This Statement is made by Bibby Financial Services (Asia) Ltd ('the Company') in accordance with the Personal Data (Privacy) Ordinance of the Hong Kong Special Administrative Region ('the Ordinance'). The Statement is intended to notify you why personal data is collected, how it will be used and to whom data access requests are to be addressed.
The term "data subject(s)", wherever mentioned in this Statement, includes the following categories of individuals:-
- applicants for or customers/users of credit facilities and related financial services and products and so forth provided by a Company and their authorized signatories;
- sureties, guarantors and parties providing security, guarantee or any form of support for obligations owed to a Company;
- directors, shareholders, officers and managers of any corporate applicants and data subjects/users; and
- suppliers, contractors, service providers and other contractual counterparties of the Company.
For the avoidance of doubt, "data subjects" shall not include any incorporated bodies. The contents of this Statement shall apply to all data subjects and form part of the terms and conditions of the Facility Agreement and/or the agreement or arrangement and any contracts for services that the data subjects have or may enter into with the Company from time to time. If there is any inconsistency or discrepancy between this Statement and the relevant contract, this Statement shall prevail insofar as it relates to the protection of the data subjects' personal data. Nothing in this Statement shall limit the rights of the data subjects under the Ordinance.
- From time to time, it is necessary for data subjects to supply the Company with data in connection with various matters such as the opening or continuation of accounts, the establishment or continuation of credit facilities, the provision of other financial services, or the provision of supplies or services to the Company and data subjects.
- Failure to supply such data may result in the Company being unable to open or continue accounts or establish or continue credit facilities or provide other financial services, or accept or continue with the provision of supplies or services.
- It is also the case that data are collected from data subjects in the ordinary course of business for the purpose of processing of new or renewal of credit facility application or services either application in person, through telephone, Internet (or other means). This includes information obtained from credit reference agency.
- The purposes for which data relating to a data subject may be used will vary depending on the nature of the data subject's relationship with the Company. Broadly, they may comprise any or all of the following purposes:
- considering applications for products and services and the daily operation of products, services and credit facilities provided to customers;
- conducting credit checks (including without limitation upon an application for consumer credit and upon periodic or special reviews of the credit which normally will take place one or more times each year);
- creating and maintaining the Company's credit and risk related models;
- assisting other financial institutions to conduct credit checks and collect debts;
- ensuring ongoing credit worthiness of customers;
- designing financial services or related products for customers use;
- marketing services, products and other subjects as described in (6) below;
- determining the amount of indebtedness owed to or by customers;
- the enforcement of data subjects' obligations, including without limitation the collection of amounts outstanding from data subjects and those providing security for data subjects' obligations;
- meeting obligations, requirements or arrangements, whether compulsory or voluntary, of the Company or in connection with:
- any law, regulation, judgment, court order, voluntary code, sanctions regime, within or outside the Hong Kong Special Administrative Region ("Hong Kong") existing currently and in the future ("Laws") (e.g. the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information);
- any guidelines, guidance or requests given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently and in the future (e.g. guidelines, guidance or requests given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information) and any international guidance, internal policies or procedures;
- any present or future contractual or other commitment with local or foreign legal, regulatory, judicial, administrative, public or law enforcement body, or governmental, tax, revenue, monetary, securities or futures exchange, court, central bank or other authorities, or self-regulatory or industry bodies or associations of financial service providers or any of their agents with jurisdiction over all or any part of the Company that is assumed by, imposed on or applicable to the Company; or
- any agreement or treaty between Authorities;
- complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Company and/or any other use of data and information in accordance with any programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
- conducting any action to meet obligations of the Company to comply with Laws or international guidance or regulatory requests relating to or in connection with the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions and/or any acts or attempts to circumvent or violate any Laws relating to these matters;
- meeting any obligations of the Company to comply with any demand or request from the Authorities;
- enabling an actual or proposed assignee of the Company’s rights in respect of the customer to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and
- purposes relating thereto.
- Data held by the Company relating to a data subject will be kept confidential but the Company may provide such information to the following parties (whether within or outside Hong Kong, where data protection laws may be less demanding than those in Hong Kong) for any of the purposes set out in paragraph (4):
- any member of Bibby Financial Services and/or any other Bibby related company (‘Bibby Companies’), agent, contractor or third party service provider (or a subsidiary, holding company or related company thereof) who provides administrative, telecommunications, computer, payment, debt collection or securities clearing, data processing or other services to the Company or any other member of Bibby Companies in connection with the operation of its business;
- any other person which has undertaken expressly or impliedly to the Company or any other member of Bibby Companies to keep such information confidential;
- any authorized institution or other authorized or regulated entity of similar nature in another jurisdiction with which the data subject has or proposes to have dealings;
- the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
- credit reference agencies, and, in the event of default, to debt collection agencies;
- any person to whom the Company or any other member of Bibby Companies is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to the Company or any other member of Bibby Companies, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Company or any other member of Bibby Companies are expected to comply, or any disclosure pursuant to any contractual or other commitment of the Company or any other member of Bibby Companies with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside Hong Kong and may be existing currently and in the future;
- any actual or proposed assignee of the Company or any other member of Bibby Companies, or participant or sub-participant or transferee of the rights of the Company or those of any other member of Bibby Companies in respect of the data subject; and
- any member of Bibby Companies;
- third party financial institutions, insurers, card companies, securities and investment services providers;
- third party reward, loyalty and privilege programme providers;
- co-branding partners of the Company and any other member of Bibby Companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
- charitable and non-profit making organisations; and
- external service providers (including but not limited to professional advisers, mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies, information technology companies and market research firms), that the Company engages for the purposes set out in paragraph (4).
- For the purpose of (4.4) above, the Company may from time to time access and obtain consumer credit data of the data subject from a credit reference agency for reviewing any of the following matters in relation to the credit facilities granted:
- an increase in the credit amount;
- the curtailing of credit (including the termination of credit or a decrease in the facility amount); or
- the putting in place or the implementation of a scheme of arrangement with the data subject.
When the Company accesses consumer credit data about a data subject held with a credit reference agency, it must comply with the Code of Practice on Consumer Credit Data approved and issued under the Ordinance (the “Code”) and other relevant regulatory requirements.
- Of all the data which may be collected or held by the Company from time to time in connection with mortgages, the mortgage account general data relating to data subjects (including any updated data thereof) may be provided by the Company to the credit reference agency.
Such mortgage account general data means the following data of the data subject: full name, capacity in respect of each mortgage (as borrower, mortgagor or guarantor), Hong Kong Identity Card or travel document number, date of birth, address, mortgage account number in respect of each mortgage, type of facility in respect of each mortgage, mortgage account status in respect of each mortgage (e.g. active, closed, write-off), (if any) mortgage account closed date in respect of each mortgage.
The credit reference agency will use the mortgage account general data supplied by the Company for the purposes of compiling a count of the number of mortgages from time to time held by a data subject, as borrower, mortgagor or guarantor respectively, for sharing in the consumer credit database of the credit reference agency by credit providers (subject to the requirements of the Code).
- USE OF DATA IN DIRECT MARKETING
The Company intends to use the data subject’s data in direct marketing and the Company requires the data subject’s consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
- the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of the data subject held by the Company from time to time may be used by the Company in direct marketing;
- the following classes of services, products and subjects may be marketed:
- financial, insurance, cards (meaning cards used to withdraw cash or pay for goods and services, including credit cards, debit cards, ATM cards, Cashline cards and stored value cards), banking and related services and products;
- reward, loyalty or privilege programmes and related services and products;
- services and products offered by the Company’s co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
- donations and contributions for charitable and/or non-profit making purposes;
- the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Company and/or:
- any other member of Bibby Companies;
- third party financial institutions, insurers, card companies, securities and investment services providers;
- third party reward, loyalty or privilege programme providers;
- co-branding partners of the Company and any other member of Bibby Companies; and
- charitable or non-profit making organisations;
- in addition to marketing the above services, products and subjects itself, the Company also intends to provide the data described in paragraph (8.1) above to all or any of the persons described in paragraph (8.3) above for use by them in marketing those services, products and subjects, and the Company requires the data subject’s written consent (which includes an indication of no objection) for that purpose;
- the Company may receive money or other property in return for providing the data to the other persons in paragraph (8.4 above and, when requesting the data subject’s consent or no objection as described in paragraph (8.4) above, the Company will inform the data subject if it will receive any money or other property in return for providing the data to the other persons.
If a data subject does not wish the Company to use or provide to other persons his/her data for use in direct marketing as described above, the data subject may exercise his/her opt-out right by notifying the Company at any time and without charge.
- Under and in accordance with the terms of the Ordinance and the Code, any data subject has the right:
- to check whether the Company holds data about him/her and access to such data;
- to require the Company to correct any data relating to him/her which is inaccurate;
- to ascertain the Company's policies and practices in relation to data and to be informed of the kind of personal data held by the Company; and
- in relation to consumer credit data (including data relating to mortgages) which has been provided by the Company to a credit reference agency:
- to request to be informed which items of data are routinely disclosed to credit reference agencies or debt collection agencies;
- be provided with further information to enable an access and correction request to be made to the relevant credit reference agency or debt collection agency; and
- upon termination of the account by full payment, to instruct the Company to request a credit reference agency to delete any such data from its database, so long as the instruction is given within 7 years of termination and there has been no payment default in excess of 60 days in the 7 years immediately before account termination.
- In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data may be retained by the credit reference agency until expiry of 7 years from the date of final settlement of the amount in default. Account repayment data includes amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by the Company to a credit reference agency), remaining available credit or outstanding balance, and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).
- In the event any amount in an account is written off due to a bankruptcy order being made against the data subject, the account repayment data (as defined in paragraph (10) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until expiry of 7 years from the date of final settlement of the amount in default or expiry of 7 years from the date of discharge from bankruptcy as notified by the data subject with evidence to the credit reference agency, whichever is earlier.
- The Company may obtain a credit report on or access the database of the data subject from a credit reference agency in considering any application for credit or conducting credit reviews from time to time. In the event the data subject wishes to access the credit report, the Company will advise the contact details of the relevant credit reference agency.
- The Company may also obtain some personal information from monitoring or recording calls. The Company may record or monitor phone calls with you for regulatory purposes, for training purposes, to ensure and improve quality of service delivery, to ensure safety of our staff and customers, for other security purposes and to resolve queries or issues. Such recordings belong to us.
- Data of a data subject may be processed, kept, transferred or disclosed in and to any country as the Company or any person who has obtained such data from the Company referred to in paragraph (5) above considers appropriate. Such data may also be processed, kept, transferred or disclosed in accordance with the local practices and laws, rules and regulations (including any governmental acts and orders) in such country.
- The Company may charge a reasonable fee for the processing of any data access request.
- Nothing in this Statement shall limit the rights of data subjects under the Ordinance.
- In accordance with the Ordinance, data subjects may make data access or data correction requests or request information regarding policies and practices and kinds of data held. Such requests should be addressed to:
The Data Protection Officer
Bibby Financial Services (Asia) Ltd.
Unit 2302, 23/F., Jubilee Center, 18 Fenwick Street, Wanchai, Hong Kong
- In case of discrepancies between the English and Chinese versions, the English version shall prevail.
Date: May 2019