Table of Contents
- how your personal data is processed;
- the rights given to you by data confidentiality and privacy laws.
In formulating our Policy, we primarily refer to the Personal Data Protection Act 2012 (the “PDPA”) and the European Union General Data Protection Regulation (GDPR).
We may update this Policy from time to time to ensure that it is consistent with the way we process your personal data and/or any changes in laws and regulations applicable to Bordier Singapore.
By continuing to use our services, you signify that you have read and understood this Policy.
Who is responsible for processing your data?
Bordier Singapore is responsible for processing your personal data.
What sources of data do we use?
We process personal data that we obtain from our clients in the context of our business relationships. To the extent that this is necessary to deliver our services, we also process personal data that we obtain from sources accessible to the public (e.g. debt registers, registers of commerce and of associations, press, Internet) or which have been legitimately notified to us by other Bordier group companies or third parties (such as a credit agency).
The data concerned include personal information (e.g. name, address and other particulars, date and place of birth, nationality), identification data (e.g. particulars shown on an identity card) and authentication data (e.g. specimen signature). These may also be data taken from orders received (e.g. trade order), data obtained in the performance of our contractual obligations (e.g. data from payment transfers), information about your financial situation (e.g. solvency, scoring/rating data, origin of assets), marketing and sales data (e.g. information obtained from advertising campaigns), data included in documents (e.g. consultation record), and other similar data.
Why do we process your data and what is the legal basis for doing so?
We may collect, use or disclose personal data for the purposes that a reasonable person would consider appropriate in the circumstances and for which the individual has given consent, and must limit its collection, use or disclosure of personal data only to such purpose.
We process personal data in compliance with the provisions of the PDPA and the GDPR:
a) For the fulfilment of contractual obligations
We process data to provide banking and financial services in the context of the performance of contracts signed with our clients or to take pre-contractual measures in connection with an application. The data is primarily processed in a manner consistent with the product concerned (e.g. bank account, credit, securities, deposits), in particular to assess needs, provide advice, asset management and assistance, and to execute transactions.
You will find further information about the purpose of data processing in the general terms and conditions of the Bank.
b) For the purposes of legitimate interests
- verification and optimisation of procedures to assess needs with a view for direct discussions with you;
- exercise of legal claims and defence in litigation;
- safeguarding of IT security and the bank’s IT operations;
- prevention and clarification of offences and risk checks;
- video surveillance to protect the owner of property rights in premises against intruders, to gather evidence of a hold-up or fraud, or proof of availability and payments
- measures to protect buildings and sites (e.g. access controls);
- measures for the management of business and development of products and services.
c) On the basis of consent given by you
d) To comply with a legal obligation or in the public interest
How is your data protected?
We make reasonable security arrangements to protect your personal data to prevent unauthorised access, collection, use, disclosure or similar risks. This obligation is also extended by the PDPA to third parties who process personal data on our behalf.
Technical and organisational measures are taken by us to protect your personal data. As an example, your data is encrypted when stored or sent electronically.
Is your data transferred to third parties and data intermediaries?
Inside the Bank, all departments that require your data to comply with our contractual and legal obligations have access to them. Third parties and data intermediaries such as service providers and vendors designated by us may likewise have access to such data for the reasons cited if they respect banking secrecy. These are companies in banking services, IT services, logistics, printing services, telecommunications, debt recovery, consultancy, sales and marketing.
With regards to the transfer of data to third parties, please note that we are required to deal in confidence with all matters and assessments linked to our clients (banking secrecy in compliance with our general terms and conditions). We may have to communicate data concerning you, but only if statutory provisions require so, if you have given your consent or if we have been authorised to undertake a bank investigation. Pursuant to those requirements, the recipients of your data may include:
- law enforcement agencies and regulatory authorities on the basis of a legal or official obligation;
- other credit institutions and financial services institutions or comparable institutions to which we forward your personal data to enable us to put in place a business relationship with you (e.g. depending on the particular contract that has been signed: bank correspondents, custodian banks, brokers, stock exchanges, information agencies);
- other Bordier group companies for necessary checks on the basis of a legal or official obligation.
Is your data transferred to another country or international organisation?
- it is necessary for the purpose of execution of your orders (e.g. for payment on transferable securities);
- this is required by law (e.g. compulsory declarations under tax law), or
- you have given your consent to us.
How long is your data stored?
We retain your personal data for as long as the purpose for which it was collected remains and to comply with our legal and contractual obligations and internal policy relating to retention of records and documents.
We will cease to retain your personal data or remove the means by which the personal data can be associated with you when it is no longer necessary for any business or legal purpose. This practice is also extended to our third parties and data intermediaries.
What are your rights with regards to data protection?
We must, upon request, provide an individual with information about the ways in which personal data has been or may have been used or disclosed within a year before the request. Upon request, we are required to correct any error or omission in an individual’s personal data; and send the corrected data to other organisations to which the personal data was disclosed by Bordier Singapore within a year before the correction is made.
We must make reasonable effort to ensure that personal data collected by or on its behalf is accurate and complete, if it is likely to be used to make a decision that affects the individual, or if it is likely to be disclosed to another organisation.
Under GDPR, every interested party has a right of access pursuant to GDPR Article 15, a right of rectification pursuant to GDPR Article 16, a right of erasure pursuant to GDPR Article 17, a right to restriction of processing pursuant to GDPR Article 18, a right to object pursuant to GDPR Article 21 and, as the case may be, a right to data portability pursuant to GDPR Article 20. In certain cases, you also have the right to lodge a complaint with the appropriate authority responsible for the protection of personal data (GDPR Article 77).
You may at any time withdraw consent given to us for processing of your personal data. You may also do so for declarations of consent that you gave us before the GDPR entered into force, i.e. before 25 May 2018.
Please note that withdrawal of consent applies only to the future. It does not concern data that has already been processed.
Are you obliged to give us your data?
In the context of our business relationship, you must provide all the personal data required to enable us to accept and establish a business relationship and fulfil the accompanying contractual obligations, together with the data that the law requires us to collect. Without such data, we cannot establish or continue the business relationship desired by you.
Pursuant to the regulatory provisions concerning the prevention of money laundering in particular, we must identify you on the basis of your identity documents before opening a business relationship with you. For this purpose, personal data will be obtained from you. Please let us know immediately of changes to your personal data that may occur in the course of our business relationship.
To what extent is automated processing used for decision-making?
Are your data used for profiling?
What is the right to object to data processing for direct marketing purposes?
In some cases, we use your personal data for direct marketing purposes. You are entitled to object to processing of this type at any time. The same applies to profiling insofar as this is directly linked to direct marketing.
If you object to your personal data being used for direct marketing, we will no longer process them for that purpose.
Please notify your Relationship Manager if you prefer not to receive marketing materials.
What is your right to object?
You are entitled at any time to object to the processing of your personal data within the meaning of GDPR Article 6, para. 1e (data processing in the public interest) and GDPR Article 6, para. 1f (data processing for the purposes of legitimate interests) for reasons linked to your particular situation. This likewise applies to profiling within the meaning of the provision of GDPR Article 4, para. 4.
If you file an objection, we will no longer process your personal data unless we are able to show that there are legitimate and overriding reasons in favour of processing which take precedence over your own interests, rights and freedoms, or to establish, exercise or defend your rights in the courts of law. Please note that, in that case, we may no longer be able to provide products or services for you or continue our business relationship.
For further enquiries on any aspect of this Policy or to provide feedback, please reach out to our Data Protection Officer
Data Protection Officer
Bordier & Cie (Singapore) Ltd
138 Market Street
Call: (65) 6239 9999