Privacy Policy Statement

The purpose of this Privacy Policy Statement (the “Statement”) is to establish the policies and practices of (1) AGBA Group Holding Limited and its associated companies (as defined under the Companies Ordinance, Cap.622) (collectively “ AGBA Group”) and/or (2) HCMPS Healthcare Holdings Limited^# and its associated companies (collectively, “HCMPS”) ((1) and (2) above collectively “we”, “us”, “our”, “ours”, the “Businesses”) towards our commitment in complying the Personal Data (Privacy) Ordinance (the “Ordinance”) and in protecting the privacy, confidentiality and security of all personal data which we may collect or being held so as to maintain the trust and confidence between customers and us.

Any “member of the Businesses” means the associated companies, subsidiaries, affiliates and any of their branches and offices of each of the Businesses.　

Collection of Data

We may collect the data of customers and other individuals in connection with the purposes set out in this Statement. These customers and other individuals or data subjects may include the following or any of them (collectively “you”, “your”):

1. visitors and users of the Businesses’ respective websites;
2. mobile apps developed by each of the Businesses;
3. applicants for or customers of insurance or financial or related products or services, or other products or services we provide;
4. persons giving or proposing to give security or guarantee or any form of support for obligations owed to us; 
5. persons linked to a customer or an applicant that is not an individual, including the beneficial owners and officers of that customer or applicant, or in the case of a trust, including the trustees, settlors, protectors and beneficiaries of the trust; and
6. other persons who relevant to a customer’s relationship with us.

Data may be:

1. collected from you directly, from someone acting on your behalf or from another source; or
2. combined with other data available to member of the Businesses.

If the data requested by us is not provided, products or services may not be able to be provided (or continue to be provided) to you or to the relevant customer, applicant or person linked to you.

Use of Data

Personal data held are kept for the following purposes or any of them (which may vary depending on the nature of your relationship with us):

(a) considering and processing applications for products and services and the daily operation of products and services (including loans or credit facilities provided to you or the relevant customer linked to you);
(b) conducting credit checks or assessments whenever appropriate (including, without limitation, at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year) or conducting matching procedures (as defined in the Ordinance);
(c) creating and maintaining our credit, risk or related models;
(d) providing reference;
(e) assisting other financial institutions to conduct credit checks and collect debts;
(f)  ensuring your ongoing credit worthiness;
(g) researching, customer profiling and segmentation and/or designing products and services (including financial, insurance, securities, investment and related products and services) for our use;
(h) marketing services, products and other subjects (see Section: Use and Provision of Data in Direct Marketing);
(i)  determining amounts owed to or by you;
(j)  exercising our rights under the contract(s) with you, including collecting amounts outstanding from you;
(k) meeting our obligations, requirements or arrangements or those of any member of the Businesses, whether compulsory or voluntary, to comply with or in connection with:

• any law binding or applying to us within or outside jurisdiction of the Hong Kong Special Administrative Region (“Hong Kong”) existing currently and in the futures (“Laws”);
• any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong;
• any contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on us by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;

(l) complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information among the members of the Businesses and/or any other use of data and information in accordance with any programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
(m) conducting any action to meet our obligations or those of any member of the Businesses to comply with Laws or international guidance or regulatory requests relating to or in connection with the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions and/or any acts or attempts to circumvent or violate any Laws relating to these matters;
(n) enabling an actual or proposed assignee of each of the Businesses, or participant or sub-participant of our rights in respect of you to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
(o) any other purposes relating to the purposes listed above.

Information Collected from Minors

Information may be provided to us from minors. We will obtain prior consent from a person with parental responsibility for that minor.

Information Collected when you Visit our Mobile Apps or Websites

1. Use of cookies – When you browse our websites, cookies will be stored in your computer or electronic device’s browser. The purposes of using cookies in the sites are to remember the different font size you have chosen in the sites and also to facilitate the security checking (the test that asks you to enter the validation code displayed on screen) in all the online forms. Most browsers are by default set to accept cookies. You have a choice not to accept the cookies by disabling such settings. However, by disabling them, you may not be able to utilise the full functions of our websites, including online services. The websites of the Businesses do not use cookies to collect your personal data.
2. Statistics on visitors to our websites – When you visit our website, your visit even only as a “hit” will be recorded. The webserver makes a record of your visit that includes your IP addresses (and domain names), the types and configurations of browsers, language settings, geo-locations, operating systems, previous sites visited, and time/duration and the pages visited (webserver access log).
3. The webserver access log will be used for the purpose of maintaining and improving our website such as to determine the optimal screen resolution, most visited page(s), etc. Such data will only be used for website enhancement and optimisation purposes.
4. We do not use, nor has intention to use the visitor data to personally identify anyone.
5. For the purpose of Mobile Application services, unless the context otherwise requires, references in this Statement to “the websites of the Businesses” shall be read as reference to “Mobile Applications of the Businesses”.

Disclosure of Data 

1. Data held by us will be kept confidential, but we or a member of the Businesses may transfer or disclose such data to the following parties (whether within or outside Hong Kong) for the purposes set out in paragraph on “Use of Data” as above:

(a) any agents, contractors, subcontractors, or associates of the each of the Businesses (including their employees, officers, agents, contractors, service providers and professional advisors);
(b) any third party service providers who provide services to us or any member of the Businesses in connection with the operation or maintenance of our business (including their employees and officers);
(c) any authorities, any law enforcement agencies or regulatory bodies for compliance with applicable laws, rules, regulations, codes and guidelines or any person or entity to whom we or any member of the Businesses are under a binding obligation to satisfy a legally enforceable demand for disclosure under the requirements of any law, rule, regulation, code, guideline;
(d) any person under a duty of confidentiality to us or any member of the Businesses which has undertaken to keep such information confidential;
(e) any person receiving payment from you, the banker of such person and any intermediaries which may handle or process such payment;
(f) any persons acting on your behalf whose data are provided, payment recipients, beneficiaries, account nominees, intermediary, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories, stock exchanges, companies in which you have an interest in securities (where such securities are held by us or any member of the Businesses) or any persons making any payment into a customer’s account;
(g) credit reference agencies, and, in the event of default, to debt collection agencies;
(h) any persons to whom we or any member of the Businesses are under an obligation or required or expected to make disclosure for the purposes set out in previous paragraph;
(i) reinsurers or medical service providers;
(j) trustee(s) of any unit trust or any collective investment plan, registrar or custodian, or any insurance companies that work with us to provide you with any service, or any central securities depository or registrar that holds securities on your behalf;
(k) any party enters into or proposes to enter into the transaction for and on your behalf;
(l) any actual or proposed assignee of ours or participant or sub-participant, transferee, delegate, successor or party of our rights in respect of you; or 
(m) for marketing services, products and other subjects:

• any member of the Businesses;
• third party financial institutions, credit card companies, insurers, loans, securities, investment, retirement scheme, mandatory provident fund scheme and related services providers;
• third party reward, loyalty, co-branding and privileges programme providers;
• co-branding partners of ours and the Businesses;
• charitable or non-profit making organisations; and
• external service providers that we or any member of the Businesses engage(s) for the purposes set out in previous paragraph.

2. With respect to data in connection with mortgages applied by you (if applicable, and whether as a borrower, mortgagor or guarantor and whether in your sole name or in joint names with others) on or after 1 April 2011, the following data relating to you (including any updated data of any of the following data from time to time) may be provided by us, on its own behalf and/or as agent, to a credit reference agency:
(a) full name;
(b) capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in your sole name or in joint names with others);
(c) identity card number or travel document number;
(d) date of birth;
(e) correspondence address;
(f) mortgage account number in respect of each mortgage;
(g) type of the facility in respect of each mortgage;
(h) mortgage account status in respect of each mortgage (e.g., active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order); or
(i) if any, mortgage account closed date in respect of each mortgage.

The credit reference agency will use the above data supplied by us for the purposes of compiling a count of the number of mortgages from time to time held by you with credit providers in Hong Kong, as borrower, mortgagor or guarantor respectively and whether in the your sole name or in joint names with others, for sharing in the consumer credit database of the credit reference agency by credit providers (subject to the requirements of the Code of Practice on Consumer Credit Data approved and issued under the Ordinance).

Use and Provision of Data in Direct Marketing

We intend to use your data in direct marketing and we require your consent (which includes an indication of no objection) for that purpose. In this connection, please note that:

1. the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of the data subject held by us from time to time may be used by us in direct marketing;
2. the following classes of services, products and subjects may be marketed:
   (a) financial, insurance, securities, investment, provident funds or schemes or other related products or services, and other products, services, loans or facilities we provide;
   (b) reward, loyalty or privileges programmes and related services and products;
   (c) services and products offered by our co-branding partners; and
   (d) donations and contributions for charitable and/or non-profit making purposes.
3. the above services, products and subjects may be provided (in the case of donations and contributions) by us and/or:
   (a) any member of the Businesses;
   (b) third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
   (c) third party reward, loyalty, co-branding or privileges programme providers;
   (d) co-branding partners of ours or any member of the Businesses; and
   (e) charitable or non-profit making organisations.

If you do not wish us to use or provide to other persons your data for use in direct marketing as described above, you may exercise your opt-out right by notifying us in writing to our Data Protection Officer.

Retention of Data 

We ensure that your data is not kept longer than necessary for the fulfillment of the purpose of the data being collected and used.

1. In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data may be retained by the credit reference agency until the expiry of seven years from the date of final settlement of the amount in default.
2. In the event any amount in an account is written-off due to a bankruptcy order being made against the data subject, the account repayment data may be retained by the credit reference agency, regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until the expiry of five years from the date of final settlement of the amount in default or the expiry of five years from the date of discharge from a bankruptcy as notified by the data subject with evidence to the credit reference agency, whichever is earlier.

Data Security 

We treat the security of handling and protecting your data, including sensitive data, with top priority. Your data is being safeguarded with strict security measures against unauthorised or accidental access, transfer, processing, use, erasure or loss. Encryption technology is adopted for data transmission.

Should we engage service provider(s) to handle or process data (whether local or overseas) on our behalf, we will adopt contractual or other means to prevent unauthorised or accidental access, transfer, processing, use, erasure or loss.

If you do not want your data held by us to be shared, transferred or kept anymore, you may make such request via writing to our Data Protection Officer.

Access and Correction of Data

1. You have the right to ascertain whether we hold data about you, to obtain a copy of some or all of your personal data, and to correct your personal data which you consider as inaccurate, by writing to our Data Protection Officer.
2. Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data, in addition to the right set out in the above, you also have the right:
   (a) to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
   (b) in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by us to a credit reference agency, to instruct us, upon termination of the account by full repayment, to make a request to the credit reference agency to delete such account data from its database, as long as the instruction is given within five years of termination and at no time was there any default of payment in relation to the account, lasting in excess of 60 days within five years immediately before account termination. Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by us to a credit reference agency), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any).
3. We may impose reasonable fee for data access request in accordance with the Ordinance.

Contact Details

Please address your request(s) for data access or correction, or for information about our data privacy policies and practices via writing to our Data Protection Officer at the following address:

AGBA Tower, 68 Johnston Road, Wan Chai, Hong Kong 

Amendments to the Privacy Policy Statement

The contents of the Statement may be amended from time to time. Please contact us or visit our website for the latest privacy policy.

In the event of any discrepancy between the English and Chinese versions of the Statement, the English version shall apply and prevail.

Version: November 2022

^#Healthcare management services are offered by HCMPS Healthcare Holdings Limited and its associated companies (collectively “HCMPS”). HCMPS is invested in, managed and/or operated by subsidiary(ies) of AGBA Group Holding Limited ; and HCMPS is not a subsidiary under AGBA Group Holding Limited.

---