Privacy Policy

Hong Kong Branch

The Access Bank UK Limited, Hong Kong Branch – Privacy Statement

This Statement explains how The Access Bank UK Limited – Hong Kong Branch (‘the Bank’), obtains, uses and keeps your personal information confidential. The purpose of this Statement is to set out the policies and practices of the Bank’s commitment to protecting personal data privacy in accordance with the provision of the Personal Data (Privacy) Ordinance (Cap. 486) (the ‘Ordinance’ or ‘PDPO’).

The Access Bank UK Limited, Hong Kong Branch may act as the ‘data user’ of the personal information you provide to us, for purposes of the Ordinance. Our Hong Kong Monetary Authority licence number is L111 and the registered address is Suite 1501-04, 15/F, Two Exchange Square, 8 Connaught Place, Central, Hong Kong.

If you have any questions about our Privacy Statement, you can write to: The Data Protection Officer, The Access Bank UK Limited, Hong Kong Branch, Suite 1501-04, 15/F, Two Exchange Square, 8 Connaught Place, Central, Hong Kong or email compliance.hk@theaccessbankukltd.co.uk

1. How is your personal data collected, used and scored:

Personal data will be collected only for lawful and relevant purposes and all practicable steps will be taken to ensure that personal data held by the Bank is accurate. The Bank will take all practicable steps to ensure security of the personal data and to avoid unauthorised or accidental access, erasure or other use.

It is the policy of the Bank to observe the Ordinance in the collection, maintenance, storage, use and disclosure of personal data:

(a) From time to time, it will be necessary for you to supply the Bank with personal data in connection with the establishment or continuation of your account(s) or the Bank’s facilities, the provision of banking services and generally your banking relationship with the Bank.

(b) Failure to supply such personal data or failure to consent to the use of such personal data for the purpose setout herein may result in the Bank being unable to open or continue your account(s) or provide or continue to provide banking services or facilities for/to you.

(c) It is also the case that personal data may be collected from you in the ordinary course of the banking relationship, for example, when you deposit money or effect transactions through your account(s).

The type of personal data we collect about you and how it is used depends on what contract you have with us, the needs, the relationship you have with us and the products and services you hold or enquire about.

2. The categories of personal data we collect:

We will collect and record your data from a variety of sources; however, we rely mostly on this information coming directly from yourself. We will collect and process this data in order to provide our products and services which include:

Personal details – including name, date of birth, passport, and identification information.
Contact details – including phone number, email address, postal address.
Financial details – including account information, financial history, credit reference agencies, fraud prevention agencies, land agents.
Proof of income – including payslips or bank statements.
Details about your health and lifestyle to meet our regulatory obligations, including those relating to responsible lending.
Business customer details – including business information, contact details, shareholdings.
Special Categories of Personal Data – including information about your physical and mental health, only to provide additional support to you in respect of our services, and only with your explicit consent.
Details of transactions – including payments you make and receive.
Financial information – including account numbers, information you provide for the purposes of providing a payment-initiation service (a service that allows a third party to give us instructions to make payments from your account on your behalf).

We will also collect the following information:

Payment and transactional information.
Data we obtain from the way in which you use our online banking and telephone banking services. For example, your personal profile and how you identify yourself when you connect to these services and other information about how you use these services. We use cookies to collect this type of information from devices you use to connect to our services, such as computers.

3. Why do we collect this data (the ‘Purposes’):

We can only use your personal information if we have a lawful reason to do so, and to comply with legal and regulatory requirements imposed on us by each jurisdiction, or for legitimate reasons. A legitimate reason occurs when we have a business or commercial reason to collect and use your information. But even then, it must not unfairly go against what is right and best for you.

Know Your Customer ‘KYC’ activities, including anti-money laundering checks
Processing and evaluating any application or request from you for the establishment of, the banking services and facilities provided to you (including assessing your eligibility for banking services)
Carrying out your instructions, or responding to any enquiry from you
Conducting credit checks and maintaining your credit history for present and future reference
Ensuring your ongoing creditworthiness
Determining the amount of indebtedness owed to or by you
Enforcing your obligations, including collection of amounts outstanding from you and those persons providing security for your obligations
Providing assistance to other financial institutions to conduct credit checks and collect debts
Facilitating remittances and wire transfers
Designing banking services, financial services or related products for your use
Holding customer banking and financial relationships
Administering our products and services
Transaction and instruction customer processing
The prevention and investigation of financial crimes
Management of any legal disputes
Compliance related activities, for example regulatory, tax reporting obligations
Improving our services through research and statistical analysis
Observing and complying with applicable laws, including complying with the obligations, requirements or arrangements for disclosing or using personal data that apply to the Bank and its holding companies, branches, subsidiaries, representative offices and affiliates, wherever situated (the ‘Group’), or that it is expected to comply with
Enabling an actual or proposed assignee of the Bank, or participant or sub-participant of the Bank’s rights and/or obligations in respect of you, to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation
Meeting or complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Group and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities
Fulfilling any other purposes related thereto

The main reason we collect this data is to complete the services you have entered a contract with us for. Without knowing any of this information, we would be unable to fulfil our legal and regulatory obligations, therefore it is essential that we collect this information.

We will not ask for more personal data than we need. Once we have collected the information we need, we will not use it for anything else unless you have been informed and consent has been obtained.

We also use your data to develop and improve our services to you and other customers, to ensure that the products/services that we offer continue to provide good customer outcomes, and to protect our interests.

4. Use of personal information and the law:

As noted above, we can only collect and use your personal information for which is necessary. This may include sharing it outside The Access Bank UK Limited – Hong Kong Branch. We will collect and use your personal information for one or more of the following reasons:

To fulfil a contract that we hold with you, or a contract you are applying to enter into; or
When we have a legal or regulatory obligation; or
When it is for legitimate reasons; or
When you consent to it.

The table below lists all the ways that we may use your personal information, and the lawful basis on which we do so.

How we use your personal information	The basis on which we use your personal information
• In order to manage our relationship with you; • Updating and improving the accuracy of our records; • Account Transaction analysis; • Processing Payments; • Arrears and Debt recovery activities;	• Fulfilling contracts • Our legitimate Interests • Our legal obligation • Your consent • Fulfilling regulatory obligations
• In order to develop our business and the products and services that we offer; • In assessing existing and new products; • Managing our product delivery; • During the application of fees and charges and interest to customer accounts, where applicable;	• Our legitimate interests • Our legal obligation
• In respect of the work that we undertake to protect the Bank from financial crime and terrorism financing, and effectively assess and mitigate risk to the Bank and our customers; • Fraud prevention and investigation.	• Our legal obligation • Fulfilling regulatory obligations
• While managing all aspects of our business including corporate governance and audit processes; • In respect of our rights and obligations in agreements or contracts that we hold.	• Fulfilling regulatory obligations • Fulfilling contracts • Our legal obligation

5. Categories of personal information

Category of personal information	Description
Financial and Transactional	The financial information that we hold for you as a customer of the Bank, including your financial position and status, and details about transactional activity on the accounts that you hold with us.
Special Category Personal Data	We will only use data that is classed as ‘sensitive’ in order to support you, for example if you are, or become, a vulnerable customer. For example, data concerning your health. Such information will only be collected and used when it is needed to help and provide personal additional support to you in respect of the product and/or services provided by the Bank, or to comply with our legal obligations. In this instance, a temporary note may be added to your record in order to ensure that staff members are aware that you may require extra support.
Core personal information including social relationships	This refers to information that we hold in respect of your address and contact information, national identifiers such as Hong Kong identity card number and tax identification numbers, and also includes information relating to your family and associates.
Demographic, educational and employment information	This refers to information that we hold in respect of your profession, nationality and education.
Usage and contractual information	This information relates to the way in which you use our products and services that we provide to you.
Location and technical information	Information that we obtain about your location, for example in respect of your usage of our website through your internet connection and the technology that you use.
Communications	The information you provide to us in any medium, for example your communications by telephone, letter and email, noting that we record telephone calls to confirm details of our conversations, for your protection and in order to identify and address staff training needs.
Information in the public domain	Information about you that is available in the public domain from all available sources including the internet.
Documentary information	Information about you in documents such as your Passport, Driving licence or utility bills that you provide to us, whether original or copy documents.
Consents	Any permissions, consents, or preferences that you provide to us.

Information we collect

Payment and transactional information.
Data we obtain from the way in which you use our services. For example, your personal profile and how you identify yourself when you connect to our services.

6. Information and third parties:

We may obtain information about you from third parties, these include:

Employers
Credit reference agencies
Fraud prevention agencies or other organisations, when you apply for an account or any other product or service, or which you or they give to us at any other time
Introducers
Land agents
Public information sources, for example the Hong Kong Companies Registry, the Hong Kong Land Registry
Government and law enforcement agencies, for example, the Hong Kong Inland Revenue Department

Personal data will be kept confidential but, subject to the provisions of any applicable law, we may provide information about you or share your personal information with third parties, for legitimate reasons. This may include disclosing your personal information to any or all of the following persons:

You, and where appropriate, your family, your associates, and your representatives, agents or nominee
Any agent, contractor or third-party service provider (whether in Hong Kong or elsewhere) who provides, or to whom the Bank has outsourced, data and/or transaction processing, financial and transaction reporting, custody, execution and other functions, administrative, telecommunication, computer, payment or securities clearing or other services to the Bank in connection with the operation of its business
The head office and any branches, subsidiaries, Group entities or associated or affiliated companies of the Bank wherever located
Any other person under a duty of confidentiality to the Bank or any other Group entity which has undertaken to keep such information confidential
Any person in accordance with applicable laws, including any person or entity to whom the Bank or any other Group entity is under an obligation or otherwise required to make disclosure under the requirements of any law or regulation binding on or applying to the Bank or any other member of the Group, or any disclosure under and for the purposes of any guidelines, guidance, directives, rules, codes, circulars or other similar documents issued or given by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of finance services providers with which the Bank or other Group entities is expected to comply, or any disclosure pursuant to any contractual, or other commitment of the Bank or other Group entities with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations for financial services providers, all of which may be within or outside Hong Kong and may be existing currently and in the future
Any financial institution with which you have or propose to have dealings • Sureties and any person providing or proposing to provide security or any guarantee for your obligations
Any person or entity which the Bank or other Group entity engages for any of the Purposes
Any regulators, governmental or law enforcement body, and other competent authorities, including the Hong Kong Monetary Authority and Hong Kong Inland Revenue Department
Statutory bodies
Credit reference agencies, and where an event of default has occurred, debt collection agencies
Fraud and crime prevention agencies
Introducers who have introduced you to us
Companies or individuals that you ask us to share your personal information with
The Direct Debit scheme, if you authorise direct debits on your account with us
Other lenders who also hold a charge on your property where you have a loan or mortgage with us secured on the same property
Any third party to whom we transfer or may transfer our rights and obligations as a result of any restructure, sale or acquisition of any company, provided that your information is used for the same purposes as it was originally supplied to us and/or used by us
Account information service providers or payment initiation service providers that you have authorised
We may also give out information about you if we have a duty to do so, for example, to any relevant party for the purposes of prevention, investigation, detection or prosecution of financial crime or if the law allows us to do so

We will only conduct information sharing activity with a third party if they agree to keep your information safe and confidential.

You acknowledge that the Bank may, in any event, also collect, use and disclose your personal data without consent where permitted or required by applicable laws. For example, where permitted by applicable law, the Bank may collect, use and disclose your personal data without consent for the legitimate interests of the Bank or other third party, such as the detection and prevention of fraud, misuse of services, threats to safety and security (including telephone recordings, CCTV surveillance and IT / network security) and any other illegal or harmful activities.

You understand and agree that the Bank may disclose personal data to any or all of the persons referred to above and may do so notwithstanding that the place of business of such person is outside of Hong Kong or that such information following disclosure will be collected, held, processed or used by such person in whole or in part outside of Hong Kong and you agree to authorise access by such person to collect, hold, process or use such personal data; and warrant that where any personal data of the person(s) mentioned above has been provided to the Bank, you have informed the person(s) of the purposes for which the data was collected, used and/or disclosed and has obtained the person(s)’ prior written consent for the collection, use and disclosure of such personal data by the Bank.

7. Authorised signatories

If you are an authorised signatory for the account, this means that your personal information will be shared with the other authorised signatories. For example, your personal details will be visible by other account users and authorised signatories.

8. Transfer of personal information overseas

If we transfer your personal information to a person, office, branch, or organisation located outside of Hong Kong, UK or the EEA, we will make sure that they agree to apply the same levels of protection and is in line with applicable legal requirements, and to use your information strictly in accordance with our instructions.

We would only share your personal information outside of Hong Kong, UK or the EEA:

If you have explicitly consented to the transfer;
If the transfer is necessary for the performance of a contract between you and the Bank or in order to enter into a contract at your request;
In order to comply with a legal duty; and
To protect the vital interest of you, or another, where you are physically or legally incapable of providing consent;

If we do transfer your personal information to a person, office, branch or organisation outside of Hong Kong, UK or the EEA, we will ensure that it is protected in line with the applicable legal requirements by using one of the following safeguards:

Transfer it to a jurisdiction which has privacy laws that give the equivalent required protections; (including enforceable and effective rights for people concerned); or
Ensure there is a legally binding contract between the Bank and the recipient of the personal information requiring the same level of protection of your information.

Fraud Prevention Agencies (FPAs) may also send your personal information to jurisdictions outside Hong Kong, the UK or the EEA. Where they do so, they will ensure that the recipient protects the information to the standard required under applicable legal requirements.

9. Automated decisions and personal information

The Bank does not use your personal information to conduct automatic ‘profiling’ decisions. However, we do use third party organisations who use automated ‘decision’ making in relation to identification checks only, as part of the account opening process. You have the right to object to an automated ‘decision’, and ask that a person reviews it.

Some of the personal information we hold – or are allowed to obtain from others – about you may be used to assist us in our decision-making process. For example:

Account opening

The Bank will use the information you have provided to ensure that the product or service is relevant and meets the conditions needed to open the account.

Identifying fraudulent activity

The Bank has in place systems and controls to prevent fraud, money laundering and terrorism financing, and we may use your personal information to decide if your account is being used for these purposes. If we think the account is being used to facilitate such offences, we may block the account and refuse access to it.

Credit Reference Agencies (CRAs)

We may use Credit Reference Agencies (CRAs) for prospective and existing customers of the Bank. We conduct identity checks when you apply for a product or services for you or your business. Where we are unable to verify your identity by this means, we will ask you to provide physical forms of identification and may contact you in this respect.

We may share your personal information with CRAs and they may provide us with information about you, including:

Personal details including name, address and date of birth;
Credit status;
Details of credit you may hold with a joint account holder;
Financial information and history; and
Information sourced from the public domain such as Hong Kong Companies Registry.

Such information may be used for the following purposes (subject to the requirements of the Code of Practice on Consumer Credit Data (the ‘Code’) approved and issued under the Ordinance):

Check details on applications and meet our regulatory requirements to fully identify our customers;
For the prevention of fraud, financial crime and counter terrorism offences;
Recovery of debts owed to the Bank; and
Check details of job applicants and employees;

Information held about you by a CRA may already be linked to records relating to your partner or members of your household where a financial ‘association’ has been created. Any enquiry we make at a CRA may be assessed with reference to any ‘associated’ records. Another person’s record will be ‘associated’ with yours when:

You make a joint application;
You advise us of a financial association with another person;
The CRA have existing, linked or ‘associated’ records. This ‘association’ will be taken into account in all future applications by either or both of you and shall continue until one of you applies to the CRA and is successful in filing a ‘disassociation’.

Fraud Prevention Agencies (FPAs)

We may also process your personal information in accordance with applicable law, and share it with Fraud Prevention Agencies (FPAs), as required, to help detect fraud, financial crime and counter terrorism offences. This will include information such as:

Personal information and documentation that you provide to us, such as your name and date of birth and images of Passports, Driving licences and signatures, Tax identification numbers, copies of utility bills and other documents, your residential address including address history, and your contact details including email address and telephone number
Information obtained from the public domain or third parties that we work with.
Financial information
Information relating to your products or services
Employment details
Information which identifies your computer / device used to connect to the internet, for example Internet Protocol (IP) address.

Any sharing of such personal information with an FPA will only occur if we have a proper reason to do so. We or an FPA may allow law enforcement agencies access to personal information provided if it is for a legal duty or a legitimate reason, as defined below, and such information may be retained for up to 6 years.

10. If you choose not to give personal information

As already stated in this statement, we may collect personal information on several bases including with your consent, for our legitimate reasons, due to legal or regulatory obligations, or under the terms of a contract we have with you. If you choose not to provide us personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your accounts. It may also result in the cancellation of a product or service you hold with us.

Should any information collection be considered optional, we would specify this clearly from the outset.

11. Records and retention of personal information

The Bank will store all personal information as securely as possible, in a confidential manner.

We will only retain your personal information for as long as you are a customer of The Access Bank UK Limited, Hong Kong Branch or otherwise for a limited period of time as long as necessary to fulfil the purposes for which we have initially collected it, unless otherwise required for legal, regulatory or fraud prevention purposes.

After account closure, or if your application has been declined or not progressed for any reason, we may retain information about you for up to 10 years from the date of termination of all relationship with you, where necessary for one of the following reasons:

To respond to any information requests or complaints.
To maintain records according to regulations or legal requirements that apply to us.

We may keep your information for longer than 10 years if we are prevented from deleting it for the above mentioned legal, regulatory and fraud prevention reasons.

If we have not contacted you during this retention period, we will delete your personal information at the end of this period.

12. Your rights regarding your personal information

Under and in accordance with the terms of the PDPO and the Code of Practice on Consumer Credit Data approved and issued under the PDPO, any individual has the right:

(a) to check whether the Bank holds personal data about him and of access to such personal data;

(b) to require the Bank to correct any personal data relating to him which is inaccurate;

(c) to ascertain the Bank’s policies and practices in relation to personal data and to be informed of the kind of personal data held by the Bank;

(d) in relation to personal data which has been provided by the Bank to a credit reference agency, to instruct the Bank upon termination of an account by full repayment to make a request to the credit reference agency to delete such data from its database, as long as the instruction is given within five years of termination and at no time did the account have a default of payment lasting in excess of 60 days within five years immediately before termination of the account. In the event the account has had a default of payment lasting in excess of 60 days the data may be retained by the credit reference agency until the expiry of five years from the date of final settlement of the amount in default or five years from the date of discharge from a bankruptcy as notified to the Bank, whichever is earlier.

The right of access to your information that we hold:

Under the Ordinance and the Code, you have a right to see a copy of the information we hold on you. You can ask for a copy of this information by making a Data Access Request (DAR) to us. This request can be made by email to compliance.hk@theaccessbankukltd.co.uk, or in writing to:

Data Protection Officer
The Access Bank UK Limited – Hong Kong Branch
Suite 1501-04, 15/F
Two Exchange Square
8 Connaught Place
Central,
Hong Kong

Should you make such a request, the Bank will supply you with this information within one month of the request (extended for a further two months for complex/numerous requests in which case we will advise you of the extension within the one month period). We may charge you an administration fee (based on the administrative costs of providing the information) for this service, or refuse to respond, where a request is ‘manifestly unfounded or excessive’. If we refuse to respond, we will explain to you the reason why the request has been refused and inform you of your right to complain, within one month of the receipt of the request.

In accordance with the terms of the Ordinance, the Bank has the right to charge a reasonable fee for the processing of any data access request.

Further information regarding making a DAR can be obtained from the Privacy Commissioner for Personal Data.

The right to correct inaccurate information:

If any information we hold for you is incorrect, you may request us to rectify this at any time by contacting us by email, telephone or in writing to the Data Protection Officer at the above address. Taking into account the purposes of the processing, you have the right to have incomplete personal information completed, including by means of providing a supplementary statement.

If we have disclosed such personal information to a third party, we will inform them of the rectification where possible and inform you of the third parties to whom the inaccurate or incomplete information has been disclosed, where appropriate.

The right to restrict or object to the processing of information:

You may ask us to restrict the processing of your personal information at any time, or you may object to our continued use of your information by contacting us by email, telephone or in writing to the Data Protection Officer at the above address. You may do this in the following circumstances:

Where you contest the accuracy of the personal information, we must restrict the processing until we have verified the accuracy of the personal information.
Where you have objected to the processing (where it was necessary for the performance of a public interest task or a purpose in our legitimate interests), and we are considering whether our legitimate interests override your own interests.
Where processing is unlawful and you oppose erasure and request restriction of processing instead.
Where we no longer need the personal information but you require the information to establish, exercise or defend a legal claim.

This does not affect any processing that has been carried out prior to your request being received. If you have requested or objected to processing of your personal information, this does not prevent us continuing to store the information.

Where we have disclosed personal information, we hold about you to a third party we will inform the third party of any restriction on the processing of that personal information.

We will inform you when we decide to lift a restriction on processing of personal information, we hold about you.

The right to information portability:

You may ask us to move, copy or transfer your personal information directly to another organisation if this is technically feasible to do so in a safe and secure way. You can request this by contacting us by email, telephone or in writing to the Data Protection Officer at the above address.

The right to have your information erased:

Also known as the ‘right to be forgotten’ this allows you to request that we delete any or all personal information that we hold about you where there is no compelling reason for its continued processing, for one of the following reasons:

Where the personal information is no longer necessary in relation to the purpose it was originally collected/processed;
Where you withdraw consent;
Where you object to processing and there is no overriding legitimate interest for continuing to process the information;
Where the personal information was unlawfully processed (e.g. otherwise in breach of the Ordinance);
Where the personal information has to be erased to comply with a legal obligation; or
Where the personal information is processed in relation to the offer of information society services to a child.

You can make this request at any time by contacting us by email, telephone or in writing to the Data Protection Officer at the above address.

We can refuse to erase personal information we hold about you where it is processed for the following reasons:

To exercise the right of freedom of expression and information.
To comply with a legal obligation or for the performance of a public interest task or exercise of official authority.
For public health purposes in the public interest.
Archiving purposes in the public interest, scientific research, historical research or statistical purposes.
The exercise or defence of legal claims.

If we erase personal information we hold about you, we will inform any third parties about the erasure UNLESS it is impossible or involves disproportionate effort to do so.

The right to withdraw your consent:

You may withdraw your consent at any time. This will not affect any usage of your information carried out up until that point but would have immediate effect from when we receive your request. Please contact us by phone, email or in writing to the address above if you wish to do so.

If you withdraw your consent, we may not be able to provide certain products or services to you. If this is so, we will tell you.

You may also at any time and free of charge exercise your opt out right under the PDPO and request that the Bank ceases to use or provide personal data to other persons by contacting us by phone, email or in writing to the address above.

13. Marketing

The Bank has made a policy decision that we will not send unsolicited marketing material to you. Should this position change, we will write to you.

14. If you wish to make a complaint

If for any reason you are unhappy with our use of your personal information and you wish to lodge a complaint, please contact us by email, telephone or in writing to the Data Protection Officer at the address above.

You also have the right to complain to the Privacy Commissioner for Personal Data. You can find out how to do this on their website https://www.pcpd.org.hk/english/complaints/how_complaint/complaint/complaint.html

15. Cookies

Information about how we use Cookies is provided on the Bank’s website at the following location: https://www.theaccessbankukltd.co.uk/the-access-bank-uk-limited-hong-kong-branch/cookies-hong-kong

16. Language

If there is any inconsistency or conflicts between English and Chinese version, the English version will prevail.;

Hong Kong Branch

Privacy Policy

Useful Links

Legal

Privacy policy

Terms and conditions

Fraud Alert

Accessibility

Important information

Site map

Cookies policy

We use cookies to enable us to ensure that our website meets your needs – by continuing on this website you are consenting to our cookie policy.