UOB INFINITY APP PRIVACY POLICY

    Effective Date: Mar 23rd, 2024

    Last Updated Date: Mar 23rd, 2024

    At United Overseas Bank (China) Limited (“UOB”, the “Bank”, “we” or “us”), it is our utmost priority to protect the privacy of our users (“you”, “your” and “user”) who use the UOB Business Internet Banking (“UOB Infinity”) products and services. When you use the UOB Infinity services, we may collect and use personal information about you. The UOB Infinity App Privacy Policy (this “Privacy Policy”) is made to describe how UOB collects, uses and safeguards your personal information in a secure and controllable manner. We are committed to ensuring your personal information is maintained strictly confidential and is processed in strict compliance with the terms of this Privacy Policy.

    Important notice:

    This Privacy Policy is applicable to all the products and services offered through UOB Infinity App. Please read this Privacy Policy carefully and make sure that you fully understand and accept it before using any product or service on UOB Infinity App. There are marked in bold to ask your special attention on significant clauses and those about sensitive personal information. By checking the box accepting this Privacy Policy and using or continuing to use our products or services, you consent to our processing of your personal information in accordance with this Privacy Policy.

    Please note that we may review or update our Privacy Policy from time to time, and thereby the content of this Privacy Policy will be amended. We will notify you by appropriate means when we make changes to this Privacy Policy. Please check back periodically to view the latest version of this Privacy Policy. Your continued use of any product or service on UOB Infinity App after viewing the latest version is deemed to have fully understood and fully consented to those updates or revisions we made to this Privacy Policy.

    If you have any questions regarding this Privacy or related matters after reviewing this Privacy Policy, please do not hesitate to contact us at 400-886-2821 or our registered address at 3/F, Rm 501 5/F (i.e. 4/F (actual floor level)), 13/F (i.e. 12/F (actual floor level)), 15/F (i.e. 13/F (actual floor level)), 16/F, (i.e. 14/F (actual floor level)), 17/F (i.e. 15/F (actual floor level)), 18/F (i.e. 16/F (actual floor level)), 19/F (i.e. 17/F (actual floor level)) and 20/F (i.e. 18/F (actual floor level)) UOB Plaza, 116, 128 Yincheng Road, China (Shanghai) Pilot Free Trade Zone.

    The following terms used in this Privacy Policy shall have the meanings set forth below:

    (1) Personal information: any information that is recorded, electronically or otherwise, that could be used alone or in combination with other information to identify a natural person or reflect the activity of a natural person;
    (2) Sensitive personal information: personal information the leakage, illegal provision or misuse of which could endanger personal and property safety, or easily lead to damages to personal reputation, mental and physical health, or discriminatory treatment, etc.;
    (3) Personal information subject: a natural person identified by personal information;
    (4) Process or processingincludes the collection, storage, use, processing, transmission, provision, disclosure and deletion, etc. of personal information;
    (5) Collect or collection: act of obtaining control of personal information, including automatic collection of personal information by accepting the personal information provided by the users, interacting with the users or recording the users’ behavior, and indirect obtaining of personal information through sharing, transferring, collecting publicly available information, etc.;
    (6) Personal information security impact assessment: the process to check the degree of compliance with laws and regulations of personal information processing activities, determine the potential risks to the legitimate rights and interests of the personal information subject, and assess the effectiveness of the measures used to protect the personal information subject;
    (7) Delete or deletion: act of removing personal information from the system performing day-to-day business functions to keep it irretrievable and inaccessible;
    (8) Disclose or disclosure: act of releasing the information to the public or to a non-specific group;
    (9) Transfer:the process to move the control of personal information from one controller to another;
    (10) Share or sharing: the process in which a personal information controller provides personal information under its control to another personal information controller, resulting in each controller having independent control over such personal information;
    (11) De-identify or de-identification: the processing of personal information in such a technical manner that the personal information subject can no longer be identified without the use of additional information;
    (12) Anonymize or anonymization: the irreversible processing of personal information in such a technical manner that the personal information subject can no longer be identified.

    This Privacy Policy is meant to help you understand:

    1. How we collect and use your personal information
    2. How we use cookies and similar technologies
    3. How we share, transfer and disclose your personal information
    4. How we protect your personal information
    5. Your rights
    6. How we process minors’ personal information
    7. How we store your personal information
    8. Third party liability
    9. Updates to this Privacy Policy
    10. How to contact us

    When you use the products and services on UOB Infinity APP, we may collect and use your personal information in the manner described below for purposes of delivering products and services to you, securing your account and funds and ensuring compliance with the laws, regulations and regulatory rules of China.

    1. Business Functionality on UOB Infinity APP
      (1) User password activation and reset
      When you activate or reset your password, we may collet mobile number and email address from you for the purpose of activation and reset of user password.
      (2) Notifications
      When you access the Notifications module to set email or text message notifications, we may collect your email address or mobile number to send you notices.
      (3) User management
      In the “Managing My User Profile” module of the User Management module, we will collect information from or about you, such as group ID, company information, your name, user ID, security token serial numbers, country/region code, mailing address, phone number, language, password, and corporate account information and account permissions. In this module, you may update your phone number, mailing address, language and password. We will collect information about your phone number, mailing address, language and password in order to effectuate changes.
      (4) Payments and Fund Transfer
      In the Payments and Fund Transfer module, we may collect information about counterparties to payments and fund transfer, including the names, physical addresses, countries, banks and account numbers of payees.
      (5) In-memory feature on the login page
      The in-memory feature is offered on the login page for your signing into UOB Infinity Mobile App. We will collect your country/region code, group ID, user ID and default language and store such information by using vKey SDK to enable your next quick login.
      (6) API use
      By using APIs, we will collect your application version number (including release and internal version numbers), device ID which is generated after UOB Infinity Mobile App is installed in user’s device, user’s device model, version and platform of the operating system of user’s device (e.g. Android or iOS) and the channel of use of UOB Infinity (e.g. APP version or web version), in order to track defects in the software program.
      (7) Biometrics
      In order to allow you to use the login service more safely and conveniently, if your device and the UOB Infinity App version both support fingerprint or face functions, you can choose to enable the fingerprint or face login function, and login App via fingerprint or face verification on your device. Our bank only receives the verification result and does not collect your fingerprint or facial information. If you do not want to use fingerprint or face verification, you can still log in through other methods.
      (8) Push notification
      The Push notification function allows to push notifications to you through the UOB Infinity App. You can unsubscribe by turning off the App notification function in the phone settings, and such operations will not affect your use of other UOB Infinity products and services.
      (9) Software Development Kit
      When you use the functions and services of the app, in certain specific scenarios, the Bank may use the software development kit ("SDK" for short) provided by a third-party service provider with corresponding business qualifications and capabilities to provide you with services. At this time, the third-party service provider needs to collect your necessary information. Specifically include the following:

      Currently, we do not obtain personal information about you indirectly from other sources.

    2. Exceptions to Processing of Personal Information
      Subject to and in compliance with applicable laws and regulations, we may process your personal information without your consent in the following cases:
      (1) it is necessary to execute and perform the contract to which you are a party;
      (2) it is necessary for UOB to comply with legal requirements or its legal obligations;
      (3) it is necessary to respond to a public health emergency or protect the life, health and property safety of you or other natural persons in an emergency;
      (4) your personal information is processed to the extent reasonable for carrying out any news reporting, supervision by public opinions or any other activity for public interest;
      (5) the personal information which you have already disclosed or has been otherwise legally disclosed to the public is processed to the extent reasonable in accordance with law; or
      (6) there are other circumstances provided by laws and regulations under which we may process your personal information without your consent.

    3. Rules for Use of Personal Information
      We will use your personal information pursuant to this Privacy Policy for the purpose of enabling you to use the features and functions of products or services.
      You acknowledge and agree that we have the right to use the personal information that is de-identified and cannot be used to identify you.
      In relation to any use of information we collect for the purposes not specified herein, we will request your further consent by appropriate means as required by applicable laws, regulations and national standards.

    When you visit, browse or use any website or mobile application of the Bank, the website and/or application will record information to analyze the number of visitors to, and the use of, the website and/or application. Such certain information will be collected by means of “Cookies”. We use Cookies to make our websites and/or applications more secure and more user-friendly. Please note that Cookies only collect anonymous aggregated statistical data, other than any personal information such as name, address, phone number or email address.

    If you wish to disable Cookies related to the technologies described above, you may change the settings of your browser and/or application. However, if you make such change, you may not be able to access certain parts of our websites and/or applications.

    1. Sharing
      We do not share your personal information with any other company, organization or individual, except in the following cases:
      (1) Where we have obtained your separate consent to the following sharing of personal information, that is, if we add or change any recipients with whom we share your personal information in practice, we will further seek your consent through pop-up windows or other appropriate methods:
      (a) sharing with our affiliates in order to better offer products and services. In such case, only necessary personal information will be shared subject to the purpose of this Privacy Policy specified herein. If our affiliate intends to alter the purpose of processing, further consent will be requested from you.
      (b) sharing with our authorized partners. For the purpose stated in this Privacy Policy, some of the functionality on our services may be provided by authorized partners. We may share certain personal information about you with such authorized partners in order to offer better customer services and user experience. We will limit sharing of your personal information that is only necessary for us to provide services for a lawful, justifiable, necessary, specific and explicit purpose. Our partners are not entitled to use the shared personal information for any other purposes.
      Currently, our authorized partners is telecommunications service providers.
      We will share your personal information with third parties that support our functions. In order for the telecommunications service provider to assist us in sending you SMS notifications, we will share your phone number with the telecommunications service provider [Union Mobile Financial Technology Co., Ltd. (400-112-5881)] to send you relevant SMS notifications.
      (2) Where we are required to do so by any law, regulation or mandatory governmental request;
      We will enter into strict non-disclosure agreements with those companies, organizations and individuals with whom we share personal information to bind them to process it based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.

    2. Transfer
      We do not transfer your personal information to any company, organization or individual, except in the following cases:
      (1) With your separate consent; or
      (2) In connection with a merger, acquisition, bankruptcy or liquidation, in which case we will procure those companies or organizations holding your personal information to honor this Privacy Policy or otherwise to request further consent from you.

    3. Disclosure
      We may disclose your personal information only in the following cases:
      (1) With your separate consent; or
      (2) For legal reasons: we may disclose your personal information to meet any law, legal proceedings, legal action or mandatory governmental request.

    1. Security Measures
      (1) UOB values data security and establishes a specialized team in support of data protection. We work hard to make sure your information is safe and secure, including maintaining appropriate administrative, technical and physical security measures and establishing an information security and assurance system that is compatible with business development with reference to Chinese and foreign information security standards and best practices.
      (2) We employ security protocols with respect to all phases of data collection, storage, display, processing, use, and destruction in the data life-cycle, and adopt different control measures at varying sensitivity levels, including but not limited to access control, encrypted transmission and encryption algorithm for encrypted storage.
      (3) We also implement strict management of our employees who may have access to your information, and ensure that their operation of your information, such as data access, internal transmission or export, pseudonymization, decryption and other important operation will be performed under control.
      (4) We establish a review and approval mechanism and execute non-disclosure agreements with those employees with such access. In addition, we also provide periodic training for employees with respect to information security, and require employees to build good operating habits in their daily work and increase their awareness of data protection.
      (5) While we take various security measures described above, please understand that there are no such “perfect security measures” for the Internet. We will rely on currently available technologies and take appropriate security measures to protect your information. We will offer reasonable security guarantees and will strive to protect your information from leakage, damage or loss.
      (6) Your account is protected with security features. Please keep your account number and password private, and you should never disclose your password to others. If you become aware of leakage of your personal information, especially your account number and password, you should immediately contact UOB customer service so that we can take appropriate steps.
      (7) Please save or backup your text, pictures and other information in a timely manner. You understand and accept that the system and telecommunications network you use to access our services will be interrupted or unavailable as a result of any factors beyond our control.

    2. The Internet is not absolutely secure, and email, instant messaging and other methods to communicate with other users are not encrypted. We strongly recommend that you not send personal information by such communication means and use strong password to help us keep your account secure.

    3. In the event of a personal information security incident, we will promptly notify you in accordance with applicable laws and regulations of the general status and potential impact of the security incident, the measures we have taken or will take, suggestion for risk prevention and mitigation, remedies available to you, etc. We will promptly notify you of the progress of such incident by email, correspondence, telephone and//or push notification. If it is difficult to deliver notice to each personal information subject, we will publish announcement in a reasonable and effective manner. In addition, we will proactively report the handling of personal information security incident as required by regulatory authorities.

    When you use the UOB Infinity products or services, you can follow the following guidance to access, correct and delete your personal information and exercise your rights to withdraw consent and deregister account. In addition, we also have established the reporting-complaint procedures to process your concerns in a timely manner.

    1. Access and Correct Your Personal Information
      Account information: Click “Managing My User Profile” to access or correct personal information about your account, such as your mobile number, email address and password.
      If you cannot access or correct personal information by using the method provided above, please feel free to call our customer service hotline at 400-886-2821 to make a request or ask for help.
      Except for the information specified above, we cannot offer you the service of accessing and correcting some of your personal information that is collected for the purposes of improving your user experience and guaranteeing transaction security, including, among other things, your device information and personal information generated when you use extensions. We will use such information with your permission. Although you cannot access or correct such information, you may request us to delete or anonymize it.

    2. Delete Your Personal Information
      Subject to applicable law, we will delete your personal information at your request; provided that we may be required to retain personal information for certain periods of time under laws or regulations or as required by regulatory authorities.

    3. Change Consent
      Each business functionality is enabled based on certain type of basic personal information. You may give or withdraw your consent at any time, for example, you can modify the device permissions in your mobile phone settings.
      If you withdraw your consent, we will no longer process your personal information involved, but the withdrawal of your consent will not affect any processing of personal information which has already taken place with your permission.

    4. Deregister Account
      You may deregister the UOB Infinity account you have registered by calling the Bank’s customer service hotline at 400-886-2821 to make a request.
      You understand that deregistering your account is irreversible, and once your account is deregistered we will discontinue to provide the products and/or services to you, cease to collect your further personal information through the client portal, and delete all personal information about your account at your request, except as otherwise required by laws, regulations or regulatory authorities regarding the retention period of customer information.

    5. Response to the Requests for the Exercise of Your Rights
      If you cannot exercise your rights by using the methods provided above, you may contact us as indicated in the “How to Contact Us” section of this Privacy Policy. For the sake of security, you may be required to make requests in writing or prove your identity by other means. We may request you to verify and authenticate your identity before processing your request, but in whatever case, we will review and process your request within the period of up to 15 days or otherwise as required by laws and regulations.
      In principle, no fee shall be charged for reasonable requests. A fee reflecting the cost incurred by us will be charged as appropriate on repeated requested beyond reasonable limits. We have the right to reject the requests that are repeated and vexatious, or need excessive technological means to fulfill, or cause risks to others’ legitimate rights and interests or are impractical.

    6. Exceptions to Response
      We may be unable to respond your request in the following cases:
      (1) To fulfill the obligations of UOB under laws and regulations;
      (2) Directly in connection with national security or national defense security;
      (3) Directly in connection with public security, public health or substantial public interest;
      (4) Directly in connection with a criminal investigation, prosecution, trial and execution of judgments;
      (5) Where UOB has sufficient evidence that the personal information subject has malicious intent or abuses his/her rights;
      (6) For the purposes of maintaining the life, property and other significant legitimate rights and interests of the personal information subject or other individuals, however that it is difficult to obtain consent from the said personal information subject;
      (7) Where responding to the requests of the personal information subject will seriously impair the legitimate rights and interests of the personal information subject or of other individuals or organizations; or
      (8) Involving trade secrets.

    We place a high priority on protecting personal information about minors. Minors should obtain the written consent from their parents or legal guardians before submitting any personal information or using our products and/or services. If you are under 18 years of old, we recommend that your parents or guardian carefully read this Privacy Policy and that you ask your parents or guardian for permission before submitting any personal information and use any of the Bank’s products and services under the guidance of your parents or guardian. If your parents or guardian disagrees with your submission of your personal information or disagrees with your use of any of the Bank’s products and services, you should immediately cease to submit information or terminate the use of the Bank’s products and services, and notify us as soon as possible to enable us to take appropriate steps. We will protect information about minors in accordance with the relevant laws and regulations of the State.

    We will use or disclose the personal information collected from minors with the consent of their parents or legal guardians only to the extent as permitted by law, or with the explicit consent of their parents or legal guardians, or where necessary to protect the minors.

    In principle, we will store within the territory of the People's Republic of China all personal information collected and generated in the People's Republic of China. Where necessary for performing certain services, the Bank may, for the purposes of this Privacy Policy, transfer and store personal information referred to in Section I of this Privacy Policy, including basic information (e.g. name, mobile number and email address), online personally identifiable information (e.g. user ID and password for logging into the UOB Infinity Mobile App) and personal device information (e.g. device model, version and platform of device operating system), outside of China (e.g. Singapore) or process your personal information outside of China (including transfers to jurisdictions that may not have data protection laws that provide the same degree of protection for personal information as the jurisdiction where the Bank is located). In this case, we will conduct the security assessment of the impact of personal information protection according to the relevant laws and regulations before your personal information is transferred to abroad. In the meantime, when the relevant conditions are met, we will carry out cross-border transmission of personal information in accordance with the security assessment organized by the national network information department.

    We will comply with applicable legal requirements and implement cross-border transfers of such personal information in accordance with applicable laws and regulations and the rules of regulatory authorities, including executing agreements and performing onsite audits to procure foreign entities to keep your personal information they obtain confidential.

    We retain your personal information only for the period of time as necessary to effect the purpose of this Privacy Policy or as otherwise provided under laws, regulations and regulatory rules. Upon the expiration of such retention period, we will delete or anonymize your personal information.

    Please note that the operators of third-party websites you visit, such as third-party links, may have their own privacy policies.

    When you view the webpages created by third parties or use the applications developed by third parties, they may place their own Cookies or pixel tags. These Cookies or pixel tags are not under our control, and their use is not subject to this Privacy Policy.

    We will use commercially reasonable efforts to procure these third parties to take security measures for your personal information, however, we cannot warrant that they will follow our request to take security measures. Please contact directly these third parties for details of their respective privacy policy. If you become aware of any risk in the webpages created or applications developed by the third parties, we recommend that you discontinue operations in order to protect your legitimate rights and interests.

    This Privacy Policy is subject to change. When this Privacy Policy is updated, we will publish any changes we make to this Privacy Policy on this page and re-obtain your consent via pop-up message or other appropriate ways. After you log into the UOB Infinity App, you can read this Privacy Policy by clicking More Services-scroll to the bottom of the page-click Privacy Policy. With respect to any material changes to this Privacy Policy, we will also provide notices in a conspicuous manner, including but not limited to indicating the modifications to this Privacy Policy in details by email, text message or special tips on the browsing page).

    For the purpose of this Privacy Policy, material changes include, but without limitation, material changes in our service model; material changes in our ownership or organizational structure; changes of the person with or to whom we share or transfer or disclose personal information; material changes of your rights and exercise thereof with respect to the processing of personal information; any change of our department in charge of the security of personal information or its contact information or complaint procedures; and any high risks indicated in the personal information security impact assessment report.

    The previous versions of this Privacy Policy will be archived for your review.

    This Privacy Policy is written in both Chinese and English, and the Chinese version will prevail in the event any conflict between the Chinese version and the English version.

    If you have any questions, concerns or suggestions relating to this Privacy Policy or your personal information, please contact UOB Infinity Customer Service Department at 400-886-2821.

    In general, we will confirm receipt of and process your inquiry within 15 days. If you are not satisfied with our response, in particular if you believe that your legitimate rights and interests are impaired as a result of our processing of your personal information, you may file a complaint or report to the competent authorities.