IPv6 Enabled
Your location: Home > CMBC Today > ESG > ESG Information


China Minsheng Bank Policy on Privacy and Data Security Protection Policy disclosure

With respect to customer privacy and data security protection, China Minsheng Bank strictly complies with the requirements of the Civil Code of the People’s Republic of China, the Data Security Law of the People’s Republic of China, the Personal Information Protection Law of the People’s Republic of China and other laws and regulations, as well as relevant regulatory provisions, and is committed to safeguarding compliance and security of privacy and data handling to protect the legitimate rights and interests of customers.

China Minsheng Bank has disclosed its privacy and data security protection policies to all customers through various channels, covering all domestic branches, relevant businesses, and customers. Specific policies include Minsheng Bank Privacy Policy (applicable to onsite channels), China Minsheng Bank Portal Privacy Policy, China Minsheng Bank Mobile Banking Privacy Policy, China Minsheng Bank WeChat Banking Privacy Policy and China Minsheng Bank Online Personal Banking Privacy Policy. For details, please refer to China Minsheng Bank official website, mobile APP, and other official channels.

Privacy protection statement

1. Customer rights on privacy data security

Customers of China Minsheng Bank have the right to access, correct and delete their personal information in accordance with the law. China Minsheng Bank is fully committed to protecting the legal rights of customers to access, copy, delete, change the scope of authorised consent, refuse personalised display, respond to requests, and withdraw consent to personal information. Information on the definition, scope, authorised content, use and collection, and related safeguards of relevant personal information is clearly defined in the policies related to customer privacy.

2. Security protection of customer privacy data 

2.1 Customer privacy data security protection system

China Minsheng Bank has established a sound organisational structure for data security management, formulated a series of systems for data security management and personal information protection, and clarified the strategy and technical protection for the lifecycle management of data security. Taking into account the actual situation of financial products and services, China Minsheng Bank adopts technical means such as access control, identity authentication and encryption for protection in the process of data collection, storage, transmission, use and deletion, effectively implementing privacy and data security management and control measures, continuously advancing data security management levels. In terms of products and services provided to natural persons, China Minsheng Bank conducts review of consumer rights protection, updates and publicisies the personal information handling rules, of these products or services before their market entry, ensuring that the contents of the privacy policy comply with legal requirements to protect customer information security.

2.2 Minimising data collection and retention

When collecting customer privacy and data, China Minsheng Bank follows the principle of “minimum and necessary”, adopts effective measures such as graded authorisation, authority control and technical control to strengthen the protection of personal financial information and safeguard the legal rights of customers regarding personal information. China Minsheng Bank has established corresponding monitoring and emergency response mechanisms to prevent information leakage and misuse.

3. Data protection plans regarding suppliers and business partners

When collecting data from external organisations or personal information subjects, in accordance with the principle of “clear notification, authorised consent”, China Minsheng Bank issues a privacy policy or contractual agreement to clearly inform the purpose, manner and scope of information collection, and adopt compliant and safe protection measures to safeguard customer privacy and data.

4. Data breach/incident response plan

China Minsheng Bank has established an efficient emergency response mechanism for data leakage incidents, implemented the division of responsibilities and personnel deployment, formulated the China Minsheng Bank Data Leakage Emergency Response Plan, and conducts regular emergency drills. In the event of a leak or a potential leak, emergency response organisations and personnel will carry out emergency response and recovery in an orderly manner based on the process of monitoring and early warning, analysis and assessment, notification and warning, emergency arrangement, coordinated action, and tracking and tracing of sources, to protect customer information security and avoid or reduce possible losses and impacts.

5. Complaints and Supervision

If customers have any question or suggestion about the content of China Minsheng Bank’s privacy policies, they can make inquiries through the official channels disclosed in the policies, and China Minsheng Bank will give timely feedback and handle them appropriately.

For details of the complaint (and acceptance) channels, please refer to: http://www.cmbc.com.cn/sy/lxwm/kfjtslc/index.htm