務、執法或其他機關、或金融服務供應商的自律監管或行業組織或協會的任何指引或指導，及任何國際指引、內部政策或程序（例如稅務局發出或提供的指引或指導，包括關於自動交換財務賬戶資料的指引或指導）；

(C) 本行或銀行集團成員基於財務、商業、業務或其他利益或活動，根據本地或外地的司法、監管、政府、稅務、執法或其他機關、或金融服務供應商的自律監管或行業組織或協會的相關規定而承擔或執行目前或將來的與本地或外地的司法、監管、政府、稅務、執法或其他機關、或金融服務供應商的自律監管或行業組織或協會之間的任何合約或其他承諾；

_(m) 遵守本行集團內部共享個人資料和信息及/或按照任何集團內部方案之任何其他使用資料和信息的任何義務、要求、政策、程序、措施或安排，以遵循制裁或防止或偵查洗錢、恐怖主義融資或其他非法活動；

_(n) 使本行的實際或計劃承讓人，或本行對資料當事人權利的參與人或附屬參與人，能夠評估擬作爲轉讓、參與或附屬參與的交易；及

_(o) 用於與上述有關的用途。

(5) 本行會對其持有的資料當事人個人資料保密，但本行可能會把相關資料提供及/或披露給任何一個或多個以下各方（不論其是否在香港境內或境外）作以上第(4)段列出的用途：

_(a) 向本行提供行政、電訊、電腦、付款、資料處理或儲存，證券結算、審計、法律、會計或其他服務而與本行所設立、運作及維持業務有關的任何代理人、承包商或第三方服務供應者；

_(b) 任何對本行有保密責任的人（包括已承諾維持該保密責任的銀行集團成員）；

_(c) 付款銀行向出票人提供已兌現支票的副本（而其中可能載有關於收款人的資料）；

_(d) 任何從資料當事人收取付款的人士、其收款銀行及任何處理或辦理該付款的中介人士；

_(e) 向資料當事人的賬戶作出任何付款的人士（通過提供可能包含資料當事人名稱的存款確認單的副本）；

_(f) 信貸資料服務機構（包括信貸資料服務機構使用的任何中央數據庫之操作方），以及在資料當事人欠賬時，則可提供予債務追收機構及/或律師事務所；

_(g) 本行或任何銀行集團成員根據上述第(4)(l)及(m)段或與之有關的目的而有義務或以其他方式被要求或預期向其作出披露的任何人士；

_(h) 本行的任何實際或計劃承讓人或就本行對資料當事人權利的參與人或附屬參與人或受讓人；

_(i) 對資料當事人的義務作出或擬作出擔保或第三方抵押的任何人士；及

_(j) 也包括以下各方：

(A) 任何銀行集團成員；

(B) 第三方金融機構、保險公司、信用卡公司、證券及投資服務供應商；

(C) 第三方獎賞、忠誠獎賞、聯名合作及優惠計劃提供者；

(D) 本行及/或任何銀行集團成員之聯名合作夥伴（有關服務和産品的申請表上會提供聯名合作夥伴的名稱（視情況而定））；

(E) 慈善或非牟利機構；及

(F) 就第(4)(i)段所列的用途獲本行聘用的外部服務提供者（包括但不限於郵遞機構、電訊公司、電話銷售及直銷代理、電話服務中心、數據資料處理公司及資訊科技公司）。

(6) 根據以上第(4)及(5)段所述的用途及有關方，本行可不時將資料當事人的資料（包括個人資料）轉移到香港以外地區。轉移至香港以外地區的資料可能需根據相關司法管轄權區的適用法律、規則和規例作出披露、使用、處理或儲存。

(7) 使用資料作直接促銷：本行擬使用資料當事人的個人資料作直接促銷，並本行須爲此目的取得資料當事人同意（包括資料當事人不反對之表示）。就此，請注意如下：

_(a) 本行不時持有資料當事人的姓名、聯絡詳情、産品及其它服務投資組合信息、交易模式及行徑、財務背景及統計資料（「指定資料」）可能被本行用於直接促銷；

_(b)  以下為可作推廣的服務、産品和促銷類別（「指定服務」）：

(A) 銀行、財務、保險、投資、信用卡及相關服務和産品；

(B) 獎賞、忠誠獎賞或優惠計劃及相關服務和産品；

(C) 本行及/或任何銀行集團成員之聯名合作夥伴提供之服務和産品（有關服務和産品的申請表上會提供聯名合作夥伴的名稱（視情況而定））；及

(D) 爲慈善及/或非牟利目的之捐款及捐贈。

_(c) 指定服務可由本行及/或以下人士（「資料使用者」）提供或（如涉及捐款和捐贈）募捐：

(A) 任何銀行集團成員；

(B) 第三者金融機構、保險公司、信用卡公司、證券及投資服務供應商；

(C) 第三方獎賞、忠誠獎賞或優惠計劃供應商；

(D) 本行及任何銀行集團成員之聯名合作夥伴（有關服務和産品的申請表上會提供該等聯名合作夥伴的名稱（視情況而定））；及

(E) 慈善或非牟利機構。

_(d) 除由本行促銷指定服務外，本行亦擬提供指定資料至上述所有或其中任何資料使用者，藉以用於促銷指定服務，而本行須爲此目的取得資料當事人書面同意（其中包括資料當事人不反對之表示）。

若資料當事人不希望本行使用或提供其任指定資料予任何資料使用者以作以上所述之直接促銷用途，資料當事人可按以下第 (15) 段所載的地址或本行不時提供的其他方法，向本行發出拒絕 促銷要求，以行使其拒絕促銷的權利。

(8) 就資料當事人（不論以借款人、按揭人或擔保人身分，以及不論是以資料當事人單名或與其他人士聯名方式）自2011年4月1日起或以後申請按揭的相關個人資料，本行可能會把下列資料當事人的資料（包括任何下列資料的不時更新資料）以本行名義及/或代理人名義提供給信貸資料服務機構：

_(a) 全名；

_(b) 每宗按揭的身分（即作爲借款人、按揭人或擔保人及不論是以資料當事人單名或與其他人士聯名方式）；

_(c) 香港身份證號碼或旅遊證件號碼；

_(d) 出生日期；

_(e) 通訊地址；

_(f)  每宗按揭的按揭賬戶號碼；

_(g) 每宗按揭的信貸種類；

_(h) 每宗按揭的按揭賬戶狀況（例如有效、已結束、已撇賬（因破産令導致除外），因破産令而已撇賬）；及

_(i) 每宗按揭的按揭賬戶結束日期（如有）。

信貸資料服務機構將使用以上由本行提供的資料，統計資料當事人不時與香港信貸提供者之間持有的按揭宗數（分別以借款人、按揭人或擔保人身分，以及以資料當事人本人單名或與其他人士聯名方式），以存於信貸資料服務機構的個人信貸資料庫內供信貸提供者共用（受條例項下核准和發出的《個人信貸資料實務守則》（「實務守則」）的規定所限）。

(9) 根據及按照條例及實務守則中之條文，任何資料當事人有權：

_(a) 查核本行是否持有其資料及查閱相關個人資料；

_(b) 要求本行改正任何有關其不準確之資料；

_(c)  查明本行對於資料的政策及慣例和獲告知本行持有的個人資料種類；

_(d) 就個人信貸有關而言，要求獲告知那些資料通常會向信貸資料服務機構或債務追收機構披露，以及獲提供進一步資料，得以向有關信貸資料服務機構或債務追收機構提出查閱及改正資料要求；及

_(e) 就本行向信貸資料服務機構提供的任何賬戶資料（爲免生疑問，包括任何賬戶還款資料）而言，於全數清還欠賬後結束賬戶時，指示本行要求信貸資料服務機構自其資料庫中刪除相關賬戶資料，但指示必須於賬戶結束後五年內提出及於緊接終止信貸前五年內沒有任何拖欠爲期超過 60 日的欠款。賬戶還款資料包括上次到期的退款額，上次報告期間（即緊接本行上次向信貸資料服務機構提供賬戶資料前不多於 31日的期間）所作還款額，剩餘可用信貸額或未償還數額及欠款資料（即過期欠款額及逾期還款日數，清還過期欠款的日期，及全數清還拖欠爲期超過 60 日的欠款的日期（如有））。

(10) 在賬戶出現任何欠款的情況下，除非欠款金額在由出現拖欠日期起計 60 天屆滿前全數清還或撇賬（因破産令導致除外），信貸資料服務機構可由全數清還欠款金額之日起計五年保留賬戶還款資料（定義見以上第(9)(e)段）。

(11) 當資料當事人因被頒布破産令而導致任何賬戶金額被撇賬，不論賬戶還款資料是否顯示任何拖欠爲期超過 60 日的還款，該賬戶還款資料（定義見上述第(9)(v)段）會在全數清還該拖欠還款後被信貸資料服務機構繼續保留多五年，或由資料當事人提出證據通知信貸資料服務機構其已獲解除破産令後保留多五年（以較早出現的情況爲準）。

(12) 本行在考慮信貸申請時，可能從信貸資料服務機構取得有關資料當事人及其之任何擔保人的信貸報告。如資料當事人及其之任何擔保人希望索取有關報告，本行會提供有關信貸資料服務機構的聯絡詳情。

(13) 本行可查閱任何信貸資料服務機構的數據庫，以便不時進行信貸覆核，其中可能會考慮以下任何事宜：

_(a) 增加信貸額；

_(b) 對信貸作出限制（包括取消信貸或減低信貸額）；或

_(c) 與資料當事人實行債務還款安排。

(14) 根據條例的條文，本行有權就處理任何查閱資料的要求收取合理費用。

(15) 任何有關資料當事人拒絕其個人資料用作直接促銷、或關於查閱或改正本行持有的個人資料、或索取有關本行的資料政策及慣例或本行持有的資料種類的要求，應按以下聯絡詳情提出：

資料保障主任
金融銀行有限公司香港分行
香港中環皇后大道中 28 號中匯大廈 10 樓 1001 室
dpo@bdoub.com.hk

(16) 當資料當事人是菲律賓公民或居民，並本行持有其之個人資料應屬菲律賓法律 Data Privacy Act of 2012 項下的個人資料及/或敏感個人資料時，本行可 (a) 按照 Data Privacy Act of 2012 使用、處理及保存相關資料和信息，以及 (b) 向任何 BDO 集團成員披露相關資料和信息，使其能按照 Data Privacy Act of 2012 使用、處理及保存相關資料和信息。有關 BDO 集團對 Data Privacy Act of 2012 的政策和程序，詳情請參閱網頁 www.bdo.com.ph/privacy-statement 上的 BDO Group Data Privacy Statement（僅供英文版本）。

(17) 本通告不會限制資料當事人在條例下所享有的權利。

(18) 本通告的中英文版本有任何歧異，概以英文版本爲準。

2024年 11 月