Legal Notes Singapore Personal Data Protection Policy
This policy is intended to help you understand our policies and practices with respect to personal data that is collected, used and disclosed by Credit Suisse in Singapore. It is also intended to inform you as to how you may seek access to and correction of your personal data as well as how to make an inquiry and, if necessary, make a complaint relating to our handling of that data.
Credit Suisse in Singapore is committed to safeguarding and protecting personal data in a manner that complies with the Personal Data Protection Act and to ensure the privacy of our customers. Unless stated otherwise, this policy is relevant to the personal data of both our current and former customers, as well as other individuals we may deal with (for example, security providers, directors and shareholders relating to our customers).
References to "Credit Suisse", "we", "us" or "our" in this Policy includes, individually and collectively, all branches, representative offices, subsidiaries and associated and affiliated companies of Credit Suisse Group AG that collect, use and/or disclose personal data in Singapore.
Credit Suisse may have entered into separate agreements with customers and other individuals that contain specific data protection provisions and, in such instances, the terms of those agreements shall prevail over the terms of this Policy.
What types of personal data do we collect?
The personal data we collect and how we do so will vary based on the reason that we are collecting the data. For example, if you are a customer it will depend on the product or service we are providing. Personal data we collect may include:
- data collected on application forms, questionnaires or other documentation or communications, such as your name, date of birth, residential and business addresses, telephone numbers, email and other electronic addresses, occupation, assets, expense, income, dependents and details about your business dealings and other events in your life;
- data about your transactions and products with us, our affiliates, or third parties, such as account balances, payment history and details about account activity and product use;
- government identifiers such as your NRIC number or passport number (for example, to verify your identity at the time you request a product or service);
- data collected in connection with your access to or usage of our on-line services, premises, or other resources; and
- other personal data we think is necessary to your relationship with us.
We usually collect your personal data directly from you but sometimes we may need to collect personal data about you from third parties.
Purposes for which we may collect, use and disclose your personal data
We will collect, use and disclose personal data relating to you that is reasonably necessary for our business functions and activities. Typical purposes for which we may collect, use and disclose your personal data include:
- the daily operation of the services and credit facilities provided to customers;
- ensuring credit worthiness of customers;
- assisting other financial institutions to conduct credit checks and collect debts;
- designing financial services or related products for customers' use;
- offering, advertising or promoting financial and banking services, investment products and other subjects;
- collection of amounts outstanding from customers and those providing security for customers' obligations;
- conducting identity, credit, and conflict checks to prevent and detect fraud and crime;
- complying with any obligations, requirements or arrangements for disclosing and using personal data that apply to us or that we are expected to comply with pursuant to any law, guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, self-regulatory or industry bodies or associations of financial services providers within or outside Singapore existing currently and in the future;
- complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Credit Suisse group and/or any other use of personal data in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
- performing any functions and activities related to the products and/or services that we provide including, without limitation, to audit, report (including analyses and materials and information generally in relation to investments and markets), conduct market research, and carry out general servicing and maintenance of online and other services;
- matching and verifying any personal data that we hold relating to customers from time to time for any other relevant and notified purpose(s);
- any other purposes in accordance with this Policy and other policies in relation to banking, financial and investment services as set out in statements, circulars, notices or other terms and conditions that we make available to customers from time to time; and
- if you provide personal data relating to a third party to us, you represent and warrant that the consent of that third party has been obtained for the collection, use and disclosure of the personal data for the purposes listed in this Policy.
Disclosure of personal data to third parties
We receive services from other Credit Suisse companies and external service providers, some of which may be located outside of Singapore, and your personal data may be provided to them for this purpose. We may also disclose your personal data to other Credit Suisse entities and to third parties for the purposes listed above. Third parties to whom we disclose your personal data may include:
- any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to us in connection with the operation of our business;
- any person who provides introducing services to us or to whom we provide introductions or referrals;
- any person to whom disclosure of personal data is necessary in order for us to validly effect, manage, administer and/or enforce any services or transactions requested or authorised by you;
- any person with whom we enter into any contractual or other arrangement in relation to any of the services and facilities provided or proposed to be provided to you including, without limitation, any guarantors, sureties, third party security providers and/or third party service providers;
- any custodian, agent or broker to whom we delegate any of our duties, functions or obligations under any agreement with you in accordance with the relevant terms and conditions;
- the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
- credit reference agencies, and, in the event of default, to debt collection agencies;
- third party financial institutions, insurers, securities and investment services providers; and
- any person to whom we are under an obligation or otherwise required to make disclosure under the requirements of any applicable law, guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, self-regulatory or industry bodies or associations of financial services providers or industry recognised bodies.
In the event that we transfer your personal data outside of Singapore, we shall take all reasonable steps to ensure that it is provided with a comparable standard of protection.
Accuracy and updates to your personal data
We will take all reasonable steps to ensure that the personal data in our possession or under our control is accurate and up-to-date at the point of collection and at regular intervals afterwards. If there is any change in your personal data, you should inform us as soon as possible and in any event within any relevant prescribed period to enable us to update our data.
We will take all practicable steps to ensure that personal data is kept only for as long as the purpose for which it was collected is being served or as otherwise necessary for legal or business purposes.
Protecting and retaining your personal data
We protect personal data in our possession or under our control by making reasonable physical, technical, administrative and procedural security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
Consequences of not providing your personal data
Failure to supply personal data may result in us being unable to open or continue accounts or establish or continue banking facilities or provide financial, banking, securities, investment products and services, including derivatives, securities trading, commodity and equity sales, exchanged-traded funds and mortgages.
Requesting access to and correction of your personal data
You have the right to request and obtain access to certain personal data that is in our possession or under our control and to have personal data relating to you which is inaccurate corrected in certain circumstances. You may do this by contacting our Personal Data Protection Officer in writing (contact details below). We have the right to charge a reasonable fee for the processing of any data access request.
To help us locate and provide the personal data you request access to, you need to be reasonably specific about the data you require and we will need to validate your identity (to ensure that we do not provide your personal data to anyone who does not have the right to access such data).
If you believe that we have not complied with our obligations under the Personal Data Protection Act in relation to your personal data please contact our Personal Data Protection Officer in writing (contact details below).
If you have any queries with respect to our policies and practices in relation to your personal data please contact:
The Personal Data Protection Officer
Credit Suisse AG, Singapore Branch
One Raffles Link #03-01
Please do not include CIF numbers, account numbers or other sensitive information in emails because it may not be secure.
This Policy is based on current laws and regulations in Singapore. Currency: 2 July 2014.
If there are any amendments to this Policy, we will post the updated Policy on our website so that you are kept up-to-date of our policies and practices with respect to the collection, use and disclosure of your personal data.