1. Home

Personal Information Collection Statement

At BOC Group Life Assurance Company Limited ("BOC Life"), the protection of personal information of our customers is important to us. As a provider of insurance products and services, the collection and use of the personal information of our customers is fundamental to our daily business operations.


If you wish to understand BOC Life’s Privacy Policy Statement in detail, you may visit relevant document using the hyperlink below http://www.boclife.com.hk/en/privacy-policy.html.

  1. This Statement sets out the data policies of BOC Group Life Assurance Company Limited (the "Company") in respect of data subjects (as hereinafter defined).
  2. For the purposes of this Statement, the “Group” means the Company and its holding companies, branches, subsidiaries, representative offices and affiliates, wherever situated, and any one of them. Affiliates include branches, subsidiaries, representative offices and affiliates of the Company’s holding companies, wherever situated.
  3. The term "data subject(s)", wherever mentioned in this Statement, includes the following categories of individuals :
    1. applicants for or customers/users, including policyowner(s), claimant(s), beneficiary(ies), life insured(s), and/or relevant individuals, of insurance and related services and products and facilities and so forth provided by the Company and their authorized signatories;
    2.  directors, shareholders, officers and managers of any corporate applicants and data subjects/users; and
    3.  suppliers, contractors, service providers and other contractual counterparties of the Company.

For the avoidance of doubt, "data subjects" shall not include any incorporated bodies. The contents of this Statement shall apply to all data subjects and form part of any contracts and/or policies that the data subjects have or may enter into with the Company from time to time. If there is any inconsistency or discrepancy between this Statement and the relevant contract and/or policy, this Statement shall prevail insofar as it relates to the protection of the data subjects' personal data. Nothing in this Statement shall limit the rights of the data subjects under the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong) (the "Ordinance") and/or other applicable laws, including the laws within or outside the Hong Kong Special Administrative Region.

  1. From time to time, it is necessary for the data subjects to supply the Company with personal data in connection with the provision, continuation and administration of insurance and/or related products and services to the data subjects, the processing of claims under insurance policies issued by the Company, the processing of any and all other requests, enquiries and complaints from the data subjects, and/or compliance with any laws, guidelines or requests issued by regulatory or other authorities within or outside the Hong Kong Special Administrative Region (including but not limited to the implementation of the U.S. Foreign Account Tax Compliance Act (“FATCA”) pursuant to the intergovernmental agreement (“IGA”) between the Hong Kong Special Administrative Region and the U.S., the tax information exchange agreement that the Hong Kong Special Administrative Region signed with the U.S. on 25 March 2014, and the provisions issued by the Organization for Economic Co-operation and Development, including the regulatory scheme relating to its Competent Authority Agreement (“CAA”) to implement its Common Reporting Standard (“CRS”)).
  2. Failure to supply such data may result in the Company being unable to assess / process your application and / or provide insurance and related services and products, due to lack of information. We may also be required to report to applicable regulatory authority(ies) values and payment amounts under the insurance policy if you refuse to give the said express consent; under specified circumstances, withhold some or all benefits under the insurance policy if you refuse to give the express consent; or terminate the policy.
  3. Data relating to the data subjects are collected or received by the Company from various sources from time to time. Such data may include, but not limited to, data collected from data subjects in the ordinary course of the continuation of the relationship between the Company or any member of the Group and data subjects, for example, when data subjects write cheques, deposit money, effect transactions through credit cards issued or serviced by the Company or any member of the Group or generally communicate verbally or in writing with the Company. Data may also be generated or combined with other information, available to the Company or any member of the Group.
  4. The purposes for which the data relating to the data subjects (including credit information and claims history) may be used will vary depending on the nature of the data subjects' relationship with the Company and / or the Group, they may include the following :
    1. processing, evaluation and/or approving applications for insurance products and services, investigate and settle claims, detect and prevent fraud (whether or not relating to the policy issued in respect of this application) and additions, alterations, variations, cancellations, renewals, and reinstatements of such products and services;
    2.  administering insurance policies issued by the Company and / or the Group;
    3.  researching and/or designing insurance/financial products and/or services for customers’ use;
    4.  any purposes with regard to any claims made by or against or otherwise involving you in relation to any products and/or services provided by the Company and / or the Group including, but not limited to, making, defending, analyzing, investigating, processing, assessing, determining, settling or responding to such claims;
    5.  conducting identity and/or credit checks whenever appropriate and carrying out data matching procedures;
    6.  complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Company and / or the Group or that it is expected to comply according to:
      1. any local or foreign law, legislation or regulation binding or applying to it within or outside the Hong Kong Special Administrative Region existing currently and in the future;
      2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Hong Kong Special Administrative Region existing currently and in the future;
      3. any present or future contractual or other commitment with a local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities or financial intermediary, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Company and / or the Group by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations and/or the obligations of the Company and/or the Group to comply with applicable tax laws including but not limited to FATCA and the IGA;
    7. processing (including, but not limited to, investigating, analyzing, underwriting and adjudicating) claims under insurance policies issued by the Company
    8.  marketing services, products and other subjects (please see further details in paragraph 11 below);
    9.  providing customer services (including, but not limited to, processing enquiries and complaints) and related activities;
    10.  conducting statistical or actuarial research of the Company and/or the Group;
    11. determining amount of indebtedness owed to or by you, and enforcing your obligations including without limitation the collection of amounts outstanding from you or any person who has provided any security or undertaking for your liabilities owing to the Group;
    12. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Group and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
    13. enabling an actual or proposed assignee of the Company, or participant or sub-participant of the Company's rights in respect of the data subjects to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
    14. comparing data of data subjects or other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking adverse action against data subjects;
    15. maintaining a credit history or otherwise, a record of data subjects (whether or not there exists any relationship between data subjects and the Company) for present and future reference; and
    16. any purposes incidental, associated or relating to Paragraph 7.
  5. Data held by the Company relating to data subjects will be kept confidential but,subject to the data subject's separate consent (insofar as required by applicable laws), the Company may provide and disclose (as defined in the Ordinance and/or applicable laws) such data to the following parties for the purposes set out in the previous paragraph:

    (a)any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or other services to the Company in connection with the operation of its business, wherever situated;
    (b)any other person under a duty of confidentiality to the Company including any member of the Group which has undertaken to keep such information confidential;
    (c)any reinsurance and claims investigation company, relevant insurance industry association and federation, and members of such industry associations and federations;
    (d)credit reference agencies, and, in the event of default, to debt collection agencies;
    (e)any financial institution, charge or credit card issuing company, insurance company, securities and investment company with which the data subjects have or propose to have dealings;
    (f)any person, entity, or government or government agency or financial intermediary, to whom the Company and / or the Group is under an obligation or otherwise required to make disclosure under the requirements of any local or foreign law, legislation or regulation binding on or applying to the Company and / or the Group, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Company and / or the Group is expected to comply, or any disclosure pursuant to any contractual or other commitment of the Company or the Group with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside the Hong Kong Special Administrative Region and may be existing currently and in the future;
    (g)If the data relating to the data subjects is being collected and used for the purpose of processing your application, investigating and settling claims and preventing and detecting fraud, such personal data will be transferred to the following persons who may collect and use this information only as reasonably necessary to carry out one of the aforementioned purposes: insurance adjusters, agents and brokers; employers; health care professionals; hospitals; accountants; financial advisors; solicitors; organisations that consolidate claims and underwriting information for the insurance industry; fraud prevention organisations; other insurance companies (whether directly or through fraud prevention organisation or other persons named in this paragraph), the police and databases or registers (and their operators) used by the insurance industry to analyse and check information provided against existing information.
    (h)any actual or proposed assignee of the Company or participant or sub-participant or transferee of the Company's rights in respect of the data subject; and
    (i)
    1. any member of the Group;
    2. third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
    3. third party reward, loyalty, co-branding and privileges programme providers;
    4. co-branding partners of the Company and the Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
    5.  charitable or non-profit making organisations; and
    6. external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Company engages for the purposes set out in paragraph (7)(h) above, wherever situated.

The Company may from time to time transfer the data relating to the data subjects to a place outside Hong Kong Special Administrative Region for the purposes set out in paragraph 7 above. Insofar as required by applicable laws, the Company will obtain the data subject’s separate consent in relation to such international transfers.

9. To the extent required by applicable laws, the Company will, prior to sharing the data subject’s personal data with third parties, notify the data subject of the name and contact details of the recipients, the purposes and means of processing and provision of the data subject’s personal data, and the types of personal data to be provided and shared, and obtain the data subject’s separate consent to the sharing of the data subject’s personal data. The foregoing data recipients will use the personal data to the extent necessary for the specific purposes set out in this Notice and store the personal data for the minimum length of time required to fulfil the purposes, or insofar as required by applicable laws, in accordance therewith.

10. Some of the data collected by the Company may constitute sensitive personal data under applicable laws. In this case, the Company will only process sensitive personal data if strict protection measures are put in place and there is sufficient necessity to justify the processing. Insofar as required by applicable laws, such sensitive personal data will be processed with the data subject’s separate consent.

11. USE OF DATA IN DIRECT MARKETING
The Company intends to use the data subject's data in direct marketing and the Company requires the data subject's consent (which includes an indication of no objection) for that purpose. The specific requirement regarding data subject’s consent (which includes an indication of no objection) under Part VIA of the Personal Data (Privacy) Ordinance 2012. In this connection, please note that: 

  1. the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of the data subject held by the Company from time to time may be used by the Company in direct marketing;
  2. the following classes of services, products and subjects may be marketed:
    1. financial, insurance, credit card, securities, commodities, investment, banking and related services and products;
    2. reward, loyalty or privileges programmes and related services and products;
    3. services and products offered by the Company’s co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
    4. donations and contributions for charitable and/or non-profit making purposes;
  3. the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Company and/or:
    1. any member of the Group;
    2. third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
    3. third party reward, loyalty, co-branding or privileges programme providers;
    4. co-branding partners of the Company and the Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
    5. charitable or non-profit making organisations;
  4. In addition to marketing the above services, products and subjects itself, the Company also intends to provide the data described in paragraph 11(a) above to all or any of the persons described in paragraph 11(c) above for use by them in marketing those services, products and subjects, and the Company requires the data subject's written consent (which includes an indication of no objection) for that purpose.

If a data subject does not wish the Company to use or provide to other persons his data for use in direct marketing as described above, the data subject may exercise his opt-out right by notifying the Company.

12. TRANSFER OF PERSONAL DATA TO DATA SUBJECT’S THIRD PARTY SERVICE PROVIDERS USING THE COMPANY’S OPEN APPLICATION PROGRAMMING INTERFACES (“OPEN API”)

The Company may, in accordance with the data subject’s instructions to the Company or third party service providers engaged by the data subject, transfer data subject’s data to third party service providers using the Company’s Open API for the purposes notified to the data subject by the Company or third party service providers and/or as consented to by the data subject in accordance with the Ordinance.

13. Under and in accordance with the terms of the Ordinance and/or applicable laws, any data subject has the right:

a. to check whether the Company holds data about him and to request access to such data;
b. to require the Company to correct any data relating to him which is inaccurate; 
c. to ascertain the BOC Life's protecting personal data privacy policies and practices and to be informed of the kind of personal data held by the Company.
d) in accordance with applicable laws, 
(i) to request the Company to delete his/her personal data;
(ii) to object to certain uses of his/her personal data;
(iii) to request an explanation of the rules governing the processing of his/her personal data;
(iv) to ask that the Company transfer personal data that he/she has provided to the Company to a third party of his/her choice under circumstances as provided under applicable laws;
(v) to withdraw any consent for the collection, processing or transfer of his/her personal data (the data subject should note that withdrawal of their consent may result in the Company being unable to provide, continue and administrate the insurance and/or related products and services); and
(vi) to have decisions arising from automated decision making (“ADM”) processes explained and to refuse to such decisions being made solely by ADM.

14. In accordance with the terms of the Ordinance and /or applicable laws, the Company may to charge a reasonable fee for the processing of any data access request.

15. The person to whom requests for access to data or correction of data or for information regarding BOC Life's protecting personal data privacy policies and practices and kinds of data held are to be addressed is as follow:

BOC Group Life Assurance Company Limited
The Data Protection Officer
BOC Group Life Assurance Company Limited
13/F, 1111 King's Road Taikoo Shing
Hong Kong
Facsimile: (852) 2522 1219

16. If there is any inconsistency between the English version and the Chinese version of this Statement, the English version shall prevail.

January 2024

Privacy Policy Statement