Privacy Policy& Security Tips


Corporate Mobile OTP App Privacy Policy

1.     Collection, storage and use of Personal Data

Personal data shall mean the information that can be used to identify or contact specific person. When using Corporate Mobile OTP App (hereinafter referred to as “Mobile OTP App” or “the Service”), the user (hereinafter referred to as “You” or “User(s)”) may be requested to provide personal data. Apart from collecting, storing, processing, and use of Your personal data according to the terms and conditions as prescribed in the General Agreement and other relevant terms, Cathay United Bank Co., Ltd. (hereinafter referred to as “the Bank”) will also collect, store, process, and use Your personal data according to this Privacy Protection Policy. You may refuse to provide personal data or refuse the Bank to collect, store, process, and use Your personal data. However, if You refuse the Bank to do so, the Bank may be unable to provide You with products or services or unable to reply Your inquiries. 
Below are the examples of personal data categories and methods that the Bank may collect and use:  

(1)      Categories of personal data

A.     When You use Mobile OTP App or set up an ID in the Bank’s Global MyB2B or Private Banking E-Banking, update Mobile OTP App, contact the Bank, or participate in online questionnaire survey at the Bank’s Global MyB2B website, the Bank may collect Your personal data, including the name, correspondence address, phone number, email address, preference for the contact methods, and credit card data, etc. 

B.       Use of personal data 

a.        The Bank will use Your personal data to notify You the Bank’s latest products, software updates, and upcoming activities.  

b.        The Bank will also use Your personal data to produce, develop, operate, provide, and improve the Bank’s products, services, content, and advertisements, or to prevent any losses and counter fraud.  

c.        In addition, the Bank will use the personal data for the Bank’s internal purposes, such as for audit, data analysis, research to improve products, services, and User communication. 

d.        The Bank will use Your personal data to address any issues arising from using the Service.

(2)      Collection and use of non-personal data

The Bank may collect information that does not contain any personally identifiable information and may collect, use, transfer and expose any non-personal data for any purpose. Examples of the types of non-personal information that the Bank may collect and their usages are as below:

A.           The Bank may collect Unified Business Number, company name, industry, language, post code, regional code, unique device identifier, suggested links, location and time zone of the location where the Bank’s products have been used, in order to help the Bank further understand User behavior, improve the products, services and advertisements, or address any User issues arising from using the Service.

B.           The Bank may collect Your activity information that generated from using the Service and other products and services. The Bank will aggregate this type of information so as to provide more useful information and understand which part of the Service and other products and services that the Users concerned about the most. Aggregated data is deemed as non-personal information in this Privacy Protection Clause.

C.            The Bank may collect and store the detailed information associated with Your usage of the Bank’s search engine. The information collected may be used to improve the search relevance. The aforementioned information will not be linked to Your IP address except for few circumstances where it’s required to ensure the service quality of the internet.

If the Bank combines non-personal data with personal data, the combined information will be deemed as personal data.

(3)      Cookie and other technologies

The Service may use cookie and other technologies, such as pixel tag or web beacon. These technologies can help the Bank fully understand User behaviors and which pages the User has browsed, maximize and evaluate the performance of advertisement and web search. However, if Internet Protocol (IP) address or other similar identifiable data is regarded as personal data in local laws, then the Bank will treat such data as personal data as well. Similarly, if non-personal information is combined with personal data, then the Bank will treat such combined information as personal data in this Privacy Policy as well.

The Service is like most internet websites, it will automatically collect the information and save them in a log file. The information collected includes IP address, browser type and language, Internet Service Provider (ISP), referral and exit of website/application, operating system, data/timestamp and click-stream data.

The Bank will use such information to understand and analyze the trend, manage website, understand User behavior and improve the Bank’s products and services as well as the overall demographic data of Users. The Bank may use the aforementioned information for marketing and advertising purposes.

The email messages sent by the Bank may contain “clickable link URL” that directly link to the Bank’s website content. Upon clicking on the URL, Users will be redirected to the destination page of the Bank’s website through an independent server. The Bank will track such link data to help determine the level of User interest in certain subject matters and evaluate the efficiency of User communication. If You do not wish to be tracked in this way, please do not click on the text or graphic links in the email messages.

Pixel tags allow sending readable emails to Users and finding out whether they have opened the email. The Bank may use such information to reduce the messages sent to Users or terminate the message sending altogether.

(4)      Miscellaneous

The laws, legal proceedings, lawsuits and/or public and government agencies in Your current place of residence or foreign countries may require the Bank to disclose Your personal data. On the ground of national security, legal requirements or other crucial public interests, the Bank may also disclose Your personal data when deemed necessary and appropriate.

The Bank may also disclose Your information when deemed rational and necessary for the purpose of executing the Terms and Conditions or protecting the operation of the company or the Users. In the event of company restructuring, merger or sale, the Bank may transfer any and all personal data collected to the relevant third party.

(5)      Personal data protection 
The Bank values the security of Your personal data. During the data transmission period, the Bank will use TLS (Transport Layer Security), SSL (Secure Socket Layer), or other encryption technology to protect Your personal data. The Bank will use access-limited computer system to store Your personal data and will put these computer systems in physical locations with security measures.  

(6)      Personal data integrity and retention
Unless otherwise regulated by laws or permitted for longer retention period, the Bank shall retain Your personal data during the period as required to perform the related services.

(7)      Personal data access
You may inquire, retain, or modify Your personal data at CUB’s Global MyB2B. The Bank will give You the permission of accessing Your personal data for any purpose, including requesting the Bank to correct inaccurate information, or requesting the Bank to delete the information unnecessary for retention according to the laws or legitimate business purpose. The Bank may refuse to process Your requests if they are unreasonable, violate third party’s privacy, extremely unpractical, or access requests not regulated by local laws. 

(8)      Accessing the mobile device
To provide You the Service, the Bank will access the followings of Your mobile device: 



Corporate Mobile Password



Storage space

Storage information


Background app refresh

Monitor push notifications in the background

Log out of the App automatically in the background



Receive push notifications



Siri and search

Default setting; not in use currently

(user will not be notified)


Network status

Determine online/offline mode



l   Mandatory Disclosures on Personal Data Protection Act


(9)      The Bank’s commitment to protect Your privacy
To ensure the security of Your personal data, the Bank will take strict privacy protection measures.


Security Tips for Using Global MyB2B

1.        Please make sure that Your login URL is If You have question, please contact the branch of the Bank.

2.        Global MyB2B adopts a server digital certificate with 128-bit Secure Sockets Layer (SSL) encryption. All service data transmitted on Global MyB2B are encrypted. As all data on Global MyB2B are transmitted through 128-bit Secure Sockets Layer (SSL) encrypted tunnel, a yellow padlock will be shown beside the URL of the Global MyB2B website. Please click the yellow padlock to check the certificate information and the validity of the certificate.

3.        Do not open any email from unknown origins with attachments and delete spams. Do not login Global MyB2B through link in the email, unknown application or Internet search engine. Do not install or execute any software or application from unknown origins. Do not send any personal information particularly password or PIN via ordinary e-mail.

4.        When accessing Global MyB2B, You should enter Global MyB2B URL ( on browser or add URL to My Favorite then connect to Global MyB2B through this bookmark.

5.        Do not open other browsers while using Global MyB2B.

6.        Do not use public computer (such as computer in café) or other non-trusted device or computer to login Global MyB2B. Do not randomly disclose personal information (for example: name, ID card number, bank account number, credit card number, etc.) on the Internet.

7.        Remember to quit the page by clicking Logout when You leave Your seat or after using Global MyB2B and delete temporary internet Files and history in internet options before closing every browser window.

8.        Please update operating system regularly and turn off share and remote control functions of Windows to avoid malware intrusion. When connecting to the internet, shared files and printers on the computer should be removed.

9.        You should regularly backup important data and inquiry balance, account information and transaction history of accounts at the Bank. If You find out any error or un-authorized transaction, please inform the Bank immediately.

10.     To prevent Your network information from being peeked or intervened by others while accessing Global MyB2B, the system will automatically log You out if You are not processing any transaction or performing system operation for more than certain period of time[Remarks]during login session. If You have been automatically logged out, all the operations performed and data entered during the login session will not be saved or recorded. You must login, perform operations and provide data again. [Remarks]: certain period: 5 minutes in Vietnam and 10 minutes in other areas

11.     For client of Singapore Branch accessing Global MyB2B, Two-Factor authentication mechanism is deployed by the Bank. If client needs to carry out high risk transactions such as transfer and remittance through Global MyB2B, in addition to logging in with corporate account ID, user code, and user password, he/she must hold the Digital Certificate (certificate device) or One Time Password (OTP) for transaction authentication, to increase transaction security.

12.     For client from Singapore branch, please inform the branch immediately if You lost Your mobile phone or change Your mobile phone number.

13.     For Chu Lai branch User, if User needs to do transfer and remittance through Global MyB2B, he/she must use the One Time Password(OTP) for transaction authentication.

14.     For Chu Lai branch User, please notify the branch immediately if Your OTP is damaged or lost, registered phone changes, suspicious fraud, being attacked by a hacker or suspected of being attacked.

15.     If You have any question about Global MyB2B transactions, You can get assistance through the service hotline listed on the bottom of webpage.


Tips for Using Mobile OTP App

1.            Please do not remove Mobile OTP App randomly. If You would like to use Mobile OTP App again after removal, You need to re-apply at the branch of the Bank.

2.            If You want to change Your mobile device, please execute change mobile device function to get the enable code before You change Your mobile device.

3.            If You desire to use Mobile OTP App through multiple mobile devices, You need to apply corporate mobile OTP function for each device respectively.


Security Tips for Mobile OTP App

1.            Please do not use easy-to-crack gesture password and mobile OTP (for example: corporate account ID, personal ID number, date of birth, phone number, or repeat numbers.) to login Your mobile device. Please be alerted while entering the gesture password and mobile OTP to avoid others spy on Your mobile device.

2.            Please do not leave Your mobile device, with Mobile OTP App installed, unattended or lend it to others.

3.            Please regularly update the version of Your mobile device, with Mobile OTP App installed, to the latest version.

4.            Change Your login password and mobile OTP frequently from time to time.

5.            To avoid Your transaction being peeped or intervened by others, the Bank’s Global MyB2B will display alert message requesting You to redo the transaction if You inactive the transaction for longer than 1 minute.

6.            Please do not click on any unknown website or application (or do not install software not listed on Google Play or App Store). It is suggested to install anti-virus software and timely download the latest security patch to protect Your mobile device.

7.            In order to protect your account security and avoid the risk of data leakage, this service is not provided for mobile devices that have cracked the original manufacturer (root/JB).

8.            It is recommended not to use a third-party keyboard when inputting sensitive data fields.

9.            The Service is conducted in accordance with the “Standards for the Security Management Operation of Electronic Banking Business of Financial Institutions” and “Regulations Governing Financial Institutions’ Operations to Provide Applications for Mobile Devices” of the Republic of China, relevant laws and regulations Singapore and Cambodia.


Risk of Internet Banking Application Environment

Please understands that online transactions are not without risks, pay attention to related software and hardware equipment while using online transaction service. Avoid executing transactions on network equipment provided by Internet café or other unsafe sites. Not disclose any security information (including user code and user password) or transfer any Security Device to any third party.

The Bank will, from time to time, inform depositors of the risks in the application environment of online banking in a way that the general public is aware of, so as to remind you to pay attention to such risks.


Website Statement


This statement elaborates relevant terms of network use. All Users who browse this website and relevant web pages are deemed to accept the following terms. The Bank reserves the right to change the information and data contained in this web page, as well as the terms, conditions, and explanations shown herein. The change shall take into effect upon its release. Users are advised to browse this website statement regularly to learn about any changes made to the website policy.


Users who access this website through links from other websites may be at the risk of accessing fake websites. Therefore, Users are advised to adopt safer means to access this website. (For example, directly enter a URL of the Bank in the browser address bar or click the correct URL saved in Your bookmark.)


Copyright Statement


1.            Unless otherwise specified, the copyright of all contents of Mobile OTP App, including its structure, web page design, text, images, and other information, is owned by the Bank. You shall not copy, mirror the contents on any other servers not affiliated to the website of the Bank or illegally use by other means.

2.            For the software or documents in Mobile OTP App whose copyright belongs to the Bank and are provided for You to  download, they can only be downloaded or used by any persons or parties in the manner allowed by the Bank. You shall not copy or use them for other commercial purpose beyond approved scope.
For the software or documents whose copyright does not belong to the Bank but download URLs are provided on Mobile OTP App, the relevant links so provided are only for the convenience of Your use. You shall follow the terms specified by the owners of software or documents when using such software or documents.

3.            The copyrights of the contents, images designed, composed, and produced under the Mobile OTP App shall belong to the Bank. Any reproduction or use by other means is subject to the written approval of the Bank, and shall indicate the source and the copyright when using.

4.            The Bank can take legal actions for any behavior that violates relevant local laws and regulations, not comply with this Copyright Statement, or use the contents of Mobile OTP App without authorization and without indicating the source.


Statement for Right of Trademark

1.            The Bank emphasizes that “Cathay United Bank,” “Big Tree” shaped Logo, and texts/graphics/visible marks used to indicate CUB and its businesses are commercial marks owned by the Bank.

2.            The Bank has the rights and interests of the commercial identification of the aforementioned marks and is protected by law. Any other person or party shall not modify, copy, or adopt other ways to use the commercial marks without prior consent.

3.            Any behaviors with an attempt to weaken or vilify the above marks shall be deemed illegal. The Bank has the right to explore any proper means to hold such party legally responsible.

Reprint Statement

1.            Partial contents of Mobile OTP App are provided by other organizations, institutions, and individuals, so the copyrights of these contents belong to corresponding providers.

2.            The contents quoted, extracted, and reprinted from any third party by Mobile OTP App are only used for exchange or reference by visitors. The points of view or information hereof are not related to the Bank.

3.            Extracting or reprinting these contents by Mobile OTP App are strictly carried out in accordance with relevant laws, regulations, and principles established according to judicial interpretation concerning network copyright of our country. If anybody finds the infringement matters of any articles when browsing Mobile OTP App, please inform the network system manager immediately. If they are infringement information, Mobile OTP App will remove them immediately within the scope of official duty.



1.            Any information (including but not limited to comments, forecasts, charts, indexes, theories, direct or suggestive indications) appearing or once appeared on Mobile OTP App shall only be used for reference. Users of the information shall be held responsible for their own decisions.
The information offered by Mobile OTP App only serves as a reference. Mobile OTP App strives to achieve, but not guarantee, the accuracy of data. If any errors and omissions occur, the newspapers and periodicals or websites designated to disclose the information by relevant supervisory authorities shall prevail.
The Bank will not bear any responsibility for any loss resulted from, or from reliance on, the data of Mobile OTP App, in whole or part, nor will it bear any responsibility for any loss resulted from any inadequate and incomplete data provided, or failure to provide particular data by Mobile OTP App.

2.            Internet transmission may probably be subject to interference, interrupt, delay, or data error. The Bank will not bear any responsibility for inaccuracy or delay of any data and transaction probably resulted from the breakdown of communication facility beyond the control of the Bank.

3.            The data and contents provided by other websites through their links with Mobile OTP App will only serve for Your browse and reference. Please distinguish and judge the relevant contents by Yourself, and the Bank will not bear any responsibility for the result hereof.

4.            In case that local law probably provides forced liability restriction and exemption, the forced law shall prevail.


Joint Statement of Confidentiality Measures for Cathay Financial Holdings Co., Ltd. and its Subsidiaries

1.        This statement is established in accordance with the Financial Holding Company Act, Guidelines for Cross Marketing among Subsidiaries of Financial Holding Company, and other regulatory interpretations, and has been disclosed on the websites of Cathay Financial Holdings (hereinafter referred to as the “Group”) and its subsidiaries. Subsidiaries that are referred in this statement and engage in sharing of customer information are shown in the attachment. Any changes in the list of the subsidiaries due to organizational changes of the Group will be disclosed on the websites of Cathay Financial Holdings and relevant subsidiaries.

2.        The Group and its subsidiaries collect, handle, and use customer information in accordance with the Financial Holding Company Act, Guidelines for Cross Marketing among Subsidiaries of Financial Holding Company, Personal Data Protection Act, and other regulatory interpretations. The subsidiaries strictly comply with rigorous confidentiality measures, as well as laws and regulations when collecting, handling, and using shared customer information, and will follow the methods prescribed in the statements below in terms of the use of the information.

3.        Statements

A.           Client Data Collection Methods: Client data is collected and obtained by the Group from marketing campaigns and transactions that are conducted in compliance with laws and regulations, the consent of the client, or the terms and conditions stated in various contracts/documents signed by the client. The data includes legal information disclosed by government agencies or authorized third parties.

B.           Client Data Storage and Management Methods: Client data collected by the Group will be thoroughly stored in the Group or on third-party data warehouse servers owned by information system providers commissioned by the Group. The access to the servers is managed based on the scope of businesses. The access to and the use of the information shall be in compliance with current laws and regulations, as well as management rules established by the Group. Unauthorized users cannot and are not able to access client data.

C.            Customer Data Security and Protection Methods: Your personal data obtained by the Group and its subsidiaries are protected with SSL encryption technology or other secure methods. Data will be transferred via secure software and hardware, and passwords are stored using encrypted mechanisms. Firewall is also in place to prevent unlawful intrusion by a third party or unlawful use from the internal side.

D.           Data Classification, Utilization Scope, and Items: Client data refers to basic information, transaction data, and other relevant information owned by clients of the subsidiaries. However, the Group may add or delete the classification and content of the aforementioned information based on the characteristics of a particular business.

(1).        Basic Information: including name, date of birth, ID card number, phone numbers, address, email address, and patterns of behaviors and capacities.

(2).        The types of information related to transactions and other information are as follows:

                                         i.                Account Information: including account number and similar function numbers, credit (debit) card number, deposit account number, transaction account number, deposit, loan, other transaction information, and financial condition.

                                        ii.                Credit Information: including check bounced records, write-off records, rejected records, and business operation condition.

                                       iii.                Investment Information: including investment or sale, amount, and time of selling of investment targets.

                                       iv.                Insurance Information: including the types, terms, amount insured, and payment methods of insurance.

E.            Purpose of Client Data Utilization: The Group may share or disclose client data for the purpose of marketing (including co-marketing) campaigns, in response to business-related matters handled by an entrusted third person, or in accordance with the laws or the permission of the competent authority in the hope of providing clients with comprehensive, diversified products or services related to finance and wealth management.

F.            Disclosure Scope of Client Data: Client data is shared or disclosed among companies of the Group in compliance with the Financial Holding Company Act, Guidelines for Cross Marketing among Subsidiaries of Financial Holding Company, Personal Data Protection Act, and other regulatory interpretations, and will not be disclosed or used by a third person unless for mandated business matters.

G.           Client Data Modification Method: A client who would like to revise personal data may inform any subsidiary of the Group for the modification.

H.           Methods for Client to Exercise Rights of Withdrawal: A client can notify the Group or its subsidiaries to stop sharing relevant information. After the Group or its subsidiaries receive the notice from the client, information sharing shall be ceased within three business days. If the client no longer wants to receive messages about financial management or business promotion, the client may notify any client service center of the Group. Upon being notified, the Group will stop sending such advertising information.

I.             Confidentiality Agreement on Business Information and Customer Data for Cathay Financial Holdings and Its Subsidiaries

J.             Names of companies sharing data:

Cathay Life Insurance Company Co., Ltd.

Cathay United Bank Co., Ltd

Cathay Century Insurance Co., Ltd.

Cathay Securities Corporation Co., Ltd.

Cathay Securities Investment Trust Co., Ltd.



Dispute Handling Procedures for The Bank’s Overseas Users

1.            Singapore Branch

A.           The Bank places a high value on all User feedbacks and suggestions. If You would like to raise a suggestion or file a complaint about service or product of the Bank for any reason, You may issue to the Bank via email, letter, or phone. The Bank will reply You promptly after receiving Your valuable suggestion and take necessary measures to avoid the same issue to be raised by clients repeatedly.

B.           Acceptance Channels

(1)          Cathay United Bank Singapore Branch feedback mailbox:

(2)          Mailing address: 8 Marina Boulevard #13-03 Marina Bay Financial Centre Tower 1 Singapore 018981

(3)          Cathay United Bank Singapore service hotline: (65) 6593-9280

C.            Investigation and Feedback: After receiving Your valuable suggestion, the Bank will learn the content of dispute. After a comprehensive look and causal investigation of the issue, the Bank will reply and explain to the client promptly within 14 business days from received day. If the content of dispute is too complicated to be completely processed within the above mentioned periods, the Bank will contact User for explanation and provide process progress. The Bank will reply promptly to explain the situation after the process is complete.

2.            Cathay United Bank (Cambodia)

You may want to tell us Your problem or concern by calling 023 – 211 211; or email us using our feedback form. Our representatives will work hard to resolve Your problem to Your satisfaction.


Procedure of notifying Users and external parties for significant incidents

Relevant information of the incident will be published on the Bank’s website.