Data Privacy Policy of HTISG

  1. Haitong International Securities Group Limited and its subsidiaries (together, "HTISG" or “we”) want to provide the best service possible to our customers and various other individuals (namely “Data Subject(s)”).
  2. One way that we do this is by using Data Subjects’ information to provide our Data Subjects with convenient access to the various products and services. We also recognize that our Data Subjects have important expectations regarding the use of that information.
  3. Safeguarding Data Subjects’ information is a matter that we take seriously. That is why we have set forth this Data Privacy Policy (“Policy”) to affirm our long-standing commitment to personal data protection.
  4. From time to time, it is necessary for HTISG to collect, process, use, store, disclose and transfer the Data Subjects’ personal data (“Data”) as defined in the Personal Data (Privacy) Ordinance (Cap. 486 of the laws of Hong Kong)(“PDPO”), EU General Data Protection Regulation (“GDPR”) or any other applicable laws. The term "Data Subject(s)", wherever mentioned in this Policy, includes the following categories of individuals :
    • applicants for or customers, authorized signatories, policy holders, beneficiaries and other users of financial, insurance, securities, commodities, investment, credit and related services and products and facilities and so forth provided by HTISG;
    • sureties, guarantors and parties providing security, guarantee or any form of support for obligations owed to HTISG;
    • directors, shareholders, employees, officers, consultants and agents of any corporate applicants (and such corporate applicant's affiliates and subsidiaries) and data subjects/users; and
    • suppliers, contractors, service providers, agents and other contractual counterparties of HTISG.
    For the avoidance of doubt, "Data Subjects" shall not include any incorporated bodies.
  5. We may collect the Data from Data Subjects in connection with the opening or continuation of accounts and / or the establishment or continuation of credit facilities or provision of our financial, insurance, securities, commodities, investment and related products and / or services or discharging our duties. The Data may come from account opening process, using electronic service(s) provided by HTISG or when submitting other forms and materials to us, KYC process, provision of our financial products and services, etc. Typical information we collect from Data Subjects may include but not limited to Data Subjects’ name, age, occupation, marital status, e-mail address, telephone number, personal identity information, electronic signature, individual biometric data (including but not limited to fingerprint or facial images of a Data Subject which could be used to identify such Data Subject), address and other contact information, position within an organization, details of any affiliation with a professional body, financial information, credit history, source of wealth, risk tolerance, investment experiences and objectives relating to the products or services we provide and etc.
  6. In the event that Data is provided by customer on behalf of a Data Subject, the customer must, upon our request, provide evidence of the Data Subject’s authorization or consent to the provision of his/her Data for our record and confirm that such provision of Data must be in compliance with all applicable laws.
  7. We may also obtain Data Subjects’ information from collection of publicly available information, generation of unique internal identification numbers for organizational and reporting purposes, generation of statistical analysis for internal purposes, gathering information relating to access of our research websites, recording telephone conversations and/or communications utilizing electronic media, or from third party risk intelligence applications.
  8. The purposes for which Data (and other information) relating to Data Subjects may be used are as follows:
    • providing customers with our products or services;
    • verifying customers’ identity as part of initial and ongoing KYC (know your customer) due diligence process and performing our obligations under the anti-money laundry laws and regulations;
    • conducting certification services recognized by the Electronic Transactions Ordinance (Cap 553) such as services provided by certification authorities in Hong Kong or outside Hong Kong (including but not limited to PRC) for client identity verification purpose;
    • conducting credit checks;
    • assisting other institutions to conduct credit checks;
    • maintaining credit history of Data Subjects for present and future reference;
    • ensuring Data Subjects’ ongoing credit worthiness;
    • designing financial services or related products for Data Subjects’ use;
    • marketing financial services or related products to Data Subjects;
    • determining the amount of indebtedness owed to or by Data Subjects;
    • collecting of amount outstanding from Data Subjects and those providing security for Data Subjects’ obligations;
    • complying with any laws, regulations, orders, judgments, guidelines, policies, measures, arrangements, requests or other requirements issued by any legal, regulatory, governmental, tax, enforcement, administrative or statutory authority, stock exchange or clearing house or other self-regulatory or industry bodies or associations both within and outside Hong Kong Special Administrative Region of the People’s Republic of China (“Hong Kong”), including but not limited to the PRC, that are applicable to HTISG or any of its holding or affiliated companies;
    • complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within HTISG or among HTISG and its holding or affiliated companies for lawful purpose, and/or any other use of Data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities; and
    • any purposes relating to any of the foregoing.
      • We are entitled to use the Data in the ways described above because:
    • we have legal and/or regulatory obligations that we have to discharge;
    • we may need to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
    • the use of the Data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our affiliates).
  9. Data (and other information) held by HTISG relating to Data Subjects will be kept confidential, but HTISG may disclose, and Data Subjects must provide such Data in order to enable HTISG to provide its services and products as well as related information to Data Subjects. Without such Data, HTISG may not be able to provide such services, products and information to Data Subjects. Each Data Subject should be aware that HTISG may disclose Data (and other information) to:
    • any officer, employee, agent, contractor or third party who provides administrative, professional, credit information, debt collection, telecommunications, computer, payment, archiving or other services to HTISG in connection with the operation of their business;
    • any financial institution with which the Data Subjects has or proposes to have dealings;
    • any holding or affiliated company of HTISG, including but not limited to those located in the PRC;
    • any legal, regulatory, governmental, tax, enforcement, administrative or statutory authority, stock exchange or clearing house or other self-regulatory or industry bodies or associations within and outside Hong Kong (including but not limited to the PRC);
    • any certification authorities in Hong Kong and outside Hong Kong (including but not limited to the PRC);
    • any relevant authorities within or outside Hong Kong in order to satisfy any applicable law, regulation, rule or guideline existing currently and in the future concerning automatic exchange of financial account information or the Foreign Account Tax Compliance Act (FATCA) of the United States (“US”);
    • credit reference agencies, and, in the event of default, to debt collection agencies;
    • actual or proposed assignee of the relevant HTISG entity or participant or sub-participant of the relevant HTISG entity’s rights in respect of the customers to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
    • any other person under a duty of confidentiality to HTISG including any holding or affiliated companies of HTISG which has undertaken to keep such information confidential.
      • We share Data (and other information) regarding Data Subjects to the abovementioned parties only in accordance with strict internal security standards and confidentiality policies and with applicable law.

      We do not share Data (and other information) with other persons except in order to conduct our business, comply with applicable law, respond to a subpoena or similar legal process, protect against fraud, cooperate with law enforcement or regulatory authorities or with organizations such as exchanges and clearinghouses, conduct any action to meet obligations under the applicable laws or regulatory requirements.

      The parties located outside Hong Kong may not have in place data protection laws which are substantially similar to, or serve the same purpose as, the PDPO. This means that Data disclosed to such parties may not be protected to the same or similar level as in Hong Kong.
  10. We may also share the Data with third parties (whether a holding or affiliated company of HTISG or not):
    • if we sell any of our business or assets, in which case we may disclose the Data to the prospective buyer for due diligence purposes;
    • if we are acquired by a third party, in which case the Data held by us will be disclosed to the third party buyer;
    • to third party agents or contractors (for example, the providers of our electronic data storage services) for the purposes of providing services to us. These third parties will be subject to confidentiality requirements and they will only use the Data as described in this Policy; and
    • to the extent required by law, for example if we are under a duty to disclose the Data in order to comply with any legal obligation, establish, exercise or defend our legal rights.
  11. We have established high standards for protecting Data regarding Data Subjects from unauthorized alteration or destruction. We hold our employees fully accountable for adhering to those standards, policies and laws. The Data should only be accessible to authorized staff on a “need-to-know” basis using secure means.
  12. In the event of any default in payment by the Data Subjects, unless the amount in default is fully repaid or written off (otherwise than due to a bankruptcy order) before the expiry of 60 days as measured by HTISG from the date such default occurred, the Data Subject agrees that his/her account repayment data will be retained by the credit reference agency at least until the expiry of five years from the date of final settlement of the amount in default. In the event of any amount being written off due to a bankruptcy order being made against the Data Subject, the Data Subjects agrees that his/her account repayment data will be retained by the credit reference agency, regardless of whether the account repayment data reveal any material default, until the expiry of five years from the date of final settlement of the amount in default or the expiry of five years from the date of discharge from a bankruptcy as notified by the Data Subject with evidence to the credit reference agency, whichever is earlier. The Data Subject’s account repayment data include amount last due, amount of payment made during the last reporting period, remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in material default (if any)). Material default is a default in payment for a period in excess of 60 days.
  13. Any Data Subject who is subject to the rules under General Data Protection Regulation (“GDPR”) of the European Union (“EU”) shall be aware of and agree to the transfers of the Data outside the European Economic Area (“EEA”) as follows:
    • The Data that we collect from a Data Subject may be transferred to, and stored at, a destination outside the EEA, including but not limited to being transferred to our affiliates which are located outside the EEA.
    • Data may also be processed by individuals operating outside of the EEA who work for our affiliates or for one of our suppliers.
    • Where we transfer the Data outside the EEA, we will ensure that it is protected in a manner that is consistent with how the Data will be protected by us in the EEA. This can be done in a number of ways, for instance:
      1. the country that we send the Data to might be approved by the European Commission as offering a sufficient level of protection;
      2. the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect the Data; or
      3. where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme.
    • In other circumstances the law may permit us to otherwise transfer the Data outside the EEA. In all cases, however, we will ensure that any transfer of the Data is compliant with applicable data protection law.
      • Data Subject can obtain more details about the protection given to the Data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of the Data) by contacting us in writing to the address provided below or call our Customer Service Department provided in Clause 18 of this Policy.
  14. Use of Data in Direct Marketing

    We intend to use the Data in direct marketing and we require the Data Subject’s consent (which includes an indication of no objection) before we can use the Data for this purpose. Data Subject’s provision of consent for this purpose is voluntary. In this connection, please note that:
    • Data Subject’s name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data held by HTISG from time to time (“Marketing Personal Data”) may be used by HTISG in direct marketing;
    • the following classes of services, products and subjects may be marketed:
      1. financial, insurance, securities, commodities, investment and related services and products and facilities;
      2. reward, loyalty or privileges programmes in relation to the class of marketing subjects as referred to above;
      3. services and products offered by HTISG's co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be) in relation to the class of marketing subjects as referred to above; and
      4. donations and contributions for charitable and/or non-profit making purposes.
    • the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by HTISG and/or:
      1. any member of HTISG;
      2. third party financial institutions, insurers, securities, commodities and investment services providers;
      3. third party reward, loyalty, co-branding or privileges programme providers;
      4. co-branding partners of HTISG (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
      5. charitable or non-profit making organisations;
    In addition to marketing the above services, products and subjects itself, HTISG also intends to provide the Marketing Personal Data described above, whether such provision is for gain or not, to all or any of the persons described above for use by them in marketing those services, products and subjects described above (in respect of which HTISG may or may not be remunerated), and HTISG requires the Data Subject’s written consent (which includes an indication of no objection) for that purpose;

    We may not use the Marketing Personal Data for direct marketing without Data Subject’s consent. Please indicate Data Subject’s consent when signing relevant customer documents.

    If the Data Subject give his/her consent but subsequently change his/her mind and no longer wish HTISG to use or provide to other persons the Marketing Personal Data for use in direct marketing as described above, Data Subject may exercise his/her opt-out right by notifying HTISG in writing to the address provided below or call our Customer Service Department provided in Clause 18 of this Policy.

    Please note however that the right to make such a request is not applicable to the Data Subject if the direct marketing is addressed to the Data Subject in his/her capacity as a representative of a company or business and is not sent to the Data Subject in his/her individual or personal capacity.
  15. Any of our customers who accept our services in relation to Northbound Trading of China Connect Securities shall be aware of and agree to the following provisions:
    • HTISG may need to use the Data for the following purposes: (a) tag each of the customers’ orders submitted to the CSC (as defined in the Rules of the Exchange) with a Broker-to-Client Assigned Number (“BCAN”) that is unique to each customer or the BCAN that is assigned to a joint account, as appropriate; and (b) provide to appropriate regulatory authorities, including but not limited to the Hong Kong Exchanges and Clearing (“HKEX”), the Hong Kong Stock Exchange Limited (“HKSE”) and any of their subsidiaries from time to time (the “SEHK Subsidiaries”), the customers’ assigned BCAN and such identification Information relating to the customers (“Client Identification Data” or “CID”) as HKEX, SEHK or any SEHK Subsidiaries may from time to time request under any applicable laws or regulatory rules and requirements.
    • Without limitation to any notifications HTISG have given to customers or consent which HTISG have obtained from customers, HTISG may collect, store, use, disclose and transfer personal data relating to customers as follows (defined terms shall have the meaning under the Rules of the Exchange, unless otherwise indicated):
      1. to disclose and transfer customers’ BCAN and CID to HKEX, SEHK or any SEHK Subsidiaries from time to time, including by indicating customers’ BCAN when inputting a China Connect order into the CSC, which will be further routed to the relevant China Connect Market Operator on a real-time basis;
      2. to allow each of HKEX, SEHK or the SEHK Subsidiaries to: (i) collect, use and store customers’ BCAN, CID and any consolidated, validated and mapped BCANs and CID information provided by the relevant China Connect Clearing House (in the case of storage, by any of them or via HKEX) for market surveillance and monitoring purposes and enforcement of the Rules of the Exchange; (ii) transfer such information to the relevant China Connect Market Operator (directly or through the relevant China Connect Clearing House) from time to time for the purposes set out in Clause c and d below; and (iii) disclose such information to the relevant regulators and law enforcement agencies in Hong Kong so as to facilitate the performance of their statutory functions with respect to the Hong Kong financial markets;
      3. to allow the relevant China Connect Clearing House to: (i) collect, use and store customers’ BCAN and CID to facilitate the consolidation and validation of BCANs and CID and the mapping of BCANs and CID with its investor identification database, and provide such consolidated, validated and mapped BCANs and CID information to the relevant China Connect Market Operator, HKEX, HKSE and any SEHK Subsidiary; (ii) use customers’ BCAN and CID for the performance of its regulatory functions of securities account management; and (iii) disclose such information to the People’s Republic of China regulatory authorities and law enforcement agencies having jurisdiction so as to facilitate the performance of their regulatory, surveillance and enforcement functions with respect to the People’s Republic of China financial markets;
      4. to allow the relevant China Connect Market Operator to: (i) collect, use and store customers’ BCAN and CID to facilitate their surveillance and monitoring of securities trading on the relevant China Connect Market through the use of the China Connect Service and enforcement of the rules of the relevant China Connect Market Operator; and (ii) disclose such information to the People’s Republic of China regulatory authorities and law enforcement agencies so as to facilitate the performance of their regulatory, surveillance and enforcement functions with respect to the People’s Republic of China financial markets.
    • By instructing HTISG in respect of any transaction relating to China Connect Securities (as defined in the Rules of the Exchange), customers acknowledge and agree that HTISG may use their personal data for the purposes of complying with the requirements of HKEX, HKSE or any HKSE Subsidiaries and their rules as in force from time to time in connection with Stock Connect Northbound Trading. Customers also acknowledge that despite any subsequent purported withdrawal of consent by customers, customers’ personal data (which was provided before such withdrawal) may continue to be stored, used, disclosed, transferred and otherwise processed for the above purposes, whether before or after such purported withdrawal of consent.
    • Please also note that HTISG will not, or no longer be able to, as the case may be, carry out customers’ trading instructions or provide customers with Stock Connect Northbound Trading service if customers fail to provide HTISG with their personal data or consent as described above.
  16. HTISG may, in accordance with the Personal Data (Privacy) Ordinance and any other applicable law,
    • match, compare or exchange any Data or other information provided by, or in respect of, a Data Subject with Data (or other information) held by HTISG or any other person for the purpose of:
      1. credit checking;
      2. Data (and other information) verification;
      3. otherwise producing or verifying Data (and other information) which may be used for the purpose of taking adverse action against the Data Subject or any other person at any time;
    • transfer such Data (and other information) to any place outside Hong Kong (whether for the processing, holding or use of such Data (and other information) outside Hong Kong).
  17. Data Subjects are required to provide us his/her accurate and most up-to-date contact information. If there is any change to such information, Data Subjects shall notify HTISG in writing to the address provided below or call our Customer Service Department provided in Clause 18 of this Policy. We are not liable for any violation of privacy resulting from Data Subjects’ failure to notify us such change.
  18. Data Subjects have a number of legal rights in relation to the Data that we hold about the Data Subjects. These rights include:
    • the right to obtain information regarding the processing of the Data and access to the Data which we hold about the Data Subject;
    • the right to withdraw the consent to our processing of the Data at any time. Please note, however, that we may still be entitled to process the Data if we have another legitimate reason (other than consent) for doing so;
    • in some circumstances, the right to receive some Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to the Data which the Data Subject have provided to us;
    • the right to request that we rectify the Data if it is inaccurate or incomplete;
    • the right to request that we erase the Data in certain circumstances. Please note that there may be circumstances where the Data Subject asks us to erase the Data but we are legally entitled to retain it;
    • the right to object to, and the right to request that we restrict, our processing of the Data in certain circumstances. Again, there may be circumstances where the Data Subject objects to, or asks us to restrict, our processing of the Data but we are legally entitled to continue processing the Data and / or to refuse that request;
    • the right to lodge a complaint with the data protection regulator (details of which are provided below) if the Data Subject thinks that any of his/her data privacy rights have been infringed by us;
    • in relation to consumers’ credit record, to be informed on request which items of Data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the marking of an access and correction request to the relevant credit reference agency or debt collection agency; and
    • upon satisfactory termination of the credit by full repayment and on condition that there has been, within five years immediately before such termination, no material default under the credit as determined by HTISG, to instruct HTISG to make a request to the relevant credit reference agency to delete from its database any account data relating to the terminated credit.
    Request for access and/or correct any Data that the Data Subject has submitted and request for changing personal contact information shall be sent to the following address:

    Haitong International Securities Group Limited

    22/F Li Po Chun Chambers,

    189 Des Voeux Road Central, Hong Kong

    Attn : Customer Service Department

    or phone to: +852 3583 3388

  19. In accordance with the terms of the Personal Data (Privacy) Ordinance, HTISG has the right to charge a reasonable fee for the processing of any Data access request.
  20. Retention of the personal data

    How long we hold the Data for will vary. The retention period will be determined by various criteria including:
    • the purpose for which we are using it – we will need to keep the Data for as long as is necessary for that purpose; and
    • legal obligations – laws or regulation may set a minimum period for which we have to keep the Data.
  21. At HTISG, information regarding the Data Subjects is used solely in the legitimate conduct of our business, to deliver superior service and to design products and special offers that demonstrate our understanding of the Data Subjects and their needs.
  22. As we move forward in developing new products and services in an era of vast technological change, we will continue to maintain our dedication to assuring that Data Subjects’ information is properly used and appropriately safeguarded.
  23. We update our Data Privacy Policy from time to time and ask that customer regularly check our website to make sure customer is familiar with the most recent version.

If there is any discrepancy between the English and Chinese versions, the English version shall apply and prevail.