Welab Bank Limited - Privacy Policy Statement

Privacy Policy Statement

We know that you are concerned with how your personal and financial information is dealt with. This Privacy Policy statement (“Statement”) sets out our current policies and demonstrates our commitment to your privacy.

By accessing this website (the “Site”) and any of its pages, you are agreeing to the Statement set out below.

Before using this Site, you should read carefully:

[1] this Statement,

[2] the Notice to Customers and Other Individuals relating to the Personal Data (Privacy) Ordinance (the “Privacy Notice”) which notifies you why data including your personal data is collected, how it will be used and to whom data access requests are to be addressed;

[3] the Terms of Use of Website; and

[4] the cookie policy, which is set out in the Terms of Use of Website and Terms of Use of App.

The information, material and content provided in the pages of the Site may be changed at any time without notice, and consequently this Statement may change at any time in the future. You agree to review this Statement regularly and your continued access to or use of the Site will mean that you agree to any changes.

Our business has been built on trust between us and our customers. To preserve the confidentiality of all information you provide to us, we have adopted the following privacy principles:

We will only collect information that we believe to be relevant and required to understand your financial needs and to conduct our business.
We use your information to provide you with better customer services and products.
We may pass your information to other WeLab Group companies or agents, as permitted by law.
We will not disclose your information to any external organisation unless we have your consent or are required by law or have previously informed you.
We may be required from time to time to disclose your information to governmental or judicial bodies or agencies or our regulators, but we will only do so under proper authority.
We aim to keep your information up-to-date and retain your information only for such periods as necessary.
We maintain strict security systems designed to prevent unauthorised access to your information by anyone, including our staff.
All WeLab Group companies, all our staff and all third parties with permitted access to your information are specifically required to observe our confidentiality obligations.

By maintaining our commitment to these principles, we will ensure that we respect the inherent trust that you place in us.

Notice to Customers and Other Individuals relating to the Personal Data (Privacy) Ordinance (the “Ordinance”)

This Notice is served by Welab Bank Limited (the “Bank”, “we”, “us”, “our”, including our successors and assigns) in accordance with the Personal Data (Privacy) Ordinance of the Hong Kong Special Administrative Region (“Hong Kong”). It is intended to notify you why data including your personal data is collected, how it will be used and to whom data access requests are to be addressed.

For the purposes of this Notice, the “WeLab Group” means the Bank and its holding companies, branches, subsidiaries, representative offices and affiliates, wherever situated. Affiliates include branches, subsidiaries, representative offices and affiliates of our holding companies, wherever situated.

IMPORTANT: By accessing this website and any of its pages, you are agreeing to the terms set out below. Thank you for choosing us.

COLLECTION OF DATA

[1] From time to time, we may collect data of customers and other individuals in connection with the purposes set out in this Notice. These customers and other individuals may include without limitation the following or any of them (collectively the “data subject(s)” “you”, “your”):

(a) applicants for and users of banking or financial services, credit facilities, insurance, securities, investment, wealth management and related services, products and facilities (collectively “Facilities, Products and Services”), provided by us and/or any member of the WeLab Group;

(b) persons giving or proposing to give security or guarantees for obligations owed to us;

(c) persons linked to a customer or an applicant that is not an individual, including the beneficial owners and officers of that customer or applicant, or in the case of a trust, including the trustees, settlors, protectors and beneficiaries of the trust; and

(d) other persons who are relevant to a customer’s relationship with us.

[2] Data which we may collect from you include but is not limited to personal data (including but not limited to your name, identity card number, date of birth, residential and correspondence address, phone number, email address, credit-related information, biometric data such as facial image, fingerprint, finger vein, and your digital footprints such as IP address and GPS location etc.).

[3] Failure to supply data to us may result in the Bank not being able to provide (or continue to provide) some or all of the Facilities, Products and Services to you or to the relevant applicants or persons linked to you.

[4] We may collect data from you directly, indirectly or from someone acting on your behalf:

(a) in the ordinary course of our business or the continuation of our relationship with you, for example, data may be collected when you issue cheques, deposit money, effect transactions or when you communicate with us (verbally, electronically or in writing);

(b) when you browse or use our websites and mobile applications; and/or

(i) any member of the WeLab Group (other than the Bank);

(ii) third parties such as our business partners (subject to you giving our business partners consent to transfer your data to us), credit reference agencies (“CRA”) (including CRA approved for participation in the Multiple Credit Reference Agencies Model) and third party service providers with whom you interact in connection with the marketing of our products and services and/or in connection with the your application for our products and services.) ; and/or

(iii) the public domain, cookies, behavioural or location tracking tools.

Data may also be combined with other data available to any member of the WeLab Group.

USE OF DATA

[5] We will use data for the following purposes or any of them (which may vary depending on the nature of your relationship with us):

(a) considering and processing your applications for Facilities, Products and Services and facilitating the daily operation of Facilities, Products and Services provided to you, or to the relevant customer or persons linked to you;

(b) creating and maintaining our credit and risk related models;

(c) conducting credit checks (including without limitation at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year);

(d) providing bank reference or assisting other financial institutions (inside or outside Hong Kong) to conduct credit checks and collect debts;

(e) ensuring your ongoing credit worthiness and good standing;

(f) designing Facilities, Products and Services for your use;

(g) researching, customer profiling and segmentation;

(h) analysing how you access and use our Facilities, Products and Services including those available on our websites and apps;

(i) advertising and marketing Facilities, Products and Services, and other related subjects (as detailed in paragraph 10 below);

(j) determining the amount of indebtedness owed to or by you;

(k) exercising our rights under our contracts with you, including collecting amounts outstanding from you;

(l) meeting our obligations, requirements or arrangements or those of any member of the WeLab Group, whether compulsory or voluntary, to comply with or in connection with:

(i) any law, regulation, judgment, court order, voluntary code, sanctions regime, within or outside Hong Kong existing currently and in the future (“Laws”) (e.g. the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information);

(ii) any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently and in the future (e.g. guidelines or guidance given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information) and any international guidance, internal policies or procedures;

(iii) any present or future contractual or other commitment with local or foreign legal, regulatory, judicial, administrative, public or law enforcement or governmental, tax, revenue, monetary, securities or futures exchange, court, central bank or other authorities, or self-regulatory or industry bodies or associations of financial service providers or any of their agents with jurisdiction over all or any part of the WeLab Group (together the “Authorities” and each an “Authority”) that is assumed by, imposed on or applicable to us or any member of the WeLab Group;

(iv) any agreement or treaty between Authorities;

(m) complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the WeLab Group and/or any other use of data and information in accordance with any programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;

(n) conducting any action to meet our obligations or those of any member of the WeLab Group to comply with Laws or international guidance or regulatory requests relating to or in connection with the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions and/or any acts or attempts to circumvent or violate any Laws relating to these matters;

(o) facilitating consolidated supervision of the WeLab Group for the conduct of internal audit and the performance of risk management;

(p) enabling our actual or proposed assignee, or participant or sub-participant of our rights in respect of you to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;

(q) comparing your data with other persons, financial institutions and/or any member of the WeLab Group for credit checking, data verification or otherwise producing or verifying data in connection with your applications for, or our provisions to you of, the facilities, products and services by us or any member of the WeLab Group, whether or not for the purpose of taking adverse action against you;

(r) maintaining a credit history or otherwise, a record of you (whether or not there exists any relationship between you and the Bank) for present and future reference;

(s) in connection with the Bank defending or responding to any legal, governmental, or regulatory or quasi-governmental related matter, action or proceeding (including any prospective action or legal proceeding);

(t) in connection with us making or investigating an insurance claim or responding to any insurance related matter, action or proceeding; and/or

(u) any other purposes relating to the purposes listed above.

DISCLOSURE OF DATA

[6] Data held by us or a member of the WeLab Group will be kept confidential but we or a member of the WeLab Group may disclose (“disclose” as defined in the Ordinance) such data to the following parties or any of them (whether within or outside Hong Kong) for the purposes set out in paragraph 5 above:-

(a) any agent, contractor, sub-contractors of any member of the WeLab Group;

(b) any third party service providers who provide services to us or any member of the WeLab Group in connection with the operation or maintenance of our business;

(d) any persons under a duty of confidentiality to us or a member of the WeLab Group who have undertaken to keep such data confidential;

(e) the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;

(f) any persons acting on your behalf whose data are provided;

(g) any payment recipients; beneficiaries; account nominees; intermediaries; correspondent and agent banks; clearing houses; clearing or settlement systems; market counterparties; upstream withholding agents; swap or trade repositories; stock exchanges with which you have or propose to have dealings with; companies in which you have an interest in their securities (where such securities are held by us or any member of the WeLab Group), or any persons making any payment into a customer’s account;

(h) CRA (including the operator of any centralized database used by CRA), and, in the event of default, to debt collection agencies;

(i) any persons to whom we are (or any member of the WeLab Group is) under an obligation or required or expected to make disclosure for the purposes set out in, or in connection with, paragraphs 5(l), 5(m) or 5(n) above;

(j) any actual or proposed assignee of ours or participant or sub-participant or transferee of our rights in respect of you;

(k) any persons giving or proposing to give a guarantee or security to guarantee or secure your obligations to us;

(l) any member of the WeLab Group;

(m) third party financial institutions, insurers, credit facilities companies, credit card companies, and securities, commodities and investment services providers;

(n) third party reward, loyalty, co-branding and privileges programme providers;

(o) co-branding partners of ours or any member of the WeLab Group (the names of such co-branding partners can be provided during the application process for the relevant Facilities, Products and Services, as the case may be);

(p) charitable or non-profit making organisations;

(q) external service providers that we or any member of the WeLab Group engage(s) for the purposes set out in paragraph 5 above; and

(r) third-party service providers engaged by you using our application programming interfaces (“API”).

[7] We may transfer your data in and to a place outside Hong Kong in accordance with the local Laws, rules and regulations applicable in the relevant jurisdictions for different purposes including processing and storage.

[8] If we engage outsourcing service providers or data processors (whether within or outside Hong Kong), outsourcing service providers or data processors are required to adhere to specific standards, including any standards prescribed by a privacy regulator, to prevent any loss, unauthorized access, use, modification or disclosure of data, either by contractual provisions or other means.

PROVISION OF DATA TO CRA AND DEBT COLLECTION AGENCIES (“DCA”)

[9] We may provide the following data relating to you (whether in sole name or joint names with others) to a CRA (including the operator of any centralized database used by CRA), and/or a DCA.

(a) Such data may include but not limited to the following relating to you:

(i) full name;

(ii) capacity in respect of each Facilities, Products and Services (as borrower, mortgagor or guarantor or security provider);

(iii) Hong Kong Identity Card Number or travel document number or certificate of incorporation number;

(iv) date of birth or date of incorporation;

(v) correspondence address;

(vi) account number in respect of each Facilities, Products and Services;

(vii) type of the facility in respect of each Facilities, Products and Services;

(viii) account status in respect of each Facilities, Products and Services (e.g. active, closed, write-off);

(ix) if any, account closed date in respect of each Facilities, Products and Services, and

(x) credit application data (including the type and the amount of credit sought).

(b) In respect of mortgages, the CRA will also use the above data for the purposes of compiling a count of the number of mortgages from time to time held by you (as borrower, mortgagor or guarantor, whether in sole name or joint names with others) for sharing in the consumer credit database of the CRA by credit providers.

(c) You can instruct us to make a request to the relevant CRA to delete from its database any account data relating to any credit that has been terminated by full repayment provided that there has not been, within five (5) years immediately before such termination, a default in payment under the credit for a period in excess of sixty (60) days according to our records.

(d) If there is any default in payment, unless the amount in default is fully repaid or written off (other than due to bankruptcy order) before the expiry of sixty (60) days from the date of default, your account repayment data may be retained by the CRA until the expiry of five (5) years from the date of final settlement of the amount in default.

(e) In the event of any amount being written off due to a bankruptcy order being made against you, the CRA may retain your account repayment data until the earlier of (i) the expiry of five (5) years from the date of final settlement of the amount in default, or (ii) the expiry of five (5) years from the date of your discharge from bankruptcy as notified to the CRA by you with evidence.

(f) For the purpose of this paragraph 9, account repayment data is the amount last due, amount of payment made during the last reporting period, remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in material default (that is, default in payment for a period in excess of sixty (60) days) (if any)).

(g) We may obtain a credit report on you from a CRA in considering any application for credit. In the event you wish to access the credit report, we will advise the contact details of the relevant CRA.

USE OF DATA IN DIRECT MARKETING

[10] We intend to use your data in direct marketing and we require your consent (which includes an indication of no objection) for that purpose. In this connection, please note that:

(a) your name, contact details, products and other services portfolio information, transaction pattern and behaviour, financial background and demographic held by us from time to time may be used by us in direct marketing;

(b) information relating to your use of our websites and apps from time to time, whether through cookies or otherwise may be used by us in direct marketing;

(i) Facilities, Products and Services;

(ii) telecommunications network services, delivery services, travel agency services, hospitality services, food and beverages, automotive products/services, gaming products/services, entertainment and media services, lifestyle products/services, social and healthcare services, electronic and electrical products, merchandise, consumer goods and/or commodities;

(iii) reward, loyalty, co-branding or privileges programmes and related services and products; and/or

(iv) donations and contributions for charitable and/or non-profit making purposes;

(d) the above classes of services, products and subjects may be provided or (in the case of donations and contributions) solicited by us and/or:

(i) any member of the WeLab Group;

(ii) third party financial institutions, insurers, credit card companies, securities and investment services providers;

(iii) third party reward, loyalty, co-branding or privileges programme providers;

(iv) telecommunications network service providers, delivery service providers, travel agencies, hospitality service providers, food and beverages providers, automotive products and/or service providers, gaming products and/or service providers, entertainment and media service providers, lifestyle products and/or service providers, social and healthcare service providers, merchandise, consumer goods, commodities retailers, distributors and/or manufacturers;

(v) co-branding partners of ours or any member of the WeLab Group; and/or

(vi) charitable or non-profit making organisations;

(e) in addition to marketing the above Facilities, Products and Services ourselves, we may provide the data described in paragraphs 10(a) and 10(b) above to all or any of the persons described in paragraph 10(d) above for them to market for the classes of services as described in paragraph 10(c), and we need your written consent (which includes an indication of no objection) for that purpose; and

(f) we may receive money or other property in return for providing the data to the other persons in paragraph 10(d) above and, when requesting your consent or no objection as described in paragraph 10(e) above, we will inform you if we will receive any money or other property in return for providing the data to the other persons.

If you do not wish for us to use or provide to other persons your data for use in direct marketing as described above, you may exercise your opt-out right by notifying us through the channels specified in paragraph 13 below and other such channels as specified by us from time to time.

DATA ACCESS REQUESTS

[11] You have the right:

(a) to check whether we hold data about you and to access such data;

(b) to require us to correct any data relating to you which is inaccurate;

(c) to ascertain our policies and practices in relation to data and to be informed of the kind of personal data held by us;

(d) in relation to consumer credit, to be informed on request which items of data are routinely disclosed to CRA (including the operator of any centralized database used by CRA) or DCA, and be provided with further information to enable the making of an access and correction request to the relevant CRA or DCA.

[12] In accordance with the provisions of the Ordinance, we have the right to charge a reasonable fee for the processing of any data access request.

[13] You should send requests for access to data or correction of data or for information regarding policies and practices and kinds of data held to:

WeLab Bank – Operations Team

Welab Bank Limited

Tsat Tsz Mui P.O. Box 60371, Hong Kong

Email: [email protected]

Fax: (852) 3898 6988

Use of algorithmic assessments, big data analytics and artificial intelligence

[14] We may use certain algorithms and big data analytics and artificial intelligence (“BDAI”) technologies and applications when considering and processing your application for the establishment of Facilities, Products and Services. BDAI involves computers generally to mimic human intelligence, so that they can learn, sense, think and act in order to achieve automation and gain analytics insights from large volumes of structured and unstructured data created by the preservation and logging of activity from human, tools and machines. Examples of BDAI include machine learning, biometric authentication technology, natural language processing, decision tree, internet cookies and web logs.

[15] The algorithms and BDAI may provide automatic assessments and decisions based on the data we collected from you, which may be personal and non-personal data. Use of BDAI by us in relation to personal data is governed by this Statement. The parameters used in these assessments would have been selected to provide a fair and objective assessment of your data and tested for reliability and fairness. We have in place robust policies and procedures to ensure the security and integrity of data, and the use of BDAI is fair and in accordance with applicable laws and regulations. In addition, we may by ourselves, or via our service providers, use BDAI for: (a) analysing statistics, trends, markets, behaviour, usage patterns, customer segments and pricing; (b) planning, research and developments, designing services or products, improving customer experience; (c) predicative modelling; (d) performing credit, anti-money laundering, fraud prevention and other risk assessments; and (e) any other purposes relating thereto.

[16] Accuracy of assessments and decisions generated by the algorithms will largely depend on the accuracy of the personal data provided. If we are uncertain about the accuracy of the data that may be used in an algorithmic assessment, we will endeavour to seek clarification from you. You may also enquire or request reviews on the decisions made by our BDAI applications via the channels which we may designate from time to time. There may be certain other risks associated with the use of algorithms, including, but not limited to, risks related to input data (e.g. a mismatch between the data used for training the algorithms and the data inputted for the purposes of the establishment and the use of any Account(s) and/or any Products or Services), algorithm design (e.g. coding errors) as well as output decisions (e.g. incorrect interpretation of the output).

Personal data of another person

[17] Where you provide to us data about another person, you should give to that person a copy of this Notice and, in particular, tell him/her how we may use his/her data.

OTHERS

[18] Nothing in this Notice shall limit your rights as a data subject under the Ordinance.

[19] To the extent permitted by law, the Bank and other members of the WeLab Group may record and monitor electronic communications with you to ensure compliance with legal and regulatory obligations and internal policies for the purposes outlined in this Notice.

[20] Please also read the Privacy Policy Statement (above) and the cookie policy (set out in the Terms of Use of Website and Terms of Use of App) when using the Bank’s online services.

[21] This Notice shall be deemed an integral part of all contracts, agreements, application for credit, account opening documents and other binding arrangements which you have entered into or intended to enter into with us.

Note: In case of discrepancies between the English and Chinese versions, the English version shall apply and prevail.

November 2022

Version no.: WBL30112022