Personal Information and Privacy Protection Policy

Latest Revision Date: 31 May 2019

HSBC Life Insurance Company Limited (“the Company”, “we” or “us”) take personal information confidentiality and security very seriously, and strive at all times to protect our customers’ and related parties’ personal information and privacy according to law. We therefore formulate this Personal Information and Privacy Protection Policy (this “Policy”) and collect, use, disclose and protect your personal information (including the personal information of the person you represent) in accordance with this Policy.

Important Notice: This Policy shall apply to your and related parties’ personal information that may be involved when you visit, browse, use any website, Wechat Official Account, or mobile device application of the Company (including but not limited to WeChat Mini Programs and application and etc.), apply for or use any product or service of the Company, handle any business at the Company or make any transaction with the Company, participate in any marketing events and surveys of the Company, apply for any position at the Company, and/or in any way contact or correspond with the Company, no matter the information is provided by yourself or by the related parties, or collected or acquired by the Company from other sources according to law, regulation, regulatory provision, or based on your or related parties’ authorisation or consent. Please be advised to read this Policy carefully before conduct any activities aforesaid. You understand and agree the Company may collect, verify, store, use, process, disclose, transfer, protect your and related parties’ personal information in accordance with this Policy and other terms and conditions otherwise agreed between you and the Company. If there is any discrepancy between this Policy and the other terms and conditions agreed between you and the Company, such other terms and conditions shall prevail.

The terms of conditions of this Policy is set out as below:

I. Personal Information and Privacy Protection Policy Overview – How We Protect Your Personal Information

II. How We Collect Your Personal Information

III. How We Use Cookies and Other Technologies

IV. How We Use or Disclose Your Personal Information

V. Your Rights Relating to Personal Information

VI. How We Handle Minors’ Personal Information

VII. Update of this Policy

VIII. Miscellaneous

If you have any query, comment or suggestion, please CONTACT US.

I. Personal Information and Privacy Protection Policy Overview – How We Protect Your Personal Information

a. Overview

To preserve the confidentiality, security and privacy of all personal information you provide to us, we follow the principle of reasonableness, legitimacy and rightfulness, and maintain the following policies to protect personal information and privacy:

  1. We only collect personal information that we believe to be relevant and required for us to comply with law, regulation and regulatory provision, understand your needs, build up, review, maintain and develop our relationship with you, provide you with products and services, and continuously improve our products and services.
  2. We use your personal information with the aim to comply with law, regulation and regulatory provision, provide you with better products and services, and build up, review, maintain and develop our relationship with you.
  3. We may for specific purposes provide your personal information to other members of the HSBC Group, our respective agents or other third parties, as permitted by law.
  4. We will not disclose your personal information to any third party, unless the disclosure is made to comply with law, regulation and regulatory provision or in accordance with this Policy or other agreement between you and the Company.
  5. We may be required from time to time to disclose your personal information to our regulators, other governmental or judicial bodies or agencies, but we will only do so following the requirement of law and regulation, our regulators or other authorities and to the extent that we deem necessary.
  6. We aim to keep your personal information on our records accurate and up-to-date.
  7. We maintain strict security systems designed to prevent unauthorised access to your personal information by anyone.
  8. All members of the HSBC Group, all our staff and all third parties with permitted access to your personal information are specifically required or legally responsible to observe our confidentiality obligations.

By maintaining our commitment to these policies, we at HSBC will ensure that we respect the inherent trust that you place in us.

b. Information Security

  1. Information security is our top priority. We will endeavour at all times to safeguard your personal information against unauthorised or accidental access, processing or erasure. We maintain this commitment to information security by implementing appropriate physical, electronic and managerial measures to secure your personal information.
  2. The secure area of the website of the Company supports the use of Secure Socket Layer (SSL) protocol and 128-bit encryption technology - an existing industry standard for encryption over the Internet to protect data. When you provide personal sensitive information through the website of the Company, it will be automatically converted into codes so as to ensure secure transfer afterwards. Our web servers are protected behind “firewalls” and our systems are monitored to prevent any unauthorised access. For the sake of security, we will not send personal information by ordinary email.
  3. We exercise strict information security and confidentiality management over our staff. When we use services provided by external service providers (entities or individuals), we also impose strict confidentiality obligations on them and request them to abide by our security standards when processing personal information.
  4. For the security of your personal information, you take on the same responsibility as us. You shall keep your personal information secret and confidential, such as your account information, contact information, identity verification information (e.g. user name, password, dynamic password, verification code, etc.), and all the documents, materials, devices or other media that may contain or record or otherwise relate to such information, and shall ensure your personal information and relevant documents, materials, devices or other media are used only in a secured environment. It is suggested not to disclose to any other person or allow any other person to use such information and relevant documents, materials, devices or other media. Once you think your personal information and/or relevant documents, materials, devices or other media have been disclosed, lost or stolen and may so endanger the relation between you and the Company or cause your account being used for any unauthorised transaction, you shall notify us immediately so that we may take appropriate measures to prevent further loss from occurring.
  5. We will comply with all statutory and regulatory requirements, HSBC Group policies and this Policy, as well as relevant agreement between you and the Company, in retaining your personal information for the period necessary for the purposes set out in this Policy.

II. How We Collect Your Personal Information

1. As required us to provide you with various products and services and continuously improve our products and services, or in order to contact or communicate with you, understand your needs, build up, review, maintain and develop our relationship with you, or for the purpose to comply with law, regulation and regulatory provision, during the time when you visit, browse, use any website, Wechat Official Account, or mobile device application of the Company, apply for or use any product or service of the Company, handle any business at the Company or make any transaction with the Company, participate in any marketing events and surveys of the Company, apply for any position at the Company, and/or in any way contact or correspond with the Company, the Company may receive and keep the personal information provided by yourself or by related parties, or, according to law, regulation, regulatory provision, your authorisation or consent, collect, enquire, verify by proper methods your and/or related parties’ personal information from/with members of the HSBC Group or other third parties (including but not limited to credit reference agencies, information service providers, relevant authorities, employers, counterparties, other relevant entities, joint applicants, contact persons, close relatives and other persons). The personal information we so collect may include information in paper, electronic (for example but not limited to information collected through any of the Company’s website, Wechat Official Account, mobile devices applications, email, text message or customer service hotline) or any other forms.

 

2. For above various purposes, the Company may collect necessary personal information according to this Policy and other agreement between you and the Company. Personal information the Company may collect mainly includes: (1) Personal identity information, including name, sex, nationality, citizenship, registered residence (Hu Kou), ethnic, type/number/validity period of ID certificate, occupation, education, diploma, working experience, telephone number, e-mail, contact information, age, birth date, place of birth, marital status, health status, family status, place of residence, work address, photo, social security information, personal virtual identity and authentication information (e.g. Wechat account information), etc.;

(1) Personal identity information, including name, sex, nationality, citizenship, registered residence (Hu Kou), ethnic, type/number/validity period of ID certificate, occupation, education, diploma, working experience, telephone number, e-mail, contact information, age, birth date, place of birth, marital status, health status, family status, place of residence, work address, photo, social security information, personal virtual identity and authentication information (e.g. Wechat account information), etc.;

(2) Personal property information, including personal income, real property, movable property (e.g. vehicle, financial assets, etc.), indebtedness, investment, tax-paid amount, tax residence, taxpayer identification number, amount paid for the provident fund, etc.;

(3) Personal biometrics information, such as signature, handwriting, portrait, fingerprint, voice, iris, face recognition information, etc.;

(4) Personal health and physiological information, such as medical history, diagnosis and treatment, and other relevant information in relation to personal health.

(5) Personal account information, including account number, time of account opening, institution with which the account is opened, account balance, account transaction information, etc.;

(6) Personal credit information, including credit card, loan and other credit transaction information and any other information about personal credit status;

(7) Personal financial transaction information, including personal information acquired, kept, recorded during any payment, settlement, wealth management, safe deposit box or other banking business, personal information generated from transactions made through banks with any third party institution like insurance company, securities company, fund house, futures company or payment agency, and etc.;

(8) Derivative information, including consumption habit, product/service/internet use habit, transaction or risk preference, risk appetite, investment intention, investment goal, knowledge and experience, and other information about particular person’s situation derived from processing and analysis of raw data;

(9) Any other personal information acquired or kept during the establishment or maintenance of business or other relationship with individuals, e.g. time/location (including geographic location and network address) of service use, log information related to browse/use/clicking/operation of website/software/application, image and video record, audio record, correspondence record and contents, device identifier and code, hardware type and serial number, operating system version, etc..

 

3. To the extent allowed by law and regulation, we may collect and use your personal information, without your consent under any of the following circumstances:

(1) where the collection and use are in direct relation to state security or national defense security;

(2) where the collection and use are in direct relation to the public security, public sanitation, or major public benefits;

(3) where the collection and use are in direct relation to investigations into crimes, prosecutions, court trials, execution of rulings, etc.;

(4) where the collection and use are for the sake of safeguarding your or other’s significant legal rights and interests, such as the life and property, but it is difficult to obtain your consent;

(5) where the personal information collected is the information voluntarily disclosed by you to the public;

(6) where the personal information is collected from information that has been legally and publicly disclosed, such as legal news reports and information published by the government;

(7) where the collection and use are necessary for concluding and performing contracts as required by you;

(8) Other circumstances specified by law and regulation.

III. How We Use Cookies and Other Technologies

  1. Your visit, browse, use of any website, Wechat Official Account, or mobile device application of the Company may be recorded for analysis on the number of visitors to the site and general usage patterns. Some of this information will be gathered through the use of “Cookies”. Cookies can enable us to provide more useful and safer features for website or application users. The information collected by “Cookies” is anonymous aggregated research data, and contains no name or address information or any information that will enable anyone to contact you via telephone, email or any other means. Most browsers and/or applications are initially set to accept Cookies. You can manage or delete Cookies as per your preference. Should you wish to disable Cookies, you may do so by changing the setting on your browser and/or application. However, by disabling them, you may not be able to take full advantage of our website and/or application.
  2. The website and/or application may also work with third parties to research certain usage and other activities on the website and/or application. These third parties include without limitation to Doubleclick, Yahoo!, Nielsen//NetRatings and Adobe. They use technologies such as spotlight monitoring, web beacons and "Cookies" etc. to collect information for such research. They use the information collected through such technologies (i) to find out more about users, including user demographics and behaviour and usage patterns, (ii) for more accurate reporting and (iii) to improve the effectiveness of our marketing. They aggregate the information collected and then share it with us. No personally identifiable information about you is collected or shared by Doubleclick, Yahoo!, Nielsen//NetRatings and Adobe with us as a result of this research. Should you wish to disable the Cookies associated with these technologies, you may do so by changing the setting on your browser and/or application. However, after changing the setting you may not be able to enter certain part(s) of our website and/or application.

IV. How We Use or Disclose Your Personal Information

1. Use of Personal Information

Your personal information and data collected by the Company may be used for the following purposes (or any of them, depending on the nature of your relationship with the Company):

(1) to provide you with products or services, to identify or verify your identity, to approve, manage, handle, execute or effect transactions requested or authorised by you;

(2) to comply with any Applicable Laws (“Applicable Laws” refer to any applicable local or foreign statute, law, regulation, ordinance, rule, judgment, decree, voluntary code, directive, sanctions regime, court order applicable to any member of the HSBC Group, agreement between any member of the HSBC Group and an authority, or agreement or treaty between authorities and applicable to the Company or a member of the HSBC Group) and any order or requirement from any authority;

(3) to perform the Company and/or the HSBC Group’s compliance obligations (including regulatory compliance, tax compliance and/or compliance with any Applicable Laws or requirement of any authority), or to implement any policy or procedure made by the Company and/or the HSBC Group for performance of their compliance obligations;

(4) to detect, investigate and prevent any real, suspected or potential financial crime (including money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions, and/or violations, or acts or attempts to circumvent or violate any Applicable Laws relating to these matters) and to manage financial crime risk;

(5) to conduct investigations related to insurance, to verify, obtain or provide relevant references or information;

(6) to enforce or defend the Company or any member of the HSBC Group’s rights, or to perform the Company or any member of the HSBC Group’s obligations (whether statutory obligations or contractual obligations, including but not limited to the Company’s obligations under any agreement entered into with any real or potential business and/or asset assignee, business partner or transaction participator);

(7) as required by or to fulfil the Company or the HSBC Group’s internal operational requirements (including for credit and risk management, data statistics, analysis, processing and handling, system, product and service design, research, development and improvement, planning, insurance, audit and administrative purposes);

(8) to contact or communicate with you, understand your needs, build up, review, maintain and develop the Company’s or any member of the HSBC Group’s overall relationship with you (including to market or promote relevant products or services to you, to assess your interests in relevant products or services, to conduct market research or survey or satisfaction survey, to review, approve or handle your application for any position at the Company, etc.),

(9) to obtain or utilize administrative, consultancy, telecommunications, computer, payment, data storage, processing, outsourcing and/or other products or services.

2. Disclosure of Personal Information

For the purposes set out above, the Company may provide or disclosure your personal information to the following recipients (the recipients may also, for the aforesaid purposes, use, process and further disclose the information they receive):

(1) any member of the HSBC Group;

(2) any contractor, subcontractor, agent, third party product or service provider, licensor, professional consultant, business partner, or associated person of the HSBC Group (including their employees, directors and officers);

(3) any regulator or other authority of the Company or any member of the HSBC Group, or any organisation or individual designed by such regulators or authorities, including but not limited to industrial associations;

(4) any person or related party who has the right or obligation, acquires an interest or assumes risk, in or in connection with any product or service you receive from the Company, or any business you handle at the Company or any transaction you make with the Company, including but not limited to policyholder, insured, beneficiary, reinsurer, etc.;

(5) any party in connection with any business/asset transfer, restructure, disposal (including securitization), merger, spin-off or acquisition transactions of the Company;

(6) any person to whom the Company or any member of the HSBC Group is under an obligation or otherwise required to make disclosure for the aforesaid purposes.

Whether disclose or not according to this Policy, we will protect the security of your personal information in accordance with applicable laws and regulations and HSBC policies.

V. Your Rights Relating to Personal Information

1. You have the right to request us to protect and secure your personal information in accordance with the provisions of the law, regulation and this Policy.

 

2. You have below rights to the Company:

(1) inquiry whether the Company holds any your personal information;

(2) provide convenience for you to update your personal information at the Company and to correct any of your information that is inaccurate. It is suggested to update your personal information in the Company when it is changed, to ensure relevant information is accurate;

(3) if you do not agree us to use your personal information for the purpose of advertisement promotion, you may request us to cease to send you relevant advertisement;

(4) any other rights as provided by laws and regulations.

If you make us any above request, you may contact us via the contact information in the beginning of this Policy. Due to the requirements of law and regulation, we may not to be able to respond your request under any of the following circumstances:

(1) Where it is in direct relation to the Company’s fulfilment of laws, regulations and regulatory requirements;

(2) where the request is in direct relation to state security or national defense security;

(3) where the request is in direct relation to public security, public sanitation, or major public benefits;

(4) where the request is in direct relation to investigations into crimes, prosecutions, court trials, execution of rulings, etc.;

(5) where there is sufficient evidence that you are intentionally malicious or abuses your rights;

(6) where it is because of protecting your or others’ life, property or other significant legitimate rights but it’s difficult to obtain your consent;

(7) where responses to your request will give rise to serious damage to your or any other individual or organization’s legal rights and interests; and

(8) where the request involves any trade secret;

(9) any other circumstances as provided by laws and regulations.

 

3. Nothing in this Policy shall limit the rights you should have as a personal information subject under Chinese law.

VI. How We Handle Minors’ Personal Information

  1. We understand the importance of protecting the minors’ personal information with extra caution. If you are under 18 years old, it is suggested that your parents or guardians shall carefully read this Policy and you shall submit your personal information only after seeking consent from them. Meanwhile, it is suggested that your use of our product and service is conducted under the guidance of your parents or guardians. If they do not agree you to submit your personal information or to use any product or service of the Company, you shall immediately stop submitting the information or using the product and service of the Company. In addition, please notify such event to us as soon as possible, so as to allow us to take effective measures.
  2. If you are under 18 years old, for those personal information collected with consent of your parents or guardians, we will only use or disclose such information to the extent allowed by law and regulation or expressly consented by your parents or guardians or necessary for the protection of the interests of minors.

VII. Update of this Policy

This Personal Information and Privacy Protection Policy may be amended or updated from time to time. We will publish such changes at our website and/or relevant applications. Once the Policy amended or updated, you understand and agree the Company may collect, verify, store, use, process, disclose, transfer, protect your and related parties’ personal information in accordance with the amended or updated terms and conditions of this Policy. Changes to this Policy will not impair or limit the rights you should have as a personal information subject under Chinese law.

VIII. Miscellaneous

  1. Where you provide to us personal information about another person (including but not limited to the policyholder, insured or beneficiary), you should ensure that person acknowledges and agrees with this Policy and, in particular, tell him/her how we may use his/her information. You should remind that person to read this Policy in advance and may also give him/her a copy of this Policy.
  2. In case of discrepancy between the Chinese and English versions of this Policy, the Chinese version shall apply and prevail.