To preserve the confidentiality of all information provided by you through internet, we maintain the following privacy principles:
- We only collect personal information that we believe to be relevant and required to understand your financial needs and to conduct our business.
- We use your personal information to provide you with better customer services and products.
- We may pass your personal information to our group’s companies or agents, as permitted by law.
- We will not disclose your personal information to any external organisation unless we have obtained your consent.
- We may be required from time to time to disclose your personal information to Governmental or judicial bodies or agencies or our regulators, but we will only do so under proper authority.
- We aim to keep your personal information on our records accurate and up-to-date.
- We maintain strict internet security systems designed to prevent unauthorised access to your personal information by anyone.
Your Privacy Matters to Us
This section provides specific details of how we treat any personal information you might wish to provide us when you visit this site.
- Sun Hung Kai Credit Limited (the "Company") will strive at all times to ensure that your personal data will be protected against unauthorised or accidental access, processing or erasure. We maintain this commitment to data security by implementing appropriate physical, electronic and managerial measures to safeguard and secure your personal data.
- Our web servers are protected behind "firewalls" and our systems are monitored to prevent any unauthorised access. We will not send personal information to you by ordinary email. As the security of ordinary email cannot be guaranteed, you should only send email to us using the secure email facility on our website.
- All practical steps will be taken to ensure that personal data will not be kept longer than necessary and that the Company will comply with all statutory and regulatory requirements in the Hong Kong Special Administrative Region concerning the retention of personally identifiable information.
- Please be reminded that you should not share your Username and/or password or allow access or use of it by others. We endeavor to put in place high standards of security to protect your interests.
- You should safeguard your unique Username and Password by keeping it secret and confidential. Never write them down or share these details with anyone. If you think your Username and/or password has been disclosed to a third party, is lost or stolen and unauthorised transactions may have been conducted, you are responsible to inform us immediately.
Collection of Personal Information through Internet
We shall also collect personal data on-line in the course of business, the following practices are adopted:
- On-line Security
The Company will follow strict standards of security and confidentiality to protect any information provided to the Company online. Encryption technology is employed for sensitive data transmission on the Internet to protect individuals’ privacy.
Your visit to our website may be recorded for analysis on the number of visitors to the website and general usage patterns. Some of this information will be gathered through the use of "Cookies".
Cookies are small pieces of data transmitted from a web server to a web browser. Cookie data is stored on a local hard drive such that the web server can later read back the cookie data from a web browser. This is useful for allowing a website to maintain information on a particular visitor.
Cookies are designed to be read only by the website that provides them. Cookies cannot be used to obtain data from a user’s hard drive, get a user’s e-mail address or gather a user’s sensitive information.
- On-line Correction
Personal data provided to the Company through an on-line facility, once submitted, it may not be facilitated to be deleted, corrected or updated on-line. If deletion, correction and updates are not allowed online, users should approach relevant officers of the Company.
- On-line Retention
Personal data collected on-line will be transferred to relevant members of the Company, departments or branches for processing. Personal data will be retained in the Company internet systems’ database normally for a period of not longer than six months.
Notice to Customers and Other Individuals Relating to the Personal Data (Privacy) Ordinance (the "Ordinance") and the Code of Practice on Consumer Credit Data
- It is the policy of Sun Hung Kai Credit Limited ("the Company") to respect and safeguard the privacy of an individual's personal data. Compliance with the Ordinance is not only the prime objective of the management but also direct responsibility of every staff member of the Company. The Company shall preserve the confidentiality of all information provided by customers. This policy statement stipulates the purpose of the data collection and customer's data protection.
- Customer always has the right to access his personal data and update it whenever appropriate. Customer is advised to take note of the following.
- The term "data subject(s)", wherever mentioned in this Notice, includes the following categories of individuals:-
- applicants for or customers/users of credit facilities and related financial services and products and so forth provided by a Company and their authorized signatories;
- sureties, guarantors and parties providing security, guarantee or any form of support for obligations owed to a Company;
- directors, shareholders, officers and managers of any corporate applicants and data subjects/users;
- users of the Company’s Website, Mobile Application, Smart Teller Machine (“STM”) and any other electronic means and procedures as provided or approved by the Company to access to the services of the Company; and
- suppliers, contractors, service providers and other contractual counterparties of the Company.
For the avoidance of doubt, "data subjects" shall not include any incorporated bodies. The contents of this Notice shall apply to all data subjects and form part of the terms and conditions of the Loan Agreement and/or the agreement or arrangement and any contracts for services that the data subjects have or may enter into with the Company from time to time. If there is any inconsistency or discrepancy between this Notice and the relevant contract, this Notice shall prevail insofar as it relates to the protection of the data subjects' personal data. Nothing in this Notice shall limit the rights of the data subjects under the Ordinance.
- From time to time, it is necessary for data subjects to supply the Company with data in connection with the opening or continuation of accounts and the establishment or continuation of credit facilities or provision of credit facilities and related financial services and products which include but not limited to personal loan, revolving loan, property mortgage and property valuation services. Such data includes but are not limited to:-
- full name;
- identity card number or travel document number including copies of the identity card and travel document as well as data embedded in the integrated circuits in such documents;
- date of birth;
- residential and/or correspondence address(es);
- telephone/mobile phone number(s);
- email address;
- biometric data including but not limited to facial image(s) and data embedded in biometrically enabled identity and/or travel documents whether obtained through biometric sensor module on the user’s electronic devices or otherwise;
- salaries and income;
- household expenses and number of dependents; and
- such other or further data as the Company deems necessary.
- Failure to supply such data may result in the Company being unable to open or continue accounts or establish or continue credit facilities or provide credit facilities and related financial services and products.
- It is also the case that data are collected from data subjects in the ordinary course of business for the purpose of processing of new or renewal of loan application or services (including reviewing, re-considering, assessing, examining, inspecting, scrutinizing, auditing, analyzing, monitoring complying and ensuring compliance with laws, rules and regulations), either application in person, through telephone, Internet, Mobile Application, STM (or other means). This includes information obtained from Credit Reference Agency* and/or contractors providing electronic identity authentication services.
- The purposes for which the data relating to the data subjects may be used will vary depending on the nature of the data subjects' relationship with the Company, they may include the following:-
- assessing the merits and suitability of the data subjects as actual or potential or continued applicants for credit facilities and related financial services and products and/or processing and/or approving their applications, renewals and cancellations;
- the daily operation of the services and credit facilities provided to the data subjects;
- conducting credit checks at the time of application for credit/loan and at the time of regular or special reviews which normally will take place one or more times each year. The Company undertakes these reviews to determine whether the data subjects existing credit/loan amount should be increased, decreased or where appropriate remained unchanged;
- creating and maintaining the Company's credit scoring models;
- providing reference;
- assisting other financial institutions to conduct credit checks and collect debts;
- ensuring ongoing credit worthiness of data subjects;
- designing credit facilities and related financial services and products for data subjects' use;
- marketing services, products and other subjects (please see further details in Paragraph 11 below);
- determining amounts owed to or by the data subjects;
- collection of amounts outstanding from the data subjects and those providing security for the data subjects' obligations;
- complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Company or any of its branches or that it is expected to comply according to:
- any law binding or applying to it within or outside the Hong Kong Special Administrative Region;
- any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Hong Kong Special Administrative Region;
- any contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Company or any of its branches by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
- complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the group companies of the Company and/or between different departments in the Company and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
- enabling an actual or proposed assignee of the Company, or participant or sub-participant of the Company’s rights in respect of the data subjects to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
- comparing data of the data subjects or other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking action against the data subjects;
- maintaining a credit history or otherwise, a record of data subjects (whether or not there exists any relationship between data subjects and the Company) for present and future reference;
- obtaining effecting and taking out life insurance of the data subject to protect the Company’s interest against data subject’s indebtedness due to the Company in the event of death, with the Company being made the policy owner and the sole and ultimate beneficiary under such insurance policy, and “data” in this clause shall include but is not limited to data subject’s names, identification document numbers, loan account numbers, loan amount and outstanding indebtedness from time to time. The ownership interest rights title and benefit under such insurance belongs to the Company solely and personally and does not form any security against data subject’s indebtedness to the Company;
- confirming, verifying and authenticating the identities of the data subjects;
- conducting review of the loan application, services provided and on-going services; conducting fraud review and investigation; conducting, preparing and facilitating internal and external audit; exercising credit control of the loan application, services provided and on-going services; handling claims and potential claims by and against the Company; exercising internal control and managing of data by the Company (including different departments in the Company), its group of companies and contractors; and
- purposes incidental, associated or relating thereto.
- Data held by the Company relating to data subjects will be kept confidential but the Company may provide and disclose such data to the following parties for the purposes set out in Paragraph 7:-
- any agent, auditor, contractor or third party service provider who provides administrative, general supporting, auditing, data management, credit control, analytic, product review, fraud review and investigation, compliance monitoring, telecommunications, computer, payment or securities clearing, electronic identity authentication or other services to the Company in connection with the operation of its business, wherever situated;
- any other person under a duty of confidentiality to the Company including different departments in the Company and group companies of the Company which has undertaken to keep such information confidential;
- the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
- any person making payment into the data subject's account;
- any person receiving payment from the data subject, the banker of such person and any intermediaries which may handle or process such payment;
- Credit Reference Agency*, and, in the event of default, to debt collection agencies;
- any person to whom the Company or any of its branches is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to the Company or any of its branches, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Company or any of its branches are expected to comply, or any disclosure pursuant to any contractual or other commitment of the Company or any of its branches with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside the Hong Kong Special Administrative Region;
- any actual or proposed assignee of the Company or participant or sub-participant or transferee of the Company's rights in respect of the data subject; and
- the data was collected provide such information to the following parties:-
- any member of the group companies of the Company;
- third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
- third party reward, loyalty, co-branding and privileges programme providers;
- co-branding partners of the Company and the group companies of the Company (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
- charitable or non-profit making organisations; and
- external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies, information technology companies and companies providing electronic identity authentication services) that the Company engages for the purposes set out in Paragraph 7 above, wherever situated.
The Company may from time to time transfer the data relating to the data subjects to a place outside Hong Kong Special Administrative Region for the purposes set out in Paragraph 7 above.
- For the purpose of Paragraphs 7(c), 7(o) and 7(r) above, the Company may from time to time access and obtain consumer credit data of the data subject from a Credit Reference Agency* for reviewing any of the following matters in relation to the credit facilities granted:-
- the identity of the data subject;
- an increase in the credit amount;
- the curtailing of credit (including the termination of credit or a decrease in the facility amount); or
- the putting in place or the implementation of a scheme of arrangement with the data subject.
When the Company accesses consumer credit data about a data subject held with a Credit Reference Agency*, it must comply with the Code of Practice on Consumer Credit Data approved and issued under the Ordinance.
- With respect to data in connection with mortgages applied by the data subject (if applicable, and whether as a borrower, mortgagor or guarantor and whether in the data subject's sole name or in joint names with others) on or after 1 April 2011, the following data relating to the data subject (including but not limited to any updated data of any of the following data from time to time) may be provided by the Company, on its own behalf and/or as agent, to a Credit Reference Agency*:-
- full name;
- capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in the data subject's sole name or in joint names with others);
- identity card number or travel document number;
- date of birth;
- correspondence address;
- mortgage account number in respect of each mortgage;
- type of the facility in respect of each mortgage;
- mortgage account status in respect of each mortgage (e.g., active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order); and
- if any, mortgage account closed date in respect of each mortgage.
The Credit Reference Agency* will use the above data supplied by the Company for the purposes of compiling a count of the number of mortgages from time to time held by the data subject with credit providers in Hong Kong Special Administrative Region, as borrower, mortgagor or guarantor respectively and whether in the data subject's sole name or in joint names with others, for sharing in the consumer credit database of the Credit Reference Agency* by credit providers (subject to the requirements of the Code of Practice on Consumer Credit Data approved and issued under the Ordinance).
- USE OF DATA IN DIRECT MARKETING
The Company intends to use the data subject's data in direct marketing and the Company requires the data subject's consent (which includes an indication of no objection) for that purpose. In this connection, please note that:-
- the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of the data subject held by the Company from time to time may be used by the Company in direct marketing;
- the following classes of services, products and subjects may be marketed:
- credit facilities and related financial services and products;
- reward, loyalty or privileges programmes and related services and products;
- services and products offered by the Company's co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
- donations and contributions for charitable and/or non-profit making purposes;
- the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Company and/or:
- any member of the group companies of the Company;
- third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
- third party reward, loyalty, co-branding or privileges programme providers;
- co-branding partners of the Company and the group companies of the Company (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
- charitable or non-profit making organisations;
- in addition to marketing the above services, products and subjects itself, the Company also intends to provide the data described in Paragraph 11(a) above to all or any of the persons described in Paragraph 11(c) above for use by them in marketing those services, products and subjects, and the Company requires the data subject's written consent (which includes an indication of no objection) for that purpose;
- the Company may receive money or other property in return for providing the data to the other persons in Paragraph 11(d) above and, when requesting the data subject’s consent or no objection as described in Paragraph 11(d) above, the Company will inform the data subject if it will receive any money or other property in return for providing data to the other persons.
If a data subject does not wish the Company to use or provide to other persons his/her data for use in direct marketing as described above, the data subject may exercise his/her opt-out right by notifying the Company.
- Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data approved and issued under the Ordinance, any data subject has the right:-
- to check whether the Company holds data about him and of access to such data;
- to require the Company to correct any data relating to him which is inaccurate;
- to ascertain the Company's policies and practices in relation to data and to be informed of the kind of personal data held by the Company;
- to be informed on request which items of data are routinely disclosed to Credit Reference Agency* or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant Credit Reference Agency* or debt collection agency; and
- in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Company to a Credit Reference Agency*, to instruct the Company, upon termination of the account by full repayment, to make a request to the Credit Reference Agency* to delete such account data from its database, as long as the instruction is given within five years of termination and at no time was there any default of payment in relation to the account, lasting in excess of 60 days within five years immediately before account termination. Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by the Company to a Credit Reference Agency*), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).
- In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data (as defined in Paragraph 12(e) above) may be retained by the Credit Reference Agency* until the expiry of five years from the date of final settlement of the amount in default.
- In the event any amount in an account is written-off due to a bankruptcy order being made against the data subject, the account repayment data (as defined in Paragraph 12(e) above) may be retained by the Credit Reference Agency*, regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until the expiry of five years from the date of final settlement of the amount in default or the expiry of five years from the date of discharge from a bankruptcy as notified by the data subject with evidence to the Credit Reference Agency*, whichever is earlier.
- In accordance with the terms of the Ordinance, the Company has the right to charge a reasonable fee for the processing of any data access request.
- The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed is as follows:
The Data Protection Officer
Sun Hung Kai Credit Limited
Room 803-805, 8/F, Allied Kajima Building,
138 Gloucester Road, Wanchai, Hong Kong
Telephone: 2996 2688
Facsimile: 2702 3318
- The Company may have obtained a credit report on or access the database of the data subject from a Credit Reference Agency* in considering any application for credit or conducting credit reviews from time to time. In the event that the data subject wishes to access the credit report, the Company will advise the contact details of the relevant Credit Reference Agency*.
- In case of discrepancies between the English and Chinese versions, the English version shall prevail.
* “Credit Reference Agency” means a credit reference agency in Hong Kong approved for participation in the Multiple Credit Reference Agencies Model.
Date: February 2022