A.You hereby agree to and authorize China Financial Certification Authority Co. Ltd, and DBS Bank (China) Limited, to use, process and store in Mainland China, all information you provided for the purpose of verifying your identity (including but not limited to any photo images, videos or documents) and documents or any other information provided or obtained in the process of account opening with DBS Bank (Hong Kong) Limited (the “Bank”); and thereafter to process, use and transfer the results of the verification to the Bank.B.
You hereby agree to and authorize OneConnect Financial Technology (Hong Kong) Co. Ltd. (“OneConnect” or “we”) and its affiliates to use and process in Hong Kong and Mainland China, all information you provided for the purpose of verifying your identity (including but not limited to any photo images, videos or documents) and documents or any other information provided or obtained in the process of account opening with the Bank (“Personal Information”); and thereafter to process, use and transfer the results of the verification to the Bank, and as further set out in the Personal Information Protection Policy below.OneConnect Financial Technology (Hong Kong) Co. Ltd. - Personal Information Protection PolicyThis policy will help you understand the following:
We understand the importance of Personal Information to you and will make our best endeavors to protect your Personal Information safe and reliable. We are committed to maintaining your trust in us and abide by the following principles to protect your Personal Information: the principle of consistent authority and responsibility, the principle of clear objective, the principle of consent, the principle of minimum necessity, the principle of ensuring security, the principle of subject participation, the principle of openness and transparency. Concurrently, we promise to implement corresponding security measures to protect your Personal Information according to the developed security standards within the industry.
Please read the Personal Information Protection Policy carefully before using the service.
1.1 Security authentication of electronic certificates (hereinafter referred to as “Demonstration”)
It is a progress in which application agencies complete the verification of authenticity, identification, and protection of personal identity information of the electronic certificates held by users via terminal devices.1.2 Electronic certificates (hereinafter referred to as “Certificates”)
Electronic certificates refer to personal identification documents, travel documents, eID Card and other certificates that maintain password security through security chips. Among them, identification documents include the second generation of mainland resident identity cards, Residence Permits for Hong Kong, Macao and Taiwan Residents, and Foreigner’s Permanent Residence Card ; while travel documents include passport, Exit/Entry Permit for Travelling to and from Hong Kong and Macau , Two-way Travel Pass to Taiwan , Mainland travel permit for Taiwan residents and Home Return Permit. eID Card is an electronic card activated by an individual on a mobile terminal, the password can be protected with its security chip, and it also requires personal authorization (oral command, fingerprint and other protection measures) to protect personal identity information from abuse by others.1.3 Electronic Certificate Information (hereinafter referred to as “Certificate Information”)
For ID cards and eID Cards, personal information includes: name, nationality, gender, date of birth, address, citizenship number, issuing authority, expiration date, and photo. For travel documents, the certificate information includes: name (English/Pinyin), certificate number, date of birth, expiration date, photo, etc.
1.4 Face Live Detect
By capturing users’ faces, the Face Live Detect is conducted at the terminal to determine the facial features.
1.5 Face Verification between ID photos and daily photos (“FVBID”)
A function that compares the built-in photo of the electronic identity card obtained during authentication with the photo obtained from Face Live Detect and reflects the similarity.
1.6 Application agency
An agency that has the right to obtain all or part of the user’s certificate information and verify the user’s identity through electronic security authentication, in respect of provision of services to users, with their explicit authorization. In this case, the application agency is the Bank.
2 Rules for Collection and Use of Personal Information for Security Authentication of Electronic Certificates
2.1 Business Procedure for Security Authentication of Electronic Certificates
Application agencies need to obtain all or part of user’s certificate information through security authentication of electronic certificates before providing services to users. When the user expressly agrees, the electronic certificate shall be placed close to the security authentication terminal (e.g. NFC mobile phone). In the event when reading is successful, our electronic certificate security authentication system will obtain all of the user’s Certificate Information.
Please pay attention to the user agreement or pop-up prompt of the application agency to clarify the specific scope of the collected Certificate Information.
By placing the certificate close to the terminal, the users agree that we can obtain all the Certificate Information of the users and that we will return the relevant Certificate Information to the application agencies in accordance with the collection scope of the application agency.3. Rules for the collection and use of Personal Information when using the features of Face Live Detect and Face Verification between ID photos and daily photos (“FVBID”)
If application agencies further require us to conduct Face Live Detector FVBID on the user, the application agencies shall require the user to capture user’s face and submit to the back-end of the authentication system to conduct Face Live Detector FVBID for determination and deliver the results.
4 Use of Personal Information
4.1 We will return the necessary Certificate Information to the application agencies in compliance with its reasonable scope.
4.2 The facial information and Certificate Information collected by us are for Face Live Detect and FVBID purpose only.
4.3 Except for the service log processed by de-identification, we do not keep any Personal Information after returning the Certificate Information obtained by our electronic certificate security authentication system to the application agencies.
5 Measures taken to protect Personal Information
5.1 For general business procedure, we prepared the “Management Regulations on Electronic Certificate Security Authentication” and the business processing procedure to ensure the operation is complied with our principles, technical security is safeguarded, threshold for industry is established, verification of content is controlled, business operation is regulated, and information is protected with measures.
5.2 In respect of the relevant password devices used for electronic certificate security authentication, they all have commercial password models and obtained the sales license for special products for computer information system security. In the course of information transmission, measures have been taken to prevent actions that will endanger cybersecurity, such as computer viruses, cyber-attack and network intrusions to mitigate the risk of personal information data being intercepted and decrypted during transmission.
5.3 In addition to the above measures which protect the Personal Information of users, we will take various technical measures and other necessary measures to protect the Personal Information of users according to specific application scenarios. However, users should understand that, due to technical limitation and possible malicious acts, no measures may guarantee full security of the service.
6 Statement of liability to third parties
Application agencies shall adopt their own Personal Information Protection Policies. We would endeavor to require such agencies to deploy measures to protect the user’s Personal Information, while there is no warranty that such agencies will take such measures as we request. We take no responsibility for the behaviors and consequences of such agencies. If users are aware of any risks in the applications developed by such application agencies or third parties, they are advised to terminate the related operations to protect their legal rights and interests.
7 Update of this policy
If there are changes in business development or national laws and policies, we will update this Personal Information Protection Policy. We will update any changes to this policy and publish such changes on this page.
As we are the technical service provider of the application agency, we are unable to directly communicate with users. If users do not agree with the update of this policy, please stop using the relevant services provided by us.
If there is any conflict between the English and Chinese language versions of these Terms and Conditions, the Chinese language version shall prevail.C. The relevant service is powered by artificial intelligence (“AI”) technology and there are risks involved. There may be likelihood that the solution will reject an account opening attempt incorrectly by a customer with true ID held, leading to unsuccessful account opening by the customer.You agree that you have read and understand the associated risk of AI and AI’s approach to using customer data in sections A and B.D.DBS Bank (Hong Kong) Limited - Personal Information Collection Statement