MetLife strongly believes in protecting the confidentiality and security of your personal data. This document is referred to as our "Personal Information Collection Statement" and describes how we use the personal data that we collect and receive about you.
Our Personal Information Collection Statement contains some terms which you may need help understanding. These terms are listed in the Glossary at the end of our Personal Information Collection Statement. There are also hyperlinks to these terms when they appear in blue text except that as the terms personal data and processing are used so frequently, we have just put the hyperlink in this section.
How to get more help
If you want help with our Personal Information Collection Statement or have questions about it, please contact our Data Privacy Champion whose contact details are below:
Data Privacy Champion
MetLife Investments Asia Limited
9/F, One Taikoo Place
979 King's Road
Hong Kong S.A.R.
Telephone: 852 2277 4411
If you are unhappy about any aspect of the way we collect, share or use your personal data, we would like you to tell us. You can contact us using the details above.
If you are not happy with our response, you have a right to complain to the Privacy Commissioner for Personal Data at Room 1303, 13/F, Sunlight Tower, 248 Queen's Road East, Wanchai, Hong Kong S.A.R. Fax: 852 2877 7026 or Email: firstname.lastname@example.org.
What are your rights?
We have set out a summary of your rights regarding your personal data below. Further details about your rights are contained in the Your Privacy Rights page of this Personal Information Collection Statement:
What does this mean?
1. The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we're providing you with the information in this Personal Information Collection Statement.
2. The right of access
You have the right to obtain access to your personal data (if we're processing it), and other certain information (similar to that provided in this Personal Information Collection Statement).
This is so you're aware and can check that we're using your personal data in accordance with data protection law.
For more information, see Accessing your information.
3. The right to rectification
You're entitled to have your personal data corrected if it's inaccurate or incomplete.
For more information, see Correcting your information.
4. The right to erasure
Where the personal data is no longer required for the purpose which it was used, we must take all practicable steps to erase it. We may have a right or obligation to retain the information, such as where we are under a legal obligation to do so or it is in the public interest.
For more information, see Erasing your information.
5. The right to object
You have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent). For more information, see Objecting to processing.
Who we are
In this Personal Information Collection Statement, MetLife Investments Asia Limited is referred to as "MetLife".
MetLife will be the controller of your personal data.
How we contact you
We may contact you through one or more of the following communications channels: by telephone, mail or email.
We record some telephone calls and other electronic communications for regulatory reasons and for audit purposes. We store call and other communication recordings securely in accordance with our retention policies and applicable laws. Access to those recordings is restricted to those individuals who have a need to access them for the purposes set out in this notice and permitted by applicable law and regulation.
What we learn about you
The types of personal data we hold may include your:
- contact details including email details and phone numbers;
- age or date of birth;
- passport number and passport photo page;
- national identity numbers;
- gender, occupation;
- hobbies, recreational activities or sports;
- details of any criminal convictions; and
- education details.
How we learn about you
What we know about you is mostly provided by you or your company or authorized person on your behalf in connection with an investment transaction or other business relationship. You or someone acting on your behalf may provide us with personal data at various times and via various communication channels including phone, email and letter, for example when you:
- hold a role within a company that we are providing financing to and we require your personal information in order to conduct "know your customer" and related due diligence checks in relation to that company;
- ask to have a MetLife representative contact you;
- do business with us as a representative of a company and we need a person to contact for purposes of administering the relationship and/or financing contract with the company you represent.
We may need to check the personal data we have about you to make sure it is correct and complete with other sources such as anti-fraud agencies.
Why we need your personal data
We use the personal data we have about you to:
- check your identity and to comply with our legal, compliance, audit and regulatory requirements;
- provide you with the information, products and services that you request from us;
- administer our relationship with you whilst you represent a client, counterparty or other entity doing business with us and to communicate with you relating to such relationships;
- investigate any complaint you may make;
- provide evidence in any dispute or anticipated dispute between you and us;
- train our staff; and
- monitor the quality of our products and services.
Where a company you work for or otherwise represent is involved in a financing transaction with us, we may process your personal data in order to enter into, perform, and administer such transaction.
We may also need to process your personal data to comply with our legal obligations including in relation to performing anti-money laundering, terrorism prevention and sanctions screening checks, complaints and investigations or litigation.
We also have a legitimate interest to process your personal data for:
- communications purposes;
- ongoing management of our relationship and contracts with a company with which you are associated or which you represent or work for (e.g. providing client reports);
- our internal business purposes which may include business and disaster recovery, document retention/storage, IT service continuity (e.g. back-ups and helpdesk assistance) to ensure the quality of the products and services we provide to you;
- corporate transactions (please also see the section below How we treat personal data on a business sale).
Where you have given us your permission to do so, we will use relevant personal data to enable us to provide you with information about products and services that may be of interest to the company you work for, represent, or similar.
We will always seek your consent to process personal data where we are legally required to do so.
How we disclose your personal data
We may use and share your personal data with other companies in the MetLife group to:
- help us provide products or services to the company you represent or are employed by;
- administer the financing transactions that we enter into companies, such as the one you represent or are employed by;
- confirm or correct what we know about you;
- help us prevent fraud, money laundering, terrorism and other crimes
- comply with the law, MetLife internal policies and MetLife's legal responsibilities, for example, to enable sharing your personal data with the police or fraud agencies where necessary to prevent fraud;
- audit our business;
- provide you with information about MetLife and the products and services that may be of interest; and
- fulfill other business purposes such as product development and website administration.
We may share your personal data with our professional advisers who help us enter into and administer financing transactions and provide services to our asset management clients. For example, we may share your personal data:
- to comply with the law or rules of any regulatory body whose rules apply to MetLife;
- with credit reference agencies, police, consumer reporting, fraud prevention agencies, and sanctions databases and authorities (such as World Check, the United States Treasury Department's Office of Foreign Assets Control's lists of sanctioned countries, governments and individuals) to check your identity and conduct "know your customer" and other due diligence checks we consider necessary in conducting our investments business.
When we share your personal data with third parties who perform business services for us, we require them to take appropriate steps to protect your personal data and only use the personal data for the purpose of performing those services.
Other reasons we may share what we know about you include:
- enforcing our agreement with the company you represent or are employed by;
- protecting the rights, property, or safety of MetLife, our customers, or others; and
- doing what a court, regulator or government agency requires us to do, for example, complying with a search warrant or court order or acting as required or permitted by applicable law or regulation.
How we treat personal data on a business sale
From time to time, we may sell or transfer one or more of our businesses to another company or affiliate, and your personal data may be transferred as a part of that sale or transfer. Any new provider will continue to use your personal data for the same purposes unless you are notified otherwise. We may also share your personal data with prospective purchasers of our business and their professional advisers, but will ensure that appropriate safeguards are in place to protect your information in such circumstances.
How we protect your personal data
The security and confidentiality of your personal data is extremely important to us. We have technical, administrative, and physical security measures in place to:
- protect your personal data from unauthorised access and improper use;
- secure our IT systems and safeguard the information; and
- ensure we can restore your data in situations where the data is corrupted or lost in a disaster recovery situation.
Where appropriate, we use encryption or other security measures which we deem appropriate to protect your personal data. We also review our security procedures periodically to consider appropriate new technology and updated methods. But, despite our reasonable efforts, no security measure is ever perfect or impenetrable.
Where we transfer your information
We may transfer your personal data to other countries. Where we transfer personal data or share it with others outside Hong Kong S.A.R., we will ensure that we and those persons or companies who we transfer it to agree to protect it from improper use or disclosure, in accordance with data protection law by appropriate mechanisms. Companies outside of Hong Kong S.A.R. with whom we may share your personal data include MetLife affiliates, IT providers and other suppliers.
How long will we keep your information?
Our data retention policies comply with all applicable laws and privacy legislation to which we are subject. They set out how long we are allowed to retain all the different types of data we hold and are reviewed on a regular basis.
We safely and securely destroy data which we no longer need to keep in accordance with time limits set out in our policies.
How will you know if we amend this Personal Information Collection Statement?
We may amend this Personal Information Collection Statement at any time. If we make any material change in how we collect your personal data, or how we use or share it, we will prominently post notice of the changes on the websites covered by this Personal Information Collection Statement.
This Personal Information Collection Statement is governed by Laws of Hong Kong S.A.R.
YOUR PRIVACY RIGHTS
This section explains your rights in relation to your personal data in more detail. The various rights are not absolute and are subject to certain exceptions or qualifications.
Further information and advice about your rights can be obtained from the Privacy Commissioner for Personal Data at Room 1303, 13/F, Sunlight Tower, 248 Queen's Road East, Wanchai, Hong Kong S.A.R. Tel: 852 2877 7026 or on its website at www.pcpd.org.hk.
You are entitled to receive your personal data free of charge except in the following circumstances where we may charge a reasonable fee to cover our administrative costs of providing the personal data for:
- manifestly unfounded or excessive/repeated requests, or
- further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We'll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we'll let you know.
In order to exercise any of the rights described below please contact us at MetLifeInvestmentsHKPrivacyChampion@metlife.com.
How can we help?
Accessing your information
Correcting your information
Erasing your information
Objecting to processing
Accessing your information
What can you request access to?
You have the right to:
- receive confirmation from us that your personal data is being processed;
- access to your information; and
- certain other personal data (most of which should be in our personal data notice anyway).
You can request copies of paper and electronic records (including recorded calls, where applicable) about you that we hold, share or use. To deal with your request, we can request proof of identity and enough personal data to enable us to locate the personal data you request.
When will access not be provided?
We can only provide you with your information, not personal data about another person. Also, where access would adversely affect another person's rights, we're not required to provide this. Due to legal privilege, we may not be able to show you anything that we learned in connection with a claim or legal proceeding.
Please clearly set out in your access request the personal data that you're requesting. If this is not clear, we may come back to you to ask for further personal data by way of clarification.
Correcting your information
You have the right to obtain from us without undue delay the correction of inaccurate personal data concerning you. If you tell us that the personal data we hold on you is incorrect we will review it and, if we agree with you, we will correct our records. If we do not agree with you we will let you know. If you wish, you can tell us in writing that you believe our records still to be incorrect and we will include your statement when we give your personal data to anyone outside MetLife. You can contact us using the details in the section above headed "How to get more help".
You may also have the right to have incomplete personal data completed, including by means of providing a supplementary statement. Whether or not this is appropriate in any particular case depends on the purposes for which your personal data is being processed.
We need to notify any third parties with whom we've shared your personal data that you've made a rectification request (see "Why we need your personal data"). We'll take reasonable steps to do this, but if it is not possible or may involve disproportionate effort we may not be able to do this or ensure they rectify the personal data they hold.
How You Can See and Correct Your Information
Generally, we will let you see the personal data that we hold about you, or take steps to correct any inaccurate information, if you ask us in writing.
Due to legal privilege, we may not be able to show you anything that we learned in connection with a claim or legal proceeding.
Erasing your information
Your personal data will be erased where:
- the personal data is no longer necessary for the purpose it was originally collected/processed;
- you withdraw consent (where previously provided and required for us to process such data);
- we've been processing your personal data in breach of data protection laws;
- the personal data has to be erased in order to comply with a legal obligation.
Objecting to processing
You can object to processing in the following circumstances:
- Direct marketing
You can object at any time to your personal data being used for direct marketing purposes (including profiling related to such direct marketing).
If you sign up to receive newsletters or other e-mail messages from us, you can opt-out at any time free of charge by clicking the unsubscribe link at the bottom of the message. You may also choose to opt-out from receiving marketing materials from us by contacting us using the details in our Personal Information Collection Statement under the section headed "How to get more help".
- New purpose
Your personal data shall not be used for a new purpose unless we have obtained your express and voluntary consent. A "new purpose" refers to any purpose other than the purpose for which the data was to be used at the time of the collection of the data or a directly related purpose.
The Controller is the person or organisation which decides the purposes and means of the processing of personal data either on its own or with others.
Credit Reference Agencies are companies which collect personal data relating to the credit ratings of individuals and make it available to organisations such as insurers and banks.
Fraud Prevention Agencies collect, maintain and share, personal data internationally on known and suspected fraudulent activity.
Personal data is any personal information relating to an individual who can be identified, directly or indirectly, by reference to that information.
Processing means any operation or set of operations which is performed on personal data such as collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, erasure or destruction.