PFH Privacy Policy Statement
2024 05-03

Security is a top priority for us. The purpose of this Statement is to establish the policies and practices of PFH’s commitment to protect the privacy of personal data and to act in compliance with the provisions of the Personal Data (Privacy) Ordinance (the “Ordinance”).

  • 1. We only collect personal information that we believe to be relevant and required to understand your financial needs and to conduct our business. You will be provided with the Notice to Customers and Other Individuals Relating to the Personal Data (Privacy) Ordinance (the “Ordinance”) and the Code of Practice on Consumer Credit Data (the “Code”) issued by the Company before collection of your personal information.
  • 2. We use your personal information to confirm, verify and authenticate your identity and to provide you with better customer services and products.
  • 3. We may pass your personal information to our group’s companies or agents, as permitted by law.
  • 4. We will not disclose your personal information to any external organisation unless we have obtained your consent.
  • 5. We may be required from time to time to disclose your personal information to governmental or judicial bodies or agencies or our regulators, but we will only do so under proper authority.
  • 6. We aim to keep your personal information on our records accurate and up-to-date.
  • 7. We maintain strict internet security systems designed to prevent unauthorised access to your personal information by anyone.
  • 8. We shall comply with the data protection principles and all relevant provisions under the Personal Data (Privacy) Ordinance (Cap. 486) (the “Ordinance”).

Your Privacy Matters to Us

This section provides specific details of how we treat any personal information you might wish to provide us.

Data Security

  • 1. We strive at all times to ensure that your personal data will be protected against unauthorised or accidental access, use, modification, disclosure, processing or erasure. We maintain this commitment to data security by implementing appropriate physical, electronic and managerial measures to safeguard and secure your personal data.
  • 2. All practical steps will be taken to ensure that personal data will not be kept longer than necessary and that we will comply with all statutory and regulatory requirements in the Hong Kong Special Administrative Region concerning the retention of personally identifiable information.

 

Security Assurance

  • 1. Please be reminded that you should not share your username and/or password and/or biometric-data and/or credit card account number and/or virtual card account number and/or PIN or allow access or use of any of them by others. We endeavour to put in place high standards of security to protect your interests.
  • 2. You should safeguard your unique username, password, credit card account number, virtual card account number and PIN by keeping them secret and confidential. Never write them down or share these details with anyone. If you think any of your username and/or password and/or credit card account number and/or virtual card account number and/or PIN has been disclosed to a third party, is lost or stolen or if unauthorised transactions may have been conducted, you are responsible for informing us immediately.

Collection of Personal Information through Non-conventional means

We shall also collect personal data on-line or our Mobile Application and such other Mobile Applications as we may from time to time launch) in the course of our business, the following practices are adopted:

  • 1. Security

     We will follow strict standards of security and confidentiality to protect any information provided to the Company. Encryption technology is employed for sensitive data transmission to protect individuals’ privacy.

  • 2. Cookies 

     Your visit to PFH’s Website will be recorded for preparation of analysis on the number of visitors to the PFH’s Website and general statistics on usage patterns of the PFH’s Website. Some of this information will be gathered through the use of "Cookies". Cookies are small bits of information that are automatically stored on your web browser in your computer that can be retrieved by PFH’s Website. Information collected by Cookies is anonymous aggregated research data, and contains no name or address information or any information that will enable anyone to contact you via telephone, e-mail or any other means. From time to time, PFH’s may also work with third parties to research certain usage and activities on parts of the PFH’s Website on behalf of PFH’s using Cookies and/ or anonymous identifiers. 

    Most web browsers are initially set to accept Cookies. If you would prefer, your browser may be set to disable Cookies. However, by disabling Cookies, you may not be able to take full advantage of PFH’s Website. 

  • 3. Correction

     Personal data provided to us through an on-line facility or Mobile Application, once submitted, may not be deleted, corrected or updated on-line or Mobile Application. If deletion, correction and updates are needed, you should approach our relevant officers.

  • 4. Retention

     Personal data collected will be transferred to relevant members of our staff, departments, branches, contractors or service providers for processing. We shall take all reasonably practical steps to ensure that personal data will not be retained in our systems’ database for a period longer than is necessary for the fulfilment of the purposes (or any directly related purpose) for which the data is or is to be used, unless the retention is otherwise permitted or required by law. Different retention periods may apply to the various kinds of personal data collected.

    Note: In case of discrepancies between the English and Chinese versions of these terms and conditions, the English version shall prevail.

    IMPORTANT: By accessing this web site and any of its pages and by using APP you are agreeing to the terms set out above.

Notice to Customers and Other Individuals Relating to the Personal Data (Privacy) Ordinance (the “Ordinance”) and the Code of Practice on Consumer Credit Data (the “Code”)

  • 1. It is the policy of PFH Finance Limited (“the Company“) to respect and safeguard the privacy of an individual’s personal data. Compliance with the Ordinance is not only the prime objective of the management but also direct responsibility of every staff member of the Company. The Company shall preserve the confidentiality of all information provided by customers. This policy statement stipulates the purpose of the data collection and customer’s data protection.
  • 2. Customer always has the right to access his personal data and update it whenever appropriate. Customer is advised to take note of the following.
  • 3. The term “data subject(s)”, wherever mentioned in this Notice, includes the following categories of individuals:-
    • a. applicants for or customers/users of credit facilities and related financial services and products and so forth provided by the Company and/or their authorized signatories;
    • b. sureties, guarantors and parties providing security, guarantee or any form of support for obligations owed to the Company; 
    • c. directors, shareholders, officers and managers of any corporate applicants and data subjects/users; 
    • d. users of the Company’s Website, Mobile Application and any other electronic means and procedures as provided or approved by the Company to access to the services of the Company; and 
    • e. suppliers, contractors, service providers and other contractual counterparties of the Company. 

For the avoidance of doubt, “data subjects” shall not include any incorporated bodies. The contents of this Notice shall apply to all data subjects and form part of the terms and conditions of the Loan Agreement and/or Credit Card Cardholder Agreement (“Cardholder Agreement”) and/or the agreement or arrangement and any contracts for services that the data subjects have or may enter into with the Company from time to time. If there is any inconsistency or discrepancy between this Notice and the Loan Agreement and/or Cardholder Agreement and/or any other relevant service agreement (as the case may be), this Notice shall prevail insofar as it relates to the protection of the data subjects’ personal data and the Loan Agreement and/or Cardholder Agreement and/or such other relevant service agreement (as the case may be) shall prevail in respect of the remaining aspects all of which concerning the use of loan and/or Credit Card and/or other relevant services. Nothing in this Notice shall limit the rights of the data subjects under the Ordinance.

  • 4. From time to time, it is necessary for data subjects to supply the Company with data in connection with the opening or continuation of accounts and the establishment, maintenance or continuation of credit facilities or provision of credit facilities and related financial services and products which include but are not limited to credit card (including virtual card) services. 
  • 5. Failure to supply such data may result in the Company being unable to open or continue accounts or establish, maintain, continue or provide credit facilities, credit card services and related financial services and products. 
  • 6. It is also the case that data are collected from data subjects in the ordinary course of business for the purpose of processing of new or renewal of  credit card application or services (including reviewing, re-considering, assessing, examining, inspecting, scrutinizing, auditing, analysing, monitoring complying and ensuring compliance with laws, rules and regulations), or writing cheques, depositing money or effecting transactions, either application in person, through telephone, internet, Mobile Application. This includes information obtained from credit reference agencies approved for the participation in the Multiple Credit Reference Agencies Model (“credit reference agencies”) and/or contractors providing electronic identity authentication services.
  • 7. The purposes for which the data relating to the data subjects may be used will vary depending on the nature of the data subjects’ relationship with the Company, they may include the following:-
    • a. assessing the merits and suitability of the data subjects as actual or potential or continued applicants for loan, credit facilities, credit card services and related financial services and products (including without limitation personal loan(s) and/or credit card(s)) and/or reviewing, processing and/or approving their applications, renewals and cancellations;
    • b. the daily operation of the services and credit facilities provided to the data subjects; 
    • c. conducting credit checks, exercising credit control or otherwise managing credit risks at the time of application for loan and/or credit card and at the time of regular or special reviews which normally will take place one or more times each year and, where necessary, carrying out matching procedures (as defined in the Ordinance). The Company undertakes these reviews to determine whether the existing amount of loan, credit limit(s) of credit card(s) or other credit facilities and/or services provided by the Company to the data subject(s) should be increased, decreased or where appropriate remained unchanged; 
    • d.  creating and maintaining the Company’s credit scoring models; 
    • e. providing reference; 
    • f.  assisting other credit providers in Hong Kong approved for participation in the Multiple Credit Reference Agencies Model (“credit providers”) to conduct credit checks and collect debts; 
    • g. ensuring ongoing credit worthiness of data subjects; 
    • h. designing credit facilities and related financial services and products for data subjects’ use; 
    • i. marketing services, products and other subjects (please see further details in Paragraph 14 below); 
    • j. determining amounts of indebtedness owed to or by the data subjects; 
    • k. collection of amounts outstanding from the data subjects and those providing security for the data subjects’ obligations; 
    • l. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Group Companies and/or between different departments within a Group Company and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities; 
    • m. enabling an actual or proposed assignee of the Company, or participant or sub-participant of the Company’s rights in respect of the data subjects to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; 
    • n. exchanging information with merchants accepting credit cards and/or prepaid cards issued by the Company and entities with whom the Company provides co-branded credit card services (if any); 
    • o. compiling statistical information and data subject profiles; 
    • p. comparing data of the data subjects or other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking action against the data subjects; 
    • q. maintaining a credit history or otherwise, a record of data subjects (whether or not there exists any relationship between data subjects and the Company) for present and future reference; 
    • r. confirming, verifying and authenticating the identities of the data subjects; 
    • s. conducting, preparing and facilitating internal and external auditing in respect of the Company; 
    • t. exercising internal control and managing of data by the Group Companies and/or between different departments within a Group Company and/or contractors; 
    • u. conducting review and/or investigation on any fraudulent, money laundering, terrorist financing or other unlawful activities and assisting in the prevention, detection and investigation of crime; and 
    • v. purposes incidental, associated or relating thereto. 

USE OF DATA IN DIRECT MARKETING

The Company intends to use the data subject’s data in direct marketing and the Company requires the data subject’s consent (which includes an indication of no objection) for that purpose. In this connection, please note that:-

  • w. the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of the data subject held by the Company from time to time may be used by the Company or any other Group Companies in direct marketing; 
  • x. the following classes of services, products and subjects may be marketed:
    • 1. financial, insurance, credit card, prepaid card, credit facilities and related financial services and products;
    • 2. reward, loyalty, co-branding or privileges programmes and related services and products; 
    • 3. services and products offered by the Company’s co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); 
    • 4. services and products offered by the Company’s affiliated merchants (if any) (the names of such affiliated merchants can be found on the Company’s website for the relevant services and products, as the case may be); and 
    • 5.  donations and contributions for charitable and/or non-profit making purposes; 
  • y. in addition to marketing the above services, products and subjects itself, the Company also intends to provide the data described in Paragraph 7(a) above to all or any of the persons described in Paragraph 7(c) above for use by them in marketing those services, products and subjects, and the Company requires the data subject’s written consent (which includes an indication of no objection) for that purpose;
  • z. the Company may receive money or other property in return for providing the data to the other persons in Paragraph 7(d) above and, when requesting the data subject’s consent or no objection as described in Paragraph 7(d) above, the Company will inform the data subject if it will receive any money or other property in return for providing data to the other persons.

If a data subject does not wish the Company to use or provide to other persons his/her data for use in direct marketing as described above, the data subject may exercise his/her opt-out right by notifying the Company.

  • 8. Under and in accordance with the terms of the Ordinance and the Code approved and issued under the Ordinance, any data subject has the right:-
    • a. to check whether the Company holds data about him and of access to such data;
    • b. to require the Company to correct any data relating to him which is inaccurate; 
    • c. to ascertain the Company’s policies and practices in relation to data and to be informed of the kind of personal data held by the Company; 
    • d. to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agencies or debt collection agencies; and 
    • e. in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Company to credit reference agencies, to instruct the Company, upon termination of the account by full repayment, to make a request to the credit reference agencies to delete such account data from its database, as long as the instruction is given within five years of termination and at no time was there any default of payment in relation to the account, lasting in excess of sixty (60) days within five years immediately before account termination. Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding thirty-one (31) days immediately preceding the last contribution of account data by the Company to credit reference agencies), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of sixty (60) days (if any)). 
  • 9. In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of sixty (60) days from the date such default occurred, the account repayment data (as provided in Paragraphs 8(e) above) may be retained by the credit reference agencies until the expiry of five (5) years from the date of final settlement of the amount in default. 
  • 10. In the event any amount in an account is written-off due to a bankruptcy order being made against the data subject, the account repayment data (as provided in Paragraphs 8(e) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveal any default of payment lasting in excess of sixty (60) days, until the expiry of five (5) years from the date of final settlement of the amount in default or the expiry of five (5) years from the date of discharge from a bankruptcy as notified by the data subject with evidence to the credit reference agencies, whichever is earlier. 
  • 11. In accordance with the terms of the Ordinance, the Company has the right to charge a reasonable fee for the processing of any data access request.
  • 12. The person to whom requests for access to data or correction of data or for information regarding policies and practices and kinds of data held are to be directed to:

    PFH Finance Limited

    Email: [email protected]

    Telephone: (852) 3188 8902

  • 13. I may, at any time and without charge, choose not to receive any direct marketing or message from the Company by informing the Data Protection Officer in writing or through the customer service hotline of the Company, visiting any branches of the Company or in any other manner as may be acceptable by the Company from time to time.
  • 14. The Company may have obtained a credit report on or access the database of the data subject from credit reference agencies in considering any application for credit or conducting credit reviews from time to time. In the event that the data subject wishes to access the credit report, the Company will advise the contact details of the relevant credit reference agencies.
  • 15. This privacy policy statement / this Notice may be updated from time to time and you are advised to visit the Company’s website regularly for the latest version of this privacy policy statement / this Notice. 
  • 16. In case of discrepancies between the English and Chinese versions, the English version shall prevail.

 

Last updated: 11 January 2024