HKEX Listed Company, Stock Code: 2483.HK
HKEX Listed Company
Stock Code: 2483.HK
Apply
K Cash 網上貸款平台
Apply Loan
Loan type Branch My account

Privacy Policy and Personal Information Collection Statement

Privacy Policy

K Cash Limited and its group companies (“the Group”, “our”, “us” or “we”)) shall comply with the data protection principles and all relevant provisions under the Personal Data (Privacy) Ordinance. When we collect personal data from individuals, we will provide them with a Personal Information Collection Statement on or before the collection.
  1. Purposes of the Personal Data Held
    From time to time, it is necessary for customers to supply the Group with their personal data in connection with the opening and/or continuation of loan accounts, the establishment and/or continuation of credit facilities, and/or provision of other financial services. Data relating to customers may be used for any one or more of the purposes listed in Personal Information Collection Statement
  2. Use of Cookies
    We may record and collect information on customers' visits to the Website and/or use of the Apps, and their interactions with our on-line advertisements and links while on the Website and/or the Apps through the use of cookies, to help the Group improves its services.
  3. Hyperlink Policy
    The availability of hyperlinks or connections to other sites / addresses at the Website and/or the Apps does not mean or imply any authentication, verification, representation, approval or endorsement by us of such hyperlinks, connection, or the identity or information relating to such sites / addresses. The Group expressly disclaims any responsibility for such hyperlinks, connections, the contents, availability, accuracy or omission of information at other sites/addresses linked to or found on the sites/addresses that link to or from the Website and/or the Apps. All hyperlinks or connection to other sites, addresses or resources are accessed and used at customers' own risk.
  4. Security of Personal Data
    It is the policy of the Group to take all practicable steps to protect the personal data, including sensitive personal data, we hold against loss, unauthorized access, use, modification, disclosure, processing or erasure. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data.
  5. Disclosure
    The Group may provide, transfer or disclose personal data to any one or more of the parties listed in Personal Information Collection Statement for the above-mentioned purposes.
  6. Retention of Personal Data
    It is the policy of the Group to take all practical steps to ensure that personal data are not kept longer than is necessary for the fulfilment of the purposes (including any directly related purposes) for which the personal data are or are to be used at the time of the collection and for compliance with the legal and regulatory requirements in force from time to time.
  7. Data Access Requests and Data Correction Requests
    Customer may contact us to seek access to or seek to correct personal data which the Group holds about the customer. We may require that the customer requesting access or correction provide suitable identification and we may charge a reasonable administration fee for complying with a data access request. Requests for access to and/or correction of personal data should be addressed to the Data Protection Officer through the contact methods provided in Personal Information Collection Statement.
Should there be any inconsistency between the English and the Chinese versions, the Chinese version shall prevail.

Personal Data Collection Statement

K Cash Limited and its group companies (“the Group”, “our”, “us” or “we”) recognises its responsibilities in relation to the collection, holding, processing, use and/or transfer of personal data under the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”). Personal data will be collected only for lawful and relevant purposes and all practicable steps will be taken to ensure that personal data held by the Group is accurate. The Group will take all practicable steps to ensure security of the personal data and to avoid unauthorised or accidental access, erasure or other use.

The term “data subject(s)”, wherever mentioned in this Notice, includes the following categories of individuals:-
  1. applicants for or customers/users of credit facilities and related financial services and products and so forth provided by the Group and/or their authorized signatories;
  2. sureties, guarantors and parties providing security, guarantee or any form of support for obligations owed to the Group;
  3. directors, shareholders, officers and managers of any corporate applicants and data subjects/users;
  4. users of the Group’s Website, Mobile Application, Video Teller Machine (“VTM”) and any other electronic means and procedures as provided or approved by the Group to access to the services of the Group; and
  5. suppliers, contractors, service providers and other contractual counterparties of the Group.
For the avoidance of doubt, “data subjects” shall not include any incorporated bodies. The contents of this Notice shall apply to all data subjects and form part of the terms and conditions of the Loan Agreement and/or Credit Card Cardholder Agreement (“Cardholder Agreement”) and/or the agreement or arrangement and any contracts for services that the data subjects have or may enter into with theGroup from time to time. If there is any inconsistency or discrepancy between this Notice and the Loan Agreement and/or Cardholder Agreement and/or any other relevant service agreement (as the case may be), this Notice shall prevail insofar as it relates to the protection of the data subjects’ personal data and the Loan Agreement and/or Cardholder Agreement and/or such other relevant service agreement (as the case may be) shall prevail in respect of the remaining aspects all of which concerning the use of loan and/or Credit Card and/or other relevant services. Nothing in this Notice shall limit the rights of the data subjects under the Ordinance.

Data Collection

  1. From time to time, it is necessary for data subjects to supply us with data in connection with the opening or continuation of accounts and the establishment, maintenance or continuation of credit facilities or provision of credit facilities and related financial services and products which include but are not limited to personal loan, revolving loan, credit card (including virtual card), property mortgage and property valuation services. Such data includes but are not limited to:-

    1. full name;
    2. identity card number or travel document number including copies of the identity card and travel document and data embedded in the integrated circuits in such documents;
    3. date of birth;
    4. residential and/or correspondence address(es) including copies of the proof of such address(es);
    5. telephone/mobile phone number(s);
    6. email address;
    7. biometric data including but not limited to facial image(s) and data embedded in biometrically enabled identity and/or travel documents whether obtained through a biometric sensor module on the user's electronic devices or otherwise;
    8. occupation, salaries and income including copies of the proof of such salaries and income;
    9. household expenses and number of dependents; and
    10. such other or further data as the Group deems necessary.
  2. Failure to supply such data may result in we being unable to open or continue accounts or establish, maintain, continue or provide credit facilities, credit card services and related financial services and products.

  3. It is also the case that data are collected from data subjects in the ordinary course of business for the purpose of processing of new or renewal of loan and/or credit card application or services (including reviewing, re-considering, assessing, examining, inspecting, scrutinizing, auditing, analyzing, monitoring complying and ensuring compliance with laws, rules and regulations), or writing cheques, depositing money or effecting transactions, either application in person, through telephone, internet, Mobile Application, VTM (or other means). This includes information obtained from credit reference agencies approved for the participation in the Multiple Credit Reference Agencies Model - Credit Data Smart* (“credit reference agencies”) and/or contractors providing electronic identity authentication services.
    4. * "Credit Data Smart" is the Multiple Credit Reference Agencies (MCRA) Model, developed by the Hong Kong Association of Banks, the Hong Kong Association of Restricted License Banks and Deposit-taking Companies (DTCA), and the Hong Kong S.A.R. Licensed Money Lenders Association Limited, with the support of the Hong Kong Monetary Authority. It is for, among others, enabling lenders to share and use consumer credit data through more than one credit reference agency.
Purpose and Use

  1. The purposes for which the data relating to the data subjects may be used will vary depending on the nature of the data subjects’ relationship with the Group, they may include the following:-

    1. Considering and processing applications for products and services and the daily operation of products and services;
    2. Conducting credit checks whenever appropriate (including upon an application for consumer credit and upon periodic review of the credit);
    3. Creating and maintaining the Group’s credit and risk related models;
    4. Ensuring ongoing creditworthiness and good standing of data subjects;
    5. Designing financial products and services for data subjects;
    6. Marketing loan services or products of the Group;
    7. Determining the amount of indebtedness owed to or by data subjects;
    8. Exercising our rights under contracts with data subjects, including collecting amount outstanding;
    9. Engaging Debt Collection Agencies to collect debts;
    10. Meeting the Group’s obligations, requirements or arrangements or those of our subsidiaries / affiliates, whether compulsory or voluntary, to comply with or in connection with any law, regulation, court order, guidelines and internal policies;
    11. Assisting other credit providers in Hong Kong approved for participation in the Multiple Credit Reference Agencies Model (“credit providers”) to conduct credit checks and collect debts;
    12. enabling an actual or proposed assignee of the Group, or participant or sub-participant of the Group’s rights in respect of the data subjects to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;
    13. exchanging information with merchants accepting credit cards and/or prepaid cards issued by the Group and entities with whom the Group provides co-branded credit card services (if any);
    14. comparing data of the data subjects or other persons for credit checking, data verification or otherwise producing or verifying data, whether or not for the purpose of taking action against the data subjects;
    15. maintaining a credit history or otherwise, a record of data subjects (whether or not there exists any relationship between data subjects and the Group) for present and future reference;
    16. confirming, verifying and authenticating the identities of the data subjects;
    17. conducting, preparing and facilitating internal and external auditing in respect of the Group;
    18. exercising internal control and managing of data by the Group Companies and/or contractors;
    19. conducting review and/or investigation on any fraudulent, money laundering, terrorist financing or other unlawful activities and assisting in the prevention, detection and investigation of crime;
    20. any other purpose permitted by law; and
    21. purposes incidental, associated or relating thereto.
Transfer of Personal Data

  1. Data held by us will be kept confidential but we may provide such data to the following parties (whether inside or outside the Hong Kong Special Administrative Region) for the purposes set out above:

      1. Any of our subsidiaries / affiliates for the purposes specified above;
      2. any agent, auditor, contractor or third party service provider who provides administrative, general supporting, auditing, data management, credit control, analytic, product review, fraud review and investigation, compliance, monitoring, telecommunications, computer, payment or securities clearing, electronic identity authentication, data processing, debt collection, insurance, professional or other services to the Group in connection with the operation of its business (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies, information technology companies and companies providing electronic identity authentication services), wherever situated;
      3. Any credit reference agencies (including the operator of any centralized database used by credit reference agencies) or, in the event of default, any debt collection agencies;
      4. Any actual or proposed assignee of the Group or participant or sub-participant or transferee of the Group’s rights in respect of the data subject; and
      5. Any person to whom the Group is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to the Group, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Group is expected to comply, or any disclosure pursuant to any contractual or other commitment of the Group with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside of Hong Kong and may be existing currently or in the future; person to whom we are under an obligation to make disclosure under the requirements of any law, rules, regulations, code of practice or guidelines binding on us including, without limitation, any applicable regulators, governmental bodies, or industry recognised bodies, and where otherwise required by law;
      6. any other person under a duty of confidentiality to the Group including a member of the Group which has undertaken to keep such information confidential;
      7. any financial institution, charge or credit card issuing companies, insurance, securities and investment company with which the data subject has or proposes to have dealings;
      8. any party giving or proposing to give a guarantee or third party security to guarantee or secure the data subject’s obligations;
        1. third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
        2. third party reward, loyalty, co-branding and privileges programme providers;
        3. co-branding partners of the Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
        4. affiliated merchants of the Group (the names of such affiliated merchants can be found on the Group’s website for the relevant services and products, as the case may be);
        5. charitable or non-profit making organisations;
  2. Data of the data subject may be processed, kept, transferred, or disclosed in and to any country as the Group or any person who has obtained such data from the Group referred above considers appropriate. Such data may also be processed, kept, transferred or disclosed in accordance with the applicable local practices, laws, rules and regulations in such country.
Use and Provision of Personal Data in Direct Marketing

  1. The Group intends to use the data subject’s data in direct marketing and the Group requires the data subject’s consent (which includes an indication of no objection) for that purpose. In this connection, please note that:-

  2. the name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data of the data subject held by the Group from time to time may be used by the Group or any other Group Companies in direct marketing;

  3. the following classes of services, products and subjects may be marketed:

    1. financial, insurance, credit card, prepaid card, credit facilities and related financial services and products;
    2. reward, loyalty, co-branding or privileges programmes and related services and products;
    3. services and products offered by the Group’s co-branding partners (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
    4. services and products offered by the Group’s affiliated merchants (if any), including without limitation suppliers and retailers of health and beauty products, electronic products, computers and accessories, home appliances, homeware, food and beverages, toys and baby products, pet products, gifts and premiums, and other consumer durable products and providers of healthcare, travel and entertainment industries (the names of such affiliated merchants can be found on the Group’s website for the relevant services and products, as the case may be); and
    5. donations and contributions for charitable and/or non-profit making purposes;
    6. the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Group and/or:
    7. any other Group Companies;
    8. establish a member account on the Katch Platform, (a reward platform provided and managed by Katch (HK) Limited), and when data subject uses the Katch platform and the services provided by the platform, they will be bound by the terms of use of the Katch platform, which can be found on the Katch website ( https://katch.hk/). Please read the Terms of Use carefully. If the data subject does not wish to become a member of the Katch Platform, the data subject may write to the Group (by post, email or fax) or in any other manner acceptable to the Group, notify the Group that he/she does not wish to become a member user of the Katch Platform. If at any time after becoming a member user of the Katch platform, the data subject changes his or her mind and no longer wishes to continue to become a member user of the Katch platform, the data subject has the right cancel the membership in the manner specified on the Katch platform;
    9. third party financial institutions, insurers, credit card companies, securities, commodities and investment services providers;
    10. third party reward, loyalty, co-branding or privileges programme providers;
    11. co-branding partners of the Group and the group companies of the Group (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
    12. affiliated merchants of the Group (the names of such affiliated merchants can be found on the Group’s website for the relevant services and products, as the case may be) (if any); and
    13. charitable or non-profit making organisations;
  4. in addition to marketing the above services, products and subjects itself, the Group also intends to provide the data described above to all or any of the persons described above for use by them in marketing those services, products and subjects, and the Group requires the data subject’s written consent (which includes an indication of no objection) for that purpose;

  5. the Group may receive money or other property in return for providing the data to the other persons described above and, when requesting the data subject’s consent or no objection as described above, the Group will inform the data subject if it will receive any money or other property in return for providing data to the other persons.

  6. If a data subject does not wish the Group to use or provide to other persons his/her data for use in direct marketing as described above, the data subject may exercise his/her opt-out right by notifying the Group.
Notice of access and obtain credit data

  1. The Group may from time to time access and obtain personal and account information or records and consumer credit data of a data subject (including without limitation information about the number of mortgage count, if written consent of the data subject has been obtained) from credit reference agencies for reviewing any of the following matters in relation to the credit facilities granted to the data subject or a third party whose obligations are guaranteed by the data subject:-
    1. an increase in the credit amount;
    2. the curtailing of credit (including the termination of credit or a decrease in the facility amount); or
    3. the putting in place or the implementation of a scheme of arrangement with the data subject.
  2. When the Group accesses consumer credit data about a data subject held with credit reference agencies, it must comply with the Code approved and issued under the Ordinance.

  3. With respect to data in connection with mortgages applied by a data subject (if applicable, and whether as a borrower, mortgagor or guarantor and whether in the data subject’s sole name or in joint names with others) on or after 1 April 2011, the following data relating to the data subject (including but not limited to any updated data of any of the following data from time to time) may be provided by the Group, on its own behalf and/or as agent, and subject to the relevant provisions of the Code, to credit reference agencies:-

    1. full name;
    2. capacity in respect of each mortgage (as borrower, mortgagor or guarantor, and whether in the data subject’s sole name or in joint names with others);
    3. identity card number or travel document number;
    4. date of birth;
    5. correspondence address;
    6. mortgage account number in respect of each mortgage;
    7. type of the facility in respect of each mortgage;
    8. mortgage account status in respect of each mortgage (e.g., active, closed, write-off (other than due to a bankruptcy order), write-off due to a bankruptcy order); and
    9. if any, mortgage account closed date in respect of each mortgage.
  4. Credit reference agencies will use the above data supplied by the Group for the purposes of compiling a count of the number of mortgages from time to time held by the data subject with credit providers, as borrower, mortgagor or guarantor respectively and whether in the data subject’s sole name or in joint names with others, for sharing in the consumer credit databases of credit reference agencies by credit providers (subject to the requirements of the Code approved and issued under the Ordinance).

  5. We have engaged TransUnion as the credit reference agency for the provision of the Consumer Credit Reference Service (as defined in the Code of Practice for the Multiple Credit Reference Agencies Model (as updated or superseded from time to time) (the "Code of Practice for the MCRAM")) to enable us to assess credit facility applications of customers and make credit decisions. We may engage other credit reference agencies and we will disclose the name of any such credit reference agency after engagement by updating this Personal Information Collection Statement.

  6. A data subject is entitled, if he/she is the data subject of a credit report issued by our credit reference agencies, to request and receive free of charge a copy of that credit report from the relevant credit reference agency if the customer has been refused credit by us within the previous 30 Business Days (as defined in the Code of Practice for the MCRAM) based on that credit report.

  7. Data subjects are also entitled to request a credit report from credit reference agency engaged by us without charge in any twelve month period in respect of each such credit reference agency.
Access and Correction of Personal Data

  1. Under and in accordance with the terms of the PDPO, data subjects have the following rights:

    1. To check whether we hold data relating to data subject and to access such data;
    2. To request us to correct any data relating to data subject which is inaccurate;
    3. In relation to any account data (including, for the avoidance of doubt, any account repayment data) which has been provided by the Group to a credit reference agency, upon satisfactory termination of the credit by full repayment and on condition that there has been, within 5 years immediately before such termination, no material default under the credit as determined by the Group, to instruct the Group to make a request to the relevant credit reference agency to delete from its database any account data relating to the terminated credit;
    4. In relation to consumer credit, to request to be informed which items of data are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and
    5. To ascertain our policies and practices in relation to personal data and to be informed of the kind of personal data held by us.

  2. In the event of any default of payment relating to an account, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of sixty (60) days from the date such default occurred, the account repayment data (as provided in Paragraphs 12(d) and 15(e) above) may be retained by the credit reference agencies until the expiry of five (5) years from the date of final settlement of the amount in default.

  3. In the event any amount in an account is written-off due to a bankruptcy order being made against the data subject, the account repayment data (as provided in Paragraphs 12(d) and 15(e) above) may be retained by the credit reference agency, regardless of whether the account repayment data reveal any default of payment lasting in excess of sixty (60) days, until the expiry of five (5) years from the date of final settlement of the amount in default or the expiry of five (5) years from the date of discharge from a bankruptcy as notified by the data subject with evidence to the credit reference agencies, whichever is earlier.

  4. Requests for access and correction should be addressed in writing to:
    Data Protection Officer
    K Cash Limited
    17/F, Wheelock House,
    20 Pedder Street, Central, Hong Kong
    Fax: (852) 3568 9832

  5. In accordance with the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong), we have the right to charge a reasonable fee for the processing of any data access request.
This statement is subject to Chinese version. In the event of any conflict between the language versions of this statement in the future, the Chinese version shall prevail.