Careers at
Mox Bank - Home
Mox Bank - Home

Privacy Policy

Personal Information Collection Statement - Recruitment

Your personal data is important to us, and we want to make sure you know how we use and protect it. Personal data is information that either identifies you or is about you as an individual. In this Personal Information Collection Statement (“PICS”), we’ll explain how we collect, share, and process your personal data. We’ll also tell you about your rights and how you can exercise them. 

In this PICS, “Mox”, “we”, “us” or “our”, refers to Mox Bank Limited you interact with either directly or indirectly that processes your personal data and decides how it is collected and used. Please refer to the ‘How to get in touch’ section of this PICS for details of the relevant teams of Mox providing this PICS.

This PICS does not apply to third-party websites where our online advertisements are displayed or to linked third-party websites we do not operate or control. These websites should have their own PICSs, which you can read to understand how they collect and process your personal data and your rights.

We’ll update this PICS from time to time. You can find the last updated date listed at the end of this PICS. If you have any questions or concerns about your personal data, please don’t hesitate to get in touch (you can find our details under ‘How to get in touch’ below).
 
1.     What types of personal data do we collect?

(a)   We may collect the following types of personal data about you, when you apply for a job with us or are engaged to provide services to us, as relevant and allowed by law If you give us someone else’s personal data, you must have their permission and explain to them how we’ll use it:

 (i)       Identification data – information that identifies (uniquely or semi uniquely) you. For example, your name, your gender, your date of birth, your nationality, your photographs, CCTV and video recordings of you, video, photographic images or audio recordings submitted as part of the recruitment process, and other identifiers, including official/government identifiers such as national identification number, passport number and tax identification number

 (ii)      Contact data – information that allows addressing, sending or communicating a message to you. For example, your email address, your phone or mobile number and your residential address

 (iii)     Professional data – information about your educational or professional background. For example, academic background (such as your university or school diplomas/certificates and other educational achievements), current and previous employment details (including salary/bonus and employee benefits scheme), curriculum vitae/resume, professional qualifications, references, work visa and any other information relating to the mandatory reference checking scheme under any applicable law or regulation

 (iv)     Geo-location data – information that provides or contains a device’s location. For example, your internet protocol (IP) address or your cookies identifier

 (v)      Behavioural data – analytics information that describes your behavioural characteristics. For example, results of any pre-employment testing such as psychometric testing

 (vi)     Personal relationship data – information about associations or close connections between individuals or entities that can determine your identity. For example, politically exposed person, public official, client, close personal or close financial relationships

 (vii)   Communications data – information relating to you contained in voice, messaging, email and other communications we have with you, for example, via online forms.

 (viii)  Financial and commercial data – information that identifies your financial position and background, status and history, as necessary. For example, your credit reports, payslips and other financial information

 (ix)     Racial or ethnic origin data – information which reveals your racial or ethnic origin

 (x)      Health data – information relating to your health status

 (xi)     Trade union membership – if relevant in certain jurisdictions

 (xii)   Criminal convictions, proceedings or allegations data – information about criminal convictions or related information that we identify in relation to our financial crime prevention obligations, for example, details about any criminal convictions or related information. This includes details of offences or alleged offences or convictions.

(b)   We are committed to providing equal opportunities and fair treatment in employment and recruitment. As part of this, we ask optional demographic questions as part of our application process. These questions are asked for the purposes of furthering those aims, addressing underrepresentation and creating a diverse and inclusive working environment. The answers to these questions are not shared with the hiring manager or relevant decision makers as part of the recruitment process. You have the choice not to answer these questions.

(c)   We usually get your personal data directly from you, but we may also obtain your personal data from other sources as necessary, including from:

 (i)       People you know– such as:
  • friends or relatives who have referred you to us
  • your previous employers
  • recruitment agencies
  • other people you appoint to act as your referees
  • other people you appoint to act on your behalf

 (ii)      Businesses and other organisations– such as:
  • your employer and/or company, business or organisation you represent or is related to you
  • credit reference and fraud prevention agencies
  • criminal records bureau
  • Mox and Standard Chartered career webpage
  • social network sites, for example LinkedIn, Facebook and Google+

 (iii)     Publicly available resources – such as online directories, career platforms, publications, social media posts and other information that is publicly available

 (iv)     Cookies – when you visit, browse, or use our websites, online banking or mobile applications, we may use cookies to automatically collect certain information from your device. We may use such information, where relevant, for internal analysis and troubleshooting, to recognise you and remember your preferences, to improve the quality of and to personalise our content and to determine the security status of your account. For more information on how we use cookies and how you can control them when visiting our websites, please see our Cookie Policy.

(d)   Our recruitment activities are generally not aimed at minors (normally this means if you are under 18 years old, but this might be younger depending on where you live). If you are a minor in the relevant jurisdiction, you must obtain the consent of your parents or guardian before contacting us in relation to recruitment.

2.     Why do we collect your personal data?

(a)   We collect your personal data so that we can manage our recruitment process and operate our business.

(b)   What we use your personal data for is often referred to as our purposes of processing and these are detailed below. We generally process your personal data by giving prior notification of the purpose of processing or with your consent where required by law or where otherwise permitted or required by applicable law.

(c)   We may not be able to proceed with your job application if you do not provide us with or do not want us to process the personal data that we consider is necessary and/or is required to meet our legal and regulatory obligations, or where applicable, provide us with your consent for mandatory reference checking.

(d)   Purposes of Processing

We process your personal data for the following purposes, as necessary:

 (i)       Assessing and processing your job application

This includes:
  • reviewing your application (which may include interview videos)
  • assessing your skills, qualifications and suitability for the job role or engagement you applied for (including results of psychometric tests)
  • processing your application
  • conducting pre-employment or pre-engagement searches, background checks to verify your identity
  • obtaining references, including information relating to the mandatory reference checking scheme under any applicable law or regulation
  • communicating with you in relation to your application. We may also notify you of other potential career opportunities or job vacancies that we think might suit you.
 (ii)      Improving our applicant screening procedures

This includes:
  • engaging in business operational management, such as performing administrative tasks, risk management activities, audits and ensuring operation and security of our communications and processing systems
  • auditing business operations
  • gathering insights by aggregating data from our recruitment process to improve the recruitment process, including the process of screening job applicants.
 (iii)     Keeping you and our people safe

This includes:
  • conducting identity verification security checks for building access
  • using CCTV surveillance recordings at our premises
  • investigating and reporting on incidents or emergencies on our properties and premises
  • for the security of our systems and networks in order to keep your data safe and confidential
  • for other health and safety compliance purposes.
(iv)     Detecting, investigating and preventing financial crimes

This includes
  • meeting or complying with Mox and the Standard Chartered Group policies, including identifying individuals and performing investigative procedures, measures or arrangements for sharing data and information within the Mox and the Standard Chartered Group
  • conducting pre-employment or engagement identity verification screening, including searches with a credit reference agency, sanctions screening checks and criminal record checks to the extent permitted by applicable law
  • recording and monitoring voice and electronic communications with us, to the extent permitted by applicable law, to ensure compliance with our legal and regulatory obligations and internal policies.
 (v)      Complying with applicable laws, regulations and other requirements

This includes:
  • meeting or complying with Mox and Standard Chartered Group policies, including identifying individuals and performing investigative procedures, measures or arrangements for sharing data and information within Mox and the Standard Chartered Group
  • complying with relevant local and foreign law, regulations, rules, directives, judgments or court orders, requests, guidelines, government sanctions, embargo, reporting requirements, restrictions, demands or agreements with any authority (including domestic or foreign tax authorities), court or tribunal, enforcement agency or exchange body in any relevant jurisdiction where Mox and the Standard Chartered Group operates
  • following any voluntary guidelines or recommendations as may be updated from time to time issued by legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers in any relevant jurisdiction where Mox and the Standard Chartered Group operates.
 (vi)     Exercising Mox and the Standard Chartered Group’s legal rights and conducting legal proceedings

This includes:
  • tracing and exercising our rights and protecting ourselves against harm to our rights and interests
  • retaining records as may be necessary as evidence for any potential litigation or investigation
  • obtaining professional advice conducting litigation to enforce our rights or the rights of Mox and any other member of the Standard Chartered Group
  • investigating or making an insurance claim
  • responding to any insurance related matter, action or proceeding
  • defending or responding to any current or prospective legal, governmental or quasi-governmental, regulatory, or industry bodies or associations related matter, action or proceeding or for establishing, exercising or defending legal rights.
3.     When do we conduct direct marketing?

(a)   We may sometimes, and with your consent as required by applicable law, use your contact details to send relevant marketing communications (such as by post, email, telephone, SMS, secure messages, mobile app or social media) for direct marketing purposes.

(b)   We may send the following types of communications (unless you have informed us that you do not wish to receive such communications):

 (i)       job opportunities

 (ii)      seminars and webinars

 (iii)     other events or opportunities.

(c)   We may share limited information about you with social media platform providers we engage with for the purpose of online social media advertising where you have permitted us and the social media platform provider(s) to use cookies that support our marketing on these platforms. For example, to check whether you have an account with social media platform providers to ask them to display more relevant marketing messages to you about our job opportunities.

(d)   For more information on how we use cookies in relation to marketing, please see our Cookie Policy.

(e)   You may withdraw your consent or opt-out from receiving such marketing communications in accordance with your rights by contacting us using the details in the ‘How to get in touch’ section below.

4.     When do we use automated decision-making?

(a)   We may use the personal data we collect to conduct data analytics, including profiling and behavioural analysis, to make quicker automated decisions in our business operations and to evaluate your personal characteristics to predict outcomes and risks. We require that rules followed by such automated systems are designed to make fair and objective decisions. We may use artificial intelligence and machine learning to help improve our communications and candidate experience, make our recruitment process safer and more efficient and enable us to provide faster responses and improve turnaround time. For example, we may use automated decision-making for psychometric testing in the recruitment process.

(b)   For further information on your rights in relation to automated decisions that affect you, please refer to the ‘What are your personal data protection rights?’ section.

5.     Who may we share your personal data with?

(a)   We may share your personal data within Mox and the Standard Chartered Group. Mox and the Standard Chartered Group may share your personal data for the purposes of processing as set out in this PICS, including with our service providers, our business partners, other third parties and as required by law or requested by any authority. Who these are depends on your interactions with us as an individual.

(b)   We limit how, and with whom, we share your personal data, and take steps to ensure your personal data is kept confidential and protected when we share it. We may share your personal data for our purposes of processing with the following, where relevant and allowed by law:

 (i)       Other members of the Standard Chartered Group

 (ii)      Authorised third parties
  • any other person you have authorised us by your consent to share your personal data with
 (iii)     Third parties that can verify your information
  • ex-employers
  • credit bureaus or credit reference agencies (including the operator of any centralised database used by credit reference agencies) and fraud prevention agencies and organisations
(iv)     Our service partners
  • recruitment agencies
  • professional advisers such as auditors and legal counsel
  • insurers or insurance brokers
  • service providers, such as operational, administrative, data processing and other technology service providers, including anyone engaged or partnered with to analyse and facilitate improvements or enhancements in Standard Chartered Group’s operations or provision of products and services
  • providers of professional services, such as screening and authentication providers, pre-employment health test providers, market researchers and management consultants
  • advertising companies and social media platform providers
(v)      Government authorities, law enforcement agencies and others
  • as required by law or as requested by any authority, which includes any government, quasi-government, regulator, administrative, regulatory or supervisory body, court, tribunal, law enforcement agency, exchange body or domestic or foreign tax authorities, having jurisdiction over any Standard Chartered Group member whether within or outside your jurisdiction and whether or not that Standard Chartered Group member has a relationship with you
  • self-regulatory or industry bodies or associations of financial services providers in any relevant jurisdiction where the Standard Chartered Group operates
(vi)     Other third parties
  • third parties in case of a merger, acquisition or divestment: if we transfer (or plan to transfer) any part of our business or assets. If the transaction goes ahead, the interested party may use or disclose your personal information in the same way as set out in this PICS, and subsequently notify you of any changes they may make in terms with how they process your personal data
  • any other person under a duty of confidentiality to us, including any other members of the Standard Chartered Group, which has undertaken to keep such information confidential
6.     Where do we transfer your personal data?

Your personal data may be processed, kept, stored, shared, transferred or disclosed by us within Mox and the Standard Chartered Group or with other third parties for the purposes described in this PICS. We do this in order to operate effectively, efficiently and securely in facilitating transactions and providing products and services to our clients, to improve and support our processes and business operations and to comply with our legal and regulatory obligations. This may involve processing, keeping, storing, sharing, transferring or disclosing your personal data locally or cross border to other jurisdictions, which may subject to relevant local practices and laws, rules and regulations including right of access available to the overseas authorities.

* Please refer to ‘Locations of Mox’s Service Providers’, which can be found on the ‘Legal Documents’ section of our website, for the list of countries where our service providers may be located. Where the recipients of personal data are in jurisdictions that are outside Hong Kong, and local laws may not have similar data protection laws as Hong Kong, we will take all reasonable steps necessary to ensure that adequate safeguards are implemented to protect your personal data and comply with applicable laws, for example, by using the Recommended Model Contractual Clauses issued by the Office of the Privacy Commissioner for Personal Data.

7.     How do we protect your personal data?

We take the privacy and security of your personal data very seriously. To protect your data, we have put in place a range of appropriate technical, physical and organisational measures to safeguard and keep your personal data confidential, for example, by using contracts with appropriate confidentiality, data protection and security terms in our arrangements with third parties. Mox has implemented information security data privacy policies, including incident management and reporting procedures, rules and technical measures to protect personal data and to comply with legal and regulatory requirements. We train and require staff who access your personal data to comply with our data privacy and security standards. We require our service providers, or other third parties we engage with and to whom we disclose your personal data to implement similar confidentiality, data privacy and security standards and measures when they handle, access or process your personal data.

8.     How long do we keep your personal data?

For the purposes described in this PICS, we keep your personal data for business operational or legal reasons while you engage with us and may retain your personal data for a period of time afterwards, depending on the type of personal data, in accordance with our data retention policy standards and as required by applicable law or regulations. We will take steps to delete, anonymise, destroy and/or stop using personal data when we no longer need it.

9.     What are your personal data protection rights?

(a)   We respect your personal data, and you have the following rights about how we use your information:

 (i)       Right to access your data – you can ask us for a copy of the personal data we have about you.

 (ii)      Right to correct your data – if your personal information is incorrect, you can ask us to update it.

 (iii)     Right to change or withdraw consent – if we ask for your consent to use your personal data, you can change your mind at any time.

 (iv)     Right to withdraw from direct marketing – you can tell us to stop sending you marketing emails or invitations to surveys at any time.

(b)   We will respond to requests to exercise your personal data rights in line with applicable law. We may ask you to verify your identity before processing your request. If you have any questions about your rights, please contact us using the details below.

10.  How to get in touch

(a)   Mox Bank Limited act as the data user (sometimes known as controller in other jurisdictions) responsible for processing your personal data in Hong Kong.

(b)   The person to whom requests for access to or correction of data held by us, or for information regarding our data policies and practices and kinds of data held by us are to be addressed is as follows:

Data Protection Officer
39/F, Oxford House
Taikoo Place, 979 King’s Road
Quarry Bay
Hong Kong
 
(c)   If you have any questions about this PICS or would like to exercise any of your personal data protection rights, please do not hesitate to contact career@moxbank.com.

(d)   Got a complaint?

If you have any concerns or complaints about how we’re using your personal data, please talk to us. You can get in touch with our Data Protection Officer. You can also contact the Office of the Privacy Commissioner for Personal Data (PCPD) at https://www.pcpd.org.hk

(DISCLAIMER:

This hyperlink will bring to you to another website on the Internet, which is published and operated by a third party which is not owned, controlled or affiliated with or in any way related to Mox Bank Limited.

The hyperlink is provided for your convenience and presented for information purposes only. The provision of the hyperlink does not constitute endorsement, recommendation, approval, warranty or representation, express or implied, by the Bank of any third party or the hypertext link, product, service or information contained or available therein.

The Bank does not have any control (editorial or otherwise) over the linked third party website and is not in any way responsible for the contents available therein. You use or follow this link at your own risk. To the extent permissible by law, the Bank shall not be responsible for any damage or losses incurred or suffered by you arising out of or in connection with your use of the link.

Please be mindful that when you click on the link and open a new window in your browser, you will be subject to the terms of use and privacy policies of the third party website that you are going to visit.)

11.  Other Terms and Conditions

There may be specific terms and conditions in our recruitment process that govern the collection, use and disclosure of your personal data. Such other terms and conditions must be read in conjunction with this PICS.

This PICS is provided to you under Hong Kong’s Personal Data (Privacy) Ordinance.

Last Updated: 31 March 2025