1. It is a legal requirement for Sumitomo Mitsui Banking Corporation Singapore Branch (the "Bank") to comply with the Personal Data Protection Act ("PDPA"). It is also the Bank's policy to comply with the PDPA.
  2. The Bank may, from time to time in the ordinary course of business and for compliance with legal and regulatory requirements, collect, use, disclose, transfer and retain personal data (as defined in the PDPA). This may include personal data you provide to us, personal data from transactions performed by you or on your behalf or personal data from other entities or persons. Where you are an entity, it will also include personal data of your directors, partners, officers, employees and agents. If we do not receive this information, we may not be able to provide you with the products or services you have requested.
  3. The purposes for which personal data may be collected, used, disclosed or retained include (but are not limited to) the following:

    1. establishment, provision and conduct of day to day operation of services or facilities provided to you, including processing and other administrative functions related thereto in Singapore or elsewhere
    2. provision of research or industry reports, presentation materials and other information relating to financial products and services or financial markets
    3. audit, risk management and compliance with laws and regulations, both locally and globally. This includes credit and exposure reviews, conducting or responding to credit/creditworthiness checks, conducting or responding to conflict of interest checks, Know Your Customer and Anti Money Laundering/Combating of Terror Financing verification of identity and due diligence, prevention of fraud or other potential criminal activity, assisting other organizations to do the above and/or providing credit references and/or providing reports and information to credit reporting agencies or credit bureaus
    4. arranging credit support or insurance coverage for financial products or services
    5. determining the amount of indebtedness owed to or by a customer
    6. designing and/or promoting and/or improving and/or monitoring financial products or services of the Bank, the Bank's group companies and/or third party entities, as well as assessing suitability and needs for products and services
    7. introduction of our product or services partners or persons with whom we have alliances
    8. maintenance, review and development of systems, procedures and infrastructure including our computer systems
    9. enforcement/collection of obligations including amounts owed by customers or by any credit support provider or insurer
    10. provision of electronic banking services including fund transfers and conduct of transactions or transaction related activities via electronic platforms
    11. performance of our roles and responsibilities in relation to products or services made available to you, including preventing the misuse of our services or facilities
    12. meeting any order of court or tribunal, legal and regulatory requirements under any law (including regulatory reporting), or as requested by local or foreign government, regulatory or similar authority or agency having jurisdiction over the Bank, any of its branches or other members of the Bank's group of companies
    13. handling enquiries, audits, complaints, investigations and/or legal proceedings
    14. enabling actual or potential assignees, transferees or any person who may enter into contractual relations with the Bank in relation to the Bank's rights and/or obligations under or in connection with an agreement or transaction with you to evaluate the transaction, rights or obligations of the Bank
    15. day to day operations of the Bank, including for security purposes
    16. central management and storing of data
    17. all other incidental and associated purposes relating to any of the above
    18. any other purpose agreed with you

    Information disclosed as above may be further disclosed by recipients to other parties (including those outside of Singapore) in accordance with the laws of the country of the recipient.

  4. Personal Data held by the Bank will be kept confidential. However we or a recipient of the personal data may disclose the personal data in or outside Singapore as may be necessary including:

    1. as agreed with you
    2. to any person as required or permitted by law or regulation or order of court or tribunal (including under the Banking Act of Singapore) or as provided in Paragraph 3 above
    3. to our holding company, head, representative and branch offices and any of our related corporations or affiliates in any jurisdiction;
    4. to any authority in any jurisdiction, including any central bank or other fiscal or monetary authority and any person involved in enquiries, audits, complaints investigations or proceedings
    5. to any party that has provided security or credit support or assurance for your obligations and any party who is participating in any product or service made available to you
    6. to any actual or potential assignees, transferees or any person who may enter into contractual relations with the Bank in relation to the Bank's rights and/or obligations under or in connection with an agreement or transaction with you
    7. to our agents, contractors, auditors and service providers and their sub-contractors (including but not limited to any host server or storage provider), auditors or professional advisers(and any others to whom they may make further disclosure), wherever located or wherever performing services
    8. to our stationery printer and storage provider (including, without limitation, any provider of microfilm service, archival service or other storage facility) (and any others to whom they may make further disclosure) for the purpose of making, printing, mailing, storing, archiving, microfilming and/or filing cheques, statements of account, advices, transaction records and other documents, data or records
    9. to any person in connection with any legal action taken or contemplated in relation to any agreement, product, service or transaction with you or any party that has provided security or credit support for your obligations
    10. to insurers, reinsurers, insurance brokers and their respective related entities, auditors, advisers and service providers, in each case arising from or in connection with the provision of credit support or insurance
    11. to any person we are under a duty to disclose the information
    12. to any person (and any others to whom such person may make further disclosure) for the purpose of giving effect to any transaction with or for you or in connection with the provision of banking products or services (including via electronic platforms or electronic banking services) (including, without limitation, any agent, correspondent, intermediary or beneficiary in a transaction)
    13. to persons with whom we have arrangements or alliances for promoting or using their products or services
    14. to any credit bureau or credit reporting agency
    15. to your authorized agents, executors, administrators or legal representatives
    16. to a receiver or manager, trustee, administrator, judicial manager, trustee, liquidator or person holding a similar position
    17. any other banks, financial institutions or credit agencies or credit bureaus or the external auditors for the purposes of verifying information, for fraud detection, anti-money laundering or combating terrorism financing purposes, for legal or regulatory purposes
    18. trade repositories, clearing houses and counterparties to transactions

    Information disclosed as above may be further disclosed by recipients to other parties (including those outside of Singapore) in accordance with the laws of the country of the recipient.

  5. We may manage, store and process account and transaction information (including personal data) centrally. Your personal data may be processed and stored in another country or by other entities. Unless we are able to manage, store and process your personal data in such a manner, we may be unable to handle your banking and other transactions.

    Our employees and immediate service providers are subject to confidentiality obligations and applicable laws which relate to confidentiality and privacy of personal data which are generally comparable with the standard of protection accorded to personal data under the PDPA.

  6. Where personal data of any individual (including your directors or other officers or employees or agents, shareholders or beneficial owners) is provided to us, you represent and warrant to us that each of them has consented to the disclosure of such personal data to us, and the collection, use, disclosure, transfer and retention of their personal data (including outside Singapore) by us for and/or incidental to the purposes specified above and that you are authorized to obtain and notify us of that consent and that you shall maintain the same.

  7. Under the PDPA, you have the right to:

    1. access any personal data about you that the Bank possesses or controls subject to the applicable exceptions under the PDPA
    2. require the Bank to correct any personal data relating to you which is inaccurate subject to the applicable exceptions under the PDPA
    3. request to be provided with information about the ways in which such personal data has or may have been used or disclosed within the year before the request. However, in certain circumstances or in respect of certain types of personal data, organizations are prohibited from granting such access or may choose whether or not to provide such access

    In accordance with the PDPA, the Bank has the right to charge a reasonable fee for processing any request to access personal data and/or for disclosure and use information.

    A request must contain the following information (i) applicant's name and identification number (ii) the personal data for which access, disclosure and use and/or correction is being sought. The Bank will inform you of the applicable fee to be paid and endeavor to process the request within 30 days of receipt. In the event the Bank is not able to process the request within 30 days of receipt, the Bank will inform you within the 30 days of the date the Bank will be able to process the request.

    The Bank may decline any request to access Personal Data that is exempt under the PDPA or to change any record where the Bank believes the data to be accurate or if you do not agree to pay the processing fee. In such a case, Bank will advise you of the outcome within 30 days from the date of receipt of the request for access or correction.

  8. We will retain personal data for as long as required or as permitted by law. Some personal data will be kept for longer periods than others. Without affecting the generality of the statement hereabove, any consent given in relation to personal data shall, subject to all applicable laws and regulations, survive death, incapacity, bankruptcy or insolvency and your employment with the Bank.

  9. Under the PDPA, you may withdraw your consent for the use of your personal data. If you fail to provide personal data reasonably requested by us and/or withhold or withdraw your consent for use, disclosure, transfer or retention of personal data, we may be unable to provide all or a part of the products or services made available to you. A notice of withdrawal of consent will be processed and effected within 30 days of receipt. The notice shall contain the applicant's name, and identification number and identify the personal data and purpose of use for which consent is being withdrawn.

  10. Queries on the Bank's personal data protection policies and requests pursuant to Paragraph 7 above should be made in writing and addressed to:

    Personal Data Protection Officer
    Kenji Takahashi
    c/o Legal & Compliance Department Asia Pacific Division
    Sumitomo Mitsui Banking Corporation Singapore Branch
    3 Temasek Ave
    #06-01 Centennial Tower
    Singapore 039190
    Email Address
    kenji_takahashi@sg.smbc.co.jp (cc: anjali_mohan@sg.smbc.co.jp)
    Telephone Number
    6705 1001

  11. This data protection policy was last updated in March 2022.