私隱政策聲明

  1. 引言

    此聲明乃採納為邦民日本財務(香港)有限公司(下稱「邦民」)的「私隱政策聲明」(下稱「本聲明」)。訂立本聲明的目的,是為確立邦民全力執行及遵守保障資料原則的政策及實務,以遵守個人資料(私隱)條例(下稱「該條例」)各項條款及條文,及施行由香港持牌放債人公會就該條例而頒布的指引。邦民會盡其本份依從該條例及本聲明訂立的原則行事。

  2. 使用個人資料的目的
    • 2.1客戶在開立及/或延續信貸戶口、建立及/或延續信貸融通、及/或提供其他財務服務時,需要不時向邦民提供個人資料。
    • 2.2若未能提供該等個人資料可能會導致邦民無法開立或延續信貸戶口或建立或延續信貸融通或向客戶提供其他財務服務。
    • 2.3邦民在通常業務運作中,例如,當客戶以口頭或書面形式與邦民溝通時,邦民亦會收集客戶的個人資料,透過文書形式或邦民的電話錄音系統收集(視屬何種情況而定)。
    • 2.4客戶的個人資料可能會用於下列用途﹕
      • (a)提供信貸戶口、信貸融通及其他財務服務給客戶之日常運作;
      • (b)在申請信貸時進行的信貸調查,及不時進行的定期或特別審查之時;
      • (c)編制及維持邦民的信貸評分模式;
      • (d)協助其他放債人及/或財務機構作信用檢查及追討債務;
      • (e)確保客戶維持可靠信用;
      • (f)設計為客戶使用的財務服務或有關產品;
      • (g)計算邦民與客戶之間的債務;
      • (h)向客戶及為客戶的責任提供抵押的人士追收欠款;
      • (i)邦民為履行任何對其有約束力的法例的規定而作出披露;或為依循及施行任何預期邦民會遵從的監管或其他機構所發出的指引而作出披露;
      • (j)使邦民的實在或建議承讓人,或邦民對客戶的權利的參與人或附屬參與人評核意圖成為轉讓,參與或附屬參與的標的之交易;
      • (k)推廣邦民的財務服務或產品;及
      • (l)與上述各項有關的用途。

    在(a)至(j)(含兩者)段中列出的用途及在上述(l)段項下的相關用途屬「強制性」,意思是如客戶希望使用邦民的服務,客戶必須准許邦民將其個人資料用作該等用途。 在(k)段中列出的用途及在上述(l)段項下的相關目的屬「自願性」,意思是客戶有權選擇邦民是否可將他們的資料用於該等用途。

  3. 個人資料的保安

    邦民的政策為確保個人資料的保安及會因應資料的敏感程度及因擅自查閱所造成的損害程度提供適度的保障,以防止資料被擅自查閱、處理或作其他用途。為達到適當程度的保安,邦民的一貫做法為透過提供安全的儲存設施,以及在資料存置設備實施保安措施,來嚴格限制資料被查閱。邦民亦會採取措施以確保處理該等資料的人士具備良好操守、審慎態度及辦事能力。資料只會以妥善保安的方式傳送。

  4. 個人資料的準確性

    邦民的政策為確保所有經由邦民收集及處理的資料均為準確。邦民會實施適當的程序以定期核對及更新所有個人資料,以確保有關的資料就被使用的目的而言是為合理準確。倘若邦民所持有的個人資料含有意見聲明,邦民會採取一切合理切實可行的步驟,以確保任何聲言是支持該項意見聲明的事實,均屬正確。

  5. 個人資料的收集
    • 5.1在收集個人資料的過程中,邦民會向資料當事人提供一份「個人資料收集聲明」,述明收集資料的目的、將獲轉交資料的人士的身分類別、查閱及改正資料的權利,以及其他有關資料。
    • 5.2有關邦民從互聯網收集個人資料,邦民會採納以下實務:
      • (a)網上保安

        邦民會按照嚴格的保安及保密標準保障在互聯網提供給邦民的任何資料。並已採用加密法在互聯網上傳輸敏感性的資料,以保障個人的私隱。

      • (b)「曲奇」檔案

        「曲奇」檔案是由網站伺服器傳送至瀏覽器的小段資訊,這些資料儲存於電腦硬碟中,使網站伺服器能於稍後再從瀏覽器內讀取。這有助網站保存某些使用者的資料。
        「曲奇」檔案被設計成只可讓發出的網站讀取,但不能用作取得使用者的硬碟資料、電郵地址或收集使用者的敏感性資料。
        邦民只利用「曲奇」檔案來鑑定特定期間的使用者,而不會把使用者的敏感性資料存置於「曲奇」檔案內。當使用者瀏覽邦民網站時,所有聯繫將會利用「曲奇」檔案去鑑定使用者身份。當使用者結束瀏覽邦民網站時,「曲奇」檔案亦會無效。倘若使用者嘗試將其網絡瀏覽器的「曲奇」檔案設定為停止運作,便未必能使用邦民的網上及其他金融服務。

      • (c)網上改正資料

        透過網上設施提供給邦民的個人資料一經呈交,便未必能在網上取消、改正或更新。使用者如未能在網上作出取消、改正或更新,便須聯絡邦民有關部門或分行。

      • (d)網上保留資料

        在網上收集的個人資料會被轉送到邦民有關部門或分行處理。個人資料一般不會存置於網站伺服器。

  6. 超連結政策
    • 6.1雖然邦民網站包含超連結或連接至其他網站/網址,但這並不表示或暗示邦民對該等超連結、連接、網站/網址或有關其本體身份或資料作任何認証、核實、陳述、批核或認可。
    • 6.2就該等超連結、連接、與邦民網站連結或連接的其他網站/網址所提供或附有資訊的內容、供應、準確性或遺漏,邦民明確表明概不負責。
    • 6.3一切超連結、連接或使用超連結至其他網站、網址或資料來源,當中之風險全由閣下承擔。
  7. 查閱資料要求及改正資料要求
    • 7.1邦民的政策為按照該條例的規定,依從及處理一切查閱資料及改正資料要求;及讓所有有關職員熟悉有關的規定,以協助各人士作出有關要求。
    • 7.2邦民或會在符合該條例的規定下,就查閱資料要求徵收適當費用。倘若任何提出查閱資料要求的人士要求邦民提供按早前的查閱資料要求提供過的個人資料的額外副本,邦民或會收取費用以全數彌補因提供該額外副本而涉及的行政成本或其他成本的費用。
    • 7.3有關查閱及改正資料的要求,可向資料保障主任或其他相關指定人員提出。
  8. 其他實務

    為確保依從該條例所載的規定,邦民備有:

    • 8.1資料記錄簿,即該條例第27條所規定的記錄簿;
    • 8.2內部政策及指引以供邦民員工使用,以確保各員工遵守該條例的規定。
  9. 資料保障主任的委任
    • 9.1邦民已委任資料保障主任,以負責統籌及監察該條例及邦民保障個人資料政策的遵守情況。
    • 9.2資料保障主任的聯絡資料如下︰
      香港灣仔告士打道 72號
      六國中心 14樓
      邦民日本財務(香港)有限公司
      資料保障主任
      傳真︰2529-6744

本文義如有歧異,以英文本為準。

邦民日本財務(香港)有限公司

PRIVACY POLICY STATEMENT

  1. INTRODUCTION

    This Statement is adopted as the Privacy Policy Statement (“Statement”) of Promise (Hong Kong) Co., Limited (“Promise”). The purpose of this Statement is to establish the policies and practices of Promise’s commitment to protect the privacy of personal data and to act in compliance with the provisions of the Personal Data (Privacy) Ordinance (the “Ordinance”) and implementation of the guidelines thereon issued by the Licensed Money Lenders Association. Promise will use its best endeavours to adhere to the Ordinance and the relevant governing principles.

  2. PURPOSES OF THE PERSONAL DATA HELD
    • 2.1From time to time, it is necessary for customers to supply Promise with personal data in connection with the opening and/or continuation of loan accounts, the establishment and/or continuation of credit facilities, and/or provision of other financial services.
    • 2.2Failure to supply such personal data may result in Promise being unable to open or continue loan accounts, or establish or continue credit facilities, or provide other financial services to customers.
    • 2.3It is also the case that personal data are collected from customers in the ordinary course of business of Promise, for example, when customers communicate verbally or in writing with Promise, by means of documentation or Promise's telephone recording system (as the case may be).
    • 2.4The purposes for which customers' personal data may be used are as follows:
      • (a)the daily operation of loan accounts, credit facilities and other financial services provided to customers;
      • (b)conducting credit checks upon an application for credit and when regular or special reviews are conducted from time to time;
      • (c)creating and maintaining Promise’s credit scoring models;
      • (d)assisting other money lenders and/or financial institutions to conduct credit checks and collect debts;
      • (e)ensuring ongoing credit worthiness of customers;
      • (f)designing financial services or related products for customers’ use;
      • (g)determining amounts owed to or by customers;
      • (h)collection of amounts outstanding from customers and those providing security for customers’ obligations;
      • (i)meeting the requirements to make disclosure under the requirements of any law binding on Promise and for the purposes of any guidelines issued by regulatory or other authorities with which Promise is expected to comply;
      • (j)enabling an actual or proposed assignee of Promise, or participant or sub-participant of Promise’s rights in respect of customers to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
      • (k)marketing financial services or products of Promise; and
      • (l)purposes relating to each of the above.

    The purposes listed in paragraphs (a) to (j) (inclusive) and related purposes under paragraph (l) above are "obligatory", meaning that customers must permit Promise to use their personal data for these purposes if they wish to use Promise's services. The purposes listed in paragraph (k) and related purposes under paragraph (l) above are "voluntary", meaning that customers have a choice whether Promise can use their data for these purposes.

  3. SECURITY OF PERSONAL DATA

    It is the policy of Promise to ensure an appropriate level of protection for personal data in order to prevent unauthorized access, processing or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by unauthorized access to that data. It is the practice of Promise to achieve appropriate levels of security protection by restricting physical access to data by providing secure storage facilities, and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data. Data is only transmitted by secure means.

  4. ACCURACY OF PERSONAL DATA

    It is the policy of Promise to ensure accuracy of all personal data collected and processed by Promise. Appropriate procedures are implemented to provide for all personal data to be regularly checked and updated to ensure that it is reasonably accurate having regard to the purposes for which that data is used. In so far as personal data held by Promise consists of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct.

  5. COLLECTION OF PERSONAL DATA
    • 5.1In the course of collecting personal data, Promise will provide the individuals concerned with a Personal Information Collection Statement informing them of the purpose of collection, classes of persons to whom the data may be transferred, their rights to access and correct the data, and other relevant information.
    • 5.2In relation to the collection of personal data on-line, the following practices are adopted:
      • (a)On-line Security

        Promise will follow strict standards of security and confidentiality to protect any information provided to Promise online. Encryption technology is employed for sensitive data transmission on the Internet to protect individuals’ privacy.

      • (b)Cookies

        Cookies are small pieces of data transmitted from a web server to a web browser. Cookie data is stored on a local hard drive such that the web server can later read back the cookie data from a web browser. This is useful for allowing a website to maintain information on a particular user.

        Cookies are designed to be read only by the website that provides them. Cookies cannot be used to obtain data from a user’s hard drive, get a user’s e-mail address or gather a user’s sensitive information.

        Promise will only use cookies as a session identifier and will not store user’s sensitive information in cookies. Once a session is established, all the communications will use the cookies to identify a user. The cookies will expire once the session is closed. If users try to disable cookies from their web browsers, they may not be able to access Promise’s Internet and other financial services.

      • (c)On-line Correction

        Personal data provided to Promise through an on-line facility, once submitted, it may not be facilitated to be deleted, corrected or updated on-line. If deletion, correction and updates are not allowed online, users should approach relevant departments or branches.

      • (d)On-line Retention

        Personal data collected on-line will be transferred to Promise’s relevant departments or branches for processing. Personal data will not be retained in web server’s database of Promise.

  6. HYPERLINK POLICY
    • 6.1The availability of hyperlinks or connection to other sites / addresses at Promise’s Website does not mean or imply any authentication, verification, representation, approval or endorsement by Promise of such hyperlinks, connection, or the identity or information relating to such sites / addresses.
    • 6.2Promise expressly disclaims any responsibility for such hyperlinks, connection, the contents, availability, accuracy or omission of information at other sites / addresses linked to or found on the sites / addresses that link to or from our Website.
    • 6.3All hyperlinks or connection to other sites, addresses or resources are accessed and used at your own risks.
  7. DATA ACCESS REQUESTS AND DATA CORRECTION REQUESTS
    • 7.1It is the policy of Promise to comply with and process all data access and correction requests in accordance with the provisions of the Ordinance, and for all staff concerned to be familiar with the requirements for assisting individuals to make such requests.
    • 7.2Promise may, subject to the Ordinance, impose a moderate fee for complying with a data access request. If a person making a data access request requires an additional copy of the personal data that Promise has previously supplied pursuant to an earlier data access request, Promise may charge a fee to cover the full administrative and other costs incurred in supplying that additional copy.
    • 7.3Data access and correction requests to Promise may be addressed to the Data Protection Officer (“DPO”) or other person as specifically advised.
  8. OTHER PRACTICES

    The following are maintained by Promise to ensure compliance with the Ordinance:

    • 8.1A Log Book as provided for in section 27 of the Ordinance;
    • 8.2Internal policies and guidelines on compliance with the Ordinance for use by staff of Promise.
  9. APPOINTMENT OF DATA PROTECTION OFFICER
    • 9.1To co-ordinate and oversee compliance with the Ordinance and the personal data protection policies of Promise, a DPO has been appointed by Promise.
    • 9.2The contact details of the DPO are as follows:
      The Data Protection Officer
      Promise (Hong Kong) Co., Limited
      14/F., Luk Kwok Center,
      72 Gloucester Road, Wanchai,
      Hong Kong
      Facsimile: 2529-6744

(In the event of any inconsistency between the English and Chinese versions of these statements, the English version will prevail.)

Promise (Hong Kong) Co., Limited

A54-OP-NN-2015-d