1. Introduction
This statement (the “Statement”) is made by Asia One Credit Limited (the “Company”). The purpose of this Statement is to establish the policies and practices of the Company to protect the privacy of personal data and to act in compliance with the provisions of the Personal Data (Privacy) Ordinance, Cap 486 (the “PDPO”) and applicable guidelines.
2. Personal Data We Hold
“Data subject” and “personal data” in this Statement has the same meaning as “data subject” and "personal data" in the PDPO. Personal data held by the Company are collected from the data subject directly.
3. Purpose of Personal Data Collection
The purposes for which personal data relating to clients and potential clients may be used are as follows:
(a) considering and assessing the client's application for the Company's products and services;
(b) the daily operation of the securities, banking and financial services and credit facilities provided to data subjects;
(c) conducting credit checks or performing credit assessment at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year;
(d) creating and maintaining the Company’s credit scoring models;
(e) assisting other financial institutions to conduct credit checks and collect debts;
(f) ensuring ongoing credit worthiness of data subjects;
(g) designing financial services or related products for data subjects’ use;
(h) marketing services, products and other subjects;
(i) determining amounts owed to or by data subjects;
(j) collection of amounts outstanding from data subjects and those providing security for data subjects’ obligations;
(k) complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Company or any of its group or their respective branches or that they are expected to comply according to:
(i) any law binding or applying to it within or outside the Hong Kong Special Administrative Region existing currently and in the future (e.g. the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information);
(ii) any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Hong Kong Special Administrative Region existing currently and in the future (e.g. guidelines or guidance given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information);
(iii) any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Company or any of its group or their respective branches by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
(l) complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the group of the Company and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
(m) enabling an actual or proposed assignee of the Company, or participant or sub-participant of the Company’s rights in respect of the data subjects to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
(n) conducting assessment; and
(o) purposes relating thereto.
The purposes for which personal data relating to employees and potential employees may be used are as follows:
(a) processing employment applications;
(b) determining and reviewing salaries, bonuses and other benefits;
(c) consideration for promotion, training, secondment or transfer;
(d) consideration of eligibility for and administration of staff loans and other benefits and entitlements;
(e) providing employee references;
(f) registering employees as intermediaries or licensees with statutory authorities/institutions for purposes directly related or associated to the employment;
(g) monitoring compliance with internal rules of the Company;
(h) meeting the requirements to make disclosure under the requirements of any law binding on the Company or under and for the purposes of any guidelines issued by regulatory or other authorities with which the Company is expected to comply; and
(i) purposes relating thereto.
4. The PDPO and Code of Practice on Consumer Credit Data
According to the PDPO and the Code of Practice on Consumer Credit Data, any client has the following rights:-
(a) to check whether the Company holds data about him and of access to such data;
(b) to require the Company to correct any data relating to him that is inaccurate;
(c) to ascertain the Company’s policies and practices in relation to the data and to be informed of the kind of personal data held by the Company;
(d) when related to personal credit, to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency;
(e) in the event of any default in payment, unless the amount is fully repaid before the expiry of 60 days from the date of such default, the client is liable to have his account repayment data retained by the credit reference agency up to 5 years from the date of the final settlement of the amount in default; and
(f) upon satisfactory extinguishment of the financing via full repayment and on the condition that there have been no default in excess of 60 days relating to the subject financing for 5 years prior to such extinguishment, to instruct the Company to make a request to the relevant credit reference agency to delete from its database any account data relating to the extinguished financing.
With respect to data in connection with mortgages applied by a data subject (whether as a borrower, mortgagor or guarantor and whether in the data subject’s sole name or in joint names with others), the following data relating to the data subject (including any updated data of any of the following data from time to time) may be provided by the Company on its own behalf and/or as agent, to a credit reference agency:
(a) full name;
(b) capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in the data subject’s sole name or in joint names with others);
(c) Hong Kong Identity Card Number or travel document number;
(d) date of birth;
(e) correspondence address;
(f) mortgage account number in respect of each mortgage;
(g) type of the facility in respect of each mortgage;
(h) mortgage account status in respect of each mortgage (e.g. active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order); and
(i) if any, mortgage account closed date in respect of each mortgage.
The credit reference agency will use the above data supplied by the Company for the purposes of compiling a count of the number of mortgages from time to time held by the data subject with credit providers in Hong Kong, as borrower, mortgagor or guarantor respectively and whether in the data subject’s sole name or in joint names with others, for sharing in the consumer credit database of the credit reference agency by credit providers (subject to the requirements of the Code of Practice on Consumer Credit Data approved and issued under the PDPO).
5. Transferal of Personal Data
Data held by the Company relating to its clients will be kept confidential but the Company may provide and transfer such information to the following parties:
(a) Any agent, contractor, or third party service provider who provides administrative, telecommunications, computer, payment, debt collection, or other services to the Company in connection with the operation of its business;
(b) Any other person under a duty of confidentiality to the Company, including a member of the same group to which the Company belongs, which has undertaken to keep such information confidential;
(c) Credit reference agencies, and in the event of default, debt collection agencies;
(d) Any person to whom the Company is under an obligation or under the requirements of any law, guidelines or guidance given or issued by any court of legal, regulatory, governmental, tax, law enforcement or other authorities, or supervisory body; and
(e) Any actual or proposed assignee of the Company or participant or sub-participant of transferee of the Company’s rights with respect to the client.
6. Direct Marketing
The Company intends to use the data subject’s data in direct marketing and the Company requires the data subject’s consent (which includes an indication of no objection) for that purpose. In this connection, please note that:-
(a) the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of the data subject held by the Company from time to time may be used by the Company in direct marketing;
(b) the following classes of services, products and subjects may be marketed:
(i) credit facilities and related financial services and products;
(ii) reward, loyalty or privileges programmes and related services and products;
(iii) services and products offered by the Company’s co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
(iv) donations and contributions for charitable and/or non-profit making purposes;
(c) the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Company and/or:
(i) any member of the group companies of the Company;
(ii) third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
(iii) third party reward, loyalty, co-branding or privileges programme providers;
(iv) co-branding partners of the Company and the group companies of the Company (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
(v) charitable or non-profit making organisations;
(d) in addition to marketing the above services, products and subjects itself, the Company also intends to provide the data described in Paragraph 6(a) above to all or any of the persons described in Paragraph 6(c) above for use by them in marketing those services, products and subjects, and the Company requires the data subject’s written consent (which includes an indication of no objection) for that purpose;
(e) the Company may receive money or other property in return for providing the data to the other persons in Paragraph 6(d) above and, when requesting the data subject’s consent or no objection as described in Paragraph 6(d) above, the Company will inform the data subject if it will receive any money or other property in return for providing data to the other persons.
If a data subject does not wish the Company to use or provide to other persons his/her data for use in direct marketing as described above, the data subject may exercise his/her opt-out right by notifying the Company.
7. Data Accuracy
The Company will ensure the accuracy of all personal data collected and processed by the Company. Appropriate procedures are implemented so that all personal data is regularly checked and updated to ensure that it is reasonably accurate having regard to the purposes for which that data is used. In so far as personal data held by the Company consists of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct. The Company will at all times endeavour to ensure the accuracy of personal data held by the Company, and if such personal data is transferred to third parties, it will notify that third party of any correction to be made.
8. Data Security
The Company will ensure an appropriate level of protection for personal data in order to prevent unauthorized access, processing or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by unauthorized access to that data. It is the practice of the Company to achieve appropriate levels of security by restricting physical access to data, providing secure storage facilities and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data and personal data is only transmitted by secure means.
9. Retention of Personal Information
No personal data is kept for longer than is necessary and that the Company will comply with all statutory and regulatory requirements in the Hong Kong Special Administrative Region concerning the retention of personally identifiable information.
10. Access and Correction of Personal Data
In accordance with the PDPO, the Company has the right to charge a reasonable fee for the processing of any data access request.
11. Appointment of Data Protection Officer
The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed is as follows:
The Data Protection Officer
Address: Asia One Credit Limited
Flat A4, 6th Floor, Chou Chong Commercial Building, No. 422-428 Castle Peak Road, Cheung Sha Wan, Kowloon, Hong Kong
Telephone: (852) 3707 3352
(852) 3707 3354
Facsimile: (852) 3709 8726
12. Use of Cookies
(a) Cookies are small bits of information that are automatically stored on web browse, mobile phone or other device for accessing the internet that can be retrieved by this site. The Company will be able to access the information stored on the cookies and record how you use this site.
(b) Most browsers are initially set to accept cookies. You may set your browser to disable cookies through your browser setting.
(c) Your personal data will not be collected by using cookies.
13. The Company reserves the right to amend this Statement from time to time.
14. Nothing in this Statement shall limit your rights under the PDPO. In case of discrepancy between the English and Chinese versions of this Statement, the English version shall prevail.
Revised: December 2020
Flat A4, 6th Floor, Chou Chong Commercial Building, No. 422-428 Castle Peak Road, Cheung Sha Wan, Kowloon, Hong Kong
Copyright © 2022 • Asia One Credit Company Limited
Powered by VTL-Solutions Ltd.
9160 8378