Konew Fintech Corporation Limited (“the Company”)’s
Privacy Policy

This privacy policy provides information regarding the policies and practices of the Company in relation to personal data. The Company is committed to protecting the privacy, confidentiality and security of the personal data it holds by complying with the requirements of Personal Data (Privacy) Ordinance (Cap. 486) (the “Ordinance”) with respect to the management of personal data. The Company is equally committed to ensuring that all its employees and agents uphold these obligations.

Definitions used in this privacy policy:

1. From time to time, it is necessary for Customers or other data subjects to provide the Company with their personal data to make use of Services and Facilities. Personal data are also collected from Customers in the ordinary course of the financial and business relationship with the Company. Such data includes but is not limited to:
   1. full name;
   2. identity card number or travel document number including copies of the identity card and travel document as well as data embedded in the integrated circuits in such documents;
   3. date of birth;
   4. residential and/or correspondence address(es);
   5. telephone/mobile phone number(s);
   6. email address;
   7. biometric data including but not limited to facial image(s) and data embedded in biometrically enabled identity and/or travel documents;
   8. salaries and income;
   9. household expenses and number of dependents; and
   10. such other or further data as the Company deems necessary.
2. The purposes for which Data about Customers and other data subjects may be used by the Company are divided into obligatory purposes and voluntary purposes. If Data are provided for an obligatory purpose, the relevant Customer or data subject MUST provide his/her Data to the Company if he/she wants the Company to provide the Services and Facilities. A failure to supply such Data may result in the Company being unable to provide relevant Services and Facilities. For example:
   1. In relation to a Customer which is a sole proprietor or partnership, the number and copy of the identity card or passport of the sole proprietor or partner(s) may be collected, at different stages of application and in provision of Services and Facilities, for the Company to verify his/her identity as part of the know-your-customer procedure in compliance with anti-money laundering and counter-terrorist financing regulatory requirements.
   2. In relation to a Customer which is a company, the identity card or passport number of the authorized person (which may be a director of the company) may be collected to verify such person’s identity.
   3. Identity card or passport number of our Customers’ guarantors may be collected to verify the guarantors’ identity.
   4. residential and/or correspondence address(es);
   5. telephone/mobile phone number(s);
   6. In relation to paragraphs 2(ii) and 2(iii) above, in compliance with the Code on Identity, the Company is required to check that the correct identity number is provided to the Company. To enable such checking by the Company, the relevant Guarantor or the Customer’s authorized person (which may be a director of the company) may choose to:
   1. Physically present his/her identity card or passport in person to the Company; or
   2. Provide a copy of his/her identity card or passport to the Company if he/she decides not to present such document in person to the Company.
3. The purposes for which it is obligatory for Customers or other data subjects to provide their Data are as follows:
   1. The provision of Services and Facilities including but not limited to giving effect to instructions in relation to specific transactions or otherwise.
   2. Deciding whether or not to provide Services and Facilities to Customers.
   3. Conducting credit checks (including without limitation upon an application for consumer credit and upon periodic review of the credit).
   4. Creating and maintaining the Company’s credit and risk related models.
   5. Assisting other financial companies and institutions to conduct credit checks and collect debts.
   6. Ensuring ongoing credit worthiness of Customers or relevant data subjects.
   7. Designing financial services or related products for Customers’ use.
   8. Determining the amount of indebtedness owed to or by Customers or the relevant data subjects.
   9. Enforcing obligations of Customers or the relevant data subjects, including but not limited to collecting amounts outstanding from Customers or the relevant data subjects.
   10. Complying with data usage and disclosure obligations, requirements, recommendations, instructions or arrangements that apply to the Company or any Group Company or with which it or a Group Company is expected to comply, pursuant to:
   1. Any present or future law binding on or applying to it within or outside Hong Kong;
   2. Any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently or in the future;
   3. cAny present or future contractual or other commitment entered into with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Company or any other Group Company by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
   11. Complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing Data and information with other Group Companies and/or any other use of Data and information to conduct know-your-customer procedures and comply with anti-money laundering and counter-terrorist financing requirements and/or otherwise in accordance with any group-wide programs for compliance with sanctions or prevention or detection of crime, money-laundering, terrorist financing or other unlawful activities;
   12. Enabling an actual or proposed assignee of the Company (including without limitation any person with whom it is proposed the Company will merge or to whom the Company proposes to dispose of all or any part of its business), or participant or sub-participant of the Company’s rights in respect of the Customers to evaluate the transaction intended to be the subject of the assignment, merger, disposal, participation or sub-participation; and
   13. Purposes directly relating to the purposes listed above.
       The Company may carry out “matching procedures” (as such expression is defined under the Ordinance) in respect of all or any of such purposes.
4. The Company wishes to use the following types of Data for direct marketing in the manner provided in this paragraph – the Company’s use of personal data for direct marketing is a voluntary purpose only. The Company must obtain the relevant Customer’s or data subjects’ written consent (which can include an indication of no objection) if it is to use personal data for this purpose. The Company may not use the personal data for direct marketing unless it has received written consent from Customers or the data subjects.
   In this connection:
   1. The name, contact details (such as phone number, email address or home address), Konew account number of a Customer or relevant data subject held by the Company from time to time may be used by the Company for direct marketing;
   2. Any Services and Facilities may be marketed;
   3. In addition to marketing Services and Facilities, the Company wishes to provide the personal data described in paragraph 4(i) above to other Group Companies and other financial companies or institutions providing for use by such other Group Companies and other financial companies or institutions in marketing their services, products and subjects, including the Financial Services, Referral Services and those in blockchain, technology, real estate, food and beverage sectors; and the Company must obtain the written consent of Customers or relevant data subjects (which includes an indication of no objection) for that purpose – written consent may be given in the Request Form or by use of opt-out checkbox (as explained below);
   4. The Company may provide the personal data described in paragraph 4(i) above to other Group Companies and other financial companies or institution for gain and, when requesting the Customer’s or relevant data subject’s consent or non-objection as described in paragraph 4(iii) above, the Company will inform such Customer or relevant data subject if it will so provide such personal data to the other persons for gain; and
   5. The Company and other Group Companies and other financial companies or institutions may also, from time to time, engage third party marketing services providers to conduct direct marketing on their behalf, and may share personal data described in paragraph 4(i) above with these third party marketing services providers for such purposes.
   To indicate consent / no consent to the use / provision of his/her personal data for direct marketing, a Customer or data subject may fill out an "Opt-out Request – Use/Provision of Personal Data in Direct Marketing" attached to this privacy policy ("Request Form") or check the opt-out box in relation to use of personal data for direct marketing provided by the Company from time to time.
   If a Customer or data subject does not want the Company and/or other Group Companies and financial companies or institutions to use his/her personal data or provide his/her personal data to other persons for use in direct marketing as described above and also wants the Company and/or other Group Companies and financial companies or institutions to advise those other persons to stop using his/her personal data for direct marketing, he/she may say so in the Request Form or notify the Company of the same at any other time.
5. Data held by the Company relating to a Customer or relevant data subject will be kept confidential but the Company may provide such information to the following parties (whether within or outside the Hong Kong Special Administrative Region) for the purposes set out in paragraph 3:
   1. Any person to whom the Company or any other Group Company is under an obligation or is otherwise required to make disclosure under the requirements of any law, rule, regulation or court order binding on or applying to the Company or such Group Company or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities or self-regulatory or industry bodies, or associations or financial service providers with which the Company or any Group Company is expected to comply, or any disclosure pursuant to any contractual obligation, including but not limited to the Hong Kong Monetary Authority, the Securities and Futures Commission, the Hong Kong Police, the Independent Commission Against Corruption and the Office of the Privacy Commissioner for Personal Data, Hong Kong.
   2. Any person with the consent of a Customer or the relevant data subject.
   3. Any agent, contractor or third party service provider which provides administrative, tele-communications, computer, payment, debt collection, securities clearing, data processing, marketing or other services to the Company in connection with the operation of its business.
   4. Any Group Company, including without limitation TrustMeChain group companies.
   5. Bridgeway Prime Shop Fund Management Ltd and any other person wishing to provide funds to the Company for the purposes of financing its money lending business.
   6. Any other person under a duty of confidentiality to the Company including a Group Company which has undertaken to keep such information confidential.
   7. Any financial company or institution with which a Customer has or proposes to have dealings.
   8. Any actual or proposed assignee of the Company or any transferee of the Company’s rights in respect of a Customer including, without limitation, the Hong Kong Mortgage Corporation Limited ("HKMC") or such other person(s) as may be required or necessary pursuant to contractual arrangements with the HKMC in respect of the sale of mortgages or other security by the Company.
   9. Banks of drawers of cheques made payable to a Customer for the purpose of confirming to such drawers that payment to the relevant Customer under such cheques has been made.
   10. CRAs and, in the event of default, to debt collection agencies.
   11. Any other person with whom the Company proposes to merge or to which the Company proposes to dispose of all or any part of its business.
   12. Provided the relevant Customer or data subject has consented in accordance with paragraph 4 above, any person to whom such Customer or data subject has consented that the Company may transfer his/her personal data for the voluntary purpose of direct marketing.
6. If there is a default in repayment of any facility, unless the amount in default is fully paid or written off (otherwise than due to a bankruptcy order) before the expiry of 60 days from the date which such default occurred, the relevant Customer and/or the Guarantor and/or the Mortgagor shall be liable to have his/her account data and data relating to mortgage loans (if applicable) retained by the relevant CRA until the expiry of 5 years from the date of final settlement of the amount in default.
   
   If any amount is written off due to a bankruptcy order being made against a Customer, the Customer shall be liable to have his/her account data and data relating to mortgage loans (if applicable) retained by the relevant CRA, regardless of whether the account data reveal any material default (i.e. a default in payment for a period in excess of 60 days), until the earlier of the expiry of 5 years from the date of final settlement of the amount in default or the expiry of 5 years from the date of the Customer’s discharge from bankruptcy as notified to the relevant CRA by the Customer with evidence.
7. Where consumer credit is applied for, upon termination of the account by full repayment by a Customer and on condition that there has not been, within 5 years immediately before account termination, any material default (namely, a default in payment for a period in excess of 60 days) on the account, the Customer will have the right to instruct the Company to make a request to the relevant CRA to delete from its database any account data relating to the terminated account and any data relating to mortgage loans (if applicable).
8. The Company may obtain a credit report on a Customer from a CRA in considering any application for Services and Facilities from the Company. If the Customer wishes to access the credit report, the Company will advise the contact details of the relevant CRA for the purpose of the making of a copy of the credit report and any handling of any data correction request by the CRA.
9. Furthermore, for the purpose of the review of existing consumer credit facilities, the Company may from time to time access the consumer credit data of a Customer held with a CRA so as to facilitate the Company's consideration of all or any one or more of the matters specified below:
   1. An increase in the credit amount;
   2. The curtailing of credit (including, without limitation, the cancellation of credit or a decrease in the credit amount); and
   3. The putting in place or the implementation of a scheme of arrangement with the Customer.
10. Under and in accordance with the terms of the Ordinance and the Code on Consumer Credit Data, any data subject has the right:
    1. To check whether the Company holds personal data about him/her and to have access to such personal data;
    2. To require the Company to correct any personal data relating to him/her which are inaccurate;
    3. To ascertain the Company’s policies and practices in relation to personal data and to be informed of the kind of Data held by the Company; and
    4. In relation to consumer credit, to be informed, upon request, about which items of Data (including Data relating to mortgage loans (if applicable) are routinely disclosed to CRAs or debt collection agencies, and be provided with further information to enable the making of a data access or correction request to the relevant CRA or debt collection agency.
       In accordance with the provisions of the Ordinance, the Company has the right to charge a reasonable fee for the processing of any data access request.
11. The person to whom requests for access to personal data or correction of personal data or for information regarding policies and practices and kinds of personal data held are to be addressed is as follows:
    Konew Fintech Corporation Limited
    Data Protection Officer
    Address:
    4/F, Wheelock House, 20 Pedder Street, Central, Hong Kong
    Hotline: 2110 2110
    Facsimile: 2110 0300
12. Nothing in this privacy policy shall limit the rights of Customers or data subjects under the Ordinance.