- INTRODUCTION
This Statement is adopted as the Privacy Policy Statement ("Statement") of Promise (Hong Kong) Co., Limited ("Promise"). The purpose of this Statement is to establish the policies and practices of Promise's commitment to protect the privacy of personal data of its customers and to act in compliance with all the requirements under the Personal Data (Privacy) Ordinance (the "Ordinance") and implementation of the guidelines issued by the Licensed Money Lenders Association relating to the Ordinance. Promise will comply with the Ordinance and the relevant governing principles and guidelines in relation thereto and will ensure compliance by its staff with the policies and practices set out in this Statement and the requirements under the Ordinance and the relevant guidelines in relation thereto.
- PURPOSES OF THE PERSONAL DATA HELD
- From time to time, it is necessary for customers to supply Promise with personal data in connection with the opening and/or continuation of loan accounts, the establishment and/or continuation of credit facilities, and/or provision of other financial services.
- Failure to supply such personal data may result in Promise being unable to open or continue loan accounts, or establish or continue credit facilities, or provide other financial services to customers.
- It is also the case that personal data are collected from customers in the ordinary course of business of Promise, for example, when customers communicate verbally or in writing with Promise, by means of documentation or Promise's telephone recording system (as the case may be).
- The purposes for which customers' personal data may be used are as follows:
- the daily operation of loan accounts, credit facilities and other financial services provided to customers;
- conducting credit checks upon an application for credit and when regular or special reviews are conducted from time to time;
- creating and maintaining Promise's credit scoring models;
- assisting other money lenders and/or financial institutions to conduct credit checks and collect debts;
- ensuring ongoing credit worthiness of customers;
- designing financial services or related products for customers' use;
- determining amounts owed to or by customers;
- collection of amounts outstanding from customers;
- complying with the obligations, requirements or arrangements for disclosing and using data that apply to Promise or that it is expected to comply according to:
- any law binding or applicable to it within or outside Hong Kong Special Administrative Region ("Hong Kong") existing currently or in the future;
- any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently or in the future; and
- any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on Promise by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
- complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within any of the subsidiaries, holding companies, associated companies or affiliates of Promise (the "Promise Group Companies") and/or any other use of data and information in accordance with any Group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
- enabling an actual or proposed assignee of Promise, or participant or sub-participant of Promise's rights in respect of customers to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
- marketing financial services or products of Promise; and
- other purposes relating to each of the above.
The purposes listed in paragraphs (a) to (k) (inclusive) and any purposes related thereto are "obligatory" purposes, meaning that customers must permit Promise to use their personal data for these purposes if they wish to use Promise's services. The purposes listed in paragraph (l) and any purposes related thereto are "voluntary" purposes, meaning that customers have a choice whether Promise can use their data for these purposes and if a customer does not want Promise to use his/her personal data for those purposes, he/she can tell Promise and Promise will not use his/her personal data for those purposes.
- CLASSES OF POSSIBLE TRANSFEREES OF THE PERSONAL DATA
Personal data held by Promise relating to a customer will be kept confidential but Promise may provide such data to the following parties (whether within or outside Hong Kong) for the purposes set out in paragraph 2.4 (all obligatory purposes except paragraph 2.4(l)):
- any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or other services to Promise in connection with the operation of its business;
- any other person under a duty of confidentiality to Promise including a member of the Promise Group Companies which has undertaken to keep such information confidential;
- any person with the express prescribed consent of customers;
- credit reference agencies, and, in the event of default, debt collection agencies;
- any person to whom Promise is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to Promise, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which Promise is expected to comply, or any disclosure pursuant to any contractual or other commitment of Promise with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside of Hong Kong and may be existing currently or in the future;
- as a voluntary purpose, selected persons for use in direct marketing;
- external service providers (including but not limited to mailing houses, telecommunication companies and information technology companies) that Promise engages for the purpose set out in paragraph 2.4(l) above; and
- any actual or proposed assignee of Promise or participant or sub-participant or transferee of Promise's rights in respect of the customers.
- SECURITY OF PERSONAL DATA
It is the policy of Promise to ensure an appropriate level of protection for personal data in full compliance with the requirements under the Ordinance, particularly Data Protection Principle 4 under the Ordinance in order to prevent unauthorized access, processing or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by unauthorized access to that data. It is the practice of Promise to achieve appropriate levels of security protection by restricting physical access to data by providing secure storage facilities, and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data. Data is only transmitted by secured means.
- ACCURACY OF PERSONAL DATA
It is the policy of Promise to ensure accuracy of all personal data collected and processed by Promise in full compliance with the requirements under the Ordinance, particularly Data Protection Principle 2 under the Ordinance. Appropriate procedures are implemented to provide for all personal data to be regularly checked and updated to ensure that it is accurate having regard to the purposes for which that data are or are to be used. In so far as personal data held by Promise consists of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct.
- COLLECTION OF PERSONAL DATA
- In the course of collecting personal data, Promise will provide the individuals concerned with a Personal Information Collection Statement informing them of, amongst other things, the proposed purposes of collection, proposed classes of persons to whom the data may be transferred, their rights to access and correct the data, and other relevant information.
- In relation to the collection of personal data on-line, the following practices are adopted:
- On-line Security
Promise will follow strict standards of security and confidentiality to protect any information provided to Promise online. Encryption technology is employed for sensitive data transmission on the Internet to protect individuals' privacy.
- On-line Correction
Personal data provided to Promise through an on-line facility, once submitted, may not be facilitated to be deleted, corrected or updated on-line. If deletion, correction and update are not allowed online, customers should approach relevant departments or branches of Promise.
- On-line Retention
Personal data collected on-line will be transferred to Promise's relevant departments or branches for processing. Personal data will not be retained in web server's database of Promise.
- USE OF COOKIES
Promise may record and collect information on customers' visits to Promise's websites, and their interactions with Promise's online advertisements and links while on the website through the use of cookies, to help Promise improve its services.
Cookies are small pieces of data transmitted from a web server to a web browser. Cookies data are stored on a local hard drive such that the web server can later read back the cookies data from a web browser. They are useful for allowing a website to maintain certain information on a particular customer and are designed to be read only by the website that provides them. While specific information about a customer's visit to Promise's website but no personal data may be collected via cookies, cookies cannot be used to retrieve data (such as a customer's name, e-mail address or other personally identifiable information) from a customer's hard drive.
Most web browsers are initially set up to accept cookies. If a customer does not want to be tracked by cookies, the customer can choose to ‘not accept' cookies by changing the settings within the customer's browser. However, by doing so the customer may not be able to access all or part of Promise's website and other financial services properly.
For more details, please click here for Promise's Cookies Policy.
- HYPERLINK POLICY
- The availability of hyperlinks or connection to other sites / addresses at Promise's Website does not mean or imply any authentication, verification, representation, approval or endorsement by Promise of such hyperlinks, connection, or the identity or information relating to such sites / addresses.
- Promise expressly disclaims any responsibility for such hyperlinks, connection, the contents, availability, accuracy or omission of information at other sites/addresses linked to or found on the sites/addresses that link to or from Promise's Website.
- All hyperlinks or connection to other sites, addresses or resources are accessed and used at customers' own risks.
- DATA ACCESS REQUESTS AND DATA CORRECTION REQUESTS
- It is the policy of Promise to comply with and process all data access and correction requests in accordance with the provisions of the Ordinance, and for all staff concerned to be familiar with the requirements for assisting individuals to make such requests.
- Promise may, subject to the Ordinance, impose a moderate fee for complying with a data access request. If a person making a data access request requires an additional copy of the personal data that Promise has previously supplied pursuant to an earlier data access request, Promise may charge a fee to cover the full administrative and other costs incurred in supplying that additional copy.
- Data access and correction requests to Promise may be addressed to the Data Protection Officer ("DPO") or other person as specifically advised.
- DATA RETENTION
It is the policy of Promise to take all practical steps to ensure that personal data are not kept longer than is necessary for the fulfilment of the purposes (including any directly related purposes) for which the data are or are to be used.
- DIRECT MARKETING
It is the policy of Promise to ensure that it strictly follows the requirements under the Ordinance and the relevant guidelines in relation thereto when collecting or using personal data for direct marketing purposes. Promise will not use personal data for direct marketing purpose without the prescribed consent of the relevant customers.
- COMPLIANCE WITH THE ORDINANCE
Apart from the above specifically mentioned points, Promise will fully comply with all requirements under the Ordinance and the relevant guidelines in relation thereto regarding the collection, handing, or use of personal data of its customers.
The following are maintained by Promise to ensure compliance with the Ordinance and the relevant guidelines in relation thereto:
- a Log Book as provided for in section 27 of the Ordinance;
- internal policies and guidelines on compliance with the Ordinance and the relevant guidelines in relation thereto for use by and guidance to staff of Promise.
- APPOINTMENT OF DATA PROTECTION OFFICER ("DPO")
- To co-ordinate and oversee compliance with the Ordinance and the relevant guidelines in relation thereto, and the personal data protection policies of Promise, a DPO has been appointed by Promise.
- The contact details of the DPO are as follows:
The Data Protection Officer
Promise (Hong Kong) Co., Limited
14/F., Luk Kwok Center,
72 Gloucester Road, Wanchai,
Hong Kong
Facsimile: 2529-6744
(In the event of any inconsistency between the English and Chinese versions of these statements, the English version will prevail.)