KINDS OF PERSONAL DATA HELD BY THE COMPANY
Personal data held by the Company regarding customers may include the following:
- name and address, occupation, contact details, date of birth and nationality of customers and spouses of customers and their identity card and/or passport numbers and place and date of issue thereof;
- name and contact details of referees of customers;
- current employer, nature of position, salary and other benefits of customers and spouses of customers;
- details of properties, assets or investments held by customers and their spouses;
- details of all other assets or liabilities (actual or contingent) of customers and their spouses;
- information obtained by the Company in the ordinary course of the continuation of the business relationship (for example, when customers generally communicate verbally or in writing with the Company, by means of documentation or telephone recording system or on-line facility, as the case may be);
- information as to credit standing provided by a referee, credit reference agency or debt collection agency in connection with a request to collect a debt due from any customer to the Company; and
- information which is in the public domain.
- The Company may hold other kinds of personal data which it needs in the light of experience and the specific nature of its business.
- Personal data held by the Company regarding customers may include the following:
PURPOSES OF THE PERSONAL DATA HELD
- It is necessary for customers to supply the Company with data in connection with the opening or continuation of loan accounts and the establishment or continuation of credit facilities or credit instalment or provision of other financial services.
- It is also the case that data are collected from customers in the ordinary course of the continuation of credit facilities or credit instalment or other financial relationship.
The purposes for which data relating to a customer may be used as follows:
- processing of applications for credit facilities and/or financial services;
- the daily operation of the services and credit facilities provided to customers;
- conducting credit checks at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year, and carrying out matching procedures( as defined in the Ordinance) by the Company;
- creating and maintaining the Company’s credit scoring models;
- assisting other money lenders and/or financial institutions to conduct credit checks and collect debts;
- ensuring ongoing credit worthiness of customers;
- designing financial services or related products for customers’ use;
- marketing services or products of the Company and/or selected companies;
- determining the amounts owed to or by customers;
- conducting insurance claims or analysis;
- for operational purposes, credit assessment or statistical analysis of the company;
- collection of amounts outstanding from customers and those providing security for customers’ obligations;
- maintaining a credit history of customers(whether or not there exists any relationship between customers and the Company) for present and future reference of the Company;
- meeting the requirements to make disclosure to the relevant supervisory or regulatory authorities, policy or court of law under the requirements of any law, regulation or court order binding on the Company, or under and for any guidelines issued by regulatory or other authorities with which the Company is expected to comply;
- enabling an actual or proposed assignee of the Company, or participant or sub-participant of the Company’s rights in respect of the customer to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and
- purposes relating thereunto.
SECURITY OF PERSONAL DATA
It is the policy of the Company to ensure an appropriate level of protection for personal data in order to prevent unauthorised access, processing or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by unauthorised access to that data. It is the practice of the Company to achieve appropriate levels of security protection by restricting physical access to data by providing secure storage facilities, and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data. Data is only transmitted by secure means.
ACCURACY OF PERSONAL DATA
It is the policy of the Company to ensure accuracy of all personal data collected and processed by the Company. Appropriate procedures are implemented to provide for all personal data to be regularly checked and updated to ensure that it is reasonably accurate having regard to the purposes for which that data is used. In so far as personal data held by the Company consists of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct.
COLLECTION OF PERSONAL DATA
- In the course of collecting personal data, the Company will provide the individuals concerned with a Personal Data Collection Statement informing them of the purpose of collection, classes of persons to whom the data may be transferred, their rights to access and correct the data, and other relevant information.
In relation to the collection of personal data on-line, the following practices are adopted:
The Company will follow strict standards of security and confidentiality to protect any information provided to The Company online. Encryption technology is employed for sensitive data transmission on the Internet to protect individuals’ privacy.
Cookies are small pieces of data transmitted from a web server to a web browser. Cookie data is stored on a local hard drive such that the web server can later read back the cookie data from a web browser. This is useful for allowing a website to maintain information on a particular user.
Cookies are designed to be read only by the website that provides them. Cookies cannot be used to obtain data from a user’s hard drive, get a user’s e-mail address or gather a user’s sensitive information.
Personal data provided to the Company through an on-line facility, once submitted, it may not be facilitated to be deleted, corrected or updated on-line. If deletion, correction and updates are not allowed online, users should approach relevant departments or branches.
Personal data collected on-line will be transferred to the Company’s relevant departments or branches for processing. Personal data will not be retained in web server’s database of the Company.
- On-line Security
DATA ACCESS REQUESTS AND DATA CORRECTION REQUESTS
- It is the policy of the Company to comply with and process all data access and correction requests in accordance with the provisions of the Ordinance, and for all staff concerned to be familiar with the requirements for assisting individuals to make such requests. (It’s Company policy to comply with and process all customer’s requests relating to accessing their data and correction of the own data in accordance with the provisions of the Ordinance, and for all staff concerned to be familiar with the requirements for assisting individuals to make such requests)
- The Company may, subject to the Ordinance, impose a moderate fee for complying with a data access request. If a person making a data access request requires an additional copy of the personal data that the Company has previously supplied pursuant to an earlier data access request, the Company may charge a fee to cover the full administrative and other costs incurred in supplying that additional copy.
- Data access and correction requests to the Company may be addressed to the Data Protection Officer (“DPO”) or other person as specifically advised.
The following are maintained by the Company to ensure compliance with the Ordinance:
- A Log Book as provided for in section 27 of the Ordinance;
- Internal policies and guidelines on compliance with the Ordinance for use by staff of the Company.
APPOINTMENT OF DATA PROTECTION OFFICER
- To co-ordinate and oversee compliance with the Ordinance and the personal data protection policies of the Company, a DPO has been appointed by the Company.
- The contact details of the DPO are as follows:
The Data Protection Officer
True Credit Limited