The Site provides you an opportunity to e-mail CLSA personal information and data in order to enquire about the services we offer and to become a registered user of the Site. CLSA’s policies and practices in relation to personal data and the Personal Data (Privacy) Ordinance in Hong Kong are available here. CLSA’s policies and practices in relation to personal data and the Personal Data Protection Act in Singapore are available here. CLSA’s policies and practices in relation to personal data and the Personal Data Protection Act in India are available here. CLSA’s policies and practices in relation to personal data and the Data Privacy Act of 2012 of the Philippines are available here. CLSA’s policies and practices in relation to personal data and Personal Information Protection Law of the People’s Republic of China are available here. CLSA’s policies and practices in relation to personal data and Personal Data Protection Act B.E. 2562 (2019) in Thailand are available here. As a general policy CLSA values all personal information provided by users of the Site.
1. Introduction
CLSA Limited and/or its Affiliates (“CLSA”, “we”, “us”, “our”) recognize our responsibilities in relation to the collection, use, disclosure and other processing and storage of personal data. We protect data security of our customers, counterparties and potential customers or counterparties by complying with all relevant data protection laws and regulations, and ensure compliance by our staff with strict standards of security and confidentiality.
The objective of this Privacy Policy Statement (“Policy”) is to provide you with information with respect to how we collect and process personal information and sensitive personal information in accordance with applicable data protection laws and regulations. References in this Policy to “we”, “us” and “our” mean, unless the context otherwise requires means, CLSA and its Affiliates (including their representatives and/or agents). “Affiliates” shall mean any legal entities at any time directly or indirectly controlling, controlled by or under common control with CLSA Limited, including but not limited to CITIC Securities International Company Limited and CITIC Securities Co. Ltd.
We ask that you read this Policy carefully as it contains important information regarding the collection, use, disclosure and transfer (within or outside relevant jurisdiction) of Personal Data (as defined below).In addition, this Policy is intended to provide you with sufficient information to enable you to notify and obtain consent from any natural person (a “Relevant Person”) whose Personal Data may have been provided or may be provided by you or your agent to us from time to time.
This Policy supplements but does not supersede or replace any other consents you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which we may have at law to collect, use or disclose your Personal Data.
2. Personal Data
In this Policy, “Personal Data” refers to all kind of personal data or personal information (including any sensitive personal information or special categories of personal data) about you or a Relevant Person, which would identify you or such natural person (as the case may be), or from which such identity can be reasonably and directly ascertained when put together with other information, which are electronically or otherwise recorded, excluding information that has been anonymized.
At CLSA, we collect, save, use, process, disclose, transfer and delete different kinds of Personal Data. Broadly speaking, the Personal Data may include (without limitation) the following:
Type of Personal Data |
Description |
Identification data and authentication data |
Name, date of birth, place of birth, gender, ID/passport number and copies and (if applicable) marital status, family members, tax residence, relationships with politically exposed persons, sample signature, photographs, fingerprint, face recognition information, |
Health |
Health status |
Contact |
Home address, mailing address, telephone numbers, fax number, email address |
Financial |
Employment/business information, bank account information, creditworthiness data, directorships (if applicable), annual income, estimated net worth, source of wealth, source of funds, origin of assets, proof relating to portfolio of financial assets |
Investment |
Investment experience, investment objective, investment target, anticipated level of activity, risk profile, product knowledge |
Services/Transactional |
Details about orders, Instructions, transactions, services, bank accounts, securities accounts, payments and remittances |
Usage |
Information about use of our website, on-line platforms, mobile applications |
Profile |
Usernames and passwords, feedback and survey responses |
Cookies/logs/cache/pixel tags |
A visitor’s name, email address, MAC addresses, IP addresses (and domain names), browser software, types and configurations of his/her browser, language settings, geo-locations, operating systems, referring website, pages and content viewed and durations of visit |
Internal control |
Data from name-screening, credit-checks, background checks, professional qualifications, negative news checks and electronic certification |
Audio visual |
CCTV footage, photographs, tape recordings |
Customer due diligence for the compliance of laws/regulations |
Personal Data collected during customer due diligence, sanctions or anti-money laundering checks, background vetting results, referees and their contact method, potential/existing conflict of interests, correspondence and other communication with us(video and audio record, call log, correspondence and its content) |
CLSA only collects special categories of personal data or sensitive personal information when it is required or permitted to be collected by applicable data protection laws, such as the Relevant Person agrees to our process of such personal information or voluntarily provides us with this information. Such information includes personal information regarding a person’s biometric data, genetic data, religious or philosophical beliefs, political opinions, specific identity, health care, financial accounts, personal whereabouts, personal information of minors under the age of fourteen, trade union membership, data concerning health or data concerning a natural person’s sex life or sexual orientation (the “Sensitive Information”).
Please use your discretion when providing Sensitive Information to CLSA, and under any circumstances, do not provide Sensitive Information to CLSA, unless you thereby consent to CLSA’s process of Sensitive Information for its legitimate business purposes or unless it’s permitted by applicable laws and regulations or court orders. By accepting to this Policy, you are voluntarily and explicitly provide consent to CLSA of processing such Sensitive Information and/or confirm to CLSA that consent of the Relevant Person whose Sensitive Information are received and provided to CLSA for processing has been obtained for purposes described in this Policy. If you have any questions about whether the provision of Sensitive Information to CLSA is, or may be, necessary or appropriate for particular purposes, please contact CLSA at dataprotectionofficer@clsa.com.
3. How We Collect Data
We may collect the Personal Data from you during contact or in the ordinary course of your relationship with us, for example, when you give us your name card or contact details, give instructions, effect transactions through CLSA, transfer funds or securities, operate the account, attend seminars and events, participates in online activities, communicates verbally or in writing with CLSA, or amend /update/correct your Personal Data or other account information.
We may also use various methods to collect Personal Data from you, such as:
Method |
Description |
Direct request |
We request various Personal Data at various stages of our relationship with you. For example, customers are required to provide us with various Personal Data when opening account with us, conducting transactions, or enabling us to conduct various checking. Under certain circumstances, failure to do so may result in CLSA being unable to open or maintain the accounts, effect any transactions, grant or continue margin facilities or provide any services to the customer. |
Electronic |
Our systems will use, transfer, monitor, record and otherwise process communications containing Personal Data passing through our electronic systems, on-line platforms, mobile applications in any form, including emails. |
Correspondence |
We also collect Personal Data when you communicate with us by email/post or other means. |
Telephone |
We may also record our telephone conversations with you for regulatory, internal control, risk management and audit purposes. |
Cookies/logs/cache/pixel tags |
We use cookies / tools on our website and on-line platforms. Cookies are unique identifiers placed on a computer or other device by a web server, which contains information that can later be read by the server that issued the cookie. |
Third party vendors |
We request and receive various Personal Data from third party vendors who provide services regarding name-screening, electronic certification, background checks and credit checks. |
Public sources |
We also access Personal Data through publicly available sources e.g. government registries, professional bodies, regulators, sanction lists, public disclosure portals/data base, social media and services on the Internet. |
4. Purposes for the Collection, Use and Disclosure of Personal Data
Generally, we collect, use, disclose and/or process Personal Data for the following purposes:
a) processing applications for account opening, account closing, account maintenance and closing and operations relating to your account(s);
b) processing your applications or requests for services and/or products;
c) effecting your orders relating, and carrying out your instructions or responding to your enquiries or feedback;
d) providing services and/or products to you, including the services and products of external providers;
e) managing your relationship with us and/or administration of your account with us including (where you act as agent for another party) those of your underlying principals; managing indebtedness and payments between you and us;
f) conducting identity and/or credit checks and assisting other financial institutions to conduct credit check, and carrying out customer due diligence and other checks and screenings and ongoing monitoring that may be required under any applicable Anti-Money Laundering Act, US Foreign Account Tax Compliance Act (FATCA) or any applicable law, regulation or directive or internal policies and procedures of CLSA Limited or its Affiliates (including but not limited to those designed to combat bribery and corrupt practices, money laundering, terrorist financing and financial crime);
g) preventing, detecting and investigating fraud, misconduct or any unlawful activities, whether or not requested by any relevant governmental or regulatory authority, and analysing and managing commercial risks;
h) complying with all applicable laws, regulations, rules, directives, orders, instructions and requests from any governmental, tax, law enforcement or other authorities (whether local or foreign);
i) managing our infrastructure, business operations and employees, and complying with our policies and procedures that may be required by applicable laws and regulations including those relating to risk control, compliance, security, audit, finance and accounting, human resources, systems and business continuity;
j) addressing or investigating any complaints, claims or disputes;
k) developing new services and/or products and updating you on our products and services from time to time;
l) unless you have indicated your preference to opt out, providing you with marketing, advertising and promotional information, materials and/or documents relating to banking, investment, credit and/or financial products and/or services that we may be selling, marketing, offering or promoting, whether such products or services exist now or are created in the future;
m) carrying out research, planning and statistical analysis;
n) organizing promotional events, conferences, seminars, and company visits;
o) enforcing our legal and/or contractual rights against you including, but not limited to, recovering any and all amounts owed to us;
p) providing Personal Data to CLSA’s Affiliates and/or third parties in accordance with applicable data protection laws and this Policy; and
q) all other incidental and associated purposes relating to the above and any other purpose which you may agree from time to time
(collectively, the “Purposes”).
Please understand that the financial services we provide to you are constantly evolving. If you choose to use any other service of which the purposes are not listed above, we will separately explain to you, the purposes, methods, and scope of personal information we collect, through reminders, alerts, interaction with you, agreements entered into with you or other appropriate methods, and obtain your consent for that.
We may collect Personal Data for the above mentioned Purposes directly from you or from other sources (e.g. social media, third party’s online platforms, and other publicly available sources) and through our Affiliates, service providers, business partners, official authorities, or third parties (e.g. third-party custodians, sub-custodians, and partner brokers).
5. The Legal Grounds for Processing Data
We may use your Personal Data for the Purposes as set out above and, for each purpose, based on the following legal grounds, among other things:
a) Performance of a contract – this is when the processing of your Personal Data is necessary in order to perform our obligations under a contract;
b) Legal obligation – this is when we are required to process your Personal Data in order to comply with a legal obligation, statutory functions, or statutory obligations, such as keeping records for tax purposes or providing information to a public body or law enforcement agency;
c) Legitimate interest– Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, which includes for the fraud prevention and network and information security.
d) Public interests – we may process your Personal Data where it is for the performance of a task carried out in the public interest or protection of life, health or assets of natural persons under emergency;
e) Your consent – we process your Personal Data with your consent, and we will only process your Data if you agree to us doing so;
f) Disclosed information – we may process your Personal Data that is disclosed by you or otherwise legally disclosed.
6. Consent
By interacting with us and submitting information to us, or signing up for any products or services offered by us, you represent and agree that:
a)we shall collect, use, disclose and share Personal Data for the Purposes stated in this Policy in accordance with applicable data protection laws;
b) we shall be authorised to disclose such Personal Data to our Affiliates, authorised service providers and relevant third parties in the manner set forth in this Policy and in the applicable data protection laws;
c) we shall be authorized to process your Sensitive Information for the Purposes stated in this Policy;
d) we shall be authorized to disclose your Personal Data outside of relevant jurisdictions in accordance with applicable data protection laws;
e) we shall be allowed to disclose and/or transfer your Personal Data to our Affiliates and other third parties as provided below; and
f) each Relevant Person has consented to our collection, use, disclosure and/or process of his/her Personal Data for the Purposes stated above in accordance with applicable data protection laws, and such Relevant Person has been informed of and has accepted this Policy.
If you do not wish for us to continue to use your Personal Data or the Personal Data provided by you to us for any of the Purposes at any time in the future, you must notify us to withdraw your consent. Depending on the circumstances, your withdrawal of consent may result in our inability to provide you with certain services and/or products that we have been offering to you, and consequently, may result in the termination of your relationship and/or accounts with us if permitted under the applicable laws. The withdrawal of consent will not affect the lawfulness of the collection, use, and disclosure of your Personal Data based on your consent before it was withdrawn.
Where the data protection laws of the relevant jurisdictions permit us to collect, use or disclose the Personal Data without your or the Relevant Person’s consent, such permission granted by law will continue to apply.
7. Disclosure, Sharing and Transfer of Personal Data Overseas
Subject to the provisions of any relevant data protection laws, the Personal Data may be disclosed or transferred to, shared with or processed or kept by the following entities, wherever located, for any of the Purposes:
a) our Affiliates;
b) any nominees in whose name your securities or other assets may be registered;
c) name-screening services/due diligence/data base service providers, electronic certification bodies and their registration authorities, Lightweight Directory Access Protocol service providers and identification agencies;
d) any auditors, contractors, agents, service/solutions providers, software/application developers, banks, fund houses and insurance companies in or outside the relevant jurisdiction, which provide administrative, data processing, financial, computer, telecommunications, information technology, payment, clearing, settlement, professional or other services to CLSA;
e) any professional advisers (including lawyers), agents, counterparties, product issuers/guarantors, dealers, distributors, collective investment schemes and their managers, administrators, investment managers, trustees and custodians, custodial agents, other custodians and agents and any such party’s nominees and affiliates involved in transactions conducted by CLSA on behalf of you;
f) credit reference agencies, and, in the event of default, debt collection agencies;
g) any party giving/proposing to give/who has given a guarantee or third party security to guarantee or secure your obligations;
h) any actual or potential assignee, transferee, participant, sub-participant, delegate, or successor of the rights or business of CLSA;
i) judicial bodies and public or government authorities (which may include regulators, securities exchange or other similar agencies or authorities, tax authorities, hospital authority, social welfare department and other authorities);
j) legal or other professional advisers and agents engaged by CLSA or its Affiliates;
k) any person to whom disclosure is permitted or required by law or any court order;
l) any local or foreign government agencies, regulatory authorities and statutory bodies having jurisdiction over us; and
m) any party in respect of which such disclosure is requested and/or consented by you.
CLSA together with its Affiliates is a global financial institution comprised of multiple offices and affiliated entities in different jurisdictions. In order to meet our legal and regulatory obligations around the world and for the Purposes specified above, your Personal Data may be transferred to or shared across our integrated computer networks with one or more of affiliated offices and other countries that may not be subject to data protection laws similar to those prevailing in the jurisdiction in which such information is provided to or received by us.
Personal Data transferred to another jurisdiction may be disclosed, processed, stored or maintained in accordance with the laws, rules, regulations, guidelines, directives, orders and practices applicable in that jurisdiction. For example, the Personal Data will be stored in Hong Kong and the Mainland China; the Data so stored is subject to the laws, regulations, orders and practices of Hong Kong and the People’s Republic of China.
To the extent that we may need to transfer Personal Data outside the relevant jurisdiction, we shall do so in accordance with the applicable personal data protection law with reasonably practicable monitoring to ensure that we provide an adequate standard of protection to the Personal Data.
8. Rights of the Relevant Persons
Subject to applicable data protection laws, you are entitled to the following rights:
a) Being informed – You have the right to be informed about the collection and use of your Personal Data as stated in this Policy. Upon your request, we will provide you with the CLSA’s policies and practices in relation to the Personal Data which includes the purposes for processing your Personal Data, processing method, our retention policy, and who it will be shared with;
b) Deciding – You have right to decide on the proceeding of your personal information;
c) Access – You have the right to request a copy of the Personal Data that we are processing about you. If you require additional copies, we may need to charge a reasonable fee;
d) Rectification – You have the right to require the correction of any mistake in the Personal Data, whether incomplete or inaccurate, that we hold about you;
e) Erasure – You have the right to require the erasure of Personal Data concerning you. We may delete the Personal Data if:
i) where the purpose of processing has been achieved, unable to achieve, or is no longer necessary to achieve;
ii) where we stop providing products or services, or the agreed storage period has expired;
iii)where your consent has been withdrawn;
iv) where the processes of your Personal Data is in violation of laws, administrative regulations, or the agreement; or
v) any other circumstance as prescribed by laws and administrative regulations,
except that we are required to maintain the Personal Data by applicable laws and regulations or it’s not technically doable in which case we will take necessary safety measures.
f) Portability – You have the right to receive the Personal Data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit that Personal Data to a third party in certain situations;
g) Objection – You have the right to (i) object at any time to the processing of your Personal Data for direct marketing purposes and (ii) object to our processing of your Personal Data where the legal ground of such processing is necessary for legitimate interests pursued by us or by a third party. We will then abide by your request unless we can demonstrate compelling legal grounds for the processing;
h) Restriction of processing – You have the right to request that we restrict our processing of your Personal Data in certain circumstances, except as otherwise provided by any laws or administrative regulation;
i) Withdrawal of consent – If we rely on your consent (or explicit consent) as our legal basis for processing your Personal Data, you have the right to withdraw that consent at any time.
When handling a data access or correction request, CLSA will check the identity of the requestor to ensure that he/she is the person legally entitled to make the data access or correction request. Please address requests for access and/or correction of Personal Data to the Data Protection Officer (contact details below). CLSA may charge a reasonable fee for complying with a data access request.
You and other third parties who provide (or authorize the provision of) Personal Data to CLSA represent and warrant that such Personal Data is true, accurate and complete and shall notify CLSA in writing immediately upon any changes in Personal Data previously provided to CLSA.
9. Direct Marketing
If there are any products or services that CLSA or its Affiliates believe may be of particular interest to you, CLSA or its Affiliates may use your full name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background, investment experience and background, risk profile and demographic data for direct marketing purpose. Where required by applicable law, we will request your prior consent before CLSA or its Affiliates use your Personal Data for marketing purposes. If you do not wish us to use your Personal Data for direct marketing, you may address the opt-out requests to us in the relevant account opening form or other agreement or send such request to us at counterpartycontact.management@clsa.com or as directed in any marketing materials we send to you. However, the right to make such a request is not applicable to you if the direct marketing is addressed to you in your capacity as a representative of a company or business and is not sent to you in your individual or personal capacity.
10. Retention
Personal Data will be held for as long as it is necessary to fulfil the purpose for which it was collected or as required or permitted by applicable laws. We shall cease to retain Personal Data, or remove the means by which the Personal Data can be associated with particular individuals, as soon as it is reasonable to conclude that the purpose for which that Personal Data was collected is no longer being served by retention of the Personal Data and retention is no longer necessary for legal, regulatory or business purposes.
11. Data Security
CLSA has implemented reasonable security measures in accordance with applicable data protection laws to protect Personal Data from risks such as illegal processing, destruction or accidental loss. We use electronic security measures to control access to Personal Data, including the use of passwords, firewalls and mechanisms to encrypt Personal Data, such that the information systems are authenticated and authorized prior to usage. CLSA has applied a record-keeping mechanism to maintain relevant records when processing or using Personal Data, such as recording the purpose of processing, the type of Relevant Person and the data recipient. We shall implement internal reviews on Personal Data transfer and conduct regular random checks on Personal Data transmission, organization, information systems and network security structures. CLSA has also taken reasonable measures to secure and control the physical security of Personal Data or other confidential information, including but not limited to: fire prevention; prevention of smoke and water damage, fire and emergency alarm systems, password-locked files, protective devices or other equipment to prevent loss or unauthorized deletion of manually saved data, restricted access to prevent unauthorized access to Personal Data and documents.
While we strive to protect your Personal Data, we cannot ensure the security of any Personal Data which you may have transmitted to us via methods using an unsecure browser, and we urge you to take every precaution to protect your Personal Data and use a secure browser.
12. Updates to the Data Protection Policy
We may update this Policy to ensure that it is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. Such changes will be posted on our website.
Such changes to our Policy shall apply from the time that we post the same on this website https://www.clsa.com/privacy-policy-statement/ and/or https://www.clsa.com/terms-of-business/. Your continued use of our service will be taken as acceptance of and consent to the updated Policy.
13. Cookies
A cookie is an alphanumeric identifier which we transfer to your hard drive through your web browser when you visit our website. It enables our own system to recognise you when you visit our website again and improve our service to you. The information is used to track visitor use of the website and to compile statistical reports on website activity. For further information about cookies visit www.aboutcookies.org or www.allaboutcookies.org. Cookies may also be used to compile aggregate information about areas of our website that are visited most frequently. This traffic information can be used to enhance the content of our website and make your use of it easier. If you wish to reject our cookie, you can configure your browser to do so. However, in a few cases some of our website features may not function if you remove cookies from your browser.
14. Third Party Websites
We have not reviewed any of the websites linked by our website. We will not be responsible for the content of any other websites or pages linked to or linking to our website and usage of any of such linked websites or pages. Such links are provided solely for your convenience and information. Following links to any other websites or pages shall be at your own risk. You are advised to check the privacy statements of those websites to understand their policies on the collection, usage, transfer and disclosure of personal data.
Contacting Us
For any queries, clarifications, questions or comments about the collection, use or disclosure of your Personal Data or this Policy, you may contact us at the address below referencing ‘Data Protection Policy’:
Data Protection Officer
18/F One Pacific Place
88 Queensway
Hong Kong
Tel: 26008888
Email: dataprotectionofficer@clsa.com
Code of conduct
While using this Site, you agree not to, by any means (including hacking, cracking or defacing any portion of the Site):
a) Restrict or inhibit any authorised user from using this Site;
b) Use the Site for unlawful or unpermitted purposes;
c) Harvest or collect information about Site users without their express consent;
d) “Frame” or “mirror” any part of the Site without our prior authorisation;
e) Engage in spamming, flooding, scraping (through automated bots or otherwise);
f) Transmit any software or other materials that contain any virus, time bomb, or other harmful or disruptive component;
g) Remove any copyright, trademark or other proprietary rights notices contained in the Site;
h) Use any device, application or process to retrieve, index, “data mine” or in any way reproduce or circumvent the navigational structure or presentation of the Site;
i) Permit or help anyone without access to the Site to use the Site through your username and password or otherwise.
Password agreement
You represent and agree that:
a) Your password is personal to you and you will ensure that this password is known only to you and shall not be made available to any other person;
b) You understand that sharing such password may compromise security of your personal information;
c) You are obligated to discontinue use of your password and advise CLSA if you leave or are discharged from your present employer;
d) Any use of your password after such departure will be a violation of this agreement.
Copyright and trade mark notice
Unless specifically indicated otherwise, the pages and contents of this Site including the layout of the Site and all text, graphics, icons, photographs, videos, images, illustrations, compilations and other material on the Site are the copyright of CLSA or are protected under third party copyright. Reproduction or other use of works retrieved from this Site in all forms, media and technologies now existing or hereafter developed is subject to the Hong Kong Copyright Ordinance (Chapter 528, Laws of Hong Kong) and equivalent legislation around the world. A single copy of material on this Site may be downloaded and/or reprinted for non-commercial and personal use only and may not be distributed to third parties. Any downloaded or reprinted material may not be altered in any way and must contain the following copyright notice: “© CLSA Limited 2021 (or the year in which the work is created) All rights reserved” and or any other copyright notice contained on the downloaded material.
No other permission is granted to you, or anyone acting on your behalf, to print, copy, reproduce, distribute, transmit, upload, download, store, display in public, alter, or modify the content of this Site. Any unauthorised downloading, re-transmission or other copying or modification of the content of this Site or any other use than that described above is strictly prohibited by law.
“CITIC”, “CLSA”, “CLSA Asia-Pacific Markets” and all of CLSA’s other trademarks, names, icons, logos and service marks appearing on the Site are registered and proprietary trademarks of CLSA, the use of which without express written permission is strictly prohibited.