1. General
1.1. This Privacy Notice for Corporates (“Privacy Notice”) sets out the Bank’s responsibilities to a Client in relation to the Client’s Personal Data collected by or within the possession or control of the Bank.
2.2. The Bank’s rights under this Privacy Notice are without prejudice to other rights of collection, use, and disclosure available to the Bank pursuant to the Account Terms or Applicable Law, and nothing herein is to be construed as limiting any of these other rights.
2. Collection of Personal Data
2.1. The Bank may collect the Personal Data of a Client or any individual related to a Client (including, without limitation, a Client’s beneficial owners, directors, employees, or authorized representatives) (each, a “Data Subject”) at various times in the course of any interaction between a Data Subject and the Bank.
2.2. Where Personal Data is provided to the Bank on behalf of a Data Subject, the person so providing the Personal Data (the “Provider”) is deemed to have obtained the consent of the Data Subject to the Bank receiving the Personal Data for the purpose(s) applicable in the particular instance. The Provider is responsible for promptly informing the Bank of any changes to Personal Data it previously provided or the withdrawal of the Data Subject’s consent to providing its Personal Data to the Bank. Such an event may prevent the Bank from continuing to provide any product or service to the Client, and may be construed as a termination of any contractual relationship between the Client and the Bank or a breach of the Client’s obligations towards the Bank.
2.3. The Bank is not responsible for any loss or damage sustained by the Data Subject, Provider, or any Client if the Personal Data was provided in a manner that was not in fact authorized by or agreed to by the Data Subject, or the Personal Data so provided was incomplete, inaccurate, or false.
2.4. The Bank collects the Personal Data of Data Subjects for purposes including:
a) processing the Client’s application for any of the products or Services offered or distributed by or through the Bank;
b)providing or arranging for the provision to the Client (or other person as appropriate) of the products or Services that the Client has applied for, requested, or instructed the Bank to perform;
c) evaluating the credit and eligibility profile of a Client or other Data Subject as relevant from time to time;
d) complying with its obligations under Applicable Law (including its obligations in relation to anti-money laundering and countering the financing of terrorism);
e) complying with the Bank’s or the Mandiri Group’s internal policies and procedures
f) performing bank account verification Services for paying organizations;
g) generating financial, regulatory, management or other related reports and performance of analytics;
h) preventing, detecting, or investigating suspected or actual criminal conduct, offences, or breaches of Applicable Law;
i) obtaining professional advice including, without limitation, tax, legal, financial or other professional advice;
j) handling feedback or complaints;
k)maintaining the security of any of the Bank’s premises by such methods as the Bank considers appropriate (including the use of security cameras);
l) facilitating any proposed or actual assignment, transfer, participation, or sub-participation in any of the Bank’s rights or obligations in respect of its relationship with a Client; and
m) any other purposes that are reasonably related to any of the purposes set out in this clause 2.4.
3. Disclosure of Personal Data
The Bank may disclose Personal Data to a third party where:
a) doing so is necessary to provide (whether directly or through a third party) any product or service to the Client or to respond to the Client;
b) the Client has expressly or implicitly consented to such disclosure, or may reasonably be deemed to have consented to such disclosure;
c) necessary for the operation of the Services, the Bank’s website, or the Bank’s internal processes;
d) required by any government, statutory, or regulatory authority that has supervisory jurisdiction over the Bank, or to comply with any Applicable Law, court order, directive, or proceeding of such authority;
e)the Bank believes, in good faith, that doing so will be appropriate or necessary for it to investigate and defend against any third-party claims or allegations, or prevent or stop any illegal activity, security breaches, or harm to the Bank’s interests or employee(s);
f) the Bank is the subject of a takeover and a Data Subject’s Personal Data forms part of the Bank’s assets to be transferred to the acquiring entity;
g) the Client discloses any Personal Data to third parties in the course of its relationship with the Bank;
h) a Client applies for or holds a co-brand product that the Bank offers jointly with another person and the Bank is required to disclose the Personal Data to such person for purposes of marketing, or promoting that co-brand product or other any product that the other person considers to be of interest to the Client;
i)such disclosure would facilitate the conduct of any market research, surveys, or data analysis relating to any service or product provided by us (whether conducted by the Bank or jointly with another party) which may be relevant to the Client; or
j) the Bank would require such information in order to market or promote to a Client any product, service, offer, or event of its own or any of its business partners where the Bank considers that the same is likely to be of interest to the Client.
4. Transfer, storage, and retention of Personal Data
4.1. Personal Data collected in accordance with this Privacy Notice may be transferred, stored, or processed outside of Singapore. The Bank will comply with its obligations under Applicable Law, including the Personal Data Protection Act 2012 (the “PDPA”) and its regulations, in relation to Personal Data so transferred, stored, or processed for as long as and to the extent that the Personal Data remains in its possession or control.
4.2. The Bank will take reasonable steps to ascertain and ensure that where Personal Data will be moved out of Singapore, it will be to a jurisdiction that mandates a comparable level of security to the Personal Data as that required under the PDPA. However, if Personal Data must necessarily be transferred to, stored, or processed in a jurisdiction that has less stringent personal data protection laws than Singapore in order to provide the Client with any product(s) or service(s) requested, the Client will be deemed to consent to such transfer, storage, or processing in providing Personal Data to the Bank. The Client may at any time inform the Bank in writing that it wishes to withdraw its consent to such transfer, storage, or processing of the Personal Data.
4.3. The Bank will retain all Personal Data collected for as long as reasonably necessary for any legal, compliance, business, or other purpose or as prescribed under Applicable Law in relation to data and record keeping.
5. Rights of Data Subjects
5.1. Every Data Subject has the right to request access to such of its Personal Data that is in the Bank’s possession or control, and to have any inaccuracies in their own Personal Data corrected in certain circumstances as set out in the PDPA. Data Subjects may exercise this right by contacting the Bank at the mailing address 12 Marina View #19-01 Asia Square Tower 2 018961 or through the main hotline at 6213 5688. The Bank reserves the right to charge a reasonable fee for processing each request for data access or correction.
5.2. Every Data Subject also has the right to withdraw its consent to the collection, use, storage, transfer, processing, or disclosure of its Personal Data at any point in time by notifying the Bank at the mailing address 12 Marina View #19-01 Asia Square Tower 2 018961 or through the main hotline at 6213 5688.