PRIVACY POLICY & PICS

Part A: Privacy Policy

This Privacy Policy sets out the commitment by Integrated Capital (Asia) Limited (referred to as the “Company” or “we”, and “us” and “our” shall be construed accordingly) in protecting the privacy of individuals who provide information about themselves to us. The Company is part of a group of companies under its parent company (the “Group”), which refers to the Company and its parent company, holding companies, subsidiaries, representative offices and affiliates, wherever situated. Affiliates include branches, subsidiaries, representative offices and affiliates of the Company’s holding companies, wherever situated.

In this Privacy Policy, the term “data subjects”, “you” or “your” means any person who has provided or will provide personal data to us. This may include, without limitation, the following or any of them:

  • applicants for and users of our loan facilities and other services, provided by us and/or any member of the Group;
  • persons giving or proposing to give security or guarantees for obligations owed to us;
  • persons linked to a customer or applicant that is not an individual, including the beneficial owners and officers of that customer or applicant, or in the case of a trust, including the trustees, settlors, protectors and beneficiaries of the trust;
  • other persons who are relevant to a customer’s relationship with us; and
  • our employees.

The contents of this Privacy Policy shall apply to all data subjects and, if you are our customer or an applicant for loan facilities or other services, form part of the terms and conditions of the loan agreement and such other agreement that the Company may specify from time to time. In the event of any inconsistency or discrepancy between this Privacy Policy and the relevant agreement, this Privacy Policy shall prevail insofar as it relates to the protection of the data subject’s personal data.

The information, material and content provided here may be changed at any time without notice, and consequently this Privacy Policy may change at any time in the future. You agree to review the Company’s website regularly and your continued access to or use of such website, products and services will mean that you agree to any changes.

Our Privacy Principles

The Company values your trust. The Company is committed to the full implementation and compliance with the six data protection principles and the requirements of the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong) (the “Ordinance”). This Privacy Policy is intended to assist you in understanding the Company’s privacy policies and practices in relation to your personal data.

To preserve the confidentiality of all personal data provided to us, we maintain the following principles:

  • We will only collect information that we believe to be relevant and required to understand your financial needs and to conduct our business for the purposes set out in the relevant Personal Information Collection Statement (each, the "PICS").
  • We use your information to provide you with better customer services and products.
  • We may pass your information to other Group companies or agents, as permitted by law.
  • We will not disclose your information to any external organisation unless we have your consent or are required by law or have previously informed you.
  • We may be required from time to time to disclose your information to governmental or judicial bodies or agencies or our regulators, but we will only do so under proper authority.
  • We aim to keep your information up-to-date and retain your information only for such periods as necessary.
  • We maintain strict security systems designed to prevent unauthorised access to your information by anyone, including our staff.
  • All Group companies, all our staff and all third parties with permitted access to your information are specifically required to observe our confidentiality obligations.

By maintaining our commitment to these principles, we will ensure that we respect the inherent trust that you place in us.

IMPORTANT: By accessing the Company’s website and any of its pages or continuing your relationship with the Company, you are agreeing to the terms set out below. Thank you for choosing us.

Collection of Personal Data

Personal data means any information relating to a living individual from which the identity of the individual can be ascertained, directly or indirectly. We may collect the following data relating to you, which may be personal data from time to time, including but not limited to:

  • name;
  • age;
  • gender;
  • phone number;
  • email address;
  • identity card number or passport number;
  • nationality or residency status;
  • birth date;
  • personal financial status, intention or goals (including need for loans);
  • income or assets information;
  • education level;
  • employment information;
  • residential and correspondence address;
  • bank account or stored value facility account details;
  • social media content and related information;
  • preferences related to any products or services;
  • communications between you and the Company;
  • data regarding your visits to and use of the Company’s website; and
  • location data.

In addition, when you use the Company's website or services, we may automatically collect certain data which may, when combined with other information about you, be personal data, including but not limited to:

  • attributes of the equipment or device you are using, such as the operating system, hardware version, device settings, software and device identifiers;
  • device locations, including specific geographic locations identified through GPS, Bluetooth or WiFi signals or other means;
  • connection information such as the name of your mobile operator, ISP or other service provider, browser type and IP address;
  • biometric data such as facial image, fingerprint, finger vein;
  • the website from which you have reached the Company's website;
  • the Company’s website pages viewed;
  • details of the products and services on the Company's website that you look at, and information, tools and content available on the Company's website that you use; and
  • links from the Company's website that you click on.

At your request or with your consent, the Company may additionally receive information about you from any member of the Group (other than the Company), business partners, co-branding partners or from credit reference agencies. The Company may obtain information about you from the public domain. Data may also be combined with other data available to any other member of the Group.

We may use the personal data collected for the purposes set out in the PICS. The use and disclosure of personal data and your right to access and correct your personal data held by the Company are also set out in the PICS.

If you disclose any third party’s personal data (e.g. family members or representatives, etc.) to us at any time, you undertake that you have obtained the third party’s prior consent to do so and such third party has agreed to allow us to use and disclose their personal data in accordance with this PICS.

Use of Cookies

Cookies are small data files which are placed on a data subject’s device when the data subject visits the Company's website or clicks on the Company's online advertisements. Cookies or similar technologies are used for the following purposes:

  • performing aggregated (and therefore anonymous) statistical analysis of your on-site behaviour such as the number of visits to our site, page views, and length of time spent on each page;
  • providing an enhanced user experience, remembering your preference within our website, and enabling easy navigation between the public section and member owner section of our website; and
  • promoting personalized products using your visited pages, and the website links you have followed to:
    • make the Company’s website more relevant to your interests;
    • provide online advertisements or offers on the Company's website or third-party websites which are most likely to interest you; and
    • evaluate the effectiveness of the Company's online marketing and advertising programs.

These cookies may be placed on a data subject’s device by the Company or by third parties on the Company’s behalf (for example, advertising networks and providers of external services like web traffic analysis services). Information recorded through the use of cookies by third parties are aggregated and then shared with the Company as anonymous aggregated research data. No personal contact information about data subjects is collected or shared by third parties with the Company as a result of the use of cookies.

Most web browsers are initially set up to accept cookies. Should you wish not to be tracked by this kind of technology, you can choose to ‘not accept’ cookies by changing the settings on your web browser. However, if you block all cookies, including strictly necessary cookies, you may not be able to use the Company’s website properly.

Retention of Personal Data

We will take practicable steps to ensure that your personal data is not kept longer than necessary and we will comply with all statutory and regulatory requirements in Hong Kong concerning the personal data that we will collect, hold, process and use.

Security Measures

We provide and maintain stringent security measures to protect the Company’s systems, and the information and personal data retained therein, including:

  • use of firewalls and network segregation to protect unauthorized access;
  • regular review of our information collection, use, storage and processing practices;
  • restriction of access to personal data to relevant employees on a “need-to-know” basis; and
  • training to employees on the proper handling of personal data.

While the internet is not an inherently secure environment for communications, we continuously review and apply industry best practices to protect and secure this channel throughout our systems. The level of security on your personal device and the general measures you take in handling your own digital data are equally important. In most cases, an imprudent transmission and handling of sensitive data such as confidential documents, password, personal identifiers etc. would facilitate unauthorized access resulting in a data breach. Hence, we remind you to be cautious when using the Company’s website and handling your own sensitive documents and data.

Part B: Personal Information Collection Statement (PICS)

(This PICS shall be read in conjunction with the Company’s Privacy Policy in Part A above)

General

Throughout your relationship with Integrated Capital (Asia) Limited (referred to as the “Company” or “we”, and “us” and “our” shall be construed accordingly), we will collect your personal data from time to time in accordance with this PICS. The Company is part of a group of companies under its parent company (the “Group”), which refers to the Company and its parent company, holding companies, subsidiaries, representative offices and affiliates, wherever situated. Affiliates include branches, subsidiaries, representative offices and affiliates of the Company’s holding companies, wherever situated.

Purpose of Collection

1. It is necessary for data subjects (in this case, you) to supply the Company with personal data for the purposes set out in the section entitled "Use of Personal Data" below.

2. Failure to supply such personal data by you may result in the Company being unable to (or continue to) open your accounts, provide loan facilities and other related financial services to you, or process your applications regarding such services to you or to the relevant applicants or persons linked to you.

3. For the purposes of the provision of services by the Company, we may collect data from you directly, indirectly or from someone acting on your behalf:

  • (a) in the ordinary course of our business or the continuation of our relationship with you;
  • (b) when you browse or use our websites; and/or
  • (c) from other sources, for example:
    • (i) any member of the Group (other than the Company);
    • (ii) third parties such as our business partners (subject to you giving our business partners consent to transfer your data to us), a credit reference agency (“CRA”) (including any CRA approved for participation in the Multiple Credit Reference Agencies Model) and third-party service providers with whom you interact in connection with the marketing of our products and services and/or in connection with your application for and use of our products and services; and/or
    • (iii) the public domain through different channels, including public registers, public search engines, public directories or any social media with public view setting authorised by you, cookies, behavioral or location tracking tools.

Data may be combined with other data available to any other member of the Group.

Use of Personal Data

4. We will use data for the following purposes or any of them (which may vary depending on the nature of your relationship with us):

  • (a) considering and processing applications for products and services, and the daily operation of products and services (including without limitation loan facilities and related financial products and services) provided to you, or to the relevant customer or persons linked to you;
  • (b) conducting credit checks whenever appropriate (including without limitation at the time of application for a loan(s) or at the time of regular or special reviews of credit which normally will take place one or more times each year);
  • (c) creating and maintaining the Company’s credit-scoring models, risk-related models or anti-money laundering systems;
  • (d) ensuring your ongoing credit worthiness and good standing;
  • (e) assisting other financial institutions, including credit providers in Hong Kong approved for participation in the Multiple Credit Reference Agencies Model, to conduct credit checks and to collect debts;
  • (f) designing and developing loan/credit facilities and related financial products and services for customers’ use;
  • (g) conducting marketing research, developing and providing membership programmes or referral campaigns and customer profiling and segmentation;
  • (h) analysing how you access and use our products and services;
  • (i) subject to obtaining the consent of data subjects, direct marketing services, marketing products, services and other subjects (including without limitation cross marketing campaigns with other members of the Group) as described in paragraphs 6 and 7 below;
  • (j) determining the amount of indebtedness owed to or by you;
  • (k) exercising the Company’s rights under contracts it has entered with you, including collecting amounts outstanding under such contracts;
  • (l) meeting obligations, requirements and arrangements, of the Company or its affiliates within the Group, whether compulsory or voluntary, to comply with or in connection with:
    • (i) any law, regulation, judgement, court order, voluntary code, sanctions regime applicable to the Company or its affiliates within the Group, within or outside Hong Kong existing currently or in the future (“Laws”);
    • (ii) any guidelines, guidance, rules or codes of practice or requests given, published or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, relevant stock exchange, self-regulatory or industry bodies or associations of financial service providers within or outside Hong Kong existing currently or in the future and any international guidance, internal policies or procedures;
    • (iii) any present or future contractual or other commitment with any legal, regulatory, judicial, administrative, public or law enforcement body, or governmental, tax, revenue, monetary, court or other authorities, relevant stock exchange, self-regulatory or industry bodies or associations of financial service providers or any of their agents with jurisdiction over any member of the Group (together the “Authorities” and each an “Authority”) that is assumed by, imposed on or applicable to the Company or its affiliates within the Group; and
    • (iv) any agreement or treaty between an Authority and the Company or its affiliates within the Group;
  • (m) complying with any obligations, requirements, policies, procedures, measures or arrangements of the Company or its affiliates within the Group and/or any other use of data and information in accordance with any programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions and/or acts or attempts to circumvent or violate any Laws relating to these matters;
  • (n) facilitating consolidated supervision of the Group for the conduct of internal audit and the performance of risk management;
  • (o) enabling an actual or proposed assignee or transferee of all or any part of the Company’s business and/or assets, or participant or sub-participant of the Company’s rights in respect of your loans/credit facilities, to evaluate the transaction intended to be the subject of the assignment, transfer, participation or sub-participation and enabling the actual assignee or transferee to use such data in the operation of the business or rights assigned;
  • (p) comparing your data with other persons, financial institutions and/or any member of the Group for credit checking, fraud checking, data verification or otherwise producing or verifying data in connection with your applications for, or our provision to you of, the products and services by us or any member of the Group;
  • (q) maintaining a credit history or otherwise, a record of you (whether or not there exists any relationship between you and the Company) for present and future reference;
  • (r) in connection with the Company defending or responding to any legal, governmental, or regulatory or quasi-governmental related matter, action or proceeding (including any prospective action or legal proceeding);
  • (s) in connection with us making or investigating an insurance claim or responding to any insurance related matter, action or proceeding; and/or
  • (t) any other purposes relating to the purposes listed above.

Disclosure of Personal Data

5. All personal data held by the Company will be kept confidential but the Company may disclose (as such term is defined in the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong) (the “Ordinance”)) such information to the following parties or any of them (whether within or outside Hong Kong) for the purposes set out in paragraph 4 above:

  • (a) any agent, contractor, sub-contractor or associate of the Company or its affiliates within the Group (including its employees, officers, agents, contractors, service providers and professional advisers);
  • (b) any third-party service provider who provides administrative, professional, advisory, telecommunication, information service, computer, payment, data processing, debt collection or other services to the Company or its affiliates within the Group in connection with the operation or maintenance of its business;
  • (c) the drawee bank providing a copy of a paid cheque (which may contain data about the payee) to the drawer;
  • (d) a CRA (including the operator of any centralised database used by a CRA under the Multiple Credit Reference Agencies Model) and, in the event of default, a debt collection agency (“DCA”);
  • (e) any Authority, body, association or persons mentioned in paragraph 4(m) above;
  • (f) any actual or proposed assignee or transferee or the Company or, participant or sub-participant of the Company’s rights in respect of loans/credit facilities relating to data subjects;
  • (g) any persons giving or proposing to give a guarantee or security to guarantee or secure your obligations to the Company;
  • (h) any persons acting on your behalf whose data are provided;
  • (i) any payment recipients;
  • (j) any entity within the Group;
  • (k) business partners or co-branding partners of the Company, together with whom the Company provides products or services to data subjects;
  • (l) charitable or non-profit making organisations;
  • (m) subject to obtaining the consent of data subjects in connection with the purpose set out in paragraph 4(i) above:
    • (i) third-party financial institutions, insurers, credit facilities companies, credit card companies, securities, commodities and investment services providers, third-party membership programme providers or our co-branding partners; and
    • (ii) external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Company engages for the purposes set out in paragraph 4 above;
  • (n) third-party service providers engaged by you using our application programming interfaces (“API”).

The parties prescribed in this paragraph 5 may be in a place outside of Hong Kong and personal data may be transferred in and/or to a place outside Hong Kong.

Direct Marketing

6. The Company intends to use a data subject’s data to conduct direct marketing of products and services, and the Company requires your consent (which includes an indication of no objection) for that purpose. In this connection, please note that:

  • (a) the name, contact details, products and other service portfolio information, transaction pattern and behaviour, financial background and demographic data of data subject held by the Company from time to time may be used by the Company in direct marketing;
  • (b) the classes of services, products and subjects which may be marketed includes:
    • (i) the Company’s products and services;
    • (ii) banking or financial services, credit facilities, insurance, securities, investment, wealth management and related services, products and facilities;
    • (iii) telecommunications network services, delivery services, travel agency services, hospitality services, food and beverages, automotive products/services, gaming products/services, entertainment and media services, lifestyle products/services, social and healthcare services, electronic and electrical products, merchandise, consumer goods and/or commodities;
    • (iv) reward, loyalty, co-branding or privileges programmes and related services and products; and/or
    • (v) donations and contributions for charitable and/or non-profit making purposes;
  • (c) the above services, products and subjects may be provided by:
    • (i) any member of the Group;
    • (ii) third party financial institutions, insurers, credit card companies, securities and investment services providers;
    • (iii) third party reward, loyalty, co-branding or privileges programme providers;
    • (iv) telecommunications network service providers, delivery service providers, travel agencies, hospitality service providers, food and beverages providers, automotive products and/or service providers, gaming products and/or service providers, entertainment and media service providers, lifestyle products and/or service providers, social and healthcare service providers, merchandise, consumer goods, commodities retailers, distributors and/or manufacturers;
    • (v) co-branding partners of any member of the Group; and/or
    • (vi) charitable or non-profit making organisations;
  • (d) in addition to marketing the above services, products and subjects itself, the Company also intends to provide the data described in sub-paragraph (a) above to all or any of the persons described in sub-paragraph (c) above for use by them in marketing those services, products and subjects, and the Company requires the data subject’s consent (which includes an indication of no objection) for that purpose; and
  • (e) the Company may receive money or other property in return for providing the data to the other persons in sub-paragraph (c) above and, when requesting data subject’s consent or no objection as described in sub-paragraph (d) above, the Company will inform the data subject if we will receive any money or other property in return for providing the data to the other persons.

Access and Correction of Personal Data

8. Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data (the “Code”), you have the right:

  • (a) to check whether the Company holds personal data about you and to access such data;
  • (b) to require the Company to correct any personal data relating to you which is inaccurate;
  • (c) to ascertain the Company’s policies and practices in relation to personal data and to be informed of the kind of personal data held by the Company;
  • (d) in relation to consumer credit data, to be informed, upon request, which items of personal data are routinely disclosed to a CRA or DCA and be provided with further information to enable the making of an access and correction request to the relevant CRA and DCA; and
  • (e) in relation to consumer credit data, upon termination of your account by full repayment and on condition that there has not been, within 5 years immediately before account termination, any material default on your account, to instruct the Company to make a request to the CRA to delete from its database any account data relating to your terminated account.

9. If you default in repayment, unless the amount in default is fully repaid or written off (otherwise than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, your account repayment data (as defined in the Code) may be retained by the CRA until the expiry of 5 years from the date of final settlement of the amount in default.

10. If any amount owed by you is written off due to a bankruptcy order being made against you, your account repayment data (as defined in the Code) may be retained by the CRA, regardless of whether the account repayment data reveals any material default, until the expiry of 5 years from the date of final settlement of the amount in default or the expiry of 5 years from the date of your discharge from bankruptcy as notified to the CRA by you with evidence.

11. As stated in this PICS, we may obtain a credit report on you from a CRA in considering any application for credit. In the event you wish to access the credit report, we will advise the contact details of the relevant CRA.

12. For the purpose of this section (Access and Correction of Personal Data), account repayment data is the amount last due, amount of payment made during the last reporting period, remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in material default (that is, default in payment for a period in excess of sixty (60) days) (if any)).

13. In accordance with the terms of the Ordinance, the Company has the right to charge a reasonable fee for the processing of any data access request.

14. You should send any requests for access to personal data or correction of personal data or for information regarding our policies and practices to:

Integrated Capital (Asia) Limited
21/F, 88 Gloucester Road, Wan Chai, Hong Kong

Personal data of another person

15. Where you provide to us data about another person, you should give to that person a copy of this PICS and, in particular, tell him/her how we may use his/her data.

Other

16. Nothing in this PICS shall limit the rights of the data subjects under the Ordinance.

17. To the extent permitted by law, the Company and other members of the Group may record and monitor electronic communications with you to ensure compliance with legal and regulatory obligations and internal policies.

18. In case of discrepancies between the English and Chinese versions, the English version shall prevail.