1 Introduction
This Statement is adopted as the “Privacy Policy Statement” (hereinafter referred to as “this Statement”) of Fidelity Credit Limited (hereinafter referred to as “the Company”). The purpose of entering into this statement is to establish the policy and practice of the company to fully implement and abide by the principles of data protection, to comply with the various terms and provisions of the Personal Data (Privacy) Ordinance (hereinafter referred to as the “Ordinance”), and to implement the policies and practices established by Guidelines issued by the Licensed Money Lenders Association of Hong Kong in relation to the Ordinance. The company will abide by the principles and minimum standards set forth in this statement.
2. Types of personal data held by the company
2.1 The personal data of customers held by the company may include the following items:
(a) the name and address, occupation, contact details, date of birth and nationality of the client and his or her spouse, their identity card and/or passport number and date and place of issue;
(b) the name and contact details of the client’s advisor;
(c) the current employer, nature of the position, annual salary and other benefits of the client and his/her spouse;
(d) details of properties, assets or investments held by the client and his/her spouse;
(e) details of other assets or liabilities (actual or contingent) owned by the client and its spouse;
(f) Information obtained by the Company in the continuation of the normal business relationship with the customer (for example, when the customer communicates with the Company in oral or written form under normal circumstances, the Company will also collect the customer’s information, which may be in the form of documents or telephone recordings or online system collection);
(g) credit information provided by consultants, credit reference agencies or debt collection agencies in connection with requests to collect any money owed to us by customers; and
(h) Information that is publicly available.
2.2 The Company may hold other types of personal data as required in view of experience and the particular nature of its business.
3. Purpose of using personal data
3.1 When customers open or extend credit accounts, establish or extend credit or installment loans, or provide other financial services, they need to provide relevant information to the company from time to time.
3.2 During the continuation of normal business operations between the customer and the company, the company will also collect the customer’s information.
3.3 Customer information may be used for the following purposes:
(a) processing applications for credit and/or other financial services;
(b) the day-to-day operation of providing services and credit facilities to customers;
(c) Credit investigations conducted when customers apply for credit, and periodic or special inspections conducted once or more per year, and verification procedures (as defined in the Ordinance) conducted by the Company;
(d) compiling and maintaining the Company’s credit scoring model;
(e) assisting other money lenders and/or financial institutions with credit checks and debt collection;
(f) to ensure that the credit of customers remains in good standing;
(g) designing and providing financial services or related products used by customers;
(h) marketing financial services and products for the Company or selected companies;
(i) calculation of liabilities between the Company and the Client;
(j) conducting insurance claims or analyses;
(k) Corporate credit evaluation or data analysis for operational needs;
(l) To collect debts owed to customers and persons providing security for the obligations of customers to maintain credit files of such persons for present or future reference of the Company (whether such persons have a relationship with the Company or not);
(m) maintain the customer’s credit file for the company’s present or future reference (whether the customer has a relationship with the company or not);
(n) make required disclosures to regulators, police or courts as required by any applicable legislation, rule, court order to which the Company is subject, or guidance from a regulatory authority to which the Company is expected to comply;
(o) cause an actual or proposed assignee of the Company, or a participant or sub-participant of the Company’s rights in relation to the Client, to evaluate the transaction intended to be an assignment, participation or sub-participation; and
(p) purposes related to the above.
4. Security of personal data
It is the company’s policy to provide appropriate protection in accordance with the provisions of the Ordinance to ensure the security level of personal data, the sensitivity of the data and the damage caused by unauthorized access, so as to prevent the data from being accessed, processed or used for other purposes without authorization. . To achieve an appropriate level of security, it is the Company’s practice to strictly limit data access by providing secure storage facilities and implementing security measures in data storage facilities. The company will also take measures to ensure that those who handle such information have good conduct, prudence and competence. Data will only be transmitted in a properly secure manner.
5. Accuracy of Personal Data
It is the company’s policy to ensure that all information collected and processed by the company is accurate in accordance with the provisions of the Ordinance. The Company will implement appropriate procedures to regularly check and update all personal information to ensure that the information is reasonably accurate for the purposes for which it is being used. If the personal data held by the company contains a statement of opinion, the company will take all reasonably practicable steps to ensure that any statement of fact supporting the statement of opinion is correct.
6. Collection of personal data
6.1 During the process of collecting personal data, the company will provide the data subject with a “Personal Data Collection Statement”, stating the purpose of data collection, the identity category of the person to whom the data will be transferred, the right to access and correct the data, and other relevant information.
6.2 Regarding the Company’s collection of personal data from the Internet, the Company will adopt the following practices:
(a) Online Security
The company will protect any information provided to the company on the Internet in accordance with strict security and confidentiality standards. Encryption has been adopted to transmit sensitive information on the Internet to protect personal privacy.
(b) Cookies “cookie” file
A “cookie” file is a small piece of information sent by a web server to a browser, which is stored on the computer’s hard drive so that the web server can later read it from the browser. This helps the website to save certain user data.
“Cookie” files are designed to be read only by the sending website, but cannot be used to obtain users’ hard disk data, email addresses or collect sensitive information about users.
The company only uses “cookie” files to identify users in a specific period, and does not store sensitive information of users in “cookie” files. When a user browses the company’s website, all links will use “cookie” files to identify the user. When the user finishes browsing the company’s website, the “cookie” file will also become invalid. If users try to disable the “cookie” file in their web browser, they may not be able to use the Company’s online and other financial services.
(c) Correction of data online
Personal data provided to the Company through online facilities may not necessarily be canceled, corrected or updated online once submitted. If the user fails to cancel, correct or update online, he must contact the relevant department or branch of the company.
(d) Online Retention of Information
Personal data collected online will be transferred to relevant departments or branches of the company for processing. Personal information is generally not stored on web servers.
7. Data Access Requests and Data Correction Requests
7.1 The company’s policy is to comply with and process all data access and data correction requests in accordance with the provisions of the Ordinance; and to familiarize all relevant staff with the relevant regulations to assist everyone in making relevant requests.
7.2 The Company may charge appropriate fees for data access requests subject to compliance with the Ordinance. If any person making a data access request requests the Company to provide additional copies of personal data provided pursuant to a previous data access request, the Company may charge a fee to fully cover the administrative or other costs involved in providing such additional copies cost of.
7.3 Requests for data access and correction may be addressed to the Data Protection Officer or other relevant designated personnel.
8. Other Practices
To ensure compliance with the requirements set out in the Ordinance, the Company has:
8.1 Data record book, which is the record book stipulated in Article 27 of the Regulation;
8.2 Internal policies and guidelines are used by the company’s employees to ensure that all employees comply with the regulations.
9. Appointment of Data Protection Officer
9.1 The company has appointed a data protection officer who is responsible for coordinating and monitoring compliance with the Ordinance and the company’s personal data protection policy.
9.2 The contact details of the Data Protection Officer are as follows:
Fidelity Credit Limited