Notice to Customers and Other Individuals Relating to the Personal Data Protection


This Notice is given by Crédit Agricole Corporate and Investment Bank (“the Bank”), in accordance with the Personal Data (Privacy) Ordinance of the Hong Kong Special Administrative Region of the People’s Republic of China (“the Ordinance”). This Notice is intended to notify the Bank’s customers and other individuals why personal data is collected, the purpose of use of the data, the classes of persons to whom the data may be transferred and to whom data access or correction requests are to be addressed.


  1. From time to time, it is necessary for customers and various other individuals (including without limitation applicants for banking/financial/custodian/trading/hedging/capital markets services or related products or banking/credit facilities or other financial accommodation (together “banking accommodation”), sureties and persons providing security or guarantees or other support for banking accommodation, shareholders, directors, officers, managers, authorised persons/signatories, employees and representatives of corporate customers or applicants or sureties for banking accommodation) (collectively “data subjects”) to supply the Bank with data in connection with various matters such as the opening or continuation of accounts, the establishment, provision or continuation of banking accommodation or compliance with any law or guidelines issued by regulatory, tax or other authorities or bodies in any country.
  2. Failure to supply such data may result in the Bank being unable to open or continue accounts or establish, provide or continue banking accommodation or comply with any law or guidelines issued by regulatory, tax or other authorities or bodies in any country.
  3. Data is also collected from data subjects in the ordinary course of the continuation of the banking relationship, for example, when data subjects write cheques or deposit money or effect transactions through cards.
  4. The purposes for which data relating to a data subject may be used by the Bank or any person who has obtained such data from the Bank are as follows:

    1. The daily operation of the banking accommodation provided to data subjects;
    2. Conducting credit checks at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year;
    3. Assisting other financial institutions to conduct credit checks and collect debts;
    4. Ensuring ongoing credit worthiness of data subjects;
    5. Designing banking/financial/custodian/trading/hedging/capital markets services or related products (including without limitation capital markets and insurance products) or banking/credit facilities or other financial accommodation for the use of data subjects or their affiliates (including without limitation the head office, any branch or other office, subsidiary, holding company, associated company or affiliate of or any entity controlled by or under common control with any data subject or any member of the group of companies to which any data subject belongs in any country);
    6. Unless requested otherwise by a data subject, marketing banking/financial/custodian/trading/hedging/capital markets services or related products (including without limitation capital markets and insurance products) or banking/credit facilities or other financial accommodation of the Bank or the head office or any other branch or office, subsidiary, holding company, associated company or affiliate of or any entity controlled by or under common control with any member of the group of companies to which Crédit Agricole Corporate and Investment Bank belongs in any country (each a “CACIB Entity”) and/or selected companies offering similar services, products, facilities or accommodation;
    7. Determining the amount of indebtedness owed to or by data subjects;
    8. Enforcing the obligations of data subjects including without limitation the collection of amounts outstanding from data subjects;
    9. Detecting or preventing money laundering, terrorist financing and other criminal activities;
    10. Meeting the disclosure requirements or requests of any law or regulations binding on the Bank or any other CACIB Entity or under and for the purposes of any order, rules or guidelines issued by or any investigations by or cooperation with any court, exchange, judicial, governmental, supervisory, regulatory, tax or other authorities or bodies in any country with which the Bank or any other CACIB Entity is expected to comply;
    11. Enabling an actual or proposed purchaser, assignee or transferee or counterparty, or participant or sub-participant of the Bank’s or any other CACIB Entity’s rights and/or obligations in respect of any data subject or all or any part of the assets or business of the Bank or any other CACIB Entity to evaluate the transaction intended to be the subject of the sale, assignment, transfer, participation or sub-participation;
    12. Comparing data of any data subject or other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking adverse action against any data subject;
    13. Maintaining a credit history of data subjects (whether or not there exists any relationship between the data subject and the Bank or the recipient of the data) for present and future reference;
    14. Providing banker’s or credit references in respect of any data subject;
    15. Data processing;
    16. Meeting filing, stamping and/or registration requirements; and
    17. Fulfilling any other purposes directly relating to any of the foregoing purposes.

  5. Data held by the Bank relating to a data subject will be kept confidential but the Bank may provide such data to the following parties (whether within or outside the Hong Kong Special Administrative Region) for the purposes set out in paragraph d:-

    1. Any nominee, agent, sub-custodian, representative, correspondent, counterparty, contractor or third party service provider who provides administrative, telecommunications, computer, payment, debt collection or securities clearing, custodian, financial, trading, hedging, capital markets, calculation, valuation, research, accounting, legal, data processing, logistic or other services to the Bank or any other CACIB Entity in connection with the operation of the Bank’s or any other CACIB Entity’s business or with respect to any account, operation, transaction or other dealings effected in the ordinary course of banking relationship or banking accommodation with any data subject;
    2. Any other CACIB Entity or any of their delegates;
    3. Any professional advisors including without limitation auditors;
    4. Any person with whom the Bank or any other CACIB Entity proposes to enter, or has entered into any arrangements in respect of any data subject or any account, operation, transaction or other dealings effected in the ordinary course of the banking relationship or banking accommodation with any data subject;
    5. Any other financial institutions or other persons to whom a banker’s or credit reference in respect of a data subject is provided;
    6. Any person under a duty of confidentiality to the Bank or any other CACIB Entity which has undertaken to keep such information confidential with respect to any account, operation, transaction or other dealings effected by the Bank or any other CACIB Entity in the ordinary course of the banking relationship or banking accommodation with any data subject;
    7. The drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
    8. Credit reference agencies, and, in the event of default, debt collection agencies;
    9. Any person to whom the Bank or any other CACIB Entity is under an obligation to or is requested to make disclosure under the requirements of any law or regulations binding on the Bank or any other CACIB Entity or under and for the purposes of any order, rules or guidelines issued by or any investigations by or cooperation with any court, exchange, judicial, governmental, supervisory, regulatory, tax or other authorities or bodies in any country with which the Bank or any other CACIB Entity is expected to comply;
    10. Any actual or proposed purchaser, assignee or transferee or counterparty, or participant or sub-participant of the rights and/or obligations of the Bank or any other CACIB Entity in respect of any data subject or all or any part of the assets or business of the Bank or any other CACIB Entity; and
    11. Unless requested otherwise by a data subject, selected companies offering banking/financial/custodian/trading/hedging/capital markets services or related products (including without limitation capital markets and insurance products) or banking/credit facilities or other financial accommodation for the purpose of informing data subjects of services or products or facilities or accommodation which the Bank believes will be of interest to them.

  6. Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data approved and issued under the Ordinance, any data subject has the right:-

    1. To check whether the Bank holds data about him or her and of access to such data;
    2. To require the Bank to correct any data relating to him or her which is inaccurate;
    3. To request his or her personal data not to be used for direct marketing purpose;
    4. To ascertain the policies and practices of the Bank in relation to data and to be informed of the kind of personal data held by the Bank;
    5. In relation to consumer credit, to request to be informed which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency;
    6. In relation to data which has been provided by the Bank to a credit reference agency, to instruct the Bank upon termination of an account by full repayment to make a request to the credit reference agency to delete such data from its database, as long as the instruction is given within 5 years of termination and at no time did the account have a default of payment lasting in excess of 60 days within 5 years immediately before account termination. In the event the account has had a default of payment lasting in excess of 60 days the data may be retained by the credit reference agency until the expiry of 5 years from the date of final settlement of the amount in default or 5 years from the date of discharge from a bankruptcy as notified to the Bank, whichever is earlier.

  7. In accordance with the terms of the Ordinance, the Bank has the right to charge a reasonable fee for the processing of any data access request.
  8. The Bank may have obtained a credit report on data subjects from a credit reference agency in considering any application for credit. In the event a data subject wishes to access the credit report, the Bank will advise the contact details of the relevant credit reference agency.
  9. Nothing in this Notice shall limit the rights of data subjects under the Ordinance.


Contact the Bank

Enquiries regarding the contents of this Notice or requests for access to data or correction of data or for cessation of use of data for direct marketing purpose or for information regarding policies and practices and kinds of data held are to be addressed to the following:


The Data Protection Officer
Crédit Agricole Corporate and Investment Bank
26-27th floors, Two Pacific Place, 88 Queensway, Admiralty, Hong Kong
Tel No: (852) 2826 5678
Fax No: (852) 2536 9278




With effect 2 July 2014, this Notice forms a part of the Bank’s general terms and conditions governing the Bank’s relationship with its clients and should be read with those terms and conditions.

The Personal Data Protection Act 2012 (the “PDPA”) will apply to the Bank in relation to the collection, use and disclosure of individuals’ Personal Data by the Bank. The Bank has also revised its general terms and conditions with its clients and put in place policies and procedures in handling all personal data concerning each employee to address PDPA requirements.


Personal Data


For the purpose of this Notice, Personal Data refers to data whether true or not, about an individual who can be identified, from that data; or from that data and other information to which the Bank has or is likely to have access. This may include Name, NRIC and/or passport number, designation, company/school name, photographs; contact information including correspondence/residential address, email address, contact number; financial and other Personal Data including age, gender, nationality, race, marital status etc.

Collection and Use of Personal Data

The Bank collects, uses and discloses Personal Data of your shareholders, beneficial owners, directors, employees, guarantors and authorised representatives (“Individual Representatives”) for the following purposes (the list is not intended to be exhaustive) in connection with the products and services which you have applied for and to the extent applicable (the “Purposes”):


  1. For verification and identification of any individual acting for the customer wishing to use or obtain a service or facility;
  2. For purposes of conducting credit reference checks including establishing the existence of any breaches, indebtedness, defaults that a potential employee or customer of the Bank and/or the Services may have with third parties;
  3. For purposes of ascertaining other eligibility factors of a potential customer of the Bank and/or the Services;
  4. For purposes of the Bank’s internal records, filing and operations, where such processing of Personal Data is required to ensure the smooth and optimum management and administration of the Services;
  5. For disclosure of Personal Data to authorized third parties;
  6. Other reasons reasonably related to the above.

The Bank may also use Personal Data for purposes set out in the terms and conditions that govern our relationship with our customers.

Disclosure to Third Parties

The Bank may also disclose Personal Data to its authorized agents and vendors including its outsourcing service providers under strict confidentiality and disclosure terms and in accordance with the Banking Act and the PDPA. The Bank will not distribute or disclose Personal Data to third parties unless permission to do so has been obtained in writing or if such disclosure is required or permissible under existing laws.

Withdrawal of Consent

On giving reasonable notice to the Bank, an individual may at any time withdraw any consent given, or deemed to have been given under the Act, in respect of the collection, use or disclosure of Personal Data for any purpose. If any of the Individual Representatives withdraws its consent, the Bank must be informed immediately.

Security

The Bank protects Personal Data in its possession or under its control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.

The Bank shall cease to retain its documents containing Personal Data, or remove the means by which the Personal Data can be associated with particular individuals, as soon as it is reasonable to assume that the purpose for which that Personal Data was collected is no longer being served by retention of the Personal Data; and retention is no longer necessary for legal or business purposes.

The Bank shall not transfer any Personal Data to a country or territory outside Singapore except in accordance with requirements prescribed under the PDPA or where permissible under other written law.

Amendments and Updates of Policy

We may amend our PDPA Policy and this Notice from time to time to ensure that they remain consistent with any developments to the way we use Personal Data or any changes to the laws and regulations applicable to us. All communications, transactions and dealings with us shall be subject to the latest version of this policy in force at the time.

This Notice is issued without prejudice to other rights of collection, use and disclosure available pursuant to our general customer terms and conditions or under the law and nothing in this Notice shall be construed as limiting any of these other rights.

Data Protection Office

Any questions relating to the use of your Personal Data may be directed to the following email address:
DPO@ca-cib.com

IMPORTANT: By accessing this web site and any of its pages customers are agreeing to the terms set out above.





In accordance with the General Data Protection Regulation (GDPR) which came into effect on May 25th 2018 in the European Union, you can access your personal data, rectify them, request their deletion in accordance with legal obligations, oppose or limit their processing for a legitimate reason.



To exercise your rights, you can contact the Data Controller (ITB) by e-mail at:
GDPR-ITB@ca-cib.com.



CACIB has designated a Data Protection Officer, whom you can contact by e-mail at:
dcp@ca-cib.com.



You also have the possibility to submit a complaint to the competent data protection authority in the event that you consider that this processing of personal data does not comply with the regulation on the protection of personal data:



CNIL - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07. Website:https://www.cnil.fr.



Information on the processing of personal data associated with the management of payments and reporting on Crédit Agricole CIB’s OPTIM.net website:




Data controllerLegal basis for processingData retention periodData recipientsData transfer to a non-EU countryData obtained from third parties
CACIB ITB (International Trade and Transaction Banking)Contract enforcement5 yearsCACIB support function (Operations and country COOs, Global IT, Global compliance)Yes, the following country: SingaporeNo

Disclaimer and Important Notice Data Protection Security Statement
Copyright © 2025 Crédit Agricole CIB ®. All rights reserved. Subject to Terms and Conditions.