At BNP Paribas, Singapore, we take our responsibilities under Singapore’s Personal Data Protection Act 2012 (the “PDPA”) seriously. We also recognize the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data.
This Data Protection Policy is designed to assist you in understanding how we generally collect, use, disclose and/or process the personal data you have provided to us, as well as to assist you in making an informed decision before providing us with any of your personal data.
If you, at any time, have any queries on this policy or any other queries in relation to how we manage, protect and/or process your personal data, please do not hesitate to contact us and attention your queries to our Data Protection Officer for the following entities :
|BNP Paribas Singapore Branch*||+(65) 6210 1288|
|BNP Paribas Securities Services Singapore Branch||+(65) 6210 1288|
|BNP Paribas Securities (Singapore) Pte Ltd||+(65) 6210 1988|
|BNP Paribas Investment Partners Singapore Limited||+(65) 6210 1288|
|*For Wealth Management Business Line||+(65) 6210 3888|
You may also write to our Data Protection Officer as follows:
Data Protection Officer
20 Collyer Quay #01-01
cc: BNP Paribas Singapore Branch COO
1 INTRODUCTION TO THE PDPA
1.1 “Personal Data” is defined under the PDPA to mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access. Common examples of personal data could include names, identification numbers, contact information, medical records, photographs and video images.
1.2 We will collect your personal data in accordance with the PDPA. We will notify you of the purposes for which your personal data may be collected, used, disclosed and/or processed, as well as obtain your consent for the collection, use, disclosure and/or processing of your personal data for the intended purposes, unless an exception under the law permits us to collect and process your personal data without your consent.
2 PURPOSES FOR COLLECTION, USE, DISCLOSURE AND PROCESSING OF PERSONAL DATA
2.1 The personal data which we collect from you may be collected, used, disclosed and/or processed for various purposes, depending on the circumstances for which we may/will need to process your personal data, including :
(a) processing your enquiries and application for account opening as well as products and services;
(b) providing you with products and/or services, the entry into and/or performance of any transactions with us, and the facilitation of any of the foregoing;
(c) administering and/or managing your relationship and/or account(s) with us (including the outsourcing of any related functions to authorised service providers or third party vendors who provide operational services to us, including those relating to auditing, finance and accounting, billing and collections, IT systems, data and website hosting, training, testing, business continuity, and records, document and print management);
(d) carrying out your instructions or responding to any enquiries by you;
(e) carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations or risk management procedures (including but not limited to those designed to combat financial crime, “know-your customer”, anti-money laundering, counter-terrorist financing or anti-bribery), that may be required by law or that may have been put in place by us;
(f) dealing in any matters relating to the products and/or services offered or provided by us under the agreement(s) between you and us (including the printing and mailing of correspondence, statements, invoices, confirmations, advices, information, reports or notices to you, which could involve disclosure of certain Personal Data to bring about delivery of the same as well as on the external cover of envelopes/mail packages);
(g) facilitating your business asset transactions (which may extend to any mergers, acquisitions or asset sales);
(h) the recovery of any and all amounts owed to us;
(i) the process of reviewing and approving the account(s), and the conduct of initial and anticipatory credit checks and assessments, relevant checks, ongoing assessment and verification of ongoing credit worthiness and standing;
(j) preventing, detecting and investigating crime, fraud, misconduct, any unlawful action or omission, whether relating to your application or any other matter relating to your account(s), and whether or not there is any suspicion of the aforementioned;
(k) managing our infrastructure and business operations, and complying with policies and procedures that may be required by law, applicable regulation, guidelines or notices and/or that may have been put in place by us, including those relating to regulatory review and/or oversight, auditing (whether internal or external), finance and accounting, billing and collections, IT systems, data and website hosting, training, testing, business continuity, and records, document and print management;
(l) monitor and record telephone conversations, voice or video conferences and all electronic communications for record keeping, quality training and investigation purposes;
(m) to publish your feedback at our internal and external events, feedback exercises and/or as part of our marketing and promotional activities;
(n) processing and/or storing information related to your relationship with us;
(o) complying with applicable law, regulations, guidelines and/or notices in administering and managing your relationship with us; and
(p) any other purposes which we may notify you of at the time of obtaining your
consent,(collectively, the “Purposes”).
As the purposes for which we may/will collect, use, disclose or process your personal data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or by law. For more information on the exceptions, you are encouraged to peruse Second and Third Schedules of the PDPA which are publicly available at http://statutes.agc.gov.sg.
2.2 In order to conduct our business operations more smoothly, we may also be disclosing the personal data you provide to us to our third party service providers, agents and/or our affiliates or related corporations, and/or other third parties, who may be sited in or outside of Singapore, for one or more of the above-stated Purposes.
3 SPECIFIC ISSUES FOR THE DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
3.1 We will respect the confidentiality of the personal data you provide to us.
3.2 In that regard, we will not disclose your personal data to third parties without first obtaining your consent permitting us to do so. However, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, the following :
(a) cases in which the disclosure is required or authorized based on the applicable laws and/or regulations;
(b) cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;
(c) cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
(d) cases in which the disclosure is necessary for any investigation or proceedings;
(e) cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer;
(f) cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest; and/or
(g) where such disclosure without your consent is permitted by the PDPA or by law.
3.3 The instances listed above in the foregoing paragraph are not intended to be exhaustive. For more information on the exceptions, you are encouraged to peruse Fourth Schedules of the PDPA which are publicly available at http://statutes.agc.gov.sg.
3.4 Where we disclose your personal data to third parties with your consent, we will employ our best efforts to require such third parties to protect your personal data.
4 Third Party Personal Data
4.1 You represent, undertake and warrant to us that:
(a) in respect of any personal data of any individuals whatsoever which you may, from time to time, disclose to us (“Third Party Personal Data”), you would have prior to disclosing such Third Party Personal Data to us obtained the appropriate consent from the individuals whose Third Party Personal Data are being disclosed, to :
(i) permit you to disclose the individuals’ Third Party Personal Data to us for or in connection with the Purposes; and/or (ii) permit us and our affiliates or related corporations (in Singapore and/or elsewhere) to collect, use, disclose, share and/or process (through authorised service providers, relevant third parties or otherwise) the individuals’ Third Party Personal Data for or in connection with the Purposes;
(b) any Third Party Personal Data that you disclose to us are accurate;
(c) should you become aware that any such Third Party Personal Data has been updated and/or changed after such disclosure to us, you shall give us notice in writing as soon as reasonably practicable thereafter; and
(d) should you become aware that any individual whose Third Party Personal Data you have disclosed to us has withdrawn his consent as referred to in sub-Clause (a) above, you shall give us notice in writing as soon as reasonably practicable thereafter. Without prejudice to our other rights under law and/or the agreement(s) between you and us, upon our receipt of the said notification, we shall have the right to discontinue or not provide any products and/or services to and/or transactions with you that are linked to such Third Party Personal Data.
5 REQUEST FOR ACCESS AND/OR CORRECTION OF PERSONAL DATA
5.1 You may request to have access to and/or correct your personal data currently in our possession by contacting us using the hotlines provided in this policy.
5.2 We reserve the right to charge you a fee for handling and processing your requests to access and/or correct your personal data. Such fee will depend on the nature and complexity of your request.
5.3 If you withdraw your consent to our collection, use or disclosure of your Personal Data in whole or in part, please provide us prompt notice in writing. Without prejudice to our other rights under law and/or the agreement(s) between you and us, upon our receipt of your notification and depending on the nature and scope of your withdrawal of consent, we shall have the right to discontinue or not provide any products and/or services to and/or transactions with you that are linked to such Personal Data.
6 ADMINISTRATION AND MANAGEMENT OF PERSONAL DATA
6.1 We will make reasonable efforts to ensure that your personal data is accurate and complete, if your personal data is likely to be used by us to make a decision that affects you, or disclosed to another organisation. However, this means that you must also update us of any changes in your personal data from time to time. We will not be responsible for relying on inaccurate or incomplete personal data arising from your not updating us of any changes in your personal data from time to time in a timely manner.
6.2 We will also put in place reasonable security arrangements to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.
6.3 We will also put in place measures such that your personal data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.
7 UPDATES ON DATA PROTECTION POLICY
7.1 As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time.
We reserve the right to amend the terms of this Data Protection Policy at our absolute discretion. Any amended Data Protection Policy will be posted on our website. You are encouraged to visit our website from time to time to ensure that you are well informed of our latest policies in relation to personal data protection.
Last Updated on 11th May 2017