This Personal Information Collection Statement (this “PICS”) is made by Payment Asia and its affiliates (collective “we”, “our” or “us”) in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of the Laws of Hong Kong (“PDPO”). This PICS is intended to inform you of our policies and practices with respect to the collection and use of personal data.
1. Types of Data We Collect and Process
The types of data relating to you that may be accessed by us or any of our affiliates, agents or service providers to provide services to you, meet our regulatory obligations and/or manage our business may include the following:
a. Information required to comply with Anti-Money Laundering (“AML”), Know Your Customer (“KYC”) and Counter-Terrorism Financing (“CTF”) requirements.
• Such information may include: name, date of birth, telephone number, residential address, email address, nationality, Hong Kong Identity Card, passport or other state or national identification documents which may contain a photograph, address proof and bank statement.
• We collect this type of information when we are required to do so to comply with applicable laws or regulations or our internal policy requirements. Examples of when this would be the case are if you are a controlling party (such as a CEO, director, trustee, investment adviser, partner or agent) or ultimate beneficial owner (UBO) of our client.
• In order to comply with applicable financial crime related laws and regulations and sanctions regimes, we engage in politically exposed person (PEP), negative news and financial sanctions screening programmes. We may process your personal data and/or conduct screening on you and process certain special categories of your personal data, such as your political opinions or affiliations or trade union memberships, or information about any criminal conviction offence that you might have committed. Such processing is considered lawful on the grounds of substantial public interest and we will only process such special categories of personal data to the extent permitted by applicable laws or regulations. Other than as specified above, as a general rule, we do not require such sensitive personal data from you.
b. Information about your company’s business, financial affairs, end customers or operations
c. Transactional data
d. Compliance, audit and risk reporting
e. Fees and rates negotiated with us and other contractual terms
f. Personally identifiable information, or personal data, with respect to your company’s personnel, associated parties, beneficial owners, investors and clients
This is not intended to be an exclusive list of data that is required in our onboarding procedure and ongoing monitoring.
2. Purpose of Collection
During the term of business operation, the personal data collected by us may be electronically or manually used and/or processed for the following purposes within the jurisdictions in which we conduct business:
a. To carry out KYC and other procedures that we undertake prior to you becoming a client of ours;
b. To process applications or requests made by you;
c. To open, maintain and terminate merchant accounts;
d. To provide you with our services and products;
e. To process payments and make settlements;
f. To prevent and detect fraud and other illegal activities or misconduct;
g. To respond to and follow up on your enquiries;
h. To communicate with you in general;
i. To notify you of changes to our services that may affect you;
j. To comply with any present or future law, rule, regulation, guidance, decision or directive, including those concerning AML and CFT; and
k. For other purposes directly relating to any of the above.
Please note that you are required to provide your personal data, other than those items indicated as optional. In the absence of your personal data, we may not be able to provide you with the services or products you require.
3. Transfer of Personal Data
We may, for any of the purposes stated above, transfer any of your personal data to the following third parties:
a. Our related companies, including subsidiaries and affiliates within the Payment Asia Group in and outside Hong Kong;
b. Business partners and joint venture partners; and
c. Service providers, vendors, agents, consultants and independent contractors (including those outside Hong Kong) engaged by us for any of the purposes stated above.
We will disclose data when required to do so by law and may also disclose such data in response to requests from law enforcement agencies or other government and regulatory authorities.
4. Direct Marketing
We may use data from time to time collected or kept by us, including your name, address, telephone number and email address, for direct marketing purposes. We will not transmit or disclose your personal data to any third party for direct marketing purposes unless we have your consent or indication of no objection. However, we may transmit and disclose your name, address, telephone number and email address to our group companies in Hong Kong or overseas for direct marketing of their products in relation to payment services. In order to conduct the above direct marketing, we may engage third party data processors or service providers to complete the tasks.
When you give your consent or indication of no objection in relation to the above use to us, you represent that you have consented to our use of your personal data for the above purposes. You have the right to opt-out from such use. You may also change your preference with regard to use of your information in direct marketing at any time by contacting us at email@example.com.
The security of your personal information is important to us. When you enter sensitive information on our registration or order forms online, we encrypt that information using secure socket layer (SSL) technology. We have also put in place suitable procedures to safeguard and secure the information we collect offline.
Payment Asia takes reasonable security measures to protect your personal information to prevent loss, misuse, unauthorised access, disclosure, alteration, and destruction. Please be aware, however, that despite our efforts, no security measures are impenetrable.
6. Retention of Personal Data
We will keep all personal data according to the guidance set by the PDPO. We will only retain and use your personal data for as long as your account is active or as needed to provide you services and for the period of time which is necessary to fulfil the purpose of use of such data (including any purpose directly related), comply with our legal obligations, resolve disputes, and enforce our agreements.
7. Access and Correction of Personal Data
You have a right to (i) request access to; (ii) obtain a copy of; (iii) supplement or request correction of; (iv) request that we cease the collection, processing, or use of; or (v) request that we delete your personal data held by us. If you wish to exercise your rights, please contact our data protection officer at firstname.lastname@example.org. Please note that we may charge a reasonable fee for the processing of any data access request.
9. Revision of PICS
We may revise the terms of this PICS from time to time. We encourage you to check this PICS from time to time to ensure that you are aware of the most recent version.
10. English Version Prevails
If there is any inconsistency or ambiguity between the English and Chinese versions of this PICS, the English version shall prevail.
If you have any questions about this PICS, please contact us at email@example.com.
This version was last updated in December 2020.