BNU PRIVACY AND PERSONAL DATA PROTECTION POLICY



INTRODUCTION

The personal data provided by the Customer to the Bank are protected by banking secrecy and by the personal data protection legislation (currently, Law No. 8/2005). This Law establishes the principles for processing personal data, which should be done in a transparent manner and in strict compliance with individuals’ privacy and with other fundamental rights, freedoms and guarantees set out in the Basic Law of Macau, other instruments of international law as well as the current legislation in force in Macau.

The relationship between the Bank and the Customer is guided by the observance of a strict confidentiality and by the compliance with the duties binding the Bank, especially not to disclose or use (share, sell or transmit) information about facts or details of the Customer (personal information or business activities and transactions) unless when required by law or when expressly authorized by the Customer.

BNU’s Privacy and Personal Data Protection Policy states the ways in which BNU processes personal data of Customers and the rights they may exercise in this regard. This Policy is further complemented by BNU General Terms and Conditions for Account Opening and Servicing.


IMPORTANT DEFINITIONS

  • Personal data: the information related to a single natural person, identified or identifiable (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiologic, genetic, mental, economic, cultural or social identity of that natural person;
  • Data subject: Natural person to whom the processed data refers to.
  • Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • Consent: shall mean any freely given specific and informed indication of will by which you express your acceptance to personal data relating to yourself being processed;

PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

When performing its banking activity BNU processes data within explicit and specific purposes. This processing is based on compliance with legal obligations, in the performance of contracts in which the data subjects are part, in the pursuance of BNU’s legitimate interests, and in the consent of the data subjects.

Personal data or financial information you make available to or may be requested by the Bank will be used to enable us to provide services to you, assess credit risk, meet disclosure or other requirements imposed by law or ordered by a lawful authority, comply with banking supervision and auditing requirements, collect debts or designing financial products or services.

The Bank may from time to time request your personal data, in order to provide services you have applied for or to ensure that the Bank’s records are correct and up to date. If you choose not to provide requested data or if information provided by you is incomplete or incorrect, this may prevent the Bank from providing services to you.


DATA SECURITY

The Bank maintains appropriate measures to ensure that all personal data is securely stored as long as it is necessary for us to provide services to you or to comply with retention obligations imposed by law, after which it will be destroyed.

All of our staff and third parties with permitted access to your information are specifically required to observe the Bank’s confidentiality obligations.

We strive to ensure that your personal data is protected against accidental or unauthorized access, processing or deletion.


DATA TRANSFER

By opening an account or requesting services from us, you acknowledge, accept and expressly authorize the Bank to transfer your personal data and/or information related to transactions you undertake with the Bank to other parties, insofar as such collection or transmission is necessary for the Bank to provide services to you as you may request, to enable the Bank to comply with reporting obligations, for the Bank’s internal or external auditing purposes, and to the extent that such transfer is required to comply with reporting obligations and consolidation of accounts within the CGD Group in Portugal.

Any such transmission shall be undertaken in strict compliance with applicable banking secrecy and personal data privacy laws.

The Bank may be ordered to provide users’ personal data or financial information to government departments responsible for banking supervision or to Macau SAR courts, but we will only do so under proper authority.


DATA SUBJECT’S RIGHTS

After receiving a written request, the Bank shall ensure the exercise of the following rights:
  • Right of access: you shall have the right to obtain from the bank confirmation as to whether or not personal data concerning yourself is being processed, and, where that is the case, access to the personal data;
  • Right to rectification: you shall have the right to obtain from BNU without undue delay the rectification of inaccurate personal data concerning yourself. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement;
  • Right to object: you shall have the right to object, at any time, to processing of personal data concerning yourself, namely when processing is performed for other purposes than the ones for which it was collected and for which you have given your consent. Where personal data is processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing;
  • Right to erasure (‘right to be forgotten’): you shall have the right to obtain from the bank the erasure of personal data concerning yourself without undue delay, as long as you meet the requirements for that erasure, namely, the relationship with BNU has been ceased and all legally established record retention periods have already expired;
  • Right to restriction of processing: you shall have the right to obtain from the bank the restriction of processing of your personal data where one of the following applies:
    • The accuracy of the personal data is contested by you, for a period enabling BNU to verify the accuracy of the personal data;
    • The processing is unlawful and you oppose to the erasure of the personal data and request the restriction of its use instead;
    • BNU no longer needs the personal data for the purposes of the processing, but it is required by yourself for the establishment, exercise or defense of legal claims;
    • You have objected to processing, pending the verification whether the legitimate grounds of BNU override those of the data subject.
You also have the right to lodge a complaint with the Bank’s supervisory authority, AMCM, or with the Macau Data Protection Office (GPDP)

The Bank is entitled to charge a reasonable fee for processing data access requests. The right to object is free of charge.


YOUR CONTACT POINT IN BNU FOR ANY PERSONAL DATA ENQUIRIES

BNU has a Data Protection Officer to whom you may address any requests or enquiries related to personal data through the following contact points:
  • Email: dpo@bnu.com.mo
  • Mail addressed to: Data Protection Officer, Banco Nacional Ultramarino, S.A., Avenida de Almeida Ribeiro, 22, Macau
  • Written request delivered at any of our branches.