LEAPSTART (HK) LIMITED

PERSONAL INFORMATION COLLECTION STATEMENT

This notice is given by LEAPSTART (HK) LIMITED ("LEAPSTART") , holding the registered trademark brand COCO CREDIT,to its customers and any third parties ("Third Parties") whose personal data are collected by LEAPSTART and/or provided to LEAPSTART by its customers for its use for the purposes set out below.

1.       From time to time, it is necessary for customers to supply LEAPSTART with their personal data and personal data about Third Parties in connection with the opening and/or continuation of loan accounts, the establishment and/or continuation of credit facilities, and/or provision of other financial services. Such personal data of customers and Third Parties shall include but are not limited to the following (collectively "personal data"):

1.   full name;
2.   identity card number or travel document number including copies of the identity card,passport and travel document and data embedded in the integrated circuits in such documents;
3.   date of birth;
4.   residential and/or correspondence address(es);
5.   telephone/mobile phone number(s);
6.   email address and/or social media applications;
7.   biometric data including but not limited to facial image(s) and data embedded in biometrically enabled identity and/or passport or travel documents whether obtained through a biometric sensor module on the user's electronic devices or otherwise;
8.   occupation, salary, income and all other information applicable to the company's credit review, including but not limited to the customer's company information as proprietor, partner, shareholder, employee, household expenses and number of dependents , personal financial status, wishes or goals ( including loan needs)financial status, wishes or goals ( including loan needs) ;
9.   bank accounts or payment tool accounts; and
10.   such other or further data as LEAPSTART deems necessary.

2.       Failure to supply such personal data may result in LEAPSTART being unable to open or continue loan accounts, or establish or continue credit facilities, or provide other financial services to customers.
3.       It is also the case that such personal data are collected from customers in the ordinary course of business of LEAPSTART, for example, when customers communicate orally or in writing or other social applications with LEAPSTART, by means of documentation, via the system, the mobile apps and / or the website operated and maintained by LEAPSTART (as the case may be). For the maintenance of normal ongoing customer relationships, LEAPSTART will also collect personal data relating to customers from third parties, including third party service providers with whom a customer interacts in connection with the marketing of LEAPSTART's products and services, and in connection with a customer's application for LEAPSTART's products and services (including receiving personal data from credit reference agencies approved for participation in Credit Data Smart* (collectively "credit reference agencies")).
   * "Credit Data Smart" is the Multiple Credit Reference Agencies (MCRA) Model, developed by the Hong Kong Association of Banks, the Hong Kong Association of Restricted License Banks and Deposit-taking Companies (DTCA), and the Hong Kong S.A.R. Licensed Money Lenders Association Limited, with the support of the Hong Kong Monetary Authority. Its purpose is to enable lenders to share and use consumer credit data through more than one credit reference agency.
4.       The purposes for which the personal data of customers and Third Parties may be used are as follows:

1.   conducting credit checks against the customers upon an application for credit;
2.   the daily operation of loan accounts, credit facilities and other financial services provided to customers;
3.   setting and maintaining LEAPSTART's credit scoring models;
4.   conducting credit checks when customers apply for credit and during regular or special credit reviews (usually once or more per year);
5.   assisting other credit providers in the Hong Kong S.A.R. ("Hong Kong") approved for participation in Credit Data Smart to conduct credit checks and collect debts;
6.   ensuring ongoing creditworthiness of customers;
7.   determining amounts owed to or by customers;
8.   designing credit services or related products for customers' use;
9.   complying with obligations, requirements or arrangements for disclosing and using personal data that apply to LEAPSTART or that it is expected to comply with according to:

(i) any law binding or applicable to it within or outside Hong Kong existing currently or in the future;

(ii) any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside Hong Kong existing currently or in the future; and

(iii) any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on LEAPSTART by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;

(j) complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing personal data and information within any subsidiaries, holding companies, associated companies or affiliates of LEAPSTART ("LEAPSTART Group Companies") and/or any other use of personal data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;

(k) enabling an actual or proposed assignee of LEAPSTART, or participant or sub-participant in LEAPSTART's rights in respect of customers to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation;

(l) marketing credit services or products of LEAPSTART; and

(m) other purposes relating to each of the above.

In relation to personal data of customers, the purposes listed in paragraphs (a) to (k) (inclusive) and any purposes related thereto are "obligatory" purposes, meaning that customers must permit LEAPSTART to use their personal data for these purposes if they wish to use LEAPSTART's services. The purposes listed in paragraph (l) and any purposes related thereto are "voluntary" purposes, meaning that customers have a choice whether LEAPSTART can use their personal data for these purposes and if a customer does not want LEAPSTART to use his/her personal data for those purposes, he/she can tell LEAPSTART and LEAPSTART will not use his/her personal data for those purposes.

In relation to personal data of Third Parties, the purposes listed in paragraphs (a) to (l) and any purposes related thereto are "voluntary" purposes, meaning that Third Parties have a choice whether LEAPSTART can use their personal data for these purposes and if a Third Party does not want LEAPSTART to use his/her personal data for these purposes, he/she can tell LEAPSTART or the customer of his/her wish not to disclose such personal data to LEAPSTART, and the customer shall not thereafter provide such personal data to LEAPSTART and LEAPSTART will not use his/her personal data for those purposes if LEAPSTART is aware that Third Party does not consent to the use of such personal data for such purposes.

5.       Personal data held by LEAPSTART relating to a customer and a Third Party will be kept confidential but LEAPSTART may provide such personal data to the following parties (no limited to Hong Kong) for the purposes set out in paragraph 4 (all obligatory purposes except paragraph 4(l)):

1.   any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or other services to LEAPSTART in connection with the operation of its business;
2.   any other person under a duty of confidentiality to LEAPSTART including a member of the LEAPSTART Group Companies which has undertaken to keep such information confidential;
3.   credit reference agencies (including the operator of any centralized database used by credit reference agencies), and in the event of customer default, to debt collection companies;
4.   any person with the express prescribed consent of customers or Third Parties (as the case may be);
5.   any person to whom LEAPSTART is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to LEAPSTART, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which LEAPSTART is expected to comply, or any disclosure pursuant to any contractual or other commitment of LEAPSTART with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers, all of which may be within or outside of Hong Kong and may be existing currently or in the future;
6.   as a voluntary purpose, selected persons for use in direct marketing (please see further details in paragraph 6 below);
7.   external service providers (including but not limited to mailing houses, telecommunication companies and information technology companies) that LEAPSTART engages for the purpose set out in paragraph 4(l) above; and
8.   any actual or proposed assignee of LEAPSTART or participant or sub-participant or transferee of LEAPSTART's rights in respect of the customers.

LEAPSTART may, in accordance with the instructions from customers of LEAPSTART or third party service providers engaged by the customers, transfer the personal data of customers to third party service providers using the Application Programming Interfaces (API) of LEAPSTART for the purposes notified to customers by LEAPSTART or third party service providers and/or as consented to by the customers in accordance with the Personal Data (Privacy) Ordinance (the "Ordinance"). Customers use of such third-party services or acceptance of the relevant terms of service shall be deemed consent for LEAPSTART to use such data for this specific purpose.

6.       LEAPSTART would like to use personal data of customers for direct marketing purposes as a voluntary purpose. LEAPSTART cannot use a customer's personal data for that purpose without first obtaining his or her consent (which includes an indication of no objection) for that purpose. In this connection, please note that:

1.   the name, contact details, products and services portfolio information, transaction pattern and  

behaviour, financial background and demographic data of a customer held by LEAPSTART from time to time may be used by LEAPSTART in direct marketing; and

2.   the following classes of services, products and subjects may be marketed:
       (i) financial related services and products; and

(ii) reward, customer loyalty or privileges programmes and related services and products.

Customers have a choice on whether or not their personal data can be used for direct marketing purposes. If a customer does not wish LEAPSTART to use or provide to other persons his/her personal data for use in direct marketing as described above, and also wants LEAPSTART to advise other persons to stop using his/her personal data for such direct marketing purpose, he or she may notify LEAPSTART of the same any time, without charge.

For the avoidance of doubt, LEAPSTART will not use personal data of Third Parties for direct marketing purposes unless they expressly consent.

7.       Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data, every customer and Third Party has the right:

1.   to check whether LEAPSTART holds personal data about him/her and to have access to such personal 

data;

2.   to require LEAPSTART to correct any personal data relating to him/her which are inaccurate;
3.   to ascertain LEAPSTART's policies and practices in relation to personal data and to be informed of the 

kind of personal data held by LEAPSTART;

4.   in relation to consumer credit of a customer, to be informed on request which items of personal data 

are routinely disclosed to credit reference agencies or debt collection agencies, and be provided with further information to enable the making of a data access and correction request to the relevant credit reference agency(ies) or debt collection agency(ies); and

5.   in relation to any account data (including account repayment data) of a customer which have been

provided by LEAPSTART to credit reference agency(ies), to instruct LEAPSTART upon termination of an account by full repayment to make a request to the relevant credit reference agency(ies) to delete such account data from its database, as long as the instruction is given within 5 years of termination and at no time did the account have a default of payment lasting in excess of 60 days within the 5 years immediately before account termination. Such "account repayment data" include amount last due, amount of payment made during the last reporting period (being a period not exceeding 31 days immediately preceding the last contribution of account data by LEAPSTART to credit reference agency(ies)), remaining available credit or outstanding balance and default data (being (i) amount past due and number of days past due; (ii) date of settlement of amount past due; and (iii) date of final settlement of amount in default lasting in excess of 60 days (if any)).

8.       Customers should note that:

1.   in the event of any default in repayment relating to an account, unless the amount in default is fully

repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, the account repayment data of the relevant customer may be retained by the credit reference agency(ies) until the expiry of 5 years from the date of final settlement of the amount in default; and

2.   if any amount in an account is written-off due to a bankruptcy order being made against a customer,

the account repayment data may be retained by the credit reference agency(ies), regardless of whether the account repayment data reveal any default of payment lasting in excess of 60 days, until the expiry of (i) 5 years from the date of final settlement of the amount in default; or (ii) 5 years from the date of discharge from bankruptcy as notified by the customer with evidence to the credit reference agency(ies), whichever is earlier.

9.       LEAPSTART may have obtained credit report(s) on the customer from credit reference agency(ies) in considering any application for credit and/or reviews or renewals of existing credit facilities to customers. The matters LEAPSTART will consider when accessing these consumer credit data for the purpose of reviews will be (i) an increase in the credit amount; (ii) cancellation of credit; (iii) a decrease in the amount of credit; or (iv) putting in place a scheme of arrangement with relevant customers. LEAPSTART may also access such consumer credit data about customers for the purpose of reasonable monitoring of indebtedness whilst relevant customers are in default. If a customer wishes to access a credit report(s), please contact LEAPSTART and LEAPSTART will advise the contact details of the relevant credit reference agency(ies).
10.    In accordance with the terms of the Ordinance, LEAPSTART has the right to charge a reasonable fee for processing any personal data access request.
11.    LEAPSTART has engaged TransUnion as the credit reference agency for the provision of the Consumer Credit Reference Service (as defined in the Code of Practice for the Multiple Credit Reference Agencies Model (as updated or superseded from time to time) (the "Code of Practice for the MCRAM")) to enable LEAPSTART to assess credit facility applications of customers and make credit decisions. LEAPSTART may engage other credit reference agencies and LEAPSTART will disclose the name of any such credit reference agency after engagement by updating this Personal Information Collection Statement.
12.    A customer who would like to (i) request access to personal data or correction of personal data or for information regarding LEAPSTART's Personal Information Collection Statement and kinds of data held; (ii) give consents, make objections to and/or make opt-outs in relation to the use/provision of personal data for direct marketing; (iii) make an enquiry about the credit reference agency(ies) in relation to a credit facility application; and/or (iv) get the contact details of the credit reference agency engaged by LEAPSTART, may contact LEAPSTART by sending a letter or telephone LEAPSTART as follow:

LEAPSTART (HK) LIMITED

FLAT TA12 6/F WOON LEE COMMERCIAL BUILDING 7-9 AUSTIN AVENUE TSIM SHA TSUI KL

Attn.: The Data Protection Officer

Telephone/ WhatsApp number: +852 6945 4179

Email Address: support@cococredit.com

13.    A customer is entitled, if he/she is the data subject of a credit report issued by one of LEAPSTART's credit reference agencies, to request and receive free of charge a copy of that credit report from the relevant credit reference agency if the customer has been refused credit by LEAPSTART within the previous 30 Business Days (as defined in the Code of Practice for the MCRAM) based on that credit report.
14.    Customers are also entitled to request a credit report from each credit reference agency engaged by LEAPSTART without charge in any twelve month period in respect of each such credit reference agency.
15.    Nothing in this Personal Information Collection Statement shall limit the rights of customers and Third Parties under the Ordinance.

LEAPSTART (HK) LIMITED

Last Updated Date : Jan 2026