To preserve the confidentiality of all information provided by you, we Pan Asian Mortgage Company Limited (“the Company”) maintain the following privacy principles:-
- We only collect personal information that we believe to be relevant and required to understand your financial needs and to conduct our business.
- We use your personal information to confirm, verify and authenticate your identity and to provide you with better customer services and products.
- We may pass your personal information to our group’s companies or agents, as permitted by law.
- We will not disclose your personal information to any external organisation unless we have obtained your consent.
- We may be required from time to time to disclose your personal information to Governmental or judicial bodies or agencies or our regulators, but we will only do so under proper authority.
- We aim to keep your personal information on our records accurate and up-to-date.
- We maintain strict internet security systems designed to prevent unauthorised access to your personal information by anyone.
Your Privacy Matters to Us
This section provides specific details of how we treat any personal information you might wish to provide us.
- We will strive at all times to ensure that your personal data will be protected against unauthorised or accidental access, processing or erasure. We maintain this commitment to data security by implementing appropriate physical, electronic and managerial measures to safeguard and secure your personal data.
- It is our practice to achieve appropriate levels of security protection by restricting physical access to and processing of data by providing secure storage facilities; and incorporating security measures into equipment in which data is held. Personal data is only transmitted by secured means to prevent unauthorised or accidental access.
- All practical steps will be taken to ensure that personal data will not be kept longer than necessary and that we will comply with all statutory and regulatory requirements in the Hong Kong Special Administrative Region concerning the retention of personally identifiable information.
Collection of Personal Information through Non-conventional means
We shall also collect personal data on-line in the course of business, the following practices are adopted:
Your visit to our website may be recorded for analysis on the number of visitors to the website and general usage patterns. Some of this information will be gathered through the use of “Cookies”.
Cookies are small pieces of data transmitted from a web server to a web browser. Cookie data is stored on a local hard drive such that the web server can later retrieve the cookie data from a web browser while no personally identifiable information about you is collected. This is useful for allowing our website to maintain information about your use of our website, thus enabling the Company to provide more useful features to you, to tailor the contents of our website to suit your interests and, where applicable, provide you with promotional materials or direct marketing based on your usage patterns. The Company will be able to access the information stored on the cookies and record how you use our website.
Cookies are designed to be read only by the website that provides them. Cookies cannot be used to obtain data from a user’s hard drive, get a user’s e-mail address or gather a user’s sensitive information.
Most browsers are initially set to accept cookies. If you prefer, you can set your browser to disable cookies or to inform you when they are set. If you disable cookies from web browsers, you may not be able to access the Company’s Internet financial products and services. If you accept cookies, you will be acknowledging that your information is being collected, stored, accessed and used as outlined above.
Personal data provided to us through an on-line facility, once submitted, it may not be facilitated to be deleted, corrected or updated on-line. If deletion, correction and updates are needed, you should approach our relevant officers.
Personal data collected will be transferred to relevant members of our staff, departments or branches for processing. Personal data will be retained in our systems’ database normally for a period of not longer than six months.
Notice to Customers and Other Individuals Relating to the Personal Data (Privacy) Ordinance (the “Ordinance”) and the Code of Practice on Consumer Credit Data
- It is the policy of Pan Asian Mortgage Company Limited (“the Company”) to respect and safeguard the privacy of an individual’s personal data. Compliance with the Ordinance is not only the prime objective of the management but also direct responsibility of every staff member of the Company. The Company shall preserve the confidentiality of all information provided by customers. This policy statement stipulates the purpose of the data collection and customer’s data protection.
- Customer always has the right to access his personal data and update it whenever appropriate. Customer is advised to take note of the following.
- The term “data subject(s)”, wherever mentioned in this Notice, includes the following categories of individuals:-
- applicants for or customers/users of credit facilities and related financial services and products and so forth provided by a Company and their authorized signatories;
- sureties, guarantors and parties providing security, guarantee or any form of support for obligations owed to a Company;
- directors, shareholders, officers and managers of any corporate applicants and data subjects/users;
- suppliers, contractors, service providers and other contractual counterparties of the Company; and
For the avoidance of doubt, “data subjects” shall not include any incorporated bodies. The contents of this Notice shall apply to all data subjects and form part of the terms and conditions of the Loan Agreement and/or the agreement or arrangement and any contracts for services that the data subjects have or may enter into with the Company from time to time. If there is any inconsistency or discrepancy between this Notice and the relevant contract, this Notice shall prevail insofar as it relates to the protection of the data subjects’ personal data. Nothing in this Notice shall limit the rights of the data subjects under the Ordinance.
4. From time to time, it is necessary for data subjects to supply the Company with data in connection with the opening or continuation of accounts and the establishment or continuation of credit facilities or provision of credit facilities and related financial services and products which include but not limited to personal loan, property mortgage and property valuation services. Such data includes but are not limited to:-
- full name;
- identity card number or travel document number including copies of the identity card and travel document as well as data embedded in the integrated circuits in such documents;
- date of birth;
- residential and/or correspondence address(es);
- telephone/mobile phone number(s);
- email address;
- biometric data including but not limited to facial image(s) and data embedded in biometrically enabled identity and/or travel documents;
- salaries and income;
- household expenses and number of dependents; and
- such other or further data as the Company deems necessary.
5. Failure to supply such data may result in the Company being unable to open or continue accounts or establish or continue credit facilities or provide credit facilities and related financial services and products.
6. It is also the case that data are collected from data subjects in the ordinary course of business for the purpose of processing of new or renewal of loan application or services either application in person, through telephone, Internet (or other means). This includes information obtained from credit reference agency and/or contractors providing electronic identity authentication services.
7. The purposes for which the data relating to the data subjects may be used will vary depending on the nature of the data subjects’ relationship with the Company, they may include the following:-
- assessing the merits and suitability of the data subjects as actual or potential applicants for credit facilities and related financial services and products and/or processing and/or approving their applications, renewals and cancellations;
- the daily operation of the services and credit facilities provided to the data subjects;
- conducting credit checks at the time of application for credit/loan and at the time of regular or special reviews which normally will take place one or more times each year. The Company undertakes these reviews to determine whether the data subjects existing credit/loan amount should be increased, decreased or where appropriate remained unchanged;
- creating and maintaining the Company’s credit scoring models;
- providing reference;
- assisting other financial institutions to conduct credit checks and collect debts;
- ensuring ongoing credit worthiness of data subjects;
- designing credit facilities and related financial services and products for data subjects’ use;
- marketing services, products and other subjects (please see further details in Paragraph 10 below);
- determining amounts owed to or by the data subjects;
- collection of amounts outstanding from the data subjects and those providing security for the data subjects’ obligations;
- complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Company or any of its branches or that it is expected to comply according to:
i. any law binding or applying to it within or outside the Hong Kong Special Administrative Region;ii. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Hong Kong Special Administrative Region;iii. any contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Company or any of its branches by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
- complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the group companies of the Company and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
- enabling an actual or proposed assignee of the Company, or participant or sub-participant of the Company’s rights in respect of the data subjects to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
- comparing data of the data subjects or other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking action against the data subjects;
- maintaining a credit history or otherwise, a record of data subjects (whether or not there exists any relationship between data subjects and the Company) for present and future reference;
- obtaining effecting and taking out life insurance of the data subject to protect the Company’s interest against data subject’s indebtedness due to the Company in the event of death, with the Company being made the policy owner and the sole and ultimate beneficiary under such insurance policy, and “data” in this clause shall include but is not limited to data subject’s names, identification document numbers, loan account numbers, loan amount and outstanding indebtedness from time to time. The ownership interest rights title and benefit under such insurance belongs to the Company solely and personally and does not form any security against data subject’s indebtedness to the Company;
- confirming, verifying and authenticating the identities of the data subjects; and
- purposes incidental, associated or relating thereto.
8. Data held by the Company relating to data subjects will be kept confidential but the Company may provide and disclose such data to the following parties for the purposes set out in Paragraph 7:-
- any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or securities clearing, electronic identity authentication or other services to the Company in connection with the operation of its business, wherever situated;
- any other person under a duty of confidentiality to the Company including the group companies of the Company which has undertaken to keep such information confidential;
- the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
- any person making payment into the data subject’s account;
- any person receiving payment from the data subject, the banker of such person and any intermediaries which may handle or process such payment;
- credit reference agencies, and, in the event of default, to debt collection agencies;
- any person to whom the Company or any of its branches is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to the Company or any of its branches, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Company or any of its branches are expected to comply, or any disclosure pursuant to any contractual or other commitment of the Company or any of its branches with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside the Hong Kong Special Administrative Region;
- any actual or proposed assignee of the Company or participant or sub-participant or transferee of the Company’s rights in respect of the data subject; and
- the data was collected provide such information to the following parties:-
- any member of the group companies of the Company;
- third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
- third party reward, loyalty, co-branding and privileges programme providers;
- co-branding partners of the Company and the group companies of the Company (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
- charitable or non-profit making organisations; and
- external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies, information technology companies and companies providing electronic identity authentication services) that the Company engages for the purposes set out in Paragraph 7 above, wherever situated.
9. For the purpose of Paragraphs 7(c), 7(o) and 7(r) above, the Company may from time to time access and obtain consumer credit data of the data subject from a credit reference agency for reviewing any of the following matters in relation to the credit facilities granted:-
- the identity of the data subject;
- an increase in the credit amount;
- the curtailing of credit (including the termination of credit or a decrease in the facility amount); or
- the putting in place or the implementation of a scheme of arrangement with the data subject.
When the Company accesses consumer credit data about a data subject held with a credit reference agency, it must comply with the Code of Practice on Consumer Credit Data approved and issued under the Ordinance.
10. USE OF DATA IN DIRECT MARKETING
The Company intends to use the data subject’s data in direct marketing and the Company requires the data subject’s consent (which includes an indication of no objection) for that purpose. In this connection, please note that:-
- the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of the data subject held by the Company from time to time may be used by the Company in direct marketing;
- the following classes of services, products and subjects may be marketed:i. credit facilities and related financial services and products;ii. reward, loyalty or privileges programmes and related services and products;iii. services and products offered by the Company’s co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
i. credit facilities and related financial services and products;
ii. reward, loyalty or privileges programmers and related services and products;
iii. services and products offered by the Company’s co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
iv. donations and contributions for charitable and/or non-profit making purposes;
- the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Company and/or:
i. any member of the group companies of the Company;
ii. third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
iii. third party reward, loyalty, co-branding or privileges programme providers;
iv. co-branding partners of the Company and the group companies of the Company (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
v. charitable or non-profit making organisations;
- in addition to marketing the above services, products and subjects itself, the Company also intends to provide the data described in Paragraph 10(a) above to all or any of the persons described in Paragraph 10(c) above for use by them in marketing those services, products and subjects, and the Company requires the data subject’s written consent (which includes an indication of no objection) for that purpose;
- the Company may receive money or other property in return for providing the data to the other persons in Paragraph 10(d) above and, when requesting the data subject’s consent or no objection as described in Paragraph 10(d) above, the Company will inform the data subject if it will receive any money or other property in return for providing data to the other persons.
If a data subject does not wish the Company to use or provide to other persons his/her data for use in direct marketing as described above, the data subject may exercise his/her opt-out right by notifying the Company.
11. Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data approved and issued under the Ordinance, any data subject has the right:-
- to check whether the Company holds data about him/her and of access to such data;
- to require the Company to correct any data relating to him/her which is inaccurate;
- to ascertain the Company’s policies and practices in relation to data and to be informed of the kind of personal data held by the Company;
- to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
- in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Company to a credit reference agency, to instruct the Company, upon termination of the account by full repayment, to make a request to the credit reference agency to delete such account data from its database, as long as the instruction is given within five years of termination and at no time was there any default of payment in relation to the account, lasting in excess of 60 days within five years immediately before account termination.
Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by the Company to a credit reference agency), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).
12. In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data (as defined in Paragraph 11(e) above) may be retained by the credit reference agency until the expiry of five years from the date of final settlement of the amount in default.
13. In the event any amount in an account is written-off due to a bankruptcy order being made against the data subject, the account repayment data (as defined in Paragraph 11(e) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until the expiry of five years from the date of final settlement of the amount in default or the expiry of five years from the date of discharge from a bankruptcy as notified by the data subject with evidence to the credit reference agency, whichever is earlier.
14. In accordance with the terms of the Ordinance, the Company has the right to charge a reasonable fee for the processing of any data access request.
15. The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be addressed is as follows:
The Data Protection Officer
Pan Asian Mortgage Company Limited
18/F, W Square, 314-324 Hennessy Road, Wan Chai, Hong Kong
Telephone : 2167 1357
16. The Company may have obtained a credit report on or access the database of the data subject from a credit reference agency in considering any application for credit or conducting credit reviews from time to time. In the event that the data subject wishes to access the credit report, the Company will advise the contact details of the relevant credit reference agency.
17. In case of discrepancies between the English and Chinese versions, the English version shall prevail.
IMPORTANT: By accessing the Company’s web site and any of its pages you are agreeing to the terms set out above.