HONG KONG
ENGLISH
BNP AM

The sustainable investor for a changing world

Data protection notice

The protection of your personal data is important to the BNP Paribas Group, which has adopted strong principles in that respect for the entire Group.

This Data Protection Notice provides you with information relating to the protection of your personal data by BNP PARIBAS ASSET MANAGEMENT Asia Limited, our Hong Kong based entity (“we”).

We are responsible as a data controller for collecting and processing your personal data in relation to our activities. The purpose of this Data Protection Notice is to let you know what personal data we collect about you, the reasons why we use and share such data, how long we keep it, what your rights are and how you can exercise them.

Further information about our processing of personal data may be provided where necessary in our product or service documentation.

In the event of any inconsistency between the English and Chinese versions of this Data Protection Notice, the English version will prevail.

1.   Which personal data do we use about you?

We collect and use your personal data to the extent necessary in the framework of our activities and to achieve a high standard of personalised products and services.

We may collect various types of personal data about you, including:

  • identification information (e.g. name, ID card and passport numbers, nationality, place and date of birth, gender, photograph, IP address);
  • contact information (e.g. postal address and e-mail address, phone number);
  • family situation (e.g. marital status, number of children);
  • tax status (e.g. tax ID, tax status)
  • education, professional activity and employment information (e.g. level of education, employment function (including existence of political function), employer’s name, remuneration);
  • banking, financial and transactional data (e.g. bank account details, money transfers, assets, declared investor profile, credit history, origin of funds, debts and expenses);
  • information related to your digital activities (e.g. IP address, browsing activity, geolocation etc.)
  • data relating to your interactions, habits and preferences (e.g. data which relate to your use of our products and services in relation with banking, financial and transactional data; and data from your interactions with us: our branches, our internet websites, our apps, our social media pages, meeting, call, chat, email, interview, or phone conversations).

Unless it is a legal obligation, we never process personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data or data concerning your sexual orientation.

The data we use about you may either be directly provided by you or be obtained from the following sources in order to verify or enrich our databases:

  • other BNP Paribas Group entities, (e.g. other BNP Paribas Asset Management companies);
  • publications or databases made available by official authorities (e.g. the official journal);
  • our corporate clients or service providers;
  • third parties such as credit reference agencies and fraud prevention agencies or data brokers in conformity with the data protection legislation;
  • websites or social media pages containing information made public by you (e.g. your own website or social media); and
  • databases made publicly available by third parties.

2.   Who is concerned by this notice and from whom do we collect personal data?

In certain circumstances, we may collect and use personal data of individuals with whom we have, could have, or used to have a direct relationship such as:

  • Prospects;
  • Visitors to our websites or apps;
  • Attendees of our events;
  • Service providers or
  • Overseas visitors.

In some cases, we may also collect information about you where you have no direct relationship with us.

This may happen, for instance, when your employer provides us with information about you or your contact details are provided by one of our clients. This may happen if you are, for example:

  • Co-borrowers or guarantors;
  • Legal representatives (e.g. under a power of attorney);
  • Beneficiaries of payment transactions made by our clients;
  • Beneficiaries of insurance policies and trusts;
  • Ultimate beneficial owners;
  • Client’s debtors (e.g. in case of bankruptcy);
  • Company shareholders, board members and other contact persons for our ‘Know Your Customer’ (KYC) check;
  • Representatives of a legal entity (which may be a client or a vendor);
  • Advisory persons (e.g. consultants, custodians and lawyers); or
  • Staff of service provider and commercial partners.

3.    Why and on which basis do we use your personal data?

  1. To comply with our legal and regulatory obligations, including:
  • banking and financial regulations in compliance with which we:
  • set up security measures in order to prevent misuse or fraud;
  • detect transactions which deviate from the normal patterns;
  • determine the correct investor’s profile;
  • carry out the ‘Know Your Customer’ (KYC) check;
  • define your credit risk score and your reimbursement capacity;
  • monitor and report risks that institutions could incur; and
  • record and monitor, when necessary, phone calls, chats, email, etc
  • prevention of money-laundering and financing of terrorism;
  • replying to an official request from a duly authorised public or judicial authority;
  • compliance with legislation relating to sanctions and embargoes; and
  • fighting against tax fraud and fulfillment of tax control and notification obligations.
  1. To perform a contract with you or to take steps at your request before entering into a contract including to:
  • provide you with information regarding our products and services;
  • assist you and answer your requests;
  • evaluate if we can offer you a product or service and under which conditions;
  • manage the accounts and business relationship with our investors of whom you are a representative (for instance, when acting as a contact person in the context of a prospectus); and
  • provide products or services to our corporate clients of whom you are an employee or a client (for  instance, in the context of cash management).
  1. We also use your personal data in order to deploy and develop our products or services, to improve our risk management and to defend our legal rights, including:
  • proof of transactions;
  • fraud prevention;
  • monitoring transactions and account activity to identify those which deviate from the normal routine;
  • IT management, including infrastructure management (e.g. centralized IT systems) and business continuity and IT security;
  • conducting analytics or establishing individual statistical models, based data we hold about you (e.g. to help define your credit risk score);
  • conducting analytics or establishing aggregated statistics, tests and models, for research and development, in order to improve  the risk management of our group of companies or in order to improve existing products and services or create new ones;
  • centralizing your personal data in a database enabling representatives of other BNP Paribas Group entities to have access to it on a strict need to know basis (e.g. to allow us to involve the right level of expertise to deal with your requests and avoid unnecessary administrative duplications);
  • training of our personnel by recording phone calls to our call centres;
  • improving the quality of our banking, financial or insurance products or services;
  • personalising our offering to you and that of other BNP Paribas entities;
  • advertising products or services that match with your situation and profile;
  • analysing your habits and preferences in the various channels (visits to our branches, emails or messages, visits to our website, etc.);
  • sharing your data with another BNP Paribas Group entity, notably if you are – or are to become – a client of that other entity (including via a centralized database as regards other BNP Paribas entities);
  • matching the products or services that you already hold or use with other data we hold about you.

Your data may be aggregated into anonymized statistics that may be offered to professional clients to assist them in developing their business. In this case your personal data will never be disclosed and those receiving these anonymised statistics will be unable to ascertain your identity.

4. Who do we share your personal data with?

In order to fulfill the purposes described in this notice, but subject to applicable law relating to information sharing, we may disclose your personal data to:

  • BNP Paribas Group entities;
  • Service providers which perform services on our behalf;
  • brokers banking and commercial partners, independent agents, intermediaries or trade repositories, with which we have a relationship;
  • Certain regulated professionals such as lawyers, notaries or auditors;
  • Our insurers;
  • Actual or proposed purchasers of the companies or businesses of the BNP Paribas Group; or
  • Local or foreign financial, tax, judicial, criminal authorities, regulators, state agencies, law enforcement, or public bodies, we or any member of the BNP Paribas Group is required to disclose to pursuant to their request; defending or responding to a matter, action or proceeding; and/or complying with regulation or guidance from authorities applying to us or any member of the BNP Group.

5. International transfers of personal data

In certain circumstances, we may transfer your data to another country. In this situation, we will implement appropriate safeguards to ensure the protection of your personal data.

6.   How long do we keep your personal data for?

We will retain your personal data for appropriate periods required to comply with applicable laws and regulations or another period with regard to our operational requirements, such as proper account maintenance, facilitating client relationship management, or responding to legal claims or regulatory requests.

7.   What are your rights and how can you exercise them?

In accordance with applicable law or regulations, you have the following rights:

  • To access: you can request whether we hold data about you and a copy of such personal data.
  • To rectify: where you consider that your personal data are inaccurate or incomplete, you can request that such personal data be modified accordingly.

If you wish to exercise the rights listed above, please send an email to: risk.orc.apac.dpo@asia.bnpparibas.com

In accordance with applicable regulation, in addition to your rights above, you are also entitled to lodge a complaint with the competent supervisory authority.

8.   How can you keep up with changes to this data protection notice?

In a world of constant technological and regulatory change, we may need to update this Data Protection Notice. You may review the latest version of this notice online and we will inform you of any material changes through our website or through our other usual communication channels.

9.   How to contact us?

If at any time, you have any questions on this policy or how we manage, protect and/or process your personal data, please contact us by directing the inquiry to our Asia-Pacific Data Protection Officer at risk.orc.apac.dpo@asia.bnpparibas.com.