Personal data is any information that can be used to identify you. For Mox (Mox/we/us), your personal data is very important. What we can learn from or about you helps us to deliver smart banking to you.
Sometimes we will aggregate information. This means we will combine information from groups of customers to create a profile group for research, analysis or to help with general marketing.
Some of the security measures we use to protect your data include:
We always need your help to keep your data secure. Please let us know immediately if your data may have been lost or stolen, or if you think someone has used it without your permission.
We may use algorithms when considering and processing your application for Mox products and services. The algorithms provide automatic assessments and decisions based on the personal data collected in accordance with our PICS. The parameters used in these assessments have been selected to provide a fair and objective assessment of your personal data and have been tested for reliability and fairness. If we are uncertain about the accuracy of the personal data that will be used in an algorithmic assessment, we may ask you to clarify any such personal data.
At Mox, we pride ourselves on putting the customer first. So, if you need any additional information about our privacy policies and practices or if you have a complaint then please give us a chance to put things right by messaging us through the App, sending an email (firstname.lastname@example.org), giving us a call (Tel: 2888 8228) or reaching us by post (Address: Data Protection Officer, 22/F Cityplaza Three, Taikoo Shing Road, Quarry Bay, Hong Kong). You can also refer your complaint to the Hong Kong Monetary Authority or the Office of the Privacy Commissioner for Personal Data.
This policy does not apply to third-party websites where our online advertisements are displayed or to linked third-party websites which we do not operate or control.
Mox (Mox/we/us) will collect your personal data to help us operate as a bank. Broadly, Mox will collect, process and store the personal data you provide to us (such as your name, date of birth, identity card number, correspondence address, phone number, email address, nationality, credit-related information or even “sensitive” data such as selfies, videos and voice recordings) to keep you and Mox secure, meet our business obligations and comply with the law. This includes establishing, maintaining and operating your Mox account, Mox card (and any other Mox product or service you use), also providing rewards and running competitions and games. The provisions of this PICS form part of the account terms and conditions (including the terms applicable to your use of our App) and any other agreement or arrangements you enter into with Mox.
We collect your data so we can provide the best possible service to you. If you do not provide us with the personal data we require from you, we may not be able to establish, maintain or provide our products and services to you.
We may also collect your data, directly or indirectly, from your transactions with or through Mox in the ordinary course of our business, including information received from third parties, the public domain, collected through your use of our App, websites, cookies, behavioral or location tracking tools, banking services, financial services or other services provided by Mox and the Standard Chartered Group and/or when you deposit money or execute transactions through your Mox card. Understanding your spending and saving behaviour helps us make suggestions to you, to make informed financial decisions for you, and to help keep your account(s) and data secure.
Please note that we also collect data to help us comply with laws, regulations, guidelines and requests or investigations by the authorities.
In this PICS, “Standard Chartered Group” means each of or collectively Standard Chartered PLC and its subsidiaries and affiliates (including each branch or representative office). Mox is a member of the Standard Chartered Group.
We will collect personal data from our customers and other individuals in connection with the purposes set out in this PICS. These customers and other individuals may include the following, and we refer to them collectively as “you/your” in this PICS:
We may use your data for any of the following purposes:
meeting or complying with any obligations, requirements or arrangements for disclosing and using data that apply to us or any other member of the Standard Chartered Group, including those that we or any such member is expected to comply with according to:
Data we hold is kept confidential but we may provide, transfer or disclose such data or information to other parties (whether within or outside Hong Kong*) if it will help with any of the uses we’ve listed in the “Use of your data” paragraph above. These other parties include:
*This may mean your data is disclosed, transferred, stored or processed outside of Hong Kong. If this happens, then we may need to comply with another country’s laws and requirements on personal data. Such parties may be located in the following countries: Australia, Germany, Hong Kong, India, Ireland, Japan, Mainland China, Malaysia, Netherlands, Philippines, Singapore, United Arab Emirates, United Kingdom, United States of America.
We would like to use your data in direct marketing and we require your consent (which includes an indication of no objection) for that purpose. The data that we may use in direct marketing includes:
We may directly market the following classes of services, products, and subjects:
Along with us, the following persons may provide or solicit (in the case of donations and contributions) the above services, products and subjects:
We may also provide your data to any of these people for them to use in directly marketing the same services, products and subjects to you. Mox will always first obtain your consent (which includes an indication of no objection) for that purpose. We may receive money or other property in return for providing your data to these other persons, but we’ll tell you if this is the case when obtaining your consent.
You can change your mind about giving consent for us to use or provide to other persons your data for use in direct marketing, as set out above. Just let us know at any time.
Where you have provided us with another person’s personal data, you should provide him/her with a copy of this PICS and inform them of how we may use his/her data.
You have the following rights according to the law:
Also, we may from time to time access your personal and account information or records held by the credit reference agency for the purpose of reviewing any of the following matters in relation to the existing credit facilities granted to you or a third party whose obligations are guaranteed by you:
If you want to exercise any of these rights, [see the Privacy Dashboard or] let us know through the App, by email (email@example.com), through the Contact Centre (Tel: 2888 8228) or send a letter to:
Data Protection Officer 22/F Cityplaza Three Taikoo Shing Road Quarry Bay Hong Kong
We have the right to charge a reasonable fee for the processing of any data access request you make. We will never charge a fee unless you are requesting a paper record to be sent to you.
Once we receive your data, we’ll do our best to protect it because the security of your personal data is important to us. We have technical and organisational security measures in place to safeguard your personal data (including personal data in transit and storage). These security measures ensure that the confidentiality and integrity of your personal data is not compromised. Multiple layers of protection have been put in place to protect against leakage of personal data to external parties. Personal data will be encrypted by strong data encryption algorithms using encryption keys unique to us and with proper key management. When using external service providers, we require that they adhere to certain security standards mandated by us or the Standard Chartered Group (as applicable). The Standard Chartered Group may do this through contractual provisions, including any such provisions approved by a privacy regulator, and oversight of the service provider. Regardless of where personal data is transferred, we take all steps reasonably necessary to ensure that personal data is kept securely.
You should also be aware that the Internet (including applications which use the Internet for data transfer) may not be a secure form of communication and sending us personal data over the Internet may carry with it risks including the risk of access and interference by unauthorised third parties. Information passing over the Internet may be transmitted internationally (even when the sender and recipient are located in the same country) via countries with weaker privacy and data protection laws than your country of residence.
Mox and the Standard Chartered Group retain personal data in line with applicable legal and regulatory obligations and for business and operational purposes. In the majority of cases, this will be for 7 years from the end of your relationship with us. You can ask us to permanently delete some or all of your data earlier than this but we can only do so if:
If we can’t permanently delete your data promptly after you ask us, please be sure that we’ll let you know.
We and other members of the Standard Chartered Group may record and monitor electronic communications with you to ensure compliance with legal and regulatory obligations and internal policies.
This Mox PICS is provided to you under Hong Kong’s Personal Data (Privacy) Ordinance and Code of Practice on Consumer Credit Data.