TERMS OF SUMMARY OF PROVISIONS OF THE ORDINANCE TO BE INCLUDED IN OR ATTACHED TO A NOTE OR MEMORANDUM OF A LOAN AGREEMENT THE MONEY LENDERS ORDINANCE

The provisions of the Money Lenders Ordinance summarized below are important for the protection of all the parties to a loan agreement and should be read carefully. The summary is not part of the law, and reference should be made to the provisions of the Ordinance itself in case of doubt.

Summary of Part III of the Ordinance – Money lenders transactions

Section 18 sets out the requirements relating to loans made by a money lender. Every agreement for a loan must be in writing and signed by the borrower within 7 days of making the agreement and before the money is lent. A copy of the signed note of the agreement must be given to the borrower, with a copy of this summary, at the time of signing. The signed note must contain full details of the loan, including the terms of repayment, the form of security and the rate of interest. An agreement which does not comply with the requirements will be unenforceable, except where a court is satisfied that it would be unjust not to enforce it

Section 19 provides that a money lender must, if requested in writing and on payment of the prescribed fee for expenses, give the original and a copy of a written statement of a borrower’s current position under a loan agreement, including how much has been paid, how much is due or will be due, and the rate of interest. The borrower must endorse on the copy of the statement words to the effect that he has received the original of the written statement and return the copy as so endorsed to the money lender. The money lender must retain the copy of the statement so returned during the continuance of the agreement to which the statement relates. If the money lender does not do so he commits an offence. The money lender must also, upon a request in writing, supply a copy of any document relating to the loan or security. But a request cannot be made more than once per month. Interest is not payable for so long as the money lender, without good reason, fails to comply with any request mentioned in this paragraph.

Section 20 provides that the surety, unless he is also the borrower, must within 7 days of making the agreement be given a copy of the signed note of the agreement, a copy of the security instrument (if any) and a statement with details of the total amount payable. The money lender must also give the surety, upon request in writing at any time (but not more than once per month), a signed statement showing details of the total sum paid and remaining to be paid. The security is not enforceable for so long as the money lender, without good reason, fails to comply.

Section 21 provides that a borrower may at any time, on giving written notice, repay a loan together with interest to the date of repayment, and no higher rate of interest may be charged for early repayment.

This provision, however, will not apply where the money lender is recognized, or is a member of an association recognized, by the Financial Secretary by notice in the Gazette in force under section 33A(4) of the Ordinance.

Section 22 states that a loan agreement is illegal if it provides for the payment of compound interest, or provides that a loan may not be repaid by instalments. A loan agreement is also illegal if it charges a higher rate of interest on amounts due but not paid, although it may provide for charging simple interest on that part of the principal and interest outstanding at a rate not exceeding the rate payable apart from any default. The illegal agreement may, however, be declared legal in whole or in part by a court if the court is satisfied that it would be unjust if the agreement were illegal because it did not comply with this section.

Section 23 declares that a loan agreement with a money lender and any security given for the loan will not be enforceable if the money lender was unlicensed at the time of making the agreement or taking the security. The loan agreement or security may, however, be declared enforceable in whole or in part by a court if the court is satisfied that it would be unjust if the agreement or security were unenforceable by virtue of this section.

Summary of Part IV of the Ordinance – Excessive interest rates

Section 24 fixes the maximum effective rate of interest on any loan at 48% per annum (the “effective rate” is to be calculated in accordance with the Second Schedule to the Ordinance). A loan agreement providing for a higher rate will be unenforceable and the lender will be liable to prosecution. This maximum rate may be changed by the Legislative Council but not so as to affect existing agreements. This section does not apply to any loan made to a company which has a paid up share capital of not less than $1,000,000 or in respect of any such loan, to any person who makes the loan.

Section 25 provides that where court proceedings are taken to enforce a loan agreement or security for a loan or where a borrower or surety himself applied to a court for relief, the court may look at the terms of the agreement to see whether the terms are grossly unfair or exorbitant (an effective rate of interest exceeding 36% per annum or such other rate as is fixed by the Legislative Council, may be presumed, on that ground alone, to be exorbitant), and, taking into account all the circumstance, it may alter the terms of the agreement in such a manner as to be fair to all parties. This section does not apply to any loan made to a company which has a paid up share capital of not less than $1,000,000 or, in respect of any such loan, to any person who makes that loan.

PRIVACY POLICY

1. INTRODUCTION

1.1 This policy is adopted as the Privacy Policy (“Policy”) of CREDITPAL Limited (the “Company”) and all its direct and indirect subsidiaries in the Hong Kong Special Administrative Region (“Hong Kong”). This policy form part of the account terms and conditions and/or the agreement or arrangements that a data subject enters into with the Company. If any inconsistency is found, the provisions of this Policy shall prevail. Nothing in this Policy shall limit the rights of the data subjects under the Personal Data (Privacy) Ordinance (the “Ordinance”).

1.2 For the purposes of this Policy, “CREDITPAL” means CREDITPAL Limited, its subsidiaries, associates and affiliates (including branches or offices of such subsidiary or affiliate).

2. DATA SUBJECTS

The “data subjects” in this Policy means the customers of the Company and various other persons, including without limitation, applicants for or customers/users of credit facilities and related financial services and products and facilities and so forth provided by a Company and their authorized signatories, sureties and persons providing security or guarantee or any form of support for obligations owed to a Company, shareholders, directors, corporate officers and managers, sole proprietors, partners, suppliers, contractors, service providers and other contractual counterparties supplying data (including personal data as defined in the Ordinance to the Company.

3. PURPOSES OF THE PERSONAL DATA HELD

3.1 From time to time, it is necessary for data subjects to supply the Company with data in connection with the opening or continuation of accounts and the establishment or continuation of credit facilities or provision of credit facilities and related financial services and products and facilities which included without limitation to personal loan, revolving loan, property mortgage and property valuation services.

3.2 Failure to supply such data may result in the Company being unable to open or continue accounts or establish or continue credit facilities or provide credit facilities and related financial services and products and facilities.

3.3 It is also the case that data are collected from data subjects in the ordinary course of the business for the purpose of processing of new or renewal of loan application or services either application in person, through telephone or internet. This includes information obtained from credit reference agency.

3.4 The purposes for which data relating to the data subjects may be used will vary depending on the nature of the data subjects’ relationship with the Company. Broadly, they may comprise any or all of the following purposes:

  • (a) considering, assessing and processing of applications for credit facilities and/or other financial services and facilities;
  • (b) the daily operation of the services and credit facilities provided to data subjects;
  • (c) conducting credit check and other status checks;
  • (d) creating and maintaining the Company’s credit scoring models;
  • (e) assisting other financial institutions to conduct credit checks and collect debts;
  • (f) ensuring ongoing credit worthiness of data subjects;
  • (g) designing credit facilities and related financial services and products and facilities for data subjects’ use;
  • (h) marketing services, products and other subjects (please see further details in Paragraph 4 below);
  • (i) operating internal controls including determining the amounts of indebtedness owed to or by data subjects;
  • (j) provision of references (status enquiries);
  • (k) for operational purposes, credit assessment, credit scoring model or statistical analysis (including in each case, behaviour analysis and evaluation on overall relationship with the CREDITPAL which includes using such data to comply with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within CREDITPAL and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities), whether on the data subjects or otherwise;
  • (l) collection of amounts outstanding from data subjects and those providing security for data subjects’ obligations;
  • (m) maintaining a credit history or otherwise, a record of data subjects (whether or not there exists any relationship between data subjects and the Company) for present and future reference;
  • (n) complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Company or that it is expected to comply according to:
    • i. any law binding or applying to it within or outside Hong Kong existing currently and in the future;
    • ii. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently and in the future;
    • iii. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Company or any other member of CREDITPAL by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
  • (o) comparing data of data subjects or other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking action against the data subjects;
  • (p)enabling an actual or proposed assignee of the Company or any other member of CREDITPAL, or participant or sub-participant of the rights of the Company or those of any other member of CREDITPAL in respect of the data subject, to evaluate, enter into and administer the transaction intended to be the subject of the assignment, participation or sub-participation; and
  • (q) purposes specifically provided for in any particular service or facility offered by the Company. Such procedures include matching procedures (as defined in the Ordinance, but broadly includes comparison of two or more sets of the data subject’s data, for purposes of taking actions adverse to the interests of the data subjects, such as declining an application); and
  • (r) all other incidental and associated purposes relating to any of the above, including seeking professional advices.

The Company keeps data only for as long as is reasonably required for the above purposes or as required by applicable law. This includes keeping, for as long as reasonably required, such data as required for handling enquiries relating to any of the above purposes.

3.5 Data held by the Company relating to data subjects will be kept confidential but the Company may provide such information to the following parties (whether within or outside Hong Kong) for any of the purposes set out in Paragraph 3.4:

  • (a) any member of CREDITPAL, agent, contractor or third party service provider (or a subsidiary, holding company or related company thereof) who provides administrative, telecommunications, computer, payment, debt collection or securities clearing, data processing or other services to the Company or any other member of CREDITPAL in connection with the operation of its business;
  • (b) any other person which has undertaken expressly or impliedly to the Company or any other member of CREDITPAL to keep such information confidential:
  • (c) any authorized institution (as such term is defined in the Banking Ordinance) or other authorized or regulated entity of similar nature in another jurisdiction with which the data subject has or proposes to have dealings;
  • (d) the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
  • (e) third party service providers with whom the data subject has chosen to interact with in connection with the data subject’s application for the Company’s credit facilities and/or other financial products and services;
  • (f) credit reference agencies, including but not limited to Credit Reference System, and in the event of default, to debt collection agencies;
  • (g) any person receiving payment from the data subject, the banker of such person and any intermediaries which may handle or process such payment;
  • (h) any person to whom the Company or any other member of CREDITPAL is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to the Company or any other member of CREDITPAL, or any disclosure under and for the purposes of any guidelines given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Company or any other member of CREDITPAL is expected to comply, or any disclosure pursuant to any contractual or other commitment of the Company or any other member of CREDITPAL with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside the Hong Kong Special Administrative Region and may be existing currently and in the future;
  • (i) any actual or proposed assignee of the Company or any other member of CREDITPAL, or participant or sub-participant or transferee of the rights of the Company or any other member of CREDITPAL in respect of the data subject; and
    • i. any member of the CREDITPAL;
    • ii. third party financial institutions, insurers, credit card companies, securities and investment services providers;
    • iii. third party reward, loyalty, co-branding and privileges programme providers;
    • iv. joint-venture partners, business partners, service providers, co-branding partners of the Company (the name of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
    • v. charitable or non-profit making organisations; and
    • vi. external service providers (including without limitation to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centers, data processing companies and information technology companies) that the Company engages for the purposes set out in Paragraph 3.4(h) above, wherever situated.

3.6 For the purpose of Paragraph 3.4(c) above, the Company may from time to time access and obtain consumer credit data of the data subject from a credit reference agency for reviewing any of the following matters in relation to the credit facilities granted:

  • (a) an increase in the credit amount;
  • (b) the curtailing of credit (including the termination of credit or a decrease in the facility amount); or
  • (c) the putting in place or the implementation of a schedule of arrangement with the data subject.

When the Company accesses consumer credit data about a data subject held with a credit reference agency, it must comply with the Code of Practice on Consumer Credit Data approved and issued under the Ordinance (the “Code”) and other relevant regulatory requirements.

3.7 With respect to data in connection with unsecured loans or mortgage applied by the data subject (if appliable, and whether as a borrower, mortgagor or guarantor and whether in the data subject’s sole name or in joint names with others), the following data relating to the data subject (including any updated data of any of the following data from time to time) may be provided by the Company, on its own behalf and/or as agent, to a credit reference agency:

  • (a) full name;
  • (b) capacity in respect of each unsecured loans or mortgage (as borrower, mortgagor or guarantor, and whether in the data subject’s sole name or in joint names with others);
  • (c) identity card number or travel document number;
  • (d) date of birth;
  • (e) contact number;
  • (f) correspondence address;
  • (g) unsecured loans or mortgage account number in respect of each unsecured loans or mortgage;
  • (h) type of the facility and the amount in respect of each unsecured loans or mortgage;
  • (i) unsecured loans or mortgage account status in respect of each unsecured loans or mortgage (e.g. active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order); and
  • (j) if any, unsecured loans or mortgage account closed date in respect of each unsecured loans or mortgage.

The credit reference agency will use the above data supplied by the Company for the purposes of compiling a count of the number of unsecured loans or mortgages from time to time held by a data subject with credit providers in Hong Kong, as borrower, mortgagor or guarantor respectively and whether in the data subject’s sole name or in joint names with others, for sharing in the consumer credit database of the credit reference agency by credit providers (subject to the requirements of the Code).

4. USE OF DATA IN DIRECT MARKETING

The Company intends to use the data subject’s data in direct marketing and the Company requires the data subject’s consent (which includes an indication of no objection) for that purpose. In this connection, please note that:

4.1 the name, contact details, products and services portfolio information, transaction pattern and behavior, financial background and demographic data of the data subject held by the Company from time to time may be used by the Company in direct marketing;

4.2 information relating to the data subjects’ use of the Company’s websites, mobile apps from time to time, whether through cookies or otherwise may be used by the Company in direct marketing;

4.3 the following classes of services, products and subjects may be marketed:

  • (a) credit facilities and related financial services and products and products;
  • (b) reward, loyalty or privileges programmes and related services and products;
  • (c) services and products offered by joint venture partners, business partners, service providers, co-branding partners of the Company (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
  • (d) donations and contributions for charitable and/or non-profit making purpose.

4.4 the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Company and/or:

  • (a) any other member of CREDITPAL
  • (b) joint venture partners, business partners, service providers, co-branding partners of the Company (the name of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
  • (c) charitable or non-profit making organisations;
  • (d) third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers; and
  • (e) third party reward, loyalty, co-branding or privileges programme providers.

4.5 in addition to marketing the above services, products and subject itself, the Company also intends to provide the data described in Paragraph 4.1 above to all of any of the persons described in Paragraph 4.4 above for use by them in marketing those services, products and subjects, and the Company requires the data subject’s written consent (which includes an indication of no objection) for that purpose;

4.6 the Company may receive money or other property in return for providing the data to the other persons in Paragraph 4.5 above and, when requesting the data subject’s consent or no objection as described in Paragraph 4.5 above, the Company will inform the data subject if it will receive any money or other property in return for providing data to the other persons.

If a data subject does not wish the Company to use or provide to other persons his/her data for use in direct marketing as described above, the data subject may exercise his/her opt-out right by notifying the Company at any time and without charge.

5. SECURITY OF PERSONAL DATA

It is the policy of the Company to ensure an appropriate level of protection for personal data in order to prevent unauthorised access, processing or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by unauthorised access to that data. It is the practice of the Company to achieve appropriate levels of security protection by restricting physical access to data by providing secure storage facilities, and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data. Data is only transmitted by secure means.

6. COLLECTION OF PERSONAL DATA

In relation to the collection of personal data on-line, the following practices are adopted:

  • (a) On-line Security
    • The Company will follow strict standards of security and confidentiality to protect any information provided to The Company online. Encryption technology is employed for sensitive data transmission on the Internet to protect individuals’ privacy.
  • (b) Cookies
    • Cookies are small pieces of data transmitted from a web server to a web browser. Cookie data is stored on a local hard drive such that the web server can later read back the cookie data from a web browser. This is useful for allowing a website to maintain information on a particular user. Cookies are designed to be read only by the website that provides them. Cookies cannot be used to obtain data from a user’s hard drive, get a user’s e-mail address or gather a user’s sensitive information. The Company will only use cookies as a session identifier and will not store user’s sensitive information in cookies. Once a session is established, all the communications will use the cookies to identify a user. The cookies will expire once the session is closed. If users try to disable cookies from their web browsers, they may not be able to access the Company’s Internet and other financial services.
  • (c) On-line Correction
    • Personal data provided to the Company through an on-line facility, once submitted, it may not be facilitated to be deleted, corrected or updated on-line. If deletion, correction and updates are not allowed online, users should approach relevant departments or branches.
  • (d) On-line Retention
    • Personal data collected on-line will be transferred to the Company’s relevant departments or branches for processing. Personal data will not be retained in web server’s database of the Company.
7. DATA ACCESS REQUESTS AND DATA CORRECTION REQUESTS

7.1 Under and in accordance with the terms of the Ordinance and the Code, any data subject has the right:

  • (a) to ascertain the Company’s policies and practices in relation to data and to be informed of the kind of personal data held by the Company;
  • (b) to check whether the Company holds data about him/her and of access to such data;
  • (c) to require the Company to correct any data relating to him/her which is inaccurate;
  • (d) to be informed on request which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
  • (e) in relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Company to a credit reference agency, to instruct the Company, upon termination of the account by full repayment, to make a request to the credit reference agency to delete such account data from its database, as long as the instruction is given within five years of termination and at no time was there any default of payment in relation to the account, lasting in excess of 60 days within five years immediately before account termination. Account repayment data include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by the Company to a credit reference agency), remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in default lasting in excess of 60 days (if any)).

7.2 In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data (as defined in Paragraph 7.1(e) above) may be retained by the credit reference agency until the expiry or five years from the date of final settlement of the amount in default.

7.3 In the event any amount in an account is written-off due to a bankruptcy order being made against the data subject, the account repayment data (as defined in Paragraph 7.1(e) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveal any default payment lasting in excess of 60 days, until the expiry of five years from the date of final settlement of the amount in default or the expiry of five years from the date of discharge from a bankruptcy as notified by the data subject with evidence to the credit reference agency, whichever is earlier.

7.4 The Company may obtain a credit report on or access the database of the data subject from a credit reference agency in considering any application for credit or conducting credit reviews from time to time. In the event the data subject wishes to access the credit report, the Company will advise the contact details of the relevant credit reference agency.

7.5 In accordance with the terms of the Ordinance, the Company has the right to charge a reasonable fee for the processing of any data access request.

7.6 In accordance with the Ordinance, data subjects may make data access or data correction requests or request information regarding policies and practices and kinds of data held. Such requests should be addressed to:
The Data Protection Officer
CREDITPAL Limited
Room H 3/F Valiant Commercial Building 22-24 Prat Avenue Tsim Sha Tsui Kowloon
Tel: 2803 2021
Whatsapp: 97106085

8. In the event of any inconsistency between the English and Chinese versions of this Policy, the English version shall prevail.