Kinds of Personal Data Held
There are three broad categories of personal data held in the Group. They comprise personal data contained in the following:
- Customer records which are necessary for customers to supply to the Group occasionally to enable the provision and administering of products and services, such as personal details, contact details, identification documentation and financial information.
- Employee records which include but are not limited to C.V.s, application forms, references, personal contact details, educational background and relevant personal data of family members of Employees.
- Other individual records which include but not limited to the contact details of vendors and third parties.
Key Purposes of Keeping Personal Data
In relation to customers
The purposes for which any personal data collected by the Group about customers may comprise any one or more of the following:
- Considering and processing applications for products and services and the daily operation of products and services;
- Conducting credit checks whenever appropriate (including upon an application for consumer credit and upon periodic review of the credit);
- Creating and maintaining the Group’s credit and risk related models;
- Ensuring our customers’ ongoing creditworthiness and good standing;
- Designing financial products and services for customer;
- Marketing loan services or products of the Group;
- Determining the amount of indebtedness owed to or by our customers;
- Exercising our rights under contracts with our customers, including collecting amount outstanding;
- Engaging Debt Collection Agencies to collect debts;
- Meeting the Group’s obligations, requirements or arrangements or those of our subsidiaries / affiliates, whether compulsory or voluntary, to comply with or in connection with any law, regulation, court order, guidelines and internal policies
In relation to employees
The purposes for which any personal data collected by the Group about employees may comprise any or all of the following:
- Processing job application;
- Appraising employees' job performance and making decisions about employees' promotion, training, transfer, or career development;
- Determining, calculating and reviewing employees' salary, bonuses and any other staff benefits including pension entitlements;
- Processing payment of employees' salary, other authorised expenses or benefits to employees' account or by any other means;
- Taking appropriate action in event of emergencies;
- Complying with any statutory requests received from relevant public authorities/agencies;
- Any purpose required by law or regulation;
- Disciplinary purposes arising from employees' conduct or employees' ability to perform their job requirements;
- Providing references/reports to potential employers, financial institutions, legal representatives, and other appropriate bodies;
- Planning succession and talent management initiatives;
- Supporting any business, technical, administrative or security function required by the Group’s operations, including, but not limited to: accident/ sickness insurance; security of staff, systems and premises (CCTV; card entry systems; IT security systems); telephone recording and monitoring internet and telephone usage
In relation to other individuals
The purposes for which any personal data collected by the Group about other individuals may be used are as follows:
- Engaging, managing, monitoring and assessing the business relationship
- Facilitating the daily business operation and administration
Retention of Personal Data
Personal data and information provided by our customers, employees and other individuals will not be kept longer than necessary for the fulfilment of the purposes for which the personal data and information are used, or to be used, at the time of the collection and for compliance with the legal, regulatory and accounting requirements from time to time.
Disclosure of Personal Data
Data held by us will be kept confidential but we may provide such data to the following parties (whether inside or outside the Hong Kong Special Administrative Region) for the purposes set out above:
- Any of our subsidiaries / affiliates for the purposes specified above;
- Any agent, contractor or third-party service provider who provides administrative, telecommunications, computer, payment, data processing or storage, or other services to is in connection with the operation of our business;
- Any credit reference agencies or, in the event of default, any debt collection agencies;
- Any actual or proposed assignee, transferee, participants or sub-participant of our rights or business; and
- Any person to whom we are under an obligation to make disclosure under the requirements of any law, rules, regulations, code of practice or guidelines binding on us including, without limitation, any applicable regulators, governmental bodies, or industry recognised bodies, and where otherwise required by law.
The information we collect about our customers, employees and other individuals will not be disclosed to any other party without prior consent.
The Group is happy to provide our customers with information regarding the latest products, services and promotions. For this purpose, the Group may use our customers’ personal data in direct marketing which requires prior consent. The following classes of products, services and subjects may be marketed:
- Financial and related products and services;
- Reward, loyalty, co-branding or privileges programmes and related products and services
Customers can in future withdraw their consent to the use and provision of their personal data for direct marketing, by informing us in writing to the address under the section “Data Access Requests and Data Correction Requests”. The Group shall, without charge, ensure that you are not included in future direct marketing activities.
Security of Personal Data
The personal data and information provided to the Group are secured with restricted access by authorized personnel. Encryption technology is employed for sensitive data to protect the privacy of our customers, employees, and other individuals or users during data transmission. If the Group engages third-party service providers to handle or process personal data (whether within or outside Hong Kong) on the Group's behalf, the Company would adopt contractual or other means to prevent unauthorized or accidental access, processing, erasure, loss or use of the data transferred to the service providers for processing. To report data breaching incidence within Konew FinTech Corporation Limited, please inform us with the use of Data Beach Notification Form.
Data Access Requests and Data Correction Requests
The Group would comply with and process all data access and correction requests in accordance with the provisions of the Ordinance. Under the Ordinance (Cap. 486 of the Laws of Hong Kong), a reasonable fee for complying with a data access request can be imposed. Data access requests can be made with the use of Data Access Request Form. Requests for access and correction should be addressed in writing to:
Data Protection Officer
Konew FinTech Corporation Limited,
4/F, Wheelock House,
20 Pedder Street, Central
Fax: (852) 2110 0300
Konew FinTech Corporation Limited
In the event of any discrepancy between the English and Chinese versions of these terms and conditions, the English version shall prevail.