Policy Statement
The purpose of this Statement is to establish the policies and practices of Youxtouch’s commitment to protect the privacy of personal data and to act in compliance with the provisions of the Personal Data (Privacy) Ordinance (the “Ordinance”)..
Kind of Personal Data Held
2.1 Personal data held by Youxtouch regarding customers comprise personal data contained in customer records which include identification information, contact details, financial details, etc. which are necessary for customers to supply to Youxtouch from time to time in connection with the opening or continuation of accounts and the establishment or continuation of credit facilities or provision of credit and other financial services.
2.2 Youxtouch may hold other kinds of personal data which it needs in the light of experience and the specific nature of its business.
Main Purposes of Keeping Personal Data
3.1 It is necessary for customers to supply Youxtouch with data in connection with the opening or continuation of accounts and the establishment or continuation of credit facilities or provision of credit and other financial services.
3.2 It is also the case that data are collected from customers in the ordinary course of the continuation of the relationship between Youxtouch and customers, for example, when customers apply for credit, effect transactions through cards or generally communicate in writing or verbally with Youxtouch by means of documentation or telephone recording system.
3.3 The purposes for which data relating to a customer may be used are as follows:
(1) the processing of applications for credit and/or other financial services and facilities;
(2) the daily operation of the services and credit facilities provided to customers;
(3) conducting credit checks (including without limitation upon an application for consumer credit (including mortgage loans) and upon periodic or special reviews of the credit which normally will take place one or more times each year) and carrying out matching procedures (as defined in the Ordinance);
(4) creating and maintaining Youxtouch’s credit scoring models;
(5) assisting other financial institutions to conduct credit checks and collect debts;
(6) ensuring ongoing credit worthiness of customers;
(7) designing credit and financial services or related products for customers’ use;
(8) marketing services and products as set out in more details in Youxtouch’s “Notice to Customers relating to the Personal Data (Privacy) Ordinance” (“PICS”);
(9) determining the amount of indebtedness owed to or by customers;
(10) collection of amounts outstanding from customers and those providing security for customers’ obligations;
(11) assessing and analyzing any insurance claim and assisting insurance companies to conduct claim checks;
(12) meeting the requirements to make disclosure under the requirements of any law binding on Youxtouch or any of Youxtouch Group Companies (as defined in the PICS) or under and for the purposes of any rules, regulations, codes or guidelines issued by regulatory or other authorities with which Youxtouch or any of Youxtouch Group Companies are expected to comply;
(13) enabling an actual or proposed assignee of Youxtouch, or participant or sub-participant of Youxtouch’s rights in respect of the customer to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
(14) exchanging information with merchants accepting credit cards and/or prepaid cards issued by Youxtouch and entities with whom Youxtouch provides co-branded credit card services;
(15) compiling statistical information and customer profiles;
(16) comparing data of customers and other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking adverse action against the customers;
(17) maintaining a credit history of customers (whether or not there exists any relationship between the customer and Youxtouch) for present and future reference;
(18) assisting in the prevention, detection and investigation of crime; and
(19) purposes relating thereto.
Collection of Personal Data
4.1 In the course of collecting personal data, Youxtouch will provide the individuals concerned with a PICS informing them of the purpose of collection, classes of persons to whom the data may be transferred, their rights to access and correct the data, and other relevant information.
4.2 When using Youxtouch’s Website, you may provide Youxtouch with certain kinds of your personal data, as defined in the Ordinance, such as your name, address, date of birth and account information, etc. By using Youxtouch’s Website, you consent to the capture and use of your personal data in accordance with this Statement.
4.3 Your personal data gathered on Youxtouch’s Website is only used for processing transactions or otherwise executing your instructions and is only available to staff within Youxtouch for operations purpose. Your personal data will not be disclosed to any third-party company, save as provided in the PICS and save for the use of such data for improving Youxtouch’s online services, in which case the data may be used in an aggregate manner.
4.4 In relation to the collection of personal data on-line, the following practices are adopted:
(1) On-line Security Youxtouch will follow strict standards of security and confidentiality to protect any information provided to Youxtouch online. Encryption technology is employed for sensitive data transmission on the Internet to protect individuals’ privacy.
(2) Cookies Your visit to Youxtouch’s Website will be recorded for preparation of analysis on the number of visitors to the Youxtouch’s Website and general statistics on usage patterns of the Youxtouch’s Website. Some of this information will be gathered through the use of “Cookies”. Cookies are small bits of information that are automatically stored on your web browser in your computer that can be retrieved by Youxtouch’s Website. Information collected by Cookies is anonymous aggregated research data, and contains no name or address information or any information that will enable anyone to contact you via telephone, e-mail or any other means. From time to time, Youxtouch may also work with third parties, such as Google (using products like Google Analytics), to research certain usage and activities on parts of the Youxtouch’s Website on behalf of Youxtouch using Cookies and/ or anonymous identifiers. Most web browsers are initially set to accept Cookies. If you would prefer, your browser may be set to disable Cookies. However, by disabling Cookies, you may not be able to take full advantage of Youxtouch’s Website. To opt-out from Google Analytics, please visit Google Analytics’ website at https://tools.google.com/dlpage/gaoptout?hl=en.
(3) On-line Correction Personal data provided to Youxtouch through an on-line facility, once submitted, it may not be facilitated to be deleted, corrected or updated on-line. If deletion, correction and updates are not allowed online, users should approach the Data Protection Officer as set out in paragraph 8 below.
Protection of Personal Data
It is the policy of Youxtouch to ensure an appropriate level of protection for personal data in order to prevent unauthorized or accidental access, processing, erasure or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by occurrence of any of the aforesaid events. It is the practice of Youxtouch to achieve appropriate levels of security protection by restricting physical access to data by providing secure storage facilities, and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data. Data is only transmitted by secure means to prevent unauthorized or accidental access.
Outsourcing Arrangements
The service providers of Youxtouch are bound by contractual duty to keep confidential any data they come into contact with against unauthorized or accidental access, processing, erasure, loss, use and retention.
Retention of Personal Data
Youxtouch maintains and executes retention policies of records containing personal data to ensure personal data is not kept longer than is necessary for the fulfillment of the purpose for which the data is to be used. Different retention periods apply to the various kinds of personal data collected and held by Youxtouch in accordance with policies in the document retention manual.
Data Access Requests and Data Correction Requests
8.1 Contact details for data access and correction requests to Youxtouch may be found in the PICS. Alternatively, data access and correction requests (and their enquiries) may be addressed to:
The Data Protection Officer Youxtouch Finance Limited Unit 710, 7/F, East Ocean Centre,No. 98 Granville Road, E. TST, KLN, Hong Kong Tel:+852 2603 1881
8.2 When handling a data access or correction request, Youxtouch will check the identity of the requester to ensure that he/she is the person legally entitled to make the data access or correction request. A fee is chargeable by Youxtouch for complying with a data access request. A Data Protection Log Book is maintained as required under section 27 of the Ordinance.
Should there be any inconsistency between the English and the Chinese versions, the English version shall prevail.
