This Notice Concerning the Processing of Personal Information (the "Notice") explains how JPMorgan Chase China (see Appendix 1 for specific entities, collectively referred to as "we", "us", or "our") to collect, use, disclose, transfer, externally provide or otherwise process your Personal Information online and offline in connection with our provision of products and services to clients, acceptance of products and services from vendors, or other activities. In this Notice, clients, vendors and/or other relevant Personal Information providers are collectively referred to as "you" or "your".
This Notice supplements the J.P. Morgan China Terms and Conditions on Processing Client Information (see the website https://www.jpmorganchina.com/CN/en/terms-and-conditions-on-handling-client-information, or other URLs/statements that we inform you from time to time for details) (the "TC") and the relevant legal documents we sign with you, and all applicable notices, rules and other materials related to the collection, use, processing, storage, disclosure, and external provision of Personal Information provided by us (collectively referred to as the "Relevant Agreements”). Unless otherwise defined in this Notice, the terms defined in the TC and other Relevant Agreements shall have the same meaning when used in this Notice.
This Notice is provided in both Chinese and English. For any discrepancy between the two versions, the Chinese version shall prevail. In case where there is any inconsistency between this Notice as well as other Relevant Agreements and applicable laws and regulations, such documents shall be deemed to have been amended to the extent necessary to comply with applicable laws and regulations.
We collect Personal Information that is related to our business, required to fulfill statutory obligations, or permitted to be collected by other applicable laws and regulations. Appendix 2 of this Notice sets out the types of Personal Information we collect and the purposes of collection, etc. We will collect and use Personal Information in accordance with the purposes and methods set out in Appendix 2 of this Notice or the Relevant Agreements we sign with you or the Relevant Person. Unless otherwise restricted by applicable laws or regulations, we may collect Personal Information directly or indirectly through communications and interactions with you and related entities, any of respective representatives, Relevant Persons, and/or any other party that we reasonably believe has a legitimate right to share Personal Information with us. If you fail to provide such Personal Information, we may not be able to provide you with the relevant products or services (or any part thereof), use the relevant products or services (or any part thereof) provided by you or conduct other corresponding activities, or comply with any applicable laws, regulations or guidelines and norms of regulatory bodies (or other competent authorities).
For conducting business for you, or for accepting or using your products or services, we will reasonably collect, use, process, store, disclose, externally provide or otherwise process the Personal Information of the Relevant Person(s) for the purposes set out in Appendix 2 or in accordance with the Relevant Agreements we sign with you, subject to your confirmation that you have obtained the consent of the Relevant Person(s) or under the circumstances expressly stipulated by laws and regulations. Nevertheless, you understand that in accordance with applicable laws and regulations, we do not need to obtain your or Relevant Person’s consent to collect, use or otherwise process Personal Information in each of the following scenarios:
We undertake to protect the confidentiality and security of Personal Information in accordance with relevant laws, regulations and regulatory requirements.
As part of a global institution, we provide products or services, receive products and services from vendors, or conduct other activities through globally deployed resources and applications. Accordingly, for the purposes stated in this Notice or Relevant Agreements, Personal Information may be transferred to the onshore regions or offshore jurisdictions where our relevant entities or vendors etc. are located, or accessed from these regions or jurisdictions. You agree and authorize us to entrust the processing of Personal Information to our relevant entities and vendors, or provide Personal Information to our relevant entities and vendors. We will assess the legality, legitimacy and necessity of providing Personal Information in accordance with the requirements of laws and regulations, and urge our relevant entities and vendors to process the Personal Information provided by you in accordance with the laws, relevant regulatory requirements and as agreed in this Notice and the Relevant Agreements. If the Personal Information you provide to us is being offshored by us under a contract between an overseas data recipient and us by strictly following the model clauses of “PRC Standard Contract for Personal Information Outbound Transfer” issued by the Cybersecurity Administration of China, the Relevant Person may have the rights as a third-party beneficiary as explicitly specified under the contract in accordance with applicable laws and regulations, unless the Relevant Person explicitly rejects such rights within thirty days after this Notice is provided.
When required by applicable laws and regulations, we will inform you of matters related to our provision of Personal Information to our relevant entities, vendors and other third parties, including the name, contact information, processing purposes and methods of the recipients, type of Personal Information to be processed, and, if it involves data offshoring, the manner and procedure for exercising your relevant rights to the offshore recipients (for specific information of the recipients, please refer to Appendix 3 and Appendix 4 of this Notice), and obtain the separate consent of Relevant Person(s) through you.
In the case that we entrust the processing of Personal Information to relevant entities and/or vendors, we will clearly stipulate with the entrusted organization the purposes, period, processing methods, types of Personal Information to be processed, protection measures, etc., of the entrusted processing in accordance with the requirements of laws and regulations, and supervise the Personal Information processing activities of the entrusted organization and require it not to process Personal Information beyond the agreed processing purposes and methods. If the entrustment contract is invalid, void, revoked or terminated, we will request the entrusted organization to return, delete or anonymize the Personal Information in accordance with the contract.
In addition, we may, in accordance with laws and regulations or agreements, transfer relevant Personal Information in connection with any reorganization (including the establishment of new, locally incorporated entities in China and the transfer of existing businesses in China to such new locally incorporated entities), merger, sale, liquidation, joint venture, assignment, transfer or other disposition of all or part of our business, assets or stocks (including in connection with any bankruptcy or similar proceedings). In such cases, we will inform you of the name and contact information of the recipient and request the recipient to continue to abide by and perform this Notice and/or the Relevant Agreements, and to obtain your consent again if the recipient changes the original purposes or methods of processing.
We will not publicly disclose Personal Information of the Relevant Person unless you confirm that you have obtained the separate consent from the Relevant Person or we are required to do so by laws or regulations, or administrative, judicial or regulatory authorities, etc.
We will retain Personal Information only within the period required by laws and regulations and necessary to achieve the purposes stated in this Notice or the Relevant Agreements. We will delete or anonymize the Personal Information retained beyond such period. If the deletion or anonymization of Personal Information is technically difficult to achieve, we will not perform any further processing other than storing and taking the necessary safety protection measures.
We may change this Notice and its corresponding appendices from time to time in accordance with applicable laws and regulations, changes in regulatory policies and for service operation needs, or if there are changes in the purpose of processing Personal Information, the manner of processing and the types of Personal Information to be processed. We will follow the time limit for announcement and update method (if any) required by laws and regulations, and inform you of the update of the above contents in a timely manner by providing an updated version on this Notice page or by sending you a notice. You should pay attention to the changes in the relevant contents of this page, related announcements, alert messages and Relevant Agreements or rules from time to time. If you have any questions about the content of such updates, please contact us. If you continue to use our products or services, or continue to provide products and services to us, you are deemed to agree to accept such updates.
If you have any questions about this Notice, or you would like to exercise your rights conferred by applicable laws and regulations, or you have any other suggestions and comments, please contact the JPMorgan China Chief Data Office:
JPMorgan China Chief Data Office
Address: 49th Floor, Shanghai Tower,
No. 501, Yincheng Middle Road,
Pudong New Area, Shanghai, China
Post code: 200120
Email address: China.jpmsc.privacy.office@jpmchase.com
After accepting your question, we will promptly and properly handle it in accordance with the requirements of laws and regulations.
Appendix 1 JPMorgan Chase China Entity
Name |
Address and Contact Information |
---|---|
J.P. Morgan Securities (China) Company Limited |
49th Floor, Shanghai Tower, No. 501, Yincheng Middle Road, Free-Trade Zone, Shanghai, China |
Appendix 2 Personal Information Collection and Use List
Please note: J.P. Morgan Chase Securities (China) Company Limited only conducts corporate business, and all our clients are institutional clients (including companies, enterprises, institutions and other entities).
Business Scenario | Collection Purpose | Collection Method | Types and Fields of Information Collected |
When you apply for and conduct business with us as a client or applicant, including but not limited to securities underwriting, sponsorship and other investment banking business, securities brokerage business, securities proprietary business, securities investment consulting and the use of other financial products and services we provide |
For clients or applicants to apply for and conduct our business; and to maintain proper and secure operation of our business and services, and to prevent and control related risks | Inputted directly into our systems or provided to us through mail, email, other means of communications by clients or applicants (or third parties with their consent) | (1) Personal basic information: including name, date of birth, place of birth, gender, ethnicity, nationality, location or address, family relationship, personal phone number, contact information, photos, etc. (2) Personal identity information: including identity document information, such as document type, number, validity period, issuing country or region, and copy or photocopy of the identity document, etc. (3) Network identity information: including personal network account number, IP address, identity authentication information (i.e. information used to verify whether the subject has access or use rights), etc. (4) Personal education and work information: including title, position, employee number, name of employer or school, work address, telephone number, fax or email address, etc. (5) Personal biometric information: including signature, handwriting, facial recognition features, fingerprints, voice, etc. (6) Personal property information: including account information, identification information, personal financial asset information, transaction information, personal property and funding sources, litigation, investigation, penalty information and other information that can reflect personal credit status. (7) Personal communication information: including communication records and contents with us (i.e., audio and video recordings, call records, communication records and contents), etc. (8) Other personal information: in order to fulfill contractual, legal and regulatory compliance obligations, other personal information obtained in the process of establishing and maintaining business relationships, including (a) personal information contained in customers’ files; (b) relationships with relevant clients (such as shareholding and investment relationships); (c) relationship with politically exposed person or senior management personnel of international organizations and relevant information; (d) personal information involved in relevant investigations, such as personal information collected for the purposes of client due diligence, sanctions and anti-money laundering investigations, detection or investigation of any suspicious and unusual activities, etc. |
When you or the Relevant Person(s) are a related person of clients or applicants of us (for the purpose of this Notice, a related person refers to any person who has a relationship with our clients or applicants, including but not limited to a director, supervisor or employee of a company, partners or members of a partnership, shareholder, substantial owner, controlling person, or beneficial owner, trustee, settler or protector of a trust, account holder of a designated account, receiver of a designated payment, representative, agent or nominee of the account holder, or the principal when the account holder is acting as an agent |
To provide securities products/services to or conduct business with relevant clients; and to maintain proper and secure operation of securities business and services, and to prevent and control related risks |
Inputted directly into our systems or provided to us through mail, email or other means of communications by applicants or clients (or third parties with their consent) |
(1) Personal basic information: including name, date of birth, place of birth, gender, ethnicity, nationality, location or address, family relationship, personal phone number, contact information, photos, etc. (2) Personal identity information: including identity document information, such as document type, number, validity period, issuing country or region, and copy or photocopy of the identity document, etc. (3) Network identity information: including personal network account number, IP address, identity authentication information (i.e. information used to verify whether the subject has access or use rights), etc. (4) Personal education and work information: including title, position, employee number, name of employer or school, work address, telephone number, fax or email address, etc. (5) Personal biometric information: including signature, handwriting, facial recognition features, fingerprints, voice, etc. (6) Personal property information: including account information, identification information, personal financial asset information, transaction information, personal property and funding sources, litigation, investigation, penalty information and other information that can reflect personal credit status. (7) Personal communication information: including communication records and contents with us (i.e., audio and video recordings, call records, communication records and contents), etc. (8) Other personal information: in order to fulfill contractual, legal and regulatory compliance obligations, other personal information obtained in the process of establishing and maintaining business relationships, including (a) personal information contained in customers’ files; (b) relationships with relevant clients (such as shareholding and investment relationships); (c) relationship with politically exposed person or senior management personnel of international organizations and relevant information; (d) personal information involved in relevant investigations, such as personal information collected for the purposes of customer due diligence, sanctions and anti-money laundering investigations, detection and investigation of any suspicious and unusual activities, etc. |
When you are our vendor or proposed vendor |
To use or accept the products and services provided by the vendors (or proposed vendors); and to maintain the proper and secure operation of securities business and services, and to prevent and control securities related risks
|
Inputted directly into our systems or provided to us by mail, email or other means of communications by vendors or proposed vendors (or third parties with their consent) | (1) Personal basic information: including name, date of birth, place of birth, gender, ethnicity, nationality, family relationship, location or address, personal phone number, contact information, photos, etc. (2) Personal identity information: including identity document information, such as document type, number, validity period, issuing country or region, and copy or photocopy of the identity document, etc. (3) Network identity information: including personal network account number, IP address, identity authentication information (i.e. information used to verify whether the subject has access or use rights), etc. (4) Personal education and work information: including title, position, employee number, name of employer or school, work address, telephone number, fax or email address, etc. (5) Personal biometric information: including signature, handwriting, facial recognition features, fingerprints, voice, etc. (6) Personal property information: including account information, identification information, personal financial asset information, transaction information, personal property and funding sources, litigation, investigation, penalty information and other information that can reflect personal credit status. (7) Personal communication information: including communication records and contents with us (i.e., audio and video recordings, call records, communication records and contents), etc. (8) Other personal information: in order to fulfill contractual, legal and regulatory compliance obligations, other personal information obtained in the process of establishing and maintaining business relationships, including (a) personal information contained in vendors’ files; (b) relationships with relevant vendors (such as shareholding and investment relationships); (c) relationship with politically exposed person or senior management personnel of international organizations and related information; (d) personal information involved in relevant investigations, such as personal information collected for the purposes of the vendor due diligence, sanctions and anti-money laundering investigations, detection and investigation of any suspicious and unusual activities, etc. |
Appendix 3 Domestic Personal Information Sharing List
Name of the Domestic Recipient |
Contact Information |
Purposes of Sharing |
Methods of Sharing |
Types of Personal Information |
Shanghai Tongguan Enterprise Management Company Limited |
Mr. Jin jinxuede@tg-lgl.com |
Mail delivery service |
Labels with recipients information |
Name, telephone number and address information |
Shanghai Quanxinda Express Company Limited |
Mr. Wu |
Mail delivery service |
Posting form |
Name, telephone number and address information |
Beijing Tian Hong Cheng Investment Consulting Company Limited |
Mr. Cheng |
International express import and export customs clearance |
Name, telephone number, company name and address information |
|
S.F. Express Group (Shanghai) Company Limited |
Mr. Fu |
Mail delivery service |
Posting form |
Name, contact number, company name and address information |
China Postal Express and Logistics Company Limited |
EMS Customer service number 11183 |
Mail delivery service |
Posting form |
Name, telephone number, company name and address information |
DHL - Sinotrans International Air Courier Limited |
Mrs. Gu lihe.gu@dhl.com |
Mail delivery service |
Posting form |
Name, telephone number, company name and address information |
Appendix 4 List of Cross-border Transfers of Personal Information
Name of the Offshore Recipient |
Contact Information |
Purposes of Processing |
Methods of Processing |
Types of Personal Information |
Methods and Procedures for Exercising rights |
JPMorgan Chase & Co. (and its branches and affiliates) |
US: +1 212 270 6000 UK: +1 212 270 6000 HK: +852 2800 1000 SGP: +65 6882 2888 |
To provide products/services to or conduct business with clients/applicants To use or accept the products and services provided by the vendors (or proposed vendors)
To maintain proper and secure operation of business and services, to prevent and control related risks
|
Transfer via server |
(1) Personal basic information: including name, date of birth, place of birth, gender, ethnicity, nationality, family relationship, location or address, personal phone number, contact information, photos, etc. (2) Personal identity information: including identity document information, such as document type, number, validity period, issuing country or region, and copy or photocopy of the identity document, etc. (3) Network identity information: including personal network account number, IP address, identity authentication information (i.e. information used to verify whether the subject has access or use rights), etc. (4) Personal education and work information: including title, position, employee number, name of employer or school, work address, telephone number, fax or email address, etc. (5) Personal biometric information: including signature, handwriting, facial recognition features, fingerprints, voice, etc. (6) Personal property information: including account information, identification information, personal financial asset information, transaction information, personal property and funding sources, litigation, investigation, penalty information and other information that can reflect personal credit status. (7) Personal communication information: including communication records and contents with us (i.e., audio and video recordings, call records, communication records and contents), etc. (8) Other personal information: in order to fulfill contractual, legal and regulatory compliance obligations, other personal information obtained in the process of establishing and maintaining business relationships, including (a) personal information contained in client/vendor files; (b) relationships with relevant clients/vendors (such as shareholding and investment relationships); (c) relationship with politically exposed person or senior management personnel of international organizations and related information; (d) personal information involved in relevant investigations, such as personal information collected for the purposes of the client/vendor due diligence, sanctions and anti-money laundering investigations, detection and investigation of any suspicious and unusual activities, etc.
|
You may contact JPMorgan Chase & Co. directly through the contact information listed to exercise your rights, or you can contact JPMorgan Chase China to assist you in exercising your rights through the contact information specified in the "J.P. Morgan China Terms and Conditions on Processing Client Information" or in this Notice. |