私隱政策聲明
  1. 引言

    此聲明乃採納為邦民日本財務(香港)有限公司(下稱「邦民」)的「私隱政策聲明」(下稱「本聲明」)。訂立本聲明的目的,是為確立邦民有關全力保護其客戶的個人資料的私隱,遵守«個人資料(私隱)條例»(下稱「該條例」)下的一切規定行事,以及執行由香港持牌放債人公會就該條例而頒布的指引。邦民會盡其最大努力依從該條例及有關的管限原則以及與此相關的有關指引,並將確保我們的職員遵守本聲明所載的政策以及該條例及與此相關的有關指引下的規定。

  2. 所持個人資料的目的
    1. 客戶就開立及/或延續貸款戶口、建立及/或延續信貸融通,及/或提供其他財務服務而言,需要不時向邦民提供個人資料。
    2. 若未能提供該等個人資料,可能會導致邦民無法開立或延續貸款戶口,或建立或延續信貸融通,或向客戶提供其他財務服務。
    3. 邦民在通常業務運作中,例如,當客戶以口頭或書面形式與邦民溝通時,亦會透過文書形式或邦民的電話錄音系統(視屬何種情況而定)向客戶收集個人資料。
    4. 客戶的個人資料可能會用於下列用途﹕
      • (a)貸款戶口、信貸融通及提供給客戶之其他財務服務之日常運作;
      • (b)在申請信貸時進行的信貸調查,及不時進行的定期或特別審查;
      • (c)編制及維持邦民的信貸評分模式;
      • (d)協助其他放債人及/或財務機構作信貸調查及追討債務;
      • (e)確保客戶維持可靠信用;
      • (f)設計供客戶使用的財務服務或有關產品;
      • (g)計算邦民與客戶之間的欠款;
      • (h)向客戶及為客戶的責任提供擔保或抵押的人士追收欠款;
      • (i)按照以下各項,遵守適用於邦民或邦民被預期遵守的有關資料披露及使用的責任、規定或安排:
        • 在目前或未來於香港特別行政區(下稱「香港」)境內或境外生效的對其具約束力或適用的任何法律;
        • 任何法律、監管、政府、稅務、執法或其他機關,或財務服務供應商的自我監管或行業機構或組織所作出或頒布的,在目前或未來於香港境內或境外生效的任何指引或指導;及
        • 因邦民在有關的本地或外地法律、監管、政府、稅務、執法或其他機關,或自我監管或行業機構或組織的管轄範圍內(或與此管轄範圍有關)的財務、商業、業務或其他權益或活動,而由邦民承擔或對邦民施加的與本地或外地法律、監管、政府、稅務、執法或其他機關,或財務服務供應商的自我監管或行業機構或組織之間的任何目前或未來的合約承諾或其他承諾;
      • (j)遵守有關於任何邦民之附屬公司、控股公司、聯營公司或關聯公司(下稱「邦民集團公司」)內的資料及資訊共享及/或資料及資訊的任何其他使用(有關共享及使用,均依照符合對洗錢、恐怖分子資金籌集或其他不法活動的制裁、防止或偵測的任何邦民集團公司計劃而進行)的任何責任、規定、政策、程序、措施或安排;
      • (k)使邦民的實際或建議承讓人,或邦民對客戶的權利的參與人或附屬參與人能評核意圖成為轉讓、參與或附屬參與的標的之交易;
      • (l)推廣邦民的財務服務或產品;及
      • (m)與上述各項有關的其他用途。

    在(a)至(k)(含兩者)段中列出的用途及與之相關的任何用途均屬「強制性」用途,意思是如客戶希望使用邦民的服務,客戶必須准許邦民將其個人資料用作該等用途。 在(l)段中列出的用途及與之相關的任何用途均屬「自願性」用途,意思是客戶有權選擇邦民是否可將他們的資料用於該等用途,且若客戶不欲邦民將其個人資料用於該等用途,他/她可告知邦民而邦民不會將其個人資料用於該等用途。

  3. 個人資料的可能承轉人類別

    邦民會對其持有的有關客戶的個人資料保密,但邦民可能會把該等資料提供給下述各方(不論在香港內外)作第2.4段列出的用途(全部均為強制性用途,惟第2.4(l)段除外):

    • (a)向邦民提供行政、電訊、電腦、付款或其他與邦民業務運作有關的服務的任何代理人、承包人或第三方服務供應者;
    • (b)任何對邦民負有保密責任的其他人,包括已承諾對該資料保密的邦民集團公司的成員公司;
    • (c)獲得客戶明示訂明同意的任何人;
    • (d)信貸資料服務機構,以及(在發生欠賬時)追討欠款公司;
    • (e)邦民有責任或在其他情況下須向其作出「有關披露」的任何人士;而「有關披露」是指:

      對邦民具約束力或適用的任何法律的規定下的披露;或由任何法律、監管、政府、稅務、執法或其他機關,或財務服務供應商的自我監管或行業機構或組織所作出或頒布的邦民被預期遵守的任何指引或指導下及其所指的任何披露;或依據邦民與本地或外地法律、監管、政府、稅務、執法或其他機關,或財務服務供應商的自我監管或行業機構或組織之間的任何合約承諾或其他承諾的任何披露(以上各項可為於目前或未來在香港境內或境外生效者);

    • (f)用於直接促銷的選定人士(作為自願性用途);
    • (g)邦民為上文第4(l)段所載用途而聘用的外部服務供應商(包括但不限於郵寄公司、電訊公司及資訊科技公司);及
    • (h)邦民的任何實際或建議承讓人或邦民對客戶的權利的參與人或附屬參與人或受讓人。
  4. 個人資料的保安

    邦民的政策為因應資料的敏感程度及因擅自查閱所造成的損害程度,確保個人資料獲得適當程度的保護並全面遵守該條例下的規定(尤其是該條例下的第4保障資料原則),以防止資料被擅自查閱、處理或作其他用途。為達到適當程度的保安保護,邦民的一貫做法為透過提供保安的儲存設施,以及在資料存置設備實施保安措施,來限制對資料的實體接觸。邦民亦採取措施以確保查閱該等資料的人士具備良好操守、審慎態度及辦事能力。資料只會以保安的方式傳送。

  5. 個人資料的準確性

    邦民的政策為確保由邦民收集及處理的所有個人資料均為準確並全面遵守該條例下的規定(尤其是該條例下的第2保障資料原則)。邦民實施適當的程序以定期核對及更新所有個人資料,以確保有關的資料就被使用或將被使用的目的而言屬準確。倘若邦民所持有的個人資料含有意見陳述,邦民會採取一切合理切實可行的步驟,以確保任何為支持有關意見陳述而獲引述的事實,均屬正確。

  6. 個人資料的收集
    1. 在收集個人資料的過程中,邦民會向有關個人提供一份「個人資料收集聲明」,向他們述明(當中包括)收集的擬作目的、可能獲轉移資料的人士的擬定類別、他們查閱及改正資料的權利,以及其他有關資料。
    2. 就於網上收集個人資料而言,邦民會採納以下實務:
      • (a)網上保安

        邦民會按照嚴格的保安及保密標準保障在網上提供給邦民的任何資料;並就互聯網上敏感性資料的傳輸採用加密技術,以保障個人的私隱。

      • (b)「曲奇」檔案

        「曲奇」檔案是由網站伺服器傳送至瀏覽器的小段資訊,這些資料儲存於本機硬碟中,使網站伺服器能於稍後再從瀏覽器內讀取。這有助網站保存某特定使用者的資料。
        「曲奇」檔案被設計成只可讓發出的網站讀取,但不能用作取得使用者的硬碟資料、電郵地址或收集使用者的敏感性資料。
        邦民只會將「曲奇」用於識別通信期,而不會把使用者的敏感性資料存置於「曲奇」檔案內。當使用者瀏覽邦民網站時,所有通信將會利用「曲奇」檔案去識別使用者身份。當使用者結束瀏覽邦民網站時,「曲奇」檔案亦會失效。倘若使用者嘗試將其網絡瀏覽器的「曲奇」檔案設定為停止運作,便未必能使用邦民的網上及其他財務服務。

      • (c)網上改正資料

        透過網上設施提供給邦民的個人資料一經呈交,便未必能在網上刪除、改正或更新。使用者如未能在網上作出刪除、改正或更新,便應聯絡邦民有關部門或分行。

      • (d)網上保留資料

        在網上收集的個人資料會被轉移到邦民有關部門或分行處理。個人資料不會保留於邦民網站伺服器的資料庫。

  7. 超連結政策
    1. 雖然邦民網站包含超連結或可連接至其他網站/網址,但這並不表示或暗示邦民對該等超連結、連接,或有關該等網站/網址的身份或資料作任何認證、核實、聲明、批核或認可。
    2. 就該等超連結、連接、與邦民網站連結或連接的其他網站/網址所提供或附有資訊的內容、供應、準確性或遺漏,邦民明確表明概不負責。
    3. 一切通往其他網站、網址或資源的超連結或連接,當中之存取及使用風險全由客戶自行承擔。
  8. 查閱資料要求及改正資料要求
    1. 邦民的政策為按照該條例的規定,依從及處理一切查閱資料及改正資料要求;及讓所有有關職員熟悉有關的規定,以協助提出有關要求的各人士。
    2. 邦民或會在符合該條例的規定下,就查閱資料要求徵收適當費用。倘若任何提出查閱資料要求的人士要求邦民提供按早前的查閱資料要求提供過的個人資料的額外副本,邦民或會收取費用以全數彌補因提供該額外副本而涉及的行政成本及其他成本。
    3. 致予邦民的查閱及改正資料的要求,可向資料保障主任或其他相特定指明人員提出。
  9. 資料保留

    邦民的政策,乃採取一切實際可行的步驟以確保個人資料的保存時間不超過將其保存以貫徹該資料被使用於或會被使用於的目的(包括任何直接有關的目的)所需的時間。

  10. 直接促銷

    邦民的政策,乃於收集或使用個人資料以作直接促銷目的時,確保其嚴格依從該條例及與之相關的有關指引下的規定。如無有關客戶的訂明同意,邦民不會將個人資料用於直接促銷目的。

  11. 遵守該條例

    除上文明述的各點外,就其客戶的個人資料的收集、處理或使用而言,邦民將全面遵守該條例及與之相關的有關指引下的一切規定。
    為確保遵守該條例及與之相關的有關指引所載的規定,邦民備有:

    1. 紀錄簿,即該條例第27條所規定的紀錄簿;
    2. 內部政策及指引以供邦民員工使用及視為指引,其內容關乎對該條例及與之相關的有關指引的遵守事宜。

  12. 資料保障主任的委任
    1. 邦民已委任資料保障主任,以負責統籌及監察該條例及與之相關的有關指引,以及邦民保障個人資料政策的遵守情況。
    2. 資料保障主任的聯絡資料如下︰
      香港灣仔告士打道 72號
      六國中心 14樓
      邦民日本財務(香港)有限公司
      資料保障主任
      傳真︰2529-6744

(本聲明的英文及中文版本如出現歧異,概以英文版本為準。)

邦民日本財務(香港)有限公司

PRIVACY POLICY STATEMENT

  1. INTRODUCTION

    This Statement is adopted as the Privacy Policy Statement (“Statement”) of Promise (Hong Kong) Co., Limited (“Promise”). The purpose of this Statement is to establish the policies and practices of Promise’s commitment to protect the privacy of personal data of its customer and to act in compliance with all the requirements under the Personal Data (Privacy) Ordinance (the “Ordinance”) and implementation of the guidelines thereon issued by the Licensed Money Lenders Association relating to the Ordinance. Promise will use its best endeavours to adhere to the Ordinance and the relevant governing principles and guidelines in relation thereto and will ensure compliance by our staff with the policies and practices set out in this Statement and the requirements under the Ordinance and the relevant guidelines in relation thereto.

  2. PURPOSES OF THE PERSONAL DATA HELD
    1. From time to time, it is necessary for customers to supply Promise with personal data in connection with the opening and/or continuation of loan accounts, the establishment and/or continuation of credit facilities, and/or provision of other financial services.
    2. Failure to supply such personal data may result in Promise being unable to open or continue loan accounts, or establish or continue credit facilities, or provide other financial services to customers.
    3. It is also the case that personal data are collected from customers in the ordinary course of business of Promise, for example, when customers communicate verbally or in writing with Promise, by means of documentation or Promise's telephone recording system (as the case may be).
    4. The purposes for which customers' personal data may be used are as follows:
      • (a)the daily operation of loan accounts, credit facilities and other financial services provided to customers;
      • (b)conducting credit checks upon an application for credit and when regular or special reviews are conducted from time to time;
      • (c)creating and maintaining Promise’s credit scoring models;
      • (d)assisting other money lenders and/or financial institutions to conduct credit checks and collect debts;
      • (e)ensuring ongoing credit worthiness of customers;
      • (f)designing financial services or related products for customers’ use;
      • (g)determining amounts owed to or by customers;
      • (h)collection of amounts outstanding from customers;
      • (i)complying with the obligations, requirements or arrangements for disclosing and using data that apply to Promise or that it is expected to comply according to:
        • any law binding or applicable to it within or outside Hong Kong Special Administrative Region (“Hong Kong”) existing currently or in the future;
        • any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently or in the future; and
        • any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on Promise by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
      • (j)complying with any obligations, requirements, policies, procedure, measures or arrangements for sharing data and information within any of the subsidiaries, holding companies, associated companies or affiliates of Promise (the “Promise Group Companies”) and/or any other use of data and information in accordance with any Group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
      • (k)enabling an actual or proposed assignee of Promise, or participant or sub-participant of Promise’s rights in respect of customers to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
      • (l)marketing financial services or products of Promise; and
      • (m)other purposes relating to each of the above.

    The purposes listed in paragraphs (a) to (k) (inclusive) and any purposes related thereto are "obligatory" purposes, meaning that customers must permit Promise to use their personal data for these purposes if they wish to use Promise's services. The purposes listed in paragraph (l) and any purposes related thereto are "voluntary" purposes, meaning that customers have a choice whether Promise can use their data for these purposes and if a customer does not want Promise to use his/her personal data for those purposes, he/she can tell Promise and Promise will not use his/her personal data for those purposes.

  3. CLASSES OF POSSIBLE TRANSFEREES OF THE PERSONAL DATA

    Personal data held by Promise relating to a customer will be kept confidential but Promise may provide such data to the following parties (whether within or outside Hong Kong) for the purposes set out in paragraph 2.4 (all obligatory purposes except paragraph 2.4(l)):

    • (a)any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or other services to Promise in connection with the operation of its business;
    • (b)any other person under a duty of confidentiality to Promise including a member of the Promise Group Companies which has undertaken to keep such information confidential;
    • (c)any person with the express prescribed consent of customers;
    • (d)credit reference agencies, and, in the event of default, debt collection agencies;
    • (e)any person to whom Promise is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to Promise, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which Promise is expected to comply, or any disclosure pursuant to any contractual or other commitment of Promise with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside of Hong Kong and may be existing currently or in the future;
    • (f)as a voluntary purpose, selected persons for use in direct marketing;
    • (g)external service providers (including but not limited to mailing houses, telecommunication companies and information technology companies) that Promise engages for the purpose set out in paragraph 4(l) above; and
    • (h)any actual or proposed assignee of Promise or participant or sub-participant or transferee of Promise's rights in respect of the customers.
  4. SECURITY OF PERSONAL DATA

    It is the policy of Promise to ensure an appropriate level of protection for personal data in full compliance with the requirements under the Ordinance, particularly Data Protection Principle 4 under the Ordinance in order to prevent unauthorized access, processing or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by unauthorized access to that data. It is the practice of Promise to achieve appropriate levels of security protection by restricting physical access to data by providing secure storage facilities, and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data. Data is only transmitted by secured means.

  5. ACCURACY OF PERSONAL DATA

    It is the policy of Promise to ensure accuracy of all personal data collected and processed by Promise in full compliance with the requirements under the Ordinance, particularly Data Protection Principle 2 under the Ordinance. Appropriate procedures are implemented to provide for all personal data to be regularly checked and updated to ensure that it is accurate having regard to the purposes for which that data are or are to be used. In so far as personal data held by Promise consists of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct.

  6. COLLECTION OF PERSONAL DATA
    1. In the course of collecting personal data, Promise will provide the individuals concerned with a Personal Information Collection Statement informing them of, amongst other things, the proposed purposes of collection, proposed classes of persons to whom the data may be transferred, their rights to access and correct the data, and other relevant information.
    2. In relation to the collection of personal data on-line, the following practices are adopted:
      • (a)On-line Security

        Promise will follow strict standards of security and confidentiality to protect any information provided to Promise online. Encryption technology is employed for sensitive data transmission on the Internet to protect individuals’ privacy.

      • (b)Cookies

        Cookies are small pieces of data transmitted from a web server to a web browser. Cookie data is stored on a local hard drive such that the web server can later read back the cookie data from a web browser. This is useful for allowing a website to maintain information on a particular user.
        Cookies are designed to be read only by the website that provides them. Cookies cannot be used to obtain data from a user’s hard drive, get a user’s e-mail address or gather a user’s sensitive information.
        Promise will only use cookies as a session identifier and will not store user’s sensitive information in cookies. Once a session is established, all the communications will use the cookies to identify a user. The cookies will expire once the session is closed. If users try to disable cookies from their web browsers, they may not be able to access Promise’s Internet and other financial services.

      • (c)On-line Correction

        Personal data provided to Promise through an on-line facility, once submitted, may not be facilitated to be deleted, corrected or updated on-line. If deletion, correction and update are not allowed online, users should approach relevant departments or branches of Promise.

      • (d)On-line Retention

        Personal data collected on-line will be transferred to Promise’s relevant departments or branches for processing. Personal data will not be retained in web server’s database of Promise.

  7. HYPERLINK POLICY
    1. The availability of hyperlinks or connection to other sites / addresses at Promise’s Website does not mean or imply any authentication, verification, representation, approval or endorsement by Promise of such hyperlinks, connection, or the identity or information relating to such sites / addresses.
    2. Promise expressly disclaims any responsibility for such hyperlinks, connection, the contents, availability, accuracy or omission of information at other sites/addresses linked to or found on the sites/addresses that link to or from Promise’s Website.
    3. All hyperlinks or connection to other sites, addresses or resources are accessed and used at customers’ own risks.
  8. DATA ACCESS REQUESTS AND DATA CORRECTION REQUESTS
    1. It is the policy of Promise to comply with and process all data access and correction requests in accordance with the provisions of the Ordinance, and for all staff concerned to be familiar with the requirements for assisting individuals to make such requests.
    2. Promise may, subject to the Ordinance, impose a moderate fee for complying with a data access request. If a person making a data access request requires an additional copy of the personal data that Promise has previously supplied pursuant to an earlier data access request, Promise may charge a fee to cover the full administrative and other costs incurred in supplying that additional copy.
    3. Data access and correction requests to Promise may be addressed to the Data Protection Officer (“DPO”) or other person as specifically advised.
  9. DATA RETENTION

    It is the policy of Promise to take all practical steps to ensure that personal data are not kept longer than is necessary for the fulfilment of the purposes (including any directly related purposes) for which the data are or are to be used.

  10. DIRECT MARKETING

    It is the policy of Promise to ensure that it strictly follows the requirements under the Ordinance and the relevant guidelines in relation thereto when collecting or using personal data for direct marketing purposes. Promise will not use personal data for direct marketing purpose without the prescribed consent of the relevant customers.

  11. COMPLIANCE WITH THE ORDINANCE

    Apart from the above specifically mentioned points, Promise will fully comply with all requirements under the Ordinance and the relevant guidelines in relation thereto regarding the collection, handing, or use of personal data of its customers.

    The following are maintained by Promise to ensure compliance with the Ordinance and the relevant guidelines in relation thereto:

    1. A Log Book as provided for in section 27 of the Ordinance;
    2. Internal policies and guidelines on compliance with the Ordinance and the relevant guidelines in relation thereto for use by and guidance to staff of Promise.

  12. APPOINTMENT OF DATA PROTECTION OFFICER
    1. To co-ordinate and oversee compliance with the Ordinance and the relevant guidelines in relation thereto, and the personal data protection policies of Promise, a DPO has been appointed by Promise.
    2. The contact details of the DPO are as follows:
      The Data Protection Officer
      Promise (Hong Kong) Co., Limited
      14/F., Luk Kwok Center,
      72 Gloucester Road, Wanchai,
      Hong Kong
      Facsimile: 2529-6744

(In the event of any inconsistency between the English and Chinese versions of these statements, the English version will prevail.)

Promise (Hong Kong) Co., Limited