Privacy Notice
Your Personal Data
We are Standard Chartered Group. We collect and process various types of data obtained directly from you as well as from other sources so that we can deliver our products and services to our clients and operate our business. Protecting your personal data is important to us.
Read more details in the privacy notice below. Choose the relevant notice based on your relationship with us.
Click here for the Chinese version.
SC PRIVACY NOTICE (Macau)
(BUSINESS AND CORPORATE BANKING)
Standard Chartered Bank, Macau Branch (the “Bank”)
Notice to Customers and Other Individuals relating to the Personal Data Protection Act No. 8/2005 of Macau SAR (the “Act”)
Protecting your personal data
Your personal data is important to us, and we want to make sure you know how we use and protect it. Personal data is information that either identifies you or is about you as an individual. In this privacy notice, we’ll explain how we collect, share, and process your personal data. We’ll also tell you about your rights and how you can exercise them. From time to time, we may also provide you where relevant, with additional privacy information in a separate notice for specific channels, products, services, businesses and activities.
In this privacy notice, “we”, “us” or “our”, refers to the Standard Chartered Group branch, subsidiary or legal entity operating under the Standard Chartered brand you interact with either directly or indirectly that processes your personal data and decides how it is collected and used. Standard Chartered Group means each of, or collectively, Standard Chartered PLC, its subsidiaries and affiliates, including each branch or representative office. Please refer to the ‘How to get in touch’ section of this privacy notice for details of the relevant Standard Chartered Group member(s) providing this privacy notice.
Some of our affiliates’ websites have their own brand identity and their own separate privacy notices to provide relevant information for specific products and services they provide. You should refer to the relevant privacy notices as directed by those affiliates in relation to how they use your personal data. This privacy notice does not apply to third-party websites where our online advertisements are displayed or to linked third-party websites we do not operate or control. These websites should have their own privacy notices, which you can read to understand how they collect and process your personal data and your rights.
We’ll update this privacy notice from time to time. You can find the current version date listed at the end of this privacy notice. If you have any questions or concerns about your personal data, please don’t hesitate to get in touch (you can find our details under ‘How to get in touch’ below).
What types of personal data do we collect?
We may collect the following types of personal data about you. In this privacy notice, “You” refers to you as an individual, as relevant if you are a representative of, or an individual directly or indirectly related to or associated with: (i) a company, business or organisation that is our business or corporate banking client; or (ii) a person or a company, business or organisation that has a relationship with our business or corporate banking client.
In addition, “You” has the same meaning as a “data subject” (defined below).
Personal data we collect with respect to business and corporate client relationships is primarily limited to the information on directors and officers, other employees, direct and indirect beneficial owners and authorised persons we need to enable us to meet our due diligence obligations, signatory details and contact information of individuals we interact with to enable the provision of products and services to clients.
If you give us someone else’s personal data, you must have their permission and explain to them how we’ll use it.
We may collect the following types of personal data about you, as relevant and allowed by law:
- Identification data – information that identifies (uniquely or semi uniquely) you. For example, your name, your date of birth, your gender, your user login credentials, your photographs, CCTV and video recordings of you and other identifiers, including official/government identifiers such as national identification number, passport number and tax identification number
- Contact data – information that allows addressing, sending or communicating a message to you. For example, your email address, your phone or mobile number and your residential or business address
- Professional data – information about your professional background
- Financial and commercial data – account and transaction information
- Geo-location data – information that provides or contains a device’s location. For example, your internet protocol (IP) address or your cookies identifier
- Behavioural data – analytics information that describes your behavioural characteristics relating to your use of our products and services. For example, usual transactional activities, browsing behaviour on our websites and how you interact as a user of our products and services, or those provided by third-party organisations, such as our advertising partners and social media platform providers
- Personal relationship data – information about associations or close connections between individuals or entities that can determine your identity. For example, spouse or employer relationships
- Communications data – information relating to you contained in voice, messaging, email, livechats and other communications we have with you. For example, service requests.
We may sometimes need to collect more sensitive personal data about you, but we only do this if it’s necessary and with your consent, or where allowed by law. This sensitive personal data may include things like:
- Racial or ethnic origin data – information which reveals your racial or ethnic origin
- Biometric data – information that identifies you physically. For example, facial recognition information, your fingerprint or voice recognition information
- Criminal convictions, proceedings or allegations data – information about criminal convictions or related information that we identify in relation to our financial crime prevention obligations, for example, details about any criminal convictions or related information. This includes details of offences or alleged offences or convictions.
We often collect your personal data directly from you, but we may also obtain your personal data from other sources as necessary, depending on the relevant products and services that we are providing, including from:
- People you know – such as other people you appoint to act on your behalf
- Businesses and other organisations – such as:
- Your employer and/or company, business or organisation you represent or is related to you
- Other financial institutions and financial service providers
- Strategic referral partners, including business alliance, co-branding partners or other companies or organisations that the Standard Chartered Group cooperates with based on our contractual arrangements or other joint ventures to provide relevant third-party products and services
- Service partners, such as advertising and market research companies and social media platform providers
- Credit reference and fraud prevention agencies
- Regulatory and other entities with authority over the Standard Chartered Group, such as tax authorities, law enforcement or authorities imposing financial sanctions
- Our corporate and business clients –where you receive the benefit of our services in relation to our contract with the company, business or organisation you interact with. For example, resolving payment disputes with our merchant clients
- Publicly available resources – such as online registers or directories or online publications, social media posts and other information that is publicly available
- Cookies – when you visit, browse, or use our websites, online banking or mobile applications, we may use cookies to automatically collect certain information from your device. We may use such information, where relevant, for internal analysis and troubleshooting, to recognise you and remember your preferences, to improve the quality of and to personalise our content and to determine the security status of your account. For more information on how we use cookies and how you can control them when visiting our websites, please see our Cookie Policy at https://www.sc.com/mo/cookie-policy/.
Why do we collect your personal data?
We collect your personal data so that we can provide our products and services, manage our relationship with our clients and to operate our business. This is necessary when you represent, or are associated with, other individuals, companies, businesses or organisations who bank with us, for example, if you act as a guarantor, employee, shareholder, director, officer or authorised person.
If you are associated with more than one account with Standard Chartered Group, we may link all your accounts and personal data to enable us to have an overall picture of our client relationships.
What we use your personal data for is often referred to as our purposes of processing. We do this by prior notification of the purposes of processing, with your consent where required by law, or where otherwise permitted or required by applicable law. We may not be able to offer or provide facilities, products and services if you do not provide us with or do not want us to process the personal data that we consider is necessary and/or is required to meet our legal and regulatory obligations.
Purposes of Processing
We process your personal data for the following purposes, as necessary to provide relevant products and services, depending on whether you represent, or are associated with, other individuals, companies, businesses or organisations who bank with us.
Assessing and providing products and services to our clients
This includes:
- assessing eligibility, merits and/or suitability of product and service offered by us or any member of Standard Chartered Group and process applications for clients; we may retain a record of the application if our eligibility criteria are not met
- assessing your suitability as an individual guarantor
- conducting relevant due diligence and know-your-customer (KYC) checks as required by applicable laws
- conducting credit checks (whether in respect of an application for, or modification of the terms of our products or services or during regular or special review which normally will take place once or more each year) and financial assessments as required by applicable laws and regulations
- setting credit limits for clients
- obtaining quotations, assisting with applications and interacting with strategic referral partners on behalf of clients for co-branding and other third-party products and services, such as insurance and wealth management products
- opening accounts
Managing banking relationships and administering client accounts
This includes:
- establishing, continuing and managing client banking relationships and accounts with us or, where applicable, any member of the Standard Chartered Group
- providing clients with appropriate access to our products and services, such as our online and mobile banking platforms
- operating, providing, reviewing and evaluating the products and services, offered by or through us or any member of Standard Chartered Group, to fulfil our contractual obligations with clients for products and services
- effecting and verifying transactions and acting on instructions or requests, such as transferring money between accounts and making payments to third parties for clients
- maintaining up-to-date records of authorised persons and signature lists
- maintaining statements detailing the amount of indebtedness owed to or by you
- administering, for example, credit facilities or loans for clients
- maintaining contact information
- responding to questions or managing any complaints, including monitoring social media conversations and posts to identify conversations, sentiments, and complaints about the Standard Chartered Group
- issuing notifications about changes to the terms and conditions of our products and services
- recording our communications for record-keeping and evidential purposes including online messages, email and telephone
- contacting clients relating to the products and services we are providing.
- facilitating open banking for clients, including with account information service providers.
Operating our business
This includes:
- managing authentication and user access controls for clients, for example, for online and mobile banking
- audits of our business operations
- creating and maintaining our credit scoring models relating to clients
- conducting relevant credit management activities, which includes maintaining client credit history for present and future reference, updating credit bureaus and credit reference agencies and ensuring ongoing credit worthiness and credit checks
- assisting other banks and third parties recover funds that have entered client accounts as a result of erroneous payments
- engaging in business operational management, such as performing administrative tasks relating to the products and services we provide, monitoring and reporting of our financial portfolio, risk management activities, audits and ensuring operation and security of our communications and processing systems, systems development and testing, business planning and decision-making.
Improving our products and services to our clients
This includes:
- developing, testing and analysing our systems, products and services
- monitoring and recording our communications with you, for example, phone calls, for training and quality purposes
- conducting market research and customer satisfaction surveys
- designing our products and services
- conducting marketing in relation to our products and services
- managing, monitoring and assessing the performance of any agent, contractor or third-party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to us in connection with the establishment, operation, maintenance or provision of our products and services
- conducting demographic analytics and gathering insights by aggregating data such as behavioural data from the use of our products and services and our applications to clients.
For further information on direct marketing, please refer to ‘When do we conduct direct marketing?’ section of this privacy notice.
Keeping you and our people safe
This includes:
- conducting identity verification security checks for building access
- using CCTV surveillance recordings at our branches and premises for the purposes of preventing and detecting fraud and/or other crimes, such as theft
- investigating and reporting on incidents or emergencies on our properties and premises
- for the security of our systems and networks in order to keep your data safe and confidential
- for other health and safety compliance purposes.
Detecting, investigating and preventing financial crimes
This includes:
- meeting or complying with Standard Chartered Group policies, including identifying individuals and performing investigative procedures, measures or arrangements for sharing data and information within the Standard Chartered Group
- any other use of data and information in accordance with any group-wide programmes for compliance with sanction or prevention or detection of money laundering, terrorist financing or other unlawful activities
- conducting identity verification security checks against government and other official centralised databases, as required by law
- monitoring and recording voice and electronic communications and screening applications and transactions in connection with actual or suspected fraud, financial crime or other criminal activities, for example to detect unusual transaction behaviour
- recording and monitoring voice and electronic communications with us, to the extent permitted by applicable laws, to ensure compliance with our legal and regulatory obligations and internal policies
- conducting checks against government and non-government third parties’ fraud prevention and other financial crime prevention databases to prevent money laundering, terrorism, fraud and other financial crimes, to protect you, our clients and the integrity of the financial market. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services or employment to you.
Complying with applicable laws, regulations and other requirements
This includes:
- meeting or complying with Standard Chartered Group policies, including identifying individuals and performing investigative procedures, measures or arrangements for sharing data and information within the Standard Chartered Group
- meeting or complying with (contractual or otherwise) any relevant local and foreign law, regulations, rules, directives, judgments or court orders, requests, guidelines, best or recommended practices, government sanctions, embargoes, reporting requirements, restrictions, demands from or agreements with any authority (including domestic or foreign tax authorities), court or tribunal, enforcement agency, or self-regulatory or industry bodies or associations of financial services providers, exchange body in any relevant jurisdiction where the Standard Chartered Group operates. The local tax authority may share or may require us to share information with other overseas tax authorities in accordance with applicable laws or regulations (for example, tax law and regulation relating to automatic exchange of financial account information). We may need to collect extra information from you for such purpose to comply with applicable laws or regulations
- following any voluntary guidelines or recommendations as may be updated from time to time issued by legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers in any relevant jurisdiction where the Standard Chartered Group operates.
Exercising Standard Chartered Group’s legal rights and conducting legal proceedings
This includes:
- tracing and exercising our rights and protecting ourselves against harm to our rights and interests
- retaining records as may be necessary as evidence for any potential litigation or investigation
- recovering debts and arrears
- conducting litigation to enforce our rights or the rights of any other member of the Standard Chartered Group
- obtaining professional advice
- investigating or making an insurance claim
- responding to any insurance related matter, action or proceeding
- defending or responding to any current or prospective legal, governmental or quasi-governmental, regulatory, or industry bodies or associations related matter, action or proceeding or for establishing, exercising or defending legal rights.
Facilitating Standard Chartered Group mergers, acquisitions, and divestments
This includes:
- evaluating our business and providing continuity of services after a transfer of our business as a result of a merger, acquisition, sale or divestment
- enabling an actual or potential assignee of all or any part of our business and/or asset or participant or sub-participant of our rights, to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation.
When do we conduct direct marketing
We may sometimes, and with your consent by providing additional privacy notice information as required by applicable laws, use your contact details to send you relevant marketing communications (such as by post, email, telephone, SMS, secure messages, mobile app or social media) for direct marketing purposes.
We may send the following types of communications (unless you have informed us that you do not wish to receive such communications):
- news, offers and promotions about our or other Standard Chartered Group products and services
- information about products and services from or relating to third parties, such as financial institutions, insurers, credit card companies, securities and investment, mobile wallets and digital payment services providers
- information about products and services offered by our co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant products and services, as the case may be)
- appeals by us or relevant third parties for charitable and/or non-profit making donations, sponsorships and contributions; and
- information and communication relating to our or relevant third-party seminars, webinars and other relevant events or opportunities.
We may conduct market research using demographic and insights analytics by aggregating the personal data that we hold about you to provide you with marketing communications, which are more relevant and tailored for you.
We may share limited information about you with social media platform providers we engage with for the purpose of online social media advertising where you have permitted us and the social media platform provider(s) to use cookies that support our marketing on these platforms. For example, to check whether you have an account with social media platform providers to ask them to display more relevant marketing communication messages to you about our products and services or to exclude you from receiving advertisements for our products and services which you already use.
For more information on how we use cookies in relation to marketing, please see our Cookie Policy at https://www.sc.com/mo/cookie-policy/.
You may withdraw your consent or opt-out from receiving such marketing communications in accordance with your rights by contacting us using the details in the ‘How to get in touch’ section below.
When do we use automated decision-making?
We may use the personal data we collect to conduct data analytics, including profiling and behavioural analysis, to make quicker automated decisions in our business operations and to evaluate your personal characteristics to predict outcomes and risks. We require that rules followed by such automated systems are designed to make fair and objective decisions. We may use artificial intelligence and machine learning to help improve our communications and client experience, make our business operational processes safer and more efficient and enable us to provide faster responses and improve turnaround time. For example, we may use automated decision-making for the following:
- Client digital onboarding processes – account opening approval processes using electronic Know-Your-Customer (eKYC) checks by verifying the authenticity of scanned identification documents and a photo through biometric facial recognition and liveliness check
- Operational efficiency – voicebots for call centre identification verification
- Client engagement – client marketing campaigns and communications to recommend more tailored products and services based on insights from your personal data and your interactions with robo advisors and chatbots.
- Risk management – monitoring of accounts and transactions to detect unusual activities to prevent fraud or money laundering, terrorism and other financial crimes (for example, detecting whether the use of credit card may be fraudulent) and approval of loan applications and credit decisions based on credit-scoring models.
For further information on your rights in relation to automated decisions that affect you, please refer to the ‘What are your personal data protection rights?’ section.
Who may we share your personal data with?
We may share your personal data within the Standard Chartered Group. Standard Chartered Group may share your personal data for the purposes of processing as set out in this privacy notice, including with our service providers, our business partners, other third parties and as required by law or requested by any authority. Who these are depends on your interactions with us as an individual.
We limit how, and with whom, we share your personal data, and take steps to ensure your personal data is kept confidential and protected when we share it. We may share your personal data for our purposes of processing with the following, where relevant and allowed by law:
- Other members of the Standard Chartered Group
- Authorised third parties
- actual or intended guarantors/sureties, trustees, beneficiaries, executors, authorised persons of our clients, any actual or potential participants or sub-participants in relation to any of our obligations in respect of any banking agreement, assignees, novatees or transferees (or any officers, employees, agents or advisers of any of them)
- any other person you have authorised us by your consent to share your personal data with.
- Third parties that can verify your information
- credit bureaus or credit reference agencies (including the operator of any centralised database used by credit reference agencies), credit protection providers, rating agencies, debt collection agencies, fraud prevention agencies and organisations
- other non-government third parties’ that conduct financial crime prevention databases checks to prevent money laundering, terrorism, fraud and other financial crimes.
- Our service partners
- professional advisers, such as auditors, legal counsel, conveyancers and asset valuation specialists
- insurers or insurance brokers
- service providers, such as operational, administrative, data processing and other technology service providers, including anyone engaged or partnered with to analyse and facilitate improvements or enhancements in Standard Chartered Group’s operations or provision of products and services
- providers of professional services, such as market researchers, forensic investigators and management consultants
- advertising companies and social media platform providers
- third-party product providers, for example, securities and investments providers, fund managers and insurance companies.
- Strategic referral partners
- business alliance, co-branding partners or other companies or organisations that the Standard Chartered Group cooperates with based on our contractual arrangements or other joint ventures to provide relevant third-party products and services
- charitable and non-profit organisations.
- Other financial services organisations
- other financial institutions, such as merchant banks, correspondent banks or national banks
- market infrastructure providers and securities clearing providers
- payment service providers, including mobile wallet and digital payment service providers, merchants, merchant acquiring companies, credit card companies, payment processors and card association members, payment-initiation and card-based payment instrument service providers such as VISA and Mastercard
- any financial institution and merchant acquiring company with which the client has or propose to have dealings.
- Government authorities, law enforcement agencies and others
- as required by law or as requested by any authority, which includes any government, quasi-government, regulator, administrative, regulatory or supervisory body, court, tribunal, enforcement agency, exchange body or domestic or foreign tax authorities, having jurisdiction over any Standard Chartered Group member whether within or outside your jurisdiction and whether or not that Standard Chartered Group member has a relationship with you
- self-regulatory or industry bodies or associations of financial services providers in any relevant jurisdiction where the Standard Chartered Group operates.
- Other third parties
- the individual, company, business or organisation, as applicable, that you represent or is related to you
- third parties in case of a merger, acquisition or divestment: if we transfer (or plan to transfer) or assign any part of our business or assets. If the transaction goes ahead, the interested party may use or disclose your personal information in the same way as set out in this privacy notice, and subsequently notify you of any changes they may make in terms with how they process your personal data
- any other person under a duty of confidentiality to us, including any other members of the Standard Chartered Group, which has undertaken to keep such information confidential.
Where do we transfer personal data?
Your personal data may be processed, stored, shared, transferred or disclosed by us within the Standard Chartered Group or with other third parties* for the purposes described in this privacy notice. We do this in order to operate effectively, efficiently and securely in facilitating transactions and providing products and services to our clients, to improve and support our processes and business operations and to comply with our legal and regulatory obligations. This may involve processing, storing, sharing, transferring or disclosing your personal data cross border to other jurisdictions, which may be subject to relevant local practices and laws, rules and regulations including right of access available to the overseas authorities.
* Please refer to our website (www.sc.com/mo) for the list of countries where such parties may be located.
Where recipients of your personal data are in jurisdictions that are outside Macau, and local laws may not have similar data protection laws as Macau, we will take all reasonable steps necessary to ensure that your personal data has an appropriate adequate level of protection and safeguards to comply with applicable laws.
How do we protect your personal data?
We take the privacy and security of your personal data very seriously. To protect your data, we have put in place a range of appropriate technical, physical and organisational measures to safeguard and keep your personal data confidential, for example, by using contracts with appropriate confidentiality, data protection and security terms in our arrangements with third parties. Standard Chartered Group has implemented information security data privacy policies, including incident management and reporting procedures, rules and technical measures to protect personal data and to comply with legal and regulatory requirements. We train and require staff who access your personal data to comply with our data privacy and security standards. We require our service providers, or other third parties we engage with and to whom we disclose your personal data to implement similar confidentiality, data privacy and security standards and measures when they handle, access or process your personal data.
Data subject(s) should be aware that the Internet is not a secure form of communication, and they must not send us any personal data over the Internet as this carries with it risks including the risk of access and interference by unauthorised third parties. Information passing over the Internet may be transmitted internationally (even when sender and recipient are located in the same country) via countries with weaker privacy and data protection laws than in the country of residence of a data subject.
How long do we keep your personal data?
For the purposes described in this privacy notice, we keep your personal data for business operational or legal reasons while you engage with us and may retain your personal data for a period of time afterwards, depending on the type of personal data, in accordance with our data retention policy standards and as required by applicable laws and regulations. We will delete, anonymise, destroy and/or stop using personal data when we no longer need it.
What are your personal data protection rights?
We respect your personal data, and you have the following rights about how we use your information:
- Your right to access your data – you have the right to check whether we hold personal data about you, and you can ask us for a copy of such data and information on how we have used it.
- Your right to correct your data – if your personal details have changed, or you believe we have incorrect or out-of-date information about you, you can ask us to update it.
- Your right to delete your data – you can ask us to delete your personal data. However, we may need certain personal details to provide our products and services to you.
- Your right to restrict or object to processing – you can ask us to stop using your data or change how we use it. However, we may need certain personal details to engage with you or provide our products and services to you.
- Your right to object to automated decision making – you can ask us to review a decision made solely by automated processing if it negatively impacts you.
- Your right not to provide consent or to change or to withdraw consent already provided – we may from time to time ask for your consent to process your personal data. You can choose not to provide such consent or let us know at any time if you change your mind about the consent already provided. However, we may not be able to provide our products and services or engage with you without certain personal data.
- Your right to withdraw from direct marketing – you can withdraw your consent and tell us to stop sending you marketing emails or invitations to surveys at any time.
We will respond to requests to exercise your personal data rights in line with applicable laws. We may ask you to verify your identity before processing your request. If you have any questions about your rights, please contact us using the details below.
How to get in touch
The following Standard Chartered Group company acts as the controller of your personal data in Macau:
Standard Chartered Bank, Macau Branch
The person to whom requests for access to or correction of data held by us, or for information regarding our data policies and practices and kinds of data held by us are to be addressed, is as follows:
THE BRANCH MANAGER
STANDARD CHARTERED BANK, MACAU BRANCH
P.O. BOX 3014, MACAU
Should you have any queries, please do not hesitate to contact either your relationship manager or our designated hotline 853-28786111.
Email : scb.macaubranch@sc.com
Got a complaint?
If you have any concerns or complaints about how we’re using your personal data, please talk to us. You can contact the branch or your Relationship Manager or get in touch with our Data Privacy Officer.
Cookies
Please see our separate Cookie Policy at https://www.sc.com/mo/cookie-policy/
In this document, unless inconsistent with the context or otherwise specified, the following words shall have the following meanings:
account(s) means, for each facility, service or product which we may from time to time make available to the data subjects, the account that is, opened and/or maintained in respect of it from time to time.
accountholder(s) means holder(s) of an account and includes joint accountholder(s) in case there is more than one holder for an account.
card means an ATM card, a debit card, a credit card, or a revolving card or all of them, as the context requires.
co-branding partner means a business partner of us and/or other member of the Standard Chartered Group, and the name of which can be found in the application form(s) for the relevant services and products, as the case may be.
data subjects include applicants for or accountholders for Facilities, Products and Services, customers, security providers, referees, corporate officers and managers (e.g. authorized signatories, contact persons, company secretary, directors, shareholders, beneficial owners of a corporate), suppliers, agents, contractors, service providers and other contractual counterparties and any third party transacting with or through us.
disclose or disclosing, in relation to personal data, includes disclose or disclosing information inferred from the data.
Please circulate this document to any and all data subject(s) relating to your account(s) at us.
Other Terms and Conditions
There may be specific terms and conditions in our banking and product agreements that govern the collection, use and disclosure of your personal data. Such other terms and conditions must be read in conjunction with this privacy notice.
Should there be any inconsistencies between the English and Chinese versions, the English version shall prevail.
This privacy notice will come into effect from the 30th of August, 2024.
APPENDIX 1: Credit Reference Agency
Under and in accordance with the terms of the Act and issued under the Act, any data subject has the right:
- to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access or correction request to the relevant credit reference agency or debt collection agency, and
- in relation to consumer credit data which has been provided by us to a credit reference agency, to instruct us upon termination of an account by full repayment to make a request to the credit reference agency to delete such data from its database, as long as the instruction is given within 5 years of termination and at no time the account has had a default of payment lasting in excess of 60 days within 5 years immediately before account termination. In the event the account has had a default of payment lasting in excess of 60 days, the data may be retained by the credit reference agency until the expiry of 5 years from the date of final settlement of the amount in default or 5 years from the date of discharge of a bankruptcy as notified to the credit reference agency whichever is earlier.
We may from time to time access the personal and account information or records of a data subject held by the credit reference agency for the purpose of reviewing any of the following matters in relation to the existing credit facilities granted to a data subject or a third party whose obligations are guaranteed by a data subject:
- an increase in the credit amount;
- the curtailing of credit (including the cancellation of credit or a decrease in the credit amount); and
- the putting in place or the implementation of a scheme of arrangement with the data subject or the
- third party.
We may have obtained a credit report on a data subject from a credit reference agency in considering any application for credit. In the event a data subject wishes to access the credit report, we will advise the contact details of the relevant credit reference agency.
Nothing in this notice shall limit the rights of data subjects under the Act.
SC PRIVACY NOTICE (Macau)
(RECRUITMENT)
Protecting your personal data
Your personal data is important to us, and we want to make sure you know how we use and protect it. Personal data is information that either identifies you or is about you as an individual. In this privacy notice, we’ll explain how we collect, share, and process your personal data. We’ll also tell you about your rights and how you can exercise them. From time to time, we may also provide you where relevant, with additional privacy information in a separate notice for specific channels, products, services, businesses and activities.
In this privacy notice, “we”, “us” or “our”, refers to the Standard Chartered Group branch, subsidiary or legal entity operating under the Standard Chartered brand you interact with either directly or indirectly that processes your personal data and decides how it is collected and used. Standard Chartered Group means each of, or collectively, Standard Chartered PLC, its subsidiaries and affiliates, including each branch or representative office. Please refer to the ‘How to get in touch’ section of this privacy notice for details of the relevant Standard Chartered Group member(s) providing this privacy notice.
Some of our affiliates’ websites have their own brand identity and their own separate privacy notices to provide relevant information for specific products and services they provide. You should refer to the relevant privacy notices as directed by those affiliates in relation to how they use your personal data. This privacy notice does not apply to third-party websites where our online advertisements are displayed or to linked third-party websites we do not operate or control. These websites should have their own privacy notices, which you can read to understand how they collect and process your personal data and your rights.
We’ll update this privacy notice from time to time. You can find the current version date listed at the end of this privacy notice. If you have any questions or concerns about your personal data, please don’t hesitate to get in touch (you can find our details under ‘How to get in touch’ below).
What types of personal data do we collect?
We may collect the following types of personal data about you, when you apply for a job with us or are engaged to provide services to us, as relevant and allowed by law. If you give us someone else’s personal data, you must have their permission and explain to them how we’ll use it:
- Identification data – information that identifies (uniquely or semi uniquely) you. For example, your name, your gender, your date of birth, your nationality, your photographs, CCTV and video recordings of you, video, photographic images or audio recordings submitted as part of the recruitment process, and other identifiers, including official/government identifiers such as national identification number, passport number and tax identification number
- Contact data – information that allows addressing, sending or communicating a message to you. For example, your email address, your phone or mobile number and your residential address
- Professional data – information about your educational or professional background. For example, academic background (such as your university or school diplomas/certificates and other educational achievements), current and previous employment details (including salary/bonus and employee benefits scheme), curriculum vitae/resume, professional qualifications, references and work visa
- Financial and commercial data – information that identifies your financial position and background, status and history as necessary. For example, your credit reports, payslips and other financial information
- Geo-location data – information that provides or contains a device’s location. For example, your internet protocol (IP) address or your cookies identifier
- Behavioural data – analytics information that describes your behavioural characteristics. For example, results of any pre-employment testing such as psychometric testing
- Personal relationship data – information about associations or close connections between individuals or entities that can determine your identity. For example, politically exposed person, public official, client, close personal or close financial relationships
- Communications data – information relating to you contained in voice, messaging, email and other communications we have with you, for example, via online forms.
We may sometimes need to collect more sensitive personal data about you, but we only do this if it’s necessary and with your consent, or where allowed by law. This sensitive personal data may include things like:
- Racial or ethnic origin data – information which reveals your racial or ethnic origin
- Sexual orientation and gender identity data – information concerning your sex life or sexual orientation
- Criminal convictions, proceedings or allegations data – information about criminal convictions or related information that we identify in relation to our financial crime prevention obligations, for example, details about any criminal convictions or related information. This includes details of offences or alleged offences or convictions.
We are committed to providing equal opportunities and fair treatment in employment and recruitment. As part of this, we ask optional demographic questions as part of our application process and throughout the employment lifecycle. This sensitive data is treated confidentially and is only shared with authorised parties. You have the choice not to answer these questions.
We usually get your personal data directly from you, but we may also obtain your personal data from other sources as necessary, including from:
- People you know – such as:
- friends or relatives who have referred you to us
- your previous employers
- recruitment agencies
- other people you appoint to act as your referees
- other people you appoint to act on your behalf
- Businesses and other organisations – such as:
- your employer and/or company, business or organisation you represent or is related to you
- credit reference and fraud prevention agencies
- criminal records bureau
- Standard Chartered career webpage
- social network sites, for example LinkedIn, Facebook and Google+
- Publicly available resources – such as online directories, career platforms, publications, social media posts and other information that is publicly available
- Cookies – when you visit, browse, or use our websites, online banking or mobile applications, we may use cookies to automatically collect certain information from your device. We may use such information, where relevant, for internal analysis and troubleshooting, to recognise you and remember your preferences, to improve the quality of and to personalise our content and to determine the security status of your account. For more information on how we use cookies and how you can control them when visiting our websites, please see our Cookie Policy at https://www.sc.com/mo/cookie-policy/.
Our recruitment activities are generally not aimed at minors (normally this means if you are under 18 years old, but this might be younger depending on where you live). If you are a minor in the relevant jurisdiction, you must obtain the consent of your parents or guardian before contacting us in relation to recruitment.
Why do we collect your personal data?
We collect your personal data so that we can manage our recruitment process and to operate our business.
We generally process your personal data with your consent where required by law or where otherwise permitted or required by applicable laws.
What we use your personal data for is often referred to as our purposes of processing and these are detailed below. We do this by prior notification of the purposes of processing, with your consent where required by law, or where otherwise permitted or required by applicable law. We may not be able to proceed with your job application if you do not provide us with the necessary personal data or do not want us to process the personal data that we consider is necessary and/or is required to meet our legal and regulatory obligations.
Purposes of Processing
We process your personal data for the following purposes, as necessary:
Assessing and processing your job application
This includes:
- reviewing your application (which may include interview videos)
- assessing your skills, qualifications and suitability for the job role or engagement you applied for (including results of psychometric tests)
- processing your application
- conducting pre-employment or pre-engagement searches, background checks to verify your identity
- obtaining references
- communicating with you in relation to your application. We may also notify you of other potential career opportunities or job vacancies that we think might suit you.
Improving our applicant screening procedures
This includes:
- engaging in business operational management, such as performing administrative tasks, risk management activities, audits and ensuring operation and security of our communications and processing systems
- auditing business operations
- gathering insights by aggregating data from our recruitment process to improve the recruitment process, including the process of screening job applicants.
Keeping you and our people safe
This includes:
- conducting identity verification security checks for building access
- investigating and reporting on incidents or emergencies on our properties and premises
- for the security of our systems and networks in order to keep your data safe and confidential
- for other health and safety compliance purposes.
Detecting, investigating and preventing financial crimes
This includes:
- meeting or complying with Standard Chartered Group policies, including identifying individuals and performing investigative procedures, measures or arrangements for sharing data and information within the Standard Chartered Group
- conducting pre-employment or engagement identity verification screening, including searches with a credit reference agency, sanctions screening checks and criminal record checks to the extent permitted by applicable laws
- recording and monitoring voice and electronic communications with us, to the extent permitted by applicable laws, to ensure compliance with our legal and regulatory obligations and internal policies.
Complying with applicable laws, regulations and other requirements
This includes:
- meeting or complying with Standard Chartered Group policies, including identifying individuals and performing investigative procedures, measures or arrangements for sharing data and information within the Standard Chartered Group
- meeting or complying with (contractual or otherwise) any relevant local and foreign law, regulations, rules, directives, judgments or court orders, requests, guidelines, best or recommended practices, government sanctions, embargoes, reporting requirements, restrictions, demands from or agreements with any authority (including domestic or foreign tax authorities), court or tribunal, enforcement agency, self-regulatory or industry bodies or associations of financial services providers or exchange body in any relevant jurisdiction where the Standard Chartered Group operates
- following any voluntary guidelines or recommendations as may be updated from time to time issued by legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers in any relevant jurisdiction where the Standard Chartered Group operates.
Exercising Standard Chartered Group’s legal rights and conducting legal proceedings
This includes:
- tracing and exercising our rights and protecting ourselves against harm to our rights and interests
- retaining records as may be necessary as evidence for any potential litigation or investigation
- conducting litigation to enforce our rights or the rights of any other member of the Standard Chartered Group
- obtaining professional advice
- investigating or making an insurance claim
- responding to any insurance related matter, action or proceeding
- defending or responding to any current or prospective legal, governmental or quasi-governmental, regulatory, or industry bodies or associations related matter, action or proceeding or for establishing, exercising or defending legal rights.
When do we conduct direct marketing?
We may sometimes, and with your consent by providing additional privacy notice information as required by applicable laws, use your contact details to send relevant marketing communications (such as by post, email, telephone, SMS, secure messages, mobile app or social media) for direct marketing purposes.
We may send the following types of communications (unless you have informed us that you do not wish to receive such communications):
- job opportunities
- seminars and webinars
- other events or opportunities.
We may share limited information about you with social media platform providers we engage with for the purpose of online social media advertising where you have permitted us and the social media platform provider(s) to use cookies that support our marketing on these platforms. For example, to check whether you have an account with social media platform providers to ask them to display more relevant marketing communication messages to you about our job opportunities.
For more information on how we use cookies in relation to marketing, please see our Cookie Policy at https://www.sc.com/mo/cookie-policy/.
You may withdraw your consent or opt-out from receiving such marketing communications in accordance with your rights by contacting us using the details in the ‘How to get in touch’ section below.
When do we use automated decision-making?
We may use the personal data we collect to conduct data analytics, including profiling and behavioural analysis, to make quicker automated decisions in our business operations and to evaluate your personal characteristics to predict outcomes and risks. We require that rules followed by such automated systems are designed to make fair and objective decisions. We may use artificial intelligence and machine learning to help improve our communications and candidate experience, make our recruitment process safer and more efficient and enable us to provide faster responses and improve turnaround time. For example, we may use automated decision-making for psychometric testing in the recruitment process.
For further information on your rights in relation to automated decisions that affect you, please refer to the ‘What are your personal data protection rights?’ section.
Who may we share your Personal Data with?
We may share your personal data within the Standard Chartered Group. Standard Chartered Group may share your personal data for the purposes of processing as set out in this privacy notice, including with our service providers, our business partners, other third parties and as required by law or requested by any authority. Who these are depends on your interactions with us as an individual.
We limit how, and with whom, we share your personal data, and take steps to ensure your personal data is kept confidential and protected when we share it. We may share your personal data for our purposes of processing with the following, where relevant and allowed by law:
- Other members of the Standard Chartered Group
- Authorised third parties
- any other person you have authorised us by your consent to share your personal data with.
- Third parties that can verify your information
- ex-employers
- credit bureaus or credit reference agencies (including the operator of any centralised database used by credit reference agencies), fraud prevention agencies and organisations.
- Our service partners
- recruitment agencies
- professional advisers, such as auditors and legal counsel
- insurers or insurance brokers
- service providers, such as operational, administrative, data processing and other technology service providers, including anyone engaged or partnered with to analyse and facilitate improvements or enhancements in Standard Chartered Group’s operations or provision of products and services
- providers of professional services, such as screening and authentication providers, pre-employment health test providers, market researchers and management consultants
- advertising companies and social media platform providers
- Government authorities, law enforcement agencies and others
- as required by law or as requested by any authority, which includes any government, quasi-government, regulator, administrative, regulatory or supervisory body, court, tribunal, enforcement agency, exchange body or domestic or foreign tax authorities, having jurisdiction over any Standard Chartered Group member whether within or outside your jurisdiction and whether or not that Standard Chartered Group member has a relationship with you
- self-regulatory or industry bodies or associations of financial services providers in any relevant jurisdiction where the Standard Chartered Group operates.
- Other third parties
- third parties in case of a merger, acquisition or divestment: if we transfer (or plan to transfer) any part of our business or assets. If the transaction goes ahead, the interested party may use or disclose your personal information in the same way as set out in this privacy notice, and subsequently notify you of any changes they may make in terms with how they process your personal data
- any other person under a duty of confidentiality to us, including any other members of the Standard Chartered Group, which has undertaken to keep such information confidential.
Where do we transfer your Personal Data?
Your personal data may be processed, kept, stored, shared, transferred or disclosed by us within the Standard Chartered Group or with other third parties* for the purposes described in this privacy notice. We do this in order to improve and support our processes and business operations and to comply with our legal and regulatory obligations. This may involve processing, keeping, storing, sharing, transferring or disclosing your personal data locally or cross border to other jurisdictions, which may be subject to relevant local practices and laws, rules and regulations including right of access available to the overseas authorities.
* Please refer to our website (www.sc.com/mo) for the list of countries where such parties may be located.
Where recipients of your personal data are in jurisdictions that are outside Macau, and local laws may not have similar data protection laws as Macau, we will take all reasonable steps necessary to ensure that your personal data has an appropriate adequate level of protection and safeguards to comply with applicable laws.
How do we protect your personal data?
We take the privacy and security of your personal data very seriously. To protect your data, we have put in place a range of appropriate technical, physical and organisational measures to safeguard and keep your personal data confidential, for example, by using contracts with appropriate confidentiality, data protection and security terms in our arrangements with third parties. Standard Chartered Group has implemented information security data privacy policies, including incident management and reporting procedures, rules and technical measures to protect personal data and to comply with legal and regulatory requirements. We train and require staff who access your personal data to comply with our data privacy and security standards. We require our service providers, or other third parties we engage with and to whom we disclose your personal data to implement similar confidentiality, data privacy and security standards and measures when they handle, access or process your personal data.
How long do we keep your personal data?
For the purposes described in this privacy notice, we keep your personal data for business operational or legal reasons while you engage with us and may retain your personal data for a period of time afterwards, depending on the type of personal data, in accordance with our data retention policy standards and as required by applicable laws and regulations. We will delete, anonymise, destroy and/or stop using personal data when we no longer need it.
What are your personal data protection rights?
We respect your personal data, and you have the following rights about how we use your information:
- Your right to access your data – you have the right to check whether we hold personal data about you, and you can ask us for a copy of such data and information on how we have used it.
- Your right to correct your data – if your personal details have changed, or you believe we have incorrect or out- of-date information about you, you can ask us to update it.
- Your right to delete your data – you can ask us to delete your personal data. However, we may need certain personal details to provide our products and services to you
- Your right to restrict or object to processing – you can ask us to stop using your data or change how we use it. However, we may need certain personal details to engage with you or provide our products and services to you.
- Your right to object to automated decision making – you can ask us to review a decision made solely by automated processing if it negatively impacts you.
- Your right not to provide consent or to change or to withdraw consent already provided – we may from time to time ask for your consent to process your personal data. You can choose not to provide such consent or let us know at any time if you change your mind about the consent already provided. However, we may not be able to provide our products and services or engage with you without certain personal data.
- Your right to withdraw from direct marketing – you can withdraw your consent and tell us to stop sending you marketing emails or invitations to surveys at any time.
We will respond to requests to exercise your personal data rights in line with applicable laws. We may ask you to verify your identity before processing your request. If you have any questions about your rights, please contact us using the details below.
How to get in touch
The following Standard Chartered Group company acts as the controller of your personal data in Macau:
Standard Chartered Bank Macau Branch
The person to whom requests for access to or correction of data held by us, or for information regarding our data policies and practices and kinds of data held by us are to be addressed, is as follows:
The Data Privacy Officer
Standard Chartered Bank Macau Branch
P.O. Box 3014 Macau
Macau
Email: scb.macaubranch@sc.com
Should you have any queries, please do not hesitate to contact our designated hotline 853-28786111.
Got a complaint?
If you have any concerns or complaints about how we’re using your personal data, please talk to us. You can get in touch with our Data Privacy Officer.
Cookies
Please see our separate Cookie Policy at https://www.sc.com/mo/cookie-policy/
Other Terms and Conditions
There may be specific terms and conditions in our recruitment process that govern the collection, use and disclosure of your personal data. Such other terms and conditions must be read in conjunction with this privacy notice.
This privacy notice will come into effect from the 30th of August, 2024.
In the case of discrepancies between the English and Chinese versions of this privacy notice, the English version shall apply and prevail.
Nothing in this notice shall limit your rights under the Personal Data Protection Act No. 8/2005 of Macau SAR.
SC PRIVACY NOTICE (Macau)
(VENDORS)
Protecting your personal data
Your personal data is important to us, and we want to make sure you know how we use and protect it. Personal data is information that either identifies you or is about you as an individual. In this privacy notice, we’ll explain how we collect, share, and process your personal data. We’ll also tell you about your rights and how you can exercise them. From time to time. we may also provide you where relevant, with additional privacy information in a separate notice for specific channels, products, services, businesses and activities.
In this privacy notice, “we”, “us” or “our”, refers to the Standard Chartered Group branch, subsidiary or legal entity operating under the Standard Chartered brand you interact with either directly or indirectly that processes your personal data and decides how it is collected and used. Standard Chartered Group means each of, or collectively, Standard Chartered PLC, its subsidiaries and affiliates, including each branch or representative office. Please refer to the ‘How to get in touch’ section of this privacy notice for details of the relevant Standard Chartered Group member(s) providing this privacy notice.
Some of our affiliates’ websites have their own brand identity and their own separate privacy notices to provide relevant information for specific products and services they provide. You should refer to the relevant privacy notices as directed by those affiliates in relation to how they use your personal data. This privacy notice does not apply to third-party websites where our online advertisements are displayed or to linked third-party websites we do not operate or control. These websites should have their own privacy notices, which you can read to understand how they collect and process your personal data and your rights.
We’ll update this privacy notice from time to time. You can find the current version date listed at the end of this privacy notice. If you have any questions or concerns about your personal data, please don’t hesitate to get in touch (you can find our details under ‘How to get in touch’ below).
What types of personal data do we collect?
We may collect the following types of personal data about you. In this privacy notice, “You” refers to you as an individual, as relevant if you are:
- an individual vendor;
- a representative of, or an individual related to, an individual vendor; or
- a representative of, or an individual related to a company, business or organisation that is our business or corporate vendor.
Personal data we collect with respect to our vendors is primarily limited to the information on directors and officers, other employees, direct and indirect beneficial owners and authorised persons we need to enable us to meet our due diligence obligations, signatory details and contact information of individuals we interact with to enable the provision of products and/or services to the Standard Chartered Group.
If you give us someone else’s personal data, you must have their permission and explain to them how we’ll use it.
We may collect the following types of personal data about you, as relevant and allowed by law:
- Identification data – information that identifies (uniquely or semi uniquely) you. For example, your name, your photographs, CCTV and video recordings of you, building access data to our premises and other identifiers, including official/government identifiers such as national identification number, passport number and tax identification number
- Contact data – information that allows addressing, sending or communicating a message to you. For example, your email address, your phone or mobile number and your residential or business address
- Professional data – information about your educational or professional background. For example, occupation, title, licenses, and professional memberships, documents evidencing industrial track-record, client testimonials, current and previous employment details, curriculum vitae/resume, professional qualifications, references and work visa
- Personal relationship data – information about associations or close connections between individuals or entities that can determine your identity. For example, the agency, company, business or organisation you represent or is related to you
- Communications data – information relating to you contained in voice, messaging, email and other communications we have with you.
We usually get your personal data directly from you, but we may also obtain your personal data from other sources as necessary, including from:
- People you know –such as your colleagues, contractors and associates
- Businesses and other organisations – such as:
- your employer and/or company, business or organisation you represent or is related to you
- other financial institutions and financial service providers
- Publicly available resources – such as online registers or directories or online publications, social media posts and other information that is publicly available
- Cookies – when you visit, browse, or use our websites, online banking or mobile applications, we may use cookies to automatically collect certain information from your device. We may use such information, where relevant, for internal analysis and troubleshooting, to recognise you and remember your preferences, to improve the quality of and to personalise our content and to determine the security status of your account. For more information on how we use cookies and how you can control them when visiting our websites, please see our Cookie Policy at https://www.sc.com/mo/cookie-policy/.
Why do we collect your personal data?
We collect your personal data so that we can manage our relationship with you, or the individual, company, business or organisation you represent or is related to, and to operate our business.
We generally process your personal data with your consent where required by law or where otherwise permitted or required by applicable laws.
What we use your personal data for is often referred to as our purposes of processing and these are detailed below. We do this by prior notification of the purposes of processing, with your consent where required by law, or where otherwise permitted or required by applicable law. You or the individual, company, business or organisation that you are related to or represent, may not be able to offer or provide products and/or services to us if you do not provide us with the necessary personal data or do not want us to process the personal data that we consider is necessary and/or is required to meet our legal and regulatory obligations.
Purposes of Processing
We process your personal data for the following purposes, as necessary, depending on whether you provide goods and/or services to us directly or you represent, or are associated with, other individuals, companies, businesses or organisations who provide goods and/or services to us.
Onboarding, managing and monitoring our vendor relationships
This includes:
- conducting vendor due diligence at onboarding, contract renewal and as required during the contract performance
- engaging with you as a representative of our vendor/service provider for the purpose of providing goods and/or services to us
- creating and maintaining our vendor account
- contacting you
- monitoring the performance of vendor contracts
- settling bills and accounts
Operating our business
This includes:
- engaging in business operational management, such as performing administrative tasks, risk management activities, audits and ensuring operation and security of our communications and processing systems
- developing, testing and analysing our systems, products and services, for example, to offer a well-functioning website or other applications to users
- monitoring and recording our communications with you, for example, phone calls, for training and quality purposes.
Keeping you and our people safe
This includes:
- conducting identity verification security checks for building access
- using CCTV surveillance recordings at our premises for the purposes of preventing and detecting fraud and/or other crimes, such as theft
- investigating and reporting on incidents or emergencies on our properties and premises
- for the security of our systems and networks in order to keep your data safe and confidential
- for other health and safety compliance purposes.
Detecting, investigating and preventing financial crimes
This includes:
- meeting or complying with Standard Chartered Group policies, including identifying individuals and performing investigative procedures, measures or arrangements for sharing data and information within the Standard Chartered Group
- any other use of data and information in accordance with any group-wide programmes for compliance with sanction or prevention or detection of money laundering, terrorist financing or other unlawful activities
- conducting identity verification security checks against government and other official centralised databases, as required by law
- monitoring and recording voice and electronic communications and screening applications and transactions in connection with actual or suspected fraud, financial crime or other criminal activities
- recording and monitoring voice and electronic communications with us, to the extent permitted by applicable laws, to ensure compliance with our legal and regulatory obligations and internal policies.
Complying with applicable laws, regulations and other requirements
This includes:
- meeting or complying with Standard Chartered Group policies, including identifying individuals and performing investigative procedures, measures or arrangements for sharing data and information within the Standard Chartered Group
- meeting or complying with (contractual or otherwise) any relevant local and foreign law, regulations, rules, directives, judgments or court orders, requests, guidelines, best or recommended practices, government sanctions, embargoes, reporting requirements, restrictions, demands from or agreements with any authority (including domestic or foreign tax authorities), court or tribunal, enforcement agency , self-regulatory or industry bodies or associations of financial services providers, or exchange body in any relevant jurisdiction where the Standard Chartered Group operates
- following any voluntary guidelines or recommendations as may be updated from time to time issued by legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers in any relevant jurisdiction where the Standard Chartered Group operates.
Exercising Standard Chartered Group’s legal rights and conducting legal proceedings
This includes:
- tracing and exercising our rights and protecting ourselves against harm to our rights and interests
- retaining records as may be necessary as evidence for any potential litigation or investigation
- recovering debts and arrears
- conducting litigation to enforce our rights or the rights of any other member of the Standard Chartered Group
- obtaining professional advice
- investigating or making an insurance claim
- responding to any insurance related matter, action or proceeding
- defending or responding to any current or prospective legal, governmental or quasi-governmental, regulatory, or industry bodies or associations related matter, action or proceeding or for establishing, exercising or defending legal rights.
Who may we share your personal data with?
We may share your personal data within the Standard Chartered Group. Standard Chartered Group may share your personal data for the purposes of processing as set out in this privacy notice, including with our other service providers, our business partners, other third parties and as required by law or requested by any authority. Who these are depends on your interactions with us an individual.
We limit how, and with whom, we share your personal data, and take steps to ensure your personal data is kept confidential and protected when we share it. We may share your personal data for our purposes of processing with the following, where relevant and allowed by law:
- Other members of the Standard Chartered Group
- Authorised third parties
- any other person you have authorised us by your consent to share your personal data with.
- Third parties that can verify your information
- credit bureaus or credit reference agencies (including the operator of any centralised database used by credit reference agencies) and fraud prevention agencies and organisations
- other non-government third parties’ that conduct financial crime prevention databases checks to prevent money laundering, terrorism, fraud and other financial crimes.
- Our service partners
- professional advisers, such as auditors and legal counsel
- insurers or insurance brokers
- service providers, such as operational, administrative, data processing and other technology service providers, including anyone engaged or partnered with to analyse and facilitate improvements or enhancements in Standard Chartered Group’s operations or provision of products and services
- providers of professional services, such as market researchers, forensic investigators and management consultants
- advertising companies and social media platform providers.
- Other financial services organisations
- other financial institutions, such as merchant banks, correspondent banks or national banks.
- Government authorities, law enforcement agencies and others
- as required by law or as requested by any authority, which includes any government, quasi-government, regulator, administrative, regulatory or supervisory body, court, tribunal, enforcement agency, exchange body or domestic or foreign tax authorities, having jurisdiction over any Standard Chartered Group member whether within or outside your jurisdiction and whether or not that Standard Chartered Group member has a relationship with you
- self-regulatory or industry bodies or associations of financial services providers in any relevant jurisdiction where the Standard Chartered Group operates.
- Other third parties
- the individual, company, business or organisation, as applicable, that you represent or is related to you
- third parties in case of a merger, acquisition or divestment: if we transfer (or plan to transfer) or assign any part of our business or assets. If the transaction goes ahead, the interested party may use or disclose your personal information in the same way as set out in this privacy notice, and subsequently notify you of any changes they may make in terms with how they process your personal data
- any other person under a duty of confidentiality to us, including any other members of the Standard Chartered Group, which has undertaken to keep such information confidential.
Where do we transfer personal data?
Your personal data may be processed, kept, stored, shared, transferred or disclosed by us within the Standard Chartered Group or with other third parties* for the purposes described in this privacy notice. We do this in order to operate effectively, efficiently and securely in facilitating transactions and providing products and services to our clients, to improve and support our processes and business operations and to comply with our legal and regulatory obligations. This may involve processing, keeping storing, sharing, transferring or disclosing your personal data locally or cross border to other jurisdictions, which may be subject to relevant local practices and laws, rules and regulations including right of access available to the overseas authorities.
* Please refer to our website (www.sc.com/mo) for the list of countries where such parties may be located.
Where recipients of your personal data are in jurisdictions that are outside Macau, and local laws may not have similar data protection laws as Macau, we will take all reasonable steps necessary to ensure that your personal data has an appropriate adequate level of protection and safeguards to comply with applicable laws.
How do we protect your personal data?
We take the privacy and security of your personal data very seriously. To protect your data, we have put in place a range of appropriate technical, physical and organisational measures to safeguard and keep your personal data confidential, for example, by using contracts with appropriate confidentiality, data protection and security terms in our arrangements with third parties. Standard Chartered Group has implemented information security data privacy policies, including incident management and reporting procedures, rules and technical measures to protect personal data and to comply with legal and regulatory requirements. We train and require staff who access your personal data to comply with our data privacy and security standards. We require our service providers, or other third parties we engage with and to whom we disclose your personal data to implement similar confidentiality, data privacy and security standards and measures when they handle, access or process your personal data.
How long do we keep your personal data?
For the purposes described in this privacy notice, we keep your personal data for business operational or legal reasons while you engage with us and may retain your personal data for a period of time afterwards, depending on the type of personal data, in accordance with our data retention policy standards and as required by applicable laws and regulations. We will delete, anonymise, destroy and/or stop using personal data when we no longer need it.
What are your personal data protection rights?
We respect your personal data, and you have the following rights about how we use your information:
- Your right to access your data – you have the right to check whether we hold personal data about you, and you can ask us for a copy of such data and information on how we have used it.
- Your right to correct your data – if your personal details have changed, or you believe we have incorrect or out-of- date information about you, you can ask us to update it.
- Your right to delete your data – you can ask us to delete your personal data. However, we may need certain personal details to provide our products and services to you.
- Your right to restrict or object to processing – you can ask us to stop using your data or change how we use it. However, we may need certain personal details to engage with you or provide our products and services to you.
- Your right to object to automated decision making – you can ask us to review a decision made solely by automated processing if it negatively impacts you.
- Your right not to provide consent or to change or to withdraw consent already provided – we may from time to time ask for your consent to process your personal data. You can choose not to provide such consent or let us know at any time if you change your mind about the consent already provided. However, we may not be able to provide our products and services or engage with you without certain personal data.
We will respond to requests to exercise your personal data rights in line with applicable laws. We may ask you to verify your identity before processing your request. If you have any questions about your rights, please contact us using the details below.
How to get in touch
The following Standard Chartered Group company acts as the controller of your personal data in Macau:
Standard Chartered Bank Macau Branch
The person to whom requests for access to or correction of data held by us, or for information regarding our data policies and practices and kinds of data held by us are to be addressed, is as follows:
The Data Privacy Officer
Standard Chartered Bank Macau Branch
P.O. Box 3014
Macau
Email: scb.macaubranch@sc.com
Should you have any queries, please do not hesitate to contact either your relationship manager or our designated hotline 853-28786111.
Got a complaint?
If you have any concerns or complaints about how we’re using your personal data, please talk to us. You can get in touch with our Data Privacy Officer.
Cookies
Please see our separate Cookie Policy at https://www.sc.com/mo/cookie-policy/
Other Terms and Conditions
There may be specific terms and conditions in our vendor agreements that govern the collection, use and disclosure of your personal data. Such other terms and conditions must be read in conjunction with this privacy notice.
This privacy notice will come into effect from the 30th of August, 2024.
In the case of discrepancies between the English and Chinese versions of this privacy notice, the English version shall apply and prevail.
Nothing in this notice shall limit your rights under the Personal Data Protection Act No. 8/2005 of Macau SAR.
SC PRIVACY NOTICE (Macau)
(VISITORS AND OTHER NON-CLIENTS)
Protecting your personal data
Your personal data is important to us, and we want to make sure you know how we use and protect it. Personal data is information that either identifies you or is about you as an individual. In this privacy notice, we’ll explain how we collect, share, and process your personal data. We’ll also tell you about your rights and how you can exercise them. From time to time, we may also provide you where relevant, with additional privacy information in a separate notice for specific channels, products, services, businesses and activities.
In this privacy notice, “we”, “us” or “our”, refers to the Standard Chartered Group branch, subsidiary or legal entity operating under the Standard Chartered brand you interact with either directly or indirectly that processes your personal data and decides how it is collected and used. Standard Chartered Group means each of, or collectively, Standard Chartered PLC, its subsidiaries and affiliates, including each branch or representative office. Please refer to the ‘How to get in touch’ section of this privacy notice for details of the relevant Standard Chartered Group member(s) providing this privacy notice.
Some of our affiliates’ websites have their own brand identity and their own separate privacy notices to provide relevant information for specific products and services they provide. You should refer to the relevant privacy notices as directed by those affiliates in relation to how they use your personal data. This privacy notice does not apply to third-party websites where our online advertisements are displayed or to linked third-party websites we do not operate or control. These websites should have their own privacy notices, which you can read to understand how they collect and process your personal data and your rights.
We’ll update this privacy notice from time to time. You can find the current version date listed at the end of this privacy notice. If you have any questions or concerns about your personal data, please don’t hesitate to get in touch (you can find our details under ‘How to get in touch’ below).
What types of personal data do we collect?
We may collect the following types of personal data about you. In this privacy notice, “You” refers to you as an individual, as relevant if you are:
- a visitor to our websites, social media pages or premises
- a marketing recipient, for example, where you take part in responding to our surveys, quizzes, invitations to events or webinars
- a sponsorship or donation beneficiary
- a subscriber, where you subscribe to receive our publications, reports and research
- someone who contacts us for information
- someone who reports an issue or complaint, for example, via an online form or through email
- a payment transaction beneficiary or remitter; or
- any other individual who is not a client or related to a client, a recruitment job applicant, a vendor/service provider or a shareholder.
If you give us someone else’s personal data, you must have their permission and explain to them how we’ll use it.
We may collect the following types of personal data about you, as relevant and allowed by law:
- Identification data – information that identifies (uniquely or semi uniquely) you. For example, your name, your photographs, CCTV and video recordings of you, building access data to our premises, social media profile details and other identifiers, including official/government identifiers such as national identification number, passport number and tax identification number if you make a report, for example, via an online form or through email
- Contact data – information that allows addressing, sending or communicating a message to you. For example, your email address, your phone or mobile number and your residential or business address
- Professional data – information about your educational or professional background, for example, if you make a report via an online form or through email
- Financial and commercial data – information that identifies your financial history. For example, your bank account number when you are the recipient of a payment by our client
- Geo-location data – information that provides or contains a device’s location. For example, your internet protocol (IP) address or your cookies identifier
- Behavioural data – analytics information that describes your behavioural characteristics relating to your use of our products and services. For example, usual transactional activities, browsing behaviour on our websites and how you interact as a user of our products and services, or those provided by third-party organisations, such as our advertising partners and social media platform providers
- Personal relationship data – information about associations or close connections between individuals or entities that can determine your identity. For example, the agency, company, business or organisation you represent or is related to you
- Communications data – information relating to you contained in voice, messaging, email, livechats and other communications we have with you. For example, via online forms and online subscriptions.
We may sometimes need to collect more sensitive personal data about you if you make a report, for example, via an online form or through email, but we only do this if it’s necessary and with your consent, or where allowed by law. This sensitive personal data may include things like:
- Racial or ethnic origin data – information which reveals your racial or ethnic origin
- Political data – information which reveals your political opinions
- Religious or philosophical data – information which reveals religious or philosophical beliefs
- Trade union data – information which reveals trade union membership, if relevant in certain jurisdictions
- Health data – information relating to your health status
- Sexual orientation and gender identity data – information concerning your sex life or sexual orientation
- Criminal convictions, proceedings or allegations data – information about criminal convictions or related information that we identify in relation to our financial crime prevention obligations, for example, details about any criminal convictions or related information. This includes details of offences or alleged offences or convictions.
We usually get your personal data directly from you, but we may also obtain your personal data from other sources as necessary, including from:
- People you know – such as parents or guardians of minors. If you are a minor (normally this means if you are under 18 years old, but this might be younger depending on where you live). We will get your parent or guardian’s consent before collecting, using or sharing your personal data
- Businesses and other organisations – such as:
- the agency, company, business or organisation you represent or is related to you
- other financial institutions and financial service providers
- strategic referral partners, including business alliance, co-branding partners or other companies or organisations that the Standard Chartered Group cooperates with based on our contractual arrangements or other joint ventures to provide relevant third-party products and services
- service partners, such as advertising and market research companies and social media platform providers
- Publicly available resources – such as online registers or directories or online publications, social media posts and other information that is publicly available
- Cookies – when you visit, browse, or use our websites, online banking or mobile applications, we may use cookies to automatically collect certain information from your device. We may use such information, where relevant, for internal analysis and troubleshooting, to recognise you and remember your preferences, to improve the quality of and to personalise our content and to determine the security status of your account. For more information on how we use cookies and how you can control them when visiting our websites, please see our Cookie Policy at https://www.sc.com/mo/cookie-policy/.
Why do we collect your personal data?
We collect your personal data so that we can manage our relationship with you, respond to your requests, to operate our business and provide our products and services.
We generally process your personal data with your consent where required by law or where otherwise permitted or required by applicable laws.
What we use your personal data for is often referred to as our purposes of processing and these are detailed below. We do this by prior notification of the purposes of processing, with your consent where required by law, or where otherwise permitted or required by applicable law. We may not be able to offer or provide our facilities, products and services if you do not provide us with the necessary personal data or do not want us to process the personal data that we consider is necessary and/or is required to meet our legal and regulatory obligations.
Purposes of Processing
We process your personal data for the following purposes, as necessary:
Operating our business
This includes:
- engaging in business operational management, such as performing administrative tasks, risk management activities, audits and ensuring operation and security of our communications and processing systems
- developing, testing and analysing our systems, products and services, for example, to offer a well-functioning website or other applications to users
- monitoring and recording our communications with you, for example, phone calls, for training and quality purposes
- effecting transactions and acting on instructions or requests, such as transferring money between accounts and making payments to third parties for clients.
Improving our products and services
This includes:
- developing, testing and analysing our systems, products and services
- monitoring and recording our communications with you, for example, phone calls, for training and quality purposes
- conducting market research
- conducting demographic analytics and gathering insights by aggregating data such as behavioural data.
Promoting and protecting our brand
This includes:
- branding and corporate affairs management, creating publications, marketing campaigns and producing advertisements
- gathering insights by aggregating data from the use of our products and services and our applications, for example, social media listening to identify, assess and discover key trends and customer insights
- social media monitoring to identify our brand mentions to protect our brand and reputation
- facilitating sponsorship, donations and events.
Getting in touch with you
This includes:
- sending you requested publications, newsletters, reports and relevant content
- providing you with information and our range of products and services as requested
- responding to your reports of wrongdoing and complaints, including whistleblowing.
Keeping you and our people safe
This includes:
- conducting identity verification security checks for building access
- using CCTV surveillance recordings at our branches, premises for the purposes of preventing and detecting fraud and/or other crimes, such as theft
- investigating and reporting on incidents or emergencies on our properties and premises
- for the security of our systems and networks in order to keep your data safe and confidential
- for other health and safety compliance purposes.
Detecting, investigating and preventing financial crimes
This includes:
- meeting or complying with Standard Chartered Group policies, including identifying individuals and performing investigative procedures, measures or arrangements for sharing data and information within the Standard Chartered Group
- any other use of data and information in accordance with any group-wide programmes for compliance with sanction or prevention or detection of money laundering, terrorist financing or other unlawful activities
- monitoring and recording voice and electronic communications and screening applications and transactions in connection with actual or suspected fraud, financial crime or other criminal activities
- recording and monitoring voice and electronic communications with us, to the extent permitted by applicable law, to ensure compliance with our legal and regulatory obligations and internal policies.
Complying with applicable laws, regulations and other requirements
This includes:
- meeting or complying with Standard Chartered Group policies, including identifying individuals and performing investigative procedures, measures or arrangements for sharing data and information within the Standard Chartered Group
- meeting or complying with (contractual or otherwise) any relevant local and foreign law, regulations, rules, directives, judgments or court orders, requests, guidelines, best or recommended practices, government sanctions, embargoes, reporting requirements, restrictions, demands from or agreements with any authority (including domestic or foreign tax authorities), court or tribunal, enforcement agency, self-regulatory or industry bodies or associations of financial services providers or exchange body in any relevant jurisdiction where the Standard Chartered Group operates
- following any voluntary guidelines or recommendations as may be updated from time to time issued by legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers in any relevant jurisdiction where the Standard Chartered Group operates.
Exercising Standard Chartered Group’s legal rights and conducting legal proceedings
This includes:
- tracing and exercising our rights and protecting ourselves against harm to our rights and interests
- retaining records as may be necessary as evidence for any potential litigation or investigation
- recovering debts and arrears
- conducting litigation to enforce our rights or the rights of any other member of the Standard Chartered Group
- obtaining professional advice
- investigating or making an insurance claim
- responding to any insurance related matter, action or proceeding
- defending or responding to any current or prospective legal, governmental or quasi-governmental, regulatory, or industry bodies or associations related matter, action or proceeding or for establishing, exercising or defending legal rights.
Facilitating Standard Chartered Group mergers, acquisitions, and divestments
This includes:
- evaluating our business and providing continuity of services to you after a transfer of our business as a result of a merger, acquisition, sale or divestment
- enabling an actual or potential assignee of all or any part of our business and/or asset or participant or sub-participant of our rights in respect of the data subject, to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation.
When do we conduct direct marketing?
We may sometimes, and with your consent by providing additional privacy notice information as required by applicable laws, use your contact details to send you relevant marketing communications (such as by post, email, telephone, SMS, secure messages, mobile app or social media) for direct marketing purposes.
We may send the following types of communications (unless you have informed us that you do not wish to receive such communications):
- news, offers and promotions about our or other Standard Chartered Group products and services
- information about products and services from or relating to third parties, such as financial institutions, insurers, credit card companies, securities and investment, mobile wallets and digital payment services providers
- details of our or relevant third-party reward, loyalty or privileges programmes and related services and products
- information about products and services offered by our co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant products and services, as the case may be)
- market research
- information about our or relevant third-party competitions and lucky draws
- appeals by us or relevant third parties for charitable and/or non-profit making donations, sponsorships and contributions; and
- information and communication relating to our or relevant third-party seminars, webinars and other relevant events or opportunities.
We may conduct market research using demographic and insights analytics by aggregating the personal data that we hold about you to provide you with marketing communications, which are more relevant and tailored for you.
We may share limited information about you with social media platform providers we engage with for the purpose of online social media advertising where you have permitted us and the social media platform provider(s) to use cookies that support our marketing on these platforms. For example, to check whether you have an account with social media platform providers to ask them to display more relevant marketing communication messages to you about our products and services.
For more information on how we use cookies in relation to marketing, please see our Cookie Policy at https://www.sc.com/mo/cookie-policy/.
You may withdraw your consent or opt-out from receiving such marketing communications in accordance with your rights by contacting us using the details in the ‘How to get in touch’ section below.
Who may we share your personal data with?
We may share your personal data within the Standard Chartered Group. Standard Chartered Group may share your personal data for the purposes of processing as set out in this privacy notice, including with our service providers, our business partners, other third parties and as required by law or requested by any authority. Who these are depends on your interactions with us as an individual.
We limit how, and with whom, we share your personal data, and take steps to ensure your personal data is kept confidential and protected when we share it. We may share your personal data for our purposes of processing with the following, where relevant and allowed by law:
- Other members of the Standard Chartered Group
- Authorised third parties
- any other person you have authorised us by your consent to share your personal data with.
- Third parties that can verify your information
- fraud prevention agencies and organisations
- other non-government third parties’ that conduct financial crime prevention databases checks to prevent money laundering, terrorism, fraud and other financial crimes.
- Our service partners
- professional advisers, such as auditors and legal counsel
- insurers or insurance brokers
- service providers, such as operational, administrative, data processing and other technology service providers, including anyone engaged or partnered with to analyse and facilitate improvements or enhancements in Standard Chartered Group’s operations or provision of products and services
- providers of professional services, such as market researchers, forensic investigators and management consultants
- advertising companies and social media platform providers.
- Strategic referral partners
- business alliance, co-branding partners or other companies or organisations that the Standard Chartered Group cooperates with based on contractual arrangements or other joint ventures
- social media and advertising companies
- charitable and non-profit organisations.
- Other financial services organisations
- other financial institutions, such as merchant banks, correspondent banks or national banks
- payment service providers, including mobile wallet and digital payment service providers, merchants, merchant acquiring companies, credit card companies, payment processors and card association members, payment-initiation and card-based payment instrument service providers such as VISA and Mastercard
- any financial institution and merchant acquiring company with which you have or propose to have dealings.
- Government authorities, law enforcement agencies and others
- as required by law or as requested by any authority, which includes any government, quasi-government, regulator, administrative, regulatory or supervisory body, court, tribunal, enforcement agency, exchange body or domestic or foreign tax authorities, having jurisdiction over any Standard Chartered Group member whether within or outside your jurisdiction and whether or not that Standard Chartered Group member has a relationship with you
- self-regulatory or industry bodies or associations of financial services providers in any relevant jurisdiction where the Standard Chartered Group operates.
- Other third parties
- any other person under a duty of confidentiality to us, including any other members of the Standard Chartered Group, which has undertaken to keep such information confidential.
Where do we transfer personal data?
Your personal data may be processed, kept, stored, shared, transferred or disclosed by us within the Standard Chartered Group or with other third parties* for the purposes described in this privacy notice. We do this in order to operate effectively, efficiently and securely in facilitating transactions and providing products and services to our clients, to improve and support our processes and business operations and to comply with our legal and regulatory obligations. This may involve processing, keeping, storing, sharing, transferring or disclosing your personal data locally or cross border to other jurisdictions, which may be subject to relevant local practices and laws, rules and regulations including right of access available to the overseas authorities.
* Please refer to our website (www.sc.com/mo) for the list of countries where such parties may be located.
Where recipients of your personal data are in jurisdictions that are outside Macau, and local laws may not have similar data protection laws as Macau, we will take all reasonable steps necessary to ensure that your personal data has an appropriate adequate level of protection and safeguards to comply with applicable law.
How do we protect your personal data?
We take the privacy and security of your personal data very seriously. To protect your data, we have put in place a range of appropriate technical, physical and organisational measures to safeguard and keep your personal data confidential, for example, by using contracts with appropriate contractual confidentiality, data protection and security terms in our arrangements with third parties. Standard Chartered Group has implemented information security data privacy policies, including incident management and reporting procedures, rules and technical measures to protect personal data and to comply with legal and regulatory requirements. We train and require staff who access your personal data to comply with our data privacy and security standards. We require our service providers, or other third parties we engage with and to whom we disclose your personal data to implement similar confidentiality, data privacy and security standards and measures when they handle, access or process your personal data.
How long do we keep your personal data?
For the purposes described in this privacy notice, we keep your personal data for business operational or legal reasons while you engage with us and may retain your personal data for a period of time afterwards, depending on the type of personal data, in accordance with our data retention policy standards and as required by applicable laws and regulations. We will delete, anonymise, destroy and/or stop using personal data when we no longer need it.
What are your personal data protection rights?
We respect your personal data, and you have the following rights about how we use your information:
- Your right to access your data – you have the right to check whether we hold personal data about you, and you can ask us for a copy of such data and information on how we have used it.
- Your right to correct your data – if your personal details have changed, or you believe we have incorrect or out-of- date information about you, you can ask us to update it.
- Your right to delete your data – you can ask us to delete your personal data. However, we may need certain personal details to provide our products and services to you.
- Your right to restrict or object to processing – you can ask us to stop using your data or change how we use it. However, we may need certain personal details to engage with you or provide our products and services to you.
- Your right to object to automated decision making – you can ask us to review a decision made solely by automated processing if it negatively impacts you.
- Your right not to provide consent or to change or to withdraw consent already provided – we may from time to time ask for your consent to process your personal data. You can choose not to provide such consent or let us know at any time if you change your mind about the consent already provided. However, we may not be able to provide our products and services or engage with you without certain personal data.
- Your right to withdraw from direct marketing – you can withdraw your consent and tell us to stop sending you marketing emails or invitations to surveys at any time.
We will respond to requests to exercise your personal data rights in line with applicable laws. We may ask you to verify your identity before processing your request. If you have any questions about your rights, please contact us using the details below.
How to get in touch
The following Standard Chartered Group company acts as the controller of your personal data in Macau:
Standard Chartered Bank Macau Branch
The person to whom requests for access to or correction of data held by us, or for information regarding our data policies and practices and kinds of data held by us are to be addressed, is as follows:
The Data Privacy Officer
Standard Chartered Bank Macau Branch
P.O. Box 3014
Macau
Email: scb.macaubranch@sc.com
Should you have any queries, please do not hesitate to contact either your relationship manager or our designated hotline 853-28786111.
Got a complaint?
If you have any concerns or complaints about how we’re using your personal data, please talk to us. You can get in touch with our Data Privacy Officer.
Cookies
Please see our separate Cookie Policy at https://www.sc.com/mo/cookie-policy/
This privacy notice will come into effect from the 30th of August, 2024.
In the case of discrepancies between the English and Chinese versions of this privacy notice, the English version shall apply and prevail.
Nothing in this notice shall limit your rights under the Personal Data Protection Act No. 8/2005 of Macau SAR.