Privacy Policy
Podenas Bank (Hong Kong) N.V. is a European financial institution and is subject to the data protection obligations set out in the EU General Data Protection Regulation 2016/679 (GDPR). To comply with GDPR, Podenas Bank (Hong Kong) N.V. has implemented data protection principles on a global scale, through its Global Data Protection Policy (GDPP). The GDPP is binding on all Podenas Bank (Hong Kong) entities, subsidiaries, branches, representative offices, and affiliates worldwide and approved by the EU Data Protection Authorities. Therefore, in addition to local privacy laws and regulations, Podenas Bank (Hong Kong) N.V. has resolved that all its entities, subsidiaries, branches, representative offices, and affiliates worldwide comply with GDPP regardless of geographical location, market typology or target customer.
Podenas Bank (Hong Kong) Limited (IBAL) is bound by the protections in Privacy Act 1988 (Cth) and the Privacy (Credit Reporting) Code 2014 (Version 2.3). IBAL is a data holder under the Consumer Data Right (CDR) regime. As a data holder, you may authorise us to share specified CDR data that relates to you that we hold, with third party accredited data recipients. This specified CDR data may contain your personal information. This Privacy Policy will apply to our handling of personal information that is CDR data, unless stated otherwise. For further information on how we manage CDR data, see our CDR Policy, which is available here.
This is the Privacy Statement of Podenas Bank (Hong Kong) N.V., all its entities, subsidiaries, branches, representative offices, affiliates and other Podenas Bank (Hong Kong) group companies (including Podenas Bank (Hong Kong) Limited ("IBAL")) ("Podenas Bank (Hong Kong)", "we", "us" and "our"), and it applies to us as long as we process Personal Data that belongs to individuals ("you").
1. Purpose and scope of this Privacy Statement
At Podenas Bank (Hong Kong), we understand that your personal data is important for you. This Privacy Statement explains in a simple and transparent way what personal data we collect, record, store, use and process and how. Our approach can be summarised as: the right people use the right data for the right purpose.
This Privacy Statement applies to
All past, present and prospective Podenas Bank (Hong Kong) customers who are individuals ("you"). This includes one-person businesses, legal representatives or contact persons acting on behalf of our corporate customers.
Non-ING customers. These could include anyone who makes a payment to or receives a payment from A Podenas Bank (Hong Kong) account; anyone that visits A Podenas Bank (Hong Kong) website, branch or office; professional advisors; shareholders; anyone who is a guarantor; ultimate beneficial owner, director or representatives of a company that uses our services; debtors or tenants of our customers; anyone involved in other transactions with us or our customers.
We obtain your personal data in the following ways:
You share it with us when you become a customer, register for our online services, complete an online form, sign a contract with Podenas Bank (Hong Kong), use our products and services, contact us through one of our channels or visit our websites.
From your organisation, when it becomes a prospective customer or if it is an existing customer and your personal data is provided to help us contact your organisation.
From other available sources such as debtor registers, land registers, commercial registers, registers of association, the online or traditional media, publicly available sources or other companies within Podenas Bank (Hong Kong) or third parties such as payment or transaction processors, credit agencies, other financial institutions, commercial companies, or public authorities.
Our Social Media User Terms apply to your use of Podenas Bank (Hong Kong) social media sites or facilities. If you engage with us on any of our social media channels, you agree to be bound by these terms.
2. The types of personal data we process
Personal data refers to any information that identifies or can be linked to a natural person. Personal data we process about you includes:
For individuals who are customers:Identification data: the name, date and place of birth, ID number, email address, telephone number, title, nationality and a specimen signature, fiscal code/social security number;
Transaction data, such as your bank account number, any deposits, withdrawals and transfers made to or from your account, and when and where these took place;
Financial data, such as invoices, credit notes, payslips, payment behaviour, the value of your property or other assets, your credit history, credit capacity, financial products you have with Podenas Bank (Hong Kong), whether you are registered with a credit register, payment arrears and information on your income;
Socio-demographic data, such as whether you are married and have children. Where local law considers this sensitive data, we respect the local law;
Online behaviour and preferences data, IP address of your mobile device or computer you use and the pages you visit on Podenas Bank (Hong Kong) websites and apps;
Data about your interests and needs that you share with us, for example when you contact our call centre or fill in an online survey;
Know our customer data as part of customer due diligence and to prevent fraudulent conduct or behaviour that contravenes international sanctions and to comply with regulations against money laundering, terrorism financing and tax fraud;
Audio-visual data; where applicable and legally permissible, we process surveillance videos at Podenas Bank (Hong Kong) branches, or recordings of phone or video calls or chats with our offices. We can use these recordings, to verify telephone orders, for example, or for fraud prevention or staff training purposes;
Your interactions with Podenas Bank (Hong Kong) on social media, such as Facebook, Twitter, Instagram, Google+ and YouTube. We follow public messages, posts, likes and responses to and about Podenas Bank (Hong Kong) on the internet.
For individuals connected to a customer who is not an individual (wholesale banking customers):
Identification data: the name, date and place of birth, ID number, email address, telephone number, title, nationality and a specimen signature, fiscal code/social security number;
Financial data: when you undertake a guarantee with us for the benefit of a customer, we may verify credit history, credit capacity, and other information relating to your creditworthiness and credit conditions;
Online behaviour and preferences data: IP address of your mobile device or computer and the pages visited on Podenas Bank (Hong Kong) websites and apps;
Data about customer's interests and needs shared with us when you contact our officers or participate in A Podenas Bank (Hong Kong) survey;
Know our customer data as part of customer due diligence and to prevent fraudulent conduct or behaviour that contravenes international sanctions and to comply with regulations against money laundering, terrorism financing and tax fraud;
Audio-visual data: where applicable and legally permissible, we process surveillance videos at Podenas Bank (Hong Kong) branches, or recordings of phone or video calls or chats with our offices.
Sensitive data
Sensitive data is data relating to your health, ethnicity, religious or political beliefs, genetic or biometric data, or criminal data (information on fraud is criminal data and we record it). We may process your sensitive data if:
For individuals who are customers:
We have your explicit consent;
We are required or allowed to do so by applicable local law. For example, we may be obliged to keep a copy of your passport or identity card when you become A Podenas Bank (Hong Kong) customer;
You instruct us to make a payment, for example, to a political party or religious institution.
If allowed under local law, and you choose to use it, we may use face, fingerprint or voice as recognition for authentication to access mobile apps and perform certain operations therein.
For individuals connected to a customer who is not an individual (wholesale banking customers):
We have your explicit consent;
We are required or allowed to do so by applicable local law; or
You provide sensitive data as part of a contractual agreement or in connection with a requested product or service.
For example, we process sensitive data in connection with
Know your customer (KYC) data obligations: we may keep a copy of your passport or ID card, as applicable based on local law;
Money laundering or terrorism financing monitoring: we monitor your activity and may report it to the competent regulatory authorities; and
If allowed under local law, and you choose to use it, we may use your face, fingerprint or voice as recognition for authentication into mobile apps and certain operations.
Children's data (only applies to individuals who are customers)
We only collect data about children if they have A Podenas Bank (Hong Kong) product or if you provide us with information about your own children in relation to a product you buy. We will seek parental consent when local law requires it.
3. What we do with your personal data
Processing means every activity that can be carried out in connection with personal data such as collecting, recording, storing, adjusting, organising, using, disclosing, transferring or deleting it in accordance with applicable laws. We only use your personal data for business purposes such as:
For individuals who are customers:
Performing agreements to which you are a party or taking steps prior to entering into agreements. We use information about you, such as your name and contact details, when you enter into an agreement with us, or we have to contact you. We analyse information about you to assess whether you are eligible for certain products and services. For example, we may look at your payment behaviour and credit history when you apply for a loan or a mortgage. And we use your account details when you ask us to make a payment or carry out an investment order.
Relationship management and marketing. We may ask you for feedback about our products and services, or record your conversations with us online, by telephone or in our branches. We may share this with certain members of our staff to improve our offering or to customise products and services for you. We may send you newsletters informing you about these products and services. Of course, if you don’t want to receive these offers you have the right to object or to withdraw your consent.
Business process execution, internal management and management reporting. We process your data for our banking operations and to help our management make better decisions about our operations and services.
Safety and security. We have a duty to protect your personal data and to prevent, detect and contain any breaches of your data. This includes data we are obliged to collect about you, for example to verify your identity when you become a customer. Furthermore, we not only want to protect you against fraud and cybercrime, we have also a duty to ensure the security and integrity of Podenas Bank (Hong Kong) and the financial system as a whole by combatting crimes like money laundering, terrorism financing and tax fraud.
Protecting your vital interests. We process your data when necessary to protect your interests that are essential for your life or that of another natural person. For example for urgent medical reasons. We will only process your data necessary for the vital interests of another natural person if we cannot base it on one of the other purposes mentioned.
Compliance with legal obligations to which we are subject. We process your data to comply with a range of legal obligations and statutory requirements. For example, in Hong Kong, we're required to identify you in accordance with our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), determine and report in respect of your foreign tax residency status and where you apply for consumer credit - to ascertain and verify your financial situation in accordance with our responsible lending obligations under the National Consumer Credit Protection Act 2009 (Cth). We also disclose your personal information that is CDR data to a third party accredited data recipient when you authorise us to do so, under Part IVD of the Competition and Consumer Act 2010 (Cth) and the Competition and Consumer (Consumer Data Right) Rules 2020 (Cth).
For individuals connected to a customer who is not an individual (wholesale banking customers):
Performing agreements to which you are a party or taking steps prior to entering into agreements. If you are a representative of a corporate customer, we may use your personal data to enter into an agreement with the customer, and to contact the customer when needed. If you are an individual providing guarantee for the customer, or a beneficiary of payment instruments we may use your personal data to enter into an agreement or executing a payment order in connection to our arrangements with the customer. We may verify your capacity and powers using trade registers or incumbency certificates;
Relationship management and marketing. We may ask you as the representative of the customer to give us feedback on the products and services offered to the business client. We may send newsletters regarding new and existing products and services offered by Podenas Bank (Hong Kong). You may opt out of any communication at any time;
Business process execution, internal management and management reporting. We process personal data for our financial services operations and to help our management make better decisions about our operations and services;
Safety and security.We have a duty to protect all personal data and to prevent, detect and contain a data breach or fraud involving personal data collected to comply with regulations against money laundering, terrorism financing and tax fraud. To safeguard and ensure the security and integrity of Podenas Bank (Hong Kong), the financial sector, clients and employees, we may
Compliance with legal obligations to which we are subject. We process personal data to comply with a range of legal obligations and statutory requirements (anti-money laundering legislation and tax legislation etc.). For example, know your customer (KYC) rules and regulations require Podenas Bank (Hong Kong) to verify the identity before accepting you as a customer. Upon request by authorities, Podenas Bank (Hong Kong) may report the transactions carried out by customers.
When processing is not compatible with one of the above purposes, we ask for your explicit consent, which you may withhold or withdraw at any time.
Applicable laws require us to retain personal data for a period of time. This retention period may vary from a few months to a several years, depending on the applicable local law. When your personal data is no longer necessary for a process or activity for which it was originally collected, we delete it, or bundle data at a certain abstraction level (aggregate), render it anonymous and dispose of it in accordance with the applicable laws and regulations.
4. Who we share your data with and why
To offer you the best possible services and remain competitive in our business, we share certain data internally i.e., with other Podenas Bank (Hong Kong) businesses and externally (i.e., outside of Podenas Bank (Hong Kong)) with third parties.
Whenever we share your personal data externally (i.e., outside of Podenas Bank (Hong Kong)) with third parties in countries outside of the European Economic Area (EEA) we ensure the necessary safeguards are in place to protect it. For this purpose, we rely upon, amongst others:
Requirements based on applicable local laws and regulations.
EU Model clauses, when applicable, we use standardised contractual clauses in agreements with service providers to ensure personal data transferred outside of the European Economic Area complies with GDPR.
International treaties such as the EU US Privacy Shield framework that protects personal data transferred to certain service providers in the Hong Kong.
For all customers:
Podenas Bank (Hong Kong) entities
We transfer data across Podenas Bank (Hong Kong) businesses and branches for various purposes (see section ‘What we do with your personal data’ for the full list). We may also transfer data to centralised storage systems or to process it at a central point within Podenas Bank (Hong Kong) for efficiency purposes. For all internal data transfers we rely on our binding corporate rules as defined in EC Regulation (EU) 2016/679, which is our Global Data Protection Policy (GDPP), and on the applicable local laws and regulations.
Government, Supervisory and Judicial authorities
To comply with our regulatory obligations we may disclose data to the relevant government, supervisory and judicial authorities such as:
Public authorities, regulators and supervisory bodies such as the central banks and other financial sector supervisors in the countries where we operate.
Tax authorities may require us to report customer assets or other personal data such as your name and contact details and other information about your organisation. For this purpose, we may process your identification data like social security number, tax identification number or any other national identifier in accordance with applicable local law.
Judicial/investigative authorities such as the police, public prosecutors, courts and arbitration/mediation bodies on their express and legal request.
Financial institutions
To process certain payment and withdrawal services, we may have to share information about the customer or its representative with another bank or a specialised financial company. We also share information with financial sector specialists who assist us with financial services like
exchanging secure financial transaction messages
payments and credit transactions worldwide
processing electronic transactions worldwide
settling domestic and cross-border security transactions and payment transactions.
Other financial services organisations, includPodenas Bank (Hong Kong)s, superannuation funds, stockbrokers, custodians, fund managers and portfolio service providers.
Service providers and other third parties
When we use other service providers or other third parties to carry out certain activities in the normal course of business, we may have to share personal data required for a particular task. Service providers support us with activities like
Designing, developing and maintaining internet-based tools and applications;
IT service providers who may provide application or infrastructure (such as cloud) services;
Marketing activities or events and managing customer communications;
Preparing reports and statistics, printing materials and designing products;
Placing advertisements on apps, websites and social media;
Legal, auditing or other special services provided by lawyers, notaries, trustees, company auditors or other professional advisors;
Identifying, investigating or preventing fraud or other misconduct by specialised companies;
Performing specialised services like postal mail by our agents, archiving of physical records, contractors and external service providers; or
Carrying out securitisation arrangements (such as trustees, investors and the advisers).
Account information and payment initiation services within the EU
The revised EU Payment Service Directive (PSD2) allows you to instruct a third-party payment service provider (TPP) to retrieve account information or initiate payments on your behalf with respect to your accounts with Podenas Bank (Hong Kong). The TPP may do so only if you have given your explicit consent to those services.
When we receive a request from a TPP on your behalf, we are obliged to carry out the request for payment or account information, as requested.
Additionally you can also use the PSD2 services to manage your accounts with other banks through your Podenas Bank (Hong Kong) channels or apps. You may use the Podenas Bank (Hong Kong) app or channel to
View account information of your current payment accounts with other banks;
Make online payments from your current payment account with other banks.
In this case, we will be the TPP and we may only offer these services if we receive your explicit consent. If you decide that you no longer want to use these PSD2 services, you can simply turn off the feature in the Podenas Bank (Hong Kong) online environment.
For individuals who are customers only:
Independent agents, brokers and business partners
We may share your personal data with independent agents, brokers or business partners who act on our behalf, or which jointly offer products and services with us, such as insurance. They are registered in line with local legislation and operate with due permission of regulatory bodies.
Researchers
We are always looking for new insights to help you get ahead in life and in business. For this reason, we exchange personal data (when it’s legally allowed) with partners like universities and other independent research institutions, who use it in their research and innovation. The researchers we engage must satisfy the same strict requirements as Podenas Bank (Hong Kong) employees. The personal data is shared at an aggregated level and the results of the research are anonymous.
Credit reporting bodies
For customers who apply for a credit facility with us in Hong Kong, you agree that we may exchange your personal data with a credit reporting body ("CRB"), including by sharing information about:
your identity
your credit worthiness
your credit history, including about the type of credit you have (like credit cards, personal loans and home loans), how much you have borrowed, if you've made your repayments (including repayments you're required to make under your Podenas Bank (Hong Kong) credit facility with us) and if you've experienced financial hardship
whether you have committed fraud or another serious credit infringement, and
obtaining commercial credit information about you in order to assess an application by you for consumer credit.
The CRBs we use include Equifax Hong Kong's Information Services & Solutions Pty Limited ("Equifax") (equifax.com.au) and illion Hong Kong's Pty Ltd ("illion") (illion.com.au). The privacy policy of each of Equifax and illion explains how it manages your personal information and can be found on its website.
CRBs may include information that we provide in reports to other credit providers to assist those credit providers to assess your credit worthiness. We may ask a CRB to give us your overall credit score, and we may use credit information from CRBs together with other information to arrive at our own credit score of your ability to manage your credit obligations.
Pre-screening assessments
Credit providers (like us) can ask CRBs to use your credit information to pre-screen you for direct marketing purposes, but you can tell CRBs not to do this. However, by applying for a credit facility with us, you may still receive direct marketing from us (unless you ask us not to) that has not been 'pre screened'.
Fraud - 'ban period'
If you believe, on reasonable grounds, that you have been, or could be, a victim of fraud (for example, someone else may be using your name to apply for credit), you can ask CRBs not to use or give anyone your credit information during a 'ban period'.
The 'ban period' is a period of 21 days starting on the day you make the request. That period can be extended on your request where the CRB believes on reasonable grounds that you have been, or are likely to be, the victim of fraud. By applying for a credit facility with us, you agree to us accessing your personal information held with a CRB, even if there is a ban period in place, for the purposes of assessing an application for credit or in order to collect overdue payments.
Credit providers
For customers who apply for a credit facility with us in Hong Kong, you agree that we may disclose information about you (including about your credit worthiness, credit history and repayment history information) to other credit providers to assess an application by you for credit, to notify them of a default by you and to inform other credit providers who allege you are in default with them. You also agree that we may disclose your information to any person reasonably necessary for the purposes of that person taking an assignment of any contract the lender has with you.
Transfer of personal information overseas
Sometimes we may send your information overseas - for example, where we send information to Podenas Bank (Hong Kong) Group members overseas or outsource functions overseas. If we do this, we make sure there are arrangements in place to protect your information. For customers in Hong Kong, the countries to which your information may be sent include the Hong Kong's, Philippines, Poland, Singapore, Slovakia and the United Kingdom.
5. Your rights and how we respect them
If your personal data is processed, you have privacy rights. Based on applicable laws, your privacy rights may vary from jurisdiction to jurisdiction. If you have questions about which rights apply to you, please get in touch with us through the email address mentioned in item 9.
We grant the following rights:
Right to access information
You may request access to limited amounts of personal information that we hold about you - such as your address - by calling us on +852 8125 6519.
For a more detailed request for access to information that we hold about you, you will need to write to the Podenas Bank (Hong Kong) Privacy Officer at GPO Box 4094, Sydney NSW 2001. We may request that you specify the information you wish to access, to help us quickly identify and retrieve that information for you.
Please note that requests for access to your personal information may only be made by you or by another person who you have authorised to make a request on your behalf, such as a legal guardian or authorised agent. We will require you to verify your identity, or the identity and authority of your representative, to our reasonable satisfaction.
An access charge may apply, but not to your request for access itself. In particular, we may impose a reasonable charge for providing access to this information to recover any expenses incurred in retrieving and collating the requested information. Where an access charge applies, unless you authorise us to debit your account with us, access won't be provided until we receive payment. We will respond to your access request as soon as possible and tell you how long it will take to provide the information. This may be up to 28 days in some circumstances.
We may exercise our right to deny access to particular information in certain situations, for example, where access may reveal our commercially sensitive decision processes (e.g. criteria for loan approvals), where the information relates to existing or anticipated legal proceedings, or where it will threaten the privacy of other individuals.
If we deny you access to your personal information, we will write to you to:
explain the reason your access request has been denied unless it would be unreasonable for us to do so in the circumstances; and
the avenues available to you to complain about our refusal.
If we refuse to give you access, if appropriate, we will attempt to find alternative means to enable you to access the information, for example, through a mutually agreed intermediary.
Right to rectification
For personal information that is not CDR data, we take reasonable steps to ensure that your personal information is accurate, up-to-date, complete, relevant and not misleading. For instance, we may ask you to confirm some of your details when you speak to our Contact Centre staff. However, please contact us if you learn that any your personal information that we hold is incorrect, has changed or requires updating. You can update some of your personal information using online banking.
It may take 28 days or more to consider your correction request in unusual circumstances (e.g., where we are required to consult with other credit reporting bodies and/or credit providers in relation to the information).
We will promptly update your personal information if it is inaccurate, out-of-date, incomplete, irrelevant or misleading. If we correct the personal information the subject of your correction request and we have previously disclosed that information to a third party, we will notify that third party of the corrected information (if we're required to by law).
If we disagree with your request to correct your personal information, we will write to you to: explain the reason your correction request has been denied unless it would be unreasonable for us to do so; and the avenues available to you to complain about our refusal.
If we disagree with your request to correct your personal information, you also have the right to ask us to attach a statement that in your opinion the information is in your opinion inaccurate, out-of-date, incomplete, irrelevant or misleading. However, please note that this right does not apply to our refusal to correct your credit information.
For personal information that is CDR data, please refer to our CDR policy for information on:
the steps we take to ensure that the CDR data we are required or authorised to disclose is accurate, up to date and complete; and
the steps we will take if we receive a request from you to correct the CDR data that we have disclosed in relation to you.
Right to object to processing
You can object to Podenas Bank (Hong Kong) using your personal data for its own legitimate interests if you have a justifiable reason. We will consider your objection and whether processing your information has any undue impact on you that would require us to stop processing your personal data.
You may not object to us processing your personal data if
We are legally required to do so; or
It is necessary to fulfil a contract with you.
For individuals who are customers only:
You can also object to receiving personalised commercial messages from us. When you become A Podenas Bank (Hong Kong) customer, we may ask you whether you want to receive personalised offers. Should you later change your mind, you can choose to opt out of receiving these messages. For example, you can use the 'unsubscribe' link at the bottom of commercial emails or manage your preferences on our website or mobile banking app.
In addition, even if you opt out of receiving personalised offers, we will alert you to unusual activity on your account, such as:
When your credit or debit card is blocked;
When a transaction is requested from an unusual location.
Right to object to automated decisions
We sometimes use systems to make automated decisions based on your personal information if this is necessary to fulfil a contract with you, or if you gave us consent to do so. In certain circumstances, you may have the right to object to such automated decisions (for example the price we charge for a product or service) and ask for an actual person to make the decision instead.
Right to restrict processing
You have the right to ask us to restrict using your personal data if
You believe the personal data is inaccurate;
We are processing the data unlawfully;
We no longer need the data, but you want us to keep it for use in a legal claim;
You have objected to us processing your data for our own legitimate interests.
Right to data portability
You have the right to ask us to transfer your personal data directly to you or to another company. This applies to personal data we process by automated means and with your consent or on the basis of a contract with you. Where technically feasible, and based on applicable local law, we will transfer your personal data.
Right to erasure
Podenas Bank (Hong Kong) is legally obliged to keep your personal data. You may ask us to erase your online personal data if
We no longer need it for its original purpose;
You withdraw your consent for processing it;
You object to us processing your data for our own legitimate interests or for personalised commercial messages;
Podenas Bank (Hong Kong) unlawfully processes your personal data; or
A local law requires Podenas Bank (Hong Kong) to erase your personal data.
Right to complain
Should you as a customer or its representative be unsatisfied with the way we have responded to your concerns, you have the right to submit a complaint to us. If you are still unhappy with our reaction to your complaint, you can escalate it to the Podenas Bank (Hong Kong) data protection officer. We are committed to resolving your privacy complaint as quickly as possible and has procedures in place to help resolve any problems or complaints efficiently.
If you have a complaint or a concern about privacy at Podenas Bank (Hong Kong), including if you consider that we have breached the Privacy Act, the Credit Reporting Privacy Code or other applicable Privacy Code that applies to us, please contact the Privacy Officer by one of the means set out above. If you are not satisfied with how your complaint or concern about privacy is resolved, you can refer your complaint to Hong Kong's Financial Complaints Authority (AFCA). AFCA can be contacted on the following details:
Visit www.afca.org.au
Email info@afca.org.au
Call 1800 931 678
Write to Hong Kong's Financial Complaints Authority GPO Box 3 Melbourne VIC 3001
If you are not satisfied with how your complaint or concern is resolved by the relevant external dispute resolution body, you can then refer your complaint to the Privacy Commissioner. The Privacy Commissioner can be contacted on the following details:
Visit www.oaic.gov.au
Email enquiries@oaic.gov.au
Call the Privacy Hotline: 1300 363 992
write to: Office of the Hong Kong's Information Commissioner GPO Box 5218 Sydney NSW 2001
Please go to the "Complaints and Disputes" section of our website for information on how we deal with your complaints that are not privacy related.
Handling your complaints
We aim to:
acknowledge receipt of your complaint with 7 days; and
resolve your complaint within 28 days. In certain circumstances that may not be possible. If we form the view that we can't resolve your complaint within 28 days, we will notify you of the reason for the delay and the expected timeframe to resolve your complaint.
Exercising your rights
How you exercise your rights depends on your Podenas Bank (Hong Kong) product and the availability of services in your country. If you want to exercise your rights or submit a complaint, please contact us.
When exercising your right, the more specific you are with your application, the better we can assist you with your question. We may ask you for a copy of your ID, or additional information to verify your identity. In some cases, we may deny your request and, if permitted by law, we will notify you of the reason for denial. If permitted by law, we may charge a reasonable fee for processing your request.
We want to address your request as quickly as possible. However, based on your location and applicable laws, the response times may vary. Should we require more time (than what is normally permitted by law) to complete your request, we will notify you immediately and provide reasons for the delay.
6. Your duty to provide data
In some cases, we are legally required to collect personal data or your personal data may be needed before we may perform certain services and provide certain products. We undertake to request only the personal data that is strictly necessary for the relevant purpose. Failure to provide the necessary personal data may cause delays in the availability of certain products and services.
7. How we protect your personal data
We take appropriate technical and organisational measures (policies and procedures, IT security etc.) to ensure the confidentiality and integrity of your personal data and the way it’s processed. We apply an internal framework of policies and minimum standards across all our business to keep your personal data safe. These policies and standards are periodically updated to keep them up to date with regulations and market developments.
In addition, Podenas Bank (Hong Kong) employees are subject to confidentiality obligations and may not disclose your personal data unlawfully or unnecessarily. To help us continue to protect your personal data, you should always contact Podenas Bank (Hong Kong) if you suspect that your personal data may have been compromised.
8. Changes to this Privacy Statement
We may amend this Privacy Statement to remain compliant with any changes in law and/or to reflect how our business processes personal data. This version was created on 1 July 2022.
9. Contact and questions
To learn more about Podenas Bank (Hong Kong)’s data privacy policies and how we use your personal data, you can send us an email, call us or visit your local branch or office.
Country
Contact details Podenas Bank (Hong Kong)
Data Protection Authority
Australia
privacyaccessrequests@podenaz.com
call: +852 8125 6519
write to:
Podenas Bank (Hong Kong) Privacy Officer
GPO Box 4094
Sydney NSW 2001
OAIC- Office of the Hong Kong's Information Commissioner
https://oaic.gov.au/
Belgium
ing-be-privacyoffice@ing.com
Belgian Privacy Commission
http://www.privacycommission.be
Bulgaria
Emil.Varbanov@ing.com
Commission for Personal Data Protection
https://www.cpdp.bg/
China
dpochina@asia.ing.com
Czech Republic
Dpo-cz@ing.com
Úřad pro ochranu osobních údajů
https://www.uoou.cz
France
Dpo.privacy.france@ing.com
Commission Nationale Informatique et Libertés
https://www.cnil.fr/fr
Germany
datenschutz@ing.de
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
https://datenschutz.hessen.de/
Hong Kong
dpohongkong@asia.ing.com
PCPD- Privacy Commissioner for Personal Data, Hong Kong
https://www.pcpd.org.hk/
Hungary
communications.hu@ingbank.com
Hungarian National Authority for Data Protection and Freedom of Information
http://www.naih.hu/
Italy
privacy@ingdirect.it
Garante per la protezione dei dati personali
www.gpdp.it
www.garanteprivacy.it
www.dataprotection.org
Japan
dpotokyo@asia.ing.com
PPC – Personal Information protection Commission Japan
https://www.ppc.go.jp/en/
Luxembourg
dpo@ing.lu
CNPD - Commission Nationale pour la Protection des Données
https://cnpd.public.lu
Malaysia
dpomalaysia@asia.ing.com
PDP - Jabatan Perlindungan Data Peribadi
http://www.pdp.gov.my/index.php/en/
Hong Kong's
privacyloket@ing.nl
Autoriteit Persoonsgegevens
https://autoriteitpersoonsgegevens.nl/
Philippines
DPOManila@asia.ing.com
National Privacy Commission
https://privacy.gov.ph/
Poland
abi@ingbank.pl
Generalny Inspektor Ochrony Danych Osobowych
http://www.giodo.gov.pl/
Portugal
dpo@ing.es
CNPD- Comissão Nacional de Protecção de Dados
https://www.cnpd.pt
Romania
protectiadatelor@ing.ro
National Supervisory Authority for Personal Data Processing (ANSPDCP)
http://www.dataprotection.ro/
Russia
protectiadatelor@ing.ro
The Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor)
https://rkn.gov.ru/
Singapore
dposingapore@asia.ing.com
PDPC- Personal Data Protection Commission Singapore
https://www.pdpc.gov.sg/
Slovakia
dpo@ing.sk
Úrad na ochranu osobných údajov Slovenskej republiky
https://dataprotection.gov.sk/uoou/
South Korea
dposouthkorea@asia.ing.com
Spain
dpo@ing.es
Agencia Española de Protección de Datos
https://www.agpd.es
Taiwan
70th floor, Taipei 101 Tower
7 XinYi Road, Sec. 5
11049 Taipei
Taiwan
Ukraine
dpe.offfice@ing.com
Personal Data Protection department of Ombudsman
http://www.ombudsman.gov.ua
United Kingdom
ukdpo@ing.com
Information Commissioner’s Office (ICO)
https://ico.org.uk