BANK OF COMMUNICATIONS CO., LTD Sydney Branch

PRIVACY POLICY

ABOUT US

Bank of Communications Co., Ltd and its subsidiaries (“BoCom”) provide a range of financial products and services to its customers. BoCom is a joint stock company incorporated in the People’s Republic of China with limited liability and it is registered in Australia as a foreign company under the Corporations Act 2001 (Cth).

In Australia, BoCom is authorised by the Australian Prudential Regulatory Authority as a foreign authorised deposit-taking institution to carry on banking business as Bank of Communications Co, Ltd through its Sydney Branch and sub-branches (“BoComAU” and also referred to in this Policy as “we”, “us” or “our”). It is also authorised by the Australian Securities and Investments Commission to carry on a financial services business in Australia under its Australian Financial Services Licence.

In this Policy, “you” or “your” refers only to those customers, beneficial owners and other relevant personnel of such customers of BoComAU and suppliers directly contracted by BoComAU.

BoComAU must follow the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”), upon which this Policy is based.

OUR COMMITMENT TO PROTECT YOUR PRIVACY

We understand how important it is to protect your personal information. This document sets out our Privacy Policy commitment in respect of personal information that you may provide to us.

We recognise that any personal information we collect about you will only be used for the purposes indicated in our policy, where we have your consent to do so, or as otherwise required or authorised by law. It is important to us that you are confident that any personal information we collect from you or is received by us will be treated with appropriate respect ensuring protection of your personal information.

This Policy explains how we handle your personal information. It also includes our policy on the handling of credit reports and other credit related information.

PERSONAL INFORMATION

When we refer to personal information we mean information or an opinion about you, from which you are, or may reasonably be, identified.

The type of information we collect will depend on the product or service requested for. Generally, the personal information we collect includes your name, address, gender, marital status, date of birth, contact details (including telephone, facsimile and e-mail), identification document numbers, tax file number or other government identifiers, account details, business details, employment details, domicile and citizenship status, personal preferences and information about the products and services we have provided.

The personal information we collect about you may also include credit information about you. Credit information is information which is used to assess your eligibility for a loan and may include information about your income, assets, liabilities and repayment history information.

Due to the nature of the services provided by us, it is not common practice for us to collect sensitive information about you (such as information about your health, religion, trade union membership, political opinion, sexual preference or criminal record), unless such information is required in order to process an application from you. We will only collect sensitive information about you with your consent.

Importantly, personal information relates to an individual person and does not include information held in respect of a company or other body corporate for the purposes of this Privacy Policy. However, where our customer is a business, company or other legal entity such as a trust structure or partnership, we may collect personal information about the partners, directors, ultimate beneficial owners, officers, staff engaged in that business, authorised signatories, trustees, the entity’s agent or any beneficiaries.

WHY WE COLLECT YOUR PERSONAL INFORMATION

We collect, hold and use your personal information so that we can:

(a) provide you with products and services, and manage our relationship with you;

(b) contact you, for example, to respond to your queries or complaints, or if we need to tell you something important;

(c) comply with our legal obligations and assist government and law enforcement agencies or regulators; or

(d) identify and tell you about other products or services that we think may be of interest to you.

If you do not provide us with your personal information we may not be able to provide you with our products or services, communicate with you or respond to your enquiries.

HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

Personal information may be collected by us in a number of circumstances, including when:

· You make an application for one of our products or services

· We provide customer support or assist you with a query

· We undertake monitoring and evaluation of our products and services

· You visit our website

· You attend an event hosted by us or visit our premises

· You apply for employment with us

· We undertake activities to administer or manage our customer relationships

Where reasonable and practical we will collect your personal information only directly from you. However, we will also collect information about you from third parties, such as a partner or spouse who contacts us on your behalf, from our contractors who supply services to us, through our referrers, from advisers such as accountants or lawyers or other organisations authorised by you.

If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by privacy laws, we may collect, use and disclose such information for the purposes described in this Privacy Policy. For example, you should take reasonable steps to ensure the individual concerned is aware of the various matters detailed in this Privacy Policy. The individual must also provide the consents set out in this Privacy Policy in respect of how we will deal with their personal information.

You should also be aware that when assessing an application from you for commercial credit, we may collect credit-related personal information about you (either from you, or with your consent from a credit-reporting body).

If any personal information we need is not available, or not provided, we may not be able to provide the relevant product or service or we may delay, block or refuse to make a payment or action an instruction relating to the customer’s account.

HOW DO WE STORE AND HOLD PERSONAL INFORMATION?

We store most information about you in computer systems and databases operated by either us or our external service providers. Some information about you is recorded in paper files that we store securely.

We implement and maintain processes and security measures to protect personal information which we hold, from misuse, interference or loss, and from unauthorised access, modification or disclosure.

These processes and systems include:

(a) the use of identity and access management technologies to control access to systems on which information is processed and stored;

(b) requiring all employees to comply with internal information security policies and keep information secure;

(d) monitoring and regularly reviewing our practise against our own policies and against industry best practice.

TO WHOM WILL WE DISCLOSE YOUR PERSONAL INFORMATION?

We may transfer or disclose your personal information to our related companies.

We may disclose personal information to external service providers so that they may perform services for us or on our behalf, these could include:

· service providers and specialist advisers we engage to provide us with services such as auditing, consulting, rating or law firms;

· anyone authorised by you or for whom you have provided consent, including but not limited to other financial services providers that we may need to deal with on your behalf;

· people considering acquiring and interest in our business or asset; and

· anyone to whom we, or our service providers, are required or authorised by law to disclose your personal information (for example law enforcement agencies, national and international government and regulatory authorities, including but not limited to the ATO, APRA, ASIC, AUSTRAC, AFP and the Chinese government and regulatory bodies.)

By providing us with your personal information, you consent to us disclosing your information to such entities without obtaining your consent on a case by case basis.

DISCLOSURE TO OVERSEAS RECIPIENTS

BoComAU is part of a global bank, with global customers and as a result we use systems located in various countries outside Australia, including China, other parts of Asia, Europe and America. As part of our activities, BoComAU may provide your personal information to our overseas branches or service providers. We may also use cloud storage and IT servers that are located offshore.

DIRECT MARKETING

From time to time we may use your personal information to provide you with current information about financing, offers you may find of interest, changes to our organisation, or new products or services being offered by us or any company we are associated with. By providing us with your personal information, you consent to us using your information to contact you on an ongoing basis for this purpose, including by mail, email, SMS, social media and telephone.

If you do not wish to receive marketing information, you may at any time decline to receive such information by contacting our Privacy Officer on the contact details below. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.

UPDATING YOUR PERSONAL INFORMATION

It is important to our relationship that the personal information we hold about you is accurate and up to date. During the course of our relationship with you we will ask you to inform us if any of your personal information has changed.

If you wish to make any changes to your personal information (including your credit related personal information), you should contact us to have it updated. We will generally rely on you to assist us in informing us if the information we hold about you is inaccurate or incomplete.

ACCESS TO YOUR PERSONAL INFORMATION

We will provide you with access to the personal information we hold about you, subject to limited exceptions in the Privacy Act as outlined below. You may request access to any of the personal information we hold about you, including any credit-related personal information we hold about you, at any time.

To access personal information that we hold about you, use the contact details specified below. We may charge a fee for our reasonable costs in retrieving and supplying the information to you.

DENIED ACCESS TO PERSONAL INFORMATION

There may be situations where we are not required to provide you with access to your personal information. For example, such a situation would be information relating to an existing or anticipated legal proceeding with you, or if your request is vexatious.

An explanation will be provided to you if we deny you access to your personal information we hold.

BUSINESS WITHOUT IDENTIFYING YOU

In most circumstances it will be necessary for us to identify you in order to successfully do business with you, however, where, it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without providing us with personal information. Such a situation would be where you make general inquiries about interest rates or current promotional offers.

FURTHER INFORMATION AND COMPLAINTS

You may request further information about the way we manage your personal information or lodge a complaint by contacting our Privacy Officer(s) on the contact details below:

CONTACT DETAILS

You can contact us by writing to:

Bank of Communications Co., Ltd. Sydney Branch

Level 23, 60 Martin Place, Sydney NSW 2000

Attention: Privacy Officer

Alternatively, you can email us at auscompliance@bankcomm.com.au or call us on 02 8029 8888.

We will acknowledge receipt of the complaint promptly within 1 business day of receiving it and use our best endeavours to respond to your request within 14 days. However, where the matter is complex, we will write to you and advise you that our response may take longer. In all cases we anticipate being able to provide you with a response within 30 days.

USE OF OUR WEBSITE

We may collect information about how you access, use and interact with the website. This information may include:

(a) the location from which you have come to the site and the pages you have visited; and

(b) technical data, which may include IP address, the types of devices you are using to access the website, device attributes, browser type, language and operating system.

We use cookies on the website. A cookie is a small text file that the website may place on your device to store information. We may use persistent cookies (which remain on your computer even after you close your browser) to store information that may speed up your use of our website for any of your future visits to the website. We may also use session cookies (which no longer remain after you end your browsing session) to help manage the display and presentation of information on the website. You may refuse to use cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of the website.

ALTERNATIVE FORMS OF OUR PRIVACY POLICY

If you would prefer to receive a copy of our Privacy Policy, such as in hard copy or via email, please contact us on the phone number or email address provided under the section titled ‘Contact Details’ above. We will be pleased to comply with your request.

CHANGE IN OUR PRIVACY POLICY

We are constantly reviewing all of our policies and attempt to keep up to date with market expectations. From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold. Any changes to our policy will be published on our website.

We encourage you to check our website from time to time to view our current policy, or contact us at the contact details above for a printed copy. This Privacy Policy was last updated on 30 September 2023.