Privacy Policy

Podenas Bank (Hong Kong) N.V. is a European financial institution and is subject to the data protection obligations set out in the EU General Data Protection Regulation 2016/679 (GDPR). To comply with GDPR, Podenas Bank (Hong Kong) N.V. has implemented data protection principles on a global scale, through its Global Data Protection Policy (GDPP). The GDPP is binding on all Podenas Bank (Hong Kong) entities, subsidiaries, branches, representative offices, and affiliates worldwide and approved by the EU Data Protection Authorities. Therefore, in addition to local privacy laws and regulations, Podenas Bank (Hong Kong) N.V. has resolved that all its entities, subsidiaries, branches, representative offices, and affiliates worldwide comply with GDPP regardless of geographical location, market typology or target customer.

Podenas Bank (Hong Kong) Limited (IBAL) is bound by the protections in Privacy Act 1988 (Cth) and the Privacy (Credit Reporting) Code 2014 (Version 2.3). IBAL is a data holder under the Consumer Data Right (CDR) regime. As a data holder, you may authorise us to share specified CDR data that relates to you that we hold, with third party accredited data recipients. This specified CDR data may contain your personal information. This Privacy Policy will apply to our handling of personal information that is CDR data, unless stated otherwise. For further information on how we manage CDR data, see our CDR Policy, which is available here.

This is the Privacy Statement of Podenas Bank (Hong Kong) N.V., all its entities, subsidiaries, branches, representative offices, affiliates and other Podenas Bank (Hong Kong) group companies (including Podenas Bank (Hong Kong) Limited ("IBAL")) ("Podenas Bank (Hong Kong)", "we", "us" and "our"), and it applies to us as long as we process Personal Data that belongs to individuals ("you").

1. Purpose and scope of this Privacy Statement

At Podenas Bank (Hong Kong), we understand that your personal data is important for you. This Privacy Statement explains in a simple and transparent way what personal data we collect, record, store, use and process and how. Our approach can be summarised as: the right people use the right data for the right purpose.

This Privacy Statement applies to

We obtain your personal data in the following ways:

Our Social Media User Terms apply to your use of Podenas Bank (Hong Kong) social media sites or facilities. If you engage with us on any of our social media channels, you agree to be bound by these terms.

2. The types of personal data we process

Personal data refers to any information that identifies or can be linked to a natural person. Personal data we process about you includes:

For individuals who are customers:

For individuals connected to a customer who is not an individual (wholesale banking customers):

Sensitive data

Sensitive data is data relating to your health, ethnicity, religious or political beliefs, genetic or biometric data, or criminal data (information on fraud is criminal data and we record it). We may process your sensitive data if:

For individuals who are customers:

For individuals connected to a customer who is not an individual (wholesale banking customers):

For example, we process sensitive data in connection with

Children's data (only applies to individuals who are customers)

We only collect data about children if they have A Podenas Bank (Hong Kong) product or if you provide us with information about your own children in relation to a product you buy. We will seek parental consent when local law requires it.

3. What we do with your personal data

Processing means every activity that can be carried out in connection with personal data such as collecting, recording, storing, adjusting, organising, using, disclosing, transferring or deleting it in accordance with applicable laws. We only use your personal data for business purposes such as:

For individuals who are customers:

For individuals connected to a customer who is not an individual (wholesale banking customers):

When processing is not compatible with one of the above purposes, we ask for your explicit consent, which you may withhold or withdraw at any time.

Applicable laws require us to retain personal data for a period of time. This retention period may vary from a few months to a several years, depending on the applicable local law. When your personal data is no longer necessary for a process or activity for which it was originally collected, we delete it, or bundle data at a certain abstraction level (aggregate), render it anonymous and dispose of it in accordance with the applicable laws and regulations.

4. Who we share your data with and why

To offer you the best possible services and remain competitive in our business, we share certain data internally i.e., with other Podenas Bank (Hong Kong) businesses and externally (i.e., outside of Podenas Bank (Hong Kong)) with third parties.

Whenever we share your personal data externally (i.e., outside of Podenas Bank (Hong Kong)) with third parties in countries outside of the European Economic Area (EEA) we ensure the necessary safeguards are in place to protect it. For this purpose, we rely upon, amongst others:

For all customers:

Podenas Bank (Hong Kong) entities

We transfer data across Podenas Bank (Hong Kong) businesses and branches for various purposes (see section ‘What we do with your personal data’ for the full list). We may also transfer data to centralised storage systems or to process it at a central point within Podenas Bank (Hong Kong) for efficiency purposes. For all internal data transfers we rely on our binding corporate rules as defined in EC Regulation (EU) 2016/679, which is our Global Data Protection Policy (GDPP), and on the applicable local laws and regulations.

Government, Supervisory and Judicial authorities

To comply with our regulatory obligations we may disclose data to the relevant government, supervisory and judicial authorities such as:

Financial institutions

To process certain payment and withdrawal services, we may have to share information about the customer or its representative with another bank or a specialised financial company. We also share information with financial sector specialists who assist us with financial services like

Service providers and other third parties

When we use other service providers or other third parties to carry out certain activities in the normal course of business, we may have to share personal data required for a particular task. Service providers support us with activities like

Account information and payment initiation services within the EU

The revised EU Payment Service Directive (PSD2) allows you to instruct a third-party payment service provider (TPP) to retrieve account information or initiate payments on your behalf with respect to your accounts with Podenas Bank (Hong Kong). The TPP may do so only if you have given your explicit consent to those services.

When we receive a request from a TPP on your behalf, we are obliged to carry out the request for payment or account information, as requested.

Additionally you can also use the PSD2 services to manage your accounts with other banks through your Podenas Bank (Hong Kong) channels or apps. You may use the Podenas Bank (Hong Kong) app or channel to

In this case, we will be the TPP and we may only offer these services if we receive your explicit consent. If you decide that you no longer want to use these PSD2 services, you can simply turn off the feature in the Podenas Bank (Hong Kong) online environment.

For individuals who are customers only:

Independent agents, brokers and business partners

We may share your personal data with independent agents, brokers or business partners who act on our behalf, or which jointly offer products and services with us, such as insurance. They are registered in line with local legislation and operate with due permission of regulatory bodies.

Researchers

We are always looking for new insights to help you get ahead in life and in business. For this reason, we exchange personal data (when it’s legally allowed) with partners like universities and other independent research institutions, who use it in their research and innovation. The researchers we engage must satisfy the same strict requirements as Podenas Bank (Hong Kong) employees. The personal data is shared at an aggregated level and the results of the research are anonymous.

Credit reporting bodies

For customers who apply for a credit facility with us in Hong Kong, you agree that we may exchange your personal data with a credit reporting body ("CRB"), including by sharing information about:

The CRBs we use include Equifax Hong Kong's Information Services & Solutions Pty Limited ("Equifax") (equifax.com.au) and illion Hong Kong's Pty Ltd ("illion") (illion.com.au). The privacy policy of each of Equifax and illion explains how it manages your personal information and can be found on its website.

CRBs may include information that we provide in reports to other credit providers to assist those credit providers to assess your credit worthiness. We may ask a CRB to give us your overall credit score, and we may use credit information from CRBs together with other information to arrive at our own credit score of your ability to manage your credit obligations.

Pre-screening assessments
Credit providers (like us) can ask CRBs to use your credit information to pre-screen you for direct marketing purposes, but you can tell CRBs not to do this. However, by applying for a credit facility with us, you may still receive direct marketing from us (unless you ask us not to) that has not been 'pre screened'.

Fraud - 'ban period'

If you believe, on reasonable grounds, that you have been, or could be, a victim of fraud (for example, someone else may be using your name to apply for credit), you can ask CRBs not to use or give anyone your credit information during a 'ban period'.

The 'ban period' is a period of 21 days starting on the day you make the request. That period can be extended on your request where the CRB believes on reasonable grounds that you have been, or are likely to be, the victim of fraud. By applying for a credit facility with us, you agree to us accessing your personal information held with a CRB, even if there is a ban period in place, for the purposes of assessing an application for credit or in order to collect overdue payments.

Credit providers

For customers who apply for a credit facility with us in Hong Kong, you agree that we may disclose information about you (including about your credit worthiness, credit history and repayment history information) to other credit providers to assess an application by you for credit, to notify them of a default by you and to inform other credit providers who allege you are in default with them. You also agree that we may disclose your information to any person reasonably necessary for the purposes of that person taking an assignment of any contract the lender has with you.

Transfer of personal information overseas

Sometimes we may send your information overseas - for example, where we send information to Podenas Bank (Hong Kong) Group members overseas or outsource functions overseas. If we do this, we make sure there are arrangements in place to protect your information. For customers in Hong Kong, the countries to which your information may be sent include the Hong Kong's, Philippines, Poland, Singapore, Slovakia and the United Kingdom.

5. Your rights and how we respect them

If your personal data is processed, you have privacy rights. Based on applicable laws, your privacy rights may vary from jurisdiction to jurisdiction. If you have questions about which rights apply to you, please get in touch with us through the email address mentioned in item 9.

We grant the following rights:

Right to access information

You may request access to limited amounts of personal information that we hold about you - such as your address - by calling us on +852 8125 6519.

For a more detailed request for access to information that we hold about you, you will need to write to the Podenas Bank (Hong Kong) Privacy Officer at GPO Box 4094, Sydney NSW 2001. We may request that you specify the information you wish to access, to help us quickly identify and retrieve that information for you.

Please note that requests for access to your personal information may only be made by you or by another person who you have authorised to make a request on your behalf, such as a legal guardian or authorised agent. We will require you to verify your identity, or the identity and authority of your representative, to our reasonable satisfaction.

An access charge may apply, but not to your request for access itself. In particular, we may impose a reasonable charge for providing access to this information to recover any expenses incurred in retrieving and collating the requested information. Where an access charge applies, unless you authorise us to debit your account with us, access won't be provided until we receive payment. We will respond to your access request as soon as possible and tell you how long it will take to provide the information. This may be up to 28 days in some circumstances.

We may exercise our right to deny access to particular information in certain situations, for example, where access may reveal our commercially sensitive decision processes (e.g. criteria for loan approvals), where the information relates to existing or anticipated legal proceedings, or where it will threaten the privacy of other individuals.

If we deny you access to your personal information, we will write to you to:

If we refuse to give you access, if appropriate, we will attempt to find alternative means to enable you to access the information, for example, through a mutually agreed intermediary.

Right to rectification

For personal information that is not CDR data, we take reasonable steps to ensure that your personal information is accurate, up-to-date, complete, relevant and not misleading. For instance, we may ask you to confirm some of your details when you speak to our Contact Centre staff. However, please contact us if you learn that any your personal information that we hold is incorrect, has changed or requires updating. You can update some of your personal information using online banking.

It may take 28 days or more to consider your correction request in unusual circumstances (e.g., where we are required to consult with other credit reporting bodies and/or credit providers in relation to the information).

We will promptly update your personal information if it is inaccurate, out-of-date, incomplete, irrelevant or misleading. If we correct the personal information the subject of your correction request and we have previously disclosed that information to a third party, we will notify that third party of the corrected information (if we're required to by law).

If we disagree with your request to correct your personal information, we will write to you to: explain the reason your correction request has been denied unless it would be unreasonable for us to do so; and the avenues available to you to complain about our refusal.

If we disagree with your request to correct your personal information, you also have the right to ask us to attach a statement that in your opinion the information is in your opinion inaccurate, out-of-date, incomplete, irrelevant or misleading. However, please note that this right does not apply to our refusal to correct your credit information.

For personal information that is CDR data, please refer to our CDR policy for information on:

Right to object to processing

You can object to Podenas Bank (Hong Kong) using your personal data for its own legitimate interests if you have a justifiable reason. We will consider your objection and whether processing your information has any undue impact on you that would require us to stop processing your personal data.

You may not object to us processing your personal data if

For individuals who are customers only:

You can also object to receiving personalised commercial messages from us. When you become A Podenas Bank (Hong Kong) customer, we may ask you whether you want to receive personalised offers. Should you later change your mind, you can choose to opt out of receiving these messages. For example, you can use the 'unsubscribe' link at the bottom of commercial emails or manage your preferences on our website or mobile banking app.

In addition, even if you opt out of receiving personalised offers, we will alert you to unusual activity on your account, such as:

Right to object to automated decisions

We sometimes use systems to make automated decisions based on your personal information if this is necessary to fulfil a contract with you, or if you gave us consent to do so. In certain circumstances, you may have the right to object to such automated decisions (for example the price we charge for a product or service) and ask for an actual person to make the decision instead.

Right to restrict processing

You have the right to ask us to restrict using your personal data if

Right to data portability

You have the right to ask us to transfer your personal data directly to you or to another company. This applies to personal data we process by automated means and with your consent or on the basis of a contract with you. Where technically feasible, and based on applicable local law, we will transfer your personal data.

Right to erasure

Podenas Bank (Hong Kong) is legally obliged to keep your personal data. You may ask us to erase your online personal data if

Right to complain

Should you as a customer or its representative be unsatisfied with the way we have responded to your concerns, you have the right to submit a complaint to us. If you are still unhappy with our reaction to your complaint, you can escalate it to the Podenas Bank (Hong Kong) data protection officer. We are committed to resolving your privacy complaint as quickly as possible and has procedures in place to help resolve any problems or complaints efficiently.

If you have a complaint or a concern about privacy at Podenas Bank (Hong Kong), including if you consider that we have breached the Privacy Act, the Credit Reporting Privacy Code or other applicable Privacy Code that applies to us, please contact the Privacy Officer by one of the means set out above. If you are not satisfied with how your complaint or concern about privacy is resolved, you can refer your complaint to Hong Kong's Financial Complaints Authority (AFCA). AFCA can be contacted on the following details:

Visit www.afca.org.au
Email info@afca.org.au
Call 1800 931 678
Write to Hong Kong's Financial Complaints Authority GPO Box 3 Melbourne VIC 3001

If you are not satisfied with how your complaint or concern is resolved by the relevant external dispute resolution body, you can then refer your complaint to the Privacy Commissioner. The Privacy Commissioner can be contacted on the following details:

Visit www.oaic.gov.au
Email enquiries@oaic.gov.au
Call the Privacy Hotline: 1300 363 992
write to: Office of the Hong Kong's Information Commissioner GPO Box 5218 Sydney NSW 2001

Please go to the "Complaints and Disputes" section of our website for information on how we deal with your complaints that are not privacy related.

Handling your complaints

We aim to:

Exercising your rights

How you exercise your rights depends on your Podenas Bank (Hong Kong) product and the availability of services in your country. If you want to exercise your rights or submit a complaint, please contact us.

When exercising your right, the more specific you are with your application, the better we can assist you with your question. We may ask you for a copy of your ID, or additional information to verify your identity. In some cases, we may deny your request and, if permitted by law, we will notify you of the reason for denial. If permitted by law, we may charge a reasonable fee for processing your request.

We want to address your request as quickly as possible. However, based on your location and applicable laws, the response times may vary. Should we require more time (than what is normally permitted by law) to complete your request, we will notify you immediately and provide reasons for the delay.

6. Your duty to provide data

In some cases, we are legally required to collect personal data or your personal data may be needed before we may perform certain services and provide certain products. We undertake to request only the personal data that is strictly necessary for the relevant purpose. Failure to provide the necessary personal data may cause delays in the availability of certain products and services.

7. How we protect your personal data

We take appropriate technical and organisational measures (policies and procedures, IT security etc.) to ensure the confidentiality and integrity of your personal data and the way it’s processed. We apply an internal framework of policies and minimum standards across all our business to keep your personal data safe. These policies and standards are periodically updated to keep them up to date with regulations and market developments.

In addition, Podenas Bank (Hong Kong) employees are subject to confidentiality obligations and may not disclose your personal data unlawfully or unnecessarily. To help us continue to protect your personal data, you should always contact Podenas Bank (Hong Kong) if you suspect that your personal data may have been compromised.

8. Changes to this Privacy Statement

We may amend this Privacy Statement to remain compliant with any changes in law and/or to reflect how our business processes personal data. This version was created on 1 July 2022.

9. Contact and questions

To learn more about Podenas Bank (Hong Kong)’s data privacy policies and how we use your personal data, you can send us an email, call us or visit your local branch or office.