This Notice Concerning the Processing of Personal Information (the "Notice") explains how JPMorgan Chase China (see Appendix 1 for specific entities, collectively referred to as "we", "us", "our" or the “Bank”) to collect, use, disclose, transfer, externally provide or otherwise process your Personal Information online and offline in connection with our provision of products and services to clients, acceptance of products and services from vendors, or other activities. In this Notice, clients, vendors and/or other relevant Personal Information providers are collectively referred to as "you" or "your".
This Notice supplements the J.P. Morgan China Terms and Conditions on Processing Client Information (see the website https://www.jpmorganchina.com.cn/en/terms-and-conditions-on-handling-client-information, or other URLs/statements that we inform you from time to time for details) (the "TC") and the relevant legal documents we sign with you, and all applicable notices, rules and other materials related to the collection, use, processing, storage, disclosure, and external provision of Personal Information provided by us (collectively referred to as the "Relevant Agreements”). Unless otherwise defined in this Notice, the terms defined in the TC and other Relevant Agreements shall have the same meaning when used in this Notice.
This Notice is provided in both Chinese and English. For any discrepancy between the two versions, the Chinese version shall prevail. In case where there is any inconsistency between this Notice as well as other Relevant Agreements and applicable laws and regulations, such documents shall be deemed to have been amended to the extent necessary to comply with applicable laws and regulations.
Collection and use of Personal Information
We collect Personal Information that is related to our business, required to fulfill statutory obligations, or permitted to be collected by other applicable laws and regulations. Appendix 2 of this Notice sets out the types of Personal Information we collect and the purposes of collection, etc. We will collect and use Personal Information in accordance with the purposes and methods set out in Appendix 2 of this Notice or the Relevant Agreements we sign with you or the Relevant Person. Unless otherwise restricted by applicable laws or regulations, we may collect Personal Information directly or indirectly through communications and interactions with you and related entities, any of respective representatives, Relevant Persons, and/or any other party that we reasonably believe has a legitimate right to share Personal Information with us. If you fail to provide such Personal Information, we may not be able to provide you with the relevant products or services (or any part thereof), use the relevant products or services (or any part thereof) provided by you or conduct other corresponding activities, or comply with any applicable laws, regulations or guidelines and norms of regulatory bodies (or other competent authorities).
For conducting financial business for you, or for accepting or using your products or services, we will reasonably collect, use, process, store, disclose, externally provide or otherwise process the Personal Information of the Relevant Person(s) for the purposes set out in Appendix 2 or in accordance with the Relevant Agreements we sign with you, subject to your confirmation that you have obtained the consent of the Relevant Person(s) or under the circumstances expressly stipulated by laws and regulations. Nevertheless, you understand that in accordance with applicable laws and regulations, we do not need to obtain your or Relevant Person’s consent to collect, use or otherwise process Personal Information in each of the following scenarios:
Export, external provision, entrusted processing, disclosure, and transfer of Personal Information
We undertake to protect the confidentiality and security of Personal Information in accordance with relevant laws, regulations and regulatory requirements.
As part of a global financial institution, we provide products or services, receive products and services from vendors, or conduct other activities through globally deployed resources and applications. Accordingly, for the purposes stated in this Notice or Relevant Agreements, Personal Information may be transferred to the onshore regions or offshore jurisdictions where our relevant entities or vendors etc. are located, or accessed from these regions or jurisdictions. You agree and authorize us to entrust the processing of Personal Information to our relevant entities and vendors, or provide Personal Information to our relevant entities and vendors. We will assess the legality, legitimacy and necessity of providing Personal Information in accordance with the requirements of laws and regulations, and urge our relevant entities and vendors to process the Personal Information provided by you in accordance with the laws, relevant regulatory requirements and as agreed in this Notice and the Relevant Agreements.
When required by applicable laws and regulations, we will inform you of matters related to our provision of Personal Information to our relevant entities, vendors and other third parties, including the name, contact information, processing purposes and methods of the recipients, type of Personal Information to be processed, and, if it involves data offshoring, the manner and procedure for exercising your relevant rights to the offshore recipients (for specific information of the recipients, please refer to Appendix 3 and Appendix 4 of this Notice), and obtain the separate consent of Relevant Person(s) through you.
In the case that we entrust the processing of Personal Information to relevant entities and/or vendors, we will clearly stipulate with the entrusted organization the purposes, period, processing methods, types of Personal Information to be processed, protection measures, etc., of the entrusted processing in accordance with the requirements of laws and regulations, and supervise the Personal Information processing activities of the entrusted organization and require it not to process Personal Information beyond the agreed processing purposes and methods. If the entrustment contract is invalid, void, revoked or terminated, we will request the entrusted organization to return, delete or anonymize the Personal Information in accordance with the contract.
In addition, we may, in accordance with laws and regulations or agreements, transfer relevant Personal Information in connection with any reorganization (including the establishment of new, locally incorporated entities in China and the transfer of existing businesses in China to such new locally incorporated entities), merger, sale, liquidation, joint venture, assignment, transfer or other disposition of all or part of our business, assets or stocks (including in connection with any bankruptcy or similar proceedings). In such cases, we will inform you of the name and contact information of the recipient and request the recipient to continue to abide by and perform this Notice and/or the Relevant Agreements, and to obtain your consent again if the recipient changes the original purposes or methods of processing.
We will not publicly disclose Personal Information of the Relevant Person unless you confirm that you have obtained the separate consent from the Relevant Person or we are required to do so by laws or regulations, or administrative, judicial or regulatory authorities, etc.
Storage period of Personal Information
We will retain Personal Information only within the period required by laws and regulations and necessary to achieve the purposes stated in this Notice or the Relevant Agreements. We will delete or anonymize the Personal Information retained beyond such period. If the deletion or anonymization of Personal Information is technically difficult to achieve, we will not perform any further processing other than storing and taking the necessary safety protection measures.
Rights related to Personal Information
Updates to this Notice
We may change this Notice and its corresponding appendices from time to time in accordance with applicable laws and regulations, changes in regulatory policies and for service operation needs, or if there are changes in the purpose of processing Personal Information, the manner of processing and the types of Personal Information to be processed. We will follow the time limit for announcement and update method (if any) required by laws and regulations, and inform you of the update of the above contents in a timely manner by providing an updated version on this Notice page or by sending you a notice. You should pay attention to the changes in the relevant contents of this page, related announcements, alert messages and Relevant Agreements or rules from time to time. If you have any questions about the content of such updates, please contact us. If you continue to use our products or services, or continue to provide products and services to us, you are deemed to agree to accept such updates.
Contact us
If you have any questions about this Notice, or you would like to exercise your rights conferred by applicable laws and regulations, or you have any other suggestions and comments, please contact the JPMorgan China Chief Data Office:
JPMorgan China Chief Data Office
Address: 47th Floor, Shanghai Tower,
No. 501, Yincheng Middle Road,
Pudong New Area, Shanghai, China
Post code: 200120
Email address: China.Privacy.Office@jpmchase.com
After accepting your question, we will promptly and properly handle it in accordance with the requirements of laws and regulations.
Appendix 1 JPMorgan Chase China Entity
Name |
Address and Contact Information |
JPMorgan Chase Bank (China) Company Limited |
Floor 19, Yinglan International Financial Center, No. 7 Financial Street, Xicheng District, Beijing, PRC |
Appendix 2 Personal Information Collection and Use List
Please note: JPMorgan Chase Bank (China) Company Limited only conducts corporate business, and all clients of the Bank are institutional clients (including companies, enterprises, institutions and other entities).
Business Scenario |
Collection Purpose |
Collection Method |
Types and Fields of Information Collected |
When you apply for and conduct business with the Bank as a client or applicant, including but not limited to opening bank accounts, making deposits, collection and payment of money, transfer, account services, cash management, foreign exchange trading, trade financing, bond underwriting, loan business, custody business, bond settlement agency business, derivatives products, structured products, financial transactions, purchase of investment, wealth management and fund products, as well as using other financial products and services provided by the Bank |
For clients or applicants to apply for and conduct the Bank’s business; and to maintain proper and secure operation of banking business and services, and to prevent and control banking related risks |
Inputted directly into our systems (e.g., corporate online banking) or provided to us through mail, email, SWIFT or other means of communications by clients or applicants (or third parties with their consent) |
(1) Personal identity information, including name, gender, nationality, copy of ID certificate, type/number/validity period of ID certificate, name of employer, job position, relationship with relevant clients (such as employment relationship, shareholding and investment relationship), telephone number, E-mail address, contact information, date of birth, place of birth, address, work address, photo, personal virtual identity and authentication information (e.g., login credentials for accessing corporate banking websites and applications), and any relationships with politically exposed person or senior management personnel of international organizations and relevant information; (2) Personal biometrics information, including signature, handwriting, portrait, fingerprint and voice; (3) Personal credit information, including personal property and sources of funds, litigation, investigation and penalty information, and other information that can reflect personal credit status; (4) Personal information involved in relevant investigations, including personal information collected for clients’ due diligence purpose, sanctions and anti-money laundering investigations; (5) Other information acquired during the establishment and maintenance of business relationship in order to fulfill contractual, legal and regulatory compliance obligations, including personal information contained in customer files; personal information necessary to detect and investigate any suspicious and unusual activities; correspondence and other communication records with us (including video or audio records, call records, communication records and contents), type, identifier, code, hardware serial number, operating system version, software version, IP address and network service provider etc. of the device you use.
|
When you introduce a guarantor, third-party security or other credit support for obligations owed (or potentially owed) to us as the applicant or client |
To provide or propose to provide guarantee or other credit support for the obligations owed (or potentially owed) to us by applicants or clients; and to maintain proper and secure operation of banking business and services, and to prevent and control banking related risks |
Inputted directly into our systems (e.g. corporate online banking), or provided to us through mail, email, SWIFT or other means of communications by applicants or clients (or third parties with their consent) |
(1) Personal identity information, including name, gender, nationality, copy of ID certificate, type/number/validity period of ID certificate, name of employer, job position, relationship with relevant clients (such as employment relationship, shareholding and investment relationship), telephone number, E-mail address, contact information, date of birth, place of birth, address, work address, photo, personal virtual identity and authentication information (e.g., login credentials for accessing corporate banking websites and applications), and any relationships with politically exposed person or senior management personnel of international organizations and relevant information; (2) Personal biometrics information, including signature, handwriting, portrait, fingerprint, and voice; (3) Personal credit information, including personal property and sources of funds, litigation, investigation and penalty information, and other information that can reflect personal credit status; (4) Personal information involved in relevant investigations, including personal information collected for due diligence purpose, sanctions and anti-money laundering investigations; (5) Other information acquired during the establishment and maintenance of business relationship in order to fulfill contractual, legal and regulatory compliance obligations, including personal information contained in customers’ files; personal information necessary to detect and investigate any suspicious and unusual activities; correspondence and other communication records with us (including video or audio records, call log, communication records and contents), type, identifier, code, hardware serial number, operating system version, software version, IP address and network service provider etc. of the device you use.
|
When you or the Relevant Person(s) are a related person of clients or applicants of the Bank (for the purpose of this Notice, a related person refers to any person who has a relationship with our clients or applicants, including but not limited to a director, supervisor or employee of a company, partners or members of a partnership, shareholder, substantial owner, controlling person, or beneficial owner, trustee, settler or protector of a trust, account holder of a designated account, receiver of a designated payment, representative, agent or nominee of the account holder, or the principal when the account holder is acting as an agent |
To provide banking products/services to or conduct business with relevant clients; and to maintain proper and secure operation of banking business and services, and to prevent and control banking related risks |
Inputted directly into our systems (e.g., corporate online banking), or provided to us through mail, email, SWIFT or other means of communications by applicants or clients (or third parties with their consent) |
(1) Personal identity information, including name, gender, nationality, copy of ID certificate, type/number/validity period of ID certificate, name of employer, job position, relationship with relevant clients (such as employment relationship, shareholding and investment relationship), telephone number, E-mail address, contact information, date of birth, place of birth, address, work address, photo, personal virtual identity and authentication information (e.g., login credentials for accessing corporate banking websites and applications), any relationship with politically exposed person or senior management personnel of international organizations and relevant information; (2) Personal biometrics information, including signature, handwriting, portrait, fingerprint, voice; (3) Personal credit information, including personal property and sources of funds, litigation, investigation and penalty information, and other information that can reflect personal credit status; (4) Personal information involved in relevant investigations, including personal information collected for clients’ due diligence purpose, sanctions and anti-money laundering investigations; (5) Other information acquired during the establishment and maintenance of business relationship in order to fulfill contractual, legal and regulatory compliance obligations, including personal information contained in clients’ files; personal information necessary to detect and investigate any suspicious and unusual activities; correspondence and other communication records with us (including video or audio records, call log, communication records and contents), type, identifier, code, hardware serial number, operating system version, software version, IP address and network service provider etc. of the device you use.
|
When you are our vendor or proposed vendor |
To use or accept the products and services provided by the vendors (or proposed vendors); and to maintain the proper and secure operation of banking business and services, and to prevent and control banking related risks |
Inputted directly into our systems or provided to us by mail, email or other means of communications by vendors or proposed vendors (or third parties with their consent) |
(1) Personal identity information, including name, gender, nationality, copy of ID certificate, type/number/validity period of ID certificate, name of employer, job position, relationship with relevant clients (such as employment relationship, shareholding and investment relationship), telephone number, E-mail address, contact information, date of birth, place of birth, address, work address, photo, personal virtual identity mark and authentication information (e.g., login credentials for accessing corporate banking websites and applications), any relationship with politically exposed person or senior management personnel of international organizations and relevant information; (2) Personal biometrics information, including signature, handwriting, portrait, fingerprint, voice; (3) Personal credit information, including personal property and sources of funds, litigation, investigation and penalty information, and other information that can reflect personal credit status; (4) Personal information involved in relevant investigations, including personal information collected for vendor’s due diligence purpose, sanctions and anti-money laundering investigations; (5) Other information acquired during the establishment and maintenance of business relationship in order to fulfill contractual, legal and regulatory compliance obligations, including personal information contained in vendor files; personal information necessary to detect and investigate any suspicious and unusual activities; correspondence and other communication records with us (including video or audio records, call log, communication records and contents), type, identifier, code, hardware serial number, operating system version, software version, IP address and network service provider etc. of the device you use. |
Appendix 3 Domestic Personal Information Sharing List
Name of the Domestic Recipient |
Contact Information |
Purposes of Sharing |
Methods of Sharing |
Types of Personal Information |
Shanghai Tongguan Enterprise Management Co., Ltd. |
Ms. Shen YanLei |
Mail delivery service |
Labels with recipients Information |
Name, telephone number and address information |
Shanghai Quanxinda Express Co., Ltd. |
Mr. Wu |
Mail delivery service |
Posting form |
Name, telephone number and address information |
NCSI (Shanghai) Co., Ltd. |
Jia Qin Guo |
For service providers to provide contract staffs to support the internal operational processing activities |
Internal system business data processing |
Name, telephone number, and email |
Hangzhou BestSign Network Technology Co., Ltd. |
Jane Liu 400 993 6665 |
Document Electronic Signature Service |
Service provider’s website |
Name and email |
Appendix 4 List of Cross-border Transfers of Personal Information
Name of the Offshore Recipient |
Contact Information |
Purposes of Processing |
Methods of Processing |
Types of Personal Information |
Methods and Procedures for Exercising rights |
JPMorgan Chase & Co. (and its branches and affiliates) |
US: +1 212 270 6000 UK: +1 212 270 6000 HK: +852 2800 1000 SGP: +65 6882 2888 |
To provide banking products/services to or conduct business with clients/applicants To use or accept the products and services provided by the vendors (or proposed vendors)
To maintain proper and secure operation of banking business and services, to prevent and control banking-related risks
|
Transfer via server |
(1) Personal identity information, including name, gender, nationality, copy of ID certificate, type/number/validity period of ID certificate, name of employer, job position, relationship with relevant clients/vendors (such as employment relationship, shareholding and investment relationship), telephone number, E-mail address, contact information, date of birth, place of birth, address, work address, photo, personal virtual identity mark and authentication information (e.g., login credentials for accessing corporate banking websites and applications), any relationship with politically exposed person or senior management personnel of international organizations and relevant information; (2) Personal biometrics information, including signature, handwriting, portrait, fingerprint and voice; (3) Personal credit information, including personal property and sources of funds, litigation, investigation, penalty information, and other information that can reflect personal credit status; (4) Personal information involved in relevant investigations, including personal information collected for client’s or vendor’s due diligence purpose; (5) Other information acquired during the establishment and maintenance of business relationship in order to fulfill contractual, legal and regulatory compliance obligations, including personal information contained in customer/vendor files; personal information necessary to detect and investigate any suspicious and unusual activities; correspondence and other communication records with us (including video or audio records, call log, communication records and contents), type, identifier, code, hardware serial number, operating system version, software version, IP address and network service provider etc. of the device you use. |
You may contact JPMorgan Chase & Co. directly through the contact information listed to exercise your rights, or you can contact JPMorgan Chase China to assist you in exercising your rights through the contact information specified in the "J.P. Morgan China Terms and Conditions on Processing Client Information" or in this Notice. |