尊敬的客户:
为给您提供更加优质的服务,我行对现有的《账户规则与条款》(Terms and Conditions Governing Accounts)进行了修订,并将于2021年1月7日起生效。具体修订内容如下:
a. Clause 20 Use of Information and Confidentiality
20.3 (o) to any person or entity where BOC in good faith deems it reasonable to make such disclosure in connection with these Terms or the operation of the Account.
b. Clause 21 BOC's Personal Data Protection
21.2 The Account Holder or the Authorised Person does not have to provide their personal data to BOC. However, failure to supply certain personal data to BOC (or if BOC is not permitted by the Account Holder or the Authorised Person to process their personal data), may result in BOC being unable to process, administer and/or manage the Account Holder's relationship with BOC or provide some of our services to the Account Holder or the Authorised Person. Depending on the extent by which the Account Holder or Authorised Person does not permit BOC to process their personal data or the extent of personal data which the Account Holder or Authorised Person does not provide to BOC, it may mean that BOC will not be able to continue the relationship in question or enter into a contract with the Account Holder or continue the contract with the Account Holder.
21.3 BOC will collect, use, disclose and/or process your personal data in accordance with the terms of our BOC's Personal Data Protection Policy and/or BOC's EU Personal Data Protection Policy (whichever is applicable) at https://www.bankofchina.com/sg.
21.4 BOC may collect, use, disclose and/or process the Account Holder's and/or Authorised Person's personal data for one or more of the following purposes:
(h) preventing or investigating potential fraud, unlawful activity or omission or misconduct, whether relating to the Account Holder's relationship with BOC or any other matter arising from the Account Holder's relationship with BOC, and whether or not there is any suspicion of the aforementioned;
21.5 BOC may also be collecting from sources other than from the Account Holder or Authorised Person, personal data about the Account Holder or Authorised Person, for one or more of the above Purposes, and thereafter using, disclosing and/or processing such personal data for one or more of the above Purposes.
21.6 Where personal data of an individual (other than an Account Holder or Authorised Person) is provided by the Account Holder or Authorised Person to BOC, the Account Holder or Authorised Person hereby acknowledges, agrees and consents on behalf of the individual whose personal data is provided by such Account Holder or Authorised Person, that BOC may collect, use, disclose and process such individual's personal data in accordance with these Terms and Conditions. The Account Holder or Authorised Person also warrants that he/she has obtained such individual's prior consent to such collection, use, disclosure or processing of the individual's personal data by BOC and that such individual's personal data provided by the Account Holder or Authorised Person to BOC is true, accurate and complete.
21.7 BOC may/will need to disclose the Account Holder's or Authorised Person's personal data (or any personal data provided by the Account Holder or Authorised Person) to third parties, whether located within or outside Singapore, for one or more of the above Purposes, as such third parties would be processing the Account Holder's or Authorised Person's personal data (or any personal data provided by the Account Holder or Authorised Person) for one or more of the above Purposes. In this regard, the Account Holder or Authorised Person hereby acknowledge, agree and consent that BOC is permitted to disclose the Account Holder's or Authorised Person's personal data (or any personal data provided by the Account Holder or Authorised Person) to such third parties (whether located within or outside Singapore) for one or more of the above Purposes and for the said third parties to subsequently collect, use, disclose and/or process the Account Holder's or Authorised Person's personal data (or any personal data provided by the Account Holder or Authorised Person) for one or more of the above Purposes. Without limiting the generality of the foregoing or of Clause 21.4, such third parties include:
(a) BOC's head office, associated or affiliated organisations or related corporations;
(b) any of BOC's agents, contractors or third party service providers that process or will be processing the Account Holder's and/or Authorised Person's personal data on BOC's behalf including but not limited to those which provide administrative or other services to BOC such as mailing houses, telecommunication companies, information technology companies, debt collection agency and data centres;
(c) third parties to whom disclosure by BOC is for one or more of the Purposes and such third parties would in turn be collecting and processing the Account Holder's and/or Authorised Person's personal data for one or more of the Purposes; and
(d) third parties as mentioned in Clause 20.4 above.
21.8 Where BOC relies on Account Holder's or Authorised Person's consent to process Account Holder's or Authorised Person's personal data (as detailed in our BOC's Personal Data Protection Policy and/or BOC's EU Personal Data Protection Policy (whichever is applicable) at https://www.bankofchina.com/sg, the Account Holder or Authorised Person has the right to withdraw his/her consent whether in part or in whole. However, the Account Holder's or Authorised Person's withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of the Account Holder's or Authorised Person's withdrawal of consent for BOC to process the Account Holder's or Authorised Person's personal data (or any personal data provided by the Account Holder or Authorised Person), it may mean that BOC will not be able to continue with the Account Holder's existing relationship with BOC/the contract the Account Holder has with BOC will have to be terminated. Should either of the Account Holder or the Authorised Person wish to withdraw his/her consent in part or in whole, the Account Holder or Authorised Person shall write to BOC providing details of such withdrawal.
21.9 For the avoidance of doubt, in the event that the applicable data protection law permits an organisation such as BOC to collect, use or disclose the Account Holder's and/or Authorised Person's personal data (or any personal data provided by the Account Holder or Authorised Person) without their respective consent, such permission granted by the applicable data protection law shall continue to apply.
21.10 Any consent given pursuant to this Clause 21 in relation to personal data shall survive death, incapacity, bankruptcy or insolvency of any such individual and the termination or expiration of the Account, Services and/or these Terms and Conditions.
21.11 Marketing and Promotional Information and Materials
21.11.1 Processing for Marketing Purpose and Postal Mail and Email Communication for Marketing Purpose
BOC may at its discretion, collect, use, disclose and/or process personal data about the Account Holder or Authorised Person that the Account Holder or Authorised Person had previously provided BOC, that the Account Holder or Authorised Person now provide to BOC, that the Account Holder or Authorised Person may in future provide BOC with and/or that BOC possesses about the Account Holder or Authorised Person from time to time, for the purpose of providing the Account Holder or Authorised Person with marketing, advertising and promotional information, materials and/or documents relating to products and/or services (including products and/or services of third party merchants whom the BOC may collaborate or tie up with) that BOC may be selling, marketing, offering or promoting, whether such products or services exist now or are created in the future (the "Marketing Purpose").
In the above regard, BOC may at its discretion send to the Account Holder or Authorised Person, such marketing, advertising and promotional information by way of postal mail and/or electronic transmission to the Account Holder's or Authorised Person's email address(es).
BOC may at its discretion disclose personal data about the Account Holder or Authorised Person to BOC's third party service providers or agents, which may be sited in or outside of Singapore, for the above Marketing Purpose; and the Account Holder or Authorised Person also consents to such third party service providers or agents of BOC processing the Account Holder's or Authorised Person's personal data (including sending the Account Holder or Authorised Person such marketing, advertising and promotional information through the above modes of communication) for the above Marketing Purpose for BOC.
The Account Holder or Authorised Person will always have the right to object to BOC using their personal data for the Marketing Purpose at any time. If the Account Holder or Authorised Person wishes to object to BOC using their personal data for the Marketing Purpose, the Account Holder or Authorised Person shall write to BOC and provide details of their objection at bocdp@bankofchina.com.
c. Clause 22 Corporate Account Customer's Representations Relating To Personal Data Provided To BOC
22.2 In respect of the personal data of individuals (including, where applicable, its directors, partners, office holders, officers, employees, agents, shareholders and beneficial owners) that the Corporate Account Customer will be or may be disclosing or discloses to BOC, both the Corporate Account Customer and BOC agree that they shall be independent controllers of such personal data for the purposes of EU Data Protection Laws (to the extent applicable). The Corporate Account Customer and BOC undertake to process the personal data in accordance with Data Protection Legislation, and to provide reasonable assistance to the other party to comply with its obligations under Data Protection Legislation. Neither party shall do anything which would cause the other party to incur any liability under EU Data Protection Laws.
22.3 In respect of any personal data that the Corporate Account Customer will be or may be disclosing to BOC, the Corporate Account Customer represents, undertakes and warrants that:
(a) it has collected such data lawfully in accordance with Data Protection Legislation;
(b) it has ensured that it has a valid lawful basis under Data Protection Legislation (including but not limited to, express consent) to:
(i) permit the Corporate Account Customer to disclose the individuals' personal data to BOC for:
A. considering and/or processing the Corporate Account Customer's application for Account opening/transaction (including the processing of any application for Services);
B. conducting credit checks, due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations or BOC's risk management procedures that may be required by law or that may have been put in place by BOC; and
C. providing updates on changes to the Services including any additions, expansions, suspensions and replacements of the Services.
(ii) permit BOC and its related corporations to collect, use, disclose and/or process the individuals' personal data for:
A. considering and/or processing the Corporate Account Customer's application for account opening/transaction (including the processing of any application for Services);
B. facilitating, processing, dealing with, administering, managing and/or maintaining the Corporate Account Customer's relationship with BOC;
C. carrying out the Corporate Account Customer's instructions or responding to any enquiry given by (or purported to be given by) the Corporate Account Customer or on the Corporate Account Customer's behalf;
D. contacting the individual or communicating with the individual via phone/voice call, text message and/or fax message, email and/or postal mail for the purposes of administering and/or managing the Corporate Account Customer's relationship with BOC such as but not limited to communicating information to the individual related to the Account or Services;
E. dealing in any matters relating to the Services which the Corporate Account Customer is entitled to under the Corporate Account Customer's contract with BOC including performing the contract;
F. carrying out credit checks, due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations or BOC's risk management procedures that may be required by law or that may have been put in place by BOC;
G. preventing or investigating potential fraud, unlawful activity or omission or misconduct, whether relating to the Corporate Account Customer's relationship with BOC or any other matter arising from the Corporate Account Customer's relationship with BOC, and whether or not there is any suspicion of the aforementioned;
H. complying with or as required by any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including meeting the requirements to make disclosure under the requirements of any law binding on BOC and/or for the purposes of any guidelines issued by regulatory or other authorities, whether in Singapore or elsewhere, with which BOC is expected to comply;
I. complying with or as required by any request or direction of any governmental authority; or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities (including but not limited to the Monetary Authority of Singapore, Inland Revenue Authority of Singapore, Insolvency & Public Trustee's Office, Commercial Affairs Department and courts). For the avoidance of doubt, this means that BOC may/will disclose the individual's personal data to the aforementioned parties upon their request or direction;
J. conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve BOC's Services and facilities in order to enhance BOC's relationship with the Corporate Account Customer or for the Corporate Account Customer's benefit, or to improve any of BOC's Services and facilities for the Corporate Account Customer's benefit;
K. storing, hosting, backing up (whether for disaster recovery or otherwise) of the Corporate Account Customer's personal data, whether within or outside Singapore;
L. financial reporting, regulatory reporting, management reporting, risk management (including monitoring risk exposure), audit, and record-keeping purposes;
M. the disclosure purposes to the third parties as set out in Clause 20.3 above; and
N. any other purpose reasonably related to the aforesaid.
(collectively, the "Purposes").
(c) at the request of BOC, the Corporate Account Customer will use such form(s) or document(s) provided by BOC in obtaining such consents from the individuals in question as may be necessary (for the avoidance of doubt, BOC is under no obligation to Corporate Account Customer to create any such form(s) or document(s));
(d) the Corporate Account Customer will notify BOC promptly upon its becoming aware of the withdrawal by the relevant individual of his/her consent to the collection, processing, use and/or disclosure by BOC of any personal data provided by the Corporate Account Customer to BOC;
(e) any personal data that the Corporate Account Customer will be or is disclosing to BOC are accurate. Further, the Corporate Account Customer shall give BOC notice in writing as soon as reasonably practicable should it be aware that any such personal data has been updated and/or changed after such disclosure;
(f) the Corporate Account Customer shall at the request of BOC, assist BOC to comply with the PDPA. In this regard and without limiting the generality of the foregoing, this includes but is not limited to the Corporate Account Customer executing such further documents as BOC may require and/or the Corporate Account Customer making arrangements for additional form(s) and consent(s) to be completed and signed by individuals whose personal data are provided by the Corporate Account Customer to BOC; and
(g) for any personal data that the Corporate Account Customer will be or may be disclosing or discloses to BOC, that the Corporate Account Customer is validly acting on behalf of such individuals and that the Corporate Account Customer has the authority of such individuals to provide their personal data to BOC and for BOC to collect, use, disclose and process such personal data for the Purposes.
22.4 In respect of any personal data that the Corporate Account Customer will be or may be disclosing or discloses to BOC, each party represents, undertakes and warrants that it shall:
(a) protect such personal data in its possession or under its control by making reasonable security arrangements (including, where appropriate, physical, administrative, procedural and information and communications technology measures) to prevent unauthorised or accidental access, collection, use, disclosure, copying, modification, disposal, or destruction of the personal data, or other similar risks, which meet the requirements of Data Protection Legislation;
(b) cease to retain such personal data as soon as it is reasonable to assume that retention is no longer necessary for legal or business purposes;
(c) be responsible for responding to requests and queries relating to such personal data that it receives from data subjects and/or supervisory authorities, and provide reasonable assistance to the other party in responding and queries it has received;
(d) restrict access to the personal data to only employees on a need to know basis, and ensure that its employees who may receive or have access to any personal data are aware of their confidentiality obligations and are adequately trained to handle the personal data;
(e) document its processing activities in accordance with the requirements of Data Protection Legislation;
(f) not do anything, or allow anything to be done through act or omission, which would cause the other party to incur any liability under Data Protection Legislation; and
(g) notify the other party as soon as possible if the integrity or security of the personal data is compromised.
22.5 Without prejudice to the foregoing sub-provisions, the Corporate Account Customer shall ensure that it complies with PDPA, and that the Corporate Account Customer will not do anything and not omit to do anything that will cause BOC and/or its related corporations to be in breach of any provision or requirement of the PDPA including regulations issued under the PDPA, whether now or in the future. .
22.6 BOC and the Corporate Account Customer will enter into the EU Model Clauses if BOC determines, at its sole discretion, that it is necessary. No transfer of personal data shall occur before the EU Model Clauses are signed by the parties.
22.7 Notwithstanding anything to the contrary, the Corporate Account Customer undertakes to indemnify and at all times hereafter to keep BOC and its related corporations (together with their respective officers, employees and agents) (each an "Injured Party") indemnified against any and all losses, damages, actions, proceedings, costs, claims, demands, liabilities (including full legal costs on a solicitor and own client basis) which may be suffered or incurred by the Injured Party or asserted against the Injured Party by any person or entity (including the Corporate Account Customer and its agents) whatsoever, in respect of any matter or event whatsoever arising out of, in the course of, by reason of or in respect of:
(a) any breach of its obligations under Data Protection Legislation by the Corporate Account Customer; and/or
(b) any breach of any of the provisions in this clause 22; and/or
(c) any action, omission or negligence by the Corporate Account Customer (including its officers, employees and agents) and/or any of its sub-contractors that causes or results in BOC and/or any of its related corporations to be in breach of Data Protection Legislation.
22.8 For the avoidance of doubt, in the event that any of the individuals whose personal data that the Corporate Account Customer has provided to BOC, withdraws his/her consent from, or seeks access or correction of his/her personal data with BOC, BOC is under no obligation to the Corporate Account Customer to notify the Corporate Account Customer of such withdrawal, access or correction request. Additionally, if as a result of such withdrawal of consent or access or correction request, BOC is unable to perform the contract with the Corporate Account Customer then BOC shall not be liable for any inability to perform where such inability arises from such withdrawal, access or correction request.
22.9 Any consent given pursuant to this Clause 22 in relation to personal data shall survive death, incapacity, bankruptcy or insolvency of any such individual and the termination or expiration of the Account, Services and/or these Terms and Conditions.
22.10 For the purposes of this clause 22,
"controller", "data subject" and "supervisory authority" has the meaning given to that terms in the GDPR.
"Data Protection Legislation" means (a) the PDPA; and/or (b) EU Data Protection Laws.
"EU Data Protection Laws" means any European legislation relating to the processing, privacy and use of personal data including, without limitation: (i) EU Council Directives 95/46/EC and 2002/58/EC; (ii) the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR"); (iii) any corresponding or equivalent national laws or regulations; or (iv) approved codes of conduct or approved certification mechanisms issued by any relevant regulatory authority.
"EU Model Clauses" means the standard contractual clauses for data transfers between two controllers, as published by the European Commission pursuant to EC Decision 2004/915/EC.
"PDPA" means Singapore's Personal Data Protection Act 2012 (No. 26 of 2012) including all subsidiary legislation enacted thereunder, whether now or in the future.
"personal data" shall have the meaning as defined in the applicable Data Protection Legislation.
"process" or "processes" or "processing" shall have the meaning as defined in the applicable Data Protection Legislation.
若有任何疑问,请致电24小时客服热线1800 66 95566 (本地)或+65 677 95566(海外)查询。
特此公告
中国银行股份有限公司新加坡分行
2020年12月7日
