JUST FINANCE’S PRIVACY PRINCIPLES
Just Finance Limited, (hereinafter referred to as “JF”) values your trust. JF is committed to the full implementation and compliance with the six data protection principles and the requirements of the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong) (the “Ordinance”). This Notification is intended to assist you in understanding JF’s collection of personal data and how that data is used and your rights in relation to that data.
GENERAL
1.Throughout this Notification, the term “data subject(s)” shall include the following classes of individuals: a. website visitors (if applicable), applicants for or customers of loan facilities, subscribers for or holders of debentures issued by JF and other related financial services and facilities provided by JF; and
b. directors, shareholders, officers and managers of any corporate applicants.
2.The contents of this Notification shall apply to all data subjects and form part of the terms and conditions of the Loan Agreement and/or the agreement or arrangement that the data subjects have or may enter into with JF from time to time. In the event of any inconsistency or discrepancy between this Notification and the relevant agreement/contract, this Notification shall prevail insofar as it relates to the protection of the data subject’s personal data.
COLLECTION OF PERSONAL DATA
3.For the purposes of carrying on JF’s business, it is necessary for data subjects to supply JF with personal data in connection with the opening or continuation of accounts and the establishment or continuation of loan facilities and related financial services.
4.In the ordinary course of the JF’s business, data subjects may also be requested to provide personal data for the purposes of processing new or renewal of loan applications, debenture subscription applications or other services either applied in person or through the Internet.
5.Failure to supply such personal data may result in JF being unable to process applications, open or continue accounts or provide loan facilities and related financial services.
6.Personal data of data subjects may also be obtained from credit reference agency (whose contact details can be provided upon request).
USE OF PERSONAL DATA
7.Depending whether a data subject is a loan applicant/customer or a debenture subscriber/holder, the personal data may be used for:
a. assessing the merits and suitability of applicants for loan facilities and related financial services and/or processing and/or approving their applications, renewals and cancellations;
b. enabling the daily operation of the services and loan facilities provided to customers;
c. conducting credit checks at the time of application for loan and at the time of periodic or special reviews of credit which normally will take place one or more times each year;
d. creating and maintaining JF’s credit scoring models;
e. ensuring ongoing credit worthiness of customers;
f. assisting other financial institutions to conduct credit checks and collect debts;
g. designing and developing loan/credit facilities and related financial services for customers’ use;
h. direct marketing services, products and other subjects as described in paragraphs 9 and 10 below;
i. determining the amounts of indebtedness owed to or by customers;
j. enabling the enforcement of customers’ obligations, including without limitation, the collection of amounts outstanding from customers;
k. enabling JF’s compliance with the duties, obligations, requirements or arrangements for disclosing and using personal data that apply to it or that it is expected to comply pursuant to:
1.any law binding or applicable to JF within or outside Hong Kong Special Administrative Region (“Hong Kong”) in force from time to time;
2.any guidelines, guidance or codes of practice given, published or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial service providers within or outside Hong Kong; and
3.any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations;
l. complying with the internal policies, procedures, measures or arrangements of JF for the use of data and information and for prevention or detection of money laundering, terrorist financing or other unlawful activities;
m. enabling an actual or proposed assignee or transferee of JF, or participant or sub-participant of JF’s rights in respect of the data subjects, to evaluate the transaction intended to be the subject of the assignment, transfer, participation or sub-participation;
n. comparing data of data subjects or other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking action against the data subjects; and
o. maintaining a credit history of the data subjects (whether or not there exists any relationship between the data subjects and JF) for present and future reference.
DISCLOSURE OF PERSONAL DATA
8.All personal data held by JF will be kept confidential but JF may, for the purposes set out in paragraph 7 above, provide and disclose such information to the following parties:
a. any agent, contractor or third party service provider who provides administrative, professional advisory, telecommunication, information service, computer, payment, data processing, debt collection or other services to JF in connection with the operation of its business, wherever situated;
b. any other person who is under a duty of confidentiality to JF and has undertaken to keep such information confidential;
c. credit reference agencies and, in the event of default, debt collection agencies;
d. any person to whom JF is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applicable to JF, or any disclosure under and for the purposes of any guidelines, guidance or codes of practice published, given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial service providers with which JF is expected to comply, or any disclosure pursuant to any contractual or other commitment of JF with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or relevant self-regulatory or industry bodies or associations, all of which may be within or outside Hong Kong and may be existing currently or in the future;
e. any actual or proposed assignee, transferee or participant or sub-participant of JF’s rights in respect of the data subjects;
f. subject to JF receiving data subject’s consent, JF may provide and disclose personal data held by JF to the following persons: 1.third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers; and
2.external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that JF may engage for the purposes set out in paragraph 7(h) above, wherever situated.
Such information collected in Hong Kong by JF may be transferred to places outside Hong Kong in order to carry out the purposes, or directly related purposes, for which the personal data were collected.
DIRECT MARKETING
9.JF intends to use a data subject’s data to conduct direct marketing of products or services and requires the data subject’s consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
a. the name, contact details, products and other service portfolio information, transaction pattern and behavior, financial background and demographic data of a data subject held by JF from time to time may be used by JF in direct marketing;
b. the classes of services, products and subjects which may be marketed includes credit/loan facilities and related financial services and products;
c. the above services, products and subjects may be provided by JF and/or third party financial institutions, insurers, securities and investment services providers;
d. in addition to marketing the above services, products and subjects itself, JF also intends to provide the data described in paragraph 9(a) above to all or any of the persons described in paragraph 9(c) above for use by them in marketing those services, products and subjects, and JF requires the data subject’s written consent (which includes an indication of no objection) for that purpose; and
e. JF may receive money or other property or benefit in return for providing the data to the other persons in paragraph 9(d) above. JF will inform the data subject if it will receive money or other property or benefit in return for providing the data to the other persons.
If a data subject does not wish JF to use or provide to the other person his or her data for use in direct marketing as described above, the data subject may exercise his/her opt-out right by notifying JF by ticking the appropriate box(es) in the Application Form indicating such objection and/or contacting the Privacy Compliance Officer.
10.A data subject may, at any time and without charge, choose not to receive any direct marketing material or message from JF by informing the Privacy Compliance Officer (whose contact details are set out below) in writing.
USE OF COOKIES
11.Cookies are small data files which are placed on data subject’s device when data subject visit certain parts of JF’s website or click on JF’s online advertisements. Cookies and similar technologies are used to identify data subject’s device for the following purposes:-
a. Strictly necessary cookies. These essential cookies are set throughout JF’s website and are required for the operation of the website to:
1.allow JF’s web server to determine whether the cookies setting on data subject’s web browser has been enabled or disabled. This allows JF to know whether data can be collected from data subject’s web browser;
2.temporarily allow data subject to carry information between pages of JF’s website to avoid having to re-enter that information;
3.temporarily identify data subject’s device after data subject has logged in to a secure page on JF’s website so that JF’s web server can maintain a dialogue with data subject’s web browser in order for data subject to carry out certain activities.
b. Analytical/performance cookies. These are used to help JF improve JF’s website by: 1.tracking data subject’s visits to JF’s website and recognizing data subject’s web browser when data subject is repeat visitor so that JF can gather statistics on new and repeat visitors to evaluate site effectiveness.
c. Functionality cookies. These are used to recognize data subject when data subject return to JF’s website. This enables JF to:
1. personalize content for data subject and remember his/her preferences (for example, choice of language and region);
2.store his/her login and other preferences so he/she does not have to re-enter that information when he/she return to JF’s website.
d. Targeting / advertising cookies. These cookies record data subject’s visits to JF’s website, his/her response to JF’s online advertisements, track the pages he/she have visited and the website links he/she have followed. JF use this information to:
1.make JF’s website more relevant to data subject’s interests;
2.provide online advertisements or offers on JF’s website or third-party websites which are most likely to interest he/she;
3.evaluate the effectiveness of JF’s online marketing and advertising programs.
The above cookies may be placed on data subject’s device by JF or by third parties on JF’s behalf (for example, advertising networks and providers of external services like web traffic analysis services). No personally identifiable information about data subject is collected or shared with third parties as a result of this.
Most web browsers are initially set up to accept cookies. Data subject can choose to ‘not accept’ cookies by changing the settings on his/her web browser but if he/she block all cookies, including strictly necessary cookies, he/she may find that certain features on our Website will not work properly.
RETENTION OF PERSONAL DATA
12.Personal data provided by data subjects are retained for as long as the purposes for which such data were collected continue. As a general rule the maximum retention period is 7 years.
ACCESS AND CORRECTION OF PERSONAL DATA
13.Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data approved and issued under the Ordinance, any individual has the right:
a. to check whether JF holds personal data about him/her and of access to such data;
b. to require JF to correct any personal data relating to him/her which is inaccurate;
c. to ascertain JF’s policies and practices in relation to personal data and to be informed of the kind of personal data held by JF;
d. to request to be informed which items of personal data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
e. in relation to any account data (including without limitation, any account repayment data) which has been provided by JF to a credit reference agency, to instruct JF, upon termination of the account by full repayment, to make a request to the credit reference agency to delete such account data from its database, so long as the instruction is given within 5 years of termination of account and at no time was there any material default of payment in relation to the account as determined by JF within 5 years immediately before account termination. Account repayment data includes amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by JF to a credit reference agency), remaining available credit or outstanding balance and default data. Default data includes amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting over 60 days (if any).
14.In the event of any default of payment, unless the amount in default is fully repaid or written off (otherwise than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data (as defined in paragraph 11(e) above) may be retained by the credit reference agency until the expiry of 5 years from the date of final settlement of the amount in default.
15.In the event any amount is written off due to a bankruptcy order being made against a customer, the account repayment data (as defined in paragraph 11(e) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveals any default of payment lasting over 60 days, until the expiry of 5 years from the date of final settlement of the amount in default or the expiry of 5 years from the date of discharge from a bankruptcy as notified by the customer with evidence to the credit reference agency, whichever is earlier.
16.In accordance with the terms of the Ordinance, JF has the right to charge a reasonable fee for the processing of any data access request.
17.To exercise any right of access and correction of personal data and to be informed of the kind of personal data held by JF, please write to the Privacy Compliance Officer of Just Finance Limited.
Nothing in this Notification shall limit the rights of the data subjects under the Ordinance.
18.In case of discrepancies between the English and Chinese versions, the English version shall prevail.
Privacy Compliance Officer
Just Finance Limited
Hong Kong