Data Protection Policy

The purpose of this document (Data Protection Policy) is to inform you of how Bank of Singapore Limited and Bank of Singapore Nominees Pte Ltd manage Personal Data (as defined below) which is subject to the Singapore Personal Data Protection Act (No. 26 of 2012) (the Act). Please take a moment to read this Data Protection Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data..

By interacting with us, submitting information to us, or signing up for any products or services offered by us, you agree and consent to Bank of Singapore Limited and Bank of Singapore Nominees Pte Ltd (including their related corporations and overseas branches and offices) (collectively, the 'Companies'), as well as their respective representatives and/or agents ('Representatives') (the Companies and Representatives collectively referred to herein as 'BOS', 'us', 'we' or 'our') collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to the Companies' authorised service providers and relevant third parties in the manner set forth in this Data Protection Policy.

This Data Protection Policy supplements but does not supersede nor replace any other consents you may have previously provided to BOS in respect of your Personal Data, and your consents herein are additional to any rights which any of the Companies may have at law to collect, use or disclose your Personal Data.

BOS may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of the Data Protection Policy as updated from time to time on our website. Please check back regularly for updated information on the handling of your Personal Data.

1. Personal Data
   
   

   In this Data Protection Policy, "Personal Data" refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.

   Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address, transactional data and any other information relating to any individuals which you have provided us in any forms you may have submitted to us (including in the form of biometric data), or via other forms of interaction with you.
   
   

2. Collection of Personal Data
   
   

   1. Generally, we collect Personal Data in the following ways:

      1. when you submit any form, including but not limited to application forms or other forms relating to any of our products or services or any investments which you purchase through the Companies;
      2. when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
      3. when you interact with our staff, including relationship managers and their assistants, example via telephone calls (which may be recorded), letters, fax, face-to-face meetings and emails;
      4. when your images are captured by us via closed-circuit television cameras ("CCTVs") while you are within our premises, or via photographs or videos taken by us or our representatives when you attend events hosted by us;
      5. when you use some of our services provided through online and other technology platforms, such as websites and apps, including when you establish any online accounts with us;
      6. when you request that we contact you, or include you in an email or other mailing list; or when you respond to our request for additional Personal Data, our promotions and other initiatives;
      7. when you are contacted by, and respond to, our marketing representatives, agents and other service providers;
      8. when we seek information about you and receive your Personal Data from third parties in connection with your relationship with us, for example, from referrers, business partners, external or independent asset managers, public agencies or the relevant authorities;
      9. through physical access, internet and information technology monitoring processes;
      10. in connection with any investigation, litigation, registration or professional disciplinary matter, criminal prosecution, inquest or inquiry which may relate to you or any Connected Person; and/or
      11. when you submit your Personal Data to us for any other reason.
          
          

   2. When you browse our website and platforms, you generally do so anonymously but please see the section below on cookies. We do not, at our website and platforms, automatically collect Personal Data, including your email address unless you provide such information or login with your account credentials.

   3. If you provide us with any Personal Data relating to a third party (for example, information of your spouse, children, parents, or a Connected Person), by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with his/her Personal Data for the respective purposes.
      "Connected Person" may include but is not limited to any beneficial owner, authorised signatory, director, shareholder, officer of a company, partner or member of a partnership, settlor, trustee, beneficial owner, protector or grantor of trust, mandate holder, power of attorney holder, surety, third party security provider, provider of funds, founder and/or employee, payee of designated payment, representatives, agents or nominees.

   4. You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested. You agree to inform BOS immediately of any change of facts or circumstances which may render any information or Personal Data previously provided inaccurate, untrue or incorrect and provide any information or documentation as BOS may reasonably require for the purposes of verifying the accuracy of the updated information or Personal Data.

3. Purposes for the collection, use and disclosure of your Personal Data
   
   

   1. Generally, BOS collects, uses and discloses your Personal Data for the following purposes:

      1. responding to, processing and handling your complaints, queries, requests, feedback and suggestions;
      2. verifying your identity and customer due diligence;
      3. managing the administrative and business operations of the Companies and complying with internal policies and procedures (including but not limited to facilitating business continuity planning);
      4. audit purposes;
      5. verifying or confirming trade orders or instructions from you or for your account (including but not limited to instructions on fund transfers or remittances);
      6. facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving any of the Companies;
      7. matching any Personal Data held which relates to you for any of the purposes listed herein;
      8. resolving complaints and handling requests and enquiries;
      9. preventing, detecting and investigating crime, including fraud and money-laundering or terrorist financing, and analysing and managing commercial risks (including but not limited to preventing and detecting loss of BOS’ proprietary and sensitive information);
      10. project management;
      11. providing media announcements and responses, for example in relation to complaints or law suits;
      12. requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to design our products, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our products and services;
      13. managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
      14. managing and preparing reports on incidents and accidents;
      15. organising events, seminars or trainings;
      16. complying with any applicable rules, laws and regulations, codes of practice or guidelines, obligations, requirements or arrangements for collecting, using and disclosing Personal Data that apply to BOS or that it is expected to comply, according to:
          
          
          1. any law binding or applying to it within or outside Singapore existing currently and in the future;
          2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Singapore existing currently and in the future;
          3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on BOS by reason of its financial, commercial, business, or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations;
          4. to assist in law enforcement and investigations by relevant authorities;
          5. in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
          6. archival management (including but not limited to warehouse storage and retrievals); and/or
          7. any other purpose relating to any of the above.
             
             

      These purposes may also apply even if you do not maintain any account(s) with us, or have terminated these account(s).

   2. In addition, BOS collects, uses and discloses your Personal Data for the following purposes depending on the nature of our relationship:

      1. If you are a prospective customer:
         
         
         1. evaluating your eligibility to open an account with us and your financial and banking needs and providing recommendations to you as to the type of products and services suited to your needs;
         2. assessing and processing any applications or requests made by you for products and services offered by BOS; and/or
         3. any other purpose relating to any of the above.
            
            
      2. If you are a customer holding an account with BOS or a Connected Person or an administrator, executor, liquidator, official assignee, receiver, judicial manager or other similar official who has been so appointed pursuant to bankruptcy or insolvency proceedings instituted in Singapore or elsewhere in respect of a BOS customer or any security provider:
         
         
         1. opening, maintaining or closing of accounts and our establishing or providing banking and trust services to you;
         2. processing fund transfers or any other instructions provided in relation to the account of a BOS customer;
         3. where account or relationship managers or agents have been assigned to service your account or portfolio, using your telephone number(s) to contact you from time to time in order to take your instructions, and/or provide you with information, updates, or recommendations and / or in accordance with the terms and conditions of our agreement with you;
         4. processing applications for and facilitating the daily operation of services and credit facilities provided to you or other persons or corporations for whom you act as surety or third party service provider;
         5. conducting credit checks at the time of application for credit and at the time of regular or special credit reviews;
         6. facilitating or processing your application for insurance products and/or trust services offered by BOS and its business partners;
         7. carrying out client reviews, for example, annual reviews of your portfolio;
         8. to establish your financial situation, risk profile, investment experience and investment objectives to help you consider the suitability of the products you have invested or intend to invest;
         9. providing internet banking services (including but not limited to carrying out special handling requests for PIN mailers and tokens);
         10. networking to maintain customer relationship;
         11. providing client servicing (including but not limited to responding to individual requests by customers, mailing services, reconciliation services and providing customer satisfaction);
         12. facilitating the transfer of funds within BOS banking accounts or from BOS accounts to external banking accounts and vice versa;
         13. administering exceptional approvals, fee adjustments or waivers;
         14. dealing with and designing investment products (for example, bonds, derivatives, equities, funds);
         15. registering the pledge or charge that you or the surety or the third party security provider has granted in favour of BOS as security for the credit facilities granted by BOS to you; 
         16. administering credit and debit cards (including but not limited to processing card applications, transactions and credit limit approvals); 
         17. providing cheque deposits and issuance services;
         18. determining and collecting amounts owed by you or the borrower for whom you act as surety or third party security provider or those providing security or acting as surety for your liabilities and obligations;
         19. enabling any Company or third party to perform the functions that BOS may have outsourced to it in relation to the management of your account or transactions;
         20. enabling an actual or proposed assignee of BOS, or participant or sub-participant or transferee of BOS’ rights, liabilities or obligations in respect of (1) you or (2) a security provider who provides security or acts as surety for your liabilities and obligations to evaluate the transaction intended to be the subject of the assignment, participation, sub-participation or transfer; and/or
         21. any other purpose relating to any of the above.
             
             
      3. If you are an employee or agent of a referrer or other intermediary:
         
         
         1. marketing services and products;
         2. processing commission remuneration;
         3. performing due diligence and reference checks; and/or
         4. any other purpose relating to any of the above.
            
            
      4. If you are an employee, officer or owner of an external service provider or vendor outsourced or prospected by BOS:
         
         
         1. managing project tenders or the supply of goods and services;
         2. processing and payment of vendor invoices;
         3. complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (which includes disclosure to regulatory bodies or audit checks); and/or
         4. any other purpose relating to any of the above.
            
            
      5. If you are a party or counterparty to a transaction (for example, a beneficiary of a fund transfer or payment):
         
         
         1. providing cash, payment and transactional services (including but not limited to the execution, settlement, reporting and/or clearing of the relevant transaction); and/or
         2. any other purpose relating to any of the above.
            
            
      6. If you sit on the BOS Board of Directors:
         
         
         1. facilitating appointment to the Board (including but not limited to managing the publication of directors’ statistics on annual reports and circulars);
         2. complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (including but not limited to disclosures to regulatory bodies or conducting due diligence);
         3. administrative matters (including but not limited to the maintenance of statutory registers and lodgement of directors’ fee);
         4. managing insurance programmes; and/or
         5. any other purpose relating to any of the above.
            
            

   3. In addition, where permitted under the Act, BOS may also collect, use and disclose your Personal Data for the following purposes (which we may describe in our documents and agreements as "Additional Purposes" for the handling of Personal Data):

      1. providing or marketing services, products and benefits to you, including promotions, loyalty and reward programmes;
      2. matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the customisation, provision or offering of products and services, marketing or promotions, whether by BOS or other third parties;
      3. sending you details of products, services, special offers and rewards, investment or research reports or guides, either to our customers generally, or which we have identified may be of interest to you; and/or
      4. conducting market research, understanding and analysing customer behaviour, location, preferences and demographics for us to offer you products and services as well as special offers and marketing programmes which may be relevant to your preferences and profile.
         
         

   4. If you have provided your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, BOS may contact you using such Singapore telephone number(s) (including via voice calls, text , fax or other means) with information about our products and services (including discounts and special offers).

   5. In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.

4. Disclosure of Personal Data
   
   

   BOS will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be provided, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:

   1. BOS’s related corporations and overseas branches and offices;
   2. counterparties and their respective banks in relation to transactions for your account including purchasing and selling of securities and investment products, fund transfers, payments, issuance of standby letters of credit, banker’s guarantees or letters of undertaking and drawing of cheques;
   3. third party recipients of reference letters;
   4. companies providing services relating to insurance and/or reinsurance to BOS;
   5. insurers or brokers in relation to the insurance products or services that you have applied for or purchased;
   6. trustees, attorneys and asset managers appointed by you to manage your account held with BOS;
   7. referrers who have referred you to BOS;
   8. any person (1) who provides security or acts as surety for your liabilities and obligations to BOS or (2) for whom you act as surety or third party security provider;
   9. agents, contractors, vendors, installers, or third party service providers who provide administrative or operational services to BOS, such as courier services, telecommunications, information technology, payment, payroll, processing, training, market research, storage, archival, customer support investigation services or other services to BOS;
   10. agents, contractors, vendors or other third party service providers in connection with marketing, products and services offered by BOS;
   11. analytics, search engine providers or third party service providers that assist us in delivering our products, services, websites and platforms as well as improving and optimising the same;
   12. credit reporting agencies;
   13. debt collection agencies;
   14. your employers which are financial institution, for their internal surveillance or monitoring purposes;
   15. any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or any debt or asset sale) involving any of the Companies;
   16. credit card companies and their respective service providers in respect of credit cards held by you;
   17. translators;
   18. our professional advisers such as our auditors and lawyers;
   19. third parties who provide corporate advisory services or due diligence services in connection with you, any Connected Person or your account held with BOS;
   20. relevant government regulators, government ministries, exchange, statutory boards or authorities or law enforcement agencies who have jurisdiction over BOS or any Company or over any transaction entered into by you, such as the Monetary Authority of Singapore, Singapore Exchange Limited, the Accounting and Corporate Regulatory Authority, the Insolvency and Public Trustee Office, the Inland Revenue Authority of Singapore and the Commissioner of Charities, as well as to comply with listing and other requirements or directions of Singapore Exchange Limited and/or any other relevant securities exchange;
   21. any liquidator, receiver, administrator, judicial manager, trustees-in-bankruptcy, custodian or other similar official who has been so appointed, pursuant to bankruptcy, winding-up or insolvency proceedings instituted in Singapore or elsewhere, in respect of you or your assets;
   22. third parties who carry out registration of charge or pledge over the assets that you have pledged or charged to BOS;
   23. corporate service providers or lawyers, who are appointed by you;
   24. surveyors or valuers or other third parties in relation to assets which you will be charging or mortgaging to BOS;
   25. the Central Provident Fund (“CPF”) Board in relation to CPF investment products;
   26. financial institutions, brokerage houses, clearing houses, depository, depository agents, managers, administrators, fund houses, registrars, custodians, external banks, the Central Depository, nominee banks and investment vehicles in relation to asset management and investment product settlement processing;
   27. collection and repossession agencies in relation to the enforcement of repayment obligations for loans;
   28. third parties who organise promotional or marketing events, seminars or trainings;
   29. any actual or proposed assignee of BOS or participant or sub-participant or transferee of BOS’ rights, liabilities or obligations in respect of (1) you or (2) a security provider who provides security or acts as surety for your liabilities and obligations to evaluate the transaction intended to be the subject of the assignment, participation, sub-participation or transfer;
   30. any person to whom BOS or any of the Companies is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to BOS or any of the Companies, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which BOS or any of the Companies are expected to comply, or any disclosure pursuant to any contractual or other commitment of BOS or any of the Companies with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or industry bodies or associations of financial services providers, all of which may be within or outside Singapore and may be existing currently and in the future; and/or
   31. any other party to whom you authorise us to disclose your Personal Data to.
       
       

5. Use of cookies and related technologies
   
   

   1. Our websites and platforms use cookies and other technologies. Cookies are small text files stored in your computing or other electronic devices when you visit our website and platforms for record keeping purposes. Cookies are stored in your browser’s file directory, and the next time you visit the website or platform, your browser will read the cookie and relay the information back to the website, platform or element that originally set the cookie. Depending on the type of cookie it is, cookies may store user preferences and other information.

   2. Web beacons (also known as pixel tags and clear GIFs) involve graphics that are not apparent to the user. Tracking links and/or similar technologies consist of a few lines of programming code and can be embedded in our websites or platforms. Web beacons are usually used in conjunction with cookies and primarily used for statistical analysis purposes. This technology can also be used for tracking traffic patterns on websites and platforms, as well as finding out if an e-mail has been received and opened and to see if there has been any response.

   3. We may employ cookies and other technologies as follows:

      1. tracking information such as the number of visitors and their frequency of use, profiles of visitors and their preferred sites;
      2. making our websites and platforms easier to use. For example, cookies may be used to help speed up your future interactions with our websites and platforms;
      3. to better tailor our products and services to your interests and needs. For example, cookies information may be identified and disclosed to our vendors and business partners to generate consumer insights;
      4. collating information on a user’s search and browsing history;
      5. when you interact with us on our websites and platforms, we may automatically receive and record information on our server logs from your browser. We may collect for the purposes of analysis, statistical and site-related information including, without limitation, information relating to how a visitor arrived at the website or platform, the browser used by a visitor, the operating system a visitor is using, a visitor's IP address, and a visitor's click stream information and time stamp (which may include for example, information about which pages they have viewed, the time the pages were accessed and the time spent per web page);
      6. using such information to understand how people use our websites and platforms, and to help us improve their structure and contents;
      7. using cookies that are necessary in order to enable our websites and platforms to operate, for example, cookies that enable you to log onto secure parts of our websites and platforms; and/or
      8. personalising the website and platform for you, including delivering advertisements which may be of particular interest to you and using cookie related information to allow us to understand the effectiveness of our advertisements.
         
         

   4. Some cookies we use are from third party companies to provide us with web analytics and intelligence about our websites and platforms. These companies collect information about your interaction with our websites and platforms. We use such information to compile statistics about visitors who interact with the websites, platforms and other OCBC online content, to gauge the effectiveness of our communications, and to provide more pertinent information to our visitors.

   5. If you do not agree to such use of cookies, you can adjust your browser settings. Unless you have adjusted your browser settings to block cookies, our system will issue cookies as soon as you visit our site or click on a link in a targeted email that we have sent you, even if you have previously deleted our cookies

   6. The way which cookies can be managed depends on your browser. The following links provide information on how to configure or disable cookies in each browser:

      1. Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
      2. Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
      3. Internet Explorer: http://windows.microsoft.com/en-SG/internet-explorer/delete-manage-cookies#ie=ie-9
      4. Safari: http://support.apple.com/kb/HT1677?utm_source=Agillic%20Dialogue
      5. Safari for iPhone: http://support.apple.com/kb/ta38619
      6. Chrome for Android: https://support.google.com/chrome/answer/2392971?hl=en 
         
         

      If you do not agree to our use of cookies and other technologies as set out in this Data Protection Policy, you should delete or disable the cookies associated with our websites and platforms by changing the settings on your browser accordingly. However, you may not be able to enter certain part(s) of our websites or platforms. This may also impact your user experience while on our websites or platforms.

6. Data security
   
   

   1. BOS will take reasonable efforts to protect Personal Data in our possession or our control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. However, we cannot completely guarantee the security of any Personal Data we may have collected from or about you, or that for example no harmful code will enter our website (for example viruses, bugs, trojan horses, spyware or adware). You should be aware of the risks associated with using websites and take any necessary precautions.

   2. While we strive to protect your Personal Data, we cannot ensure the security of the information you transmit to us via the Internet or electronic communication or when you use our electronic services, and we urge you to take every precaution to protect your Personal Data when you use such platforms. We recommend that you change your passwords often, use a combination of letters and numbers, and ensure that you use a secure browser.

   3. If applicable, you undertake to keep your username and password secure and confidential and shall not disclose or permit it to be disclosed to any unauthorised person, and to inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorised transactions have taken place. We are not liable for any damages resulting from any security breaches, on unauthorised and/or fraudulent use of your username and password.

7. Third-party sites
   
   

   Our website may contain links to other websites operated by third parties. We are not responsible for the privacy practices of websites operated by third parties that are linked to our website. We encourage you to learn about the privacy policies of such third party websites. Some of these third party websites may be co-branded with our logo or trademark, even though they are not operated or maintained by us. Once you have left our website, you should check the applicable privacy policy of the third party website to determine how they will handle any information they collect from you.
   
   

8. Contacting us – feedback, withdrawal of consent, access and correction of your Personal Data
   
   

   1. If you:

      1. have any questions or feedback relating to your Personal Data or our Data Protection Policy;
      2. would like to withdraw your consent to any use of your Personal Data as set out in this Data Protection Policy; or
      3. would like to obtain access and make corrections to your Personal Data records, please contact us as follows:
         
         

         Email:	dpo@bankofsingapore.com
         Call:	+65 6559 8000
         Write in:	Data Protection Officer Bank of Singapore Limited 63 Market Street #22-00 Bank of Singapore Centre Singapore 048942

   2. Please note that if your Personal Data has been provided to us by a third party (for example, The Central Depository Pte Ltd), you should contact that such party directly to make any queries, feedback and access and correction requests to BOS on your behalf.

   3. If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, BOS or any of the Companies may not be in a position to continue to provide its products or services to you, administer any contractual relationship in place, may also result in the termination of any agreements you have entered into with BOS or any of the Companies, and your being in breach of your contractual obligations or undertakings, and BOS’s or the Company’s legal rights and remedies in such event are expressly reserved.

9. Governing law
   
   

   This Data Protection Policy and your use of this website shall be governed in all respects by the laws of Singapore.

1. From time to time, it may be necessary for the Bank to collect data of clients and other individuals (for example, prospective clients, persons giving or proposing to give guarantees or third party security for obligations owed to the Bank, persons linked to a client that is not an individual, including the beneficial owners and officers of that client, or in the case of a trust, the trustees, settlors, protectors and beneficiaries of the trust and other persons who are relevant to a client’s relationship with the Bank) in connection with various matters such as the opening or continuation of accounts, establishment or continuation of banking/credit facilities, provision of banking/financial services and/or for the purposes set out in this Statement. Such data could include: personal information of data subjects which is provided to the Bank in connection with the Bank’s products and services, data subject’s biometric data such as voice ID, finger print and facial recognition data, data subject’s geographical and location data based on data subject’s mobile or other electronic device, data from people who act for the data subject or who the data subject deals with through the Bank’s services, data from public sources, credit reference, debt collection and fraud prevention agencies and other aggregators and/or other data generated when a data subject uses the Bank’s products or services. Clients and other individuals are collectively, referred to as “you” and/or “data subject” in this Statement.

2. Failure to supply such data may result in the Bank being unable to open, provide or continue to provide banking services, banking/credit facilities or investment related services to you or being unable to comply with any laws or guidelines issued by regulatory or other authorities.

3. It is also the case that data are collected from data subjects in the ordinary course of the continuation of the banking relationship, for example, when data subjects write cheques, deposit money, apply for credit, give instructions or otherwise carry out transactions as part of the Bank’s services. This includes information obtained from credit reference agencies. Data may be collected directly from you, or from someone acting on your behalf or from other sources (including credit reference agencies approved for participation in the Multiple Credit Reference Agencies Model (credit reference agencies)) and combined with other data available to the Bank Group (as defined below). Data may also be generated or combined with other information available to the Bank or any member of the Bank Group.

4. The purposes for which data relating to a data subject may be used are as follows: 

   1. considering and assessing your application for the Bank’s products and services;
      
      
   2. the daily operation of the services (including but not limited to the processing of applications for banking and/or other financial services and facilities and updating, comparing and/or verifying such data subject’s data that may be held by any member of the Bank Group) and credit facilities provided to data subjects;
      
      
   3. conducting credit checks whenever applicable (including at the time of application for credit/banking facilities and at the time of regular or special reviews which normally will take place one or more times each year) and for managing legal, regulatory, credit and operational risks;
      
      
   4. creating and maintaining the Bank’s credit scoring and risk related models;
      
      
   5. assisting other credit providers in Hong Kong SAR approved for participation in the Multiple Credit Reference Agencies Model (credit providers) to provide services to the data subjects or conduct credit checks or collect debts;
      
      
   6. ensuring on-going credit worthiness and good standing of data subjects;
      
      
   7. conducting surveys, designing financial products and services (including credit card, banking, securities, fiduciary and investment services or related products) for data subject’s use;
      
      
   8. marketing services, products and other subjects (please see further details in paragraph (k) below);
      
      
   9. determining amounts owed to or by data subjects;
      
      
   10. enforcing the Bank’s rights, including without limitation, collection of amounts outstanding from data subjects and exercising the Bank’s rights under security documents executed in favour of the Bank;
       
       
   11. complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Bank and/ or the Bank Group or that any member of the Bank Group is expected to comply according to:
       
       
       1. any law binding or applying to it within or outside the Hong Kong Special Administrative Region of the People’s Republic of China (Hong Kong SAR) existing currently and in the future (for example, the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information);
          
          
       2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong SAR existing currently and in the future (e.g. guidelines, guidance or requests given or issued by the Inland Revenue Department of Hong Kong SAR including those concerning automatic exchange of financial account information) and any international guidance, internal policies or procedures;
          
          
       3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on any member of the Bank Group (collectively, Authorities and each an Authority) that is assumed by, imposed on or applicable to the Bank of any member of the Bank Group; and
          
          
       4. any agreement or treaty between the Authorities;
          
          
   12. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Bank Group and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money-laundering, terrorist financing or other unlawful activities;
       
       
   13. conducting any action to meet the Bank’s obligations or those of any member of the Bank Group to comply with laws or international guidance or regulatory requests relating to or in connection with the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions and/or any acts or attempts to circumvent or violate any laws relating to these matters;
       
       
   14. meeting the Bank’s obligations or those of any member of the Bank Group to comply with any demand or request from the Authorities;
       
       
   15. enabling an actual or proposed assignee of the Bank, or participant or sub-participant or transferee of the Bank’s rights, liabilities or obligations in respect of a data subject to evaluate the transaction intended to be the subject of the assignment, participation, sub-participation or transfer and enabling the actual assignee(s) to use a data subject’s data in the operation of the business or rights assigned; and
       
       
   16. purposes relating to any of the above.
       
       
5. Data held by the Bank relating to a data subject will be kept confidential but the Bank or any of the Bank Group may provide such information to the following parties (whether inside or outside Hong Kong SAR) for the purposes set out in paragraph (d) above except that any transfer of data to another person for it to use in direct marketing will be subject to paragraph (k) below:-
   
   
   1. any agent, supplier, contractor, sub-contractor, associate of the Bank Group (including their employees, officers, agents, contractors and professional advisers) or third party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to the Bank in connection with the operation of its business or in respect of a data subject’s
      account;
      
      
   2. any Authority;
      
      
   3. any other person under a duty of confidentiality (whether expressly or impliedly undertaken) to the Bank including any other member of the Bank Group which has undertaken to keep such information
      confidential;
      
      
   4. the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
      
      
   5. third party service providers (if any) with whom the data subject has chosen to interact with in connection with the data subject’s application for the Bank’s products and services;
      
      
   6. credit reference agencies, (including the operator of any centralized database used by credit reference agencies), and, in the event of default, to debt collection agencies;
      
      
   7. any persons acting on your behalf whose data are provided, payment recipients, beneficiaries, account nominees, intermediary, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories, stock exchanges, companies in which you have an interest in securities (where such securities are held by the Bank or any member of the Bank Group) or any persons making any payment into a customer’s account;
      
      
   8. any person (1) who provides security or acts as surety for a data subject’s liabilities and obligations to the Bank or (2) whose liabilities or obligations to the Bank the data subject has provided security or acted as surety for;
      
      
   9. any person to whom any member of the Bank Group is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to any member of the Bank Group, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which any member of the Bank Group is expected to comply, or any disclosure pursuant to any contractual or other commitment of any member of the Bank Group with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside Hong Kong SAR and may be existing currently and in the future;
      
      
   10. any governmental body, exchange, market, or other authority or regulatory body having jurisdiction over any member of the Bank Group or over any transactions effected by the data subject or for the data subject’s account;
       
       
   11. any liquidator, receiver, administrator, judicial manager, trustee-in-bankruptcy, custodian or other similar official who has been so appointed, pursuant to bankruptcy, winding-up or insolvency proceedings instituted in Hong Kong SAR or elsewhere, in respect of the data subject, the data subject’s asset,any security provider who has provided security or acts as surety for the data subject’s liabilities and obligations or such security provider’s or surety’s assets;
       
       
   12. any financial institution and merchant acquiring company with which a data subject has or proposes to have dealings;
       
       
   13. any actual or proposed assignee of the Bank or participant or sub-participant or transferee of the Bank’s rights, liabilities or obligations in respect of (1) the data subject or (2) a security provider who provides security or acts as surety for the data subject’s liabilities and obligations; and
       
       
       1. any other member of the Bank Group (given that the data subject’s account may be opened and held with the Bank’s head office in Singapore, the data subject’s relationship manager may be based in Singapore or any other jurisdiction, the Bank may have outsourced certain functions in relation to the management of the data subject’s account or transactions to any other member of the Bank Group, or for administration or other purposes);
          
          
       2. auditors and professional advisers of any member of the Bank Group;
          
          
       3. third party financial institutions, insurers, credit card companies, securities and investment services providers including but not limited to any counterparty, broker, asset manager, agent, custodian, clearing house, depository or depository agent, or manager, administrator or custodian of mutual funds or private equity funds in connection with any services to the data subject or any transaction effected by the data subject or for the data subject’s account;
          
          
       4. third party reward, loyalty, co-branding and privileges programme providers;
          
          
       5. co-branding partners of any member of the Bank Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
          
          
       6. external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, event management companies, call centres, data processing companies and information technology companies) that the Bank engages for the purposes set out in paragraph (d)(vx) above; and
          
          
       7. payment beneficiaries, clearing houses, settlement systems, market counterparties, swap or trade repositories, stock exchanges, companies in which the data subject has an interest in securities where such securities are held by the Bank Group for the data subject, or persons acting on behalf of the data subject for the purpose of providing the services.
          
          Such information may be transferred to a place outside Hong Kong SAR.
          
          

6. With respect to data in connection with mortgages applied by a data subject (whether as borrower, mortgagor or guarantor and whether in the data subject’s sole name or in joint names with others), the following data relating to you (including any updated data of any of the following data from time to time) may be provided by the Bank to credit reference agencies (collectively CRAs and each a CRA):

   1. full name;
      
      
   2. capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in your sole name or in joint names with others);
      
      
   3. Hong Kong Identity Card Number or travel document number (individual) or certificate of incorporation number;
      
      
   4. date of birth (individual) or date of incorporation (non-individual) ;
      
      
   5. correspondence address;
      
      
   6. mortgage account number in respect of each mortgage;
      
      
   7. type of the facility in respect of each mortgage;
      
      
   8. mortgage account status in respect of each mortgage (e.g. active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order);and
      
      
   9. if any, mortgage account closed date in respect of each mortgage.

   
   (collectively Mortgage Account General Data).
   
   The CRAs will use the Mortgage Account General Data supplied by the Bank to generate the Mortgage Count (as defined below) for sharing in the consumer credit databases of CRAs by credit providers (subject to the requirements of the Code of Practice on Consumer Credit Data approved and issued under the Ordinance).

7. You can instruct the Bank to make a request to the relevant CRA to delete from its database any account data relating to any credit that has been terminated by full repayment provided that there has not been, within five (5) years immediately before such termination, a default in payment under the credit for a period
   in excess of sixty (60) days according to the Bank’s records.

8. If there is any default in payment, unless the amount in default is fully repaid or written off (other than due to bankruptcy order) before the expiry of sixty (60) days from the date of default, your account repayment data may be retained by the relevant CRA until the expiry of five (5) years from the date of final settlement of the amount in default.

9. In the event of any amount being written off due to a bankruptcy order being made against you, the
   relevant CRA may retain your account repayment data until the earlier of (i) the expiry of five (5) years from the date of final settlement of the amount in default, or (ii) the expiry of five (5) years from the date of your discharge from bankruptcy as notified to the CRA by you with evidence.

10. For the purposes of paragraphs (h) and (i) above, account repayment data are the amount last due, amount of payment made during the last reporting period, remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in material default (that is, default in payment for a period in excess of sixty (60) days) (if any)). 

    Mortgage Count refers to the total number of mortgages held by a data subject from time to time with credit providers in Hong Kong SAR (whether as a borrower, mortgagor or guarantor, and whether in the data subject’s sole name or in joint names with others).

11. USE OF DATA IN DIRECT MARKETING

    Where the data subject is a client, the Bank intends to use the data subject’s data in direct marketing and the Bank requires the data subject’s consent (which includes an indication of no objection) for that purpose.
    In this connection, please note that:

    1. the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of a data subject held by the Bank from time to time may be used by the Bank in direct marketing;
       
       
    2. the following classes of services, products and subjects may be marketed:
       
       
       1. financial, credit card, banking, securities, fiduciary, investment and related services and products;
          
          
       2. reward, loyalty or privileges programmes and related services and products;
          
          
       3. services and products offered by the co-branding partners of any member of the Bank Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case maybe); and
          
          
       4. donations and contributions for charitable and/or non-profit making purposes;
          
          
    3. the above services, products and subjects may be provided or solicited by the Bank and/or:
       
       
       1. any other member of the Bank Group;
          
          
       2. third party financial institutions, insurers, credit card companies, securities and investment services
          providers;
          
          
       3. third party reward, loyalty, co-branding or privilege programme providers;
          
          
       4. co-branding partners of any member of the Bank Group (the names of such co-branding
          partners can be found in the application form(s) for the relevant services and products, as the
          case may be); and
          
          
       5. charitable or non-profit making organisations;
          
          
    4. in addition to marketing the above services, products and subjects itself, the Bank also intends to provide the data described in paragraph (k)(i) above to any other member of the Bank Group for use by it in marketing the above services, products and subjects, and the Bank requires the data subject’s written consent (which includes an indication of no objection) for that purpose.
    
    If the data subject does not wish the Bank to use or provide to other persons his/her data for use in direct marketing as described above, the data subject may exercise his/her opt-out right by notifying the Bank’s data protection officer in writing at the address set out below.
    

12. Where you provide to the Bank data about another person, you should give to that person a copy of this Statement and, in particular, tell him/her how we may use his/her data.

13. TRANSFER OF PERSONAL DATA TO DATA SUBJECT’S THIRD PARTY SERVICE PROVIDERS USING BANK APPLICATION PROGRAMMING INTERFACES (API)

    1. The Bank may, in accordance with the data subject’s instructions to the Bank or third party service providers engaged by the data subject, transfer the data subject’s data to third party service providers using the Bank’s API for the purposes notified to the data subject by the Bank or third party service providers and/or as consented to by the data subject in accordance with the Ordinance.
       
       
    2. Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data approved and issued under the Ordinance, any data subject has the right:
       
       
       1. to check whether the Bank holds data about him and of access to such data;
          
          
       2. to require the Bank to correct any data relating to him which is inaccurate;
          
          
       3. to ascertain the Bank’s policies and practices in relation to data and to be informed of the kind of personal data held by the Bank;
          
          
       4. in relation to consumer credit, to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
          
          
       5. in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Bank to the CRAs, to instruct the Bank, upon termination of the account by full repayment, to make a request to the relevant CRAs to delete such account data from its database, as long as the instruction is given within five (5) years of termination and at no time did the account have a default of payment in relation to the account (lasting in excess of sixty (60) days) within five (5) years immediately before account termination. Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding thirty one (31) days immediately preceding the last contribution of account data by the Bank to a CRA), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date a final settlement of amount in default lasting in excess of sixty (60) days (if any)).
          
          
14. In accordance with the terms of the Ordinance, the Bank has the right to charge a reasonable fee for the processing of any data access request.
    
    
15. The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed is as follows:-

    
    Data Protection Officer Bank of Singapore Limited (Hong Kong Branch)
    34/F, One International Finance Centre
    1 Harbour View Street,
    Central, Hong Kong
    
    Telephone: +852 2846 3800
    Fax: +852 2295 3332

16. The Bank may have obtained credit report(s) on the data subject from CRAs in considering any application for credit. In the event the data subject wishes to access the credit report(s), the Bank will advise the contact details of the relevant CRA/CRAs.

17. Nothing in this Statement shall limit the rights of data subjects under the Ordinance.

18. Capitalised terms used shall have the following meanings:

    Authorities means judicial, regulatory, public, government agency authorities, Tax Authorities, securities or futures exchange, or law enforcement bodies having jurisdiction over any part of the Bank Group or any agents thereof;

    Bank Group means collectively and individually, the head office of the Bank, parent bank and its subsidiaries and affiliates, and “any member of the Bank Group” has the same meaning; and

    Tax Authorities means domestic or foreign tax, revenue, fiscal or monetary authorities.
     

Please note that your continuous use of the Bank’s services on or after the effective date of this Statement constitutes your agreement and acceptance of the contents of this Statement which shall be binding on you. 

In the event of discrepancies between the English and Chinese versions of this Statement, the English version shall apply and prevail.

BOS Wealth Management Europe S.A. (BOSWME) is committed to ensure that personal data is handled with responsibility, transparently and securely under the Regulation 2016/679 of 27 April 2016 (GDPR) and the Data Protection Act 2018 (UK).

BOSWME may act as either a controller or processor. The personal data we collect from data subjects (e.g., website users, clients or recruitees) and from different providers is used to facilitate compliance with applicable rules and regulations, and to ensure that our services comply with the highest business standards.

We provide each data subject with a Data Privacy Notice that explains the purposes for which personal data is collected and used, how the data is used and disclosed, how long it is kept, the controller's legal basis for processing and the contact details for its Data Protection Officer.

If you wish to exercise your data protection rights, please send us a written request by either:

• e-mail: dpo@boswm.com or
• mail: main headquarters - BOS Wealth Management Europe S.A., Data Protection Officer, 33 Rue Ste Zithe, L-2763 Luxembourg, Luxembourg

UK branch - BOS Wealth Management S.A., UK Branch, Data Protection Officer, 62 Queen Street, The Rex Building, 3rd floor, London EC4R 1EB, United Kingdom.

The BOSWME Data Protection Policy is implemented as a statement that sets out how our firm protects personal data. It is a set of principles, rules and guidelines that informs how BOSWME will ensure ongoing compliance with data protection laws.

BOSWME Data Protection Policy

BOSWME UK Branch Client Data Privacy Notice

In this privacy notice, ‘we’ us’ and ‘our’ means:

• Bank of Singapore Limited, 63 Market Street, #22-00 Bank of Singapore Centre, Singapore 048942 (collectively, the ‘Bank’)
• Bank of Singapore Limited (Dubai International Financial Centre Branch), Office 30-32, Level 28, Central Park Tower, Dubai International Financial Centre (collectively, the ‘Bank’)
• Bank of Singapore Limited (Hong Kong Branch), 34/F & 35F One International Finance Centre, 1 Harbour View Street, Central, Hong Kong (collectively, the ‘Bank’)
• BOS Trustee Limited, 63 Market Street #14-00 Bank of Singapore Centre Singapore 048942 (the ‘Trustee’)

We are committed to protecting your privacy and ensuring the highest level of security for your personal information. This Privacy Notice explains the types of personal information we collect, how we use that information, who we share it with, and how we protect that information. It also provides information about your rights.

Please read the following carefully to understand our views and practices regarding your personal information.

1. Who are we?
   
   

   Depending on which of our products and services you ask us about, buy or use, different companies within our organisation will process your information. Generally, the Bank provides private banking services, while the Trustee provides trustee and trust administration services to clients of the Bank.
   
   

2. Scope of this Privacy Notice
   
   

   This Privacy Notice applies to any individual located within the European Economic Area¹ ('EEA', i.e. EU member states including Norway, Liechtenstein and Iceland) who enquire about, purchase or make use of our products and services provided by the Bank and/or Trustee.

   ¹For the purposes of this Privacy Notice, the European Economic Area shall comprise the following countries: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the UK, Iceland, Liechtenstein and Norway. (Iceland, Liechtenstein and Norway are not part of the EU, but are part of the European Economic Area, and the GDPR applies to them as well.)
   
   

3. Ways in which we obtain personal information
   
   

   We may collect information about you from the following sources:

   1. Information we receive from you

      We obtain personal information about you through your interactions with us generally, including by telephone calls (which may be recorded), by email, via our websites, via application or other forms or face to face (e.g. in meetings). We collect personal information (such as your name, contact details, financial details, employment and education details, nationality, date and place of birth, marital status, passport or other identification details and details of visits to our premises) that you provide to us when you:

      1. enquire about our products and services;
      2. submit applications to open an account or to establish a trust or other entities forming part of the trust assets; and
      3. subsequently correspond with us.
         
         
   2. Information we collect about you
      
      

      We collect information about you by monitoring your access to our premises (e.g. CCTV). We also collect information about how you interact with our website, including IP addresses or other device information (you’ll find more information about this in our Cookie Statement).
      
      

   3. Information we receive from third parties
      

      
      We receive information about you from third parties (e.g. credit reference agencies).
      
      

4. Categories of personal information
   
   

   We process two categories of personal information about you:

   1. wtandard personal information (e.g. information we use to contact you, identify you or manage our relationship with you).
   2. sometimes you may choose to give us special category information about you or others which may attract extra protections under data protection laws (e.g. information about sexual orientation may be revealed if you tell us that you are married or in a relationship and you also give us the name of your partner).
      
      

5. How do we use your personal information?

   
   We process your personal information for the purposes set out in this notice. Different legal grounds apply depending on what category of personal information we process. Standard personal information is normally processed by us on the basis that it is necessary for the performance of a contract, our or a third parties’ legitimate interests or law. Further information about this and special category processing grounds is set out below.

   We process the following information:	For the following purpose(s):	Based on the following justification:
   Name, ID Number, Nationality, Passport Information, Tax Details, Date of Birth, Place of Birth, Residential Address, Business Address, Occupation, Signature, Employment History, Education Background, Financial Details, Criminal Records	To facilitate our account opening process, our trust and other entities establishment process, our customer due diligence process and our vendor due diligence process, as well as to prevent fraud and abuse of our services.	Necessary to perform our contract, to comply with our regulatory requirements and more generally in order to pursue our legitimate interest (see below) of managing our administrative and business operations and complying with internal policies and procedures.
   Financial and Transactional (e.g. details about your accounts with us and payments to and from your accounts with us)	To enable us to process your transactions. To fulfil our Regulatory Reporting processes and facilitate fraud case handling and reporting (where required)	Necessary to perform our contract and to comply with our regulatory requirements and more generally in order to pursue our legitimate interests (See below).
   Telephone Calls	Monitoring of regulated activities, training and development	To comply with our regulatory requirements and to pursue our legitimate interest (see below) to enhance the quality of our service.
   Particulars of any complaints	To facilitate complaints handling and reporting	To comply with our regulatory requirements

6. Legitimate interests
   
   

   Legitimate interest is one of the legal reasons why we may process your personal information. We process your personal information for a number of legitimate interests, including managing all aspects of our relationship with you, for marketing, to help us improve our services and products, and in order to exercise our rights or handle claims.

   Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:

   1. to manage our relationship with you, our business and third parties who provide products or services for us;
   2. to make sure that complaints or queries are handled efficiently and to enhance our products and services;
   3. to keep our records up to date and to provide you with marketing as allowed by law;
   4. to develop and carry out marketing activities and to show you information that is of interest to you, based on our understanding of your preferences;
   5. to monitor how well we are meeting our performance expectations in the delivery of our services (e.g. call recording);
   6. to pursue our legitimate interest in managing the safety and security of our premises and services for the prevention, detection and prosecution of crime, security health and safety (e.g. CCTV Video images);
   7. to enforce or apply our website terms of use, our policy terms and conditions or other contracts, or to protect our (or our customers’ or other people’s) rights, property or safety;
   8. to exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with; and
   9. to take part in, or be the subject of, any sale, purchase, merger or takeover of all or part of our business.
      
      

7. Do we use your personal information for direct marketing?
   
   

   With your permission, we may send you carefully selected information about our products and services. You have the right to opt out of receiving direct marketing at any time by contacting your Relationship Manager.
   
   

8. With which third parties do we share your personal information?
   
   

   We share your information for the purposes set out in this privacy policy, with the following categories of recipients :
   
   

   1. The Bank’s group of companies: We share your personal information among our group of companies, including our branches, subsidiaries, representative offices, parent company Oversea-Chinese Banking Corporation Limited (“OCBC”) and branches and subsidiaries of OCBC, in order to open your account with us, administer our services and products, provide you with customer support, process your payments, understand your preferences, send you information about products and services that may be of interest to you and conduct the other activities described in this Privacy Notice.
      
      
   2. Our service providers: We use other companies, agents or contractors to perform services on our behalf or to assist us with the provision of our services and products to you, including:
      1. infrastructure and IT service providers, including for email archiving.
      2. marketing, advertising and communications agencies.
      3. credit reference agencies
      4. external auditors and advisers.
      5. offsite archival storage providers
         
         

      In the course of providing such services, these service providers may have access to your personal information. However, we will only provide our service providers with personal information which is necessary for them to perform their services, and we require them not to use your information for any other purpose. We will use our best efforts to ensure that all our service providers keep your personal information secure.
      
      

   3. Third parties permitted by law: In certain circumstances, we may be required to disclose or share your personal information in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal information to the police, regulators, government agencies or to judicial or administrative authorities).
      
      

      We may also disclose your personal information to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our contracts or protect your rights or those of the public.
      
      

   4. Third parties connected with business transfers: We may transfer your personal information to third parties in connection with a reorganisation, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal information in a manner consistent with this Privacy Notice.
      
      

      We will not sell your personal information to third parties.

      Please note our website may, from time to time, contain links to and from the websites of our partners or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we have no control over how they may use your personal information. You should check the privacy policies of third party websites before you submit any personal information to them.
      
      

9. Do we transfer personal information outside the EEA?

   
   We use global information systems. As a result, The Bank and Trustee transfers and processes your information to countries outside of the EEA to Singapore, Hong Kong, Dubai, and Philippines. This list of jurisdictions may be subject to change. We take steps to ensure that when your personal information is transferred internationally, it is subject to appropriate safeguards in accordance with applicable data protection laws. Often, these safeguards include contractual safeguards. More information about these safeguards can be obtained by contacting:

   
   

   Email: dpo@bankofsingapore.com

   
   

   Write in: Data Protection Officer, Bank of Singapore Limited, 63 Market Street, #22-00 bank of Singapore Centre, Singapore 048942.
   
   

10. What are your rights?
    
    

    The data protection laws in the EEA and in some other countries provide individuals with the following rights:
    
    

    1. Right of subject access: The right to make a written request for details of personal information we hold about you and to request a copy of that personal information.
    2. Right to rectification: The right to have inaccurate information about you rectified.
    3. Right to erasure ('right to be forgotten'): The right to have certain personal information about you erased.
    4. Right to restriction of processing: The right to request that your personal information is only used for restricted purposes.
    5. Right to object: The right to object to the use of personal information (including the right to object to marketing).
    6. Right to data portability: The right to ask for personal information you have made available to us to be transferred to you or a third party in machine-readable formats.
    7. Right to withdraw consent: We do not normally rely on consent as a basis for processing your personal information. We will only ask for your consent in very limited circumstances and, if we do so, will make it obvious to you when we are asking for that consent and what that is for. You have the right to withdraw any consent you have given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of use of your personal information prior to the withdrawal of your consent. 
       
       

    These rights may not apply in all cases. If we are not able to comply with your request, we will explain why. In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If you would like more information about your rights or to exercise any of your rights, please contact:

    
    

    Email: dpo@bankofsingapore.com

    
    

    Write in: Data Protection Officer, Bank of Singapore Limited, 63 Market Street, #22-00 bank of Singapore Centre, Singapore 048942.

    
    

    You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. If you are based in, or the issue relates to, the UK, the Information Commissioner’s Office can be contacted as follows:

    
    

    Telephone: +44 0303 123 1113

    
    

    Email: casework@ico.org.uk

    
    

    Website: www.ico.org.uk

    
    

    Web-form: www.ico.org.uk/concerns/

    
    

    Address: Water Lane, Wycliffe House, Wilmslow, Cheshire, SK9 5AF

    
    

    If you are in the EEA, you can also lodge a complaint with another supervisory authority which is based in the country or territory where:

    
    

    a. you are living,

    b. you work, or

    c. the alleged infringement took place.

    
    

    A list of the EU data protection supervisory authorities is available here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm .
    
    

11. How do we protect your personal information?

    
    We have implemented technical and organisational security measures to safeguard the personal information in our custody and control. Such measures include, for example, limiting access to personal information only to employees and authorised service providers who need to know such information for the purposes described in this Privacy Notice; adopting security protocols on networks and systems; using email security settings when sending and/or receiving highly confidential emails; applying physical access controls such as marking confidential documents clearly and prominently, storing confidential documents in locked file cabinets; restricting access to confidential documents on a need-to-know basis; using privacy filters; disposal of confidential documents that are no longer needed, through shredding or similar means; using a mode of delivery or transmission of personal data that affords the appropriate level of security (e.g. registered post instead of normal post where appropriate); confirming the intended recipient of personal data as well as other administrative, technical and physical safeguards.

    
    

    While we endeavour to protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.
    
    

12. How long do we keep your personal information?

    
    We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent permitted by applicable laws. In general, we will keep your personal data for between seven (7) to twelve (12) years (depending on the type of information, and in accordance with our internal policies) after your relationship with us is terminated. However, there may be circumstances that mean we must retain your personal information for longer. In order to determine how long it is necessary to retain your personal information, we calculate retention periods in accordance with the following criteria:
    
    

    1. the currency of your relationship with us and the types of products or services you have with us;
    2. the length of time it is reasonable to keep records to demonstrate that we have fulfilled our obligations to you and under law;
    3. any limitation periods within which claims might be made;
    4. any retention periods prescribed by law or recommended by regulators, industry bodies or associations; and
    5. the existence of any relevant proceedings.
       
       

13. How do we deal with children's privacy?

    
    Our services are not intended to be provided to children and we will never knowingly collect personal information from individuals under the age of thirteen (13) years without first obtaining verifiable parental consent. If you are under the age of 13 you should not provide information to us. If we become aware that a person under 13 has provided personal information to us without verifiable parental consent, we will remove such personal information from our files.
    
    

14. How can you contact us?

    
    If there are any questions or concerns regarding this Privacy Notice, please contact us as follows:

    
    

    Email: dpo@bankofsingapore.com

    
    

    Write in: Data Protection Officer, Bank of Singapore Limited, 63 Market Street,#22-00 bank of Singapore Centre, Singapore 048942. 
    
    

15. Which version of this Privacy Notice applies?

    
    This Privacy Notice is written in English and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.

    We reserve the right to change our Privacy Notice from time to time. If we decide to change our Privacy Notice we will notify you of these changes.

    
    

    18th Oct 2019

Cookie Statement

1. 1. What are cookies?

      
      Cookies are small text files stored in your computing or other electronic devices which allow us to remember you or other data about you. The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on an electronic device. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on that visitor.
      
      

   2. How are cookies used?

      
      Cookies are used for different purposes. We may employ cookies in order for our server to recognise a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor's IP address, and a visitor's click stream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
      
      

   3. What types of cookies do we use?

      
      Cookies can generally be put into one of the following four categories:
      
      

      1. Strictly necessary cookies, which enable services you have specifically asked for
      2. Performance cookies, which collect anonymous information on the pages you have visited
      3. Functionality cookies, which remember the choices you have made to improve your experience
      4. Targeting cookies, which collect information about your browsing habits in order to make advertising relevant to you and your interests

      
      We use the following cookies on our website:

      Cookie name	Category	Purpose	First / Third Party
      JSESSIONID	Strictly necessary cookies	This is required to have client session stickiness with application server	First Party
      WASSID & WSATAR	Strictly necessary cookies	Used to track and authenticate user login	First Party
      AMCV_###@AdobeOrg	Functionality and performance cookies	This cookie is used by our analytics software, Adobe Analytics, to identify a unique visitor.	First and Third Party
      gpv	Functionality and performance cookies	This cookie stores the quantity of pages you view when visiting the Websites	First and Third Party
      s_cc	Functionality and performance cookies	This cookie allows Adobe Analytics to determine whether or not cookies are enabled in your browser.	First and Third Party
      s_ppv	Functionality and performance cookies	Stores information on the percentage of the page displayed	First and Third Party
      s_ppvl	Functionality and performance cookies	Stores information on the percentage of the page displayed to you	First and Third Party
      s_sq	Functionality and performance cookies	This cookie is set and read by the JavaScript code when the ClickMap functionality and the Activity Map functionality are enabled; it contains information about the previous links that you clicked on the Websites.	First Party
      _ga	Functionality and performance cookies	Google Analytics to determine that two distinct hits belong to the same user across sessions	First and Third Party
      _gat	Functionality and performance cookies	Google analytics to measure how users interact with website content as a user journey between web pages	Third Party
      _gid	Functionality and performance cookies	To store and update a unique value for each page visited for google analytics	Third Party

   4. What are your choices?
      
      

      Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to enter certain parts of our website.

      
      

      To learn more about cookies and how to manage or delete them, just visit allaboutcookies.org and the help section of your browser. In the settings for browsers like Internet Explorer, Safari, Firefox or Chrome, you can set which cookies to accept and which to reject. Where you find these settings depends on your browser – use the 'Help' function in your browser to locate the settings you need.

      
      

      You can also find helpful information about cookies at http://www.youronlinechoices.eu and http://www.international-chamber.co.uk/our-expertise/digitaleconomy.

      
      

      If you have any questions, suggestions, or comments about this Cookie Statement, send an email to dpo@bankofsingapore.com. Our Cookie Statement may also be amended from time to time – so visit this page regularly to stay up to date.

The purpose of this document ('Data Protection Policy') is to inform you of how BOS Trustee Limited manages Personal Data (as defined below) which is subject to the Singapore Personal Data Protection Act (No. 26 of 2012) (the Act). Please take a moment to read this Data Protection Policy so that you know and understand the purposes for which we collect, use and disclose your Personal Data.

By interacting with us, submitting information to us, or signing up for any Services (as defined in paragraph 2.1(a) below) offered by us, you agree and consent to BOS Trustee Limited (including its related corporations and business units) (collectively, the 'Companies'), as well as their respective representatives and/or agents ("Representatives") (the Companies and Representatives collectively referred to herein as 'BOSTL', 'us', "we" or 'our') collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to the Companies' authorised service providers and relevant third parties in the manner set forth in this Data Protection Policy.

This Data Protection Policy supplements but does not supersede nor replace any other consents you may have previously provided to BOSTL in respect of your Personal Data, and your consents herein are additional to any rights which to any of the Companies may have at law to collect, use or disclose your Personal Data.

BOSTL may from time to time update this Data Protection Policy to ensure that this Data Protection Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of the Data Protection Policy as updated from time to time on our website. Please check back regularly for updated information on the handling of your Personal Data.

1. Personal Data

   
   

   In this Data Protection Policy, 'Personal Data' refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.

   Examples of such Personal Data you may provide to us include (depending on the nature of your interaction with us) your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address, transactional data and any other information relating to any individuals which you have provided us in any forms you may have submitted to us (including in the form of biometric data), or via other forms of interaction with you.
   
   

2. Collection of Personal Data

   
   
   

   1. Generally, we collect Personal Data in the following ways:

      1. when you submit any form, including but not limited to application forms or other forms relating to any of our products or services or any investments which you purchase through the Companies;
      2. when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
      3. when you interact with our staff, including relationship managers and their assistants, example via telephone calls (which may be recorded), letters, fax, face-to-face meetings and emails;
      4. when your images are captured by us via closed-circuit television cameras ('CCTVs') while you are within our premises, or via photographs or videos taken by us or our representatives when you attend events hosted by us;
      5. when you use some of our services provided through online and other technology platforms, such as websites and apps, including when you establish any online accounts with us;
      6. when you request that we contact you, or include you in an email or other mailing list; or when you respond to our request for additional Personal Data, our promotions and other initiatives;
      7. when you are contacted by, and respond to, our marketing representatives, agents and other service providers;
      8. when we seek information about you and receive your Personal Data from third parties in connection with your relationship with us, for example, from referrers, business partners, external or independent asset managers, public agencies or the relevant authorities;
      9. through physical access, internet and information technology monitoring processes;
      10. in connection with any investigation, litigation, registration or professional disciplinary matter, criminal prosecution, inquest or inquiry which may relate to you or any Connected Person; and/or
      11. when you submit your Personal Data to us for any other reason.
          
          

   2. When you browse our website and platforms, you generally do so anonymously but please see the section below on cookies. We do not, at our website and platforms, automatically collect Personal Data, including your email address unless you provide such information or login with your account credentials.

   3. If you provide us with any Personal Data relating to a third party (for example, information of your spouse, children, parents, or a Connected Person), by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with his/her Personal Data for the respective purposes.
      'Connected Person' may include but is not limited to any beneficial owner, authorised signatory, director, shareholder, officer of a company, partner or member of a partnership, settlor, trustee, beneficial owner, protector or grantor of trust, mandate holder, power of attorney holder, surety, third party security provider, provider of funds, founder and/or employee, payee of designated payment, representatives, agents or nominees.

   4. You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested. You agree to inform BOS immediately of any change of facts or circumstances which may render any information or Personal Data previously provided inaccurate, untrue or incorrect and provide any information or documentation as BOS may reasonably require for the purposes of verifying the accuracy of the updated information or Personal Data.

3. Purposes for the collection, use and disclosure of your Personal Data

   
   
   

   1. Generally, BOS collects, uses and discloses your Personal Data for the following purposes:

      1. responding to, processing and handling your complaints, queries, requests, feedback and suggestions;
      2. verifying your identity and customer due diligence;
      3. managing the administrative and business operations of the Companies and complying with internal policies and procedures (including but not limited to facilitating business continuity planning);
      4. audit purposes;
      5. verifying or confirming trade orders or instructions from you or for your account (including but not limited to instructions on fund transfers or remittances);
      6. facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving any of the Companies;
      7. matching any Personal Data held which relates to you for any of the purposes listed herein;
      8. resolving complaints and handling requests and enquiries;
      9. preventing, detecting and investigating crime, including fraud and money-laundering or terrorist financing, and analysing and managing commercial risks (including but not limited to preventing and detecting loss of BOS’ proprietary and sensitive information);
      10. project management;
      11. providing media announcements and responses, for example in relation to complaints or law suits;
      12. requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to design our products, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our products and services;
      13. managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance and conducting security clearances);
      14. managing and preparing reports on incidents and accidents;
      15. organising events, seminars or trainings;
      16. complying with any applicable rules, laws and regulations, codes of practice or guidelines, obligations, requirements or arrangements for collecting, using and disclosing Personal Data that apply to BOS or that it is expected to comply, according to:
          
          
          1. any law binding or applying to it within or outside Singapore existing currently and in the future;
          2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Singapore existing currently and in the future;
          3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on BOS by reason of its financial, commercial, business, or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations;
      1. to assist in law enforcement and investigations by relevant authorities;
      2. in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
      3. archival management (including but not limited to warehouse storage and retrievals); and/or
      4. any other purpose relating to any of the above.
         
         

      These purposes may also apply even if you do not maintain any accounts with us, or have terminated these accounts.
      
      

   2. In addition, BOS collects, uses and discloses your Personal Data for the following purposes depending on the nature of our relationship:

      1. If you are a prospective customer:
         
         
         1. evaluating your eligibility to open an account with us and your financial and banking needs and providing recommendations to you as to the type of products and services suited to your needs;
         2. assessing and processing any applications or requests made by you for products and services offered by BOS; and/or
         3. any other purpose relating to any of the above.
            
            
      2. If you are a customer holding an account with BOS or a Connected Person or an administrator, executor, liquidator, official assignee, receiver, judicial manager or other similar official who has been so appointed pursuant to bankruptcy or insolvency proceedings instituted in Singapore or elsewhere in respect of a BOS customer or any security provider:
         
         
         1. opening, maintaining or closing of accounts and our establishing or providing banking and trust services to you;
         2. processing fund transfers or any other instructions provided in relation to the account of a BOS customer;
         3. where account or relationship managers or agents have been assigned to service your account or portfolio, using your telephone number(s) to contact you from time to time in order to take your instructions, and/or provide you with information, updates, or recommendations and / or in accordance with the terms and conditions of our agreement with you;
         4. processing applications for and facilitating the daily operation of services and credit facilities provided to you or other persons or corporations for whom you act as surety or third party service provider;
         5. conducting credit checks at the time of application for credit and at the time of regular or special credit reviews;
         6. facilitating or processing your application for insurance products and/or trust services offered by BOS and its business partners;
         7. carrying out client reviews, for example, annual reviews of your portfolio;
         8. to establish your financial situation, risk profile, investment experience and investment objectives to help you consider the suitability of the products you have invested or intend to invest;
         9. providing internet banking services (including but not limited to carrying out special handling requests for PIN mailers and tokens;
         10. networking to maintain customer relationship;
         11. providing client servicing (including but not limited to responding to individual requests by customers, mailing services, reconciliation services and providing customer satisfaction);
         12. facilitating the transfer of funds within BOS banking accounts or from BOS accounts to external banking accounts and vice versa;
         13. administering exceptional approvals, fee adjustments or waivers;
         14. dealing with and designing investment products (for example, bonds, derivatives, equities, funds);
         15. registering the pledge or charge that you or the surety or the third party security provider has granted in favour of BOS as security for the credit facilities granted by BOS to you; 
         16. administering credit and debit cards (including but not limited to processing card applications, transactions and credit limit approvals); 
         17. providing cheque deposits and issuance services;
         18. determining and collecting amounts owed by you or the borrower for whom you act as surety or third party security provider or those providing security or acting as surety for your liabilities and obligations;
         19. enabling any Company or third party to perform the functions that BOS may have outsourced to it in relation to the management of your account or transactions;
         20. enabling an actual or proposed assignee of BOS, or participant or sub-participant or transferee of BOS’ rights, liabilities or obligations in respect of (1) you or (2) a security provider who provides security or acts as surety for your liabilities and obligations to evaluate the transaction intended to be the subject of the assignment, participation, sub-participation or transfer; and/or
         21. any other purpose relating to any of the above.
             
             
      3. If you are an employee or agent of a referrer or other intermediary:
         
         
         1. marketing services and products;
         2. processing commission remuneration;
         3. performing due diligence and reference checks; and/or
         4. any other purpose relating to any of the above.
            
            
      4. If you are an employee, officer or owner of an external service provider or vendor outsourced or prospected by BOS;
         
         
         1. managing project tenders or the supply of goods and services;
         2. processing and payment of vendor invoices;
         3. complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (which includes disclosure to regulatory bodies or audit checks); and/or
         4. any other purpose relating to any of the above.
            
            
      5. If you are a party or counterparty to a transaction (for example, a beneficiary of a fund transfer or payment):
         
         
         1. providing cash, payment and transactional services (including but not limited to the execution, settlement, reporting and/or clearing of the relevant transaction); and/or
         2. any other purpose relating to any of the above.
            
            
      6. If you sit on the BOS Board of Directors:
         
         
         1. facilitating appointment to the Board (including but not limited to managing the publication of directors’ statistics on annual reports and circulars);
         2. complying with any applicable rules, laws and regulations, codes of practice or guidelines or to assist in law enforcement and investigations by relevant authorities (including but not limited to disclosures to regulatory bodies or conducting due diligence);
         3. administrative matters (including but not limited to the maintenance of statutory registers and lodgement of directors’ fee);
         4. managing insurance programmes; and/or
         5. any other purpose relating to any of the above.
            
            

   3. In addition, where permitted under the Act, BOS may also collect, use and disclose your Personal Data for the following purposes (which we may describe in our documents and agreements as 'Additional Purposes' for the handling of Personal Data):
      
      

      1. providing or marketing services, products and benefits to you, including promotions, loyalty and reward programmes;
      2. matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the customisation, provision or offering of products and services, marketing or promotions, whether by BOS or other third parties;
      3. sending you details of products, services, special offers and rewards, investment or research reports or guides, either to our customers generally, or which we have identified may be of interest to you; and/or
      4. conducting market research, understanding and analysing customer behaviour, location, preferences and demographics for us to offer you products and services as well as special offers and marketing programmes which may be relevant to your preferences and profile.
         
         

   4. If you have provided your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, BOS may contact you using such Singapore telephone number(s) (including via voice calls, text , fax or other means) with information about our products and services (including discounts and special offers).

   5. In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
      
      

4. Disclosure of Personal Data
   
   

   BOS will take reasonable steps to protect your Personal Data against unauthorised disclosure. Subject to the provisions of any applicable law, your Personal Data may be provided, for the purposes listed above (where applicable), to the following entities or parties, whether they are located overseas or in Singapore:
   
   

   1. BOS’s related corporations and overseas branches and offices;
   2. counterparties and their respective banks in relation to transactions for your account including purchasing and selling of securities and investment products, fund transfers, payments, issuance of standby letters of credit, banker’s guarantees or letters of undertaking and drawing of cheques;
   3. third party recipients of reference letters;
   4. companies providing services relating to insurance and/or reinsurance to BOS;
   5. insurers or brokers in relation to the insurance products or services that you have applied for or purchased;
   6. trustees, attorneys and asset managers appointed by you to manage your account held with BOS;
   7. referrers who have referred you to BOS;
   8. any person (1) who provides security or acts as surety for your liabilities and obligations to BOS or (2) for whom you act as surety or third party security provider;
   9. agents, contractors, vendors, installers, or third party service providers who provide administrative or operational services to BOS, such as courier services, telecommunications, information technology, payment, payroll, processing, training, market research, storage, archival, customer support investigation services or other services to BOS;
   10. agents, contractors, vendors or other third party service providers in connection with marketing, products and services offered by BOS;
   11. analytics, search engine providers or third party service providers that assist us in delivering our products, services, websites and platforms as well as improving and optimising the same;
   12. credit reporting agencies;
   13. debt collection agencies;
   14. your employers which are financial institution, for their internal surveillance or monitoring purposes;
   15. any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or any debt or asset sale) involving any of the Companies;
   16. credit card companies and their respective service providers in respect of credit cards held by you;
   17. translators;
   18. our professional advisers such as our auditors and lawyers;
   19. third parties who provide corporate advisory services or due diligence services in connection with you, any Connected Person or your account held with BOS;
   20. relevant government regulators, government ministries, exchange, statutory boards or authorities or law enforcement agencies who have jurisdiction over BOS or any Company or over any transaction entered into by you, such as the Monetary Authority of Singapore, Singapore Exchange Limited, the Accounting and Corporate Regulatory Authority, the Insolvency and Public Trustee Office, the Inland Revenue Authority of Singapore and the Commissioner of Charities, as well as to comply with listing and other requirements or directions of Singapore Exchange Limited and/or any other relevant securities exchange;
   21. any liquidator, receiver, administrator, judicial manager, trustees-in-bankruptcy, custodian or other similar official who has been so appointed, pursuant to bankruptcy, winding-up or insolvency proceedings instituted in Singapore or elsewhere, in respect of you or your assets;
   22. third parties who carry out registration of charge or pledge over the assets that you have pledged or charged to BOS;
   23. corporate service providers or lawyers, who are appointed by you;
   24. surveyors or valuers or other third parties in relation to assets which you will be charging or mortgaging to BOS;
   25. the Central Provident Fund (CPF”) Board in relation to CPF investment products;
   26. financial institutions, brokerage houses, clearing houses, depository, depository agents, managers, administrators, fund houses, registrars, custodians, external banks, the Central Depository, nominee banks and investment vehicles in relation to asset management and investment product settlement processing;
   27. collection and repossession agencies in relation to the enforcement of repayment obligations for loans;
   28. third parties who organise promotional or marketing events, seminars or trainings;
   29. any actual or proposed assignee of BOS or participant or sub-participant or transferee of BOS’ rights, liabilities or obligations in respect of (1) you or (2) a security provider who provides security or acts as surety for your liabilities and obligations to evaluate the transaction intended to be the subject of the assignment, participation, sub-participation or transfer;
   30. any person to whom BOSTL or any of the Companies is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to BOSTL or any of the Companies, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which BOSTL or any of the Companies are expected to comply, or any disclosure pursuant to any contractual or other commitment of BOSTL or any of the Companies with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or industry bodies or associations of financial services providers, all of which may be within or outside Singapore and may be existing currently and in the future; and/or
   31. any other party to whom you authorise us to disclose your Personal Data to.

   5. Contacting us – feedback, withdrawal of consent, access and correction of your Personal Data
   
   

   1. If you:

      1. have any questions or feedback relating to your Personal Data or our Data Protection Policy;
      2. would like to withdraw your consent to any use of your Personal Data as set out in this Data Protection Policy; or
      3. would like to obtain access and make corrections to your Personal Data records, please contact BOSTL as follows:
         
         

         Email:	dpo.sg@BOSTrustee.com
         Call:	+65 6818 6478
         Write in:	Data Protection Officer Data Protection & Governance Office BOS Trustee Limited 63 Market Street #14-00 Bank of Singapore Centre Singapore 048942

   2. Please note that if your Personal Data has been provided to us by a third party (e.g. The Central Depository Pte Ltd), you should contact such party directly to make any queries, feedback, and access and correction requests to BOSTL on your behalf.

   If you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, BOSTL may not be in a position to continue to provide its Services to you, administer any contractual relationship in place, may also result in the termination of any agreements with BOSTL, and your being in breach of your contractual obligations or undertakings, and BOSTL’s legal rights and remedies in such event are expressly reserved.
   
   

   6. Governing law

This Data Protection Policy and your use of this website shall be governed in all respects by the laws of Singapore.

This NextGen Community Data Protection Notice (“Notice”) sets out the basis which Bank of Singapore Limited (“we”, “us”, or “our”) may collect, use, disclose or otherwise process personal data of our NextGen members in accordance with the Personal Data Protection Act (“PDPA”). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.

PERSONAL DATA

1. As used in this Notice:

“member” means an individual who (a) has contacted us through any means to find out more about any products or services we provide, or (b) may have, or has, entered into a contract with us for the supply of any products or services by us; and

“personal data” means data, whether true or not, about a member who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.

2. Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include your full name and contact information such as your email address and/or phone number, gender, nationality, date of birth, topics of interests, and industry of work.

3. Where you may participate in programmes organised in conjunction with overseas partners, such as our Future Wealth Executive Programme, additional information including but not limited to your passport number, highest educational qualification, employer, designation, scanned copy of passport may be collected for the purpose of administrating the Programme, and making the relevant arrangements for your participation in the Programme with our Programme partners.
   
   
4. Other terms used in this Notice shall have the meanings given to them in the PDPA (where the context so permits).

COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

5. We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).
   
   
6. We may collect and use your personal data for any or all of the following purposes:
   1. performing obligations in the course of or in connection with our provision of the products and/or services requested by you, including the administration of the NextGen Community, as well as to organize events such as educational forums, networking events, investment workshops and lifestyle events;
   2. verifying your identity;
   3. responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;
   4. managing your relationship with us;
   5. sending you invitations to our events and post-event summaries, including but not limited to lifestyle, networking and educational events;
   6. complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
   7. any other purposes for which you have provided the information;
   8. transmitting to any unaffiliated third parties including our third-party service providers and agents, such as service providers who provide administrative or operational services to BOS, such as courier services, telecommunications, and information technology services, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes; and
   9. any other incidental business purposes related to or in connection with the above.
      
      
7. We may disclose your personal data:
   1. (a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the products or services requested by you; or
   2. (b) to third party service providers, agents and other organisations we have engaged to perform any of the functions listed in clause 6 above for us.
      
      
8. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

WITHDRAWING YOUR CONSENT

9. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.
   
   
10. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us.

11. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our products or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 20 above.
    
    
12. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

ACCESS TO AND CORRECTION OF PERSONAL DATA

13. If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.

PROTECTION OF PERSONAL DATA

14. To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
    
    
15. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

ACCURACY OF PERSONAL DATA

16. We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.

RETENTION OF PERSONAL DATA

17. We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.
    
    
18. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

TRANSFERS OF PERSONAL DATA OUTSIDE OF SINGAPORE

19. We generally do not transfer your personal data to countries outside of Singapore. However, if we do so, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.

DATA PROTECTION OFFICER

20. You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, to dpo@bankofsingapore.com.

EFFECT OF NOTICE AND CHANGES TO NOTICE

21. This Notice applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.

21. We may revise this Notice from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Notice was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes.

Last updated on 07 June 2024.