PRIVACY POLICY STATEMENT
1. INTRODUCTION
  This Statement is adopted as the Privacy Policy Statement (“Statement”) of Ample Finance Limited (“Ample”). The purpose of this Statement is to establish the policies and practices of Ample’s commitment to protect the privacy of personal data and to act in compliance with the provisions of the Personal Data (Privacy) Ordinance (the “Ordinance”) and implementation of the guidelines thereon issued by the Licensed Money Lenders Association. Ample will adhere to the governing principles and minimum standards set forth in this Statement.
   
2. KINDS OF PERSONAL DATA HELD BY AMPLE
  2.1 Personal data held by Ample regarding customers may include the following: :
    1. name and address, occupation, contact details, date of birth and nationality of customers and spouses of customers and their identity card and/or passport numbers and place and date of issue thereof;
    2. name and contact details of referees of customers;
    3. current employer, nature of position, salary and other benefits of customers and spouses of customers;
    4. details of properties, assets or investments held by customers and their spouses;
    5. details of all other assets or liabilities (actual or contingent) of customers and their spouses;
    6. information obtained by Ample in the ordinary course of the continuation of the business relationship (for example, when cus- tomers generally communicate verbally or in writing with Ample, by means of documentation or telephone recording system, as the case may be);
    7. information as to credit standing provided by a referee, credit reference agency or debt collection agency in connection with a request to collect a debt due from any customer to Ample; and
    8. information which is in the public domain.
  2.2 Ample may hold other kinds of personal data which it needs in the light of experience and the specific nature of its business.
   
3. PURPOSES OF THE PERSONAL DATA HELD
  3.1 It is necessary for customers to supply Ample with data in connection with the opening or continuation of loan accounts and the establishment or continuation of credit facilities or provision of other financial services.
  3.2 It is also the case that data are collected from customers in the ordinary course of the continuation of credit facilities or other finan- cial relationship.
  3.3 The purposes for which data relating to a customer may be used are as follows:
    1. the daily operation of the services and credit facilities provided to customers;
    2. conducting credit checks at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year;
    3. creating and maintaining Ample’s credit scoring models;
    4. assisting other money lenders and/or financial institutions to conduct credit checks and collect debts;
    5. ensuring ongoing credit worthiness of customers; ;
    6. designing financial services or related products for customers’ use;
    7. marketing services or products of Ample and/or selected companies;
    8. determining the amounts owed to or by customers;
    9. collection of amounts outstanding from customers and those providing security for customers’ obligations;
    10. meeting the requirements to make disclosure under the requirements of any law binding on Ample and for the purposes of any guidelines issued by regulatory or other authorities with which Ample is expected to comply;
    11. enabling an actual or proposed assignee of Ample, or participant or sub-participant of Ample’s rights in respect of the customer to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and
    12. purposes relating thereto.
   
4. SECURITY OF PERSONAL DATA
  It is the policy of Ample to ensure an appropriate level of protection for personal data in order to prevent unauthorised access, processing or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by unauthorised access to that data. It is the practice of Ample to achieve appropriate levels of security protection by restricting physical access to data by providing secure storage facilities, and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data. Data is only transmitted by secure means.
   
5. ACCURACY OF PERSONAL DATA
  It is the policy of Ample to ensure accuracy of all personal data collected and processed by Ample. Appropriate procedures are implemented to provide for all personal data to be regularly checked and updated to ensure that it is reasonably accurate having regard to the purposes for which that data is used. In so far as personal data held by Ample consists of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct.
   
6. COLLECTION OF PERSONAL DATA
  6.1 In the course of collecting personal data, Ample will provide the individuals concerned with a Personal Information Collection Statement informing them of the purpose of collection, classes of persons to whom the data may be transferred, their rights to access and correct the data, and other relevant information.
  6.2 In relation to the collection of personal data on-line, the following practices are adopted:
    1. On-line Security
Ample will follow strict standards of security and confidentiality to protect any information provided to Ample online. Encryption technology is employed for sensitive data transmission on the Internet to protect individuals’ privacy.
    2. Cookies
Cookies are small pieces of data transmitted from a web server to a web browser. Cookie data is stored on a local hard drive such that the web server can later read back the cookie data from a web browser. This is useful for allowing a website to maintain information on a particular user.
Cookies are designed to be read only by the website that provides them. Cookies cannot be used to obtain data from a user’s hard drive, get a user’s e-mail address or gather a user’s sensitive information.
Ample will only use cookies as session and user identifier, but will not store user’s sensitive information in cookies. Once a session is established, all the communications will use the cookies to identify a user. The session identifier will be deleted and cookies will expire once the session is closed. If users try to disable cookies from their web browsers, they may not be able to access Ample’s Internet and other financial services. In addition, for those recorded as persistent cookies which use for user identification, they will only be used to better customers’ experiences, such as enhancement of advertising as well as website.
    3. On-line Correction
Personal data provided to Ample through an on-line facility, once submitted, it may not be facilitated to be deleted, cor rected or updated on-line. If deletion, correction and updates are not allowed online, users should approach relevant departments.
   
7. DATA ACCESS REQUESTS AND DATA CORRECTION REQUESTS
  7.1 It is the policy of Ample to comply with and process all data access and correction requests in accordance with the provi- sions of the Ordinance, and for all staff concerned to be familiar with the requirements for assisting individuals to make such requests.
  7.2 Ample may, subject to the Ordinance, impose a moderate fee for complying with a data access request. If a person making a data access request requires an additional copy of the personal data that Ample has previously supplied pursuant to an earlier data access request, Ample may charge a fee to cover the full administrative and other costs incurred in supplying that additional copy.
  7.3 Data access and correction requests to Ample may be addressed to the Data Protection Officer (“DPO”) or other person as specifically advised.
   
8. OTHER PRACTICES
  The following are maintained by Ample to ensure compliance with the Ordinance:
  8.1 A Log Book as provided for in section 27 of the Ordinance;
  8.1 Internal policies and guidelines on compliance with the Ordinance for use by staff of Ample.
   
9. APPOINTMENT OF DATA PROTECTION OFFICER
  9.1 To co-ordinate and oversee compliance with the Ordinance and the personal data protection policies of Ample, a DPO has been appointed by Ample.
  9.2 The contact details of the DPO are as follows:
  The Data Protection Officer
Ample Finance Limited
Room 5,18th Floor, Nam Wo Hong Building,
148 Wing Lok Street,
Sheung Wan, Hong Kong
   
  Facsimile: 3956 5039
   
In the event of any inconsistency between the English and Chinese versions of these statements, the English version will prevail.