This Statement is adopted as the Privacy Policy Statement (“Statement”) of Finance One Limited (“Finance One”). The purpose of this Statement is to establish the policies and practices of Finance One’s commitment to protect the privacy of personal data and to act in compliance with the provisions of the Personal Data (Privacy) Ordinance (the “Ordinance”) and implementation of the guidelines thereon issued by the Licensed Money Lenders Association. Finance One will adhere to the governing principles and minimum standards set forth in this Statement.

    2.1 Personal data held by Finance One regarding customers may include the following:
    1. name and address, occupation, contact details, date of birth and nationality of customers and spouses of customers and their identity card and/or passport numbers and place and date of issue thereof;
    2. name and contact details of referees of customers;
    3. current employer, nature of position, salary and other benefits of customers and spouses of customers;
    4. details of properties, assets or investments held by customers and their spouses;
    5. details of all other assets or liabilities (actual or contingent) of customers and their spouses;
    6. information obtained by Finance One in the ordinary course of the continuation of the business relationship (for example, when customers generally communicate verbally or in writing with Finance One, by means of documentation or telephone recording system, as the case may be);
    7. information as to credit standing provided by a referee, credit reference agency or debt collection agency in connection with a request to collect a debt due from any customer to Finance One; and
    8. information which is in the public domain.
    2.2 Finance One may hold other kinds of personal data which it needs in the light of experience and the specific nature of its business.
    3.1 It is necessary for customers to supply Finance One with data in connection with the opening or continuation of loan accounts and the establishment or continuation of credit facilities or provision of other financial services.
    3.2 It is also the case that data are collected from customers in the ordinary course of the continuation of credit facilities or other financial relationship.
    3.3 The purposes for which data relating to a customer may be used are as follows:
    1. the daily operation of the services and credit facilities provided to customers;
    2. conducting credit checks at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year;
    3. creating and maintaining Finance One’s credit scoring models;
    4. assisting other money lenders and/or financial institutions to conduct credit checks and collect debts;
    5. ensuring ongoing credit worthiness of customers;
    6. designing financial services or related products for customers’ use;
    7. marketing services or products of Finance One and/or selected companies;
    8. determining the amounts owed to or by customers;
    9. collection of amounts outstanding from customers and those providing security for customers’ obligations;
    10. meeting the requirements to make disclosure under the requirements of any law binding on Finance One and for the purposes of any guidelines issued by regulatory or other authorities with which Finance One is expected to comply;
    11. enabling an actual or proposed assignee of Finance One, or participant or sub-participant of Finance One’s rights in respect of the customer to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and
    12. purposes relating thereto.

    It is the policy of Finance One to ensure an appropriate level of protection for personal data in order to prevent unauthorised access, processing or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by unauthorised access to that data. It is the practice of Finance One to achieve appropriate levels of security protection by restricting physical access to data by providing secure storage facilities, and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data. Data is only transmitted by secure means.


    It is the policy of Finance One to ensure accuracy of all personal data collected and processed by Finance One. Appropriate procedures are implemented to provide for all personal data to be regularly checked and updated to ensure that it is reasonably accurate having regard to the purposes for which that data is used. In so far as personal data held by Finance One consists of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct.

    6.1 In the course of collecting personal data, Finance One will provide the individuals concerned with a Personal Information Collection Statement informing them of the purpose of collection, classes of persons to whom the data may be transferred, their rights to access and correct the data, and other relevant information.
    6.2 In relation to the collection of personal data on-line, the following practices are adopted:
    1. On-line Security

      Finance One will follow strict standards of security and confidentiality to protect any information provided to Finance One online. Encryption technology is employed for sensitive data transmission on the Internet to protect individuals’ privacy.

    2. Cookies

      Cookies are small pieces of data transmitted from a web server to a web browser. Cookie data is stored on a local hard drive such that the web server can later read back the cookie data from a web browser. This is useful for allowing a website to maintain information on a particular user.
      Cookies are designed to be read only by the website that provides them. Cookies cannot be used to obtain data from a user’s hard drive, get a user’s e-mail address or gather a user’s sensitive information.
      Finance One will only use cookies as session and user identifier, but will not store user’s sensitive information in cookies. Once a session is established, all the communications will use the cookies to identify a user. The session identifier will be deleted and cookies will expire once the session is closed. If users try to disable cookies from their web browsers, they may not be able to access Finance One’s Internet and other financial services. In addition, for those recorded as persistent cookies which use for user identification, they will only be used to better customers’ experiences, such as enhancement of advertising as well as website.

    3. On-line Correction

      Personal data provided to Finance One through an on-line facility, once submitted, it may not be facilitated to be deleted, corrected or updated on-line. If deletion, correction and updates are not allowed online, users should approach relevant departments.

    7.1 It is the policy of Finance One to comply with and process all data access and correction requests in accordance with the provisions of the Ordinance, and for all staff concerned to be familiar with the requirements for assisting individuals to make such requests.
    7.2 Finance One may, subject to the Ordinance, impose a moderate fee for complying with a data access request. If a person making a data access request requires an additional copy of the personal data that Finance One has previously supplied pursuant to an earlier data access request, Finance One may charge a fee to cover the full administrative and other costs incurred in supplying that additional copy.
    7.3 Data access and correction requests to Finance One may be addressed to the Data Protection Officer (“DPO”) or other person as specifically advised.

    The following are maintained by Finance One to ensure compliance with the Ordinance:

    8.1 A Log Book as provided for in section 27 of the Ordinance;
    8.2 Internal policies and guidelines on compliance with the Ordinance for use by staff of Finance One.
    9.1 To co-ordinate and oversee compliance with the Ordinance and the personal data protection policies of Finance One, a DPO has been appointed by Finance One.
    9.2 The contact details of the DPO are as follows:

    Data Protection Officer
    Finance One Limited
    Room 2605, 26/F Hopewell Centre,
    183 Queen's Road East,
    Wan Chai, Hong Kong
    Fax : 3798 8010

In the event of any inconsistency between the English and Chinese versions of these statements, the English version will prevail.