DATA PROTECTION NOTICE – HONG KONG
1. Your personal data
Your personal data (such as data that identifies you or can be used to identify you, for example your name, date of birth and contact details) is protected by the Hong Kong Personal Data (Privacy) Ordinance (PDPO). This Data Protection Notice explains how we will use your personal data. This includes personal data we obtain from you, your employer or other parties, as well as information about your use of the account, your card and any transactions made with your card (including the date and amount of such transactions) and our communications with you.
From time to time, it is necessary for you to supply us with personal data in connection with the issue or use of credit cards and the establishment or continuation of banking or credit facilities or provision of related banking or financial services or compliance with applicable laws and regulations. Failure to supply such personal data may result in us being unable to approve the issuing or use of credit cards or continue banking or credit facilities or provide related banking/financial services or comply with applicable laws or regulations.
For the purposes of the PDPO, Bank of America, National Association is the data user in respect of your personal data and references to "we", "us" or "our" in this Data Protection Notice are references to Bank of America, National Association.
2. How we use your personal data
We will collect, use or disclose your personal data:
- to administer your card and account and provide services to you;
- to facilitate transactions;
- to comply with the rules of any relevant card scheme;
- to carry out, monitor and analyse our business;
- as part of the sale, merger or similar change of our or any Bank of America Corporation business;
- to comply with any laws, rules or regulations (including anti-corruption and bribery laws, anti-terrorism laws and anti-money laundering laws) in any country; and
- to detect, prevent and investigate fraud.
In collecting, using or disclosing your personal data, we may transfer it outside Hong Kong to other countries, including countries which may not have equivalent data protection laws to those in Hong Kong. We are responsible for making sure that any such transfer is made in compliance with the PDPO.
3. Recipients of your personal data
We may disclose your personal data (including details of your transactions) to the following parties for the purposes set out in (2) above:
- any person or company working for us (including professional service organisations such as legal, audit and accounting service providers, technology and data processing companies and IT hosting providers);
- any of our group companies, offices or branches;
- your employer or any group company of your employer;
- any person or company that provides products or services to you or your employer in connection your card or account (including International SOS and Mastercard);
- any person to whom we transfer or may transfer any of our rights or duties under the agreement we have with your employer;
- any payment system under which we issue your card or account; and
- any institution, court, agency or authority (including law enforcement authorities) to whom we are required to disclose it by law including, without limitation, anti-terrorism and anti-money laundering laws and regulations, and for the purpose of fighting crime and terrorism.
If you have given false or inaccurate information or we suspect fraud we will record this and may pass this information to fraud prevention and law enforcement agencies.
If any payment in relation to the account is processed through a worldwide payment system, information about you may be passed to certain authorities (including authorities outside Hong Kong) in order to detect and prevent terrorism.
4. How long we will keep your personal data
We will keep your personal data for no longer than is necessary for the purposes described in this Data Protection Notice or to meet legal and regulatory requirements.
5. Your rights in respect of your personal data
You have certain rights under the PDPO, including the right to check whether we hold personal data about you, the right to request access to personal data we hold about you, the right to request correction of such personal data, and the right to ascertain our policies and practices in relation to personal data.
To request access to your personal data, please email Global Card Services at email@example.com. The requested data shall be provided free of charge within the limit of one request per year. We have the right to charge a reasonable fee for the processing of any additional data request access.
If you have any questions about this Data Protection Notice, or if you wish to access, update or correct your personal data or withdraw your consent to the collection, use and disclosure of your personal data in accordance with this Data Protection Notice, please email Global Card Services at firstname.lastname@example.org. Please note that if you withdraw consent, we may still be permitted to hold, use or disclose some of your data as required or permitted by law. Additionally, upon your withdrawal of such consent, we will immediately terminate your card.
DPN Hong Kong (v4) November 2016