私隱政策聲明


引言

此聲明乃採納為萬通亞州有限公司(下稱「萬通」)的「私隱政策聲明」(下稱「本聲明」)。訂立本聲明的目的,是為確立萬通有關全力保護其客戶的個人資料的私隱,遵守«個人資料(私隱)條例»(下稱「該條例」)下的一切規定行事,以及執行由香港持牌放債人公會就該條例而頒布的指引。萬通會盡其最大努力依從該條例及有關的管限原則以及與此相關的有關指引,並將確保我們的職員遵守本聲明所載的政策以及該條例及與此相關的有關指引下的規定。
所持個人資料的目的
2.1客戶就開立及/或延續貸款戶口、建立及/或延續信貸融通,及/或提供其他財務服務而言,需要不時向萬通提供個人資料。
2.2若未能提供該等個人資料,可能會導致萬通無法開立或延續貸款戶口,或建立或延續信貸融通,或向客戶提供其他財務服務。
2.3萬通在通常業務運作中,例如,當客戶以口頭或書面形式與萬通溝通時,亦會透過文書形式或萬通的電話錄音系統(視屬何種情況而定)向客戶收集個人資料。
2.4客戶的個人資料可能會用於下列用途﹕
(a)貸款戶口、信貸融通及提供給客戶之其他財務服務之日常運作;
(b)在申請信貸時進行的信貸調查,及不時進行的定期或特別審查;
(c)編制及維持萬通的信貸評分模式;
(d)協助其他放債人及/或財務機構作信貸調查及追討債務;
(e)確保客戶維持可靠信用;
(f)設計供客戶使用的財務服務或有關產品;
(g)計算萬通與客戶之間的欠款;
(h)向客戶及為客戶的責任提供擔保或抵押的人士追收欠款;
(i)按照以下各項,遵守適用於萬通或萬通被預期遵守的有關資料披露及使用的責任、規定或安排:
在目前或未來於香港特別行政區(下稱「香港」)境內或境外生效的對其具約束力或適用的任何法律;
任何法律、監管、政府、稅務、執法或其他機關,或財務服務供應商的自我監管或行業機構或組織所作出或頒布的,在目前或未來於香港境內或境外生效的任何指引或指導;及
因萬通在有關的本地或外地法律、監管、政府、稅務、執法或其他機關,或自我監管或行業機構或組織的管轄範圍內(或與此管轄範圍有關)的財務、商業、業務或其他權益或活動,而由萬通承擔或對萬通施加的與本地或外地法律、監管、政府、稅務、執法或其他機關,或財務服務供應商的自我監管或行業機構或組織之間的任何目前或未來的合約承諾或其他承諾;
(j)遵守有關於任何萬通之附屬公司、控股公司、聯營公司或關聯公司(下稱「萬通亞州有限公司」)內的資料及資訊共享及/或資料及資訊的任何其他使用(有關共享及使用,均依照符合對洗錢、恐怖分子資金籌集或其他不法活動的制裁、防止或偵測的任何萬通集團公司計劃而進行)的任何責任、規定、政策、程序、措施或安排;
(k)使萬通的實際或建議承讓人,或萬通對客戶的權利的參與人或附屬參與人能評核意圖成為轉讓、參與或附屬參與的標的之交易;
(l)推廣萬通的財務服務或產品;及
(m)與上述各項有關的其他用途。
在(a)至(k)(含兩者)段中列出的用途及與之相關的任何用途均屬「強制性」用途,意思是如客戶希望使用萬通的服務,客戶必須准許萬通將其個人資料用作該等用途。 在(l)段中列出的用途及與之相關的任何用途均屬「自願性」用途,意思是客戶有權選擇萬通是否可將他們的資料用於該等用途,且若客戶不欲萬通將其個人資料用於該等用途,他/她可告知萬通而萬通不會將其個人資料用於該等用途。
個人資料的可能承轉人類別
萬通會對其持有的有關客戶的個人資料保密,但萬通可能會把該等資料提供給下述各方(不論在香港內外)作第2.4段列出的用途(全部均為強制性用途,惟第2.4(l)段除外):
(a)向萬通提供行政、電訊、電腦、付款或其他與萬通業務運作有關的服務的任何代理人、承包人或第三方服務供應者;
(b)任何對萬通負有保密責任的其他人,包括已承諾對該資料保密的萬通集團公司的成員公司;
(c)獲得客戶明示訂明同意的任何人;
(d)信貸資料服務機構,以及(在發生欠賬時)追討欠款公司;
(e)萬通有責任或在其他情況下須向其作出「有關披露」的任何人士;而「有關披露」是指:
對萬通具約束力或適用的任何法律的規定下的披露;或由任何法律、監管、政府、稅務、執法或其他機關,或財務服務供應商的自我監管或行業機構或組織所作出或頒布的萬通被預期遵守的任何指引或指導下及其所指的任何披露;或依據萬通與本地或外地法律、監管、政府、稅務、執法或其他機關,或財務服務供應商的自我監管或行業機構或組織之間的任何合約承諾或其他承諾的任何披露(以上各項可為於目前或未來在香港境內或境外生效者);
(f)用於直接促銷的選定人士(作為自願性用途);
(g)萬通為上文第4(l)段所載用途而聘用的外部服務供應商(包括但不限於郵寄公司、電訊公司及資訊科技公司);及
(h)萬通的任何實際或建議承讓人或萬通對客戶的權利的參與人或附屬參與人或受讓人。

個人資料的保安
萬通的政策為因應資料的敏感程度及因擅自查閱所造成的損害程度,確保個人資料獲得適當程度的保護並全面遵守該條例下的規定(尤其是該條例下的第4保障資料原則),以防止資料被擅自查閱、處理或作其他用途。為達到適當程度的保安保護,萬通的一貫做法為透過提供保安的儲存設施,以及在資料存置設備實施保安措施,來限制對資料的實體接觸。萬通亦採取措施以確保查閱該等資料的人士具備良好操守、審慎態度及辦事能力。資料只會以保安的方式傳送。

個人資料的準確性
萬通的政策為確保由萬通收集及處理的所有個人資料均為準確並全面遵守該條例下的規定(尤其是該條例下的第2保障資料原則)。萬通實施適當的程序以定期核對及更新所有個人資料,以確保有關的資料就被使用或將被使用的目的而言屬準確。倘若萬通所持有的個人資料含有意見陳述,萬通會採取一切合理切實可行的步驟,以確保任何為支持有關意見陳述而獲引述的事實,均屬正確。

個人資料的收集
6.1在收集個人資料的過程中,萬通會向有關個人提供一份「個人資料收集聲明」,向他們述明(當中包括)收集的擬作目的、可能獲轉移資料的人士的擬定類別、他們查閱及改正資料的權利,以及其他有關資料。
6.2就於網上收集個人資料而言,萬通會採納以下實務:
(a)網上保安
萬通會按照嚴格的保安及保密標準保障在網上提供給萬通的任何資料;並就互聯網上敏感性資料的傳輸採用加密技術,以保障個人的私隱。
(b)「曲奇」檔案
「曲奇」檔案是由網站伺服器傳送至瀏覽器的小段資訊,這些資料儲存於本機硬碟中,使網站伺服器能於稍後再從瀏覽器內讀取。這有助網站保存某特定使用者的資料。 「曲奇」檔案被設計成只可讓發出的網站讀取,但不能用作取得使用者的硬碟資料、電郵地址或收集使用者的敏感性資料。 萬通只會將「曲奇」用於識別通信期,而不會把使用者的敏感性資料存置於「曲奇」檔案內。當使用者瀏覽萬通網站時,所有通信將會利用「曲奇」檔案去識別使用者身份。當使用者結束瀏覽萬通網站時,「曲奇」檔案亦會失效。倘若使用者嘗試將其網絡瀏覽器的「曲奇」檔案設定為停止運作,便未必能使用萬通的網上及其他財務服務。 (c)網上改正資料
透過網上設施提供給萬通的個人資料一經呈交,便未必能在網上刪除、改正或更新。使用者如未能在網上作出刪除、改正或更新,便應聯絡萬通有關部門或分行。 (d)網上保留資料
在網上收集的個人資料會被轉移到萬通有關部門或分行處理。個人資料不會保留於萬通網站伺服器的資料庫。

超連結政策
7.1 雖然萬通網站包含超連結或可連接至其他網站/網址,但這並不表示或暗示萬通對該等超連結、連接,或有關該等網站/網址的身份或資料作任何認證、核實、聲明、批核或認可。
7.2就該等超連結、連接、與萬通網站連結或連接的其他網站/網址所提供或附有資訊的內容、供應、準確性或遺漏,萬通明確表明概不負責。
7.3一切通往其他網站、網址或資源的超連結或連接,當中之存取及使用風險全由客戶自行承擔。
查閱資料要求及改正資料要求
8.1萬通的政策為按照該條例的規定,依從及處理一切查閱資料及改正資料要求;及讓所有有關職員熟悉有關的規定,以協助提出有關要求的各人士。
8.2萬通或會在符合該條例的規定下,就查閱資料要求徵收適當費用。倘若任何提出查閱資料要求的人士要求萬通提供按早前的查閱資料要求提供過的個人資料的額外副本,萬通或會收取費用以全數彌補因提供該額外副本而涉及的行政成本及其他成本。
8.3致予萬通的查閱及改正資料的要求,可向資料保障主任或其他相特定指明人員提出。

資料保留
萬通的政策,乃採取一切實際可行的步驟以確保個人資料的保存時間不超過將其保存以貫徹該資料被使用於或會被使用於的目的(包括任何直接有關的目的)所需的時間。 直接促銷
萬通的政策,乃於收集或使用個人資料以作直接促銷目的時,確保其嚴格依從該條例及與之相關的有關指引下的規定。如無有關客戶的訂明同意,萬通不會將個人資料用於直接促銷目的。

遵守該條例
除上文明述的各點外,就其客戶的個人資料的收集、處理或使用而言,萬通將全面遵守該條例及與之相關的有關指引下的一切規定。
為確保遵守該條例及與之相關的有關指引所載的規定,萬通備有:
11.1紀錄簿,即該條例第27條所規定的紀錄簿;
11.2內部政策及指引以供萬通員工使用及視為指引,其內容關乎對該條例及與之相關的有關指引的遵守事宜。
資料保障主任的委任
12.1萬通已委任資料保障主任,以負責統籌及監察該條例及與之相關的有關指引,以及萬通保障個人資料政策的遵守情況。

(本聲明的英文及中文版本如出現歧異,概以英文版本為準。)

萬通亞州有限公司

PRIVACY POLICY STATEMENT

INTRODUCTION

This Statement is adopted as the Privacy Policy Statement ("Statement") of AlrightAsia Co., Limited ("AlrightAsia"). The purpose of this Statement is to establish the policies and practices of AlrightAsia's commitment to protect the privacy of personal data of its customer and to act in compliance with all the requirements under the Personal Data (Privacy) Ordinance (the "Ordinance") and implementation of the guidelines thereon issued by the Licensed Money Lenders Association relating to the Ordinance. AlrightAsia will use its best endeavours to adhere to the Ordinance and the relevant governing principles and guidelines in relation thereto and will ensure compliance by our staff with the policies and practices set out in this Statement and the requirements under the Ordinance and the relevant guidelines in relation thereto.

PURPOSES OF THE PERSONAL DATA HELD
2.1From time to time, it is necessary for customers to supply AlrightAsia with personal data in connection with the opening and/or continuation of loan accounts, the establishment and/or continuation of credit facilities, and/or provision of other financial services.
2.2Failure to supply such personal data may result in AlrightAsia being unable to open or continue loan accounts, or establish or continue credit facilities, or provide other financial services to customers.
2.3It is also the case that personal data are collected from customers in the ordinary course of business of AlrightAsia, for example, when customers communicate verbally or in writing with AlrightAsia, by means of documentation or AlrightAsia's telephone recording system (as the case may be).
2.4The purposes for which customers' personal data may be used are as follows:
(a)the daily operation of loan accounts, credit facilities and other financial services provided to customers;
(b)conducting credit checks upon an application for credit and when regular or special reviews are conducted from time to time;
(c)creating and maintaining AlrightAsia's credit scoring models;
(d)assisting other money lenders and/or financial institutions to conduct credit checks and collect debts;
(e)ensuring ongoing credit worthiness of customers;
(f)designing financial services or related products for customers' use;
(g)determining amounts owed to or by customers;
(h)collection of amounts outstanding from customers;
(i)complying with the obligations, requirements or arrangements for disclosing and using data that apply to AlrightAsia or that it is expected to comply according to: any law binding or applicable to it within or outside Hong Kong Special Administrative Region ("Hong Kong") existing currently or in the future;
any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently or in the future; and
any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on AlrightAsia by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
(j)complying with any obligations, requirements, policies, procedure, measures or arrangements for sharing data and information within any of the subsidiaries, holding companies, associated companies or affiliates of AlrightAsia (the "AlrightAsia Co., Limited ") and/or any other use of data and information in accordance with any Group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
(k)enabling an actual or proposed assignee of AlrightAsia, or participant or sub-participant of AlrightAsia's rights in respect of customers to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
(l)marketing financial services or products of AlrightAsia; and
(m)other purposes relating to each of the above.
The purposes listed in paragraphs (a) to (k) (inclusive) and any purposes related thereto are "obligatory" purposes, meaning that customers must permit AlrightAsia to use their personal data for these purposes if they wish to use AlrightAsia's services. The purposes listed in paragraph (l) and any purposes related thereto are "voluntary" purposes, meaning that customers have a choice whether AlrightAsia can use their data for these purposes and if a customer does not want AlrightAsia to use his/her personal data for those purposes, he/she can tell AlrightAsia and AlrightAsia will not use his/her personal data for those purposes.

CLASSES OF POSSIBLE TRANSFEREES OF THE PERSONAL DATA
Personal data held by AlrightAsia relating to a customer will be kept confidential but AlrightAsia may provide such data to the following parties (whether within or outside Hong Kong) for the purposes set out in paragraph 2.4 (all obligatory purposes except paragraph 2.4(l)):
(a)any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or other services to AlrightAsia in connection with the operation of its business;
(b)any other person under a duty of confidentiality to AlrightAsia including a member of the AlrightAsia Group Companies which has undertaken to keep such information confidential; (c)any person with the express prescribed consent of customers;
(d)credit reference agencies, and, in the event of default, debt collection agencies;
(e)any person to whom AlrightAsia is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to AlrightAsia, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which AlrightAsia is expected to comply, or any disclosure pursuant to any contractual or other commitment of AlrightAsia with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside of Hong Kong and may be existing currently or in the future;
(f)as a voluntary purpose, selected persons for use in direct marketing;
(g)external service providers (including but not limited to mailing houses, telecommunication companies and information technology companies) that AlrightAsia engages for the purpose set out in paragraph 4(l) above; and
(h)any actual or proposed assignee of AlrightAsia or participant or sub-participant or transferee of AlrightAsia's rights in respect of the customers.

SECURITY OF PERSONAL DATA
It is the policy of AlrightAsia to ensure an appropriate level of protection for personal data in full compliance with the requirements under the Ordinance, particularly Data Protection Principle 4 under the Ordinance in order to prevent unauthorized access, processing or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by unauthorized access to that data. It is the practice of AlrightAsia to achieve appropriate levels of security protection by restricting physical access to data by providing secure storage facilities, and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data. Data is only transmitted by secured means.

ACCURACY OF PERSONAL DATA
It is the policy of AlrightAsia to ensure accuracy of all personal data collected and processed by AlrightAsia in full compliance with the requirements under the Ordinance, particularly Data Protection Principle 2 under the Ordinance. Appropriate procedures are implemented to provide for all personal data to be regularly checked and updated to ensure that it is accurate having regard to the purposes for which that data are or are to be used. In so far as personal data held by AlrightAsia consists of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct.

COLLECTION OF PERSONAL DATA
6.1In the course of collecting personal data, AlrightAsia will provide the individuals concerned with a Personal Information Collection Statement informing them of, amongst other things, the proposed purposes of collection, proposed classes of persons to whom the data may be transferred, their rights to access and correct the data, and other relevant information.
6.2In relation to the collection of personal data on-line, the following practices are adopted: (a)On-line Security
AlrightAsia will follow strict standards of security and confidentiality to protect any information provided to AlrightAsia online. Encryption technology is employed for sensitive data transmission on the Internet to protect individuals' privacy.
(b)Cookies
Cookies are small pieces of data transmitted from a web server to a web browser. Cookie data is stored on a local hard drive such that the web server can later read back the cookie data from a web browser. This is useful for allowing a website to maintain information on a particular user. Cookies are designed to be read only by the website that provides them. Cookies cannot be used to obtain data from a user's hard drive, get a user's e-mail address or gather a user's sensitive information.
AlrightAsia will only use cookies as a session identifier and will not store user's sensitive information in cookies. Once a session is established, all the communications will use the cookies to identify a user. The cookies will expire once the session is closed. If users try to disable cookies from their web browsers, they may not be able to access AlrightAsia's Internet and other financial services.
(c)On-line Correction
Personal data provided to AlrightAsia through an on-line facility, once submitted, may not be facilitated to be deleted, corrected or updated on-line. If deletion, correction and update are not allowed online, users should approach relevant departments or branches of AlrightAsia. (d)On-line Retention
Personal data collected on-line will be transferred to AlrightAsia's relevant departments or branches for processing. Personal data will not be retained in web server's database of AlrightAsia.

HYPERLINK POLICY
7.1The availability of hyperlinks or connection to other sites / addresses at AlrightAsia's Website does not mean or imply any authentication, verification, representation, approval or endorsement by AlrightAsia of such hyperlinks, connection, or the identity or information relating to such sites / addresses.
7.2AlrightAsia expressly disclaims any responsibility for such hyperlinks, connection, the contents, availability, accuracy or omission of information at other sites/addresses linked to or found on the sites/addresses that link to or from AlrightAsia's Website.
7.3All hyperlinks or connection to other sites, addresses or resources are accessed and used at customers' own risks.

DATA ACCESS REQUESTS AND DATA CORRECTION REQUESTS
8.1It is the policy of AlrightAsia to comply with and process all data access and correction requests in accordance with the provisions of the Ordinance, and for all staff concerned to be familiar with the requirements for assisting individuals to make such requests.
8.2AlrightAsia may, subject to the Ordinance, impose a moderate fee for complying with a data access request. If a person making a data access request requires an additional copy of the personal data that AlrightAsia has previously supplied pursuant to an earlier data access request, AlrightAsia may charge a fee to cover the full administrative and other costs incurred in supplying that additional copy.
8.3Data access and correction requests to AlrightAsia may be addressed to the Data Protection Officer ("DPO") or other person as specifically advised.
DATA RETENTION
It is the policy of AlrightAsia to take all practical steps to ensure that personal data are not kept longer than is necessary for the fulfilment of the purposes (including any directly related purposes) for which the data are or are to be used.

DIRECT MARKETING
It is the policy of AlrightAsia to ensure that it strictly follows the requirements under the Ordinance and the relevant guidelines in relation thereto when collecting or using personal data for direct marketing purposes. AlrightAsia will not use personal data for direct marketing purpose without the prescribed consent of the relevant customers.

COMPLIANCE WITH THE ORDINANCE
Apart from the above specifically mentioned points, AlrightAsia will fully comply with all requirements under the Ordinance and the relevant guidelines in relation thereto regarding the collection, handing, or use of personal data of its customers.
The following are maintained by AlrightAsia to ensure compliance with the Ordinance and the relevant guidelines in relation thereto: 11.1A Log Book as provided for in section 27 of the Ordinance;
11.2Internal policies and guidelines on compliance with the Ordinance and the relevant guidelines in relation thereto for use by and guidance to staff of AlrightAsia.

APPOINTMENT OF DATA PROTECTION OFFICER
12.1To co-ordinate and oversee compliance with the Ordinance and the relevant guidelines in relation thereto, and the personal data protection policies of AlrightAsia, a DPO has been appointed by AlrightAsia.
12.2The contact details of the DPO are as follows:


AlrightAsia Co., Limited
Tel:2601 6298

(In the event of any inconsistency between the English and Chinese versions of these statements, the English version will prevail.)

AlrightAsia (Hong Kong) Co., Limited