COCO CREDIT - Privacy Policy Statement

Last Updated Date: January 4, 2024

This Privacy Policy Statement ("Privacy Policy") sets out the commitment by LEAPSTART (HK) LIMITED (the "Company" or "we" or "us" or "COCO CREDIT") in protecting the privacy of individuals who provide data about themselves to us. COCO CREDIT is a brand owned and operated by the Company.

In this Privacy Policy, the term "data subjects", "you" or "your" means any person who has provided or will provide personal data to us. This may include, without limitation, the following or any of them:

  • · applicants for and users of our loan facilities and other services, provided by COCO CREDIT;
  • · persons giving or proposing to give security or guarantees for obligations owed to us;
  • · persons linked to a customer or applicant that is not an individual, including the beneficial owners and officers of that customer or applicant, or in the case of a trust, including the trustees, settlors, protectors and beneficiaries of the trust;
  • · other persons who are relevant to a customer's relationship with us; and
  • · our employees.

    • The Services are not intended for minors below 18 and we do not knowingly collect data relating to minors for any purpose.

    Please read this Privacy Policy carefully, it is very important for you to understand how we collect and use your data, and how you can manage it. If you do not agree to the processing of your personal data in the way describes or any other part in this Privacy Policy, please do not provide your data when requested and stop browsing or using the Website and any of its web pages or mobile applications. Your continued browse of use of the the Website and any of its web pages or mobile applications or Services we provided constitutes your acknowledgement and acceptance of our rules regarding your personal data as described in this Privacy Policy.

    This Privacy Policy shall apply to all data subjects and, if you are our customer or an applicant for loan facilities or other services, form part of the terms and conditions of the loan agreement and such other agreement that COCO CREDIT may specify from time to time. In the event of any inconsistency or discrepancy between this Privacy Policy and the relevant agreement, this Privacy Policy shall prevail insofar as it relates to the protection of the data subject's personal data.

    Our Privacy Policy may be revised from time to time without any prior consent. You may refer to the "Last Updated Date" at the top of this Privacy Policy to determine when this Privacy Policy was last revised. You agree to review COCO CREDIT's website periodically, and by continuing to access or use such websites, COCO CREDIT products and services, you consent to any such changes.

    Collection of Personal Data

    COCO CREDIT respects your trust. COCO CREDIT is committed to fully implementing and complying with the six data protection principles under the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong) (the "Ordinance"). Personal data means any data relating to an individual from which the identity of that individual can be directly or indirectly ascertained. We may collect, including but not limited to, the following data, which may from time to time be personal data:

  • · Name;
  • · Age;
  • · Gender;
  • · Telephone number;
  • · Email address;
  • · Identity card number or passport number;
  • · Nationality or residence status;
  • · Date of birth;
  • · Personal financial situation, wishes or goals (including loan needs);
  • · Income or property data;
  • · Educational level;
  • · Employment data;
  • · Residential and communication data;
  • · Details of bank accounts or stored-value payment instrument accounts;
  • · Social media content and related data;
  • · Preferences for any products or services;
  • · The content of your correspondence with COCO CREDIT;
  • · data about your visits to and use of the COCO CREDIT website; and
  • · Location data.
  • · SMS data.

    • With your prior consent, we may collect your SMS data but only process the data in connection with the provision and repayment of bank loans and third party loans, in order to assess your current debt and repayment status, to generate the best possible credit score, and to decide whether or not to provide you with a loan based on your credit score, and also to prevent fraud. Unless otherwise required by law, such SMS data will be deleted or anonymised after the credit score is generated and will not be used for any other purposes.

    We may collect your image information primarily for your uploading and submission of relevant proof materials within the personal lending application. These images may include, but are not limited to, identification cards, bank card photos, or other necessary documents used to verify your identity and process your loan application. We will strictly protect your image information and will not use it for other purposes unless expressly authorized by you or required by law.

    In addition, when you use our website or services, we may automatically collect certain data that, when combined with other data about you, may become your personal data. Such data includes, but is not limited to

  • · The attributes of the device or equipment you are using, such as operating system, hardware version, device settings, software and device identifiers;
  • · The location of the device, including a specific geographic location obtained through GPS, Bluetooth, WiFi signals or other means;
  • · Mobile network data, such as the name of your mobile network provider, Internet service provider or other service provider, type of web browser, and IP address;
  • · Biometric data such as facial images;

    • At your request or obtaining your authorization, COCO CREDIT may be able to obtain data about you from any of our business partners, brand partners, or credit reference agencies, and COCO CREDIT may also obtain data about you from the public domain. Data may also be combined with other data from COCO CREDIT.

    If you disclose any third party's personal data (e.g. family members or representatives, etc.) to us at any time, whether that is through a personal loan or a loan to a small/medium enterprise, you undertake that you have obtained the third party's prior consent to do so and such third party has agreed to allow us to use and disclose their personal data in accordance with this Privacy Policy.

    Purpose of Collection

    For COCO CREDIT's services, we may collect data directly or indirectly from you or from persons acting on your behalf as follows:

    Use of Personal Data

    We will use data for the following purposes or any of them, which may vary depending on the nature of your relationship with us:

  • · Consider and process applications for products and services, and the daily operation of products and services (including without limitation loan facilities and related financial products and services) provided to you, or to the relevant customer or persons linked to you;
  • · Conduct credit checks whenever appropriate (including without limitation at the time of application for a loan or at the time of regular or special reviews of credit which normally will take place one or more times each year);
  • · Create and maintain COCO CREDIT's credit-scoring models, risk-related models or anti-money laundering systems;
  • · Ensure your ongoing credit worthiness and good standing;
  • · Assist other financial institutions, including credit providers in Hong Kong approved for participation in the Multiple Credit Reference Agencies Model, to conduct credit checks and to collect debts;
  • · Design and develop loan/credit facilities and related financial products and services for customers' use;
  • · Conduct marketing research, developing and providing membership programme or referral campaigns and customer profiling and segmentation;
  • · Analyse how you access and use our products and services;
  • · Subject to obtaining the consent of data subjects, direct marketing services, marketing products, services and other subjects as described in Article Direct Marketing;
  • · Determine the amount of the data subject's liabilities to the Company or the Company to the data subject;
  • · In the case of mortgages, the credit reference agency will also use the number of mortgages held by you (as borrower, mortgagor or guarantor, whether in a single name or jointly with other persons) from time to time for sharing by credit providers in the credit reference agency's customer credit database.
  • · Ensure that COCO CREDIT may exercise such rights under the contract with the data subject, including the collection of outstanding amounts owed to the data subject under the contract;
  • · Ensure that COCO CREDIT, and any agency of COCO CREDIT, can fulfill obligations, requirements or arrangements, whether mandatory or voluntary, to comply with or comply with the relevant:
  • · any law, regulation, judgment, court order, code of conduct or sanction regime now or hereafter existing within or outside the Hong Kong Special Administrative Region which is or becomes legally binding on or applicable to COCO CREDIT and any institution of COCO CREDIT (the "Laws");
  • · any guidelines or guidance or codes of practice or requirements and any international guidelines, internal policies or procedures issued or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of relevant stock exchanges, financial service providers, whether within or outside the Hong Kong Special Administrative Region and whether now or in the future;
  • · any existing or future contracts or other commitments with local or overseas legal, regulatory, judicial, administrative, public or law enforcement authorities having jurisdiction over COCO CREDIT as a whole or any part thereof, or governmental, tax, revenue, fiscal, court or other authorities, or self-regulatory or industry bodies or associations of financial services providers or their agents (collectively and each, an "Authority"), by us assumed by, imposed on or applied to us; and
  • · any agreement or treaty between us and the Authority.
  • · Comply with any program established by any COCO CREDIT entity for the purpose of complying with any act or intent to sanction or prevent or detect money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions and/or circumvention or violation of any law relating to such matters with respect to the sharing of data and/or data and any other use of COCO CREDIT any obligation, requirement, policy, procedure, measure or arrangement specified for the sharing of data and/or any other use of data within COCO CREDIT;
  • · Assist in the consolidated supervision of the Company (for internal audit and risk management);
  • · For actual or potential transferees of all or any part of COCO CREDIT's business and/or assets, or participants or sub-participants of COCO CREDIT's rights to the data subject's loans/credit facilities, to measure the transfer, participation or sub-participation in the transaction in question, and to allow the actual transferees to use such data in the conduct of their business or in the allocation of their rights;
  • · Conduct credit checks, fraud checks, data verification purposes comparing you with other persons, other financial institutions and/or generating or verifying data for other purposes in connection with your applications for products and services or the credit, products and services we provide;
  • · Maintain the credit history or other records of the data subject (whether or not the data subject has a pre-existing relationship with COCO CREDIT) for present or future reference;
  • · Defend or respond to any legal, governmental or regulatory or quasi-official related matter, action or proceeding (including any potential action or proceeding) against us;
  • · Using several algorithms and Big Data Analytics and Artificial Intelligence ("BDAI") technologies and applications, either on their own or through our service providers:
  • · analyzing statistics, trends, markets, behaviors, usage patterns, customer segmentation and pricing;
  • · planning, research and development, service or product design, and customer experience improvement;
  • · Forecasting models;
  • · credit, anti-money laundering, fraud prevention and other risk assessment; and
  • · any other use related to the above.
  • · Make or investigate insurance claims or responding to any insurance related matters, litigation or legal proceedings in respect of us;
  • · Administer, enhance, maintain and make available COCO CREDIT and to process or communicate with data subjects any enquiries or requests made by them through COCO CREDIT; and/or
  • · Any other purposes related to the above purposes.

    • Use of Cookies

    Cookies are small data files which are placed on a data subject's device when the data subject visits COCO CREDIT's website, interacts with COCO CREDIT or clicks on COCO CREDIT's online advertisements. Cookies or similar technologies are used for the following purposes:

    · Perform aggregated (and therefore anonymous) statistical analysis of your on-site behaviour such as the number of visits to our site, page views, and length of time spent on each page;

    · Provide an enhanced user experience, remembering your preference within our website, and enabling easy navigation between the public section and member owner section of our website; and

    · Promote personalized products using your visited pages, and the website links you have followed to.

    These cookies may be placed on a data subject's device by COCO CREDIT or by third parties on COCO CREDIT's behalf (for example, advertising networks and providers of external services like web traffic analysis services). data recorded through the use of cookies by third parties are aggregated and then shared with COCO CREDIT as anonymous aggregated research data. No personal contact data about data subjects is collected or shared by third parties with COCO CREDIT as a result of the use of cookies.

    Most web browsers are initially set up to accept cookies. Should you wish not to be tracked by this kind of technology, you can choose to "not accept" cookies by changing the settings on your web browser. However, if you block all cookies, including strictly necessary cookies, you may not be able to use the COCO CREDIT website.

    Retention of Personal Data

    We will take practicable steps to ensure that your personal data is not kept longer than necessary and we will comply with all statutory and regulatory requirements in Hong Kong concerning the personal data that we will collect, hold, process and use.

    Security Measures

    We provide and maintain stringent security measures to protect COCO CREDIT's systems, and the data and personal data retained therein, including:

    · use of One-Time Password (OTP) to authenticate the identity of users and customers;

    · use of firewalls and network segregation to protect unauthorized access;

    · use of encryption to keep each data subject's personal data private at rest and in transit;

    · regular review of our data collection, use, storage and processing practices;

    · restriction of access to personal data to relevant employees on a "need-to-know" basis; and

    · training to employees on the proper handling of personal data.

    While the internet is not an inherently secure environment for communications, we continuously review and apply industry best practices to protect and secure this channel throughout our systems. The level of security on your personal device and the general measures you take in handling your own digital data are equally important. In most cases, an imprudent transmission and handling of sensitive data such as confidential documents, password, personal identifiers etc. would facilitate unauthorized access resulting in a data breach. Therefore, we remind you to be cautious when using COCO CREDIT's website and handling your own sensitive documents and data.

    Disclosure of Personal Data

    All personal data held by COCO CREDIT will be kept confidential, but COCO CREDIT may disclose such data to the Ordinance or transfer it to the following parties or any of them (whether within or outside Hong Kong) for the purposes set out in ArticleUse of Personal Data:

    · Any agent, contractor, subcontractor or partner of COCO CREDIT or any organization of COCO CREDIT (including its employees, personnel, agents, contractors, service providers and professional advisors);

    · Any third party service provider that provides administrative, professional, consulting, telecommunications, data services, computer, payment, data processing, debt collection or other services to any of COCO CREDIT's organizations in connection with the operation of COCO CREDIT's or any COCO CREDIT's business;

    · Paying banks that provide copies of paid checks (which may contain data about the payee) to the drawer;

    · Credit reference agencies (including operators of any central database used by credit reference agencies under the multiple consumer credit reference agency model) and, in the case of default, debt collection agencies ("DCAs");

    · Any authority, body, association or person referred to in Article Use of Personal Data above;

    · Any actual or proposed assignee of COCO CREDIT or COCO CREDIT or participant or sub-participant in respect of the data subject's rights to the loan/credit facility

    · Any person giving or offering to give a guarantee or security to secure or guarantee the data subject's obligations to COCO CREDIT;

    · Any person acting on your behalf in providing his or her data;

    · Any payment recipients;

    · Business partners or brand partners who work with COCO CREDIT to provide products or services to the data subject;

    · Charitable or non-profit organizations;

    · In accordance with the data subject's consent for the purposes mentioned in Article Use of Personal Data:

  • · third party financial service providers, insurers, credit financing companies, credit card companies, securities and futures and investment service providers, third party membership program providers or our branded partners; and
  • · third party service providers (including, but not limited to, valet shipping centers, telecommunications companies, telemarketing and direct marketing agents, call centers, data processing companies and data technology companies) that we engage for the purposes described under Article Use of Personal Data;

    • · Third-party service providers engaged by you using our application programming interfaces ("API").

    Direct Marketing

    (1) COCO CREDIT intends to use the data subject's data in direct marketing of products and services, and COCO CREDIT shall also obtain the data subject's consent (including an indication of no objection to such use). We may use customer names, contact data, product and other service portfolio data, transaction patterns and behaviors, financial background and demographic data held by us from time to time for the purpose of direct marketing by COCO CREDIT. The following services may be used to promote:

    · COCO CREDIT's products and programs including loans;

    · Banking or financial services and products, credit financing, insurance, mortgages, investments, wealth management and related services, products and credits;

    · Telecommunications network services, delivery services, travel agency services, concierge services, catering, automotive products/services, gaming products/services, entertainment and media services, lifestyle products/services, social and medical services, electronic and electrical products, goods, consumer goods and/or merchandise;

    · Rewards, incentives, co-branding or discount programs and related services and products; and/or

    · Donations and contributions for charitable and/or non-profit purposes.

    (2) The above services, products and items may be provided by:

    · LEAPSTART (HK) LIMITED;

    · Third party financial institutions, insurance companies, credit card companies, securities and investment service providers;

    · Third party reward, incentive, co-branding or privilege program providers;

    · Telecommunications network service providers, delivery service providers, travel agencies, concierge service providers, caterers, automotive products/service providers, gaming products/service providers, entertainment and media service providers, lifestyle products/service providers, social and medical service providers, retailers, wholesalers and/or manufacturers of goods, consumer products and/or merchandise/manufacturers;

    · Our brand partners; and/or

    · Charitable or non-profit organizations

    (3) In addition to the marketing of such services, products and items by COCO CREDIT, COCO CREDIT intends to provide the data described in (1) above to all or any of the persons described in (2) above for use by such persons in marketing such services, products and items, and COCO CREDIT shall obtain the consent of the person for whom the data is intended for such use (including an indication of no objection to such use); and COCO CREDIT shall have the consent of the person for whom it is intended (including an indication of no objection to such use); and

    (4) COCO CREDIT may receive monetary or other property in return for providing the Data to other persons as described in (1) above, or for requesting the data subject's consent or non-objection as described in (3) above. If COCO CREDIT receives any monetary or other property in return or providing the Data to another person, COCO CREDIT will notify the data subject.

    (5) If you do not want COCO CREDIT to use your personal data as described above or provide it to others for direct marketing purposes, you may exercise your right to opt out of marketing by notifying our Data Protection Officer as described below.

    Access and Correction of Personal Data

    Under the terms of the Ordinance and the Code of Practice on Consumer Credit Data (the "Code"), you have the right to:

    · Check whether COCO CREDIT holds your personal data and to access such data;

    · Request COCO CREDIT to correct any personal data relating to you which is inaccurate;

    · Ascertain COCO CREDIT's policies and practices with respect to personal data and to be informed of the kinds of personal data COCO CREDIT holds;

    · Request to be informed of those data that are routinely disclosed to credit reference agencies or debt collection agencies and to be provided with further information by COCO CREDIT to make data access and correction requests to the relevant credit reference agency or debt collection agency; and

    · Instruct COCO CREDIT to request from the credit reference agency that any account data relating to the closed account be removed from its database when the account is closed after the account has been fully repaid, provided that such instruction is made within five years of the termination of the account and is not materially delinquent.

    If you default in repayment, unless the amount in default is fully repaid or written off (otherwise than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, your account repayment data (as defined in the Code) may be retained by the CRA until the expiry of 5 years from the date of final settlement of the amount in default.

    If any amount owed by you is written off due to a bankruptcy order being made against you, your account repayment data (as defined in the Code) may be retained by the CRA, regardless of whether the account repayment data reveals any material default, until the expiry of 5 years from the date of final settlement of the amount in default or the expiry of 5 years from the date of your discharge from bankruptcy as notified to the CRA by you with evidence.

    As stated in this Privacy Policy, we may obtain a credit report on you from a CRA in considering any application for credit. In the event you wish to access the credit report, we will advise the contact details of the relevant CRA.

    For the purpose of this Article Access and Correction of Personal Data, account repayment data is the amount last due, amount of payment made during the last reporting period, remaining available credit or outstanding balance and default data (being amount past due and number of days past due, date of settlement of amount past due, and date of final settlement of amount in material default (that is, default in payment for a period in excess of sixty (60) days) (if any)).

    In accordance with the terms of the Ordinance, we have the right to charge a reasonable fee for the processing of any data access request.

    You should send any requests for access to personal data or correction of personal data or for information regarding our policies and practices to:

    LEAPSTART(HK) LIMITED

    TA12 6F Woon Lee Commercial Building, 7-9 Austin Avenue, Tsim Sha Tsui, HK

    Personal Data Officer

    E-mail: support@cococredit.com

    Personal Data of Another Person

    Where you provide to us data about another person, you should give to that person a copy of this Privacy Policy and, in particular, tell him/her how we may use his/her data.

    Miscellaneous

    Nothing in this Privacy Policy shall limit the rights of the data subjects under the Ordinance.

    To the extent permitted by law, we may record and monitor electronic communications with you to ensure compliance with legal and regulatory obligations and internal policies.

    In case of discrepancies between the English and Chinese versions, the English version shall prevail.