Personal Data Policy Statement

We / Reserve Bank of Asia (please see our contact details in paragraph 1 “DEFINITION” below) respect your privacy and are committed to protecting your privacy. This Personal Data Policy Statement for Reserve Bank of Asia (the "Policy") tells you how we collect, store, use, hold, process, transmit, provide, disclose, delete and transfer personal information about you.
(Effective as of 1 November 2021)

1. DEFINITIONS

Terms not defined here have the same meaning as in the General Terms and Conditions of Reserve Bank of Asia (the "Terms and Conditions").

The words "you" and "your" refer to any holder of the accounts maintained with us and including one or more individuals, sole proprietorships, partnerships, corporations and unincorporated associations or bodies.

The words "we" and "us" refer to Reserve Bank of Asia (contact us via contact us form), and they are the "Bank" or "RBA" in short in this Policy.

"Affiliate" means any person or entity who directly or indirectly through one or more intermediates controls, is controlled by, or is under common control with, the relevant party or in relation to a body corporate, any subsidiary, subsidiary undertaking or holding company of such body corporate, and any subsidiary or subsidiary undertaking of any such holding company for the time being.

"Personal Data" refers to any data or information about you which can be identified either (a) from that data; or (b) from that data and other information to which the Bank have or are likely to have access.

2. OBJECTIVES AND RELATIONSHIP TO THE TERMS AND CONDITIONS

2.1 Your privacy is important to the Bank. This Policy outlines how your Personal Data are managed. This Policy sets out (1) the Bank's specific purposes of data collection, (2) the controls the Bank employs for protection of Personal Data, (3) the classes of persons the Bank can transfer Personal Data to (including SalesForce’s cloud server in Japan), and (4) your access and correction and other rights in relation to Personal Data and other related or relevant data.

2.2 You agree and consent to the Bank as well as its respective agents, authorised service providers and relevant third parties (including any Affiliate of the Bank that has access to the Personal Data and SalesForce’s cloud server in Japan) collecting, using, disclosing and/or sharing your Personal Data in the manner set forth in this Policy. This Policy is a supplement to but does not supersede nor replace any other consents which you may provide to the Bank nor does it affect any rights that the Bank may have at law in connection with the collection, use and/or disclosure of Personal Data.

2.3 The Bank may from time to time update this Policy to ensure it is consistent with the Bank's future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, the prevailing terms of the Policy shall apply. You should therefore check on a regular basis whether this Policy has changed and, if appropriate, whether you also consent to the updated version. You will find the date on which it is updated at the beginning of this Policy.

2.4 This Policy forms a part of the Terms and Conditions governing your relationship with the Bank and should be read in conjunction with such terms and conditions. In the event of any conflict or inconsistency between the provisions of this Policy and the terms and conditions, the provisions of the Terms and Conditions shall prevail.

2.5 By applying to open account(s) with us or continuing to use our services, you confirm that you have read, understood and agreed to the proposed collection, storage, use, holding, processing, transmission, provision, disclosure, deletion and transfer (including cross-border transfer) of Personal Data set out in this Policy.

3. PERSONAL DATA

3.1 It is necessary, from time to time, for you to supply the Bank with Personal Data in connection with (a) the opening or continuation of accounts, (b) the establishment or continuation of banking and or credit facilities (c) or the provision of banking and or financial services.

3.2 Failure by you to provide such Personal Data may result in the Bank being unable to process accounts or financial services as set out at clause 3.1 above and in more detail in the Terms and Conditions.

3.3 It is also the case that data are collected from you in the ordinary course of the continuation of the banking or financial relationship, for example, when you transfer fund, deposit money, effect transactions through cards or discuss /arrange banking / credit facilities for yourself or for any third party.

3.4 In this Policy, examples of Personal Data include, but are not limited to, the following:

a. Your name, passport or other identification number, telephone number(s), mailing address, email address and any other information relating to the information provided to the Bank in any forms that have been submitted, or in other forms of interaction;

b. Information about your use of Bank 's website and services, including cookies, IP address, policy and claims history information;

c. Employment history, education background, and income levels;

d. Transaction related information, such as bank account details or credit card information, along with credit history; and

e. Information regarding the usage of and interaction with the Bank's website and/or services including computer and connection information, device capability, bandwidth, statistics on page views, and traffic to and from the website.

4. PURPOSES FOR THE COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

4.1 The purposes for which Personal Data may be used by the Bank are as, but not necessarily limited to, the following:

a. Evaluating and providing advice and/or recommendations to you regarding the type of products and services;

b. Assessing and processing any applications or requests made by you for products and services offered by the Bank;

c. Communicating with you to inform of changes and updates to policies, terms and conditions and other administrative information, including without limitation for the purposes of servicing you in relation to products and services offered;

d. Administering, maintaining, managing and operating the products and services offered to you, including government-driven schemes;

e. Processing and administering benefits or entitlements in connection with the Bank's services which have been applied for, including the administration of loyalty and rewards programs;

f. Verification of your identity for the purpose of providing you with the Bank's Services;

g. Responding to your queries and requests and handling complaints;

h. Providing you with personalised service;

i. Conducting market research for statistical profiling and other purposes to understand and determine your preferences and demographics in order for the Bank to review, develop and improve the products and services which are being provided to you (including without limitation to ensure that the products and services offered are relevant to you);

j. Conducting financial reporting and analysis related to the Bank's business operations;

k. Managing infrastructure and business operations and complying with internal policies and procedures;

l. Archival of documents and records in both electronic and physical form for record keeping purposes;

m. Maintaining records of your instructions, whether through phone recordings, hard copy documents, soft copy documents or instructions given via electronic or other means;

n. Conducting credit checks and ensuring your ongoing creditworthiness, and the collection of amounts outstanding from you and any person providing security or guarantees for your obligations;

o. Determining the amount of indebtedness owed to or by you;

p. Facilitating business asset transactions (which may extend to any merger, acquisition or asset sale);

q. Facilitating the verification and checks of your Personal Data in order to provide you with the Bank's products and services which have been requested;

r. Preventing, detecting and investigating crime, including fraud and any form of financial crime, and analysing and managing other commercial risks;

s. Compliance with any applicable local or foreign statute, rule, law, regulation, judgment, decree, directive, code of practice, guideline, administrative requirement, sanctions regime, court order, agreement between the Bank and an authority, agreement or treaty between authorities, international guidance and internal policies or procedures, which may apply to the Bank or which any such company is subject to, or to assist in or with law enforcement and investigations by any authority or to comply with any request from an authority; and

t. Subject to applicable law, or any other purpose set out in the Terms and Conditions.

4.2 You are responsible for ensuring that all Personal Data submitted to the Bank are complete, accurate, true and correct. Failure to do so may result in the inability of the Bank to provide you with products and services that have been requested. Where Personal Data are submitted by you on behalf of another individual or another individual other than you (or, in the case of situations where a representative of a company or organisation is submitting the Personal Data of individuals as part of the disclosures by the company or organisation to the Bank) you represent and warrant to the Bank that all the necessary consents have been obtained from the relevant individuals and that you have retained proof of these consents (such proof is to be provided upon the Bank's request).

5. COLLECTION OF PERSONAL DATA

5.1 Generally, the Bank collects Personal Data from you in the, but not necessarily limited to the, following ways:

a. When you have registered a new account with the Bank;

b. When a website has been accessed or when performing an online transaction;

c. When interacting with any of the Bank employees;

d. When an application has been submitted to purchase products or use services from the Bank;

e. When you respond to a request for additional Personal Data;

f. When you ask to be included in an email or other mailing list;

g. When you request to be contacted;

h. When you respond to initiatives or promotions given by the Bank; and

i. When Personal Data have been submitted to the Bank for any other reason.

6. TYPES OF PERSONAL DATA HELD

6.1 There are two main categories of Personal Data held in the Bank. They comprise Personal Data contained in the following:

a. Client Records

  • These are necessary for you to supply to the Bank from time to time in connection with matters such as:
  • 1. The opening or operation of accounts;
  • 2. The establishment or maintenance of facilities; and
  • 3. The establishment or operation or provision of products or services offered by or through the Bank (which include banking, cards, financial, fiduciary, securities and/or investments products and services as well as products and services relating to these); (collectively, facilities, products and services); and/or the receipt of supplies and services to the Bank.

b. Personnel Records

  • These include but are not limited to curriculum vitae; application forms; references; appraisal and disciplinary records; salary, pension and benefits details; results of medical, security and financial checks; sickness records; personal contact details; and bank account and tax details of employees (including potential employees, as applicable).

7. RETENTION OF PERSONAL DATA

7.1 Personal Data provided by you and employees are only retained for as long as the purposes for which such data were collected continue. We may retain the Personal Data for longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. As a general rule the minimum retention period is 7 years.

8. SHARING AND/OR TRANSFER OF PERSONAL DATA

8.1 Sharing and/or transfer of Personal Data with/to third parties not known to the Bank, such as vendors or suppliers, who lack appropriate security safeguards or restrictions on information use is prohibited.

8.2 Personal Data are kept confidential but, subject to the provisions of any applicable law, may be provided to:

a. Any of the Bank's Affiliates, any person associated with the Bank (including SalesForce’s cloud service in Japan), any reinsurance company, claims investigation company, your broker, industry association or federation, fund management company or financial institution for any of the purposes and for the following additional bank related purposes: ensuring ongoing credit worthiness of you, creating and maintaining credit and risk related models, providing the Personal Data to credit reference agencies for the purposes of conducting credit checks and other directly related purposes, determining the amount of indebtedness owed to or by you and collection of amounts outstanding from you and those providing security for your obligations;

b. Any person (including private investigators) in connection with any claims made by or against or otherwise involving you in respect of any products/services provided by the Bank and/or its Affiliates;

c. Any agent, contractor or third party who provides administrative, technology or other services (including direct marketing services) to the Bank and/or its Affiliates in the specific countries or elsewhere and who has a duty of confidentiality to the same;

d. Credit reference agencies or, in the event of default, debt collection agencies;

e. Any actual or proposed assignee, transferee, participant or sub-participant of the Bank's rights or business; and

f. Any government department or other appropriate governmental or regulatory authority.

9. USE AND PROVISION OF PERSONAL DATA IN DIRECT MARKETING

9.1 The Bank may:

a. Use your name, contact details, products and services portfolio information, transaction pattern and behavior, financial background and demographic data held by the Bank from time to time for direct marketing; and

b. Conduct direct marketing (including but not limited to providing reward, loyalty or privileges programmes) in relation to the following classes of products and services that the Bank, its Affiliates, co-branding partners and business partners may offer:

  • 1. Insurance, banking, provident fund or scheme, financial services, securities and related products and services;
  • 2. Products and services on health, wellness and medical, food and beverage, sporting activities and membership, entertainment, spa and similar relaxation activities, travel and transportation, household; and
  • 3. Apparel, education, social networking, media and high-end consumer products.

9.2 The above products and services may be provided by the Bank and/or:

a. Any of the Bank's Affiliates;

b. Third party financial institutions;

c. Business partners or co-branding partners of the Bank and/or Affiliates providing the products and services set out above; and

d. Third party reward, loyalty or privileges programme providers supporting the Bank or any of the above listed entities.

9.3 The Bank hereby give you notice of the proposed use of Personal Data for the purposes set out in this Policy and of the disclosure of Personal Data to the third parties set out above at paragraphs 8.2 and 9.2. For the avoidance of doubts, by continuing to use our services, you confirm that you have read, understood and agreed to the proposed collection, storage, use, holding, processing, transmission, provision, disclosure, deletion and transfer (including cross-border transfer) of Personal Data set out in this Policy, including the disclosure of Personal Data to the third parties set out above at paragraphs 8.2 and 9.2.

9.4 You may withdraw your consent to the use and provision of Personal Data for direct marketing.

10. YOUR RIGHTS

10.1 Under and in accordance with the terms of this Policy and any supplemental information to this Policy the Bank may publish on its website, you have the right:

a. to check whether the Bank holds data about you and access to and obtain copies of such data;

b. to request that we provide copies of Personal Data you have provided to use and in a format which will allow you to transfer the data to another organization for handling;

c. to require the Bank to correct and supplement any data relating to you which are inaccurate or incomplete;

d. to ask for Personal Data to be erased or destroyed where

  • (1) The purpose of our collection or processing has been achieved or cannot be achieved, or it is no longer necessary to achieve the purpose;
  • (2) We cease to provide relevant products or services, or the retention period has expired;
  • (3) you withdraw your consent for our collection and processing;
  • (4) we violate applicable laws or regulations, or violate the agreement between us for the handling of the Personal Data;
  • (5) other circumstances stipulated by applicable laws or regulations apply;
  • However, your exercising of this erasure right will not affect the lawfulness of any processing carried out before your request of erasure and we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you if applicable at the time of your request. We may not be able to provide certain products or services to you as a result and we will advise you if this is the case at the time upon your request of erasure.

e. to ascertain the Bank's policies and practices in relation to data and to be informed of the kind of Personal Data held by the Bank;

f. to request us to explain our personal information processing rules;

g. in the event of your death, to allow your next of kin, for his/her own lawful and legitimate interests, to exercise your rights of access, copy, correction, deletion, etc., unless you instruct otherwise - By agreeing to this Policy, you confirm that your next of kin or anyone else shall not exercise your rights to your personal information;

h. to request that we do not use Personal Data to send you marketing information;

i. to request that decisions about you are not made solely by an automated process;

j. to request that we cease to process (or suspend processing) your Personal Data;

k. to withdraw your consent for our collection and processing of Personal Data (However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent);

l. to request to be informed which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency, as the case may be;

m. in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Bank to a credit reference agency, to instruct the Bank, upon termination of an account by full repayment, to make a request to the credit reference agency to delete such data from its database; and

n. to complain to us or the relevant authority about the way we use Personal Data. We would appreciate the chance to deal with your concerns by contacting us before you approach the relevant authority, so please contact us in the first instance.

Where possible we will seek to comply with your request but we may be required to hold or process information to comply with a legal requirement. All requests will be considered without delay and within one month of receipt as far as possible. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In such a case, we will notify you and keep you updated.

Please note that unless you indicate otherwise certain jurisdictions would allow your next of kin to exercise your rights to your personal information after you passed away. We assume that you do not wish to have your next of kin to do so. By agreeing to this Policy, you confirm that your next of kin or anyone else shall not exercise your rights to your personal information.

10.2 Your Personal Data and other related or relevant data may be processed, kept, transferred or disclosed in and to any country as the Bank or any person who has obtained such data from the Bank considers appropriate. Such data may also be processed, kept, transferred or disclosed in accordance with the local practices and laws, rules and regulations (including any governmental acts and orders) in such country.

10.3 The Bank has the right to charge a reasonable fee for the processing of any data access request.

10.4 In relation to the Bank, requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be sent to us.

11. ENQUIRIES

11.1 For additional enquiries in respect of this Policy, please contact the Customer Service via contact us form.

12. CONSENT

12.1 Besides your other indication of your consent and agreement to the terms of this Policy, your continuing to use the Bank’s service or purchase of the Bank’s products is deemed your consent and agreement to the terms of this Policy.