Personal data is any information that can be used to identify you. For Mox (Mox/we/us), your personal data is very important. What we can learn from or about you helps us to deliver smart banking to you.
Some of the security measures we use to protect your data include:
We also use digital signatures and encryption. Encryption changes your data into a code that can only be read by Mox and some of our trusted partners who need access to it. We always encrypt your data using the highest standards of security technology.
Encryption helps to ensure:
We always need your help to keep your data secure. Please let us know immediately if your data may have been lost or stolen, or if you think someone has used it without your permission.
We may use algorithms when considering and processing your application for Mox products and services. The algorithms provide automatic assessments and decisions based on the personal data collected in accordance with our PICS. The parameters used in these assessments have been selected to provide a fair and objective assessment of your personal data and have been tested for reliability and fairness. If we are uncertain about the accuracy of the personal data that will be used in an algorithmic assessment, we may ask you to clarify any such personal data.
At Mox, we pride ourselves on putting the customer first. So, if you need any additional information about our privacy policies and practices or if you have a complaint then please give us a chance to put things right by messaging us through the Mox app, sending an email (email@example.com), giving us a call (Tel: 2888 8228) or reaching us by post (Address: Data Protection Officer, 39/F, Oxford House, Taikoo Place, 979 King’s Road, Quarry Bay, Hong Kong).
You can also refer your complaint to the Hong Kong Monetary Authority or the Office of the Privacy Commissioner for Personal Data.
This policy does not apply to third-party websites where our online advertisements are displayed or to linked third-party websites which we do not operate or control.
Last updated: 14 August 2020
Mox Bank Limited (“Mox”, “we”, “us”) will collect your personal data to help us operate as a bank. Broadly, Mox will collect, process and store the personal data you provide to us (such as your name, date of birth, identity card number, correspondence address, phone number, email address, nationality, credit-related information or even ‘sensitive’ data such as your facial image, and videos and voice recordings of you that you make while communicating with us) to keep you and Mox secure, meet our business obligations and comply with the law. This includes establishing, maintaining and operating your Mox Account and other accounts, Mox Card (and any other Mox product or service you use), and also providing rewards and running competitions and games. The provisions of this PICS form part of the account terms and conditions (including the terms applicable to your use of the Mox app) and any other agreement or arrangements you enter into with Mox.
We collect your data so we can provide the best possible service to you. If you do not provide us with the personal data we require from you, we may not be able to establish, maintain or provide our products and services to you.
We may also collect your data, directly or indirectly, from your transactions with or through Mox in the ordinary course of our business, including information received from third parties, the public domain, collected through your use of the Mox app, websites, cookies, behavioral or location tracking tools, banking services, financial services or other services provided by Mox and the Standard Chartered Group and/or when you deposit money or execute transactions through your Mox Card. Understanding your spending and saving behaviour helps us make suggestions to you, to make informed financial decisions for you, and to help keep your account(s) and data secure.
Please note that we also collect data to help us comply with laws, regulations, guidelines and requests or investigations by the authorities. In this PICS, “Standard Chartered Group” means each of or collectively Standard Chartered PLC and its subsidiaries and affiliates (including each branch or representative office). Mox is a member of the Standard Chartered Group.
We will collect personal data from our customers and other individuals in connection with the purposes set out in this PICS. These customers and other individuals may include the following, and we refer to them collectively as “you”, or “your” in this PICS:
(a) applicants and account-holders of Mox products or services;
(b) customers; and
(c) any third party transacting with or through us.
We may use your data for any of the following purposes:
(a) considering and processing your application(s) (including assessing the merits and/or suitability of your application(s)) for Mox products and services;
(b) operating, maintaining and informing you of Mox products and services, including to understand the overall picture of your relationship with the Standard Chartered Group by linking data in respect of all accounts you are connected to;
(c) developing, improving and designing Mox products and services;
(d) meeting our internal operational requirements or those of the Standard Chartered Group (including credit and risk management, system or product development and planning, carrying out testing and analysis and insurance, audit and administrative purposes);
(e) conducting credit checks on you and obtaining your credit report from credit reference agencies (including upon your application for any Mox product or service and when we review your credit which normally takes place once or more times each year);
(f) creating and maintaining our credit and risk scoring models;
(g) maintaining your credit history for present and future reference;
(h) assisting other financial institutions and organisations to conduct credit checks and collect repayments owed to them;
(i) assisting other credit providers in Hong Kong approved for participation in the Multiple Credit Reference Agencies Model to conduct credit checks and collect debts;
(j) ensuring your initial and ongoing creditworthiness;
(k) determining the amount of indebtedness owed to or by you;
(l) enforcing your obligations, to us or any other member of the Standard Chartered Group, including, but not limited to, collecting amounts outstanding from you (e.g. by contacting a debt collection agency);
(m) in connection with matching against any data held by us or the Standard Chartered Group so that we can better improve the way we provide services to you, for example, credit checking and data verification. We may also need to match your data when we try to recover amounts you owe us;
(n) marketing services, products and other subjects (see clause 4 (Direct marketing) of this PICS);
(o) meeting or complying with any obligations, requirements or arrangements for disclosing and using data that apply to us or any other member of the Standard Chartered Group, including those that we or any such member is expected to comply with according to:
(p) meeting any obligations, policies, measures or arrangements for sharing data and information within the Standard Chartered Group and/or any other use of data and information pursuant to any group-wide programs for compliance with sanctions or prevention or detection of money laundering, terrorist financing, fraudulent activities or other unlawful activities;
(q) enabling an actual or potential transferee, assignee of all or any part of our business and/or asset or participant or sub-participant of our rights in respect of you, to evaluate the transaction intended to be the subject of the transfer, assignment, participation or sub-participation;
(r) in connection with us or any member of the Standard Chartered Group defending or responding to any legal, governmental, or regulatory or quasi-governmental related matter, action or proceeding (including any prospective action or legal proceedings), including where it is in the legitimate interests of us or any member of the Standard Chartered Group to seek professional advice, for obtaining legal advice or for establishing, exercising or defending legal rights;
(s) in connection with investigating an insurance-related matter (including matters related to any member of the Standard Chartered Group);
(t) organising and delivering seminars to you;
(u) managing, monitoring and assessing the performance of any agent, contractor or third-party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to us in connection with the establishment, operation or maintenance of any Mox product or service; and
(v) any other purposes relating thereto.
Data we hold is kept confidential but we may provide, transfer or disclose such data or information to other parties (whether within or outside Hong Kong*) if it will help with any of the uses we’ve listed in clause 2 (Use of your data) of this PICS. These other parties include:
(a) any organisation, agent, contractor or third party service provider who provides administrative, telecommunications, identity verification/know-your-customer, computer, payment/transaction, cloud storage or services, data analytics, cybersecurity or securities clearing or other services to us in connection with the establishment, operation, maintenance or provision of any Mox product or service to you;
(b) anyone who works for (or provides services to) us or the Standard Chartered Group (or any of the parties referred to in clause 3(a) of this PICS);
(c) any person who owes a duty of confidentiality to Mox (or any other member of the Standard Chartered Group);
(d) credit reference agencies (including the operator of any centralised database used by credit reference agencies);
(e) debt collection agencies if we need to collect a repayment;
(f) any financial institution or merchant acquiring company which you would like to, or already have, dealings with;
(g) any person or organisation that Mox (or another member of the Standard Chartered Group) owes an obligation to (which may exist now or in the future);
(h) any actual or proposed assignee or transferee of all or any part of Mox’s business and/or assets or participant or sub-participant or transferee of Mox’s rights in respect of you;
(i) any party giving or proposing to give a guarantee or third party security to guarantee or secure your obligations;
(j) charitable or non-profit making organisations;
(k) any external service provider that we engage to provide marketing services (including anyone who works for such a service provider);
(l) any interface (such as an application programming interface) that links to, or in any way makes available information about, our products and/or services;
(m) third party financial institutions, insurers, credit card companies, securities and investment service providers;
(n) third party reward, loyalty, co-branding and privileges program providers;
(o) our co-branding partners and/or co-branding partners of any member of the Standard Chartered Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
(p) any person or company who has a direct or indirect shareholding in Mox and their affiliates (each, a “Shareholder”) (for example, to find out whether or not you are a customer of theirs or their affiliates and what products and services they provide or could provide to you), and anyone who works for (or provides services to) a Shareholder;
(q) any Authority;
(r) any other Mox customers in connection with your use of Mox products and services; and
(s) any other person:
*This may mean your data is disclosed, transferred, stored or processed outside of Hong Kong. If this happens, then we may need to comply with another country’s laws and requirements on personal data. Such parties may be located in the following countries: Australia, Germany, Hong Kong, India, Ireland, Japan, Mainland China, Malaysia, Netherlands, Philippines, Singapore, United Arab Emirates, United Kingdom, United States of America.
(a) We would like to use your data in direct marketing and we require your consent (which includes an indication of no objection) for that purpose. The data that we may use in direct marketing includes:
(b) We may directly market the following classes of services, products, and subjects:
(c) Along with us, the following persons may provide or solicit (in the case of donations and contributions) the services, products and subjects set out in clause 4(b) of this PICS:
We may also provide your data to any of these people for them to use in directly marketing the same services, products and subjects to you. Mox will always first obtain your consent (which includes an indication of no objection) for that purpose. We may receive money or other property in return for providing your data to these other persons, but we’ll tell you if this is the case when obtaining your consent.
(d) You can change your mind about giving consent for us to use or provide to other persons your data for use in direct marketing, as set out in this clause 4. Just let us know at any time.
Where you have provided us with another person’s personal data, you should provide him/her with a copy of this PICS and inform them of how we may use his/her data.
(a) You have the following rights according to the law:
(i) to check what data of yours we hold and be provided with a copy of it;
(ii) to require us to make changes to any data that is inaccurate;
(iii) to withdraw any consent that you have previously given us with respect to our use of your personal data;
(iv) to know our policies and practices on data;
(v) to be told what kind of data we hold and what you have access to;
(vi) to check what data we usually disclose to credit reference agencies and debt collection agencies;
(vii) to ask us for more information so you can approach the relevant credit reference agency or agencies or debt collection agency or agencies yourself for a copy of your personal data or for the personal data to be corrected; and
(viii) to ask us to contact the relevant credit reference agency or agencies about deleting any repayment data related to an account you close, as long as it hasn’t been closed for more than 5 years and there hasn’t been any repayment due for more than 60 days during this period. Account repayment data includes the amount last due, amount of payment(s) made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by us to the relevant credit reference agency or agencies), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)). We also need to tell you that if you miss a repayment on any loan we give you:
(b) We may from time to time access your personal and account information or records held by credit reference agencies for the purpose of reviewing any of the following matters in relation to the existing credit facilities granted to you or a third party whose obligations are guaranteed by you:
Data Protection Officer
39/F, Oxford House
Taikoo Place, 979 King’s Road
We have the right to charge a reasonable fee for the processing of any data access request you make. We will never charge a fee unless you are requesting a paper record to be sent to you.
(a) Once we receive your data, we’ll do our best to protect it because the security of your personal data is important to us. We have technical and organisational security measures in place to safeguard your personal data (including personal data in transit and storage). These security measures ensure that the confidentiality and integrity of your personal data is not compromised. Multiple layers of protection have been put in place to protect against leakage of personal data to external parties. Personal data will be encrypted by strong data encryption algorithms using encryption keys unique to us and with proper key management. When using external service providers, we require that they adhere to certain security standards mandated by us or the Standard Chartered Group (as applicable). The Standard Chartered Group may do this through contractual provisions, including any such provisions approved by a privacy regulator, and oversight of the service provider. Regardless of where personal data is transferred, we take all steps reasonably necessary to ensure that personal data is kept securely.
(b) You should also be aware that the Internet (including applications which use the Internet for data transfer) may not be a secure form of communication and sending us personal data over the Internet may carry with it risks including the risk of access and interference by unauthorised third parties. Information passing over the Internet may be transmitted internationally (even when the sender and recipient are located in the same country) via countries with weaker privacy and data protection laws than your country of residence.
(c) Mox and the Standard Chartered Group retain personal data in line with applicable legal and regulatory obligations and for business and operational purposes. In the majority of cases, this will be for 7 years from the end of your relationship with us. You can ask us to permanently delete some or all of your data earlier than this but we can only do so if:
If we can’t permanently delete your data promptly after you ask us, please be sure that we’ll let you know.
We and other members of the Standard Chartered Group may record and monitor electronic communications with you to ensure compliance with legal and regulatory obligations and internal policies.
The English version prevails if there is any inconsistency between the English and Chinese versions of any of this Mox PICS.
This PICS is provided to you under Hong Kong’s Personal Data (Privacy) Ordinance and Code of Practice on Consumer Credit Data.
Last Updated: 25 November 2022