HBZ HK SECURITY ADVISORY

  

Data Privacy

HBZ will strive at all times to ensure that your data are kept confidential and secure. Occasionally we may collect personal data from you when you visit our website and when you voluntarily supply your personal data to us. We may use your personal data for sending you details of our products, services and other marketing materials which we think may be of interest to you. We may also invite you to participate in market research and surveys and other similar activities.

If we do ask you to provide your personal data, we will specify the purposes for which such personal data is collected at the time of collection. If we do send promotional mailings and marketing information to you, you will always be given an opportunity to opt out.

Personal Data Collection

HBZ will only collect personal data from you for purposes relating to the provision of financial services or related products;

  • we will take all practical steps to ensure that your personal data are accurate;
  • your personal data will be used for the purposes for which the data were to be used at the time of collection.
  • your personal data will be protected against unauthorized or accidental access, processing or erasure; and
  • you have the right to access and correct your personal data held by us. Your request for access or correction will be dealt with in accordance with the Ordinance.

Your personal data are classified as confidential and can only be disclosed by us where permitted by or pursuant to the operation of the Personal Data (Privacy) Ordinance or where we are otherwise legally compelled to do so.

Please refer to HBZ's Circular to Customers and Other Individuals relating to the Personal Data (Privacy) Ordinance for detailed information about how we handle your personal data.

Warranty

While we have taken care in preparing the content and information on our website, such content and information are provided "as is" without warranty of any kind, whether express or implied. In particular, no warranty about non-infringement, security, accuracy, fitness for a particular purpose or absence of computer viruses is given in connection with such content and information.

Linked Websites

Neither we nor any member of the HBZ Group are responsible for the contents available on or the set-up of any other websites linked to our website ("external websites"). Your access to and use of an external website is at your own risk and subject to any terms and conditions applicable to such access and use.

Internet Communications

Messages sent over the Internet cannot be guaranteed to be completely secure. We are not be responsible for any loss or damage you may suffer or incur if you send a message to us, or if we send a message to you at your request, over the Internet. We are not responsible in any way for direct, indirect, special or consequential damages arising from or in connection with the use of our website. Due to the nature of the Internet, communications over the Internet may be subject to interruption, transmission blackout, delayed transmission or incorrect data transmission.

Information Usage

Products and services referred to in this website are offered only in jurisdictions where and when they may be lawfully offered by the Bank. The materials on this website are not intended for use by persons located in or resident in jurisdictions that restrict the distribution of this material by the Bank. These pages should not be regarded as an offer or solicitation to sell products or make transactions in any jurisdiction to any person to whom it is unlawful to make such an invitation or solicitation in such jurisdictions. Persons accessing these pages are required to inform themselves about and observe any relevant restrictions.

The Bank may from time to time specify the type and scope of its e-banking services. The Bank reserves the right to modify, expand or reduce the scope of these e-banking services from time to time without giving prior notice to the Customer.

Please remember these recommendations are made to protect your interests.

To log-in to your account, always type: www.hbzhongkong.com

Do not send any confidential information including account numbers, passwords, PINs, signed payment instructions via regular email because emails are not encrypted and therefore, subject to being intercepted and read by third parties.

Please check your monthly financial statements and report any discrepancies and/or unusual account activity.

MISCELLANEOUS ADDITIONAL SECURITY TIPS

  • Do not install applications on your mobile handsets from untrusted, unsecured, or unverified sources.
  • Do not use any jailbroken iPhone or rooted Android handset which may have security loopholes and unpredictable consequences.
  • Do not act on an SMS containing a one-time password that you have not requested, review your existing payee list for any unauthorized additions.
  • Customers are advised against auto-forwarding/forwarding the SMS one-time password received to another device that is used for accessing Internet banking.
  • Customers are advised that they will be wholly responsible in respect of proper installation and updates of other mobile devices' Apps and operating systems of mobile platforms in their mobile devices.
  • Customers are advised to ensure that any USB drive containing HBZ Secure Key is removed from the relevant devices and stored securely after conclusion of related transactions.
  • Business Customers are strongly advised to exercise dual controls/authorizations at the time of submission of requests for funds transfers.
  • The Customer and, where applicable, the Authorized e-Banking User shall be fully responsible for any accidental or unauthorized disclosure of any User Name, Password, Identifier and/or the Security Code to any other person and shall bear the risk of any User Name, Password, Identifier, Security Device or Security Code being used by unauthorized persons or for unauthorized purposes. Subject to above and if, in the reasonable opinion of the Bank, there is no negligence, fraud or fault on the part of the Customer and, where applicable, the Authorized e-Banking User, the Customer and the Authorized e-Banking User shall not be liable for loss or misplacement of funds caused by unauthorized transactions conducted through the use of the Services as a result of :
    • a computer crime not prevented by the security system of the Bank;
    • a human or system error of the Bank;
    • a missed or mis-directed payment caused by the Bank.

HBZ MOBILE APPLICATION SECURITY TIPS

  • Do not share your devices (mobile handset, tablet, computer, etc.) or Internet Banking/Mobile Banking username(s)/password(s) with others
  • Do only use your own devices to log on to Internet Banking or Mobile Banking; after the log-in, do not leave your devices unattended
  • Only download the HBZ Mobile Banking App from official application stores
  • Whenever you try to log on to Internet Banking or Mobile Banking, do not use any devices in which you have awareness or suspicion of security loopholes
  • Do not download or install any software or application onto your devices if you don't trust or have no clear knowledge/understanding of the source
  • Do only use reliable and trustable Wi-Fi networks and TMDS (Telephone Mobile Data Service) and whenever possible, ensure security protection in this regard is available
  • Do always log off when you are finished or before you are away from your devices no matter for how long; set up passcode lock and auto-lock to impede unauthorized access to your devices
  • Discontinue WIFI/TMDS connection or Bluetooth when you are not using it
  • Do not store your username(s) or password(s) in your devices
  • Do ensure the latest anti-virus and anti-spy software put in place in your devices
  • Do not use untrusted virtual keyboards when you are using any mobile banking service at any time.
  • Ensure updates and patches of this Mobile App will be timely downloaded from trusted and reliable sources and installed properly in your devices
  • Always contact us for clarification whenever you are not 100% sure about how to properly use any part of or any function within HBZ Mobile Banking App
  • If your devices used for Mobile Banking/Internet Banking are lost or stolen or you have knowledge or suspicion of unauthorized access, contact us immediately and instruct us to suspend such kind of e-banking service until your further notice on the contrary; in addition, review the banking transaction history ASAP.
  • Erase all the data in your old devices before you discard, recycle or give it to others
  • Do not use any jailbroken handsets which may have security loopholes and unpredictable consequences.

Habib Bank Zurich (Hong Kong) Limited (the "Bank")

Circular to Customers and Other Individuals relating to the Personal Data (Privacy) Ordinance (the "Ordinance")

  • From time to time, it is necessary for customers and various other individuals (including without limitation applicants for banking/financial services and credit facilities, sureties and persons providing security or guarantee for credit facilities, shareholders, directors, officers and managers of corporate customers or sole proprietors or partners or applicants and other contractual counterparties) (collectively "data subjects") to supply the Bank with data in connection with the opening or continuation of accounts and the establishment or continuation of banking/credit facilities or provision of banking/financial services.
  • Failure to supply such data may result in the Bank being unable to open or continue accounts or establish or continue banking/credit facilities or provide banking/financial services.
  • It is also the case that data are collected from data subjects in the ordinary course of the continuation of the banking relationship, for example, when data subjects write cheques, deposit money, apply for a credit or carry out card transactions.
  • The purpose for which data relating to a data subject may be used are as follows:
    • the processing of applications for banking/financial services and credit facilities;
    • the daily operation of the services and credit facilities provided to data subjects;
    • conducting credit checks at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year;
    • creating and maintaining the Bank's credit scoring models;
    • provision of references (status enquiries);assisting other financial institutions to conduct credit checks and collect debts;
    • ensuring ongoing credit worthiness of data subjects;
    • designing financial services or related products for data subjects' use;
    • marketing services, products and other subjects in respect of which the Bank may or may not be remunerated (please see further details in paragraph (6) below);
    • determining the amount of indebtedness owed to or by data subjects;
    • the enforcement of data subjects' obligations, including without limitation the collection of amounts outstanding from data subjects and those providing security for data subjects' obligations;
    • complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Bank or a Bank Group Company or that it is expected to comply according to:
      • any law binding or applying to it within or outside Hong Kong existing currently and in the future or any court order being enforceable on it;
      • any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently and in the future;
      • any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Bank or a Bank Group Company by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
      • complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the group of the Bank and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
      • enabling an actual or proposed assignee of the Bank or a Bank Group Company, or participant or sub-participant of the rights of the Bank or those of a Bank Group Company in respect of the data subject to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
      • exchanging information with merchants which accept credit cards issued by the Bank and entities with whom the Bank provides affinity/co-branded /private label credit card services (each merchant or an affinity entity);
      • verifying data subjects' identities with any card acquirer of a merchant in connection with any card transactions;
      • for purposes of risk management of the group of the Bank;
      • maintaining a credit history or otherwise, a record of data subjects (whether or not there exists any relationship between data subjects and the Bank) for present and future reference; and
      • purposes relating thereto.
    • Data held by the Bank relating to a data subject will be kept confidential but the Bank may provide such information to the following parties for the purposes set out in paragraph (4):
      • any Bank Group Company, agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to the Bank or a Bank Group Company in connection with the operation of its business;
      • any other person under a duty of confidentiality to the Bank or a Bank Group Company which has undertaken to keep such information confidential;
      • the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
      • a person making any payment into data subject's account (by providing a copy of a deposit confirmation slip which may contain the name of the data subject);
      • credit reference agencies, and, in the event of default, to debt collection agencies;
      • any person to whom the Bank or a Bank Group Company is under an obligation or otherwise required to make disclosure under the requirements of any law, regulation or court order binding on or applying to the Bank or a Bank Group Company, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Bank or a Bank Group Company is expected to comply, or any disclosure pursuant to any contractual or other commitment of the Bank or a Bank Group Company with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside Hong Kong and may be existing currently and in the future;
      • any actual or proposed assignee of the Bank or a Bank Group Company, or participant or sub-participant or transferee of the rights of the Bank or those of a Bank Group Company in respect of the data subject;
      • a merchant or an affinity entity which has undertaken to keep such data confidential; and
      • and:
        • any Bank Group Company;
        • third party financial institutions, insurers, credit card companies, securities and investment services providers;
        • third party reward, loyalty, co-branding and privileges programme providers;
        • co-branding partners of the Bank and any Bank Group Company (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
        • charitable or non-profit making organisations; and
        • external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Bank engages for the purposes set out in paragraph (4)(ix).
      • The Bank may disclose data to any or all the parties stated above and may do so notwithstanding that the recipient’s place of business is outside Hong Kong, including Mainland China, or that such information following disclosure will be collected, held, processed or used by such recipient in whole or part outside Hong Kong.
      • USE OF DATA IN DIRECT MARKETING The Bank uses and/or intends to use the data of a data subject in direct marketing and the Bank requires the consent of the data subject (which includes an indication of no objection) for that purpose. In this connection, please note that:
        • the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of a data subject held by the Bank from time to time may be used by the Bank in direct marketing;
        • the following classes of services, products and subjects may be marketed:
        • financial, insurance, credit card, banking and related services and products;
        • reward, loyalty or privileges programmes and related services and products;
        • services and products offered by the Bank's co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
        • donations and contributions for charitable and/or non-profit making purposes;
      • the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Bank and/or:
        • any Bank Group Company;
        • third party financial institutions, insurers, credit card companies, securities and investment services providers;
        • third party reward, loyalty, co-branding or privileges programme providers;
        • co-branding partners of the Bank and any Bank Group Company (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
        • charitable or non-profit making organisations;
      • in addition to marketing the above services, products and subjects itself, the Bank also provides and/or intends to provide the data described in paragraph (6)(i) above to all or any of the persons described in paragraph (6)(iii) above for use by them in marketing those services, products and subjects, and the Bank requires written consent of the data subject (which includes an indication of no objection) for that purpose;
      • the Bank may receive money or other property in return for providing the data to the other persons in paragraph (6)(iv) above and, when requesting the consent of the data subject or no objection as described in paragraph (6)(iv) above, the Bank will inform the data subject if it will receive any money or other property in return for providing the data to the other persons.

        If a data subject does not wish the Bank to use or provide to other persons his data for use in direct marketing as described above, the data subject may, without charge, exercise his opt-out right by notifying the Bank. The data subject may make the opt-out request by completing the form below and returning to the Bank or visiting any of the Bank's branches.
      • With respect to data in connection with mortgages applied by a data subject (whether as a borrower, mortgagor or guarantor and whether in the data subject's sole name or in joint names with others) on or after 1 April 2011, the Bank may, on its own behalf and/or as agent, provide the following data relating to the data subject (including any update) to a credit reference agency:
        • full name;
        • capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in the data subject's sole name or in joint names with others);
        • Hong Kong Identity Card Number or travel document number;
        • date of birth;
        • address;
        • mortgage account number in respect of each mortgage;
        • type of the facility in respect of each mortgage;
        • mortgage account status in respect of each mortgage (e.g., active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order); and
        • if any, mortgage account closed date in respect of each mortgage.
        The credit reference agency will use the above data for the purposes of compiling a count of the number of mortgages from time to time held by the data subject with credit providers in Hong Kong, as borrower, mortgagor or guarantor respectively and whether in the data subject's sole name or in joint names with others, for sharing in the consumer credit database of the credit reference agency by credit providers (subject to the requirements of the Code of Practice on Consumer Credit Data approved and issued under the Ordinance).
      • Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data, the data subject has the right:
        • to check whether the Bank holds data about him and of access to such data;
        • to require the Bank to correct any data relating to him which is inaccurate;
        • to ascertain the Bank's policies and practices in relation to data and to be informed of the kind of personal data held by the Bank;
        • to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
        • in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Bank to a credit reference agency, to instruct the Bank, upon termination of the account by full repayment, to make a request to the credit reference agency to delete such account data from its database, as long as the instruction is given within five years of termination and at no time was there any default of payment in relation to the account, lasting in excess of 60 days within five years immediately before account termination. Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by the Bank to a credit reference agency), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).
      • In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data (as defined in paragraph (8)(v) above) may be retained by the credit reference agency until the expiry of five years from the date of final settlement of the amount in default.
      • If any amount in an account is written-off due to a bankruptcy order being made against a data subject, the account repayment data (as defined in paragraph (8)(v) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until the expiry of five years from the date of final settlement of the amount in default or the expiry of five years from the date of discharge from a bankruptcy as notified by the data subject with evidence to the credit reference agency, whichever is earlier.
      • The Bank may from time to time access the consumer credit data of a data subject held by a credit reference agency in the course of the consideration of any grant of consumer credit or the review or renewal of existing customer credit facilities granted to the data subject as borrower or to another person for whom the data subject proposes to act or acts as guarantor or for the purpose of the reasonable monitoring of the indebtedness of the data subject while there is currently a default by the data subject as borrower or as guarantor. In particular, the Bank may access the consumer credit data for the purpose of the review of the existing consumer credit facilities granted to assist the Bank in considering any of the following matters:-
        • an increase in the credit amount;
        • the curtailing of credit (including the cancellation of credit or a decrease in the credit amount); or
        • the putting in place or the implementation of a scheme of arrangement with the individual customer.
        If the data subject wishes to access the credit report obtained by the Bank from the credit reference agency, the Bank will advise the contact details of the relevant credit reference agency.
      • In accordance with the terms of the Ordinance, the Bank has the right to charge a reasonable fee for the processing of any data access request.
      • The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed is as follows:

        The Data Protection Officer,
        Habib Bank Zurich (HK) Limited, Main Branch,
        1701-05, Wing On House, 71, Des Voeux Road,
        Central, Hong Kong.
        Tel: +852 2906 1139 / 2906 1818
      • Nothing in this Circular shall limit the rights of data subjects under the Ordinance.
      • This Circular shall be deemed an integral part of all contracts, agreements, credit facility letters, account mandates and other binding arrangements which the data subject has entered into or intends to enter into with the Bank.
      • In this Circular, the following terms shall have the following meanings:

        Bank Group Company means any subsidiary of the Bank, any direct or indirect holding company of the Bank, any subsidiary of any such holding company or any of their related companies (that is such companies' equity interest is held by any of the foregoing) including companies within the group of Habib Bank Zurich (Hong Kong) Limited;

        subsidiary and holding company bear the meanings under the Companies Ordinance (Cap.622).

For additional security tips please visit www.hkab.org.hk

NOTE: HBZ expressly dissociates itself from any transaction based on scam correspondence or any other representation made via any fictitious websites/e-mail addresses. The Bank will not be liable for any loss incurred by any person based on actions taken through these websites/e-mail addresses.