title

VMPay Asia Limited

Payment and Loan Facilitation Platform Services

Privacy Policy

1. Definitions

1.1 Unless otherwise provided herein, terms defined in the loan and payment facilitation platform services terms and conditions (the “T&Cs”) which govern the terms and conditions of the contract between you and us, have the same meanings when used in this privacy policy (the “Privacy Policy”), and:

“account general data” has the meaning ascribed thereto by the Code of Practice on Consumer Credit Data.

“account repayment data” has the meaning ascribed thereto by the Code of Practice on Consumer Credit Data.

2. The Privacy Policy

2.1 This Privacy Policy contains important information about how we collect and use personal data that are collected and received through your use of the Website and our Services. This includes information about (including without limitation) you, your directors, employees, and any End User (each a “Data Subject”) that is personally identifiable of any Data Subject including without limitation the name, address, email address, or phone number that is not otherwise publicly available. By using the Website and our Services and by providing or making available your Content, personal data and such other information about any Data Subject to us, you are agreeing to the collection and use of such personal data or information by us for the purposes of providing the Services to you, improving our Website and features, contacting you and conducting research. We are committed to protecting your privacy in accordance with applicable laws.

2.2 This Privacy Policy forms part of the T&Cs.

2.3 By submitting an application for any Loan Facility, you acknowledge and agree that any Loan Facility granted to you by any Loan Investor shall be granted to you as a business, and the proceeds shall be utilised in the course of such business, but shall not be granted to any individual or for the use of any individual;

3. Types of Data collected

3.1 We collect personal data and your business information when you register with us and use the Website and our Services, including but not limited to:

(a) each Data Subject’s name, email address, mailing address, telephone number, Hong Kong Identity (HKID) and/or passport number (to the extent permissible under applicable laws), your date of birth (solely for identity verification purposes), your business name, business address, business registration number, credit card numbers and billing information. Once you register a VMPay Account, we will associate your identity with your VMPay Account;

(b) such details about you and your Business as we may request from time to time;

(d) know-your-client (KYC) information: such information from time to time required to process the payment and to fulfil any KYC or Anti-Money Laundering (AML) regulatory requirements or standards set by your Payment Card, the recipient of the payment, and/or our payment partners.

(e) payment method Data: particulars of your chosen method of payment including name on the Payment Card(s), card number(s), expiry date(s), CVV2(s) and billing address(es). We tokenise your credit card numbers and your billing information for secure storage and we only store tokenised information;

(f) payment related information: where you make a payment from your Payment Card through the Website, your name and other details sufficient to identify the transaction to our bank, the Payee’s bank and the Payee, and if requested by the payee in order to reconcile the payment (for example, where the reference number is insufficient), additional details such as your unique identification number;

(g) transaction Data: we also collect information about your transactions with us and automatically receives and records information on our server logs from your browser, including your IP address, cookie information, and the pags you have visited; and

(h) third-party Data: we may from time to time require information relating to recipients of your payment (each a “Payment Recipient”) (including the Payment Recipients’ name, bank account number, and a copy of your contract, invoice or receipt with the Payment Recipient) in order to process your payments and/or to comply with regulation and perform verification checks. Such information may include personal data of the Recipient or third parties. By providing us with such information, you warrant that you have obtained the consent of the relevant Recipient or third party to the provision of their personal data to us, and to our collecting, using and storing such personal data for the purpose of processing payments and conducting compliance or verification checks. You hereby warrant that information provided to us is accurate to the best of your knowledge and that you will comply with all applicable laws (including the PDPO, applicable data privacy and confidentiality laws) in relation to the collection, disclosure, use and storage of such personal data. It is mandatory to provide certain types of personal data to us. In the event that you do not provide such personal data, you may not be able to fully enjoy our Services or register a VMPay Account.

4. Use of Data and information

4.1 We may collect, use, disclose and/or process any Data Subject’s personal data for one or more of the following purposes:

(a) to process and analyse such Data and provide the Data and the result of such processing and analysis to Loan Investors and potential Loan Investors to consider and/or process your applications and transactions with us or your transactions or communications with third parties via the Website or our Services;

(b) to manage, operate, provide and/or administer your use of and/or access to our Services and the Website, as well as your relationship with us and your VMPay Account; to tailor your experience through the Services by displaying content according to your interests and preferences, providing a faster method for you to access your VMPay Account and submit information to us and allowing us to contact you, if necessary; to respond to, process, deal with or complete a transaction and/or to fulfil your requests for certain products and services and notify you of service issues and unusual Account actions;

(d) to contact you or any End User if and when we consider it prudent to do so to confirm that the End User is your employee with the authority to give instructions to us to make payments using the Payment Card and our Service for your behalf;

(e) to enforce the terms of our contract with you (including without limitation the T&Cs) or any applicable end user licence agreements; to protect personal safety and the rights, property or safety of others; for identification and/or verification of you and your Recipient; to maintain and administer any software updates and/or other updates and support that may be required from time to time to ensure the smooth running of our Services;

(f) to deal with or facilitate customer service, carry out your instructions, deal with or respond to any enquiries given by (or purported to be given by) you or on your behalf;

(g) to contact you or communicate with you via voice call, text message, email and/or postal mail or otherwise;

(h) to conduct research, analysis and development activities (including, but not limited to, data analytics, surveys, product and service development and/or profiling), to analyse how you use our Services, to improve our Services or products and/or to enhance your customer experience;

(i) to allow for audits and surveys to, among other things, validate the size and composition of our target audience, and understand their experience;

(j) where you give us your prior consent, to send you direct marketing material, including without limitation alerts, newsletter, education materials or information that you requested or signed up to;

(k) to respond to legal processes or to comply with or as required by any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including, without limitation, meeting the requirements to make disclosure under the requirements of any law binding us, any Loan Investor or potential Investor, and/or their respective related corporations, affiliates, agents and representatives;

(l) to produce statistics and research for internal and statutory reporting and/or record-keeping requirements;

(m) to carry out due diligence or other screening activities (including, without limitation, background checks) in accordance with legal or regulatory obligations or our risk management procedures that may be required by law or that may have been put in place by us; to prevent or investigate any fraud, unlawful activity, omission or misconduct, whether relating to your use of our Services or any other matter arising from your relationship with us, and whether or not there is any suspicion of the aforementioned;

(n) to facilitate your participation in interactive features or our Services when you choose to do so;

(o) to store, host, back up (whether for disaster recovery or otherwise) your personal data, whether within or outside of your jurisdiction; and

(p) any other purposes which we notify you in writing of at the time of obtaining your consent.

4.2 Unless you have expressly opted out of communications, deactivated or terminated your VMPay Account and removed payment details therein, you acknowledge that to the further extent permitted by law, your account general data, payment history, credit and repayment history (including without limitation account repayment data), username and password may remain in our system including for the purpose of legal compliance and the purposes set out in Clause 4.1 above. If your VMPay Account is not used for more than 5 years, we may at our sole discretion keep your VMPay Account alive but erase any personal data associated therewith and we may retain non-personal information.

4.3 By registering a VMPay Account, you are deemed to have given your unconditional and irrevocable consent to us, any Loan Investor and potential Loan Investor, their respective related corporations, affiliates, agents and representatives (each a “Data User”) to use any Data Subject’s name, telephone number, email address, mailing address, and preferred language of communication (collectively “Marketing Data”) to provide you with information about the Services of us, our affiliates and our third party business partner which are in the business of financial and technology services, payment services and money lending (each a “Business Partner”). Such services may include financial services, payment services, money lending, and technology services (each a “Marketing Subject”). The Data Users and our Business Partners may also use Marketing Data to provide you with information about their Marketing Subjects. We may receive compensation in sharing your Marketing Data with our Data Users and Business Partners. We cannot use your personal data as above without your consent.

5. Direct marketing

5.1 We intend to use a data subject’s data to conduct direct marketing of products or services and require the Data Subject’s consent (which includes an indication of no objection) for that purpose. In this connection, please note that:

(a) the name, contact details, products and other service portfolio information, transaction pattern and behaviour, financial background and demographic data of data subject held by us from time to time may be used by us in direct marketing;

(b) the classes of services, products and subjects which may be marketed includes credit/loan facilities and other financial services and products, membership programmes and related products and services, products and services offered by our Business Partners;

(c) the above services, products and subjects may be provided by us or any Data User, third party financial institutions, insurers, securities and investment services providers, third-party membership programme providers or our Business Partners;

(d) in addition to marketing the above services, products and subjects itself, we also intend to provide the data described in sub-paragraph (a) above to all or any of the persons described in sub-paragraph (c) above for use by them in marketing those services, products and subjects, and we requires the Data Subject’s consent (which includes an indication of no objection) for that purpose; and

(e) we may receive money or other property in return for providing the data to the other persons in sub-paragraph (c) above and, when requesting Data Subject’s consent or no objection as described in sub-paragraph (d) above, we will inform the data subject if we will receive any money or other property in return for providing the data to the other persons.

5.2 If you do not wish us to use or provide to the other persons your personal data for use in direct marketing as described above, you may exercise your opt-out right by notifying us:

Data Protection Officer

VMPay Asia Limited

30/F., Grandion Plaza

932 Cheung Sha Wan Road

Lai Chi Kok, Kowloon

Hong Kong

Email: info@vmpay.asia

6. Disclosure

6.1 We do not rent, sell, or share your personal information or third-party personal data provided by you with other people or non-affiliated companies except to provide products or Services you have requested, when we have your permission, or as otherwise authorised under the T&Cs or this Privacy Policy, or under the following circumstances and to the extent permissible under applicable law:

(a) to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of the T&Cs, or as otherwise required by law; or

(b) if we or any subsequent future successor company is or is proposed to be acquired by or merged with another company. In this instance, for due diligence purpose, your personal data may be disclosed to any prospective purchasers and their advisers and passed on to the new owners of the business.

6.2 We may share statistical and demographic information about you, any Data Subject, and your transactions with suppliers of advertisements and programming. This would not include anything that could be used to identify any Data Subject specifically or to discover individual information about any Data Subject. For each payment made through our Services, the receiving party of the payment may request such Data and personal data solely for the purpose of identifying your payment and its origins. To provide the Website and our Services, we may share your Data and any Data Subject’s personal data with our service providers who provide background check, customer screening and identity verification and customer care services, who have entered into appropriate confidentiality arrangements with us.

7. Use of cookies

7.1 The Website uses “cookies” to collect information. A cookie is a small data file that we transfer to your device or computer’s hard disk for record-keeping purposes. We use cookies for the following purposes:

(a) we utilise persistent cookies to save your login information for future logins to the Website and your VMPay Account; and

(b) we utilise session ID cookies to enable certain features of the Website and your VMPay Account, to better understand how you interact with the Website and your VMPay Account and to monitor aggregate usage by you and web traffic routing on the Website and your VMPay Account.

7.2 Unlike persistent cookies, session cookies are deleted from your device and computer when you log off from the Website and your VMPay Account, and then close your browser. Third party advertisers on the Website and your VMPay Account may also place or read cookies on your browser. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions of the Website or all functionality of the Services.

8. Information collected by third parties

8.1 In your use of our Website and Services, third parties may also collect Data Subjects’ personal data. For example, when you make payments on our Website, you may be directed to web pages of a third party payment gateway services provider which will collect Data Subjects’ personal data.

8.2 Our Website uses third party cookies technology, including Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help the Website analyse how you use the Website. The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to and stored by Google on its servers. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. We, and third parties, may from time to time make software applications downloads available for your use on or through the Services. These applications may separately access, and allow a third party to view, your identifiable information, such as your name, your user ID, your computer’s IP address or other information such as any cookies that you may previously have installed or that were installed for you by a third party software application or website. Additionally, these applications may ask you to provide additional information directly to third parties. Third party products or services provided through these applications are not owned or controlled by us.

8.3 You are encouraged to read the terms and other policies published by such third parties on their websites or otherwise. We have no control over and shall not be responsible for third party’s collection and use of any Data Subject’s personal data.

9. Access to and updating of personal data

9.1 You have the right to:

(a) check whether we hold personal data about you and to access such data;

(b) require us to correct any personal data relating to you which is inaccurate;

(c) ascertain our policies and practices in relation to personal data and to be informed of the kind of personal data held by us;

(d) in relation to consumer credit data, to be informed, upon request, which items of personal data are routinely disclosed to credit reference agencies or debt collection agencies and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency; and

(e) in relation to any personal data, upon termination of your account by full repayment and on condition that there has not been, within 5 years immediately before account termination, any material default on your account, to instruct us to make a request to the credit reference agency to delete from its database any account data relating to your terminated account.

9.2 If you default in repayment, unless the amount in default is fully repaid or written off (otherwise than due to a bankruptcy order) before the expiry of 60 days from the date such default occurred, your account repayment data may be retained by the credit reference agency until the expiry of 5 years from the date of final settlement of the amount in default.

9.3 If any amount owed by you is written off due to a bankruptcy order being made against you, your account repayment data may be retained by the credit reference agency, regardless of whether the account repayment data reveals any material default, until the expiry of 5 years from the date of final settlement of the amount in default or the expiry of 5 years from the date of your discharge from bankruptcy as notified to the credit reference agency by you with evidence.

9.4 We reserve the right to charge a reasonable fee for the processing of any data access request.

9.5 If you would like to make such requests, please send an email to our data officer at info@vmpay.asia. If any personal data that you have provided changes, for example if you change your email address, name or payment details, please let us know by correcting the details on your VMPay Account profile page or by sending an email to our data officer at info@vmpay.asia. You may ask us, or we may ask you, to correct information you or we think is inaccurate, and you may also ask us to remove information which is inaccurate.

10. Data security measures

10.1 We provide and maintain stringent security measures to protect our Website, system and information and personal data retained therein, including:

(a) use of one-time password (OTP) to authenticate users or customers;

(b) use of firewalls and network segregation to protect unauthorised access;

(d) training to employees on the proper handling of personal data.

10.2 While the Internet is not an inherently secure environment for communications, we continuously review and apply industry best practices to protect and secure this channel throughout our systems. Each Data Subject’s personal device security and general measure in handling their own personal and transactional digital Data are equally important. In most cases, an imprudent transmission and handling of sensitive data such as confidential documents, password, personal identifiers etc. would facilitate unauthorised access resulting in a data breach. Hence, we remind you to be cautious when using our website and handling your own sensitive documents and data.

10.3 Despite the above, transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk.

11. General

11.1 By providing your email address associated with your Account, selecting the check box on the registration page or subscribing to our email list via your VMPay Account profile page, you are granting consent to us to send emails to you relating to the Services including transactional and product updates. You can withdraw your consent to receive electronic marketing communications at any time by opting out on your VMPay Account profile page, emailing us at info@vmpay.asia, or following the unsubscribe procedure contained in any electronic communication you receive from us. Notwithstanding the foregoing, we reserve the right to send users that have provided an email address updates that are transactional in nature including, but not limited to payment receipts, updates such as administrative messages, password reset notifications and other Account related information.

11.2 If there is any inconsistency or ambiguity between this English version and any Chinese version, the English version shall prevail.

12. Changes to the Privacy Policy

12.1 Significant changes to this Policy will be notified to you through direct email to the address associated with your VMPay Account, or a notification prominently displayed on our Website.