DATA PROTECTION NOTICE – SINGAPORE
1. Your personal data
Your personal data (such as information that identifies you or can be used to identify you, for example your name, date of birth and contact details) is protected by the Singapore Personal Data Protection Act 2012 (the PDPA). This Data Protection Notice explains how we will collect, use and disclose your personal data. This includes personal data we obtain from you, your employer or other parties, as well as information about your use of the account, your card and any transactions made with your card (including the date and amount of such transactions) and our communications with you.
For the purposes of the PDPA, references to "we", "us" or "our" in this Data Protection Notice are references to Bank of America, National Association.
2. How we use your personal data
We will collect, use or disclose your personal data:
- to administer your card and account and provide services to you;
- to facilitate transactions;
- to comply with the rules of any relevant card scheme;
- to carry out, monitor and analyze our business;
- as part of the sale, merger or similar change of our or any Bank of America Corporation business;
- to comply with any laws, rules or regulations (including anti-corruption and bribery laws, anti-terrorism laws and anti-money laundering laws) in any country; and
- to detect, prevent and investigate fraud.
In collecting, using or disclosing your personal data, we may transfer it outside Singapore to other countries. We are responsible for making sure that any such transfer is made in compliance with the PDPA.
3. Recipients of your personal data
We may disclose your personal data (including details of your transactions) to:
- any person or company working for us (including professional service organizations such as legal, audit and accounting service providers, technology and data processing companies and IT hosting providers);
- any of our group companies, offices or branches;
- your employer or any group company of your employer;
- any person or company that provides products or services to you or your employer in connection your card or account (including International SOS and Mastercard);
- any person to whom we transfer or may transfer any of our rights or duties under the agreement we have with your employer;
- any payment system under which we issue your card or account; and
- any institution, court, agency or authority (including law enforcement authorities) to whom we are required to disclose it by law including, without limitation, anti-terrorism and anti-money laundering laws and regulations, and for the purpose of fighting crime and terrorism.
If you have given false or inaccurate information or we suspect fraud we will record this and may pass this information to fraud prevention and law enforcement agencies.
If any payment in relation to the account is processed through a worldwide payment system, information about you may be passed to certain authorities (including authorities outside Singapore) in order to detect and prevent terrorism.
4. How long we will keep your personal data
We will keep your personal data for no longer than is necessary for the purposes described in this Data Protection Notice or to meet legal and regulatory requirements.
5. Your rights in respect of your personal data
You have certain rights under the PDPA, including the right to access, update or correct the personal data we hold about you or withdraw your consent to the use, collection and disclosure of your personal data (subject to certain exceptions).
To request access to your personal data, please email Global Card Services at email@example.com. The requested information shall be provided free of charge within the limit of one request per year.
If you have any questions about this Data Protection Notice, or if you wish to access, update or correct your personal data or withdraw your consent to the use, collection and disclosure of your personal data in accordance with this Data Protection Notice, please email Global Card Services at firstname.lastname@example.org. Please note that if you withdraw consent, we may still be permitted to hold, use or disclose some of your information as required or permitted by law. Additionally, upon your withdrawal of such consent, we will immediately terminate your card.
DPN Singapore (v4) November 2016