Customers of our Singapore Branch
Additional rights for customers of our Singapore Branch are set out in the Singapore Branch Privacy Notice. You may request a copy of this Notice, or further information relating to your rights, by contacting the Singapore Data Privacy Officer (see We’re here to help, Section 6a).
Customers of our Tokyo Branch
The European Union (EU) General Data Protection Regulation (GDPR) and local data protection laws, such as the United Kingdom General Data Protection Regulation, give more rights to individuals located in the EU and the UK and more obligations to organisations holding their personal information. In this Appendix, “personal information” means any information relating to an identified or identifiable natural person (the meaning given to the term “personal data” in the GDPR).
Personal information must be processed in a lawful, fair and transparent manner. As such, if you are located in the EU, GDPR requires us to provide you with more information about how we collect, use, share and store your personal information as well as advising you of your rights as a 'data subject'.
If you are located in the EU and have an enquiry relating to your rights under the GDPR, please contact email@example.com.
Please refer to Section 3 (Securing your information) above for details of the personal information we collect.
Special categories of personal information
The GDPR provides additional protection for personal information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data (for example your fingerprints), or data concerning your health, sex life or sexual orientation. We will only process this type of personal information with your consent or where otherwise lawfully permitted.
How long we keep your personal information
We will keep your personal information while you are a customer of the Group. We aim to keep your personal information for only as long as we need it.
We generally keep your personal information for up to 7 years after you stop being a customer but we may keep your personal information for longer:
We can only collect and use your personal information if we have a valid lawful reason to do so. For the Group, these reasons are:
We may use your information for direct marketing purposes. We will only do this with your consent.
Your rights as a data subject
The right to be informed how personal information is processed
The right of access to personal information
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling
The right to lodge a complaint with a supervisory authority
See the ‘Regulator Contact Details’ section below for more information.
Minors and children’s privacy
We will seek parent or guardian consent to collect the details of children under 16.
Regulator contact details
The UK data protection authority is:
Information Commissioner’s Office
Cheshire SK9 5AF
The Netherlands Data Protection Authority is:
Prins Causlaan 60
PO Box 93374
2509 AJ DEN HAAG / The Hague
For other European jurisdictions please refer to the European Commission website for details of the relevant data protection authorities.
Policy updated 15 September 2021
During our relationship with you, we may tell you more about how we collect and handle your information – for example, when you fill in an application form or receive product terms and conditions. You should always read these documents carefully.
Sometimes we update our Statement. You can always find the most up-to-date version on our website.