DBS Bank Ltd.
, London Branch - Data Privacy Notice
This is a Privacy Notice (“Notice”) issued under the UK General Data Protection Regulation. (“UK
GDPR")
In this Notice, “we” or “us” or “our” means DBS Bank Ltd., London Branch and “you” or “your”
means you, any authorised person on your account, anyone who does your banking or deals with
us for you and other related people, including (without limitation) your authorised signatories,
directors, partners, employees, members, trustees, agents and representatives.
This Notice covers any banking products and/or services you have with us, such as deposits, FX,
derivatives, loans, trade finance related services and payment services.
It applies to information we hold about you and individuals connected to your business and
explains:
▪ who we are;
▪ what information we collect and where we collect it
▪ how we will use the information;
▪ who we share it with;
▪ how long we keep the information;
▪ what safeguards we have in place when transferring the information outside of the UK;
▪ your rights as an individual;
▪ your obligations; and
▪ how to complain.
You should read this Notice in conjunction with the banking terms and conditions for the banking
product and/or service which you have with us as these terms and conditions include sections
relating to the use and disclosure of information.
It is important that you should ensure that any relevant individuals are made aware of this Notice
before providing their information to us or our obtaining their information from another
source. If you, or anyone else on your behalf, has provided or provides information on an
individual connected to your business to us, you or they must first ensure that you or they have
the authority to do so.
Relevant individual means any individual connected to your business, such as a guarantor, a
director, an officer or employee of a company, a partner or member of a partnership, any
substantial owner, controlling person or beneficial owner, account holder of a designated
account, recipient of a designated payment, your attorney or representative
�(including authorised signatories), agent or nominee, or any other persons or entities with whom
you have a relationship that is relevant to your relationship with us.
WHO WE ARE
We are the controller of your personal data and any individuals who are connected to your
business. For all enquiries, you and any individuals who are connected to your business should
write to us at DBS Bank Ltd., London Branch, 9th Floor, One London Wall, London EC2Y
5EA. Attention: Compliance, Data Governance.
THE INFORMATION WE COLLECT AND WHERE WE COLLECT IT
We collect information about you and individuals connected to your business in accordance with
relevant regulations and laws from a range of sources, such as directly from you and individuals
connected to your business, third parties we work with (e.g. companies that introduce you to us,
fraud prevention agencies, regulators, trade bodies, government and law enforcement agencies)
and from publicly available sources (e.g. Companies House, Land Registry and Commercial
Registries). Below are some examples of the information we collect:
▪ personal details, such as name, date and place of birth;
▪ contact details, such as address, email address, position in company, landline and mobile
numbers;
▪ information concerning identity, such as photo ID, passport information, National
Insurance number, driving licence and nationality;
▪ your financial information and information about your relationship with us;
▪ information we use to identify and authenticate you and the individuals connected to
your business;
▪ information included in customer documentation;
▪ risk rating information;
▪ investigations data, such as due diligence checks, sanctions and anti-money laundering
checks, companies house searches and external intelligence reports;
▪ records of correspondence and other communications between you, your
representatives and us;
▪ information that we need to support our regulatory obligations, such as information
about transaction details, detection of any suspicious and unusual activity and
information about parties connected to you or these activities; and
▪ other information about you and individuals connected to your business that you have
provided to us.
�When you visit our website, we may use cookies and other technologies to automatically collect
the following information:
▪ technical information, including your IP address, your login information, browser type
and version, device identifier, location and time zone setting, browser plug-in types and
versions, operating system and platform, page response times, and download errors;
▪ information about your visit, including the websites you visit before and after our website
and products you viewed or searched for; and
▪ length of visits to certain pages, page interaction information (such as scrolling, clicks, and
mouseovers) and methods used to browse away from the page.
HOW WE USE THE INFORMATION
The law says that we are allowed to use information on you and individuals connected to your
business if we have a lawful reason to do so1. These reasons include where we:
▪ have your consent;
▪ need to process the information to fulfil a contract we have with you;
▪ have to comply with a legal obligation;
▪ have a vital interest;
▪ believe the use of information as described is in the public interest;
▪ need to pursue our legitimate interests.
Below are some reasons we use your information and information relating to individuals
connected to your business:
▪ delivering our products and services to you;
▪ carrying out your instructions;
▪ managing our relationship with you;
▪ providing banking operations support;
▪ preventing or detecting crime including fraud and financial crime;
▪ providing security and business continuity;
1
Article 6 UK GDPR
� ▪ undertaking risk management;
▪ undertaking data analytics to better understand your circumstances and preferences so
we can make sure we can provide you with the best advice and offer you a tailored
service;
▪ protecting our legal rights and complying with our legal obligations; and
▪ complying with laws and regulation that we are subject and sharing with our regulators
and other authorities.
We may use automated systems to help us make decisions and technology that helps us to identify
the level of risk involved in our relationship, for example monitoring your account activity.
WHO WE SHARE THE INFORMATION WITH
We share your information and information relating to individuals connected to your business
with DBS Group of Companies, i.e. DBS Group Holdings Ltd and its affiliates and others where it
is lawful to do so. Below are some examples of people we share with:
▪ third party service providers, such as our correspondent banks in order to provide you
with products or services you have requested;
▪ fraud prevention and enforcement agencies;
▪ regulators, HM Revenue & Customs, UK Financial Services Compensation Scheme, Bank
of England and other authorities;
▪ professional advisers in connection with litigation or asserting or defending legal rights
and interests;
▪ credit reference agencies;
▪ people who give guarantees or other security for any amounts you owe us;
▪ people you make payments to and receive payments from;
▪ your beneficiaries, intermediaries, correspondent and agent banks, clearing houses,
clearing or settlement systems, market counterparties and any companies you trade
through us;
▪ other financial institutions, lenders and holders of security over any property or assets
you charge to us, other tax authorities, trade associations, payment service providers
and debt recovery agents;
▪ any brokers who introduce you to us or deal with us for you;
▪ any entity that has an interest in the products or services that we provide to you,
including if they take on the risk related to them;
� ▪ law enforcement, government, courts, dispute resolution bodies, auditors and any party
appointed or requested by our regulators to carry out investigations or audits of our
activities;
▪ other parties involved in any disputes;
▪ anyone who provides instructions or operates any of your accounts, products or services
on your behalf;
▪ anybody else that we have been instructed to share your information with by you, or
anybody else who provides instructions or operates any of your accounts on your behalf;
▪ insurers and their underwriters;
▪ where we have a legitimate business reason for doing so (e.g. to manage risk and verify
identity);
▪ where we have asked you or the individuals connected to your business for your
permission to share it, and you (or they) have agreed; and
▪ third parties connected with business transfers: We may transfer your personal
information to third parties in connection with a reorganisation, restructuring, merger,
acquisition or transfer of assets, provided that the receiving party agrees to treat your
personal information in a manner consistent with this Privacy Notice.
HOW LONG WE KEEP YOUR INFORMATION
We will keep your information and information relating to individuals connected to your business
for as long as you are our customer and in line with our data retention policy to enable us to
comply with our legal and regulatory requirements or use it where we need to for our legitimate
purposes such as managing your account and dealing with any disputes or concerns that may
arise.
TRANSFER OF YOUR INFORMATION OUTSIDE THE UK
Your information and information relating to individuals connected to your business may be
transferred to and stored in locations outside of the UK, including countries that may not have
the same level of protection for personal information provided that we ensure that appropriate
safeguards are in place.
The safeguards may include:
▪ restricting transfer to a non-UK country with privacy laws that give the same protection
as the UK
▪ put in place a contract with the recipient that includes UK approved model contractual
clauses
Your information and information relating to individuals connected to your business have been
transferred to our Head Office in Singapore and such transfer has been made under the Intra
�Group Transfer Agreement and carried out in compliance with relevant privacy and data
protection regulations using the UK approved model contractual clauses2 safeguard as Singapore
is currently not recognised by the United Kingdom as a country having the same level of
protection as the United Kingdom for personal information.
YOUR RIGHTS AS AN INDIVIDUAL RELATING TO THE INFORMATION
The law provides you with certain rights relating to your personal data. These rights include:
▪ the right to access information3 we hold about you and to obtain information about how
we process it;
▪ the right to request that we rectify your information4 if it is inaccurate or incomplete;
▪ the right to request that we erase your information5 although we may continue to retain
your information if we are entitled or required to retain it pursuant to any applicable
law or regulation;
▪ the right to object to, and to request that we restrict, our processing of your information6
in some circumstances. Again, there may be situations where you object to, or ask us to
restrict, our processing of your information but we are entitled to continue processing
your information and/or to refuse that request;
▪ the right to object7 to our use of your information although we may continue to use your
information if we have legitimate reason for doing so;
▪ the right to receive certain information you have provided to us in an electronic format
and/or request that we transmit it to a third party8.
You and individuals connected to your business can exercise your or their rights at any time by
contacting us using the details set out in ‘Who we are’. You and individuals connected to your
business are not required to pay any charge for exercising such right and, if you make a request,
we have one month to respond to you.
YOUR OBLIGATIONS RELATING TO THE INFORMATION
You are responsible for making sure the information you give us, information which is provided
by individuals connected to your business, or information which is otherwise provided on your
behalf is accurate and up-to-date, and you must tell us if anything changes as soon as possible.
2
Article 46 UK GDPR (Transfers subject to appropriate safeguards)
3
Article 15 UK GDPR (Right of access by the data subject)
4
Article 16 UK GDPR (Right to rectification)
5
Article 17 UK GDPR (Right to erasure (‘right to be forgotten’))
6
Article 18 UK GDPR (Right to restriction of processing)
7
Article 21 UK GDPR (Right to object)
8
Article 20 UK GDPR (Right to data portability
�You must tell us if you become aware that any individual whose information you have provided
us has objected to their information being collected, processed, used or disclosed.
HOW TO COMPLAIN
If you are not happy with how we have used your personal information, you can contact us using
the details set out in ‘Who we are’. You also have the right to complain to the UK Information
Commissioner’s Office by visiting www.ico.org.uk; or write to the Information Commissioner’s
Office at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, Helpline number: 0303 123
1113.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION
We have implemented technical and organisational security measures to safeguard the personal
information in our custody and control. Such measures include, for example, limiting access to
personal information only to employees and authorised service providers who need to know such
information for the purposes described in this Notice as well as other administrative, technical
and physical safeguards.
SELLING PERSONAL DATA
We wish to emphasis that we do not sell personal data to any third parties and we shall remain
fully compliant with any duty or obligation of confidentiality imposed upon us under applicable
agreements and/or terms and conditions that govern our relationship with you.
USE OF PERSONAL DATA FOR MARKETING PURPOSES
We may use your personal data to offer products or services, including special offers, promotions,
contests or entitlements that may be of interest to you or for which you may be eligible. Such
marketing messages may be sent to you in various modes including but not limited to electronic
mail, direct mail, fax or mobile messaging services. In doing so, we will comply with all applicable
data protection regulation including UK GDPR. In respect of such messages, please be assured
that we will only do so if we have your clear and unambiguous consent in writing or other
recorded form to do so. You may, at any time, request that we stop contacting you for marketing
purposes. Nothing in this Notice shall vary or supersede the terms and conditions that govern our
relationship with you.
