Apply Now
Menu

Important Information

Do not disclose your password to anyone (including Promise staff and the police). Our Company does not directly promote loan products to individuals, require customers to repay loans or request personal information through WhatsApp, WeChat or Facebook. Please click here to know the details.

......[MORE]

PRIVACY POLICY STATEMENT

  1. INTRODUCTION

    This is the Privacy Policy Statement ("Statement") of Promise (Hong Kong) Co., Limited ("Promise"). The purpose of this Statement is to establish Promise's policies and practices and its commitment to protect the privacy of personal data of its customers and relevant third parties ("Third Parties"), and to act in compliance with all the requirements of the Personal Data (Privacy) Ordinance (the "Ordinance") and implement the guidelines issued by the Licensed Money Lenders Association relating to the Ordinance. Promise will comply with the Ordinance and the relevant governing principles and guidelines in relation thereto and will ensure compliance by its staff with the policies and practices set out in this Statement and the requirements of the Ordinance and the relevant guidelines in relation thereto.

  2. PURPOSES OF THE PERSONAL DATA HELD
    1. From time to time, it is necessary for customers to supply Promise with their personal data and personal data about Third Parties in connection with the opening and/or continuation of loan accounts, the establishment and/or continuation of credit facilities, and/or provision of other financial services. Such personal data of customers and Third Parties shall include but are not limited to the following (collectively "personal data"):
      1. full name;
      2. identity card number or travel document number including copies of the identity card and travel document and data embedded in the integrated circuits in such documents;
      3. date of birth;
      4. residential and/or correspondence address(es);
      5. telephone/mobile phone number(s);
      6. email address;
      7. biometric data including but not limited to facial image(s) and data embedded in biometrically enabled identity and/or travel documents whether obtained through a biometric sensor module on the user's electronic devices or otherwise;
      8. occupation, salary and income;
      9. household expenses and number of dependents; and
      10. such other or further data as Promise deems necessary.
    2. Failure to supply such personal data may result in Promise being unable to open or continue loan accounts, or establish or continue credit facilities, or provide other financial services to customers.
    3. It is also the case that such personal data are collected from customers in the ordinary course of business of Promise, for example, when customers communicate orally or in writing with Promise, by means of documentation, via the automated telephone system, the website ("Website") and / or the mobile apps ("Apps") operated and maintained by Promise (as the case may be). Promise will also collect personal data relating to customers from third parties, including third party service providers with whom a customer interacts in connection with the marketing of Promise's products and services, and in connection with a customer's application for Promise's products and services (including receiving personal data from credit reference agencies approved for participation in Credit Data Smart* (collectively "credit reference agencies")).
      * "Credit Data Smart" is the Multiple Credit Reference Agencies (MCRA) Model developed by the Hong Kong Association of Banks, the Hong Kong Association of Restricted License Banks and Deposit-taking Companies (DTCA), and the Hong Kong S.A.R. Licensed Money Lenders Association Limited, with the support of the Hong Kong Monetary Authority. It is a new operating model for, among others, enabling lenders to share and use consumer credit data through more than one credit reference agency.
    4. The purposes for which the personal data of customers and Third Parties may be used are as follows:
      1. the daily operation of loan accounts, credit facilities and other financial services provided to customers;
      2. conducting credit checks against the customers upon an application for credit and when regular or special reviews are conducted from time to time;
      3. creating and maintaining Promise's credit scoring models;
      4. assisting other credit providers in the Hong Kong SAR ("Hong Kong") approved for participation in Credit Data Smart to conduct credit checks and collect debts;
      5. ensuring ongoing creditworthiness of customers;
      6. designing financial services or related products for customers' use;
      7. determining amounts owed to or by customers;
      8. collection of amounts outstanding from customers;
      9. complying with obligations, requirements or arrangements for disclosing and using personal data that apply to Promise or that it is expected to comply with according to:
        1. any law binding or applicable to it within or outside Hong Kong existing currently or in the future;
        2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently or in the future; and
        3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on Promise by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
      10. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing personal data and information within any subsidiaries, holding companies, associated companies or affiliates of Promise ("Promise Group Companies") and/or any other use of personal data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
      11. enabling an actual or proposed assignee of Promise, or participant or sub-participant in Promise's rights in respect of customers to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
      12. marketing financial services or products of Promise; and
      13. other purposes relating to each of the above.
      In relation to personal data of customers, the purposes listed in paragraphs (a) to (k) (inclusive) and any purposes related thereto are "obligatory" purposes, meaning that customers must permit Promise to use their personal data for these purposes if they wish to use Promise's services. The purposes listed in paragraph (l) and any purposes related thereto are "voluntary" purposes, meaning that customers have a choice whether Promise can use their personal data for these purposes and if a customer does not want Promise to use his/her personal data for those purposes, he/she can tell Promise and Promise will not use his/her personal data for those purposes.

      In relation to personal data of Third Parties, the purposes listed in paragraphs (a) to (l) and any purposes related thereto are "voluntary" purposes, meaning that Third Parties have a choice whether Promise can use their personal data for these purposes and if a Third Party does not want Promise to use his/her personal data for these purposes, he/she can tell Promise or the customer of his/her wish not to disclose such personal data to Promise, and the customer shall not thereafter provide such personal data to Promise and Promise will not use his/her personal data for those purposes if Promise is aware that Third Party does not consent to the use of such personal data for such purposes.
  3. CLASSES OF POSSIBLE TRANSFEREES OF THE PERSONAL DATA

    Personal data held by Promise relating to a customer and a Third Party will be kept confidential but Promise may provide such personal data to the following parties (whether within or outside Hong Kong) for the purposes set out in paragraph 2.4 (all obligatory purposes except paragraph 2.4(l)):

    1. any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or other services to Promise in connection with the operation of its business;
    2. any other person under a duty of confidentiality to Promise including a member of the Promise Group Companies which has undertaken to keep such information confidential;
    3. any person with the express prescribed consent of customers or Third Parties (as the case may be);
    4. credit reference agencies (including the operator of any centralized database used by credit reference agencies), and, in the event of default, debt collection agencies;
    5. any person to whom Promise is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to Promise, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which Promise is expected to comply, or any disclosure pursuant to any contractual or other commitment of Promise with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside of Hong Kong and may be existing currently or in the future;
    6. as a voluntary purpose, selected persons for use in direct marketing;
    7. external service providers (including but not limited to mailing houses, telecommunication companies and information technology companies) that Promise engages for the purpose set out in paragraph 2.4(l) above; and
    8. any actual or proposed assignee of Promise or participant or sub-participant or transferee of Promise's rights in respect of the customers.
    Promise may, in accordance with the instructions from customers of Promise or third party service providers engaged by the customers, transfer the personal data of customers to third party service providers using the Application Programming Interfaces (API) of Promise for the purposes notified to customers by Promise or third party service providers and/or as consented to by the customers in accordance with the Ordinance.
  4. SECURITY OF PERSONAL DATA

    It is the policy of Promise to ensure an appropriate level of protection for personal data in full compliance with the requirements under the Ordinance, particularly Data Protection Principle 4 of the Ordinance in order to prevent unauthorized access, processing or other use of the personal data, commensurate with the sensitivity of the personal data and the harm that would be caused by such unauthorized access or processing. It is the practice of Promise to achieve appropriate levels of security protection by restricting physical access to data using secure storage facilities, and incorporating security measures into equipment in which data are held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data. Data are only transmitted by secure means.

  5. ACCURACY OF PERSONAL DATA

    It is the policy of Promise to ensure accuracy of all personal data collected and processed by Promise in full compliance with the requirements of the Ordinance, particularly Data Protection Principle 2 of the Ordinance. Appropriate procedures are implemented to provide for all personal data to be regularly checked and updated to ensure that such data are accurate having regard to the purposes for which those data are or are to be used. In so far as personal data held by Promise consist of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct.

  6. COLLECTION OF PERSONAL DATA
    1. In the course of collecting personal data, Promise will provide the individuals concerned with a Personal Information Collection Statement informing them of, amongst other things, the proposed purposes of collection, proposed classes of persons to whom the personal data may be transferred, their rights to access and correct the personal data, and other relevant information.
    2. In relation to the collection of personal data on-line (including through the Website and/or the Apps, as the case may be, and "on-line" is interpreted as such in this Statement), the following practices are adopted:
      1. On-line Security
        Promise will follow strict standards of security and confidentiality to protect any information provided to Promise on-line. Encryption technology is employed for sensitive data transmission on the Internet to protect individuals' privacy.
      2. On-line Correction
        Personal data provided to Promise through an on-line facility, once submitted, may not be deleted, corrected or updated on-line. Customers should approach relevant departments or branches of Promise if they wish to delete, correct and/or update such personal data.
      3. On-line Retention
        Personal data collected on-line will be transferred to Promise's relevant departments or branches for processing. Personal data will not be retained in the web server's database of Promise.
  7. USE OF COOKIES

    Promise may record and collect information on customers' visits to the Website and/or use of the Apps, and their interactions with Promise's on-line advertisements and links while on the Website and/or the Apps through the use of cookies, to help Promise improve its services.

    Cookies are small pieces of data transmitted from a web server to a web browser. Cookies data are stored on a local hard drive such that the web server can later read back the cookies data from a web browser. They are useful for allowing a website to maintain certain information on a particular customer and are designed to be read only by the website that provides them. While specific information about a customer's visit to the Website and/or use of any of the Apps, but no personal data, may be collected via cookies, cookies cannot be used to retrieve data (such as a customer's name, e-mail address or other personally identifiable information) from a customer's hard drive.

    Most web browsers are initially set up to accept cookies. If a customer does not want to be tracked by cookies, the customer can choose to 'not accept' cookies by changing the settings within the customer's browser in relation to the Website and/or the Apps. However, by doing so the customer may not be able to access all or part of the Website and/or the Apps and other financial services properly.

    For more details, please click here for Promise's Cookies Policy.

  8. HYPERLINK POLICY
    1. The availability of hyperlinks or connections to other sites / addresses at the Website and/or the Apps does not mean or imply any authentication, verification, representation, approval or endorsement by Promise of such hyperlinks, connection, or the identity or information relating to such sites / addresses.
    2. Promise expressly disclaims any responsibility for such hyperlinks, connections, the contents, availability, accuracy or omission of information at other sites/addresses linked to or found on the sites/addresses that link to or from the Website and/or the Apps.
    3. All hyperlinks or connection to other sites, addresses or resources are accessed and used at customers' own risk.
  9. DATA ACCESS REQUESTS AND DATA CORRECTION REQUESTS
    1. It is the policy of Promise to comply with and process all data access and correction requests in accordance with the provisions of the Ordinance, and for all staff concerned to be familiar with the requirements for assisting individuals to make such requests.
    2. Promise may, subject to the Ordinance, impose a reasonable fee for complying with a data access request. If a person making a data access request requires an additional copy of the personal data that Promise has previously supplied pursuant to an earlier data access request, Promise may charge a fee to cover the full administrative and other costs incurred in supplying that additional copy.
    3. Data access and correction requests to Promise may be addressed to the Data Protection Officer ("DPO") whose contact details can be found at paragraph 13 (Appointment of DPO) below or other person as specifically advised.
  10. DATA RETENTION

    It is the policy of Promise to take all practical steps to ensure that personal data are not kept longer than is necessary for the fulfilment of the purposes (including any directly related purposes) for which the personal data are or are to be used at the time of the collection and for compliance with the legal and regulatory requirements in force from time to time.

  11. DIRECT MARKETING

    It is the policy of Promise strictly to follow the requirements of the Ordinance and the relevant guidelines in relation thereto when collecting or using personal data for direct marketing purposes. Promise will not use personal data for direct marketing purpose without the prescribed consent of relevant customers and Third Parties.

  12. COMPLIANCE WITH THE ORDINANCE

    Apart from the above specifically mentioned points, Promise will fully comply with all requirements of the Ordinance and the relevant guidelines in relation thereto regarding the collection, handling, or use of personal data of its customers and Third Parties. The following are maintained by Promise to ensure compliance with the Ordinance and the relevant guidelines in relation thereto:

    1. a log book as provided for in section 27 of the Ordinance; and
    2. internal policies and guidelines on compliance with the Ordinance and the relevant guidelines in relation thereto for use by and guidance to Promise's staff.
  13. APPOINTMENT OF DPO
    1. To co-ordinate and oversee compliance with the Ordinance and the relevant guidelines in relation thereto, and the personal data protection policies of Promise, a DPO has been appointed by Promise.
    2. Inquiries regarding this Statement should be addressed to the DPO, whose contact details are as follows:
      The Data Protection Officer
      Promise (Hong Kong) Co., Limited
      12/F., Central Plaza,
      18 Harbour Road, Wanchai,
      Hong Kong
      Facsimile number: 2529-6744
      Telephone number: 3199-1199

In the event of any inconsistency between the English and Chinese versions of this Statement, the English version will prevail.

Promise (Hong Kong) Co., Limited

Last Updated Date: September 2024