This Policy sets out the data policies of UniCard Solution Limited (the “Company”) in respect of its data subjects.
The term “data subject(s)”, wherever mentioned in this Policy, includes individuals who are (a) customers of the Company; (b) applicants for, and other users of, prepaid cards, other products and/or services offered or provided by the Company; (c) sureties, guarantors and other parties providing security, guarantee or any form of support for obligations owed to the Company; (d) suppliers, contractors, service providers and contractual counterparties of the Company; and (e) where such customers, applicants, users, sureties, guarantors, providers of security, suppliers, contractors, service providers and other contractual counterparties are incorporated bodies, their individual directors, shareholders, officers and managers. For the avoidance of any doubt, the term “data subjects” does not include any incorporated body.
The contents of this Policy shall apply to all data subjects and form part of any contract that a data subject has or may enter into with the Company from time to time (including, in the case of a data subject who is a customer of the Company, the UniCard Prepaid Card Terms and Conditions). If there is any inconsistency between this Policy and the relevant contract, this Policy shall prevail insofar as it relates to the protection of data subjects’ personal data. Nothing in this Policy shall limit the legal rights of the data subjects under the Personal Data (Privacy) Ordinance (Cap. 486) (the “Ordinance”).
From time to time, it may be necessary for data subjects to supply the Company with data in connection with the opening or continuation of accounts and the provision of prepaid cards and other products and/or services. Failure to supply such data may result in the Company being unable to open or continue accounts and/or provide or make available prepaid cards and other products and/or services.
Data relating to data subjects are collected or received by the Company from various sources from time to time. Such data may include, without limitation, data collected from data subjects in the ordinary course of the continuation of their relationship with the Company and data from other sources. Data may also be generated or combined with any other information available to the Company.
The purposes for which data relating to data subjects may be used are as follows:
assessing the merits and suitability of data subjects as actual or potential applicants for prepaid cards and other products and services offered and/or provided by the Company and/or provided by the Company and/or processing or approving their applications, variation, renewals, reinstatements, cancellations and claims;
managing, operating and/or maintaining prepaid cards and other products and services offered or provided by the Company and facilitating the daily operation of the services provided to data subjects;
conducting credit checks whenever appropriate and carrying out matching procedures (as defined in the Ordinance);
conducting investigation into (i) any complaint made by data subjects; (ii) any suspicious transaction; or (iii) any suspected criminal or irregular activity;
assisting other financial institutions to conduct credit checks and collect debts;
ensuring ongoing creditworthiness of data subjects;
researching, customer profiling and segmentation and/or designing prepaid cards and other products and services for the use by data subjects;
marketing services, products and other matters (if direct marketing is involved, such direct marketing is to be in accordance with paragraph 9 below);
determining amounts owed to or by data subjects;
exercising the Company’s rights as against data subjects and/or enforcing obligations on the part of data subjects (including, without limitation, collecting amounts outstanding from data subjects);
complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Company or that it is expected to comply according to (i) any law binding or applying to it from time to time in Hong Kong or elsewhere; (ii) any guideline or guidance given or issued from time to time by any legal, regulatory, governmental, law enforcement or other authority in Hong Kong or elsewhere; and/or (iii) any present or future contractual or other commitment with any legal, regulatory, governmental, law enforcement or other authority in Hong Kong or elsewhere which is assumed by or imposed on the Company;
complying with any obligation, requirement, arrangement, procedure, measure and/or policy for sharing data and information with the Company’s holding company, subsidiary and/or associated company (as the terms are defined under the Companies Ordinance (Cap. 622)) and/or any other use of data and information for compliance with sanctions, prevention and detection of money laundering, terrorist financing or any other unlawful activity;
enabling any actual or proposed assignee of the Company, or any participant or sub-participant of the Company's rights relating to data subjects to evaluate any transaction contemplated by the relevant assignment, participation or sub-participation;
comparing data of data subjects or other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking adverse action against the data subjects;
keeping and maintaining a credit history or record of data subjects (whether there exists any relationship between data subjects and the Company or not) for present and future reference;
enabling any person who has deposited or is to deposit any funds to any prepaid card account of any data subject (or any of that person’s associated companies) to (i) obtain data with respect to any deposit transaction made by that person; and/or (ii) know the current credit balance of, and other data with respect to, such prepaid card account and determine the amount which that person can deposit into such prepaid card account;
any other purpose as consented to, approved or authorized by data subjects from time to time; and
any other purpose incidental, associated or relating to any of the purposes specified in sub-paragraphs (a) to (r) above.
Data held by the Company relating to data subjects will be kept confidential but the Company may provide and disclose (as defined in the Ordinance) such data to the following parties for any of the purposes set out in paragraph 6:
any agent, contractor or other service provider (whether in Hong Kong or elsewhere) who provides administrative, telecommunications, computer, electronic fund transfer services, debt collection, settlement, clearing and/or other services to the Company in connection with the operation of its business (including, without limitation, any mailing house, telecommunications company, telemarketing and direct sales agent, call centre, data processing company, information technology company and any other third party service provider engaged by the Company for any of the purposes in sub-paragraph 6(i) above);
any of the Company’s holding companies, subsidiaries and associated companies (as the terms are defined under the Companies Ordinance (Cap. 622));
any other person under a duty of confidentiality to the Company;
any third party reward, loyalty, co-branding and privilege programme provider;
any co-branding partner of the Company or any associated company of any such co-branding partner;
any charitable or non-profit making organisation;
any person making any payment into any account of the data subjects;
any person receiving any payment from the data subjects, the banker of such person and any intermediary which may handle or process such payment;
any person giving or proposing to give a guarantee or third party security to guarantee or secure any obligation of the data subjects; and
any credit reference agency and, in the event of default, any debt collection agency;
any financial institution, prepaid or credit card issuing company, insurance company or securities and investment company with which data subjects have or propose to have dealings;
any person to whom the Company is under an obligation or otherwise required to make (i) disclosure under the requirements of any law binding on or applying to the Company; (ii) disclosure under and for the purposes of any guideline or guidance given or issued by any legal, regulatory, governmental, law enforcement or other authorities with which the Company is expected to comply; or (iii) disclosure pursuant to any present or future commitment (whether contractual or not) with any legal, regulatory, governmental, law enforcement or other authority (whether in Hong Kong or elsewhere) which is assumed by or imposed on the Company; and
any actual or proposed assignee of the Company or any participant or sub-participant or transferee of the Company's rights in respect of the data subjects.
The Company may from time to time transfer the data relating to the data subjects to a place outside Hong Kong for any of the purposes set out in paragraph 6.
Use of Data in Direct Marketing. The Company intends to use the data subjects’ data in direct marketing and the Company requires the data subject's consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
the name, contact details, information on products and services portfolios, transaction pattern and behaviour, financial background and demographic data of the data subject held by the Company from time to time may be used by it in direct marketing;
the following classes of services, products and subjects may be marketed – (i) financial, prepaid cards and/or related services, products and facilities; (ii) reward, loyalty and/or privilege programme and related services, products and facilities; (iii) services, products and facilities offered by co-branding partners of the Company; and (iv) donations and contributions for charitable and/or non-profit making purposes;
the above services, products and facilities may be provided or (in the case of donations and contributions) solicited by (i) the Company; (ii) any holding company, subsidiary or associated company (as those terms are defined under the Companies Ordinance (Cap. 622)) of the Company; (iii) any third party financial institution or any other third party service provider; (iv) any third party reward, loyalty, co-branding or privilege program provider; (v) any co-branding partner of the Company; and (vi) any charitable or non-profit making organization; and
in addition to marketing the above services, products and facilities itself, the Company also intends to provide the data described in sub-paragraph (a) above to all or any of the persons described in sub-paragraph (c) above for use by them in marketing the services, products and facilities, and for that purpose the Company requires written consent of the data subject (which includes an indication of no objection).
If a data subject does not wish the Company to use or provide to other persons his or her data for use in direct marketing as described above, the data subject may exercise his opt-out right by notifying the Company.
Under and in accordance with the terms of the Ordinance, any data subject has the right:
to check whether the Company holds data about him / her and of access to such data;
to require the Company to correct any data relating to him which is inaccurate; and
to ascertain the Company’s policies and practices in relation to data and to be informed of the kind of personal data held by the Company.
In accordance with the Ordinance, the Company has the right to charge a reasonable fee for the processing of any data access request.
Any request to the Company for access to data, correction of data or information relating to its policies and practices and kinds of data held by it shall be made to the Data Protection Officer as follows:Data Protection Officer
If there is any inconsistency between the English version and the Chinese version of this Policy, the English version shall prevail.