PURPOSES OF THE PERSONAL DATA HELD
2.1From time to time, it is necessary for customers to supply AlrightAsia with personal data in connection with the opening and/or continuation of loan accounts, the establishment and/or continuation of credit facilities, and/or provision of other financial services.
2.2Failure to supply such personal data may result in AlrightAsia being unable to open or continue loan accounts, or establish or continue credit facilities, or provide other financial services to customers.
2.3It is also the case that personal data are collected from customers in the ordinary course of business of AlrightAsia, for example, when customers communicate verbally or in writing with AlrightAsia, by means of documentation or AlrightAsia's telephone recording system (as the case may be).
2.4The purposes for which customers' personal data may be used are as follows:
(a)the daily operation of loan accounts, credit facilities and other financial services provided to customers;
(b)conducting credit checks upon an application for credit and when regular or special reviews are conducted from time to time;
(c)creating and maintaining AlrightAsia's credit scoring models;
(d)assisting other money lenders and/or financial institutions to conduct credit checks and collect debts;
(e)ensuring ongoing credit worthiness of customers;
(f)designing financial services or related products for customers' use;
(g)determining amounts owed to or by customers;
(h)collection of amounts outstanding from customers;
(i)complying with the obligations, requirements or arrangements for disclosing and using data that apply to AlrightAsia or that it is expected to comply according to:
any law binding or applicable to it within or outside Hong Kong Special Administrative Region ("Hong Kong") existing currently or in the future;
any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently or in the future; and
any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on AlrightAsia by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
(j)complying with any obligations, requirements, policies, procedure, measures or arrangements for sharing data and information within any of the subsidiaries, holding companies, associated companies or affiliates of AlrightAsia (the "AlrightAsia Co., Limited ") and/or any other use of data and information in accordance with any Group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
(k)enabling an actual or proposed assignee of AlrightAsia, or participant or sub-participant of AlrightAsia's rights in respect of customers to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
(l)marketing financial services or products of AlrightAsia; and
(m)other purposes relating to each of the above.
The purposes listed in paragraphs (a) to (k) (inclusive) and any purposes related thereto are "obligatory" purposes, meaning that customers must permit AlrightAsia to use their personal data for these purposes if they wish to use AlrightAsia's services. The purposes listed in paragraph (l) and any purposes related thereto are "voluntary" purposes, meaning that customers have a choice whether AlrightAsia can use their data for these purposes and if a customer does not want AlrightAsia to use his/her personal data for those purposes, he/she can tell AlrightAsia and AlrightAsia will not use his/her personal data for those purposes.
CLASSES OF POSSIBLE TRANSFEREES OF THE PERSONAL DATA
Personal data held by AlrightAsia relating to a customer will be kept confidential but AlrightAsia may provide such data to the following parties (whether within or outside Hong Kong) for the purposes set out in paragraph 2.4 (all obligatory purposes except paragraph 2.4(l)):
(a)any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or other services to AlrightAsia in connection with the operation of its business;
(b)any other person under a duty of confidentiality to AlrightAsia including a member of the AlrightAsia Group Companies which has undertaken to keep such information confidential;
(c)any person with the express prescribed consent of customers;
(d)credit reference agencies, and, in the event of default, debt collection agencies;
(e)any person to whom AlrightAsia is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to AlrightAsia, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which AlrightAsia is expected to comply, or any disclosure pursuant to any contractual or other commitment of AlrightAsia with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside of Hong Kong and may be existing currently or in the future;
(f)as a voluntary purpose, selected persons for use in direct marketing;
(g)external service providers (including but not limited to mailing houses, telecommunication companies and information technology companies) that AlrightAsia engages for the purpose set out in paragraph 4(l) above; and
(h)any actual or proposed assignee of AlrightAsia or participant or sub-participant or transferee of AlrightAsia's rights in respect of the customers.
SECURITY OF PERSONAL DATA
It is the policy of AlrightAsia to ensure an appropriate level of protection for personal data in full compliance with the requirements under the Ordinance, particularly Data Protection Principle 4 under the Ordinance in order to prevent unauthorized access, processing or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by unauthorized access to that data. It is the practice of AlrightAsia to achieve appropriate levels of security protection by restricting physical access to data by providing secure storage facilities, and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data. Data is only transmitted by secured means.
ACCURACY OF PERSONAL DATA
It is the policy of AlrightAsia to ensure accuracy of all personal data collected and processed by AlrightAsia in full compliance with the requirements under the Ordinance, particularly Data Protection Principle 2 under the Ordinance. Appropriate procedures are implemented to provide for all personal data to be regularly checked and updated to ensure that it is accurate having regard to the purposes for which that data are or are to be used. In so far as personal data held by AlrightAsia consists of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct.
COLLECTION OF PERSONAL DATA
6.1In the course of collecting personal data, AlrightAsia will provide the individuals concerned with a Personal Information Collection Statement informing them of, amongst other things, the proposed purposes of collection, proposed classes of persons to whom the data may be transferred, their rights to access and correct the data, and other relevant information.
6.2In relation to the collection of personal data on-line, the following practices are adopted:
AlrightAsia will follow strict standards of security and confidentiality to protect any information provided to AlrightAsia online. Encryption technology is employed for sensitive data transmission on the Internet to protect individuals' privacy.
Cookies are small pieces of data transmitted from a web server to a web browser. Cookie data is stored on a local hard drive such that the web server can later read back the cookie data from a web browser. This is useful for allowing a website to maintain information on a particular user.
Cookies are designed to be read only by the website that provides them. Cookies cannot be used to obtain data from a user's hard drive, get a user's e-mail address or gather a user's sensitive information.
Personal data provided to AlrightAsia through an on-line facility, once submitted, may not be facilitated to be deleted, corrected or updated on-line. If deletion, correction and update are not allowed online, users should approach relevant departments or branches of AlrightAsia.
Personal data collected on-line will be transferred to AlrightAsia's relevant departments or branches for processing. Personal data will not be retained in web server's database of AlrightAsia.
7.1The availability of hyperlinks or connection to other sites / addresses at AlrightAsia's Website does not mean or imply any authentication, verification, representation, approval or endorsement by AlrightAsia of such hyperlinks, connection, or the identity or information relating to such sites / addresses.
7.2AlrightAsia expressly disclaims any responsibility for such hyperlinks, connection, the contents, availability, accuracy or omission of information at other sites/addresses linked to or found on the sites/addresses that link to or from AlrightAsia's Website.
7.3All hyperlinks or connection to other sites, addresses or resources are accessed and used at customers' own risks.
DATA ACCESS REQUESTS AND DATA CORRECTION REQUESTS
8.1It is the policy of AlrightAsia to comply with and process all data access and correction requests in accordance with the provisions of the Ordinance, and for all staff concerned to be familiar with the requirements for assisting individuals to make such requests.
8.2AlrightAsia may, subject to the Ordinance, impose a moderate fee for complying with a data access request. If a person making a data access request requires an additional copy of the personal data that AlrightAsia has previously supplied pursuant to an earlier data access request, AlrightAsia may charge a fee to cover the full administrative and other costs incurred in supplying that additional copy.
8.3Data access and correction requests to AlrightAsia may be addressed to the Data Protection Officer ("DPO") or other person as specifically advised.
It is the policy of AlrightAsia to take all practical steps to ensure that personal data are not kept longer than is necessary for the fulfilment of the purposes (including any directly related purposes) for which the data are or are to be used.
It is the policy of AlrightAsia to ensure that it strictly follows the requirements under the Ordinance and the relevant guidelines in relation thereto when collecting or using personal data for direct marketing purposes. AlrightAsia will not use personal data for direct marketing purpose without the prescribed consent of the relevant customers.
COMPLIANCE WITH THE ORDINANCE
Apart from the above specifically mentioned points, AlrightAsia will fully comply with all requirements under the Ordinance and the relevant guidelines in relation thereto regarding the collection, handing, or use of personal data of its customers.
The following are maintained by AlrightAsia to ensure compliance with the Ordinance and the relevant guidelines in relation thereto:
11.1A Log Book as provided for in section 27 of the Ordinance;
11.2Internal policies and guidelines on compliance with the Ordinance and the relevant guidelines in relation thereto for use by and guidance to staff of AlrightAsia.
APPOINTMENT OF DATA PROTECTION OFFICER
12.1To co-ordinate and oversee compliance with the Ordinance and the relevant guidelines in relation thereto, and the personal data protection policies of AlrightAsia, a DPO has been appointed by AlrightAsia.
12.2The contact details of the DPO are as follows:
AlrightAsia Co., Limited
(In the event of any inconsistency between the English and Chinese versions of these statements, the English version will prevail.)