ZA Bank Limited (“we” or “us”)

Privacy Policy Statement

The purpose of this Privacy Policy Statement is to set out the policies and practices which highlight our commitment to protecting personal data privacy in accordance with the provisions of the Personal Data (Privacy) Ordinance (Cap. 486).

Kinds of personal data held

We hold two broad categories of personal data:

1. Customer records, supplied by customers to us from time to time in connection with matters and purposes set out in this Privacy Policy Statement.

2. Personnel records,which include but are not limited to curriculum vitae, application forms, references, appraisal and disciplinary records, salary, pension and benefits details,results of medical, security and financial checks, sickness records, personal contact details, bank account and tax details of employees (including potential employees, as applicable), and any other information relevant to the purposes set out below.

Main purposes of keeping personal data

1. In relation to customers: we may collect personal data about you for any of the following purposes:

(a)  considering and processing customers’ applications for the establishment of products or services offered or to be offered by us(collectively, " Facilities, Products and Services");

(b)  operating and maintaining Facilities, Products and Services to you;

(c)  meeting our internal operational requirements;

(d)  conducting credit checks on you (including upon an application for Facilities, Products and Services and when we review credit);

(e)  creating and maintaining our credit and risk scoring models or other equivalent models;

(f)  maintaining your credit history for present and future reference;

(g)  assisting other financial institutions to conduct credit checks and collect debts;

(h)  ensuring your ongoing credit worthiness;

(i)  in connection with matching against any data held by us for whatever purpose (whether or not with a view to taking any adverse action against you);

(j)  designing financial products and services (including banking, cards, financial, insurance, securities and investment services or related products, if applicable) for your use;

(k)  marketing services, products and other subjects as set out in more detail in our "Notice to customers and other individuals relating to the Personal Data (Privacy) Ordinance (Cap. 486) and the Code of Practice on Customer Credit Data";

(l)  determining the amount of indebtedness owed to or by you;

(m)  enforcing your obligations, including collecting amounts outstanding from you;

(n)  meeting or complying with any obligations, requirements or arrangements for disclosing and using data that apply to us or any other member of the ZhongAn Group or that it is expected to comply according to:

    (i)  any present or future law or regulation within or outside Hong Kong;

    (ii)  any present or future guidelines or guidance issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong;

    (iii)  any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers applicable to us or any member of the ZhongAn Group by reason of its financial, commercial, business or other interests or activities in or related to the relevant jurisdiction (" Authorities" and each, an " Authority"); and

    (iv)  any demand or request from an Authority;

(o)  meeting any obligations, policies, measures or arrangements for sharing data and information within the ZhongAn Group and/or any other use of data and information pursuant to any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing, fraudulent activities or other unlawful activities;

(p)  enabling an actual or potential assignee of all or any part of our business and/or asset or participant or sub-participant of our rights in respect of you, to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and/or

(q)  any other purposes relating to the purposes listed above.

2. In relation to employees: we may collect personal data about you for any of the following purposes:

(a)  considering and processing your employment application;

(b)  performing background checks in relation to you;

(c)  appraising your job performance and making decisions about your promotion, training, transfer, redeployment or career development;

(d)  determining, reviewing and processing payment of your salary, bonuses and any other staff benefits;

(e)  taking appropriate action in event of emergencies;

(f)  complying with any statutory requests received from relevant public authorities/ agencies or any other purpose required by law or regulation;

(g)  disciplinary purposes arising from employees' conduct;

(h)  providing references / reports to and/or facilitating background checks by potential employers, financial institutions, legal representatives, and other appropriate bodies;

(i)  planning succession and talent management initiatives;

(j)  monitoring compliance with regulatory requirements and ZhongAn Group's internal policy requirements;

(k)  enabling ZhongAn Group to make decisions and/or policies concerning its employees generally;

(l)  enabling auditors to conduct regular reviews of ZhongAn Group's business and operations; and/or

(m)  supporting any business, technical, administrative or security function required by ZhongAn Group's operations, including: communication and processing systems, security of staff, systems and premises, contingency planning, systems development and testing, business and financial, monitoring planning and decision making.

Retention of personal data

Personal data provided by you are retained for as long as the purposes for which such data were collected continue.

Use of cookies

Cookies are small data files which are placed on your device when you visit certain parts of our website or click on our online advertisements. Cookies and similar technologies are used to identify your device for the following purposes:

1. Strictly necessary cookies. These essential cookies are set throughout our website and are required for the operation of our website to:

(a)  allow our web server to determine whether the cookies setting on your web browser has been enabled or disabled. This allows us to know whether data can be collected from your web browser;

(b)  temporarily allow you to carry information between pages of our website to avoid having to re-enter that information; or

(c)  temporarily identify your device after you have logged in to a secure page on our website so that our web server can maintain a dialogue with your web browser in order for you to carry out certain activities.

2. Analytical/performance cookies. These are used to help us improve our website by tracking your visits to our website and recognising your web browser when you are a repeat visitor so that we can gather statistics on new and repeat visitors to evaluate site effectiveness.

3. Functionality cookies. These are used to recognise you when you return to our website. This enables us to:

(a)  personalise our content for you and remember your preferences (for example, your choice of language and region); or

(b)  store your login and other preferences so you do not have to re-enter that information when you return to the website.

4. Targeting / advertising cookies. These cookies record your visit to our website, your response to our online advertisements, track the pages you have visited and the website links you have followed. We use this information to:

(a)  make our website more relevant to your interests;

(b)  provide online advertisements or offers on our website or third-party websites which are most likely to interest you; or

(c)  evaluate the effectiveness of our online marketing and advertising programs.

The above cookies may be placed on your device by us or by third parties on our behalf (for example, advertising networks and providers of external services like web traffic analysis services). No personally identifiable information about you is collected or shared with third parties as a result of this research.

Most web browsers are initially set up to accept cookies. You can choose to 'not accept' cookies by changing the settings on your web browser but if you block all cookies, including strictly necessary cookies, you may find that certain features on our website will not work properly.

If you accept cookies, you will be acknowledging that your information is being collected, stored, accessed and used as outlined above.

For further details of our privacy policy in relation to use of website or mobile applications, please visit:

(for our privacy policy in relation to use of website) and (for our privacy policy in relation to use of mobile applications)

Provision of data to credit reference agencies and debt collection agencies

We may provide (amongst others) the following data relating to you to a credit reference agency and/or a debt collection agency:

(a)  your general particulars (being your name, address, contact information, date of birth, Hong Kong Identity Card Number or travel document number); and

(b)  your credit application data (being the fact that you have made an application for consumer credit, the type and the amount of credit sought).

Accessing your personal data

You have the right to access and update your information and contact us. For example, you may:

(a)  check whether we hold data about you and/or access to such data;

(b)  require us to correct any data relating to you which is inaccurate;

(c)  ascertain our policies and procedures in relation to data and to be informed of the kind of personal data held by us and/or you have access to; and

(d)  be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access or correction request to the relevant credit reference agency or debt collection agency.

For more details on your data access rights in relation to data provided to credit rating agencies, please refer to our "Notice to customers and other individuals relating to the Personal Data (Privacy) Ordinance (Cap. 486) and the Code of Practice on Customer Credit Data".

If you have any question about our Privacy Policy Statement, or would like to request for access to data or correction of data, or for information regarding our policies and practices and kinds of data held, please write to us at:

Data Protection Officer

ZA Bank Limited


Address: Unit 1301, Level 13, IT Street, Cyberport 3, 100 Cyberport Road, Hong Kong

Email: bank_dpo@za.group

In this Privacy Policy Statement, unless inconsistent with the context or otherwise specified, the words below shall have the following meanings:

"account(s)" means, for each facility, service or product which we may from time to time make available to you, the account that is, opened and/or maintained in respect of it from time to time.

"card" means an ATM card, a debit card, a credit card, or a revolving card or all of them, as the context requires.

"disclose" or "disclosing" in relation to personal data, includes disclose or disclosing information inferred from the data.

"Hong Kong" means the Hong Kong Special Administrative Region.

"ZhongAn Group" means each of or collectively ZhongAn Technologies International Group Limited and its subsidiaries and affiliates.

Should there be any inconsistencies between the English and Chinese versions, the English version shall prevail.

ZA Bank Limited

September 2019