Privacy Policy (EN)


1. Introduction

Hansui Service Company Limited (“the Company”, “we”, “us” or “our”) respects and protects the privacy of personal data provided by users, customers, applicants and other individuals.

All information provided to the Company will be treated with strict confidentiality. We collect, use, process, store, disclose and retain personal data only where relevant and necessary for our business operations, identity verification, credit assessment, loan application processing, fraud prevention, compliance, customer service and other lawful purposes described in this Privacy Policy.

This Privacy Policy applies to users of our website, mobile application, electronic platforms, loan application services, credit-related services and other services provided or authorised by the Company.

In case of any discrepancy between the Chinese and English versions of this Privacy Policy, the English version shall prevail.

2. Types of Personal Data We May Collect

When you apply for or use our credit-related services, loan services, website, mobile application or other electronic services, we may collect personal data including, but not limited to:

  • Full name;
  • Identity card number or travel document number;
  • Copies of identity cards or travel documents;
  • Data embedded in identity cards or travel documents, including data stored in integrated circuits where applicable;
  • Date of birth;
  • Residential address and/or correspondence address;
  • Telephone number or mobile phone number;
  • Email address;
  • Salary and income information;
  • Household expenses and number of dependents;
  • Loan application information and credit-related information;
  • Biometric data, including facial images and biometric data stored in identity and/or travel documents with biometric functions;
  • Other information that the Company considers relevant and necessary for providing credit-related services, identity verification, fraud prevention, compliance and business operations.

Failure to provide the required personal data may result in the Company being unable to open or continue accounts, establish or continue credit, process loan applications, provide requested services or comply with legal and regulatory obligations.

3. Collection and Use of Facial Data and Biometric Data

Where identity verification is required through our mobile application or electronic services, we may collect facial data and biometric data for verification purposes.

The facial data collected through our applications is used only for:

  • Verifying and authenticating the user’s identity;
  • Comparing the user’s facial image with the submitted identity document;
  • Preventing fraudulent activities, including identity theft and impersonation;
  • Supporting loan application review, loan confirmation and credit-related services;
  • Conducting fraud reviews and investigations;
  • Supporting internal and external audits;
  • Complying with applicable legal, regulatory and compliance obligations.

Facial data is not used for advertising, marketing profiling, unrelated analytics or unrelated commercial purposes.

The Company does not collect, access or store Apple Face ID data, device biometric template data, face geometry data, face recognition profiles or biometric identifiers generated by iOS.

4. Additional Technical Clarification for Mobile Application Use

When facial verification is conducted through our mobile application:

  • The user is prompted for camera permission before the camera is accessed.
  • A still facial photograph is captured in-app and uploaded securely to our servers for the current loan application or loan confirmation session only.
  • The data collected is a photographic facial image.
  • The data collected is not iOS Face ID data and is not device biometric template data.
  • Identity verification must be completed within the active application session. Our systems enforce a time limit for verification validity before the user can proceed.
  • Facial photographs are not sold, licensed or shared with third parties for advertising, marketing or unrelated profiling.

5. Purposes for Using Personal Data

The Company may use personal data for the following purposes:

  • Confirming, verifying and authenticating the identity of the data subject;
  • Assessing the data subject’s suitability and eligibility as an actual, potential or ongoing applicant for credit and related loan services and products;
  • Processing, approving, renewing or cancelling loan applications and credit-related services;
  • Providing services and credit facilities;
  • Conducting credit investigations and periodic or special account reviews;
  • Developing and maintaining credit scoring models;
  • Providing credit reference reports;
  • Assisting other financial institutions in conducting credit checks and debt recovery;
  • Maintaining a reliable credit profile;
  • Designing credit and related loan services and products;
  • Calculating outstanding debts;
  • Pursuing the collection of outstanding debts from the data subject and any person providing security for the data subject’s obligations;
  • Reviewing loan applications, services and ongoing services;
  • Conducting fraud reviews and investigations;
  • Conducting, preparing and facilitating internal and external audits;
  • Exercising credit monitoring, internal monitoring and data management;
  • Processing claims and potential claims against the Company;
  • Complying with applicable laws, regulations, guidelines, directives, obligations, regulatory requirements and industry requirements;
  • Supporting anti-money laundering, counter-terrorist financing, fraud prevention and other unlawful activity prevention or detection measures;
  • Assessing any proposed assignee, transferee, participant or sub-participant of the Company’s rights;
  • Comparing data for credit investigation, data verification or other verification purposes;
  • Maintaining credit records or other records for present or future reference;
  • Any other purposes connected, incidental or related to the above.

6. Disclosure and Sharing of Personal Data

The Company will keep personal data confidential. However, for the purposes described in this Privacy Policy, the Company may provide or disclose personal data to the following parties where necessary, lawful and appropriate:

  • Any member, department, branch, employee or authorised representative of the Company;
  • Any person or entity under a duty of confidentiality to the Company;
  • Third-party service providers, agents, auditors, contractors and professional advisers;
  • Providers of administrative, general support, auditing, data management, credit monitoring, analysis, product review, fraud investigation, compliance regulation, telecommunications, computer, payment settlement, electronic identity authentication or other services related to the Company’s business operations;
  • Credit reference agencies, where applicable;
  • Debt collection agencies, where the data subject has outstanding debts;
  • Banks, payment processors and intermediaries handling payments;
  • Regulatory authorities, governmental bodies, tax authorities, law enforcement agencies, judicial bodies or other authorities where disclosure is required or permitted by law, regulation, guideline, directive or obligation;
  • Any actual or proposed assignee, transferee, participant or sub-participant of the Company’s rights in relation to the data subject;
  • Other parties where disclosure is necessary for the purposes described in this Privacy Policy.

The Company may transfer personal data to locations outside the Hong Kong Special Administrative Region where necessary for the purposes described in this Privacy Policy and in accordance with applicable legal and regulatory requirements.

Facial photographs are not sold or licensed to third parties for advertising, marketing or unrelated profiling.

7. Storage Location and Security of Personal Data

The Company is committed to ensuring the security of personal data and preventing unauthorised or accidental access, processing, erasure, loss or use.

The Company implements appropriate physical, electronic and management measures to protect personal data. These measures may include access controls, encryption, firewalls, system monitoring and internal security procedures.

Facial data collected through our applications is stored on company-controlled servers in Hong Kong. Data transmission is encrypted, and access is restricted to authorised personnel and authorised systems for loan processing, identity verification, fraud prevention, compliance and regulatory purposes.

The Company’s website servers are protected by firewalls, and the Company monitors its systems to prevent unauthorised access.

Users should not share their username, password or biometric data with others and should ensure that such information is not used by unauthorised persons. If a user believes that their password or account information has been disclosed, lost or stolen, or that unauthorised transactions may have been conducted, the user should notify the Company immediately.

8. Data Retention

The Company takes practical steps to ensure that personal data is not retained for longer than necessary for the fulfilment of the purposes for which the data is collected, unless a longer retention period is required or permitted by applicable laws, regulations, compliance obligations, audit requirements, fraud investigation, dispute handling or other lawful reasons.

Generally, personal data is not stored in our system databases for more than six months, unless a longer retention period is required or permitted by law or regulatory obligations.

Facial data collected through our applications is retained only until the collection purpose is fulfilled or as required by law. The facial data is used only for verifying user identity and preventing fraudulent activities such as identity theft. The Company stores facial data securely and takes appropriate measures to prevent unauthorised access, use or disclosure.

9. Collection of Personal Data Through Non-Traditional Channels

In our daily operations, we may collect personal data through non-traditional channels, including the internet, telephone calls, mobile applications, WhatsApp or other electronic communication methods.

We maintain strict security and confidentiality standards to safeguard any data provided to us. We may use encryption methods to transmit sensitive data where appropriate.

10. Cookies and Website Usage Data

When you visit our website, we may keep records to analyse website traffic and general usage patterns. Some of this data may be collected through cookies.

Cookies are small pieces of information sent from a website server to a browser and stored on a user’s device. Cookies help the website retain certain information about usage, enabling us to provide useful features, tailor website content and improve user experience.

Cookies do not collect personally identifiable information by themselves and are designed to be read only by the website that issues them.

We may collaborate with third-party organisations such as Google, Yahoo, Facebook and DoubleClick for research on general website usage and activities. These organisations may use monitoring technologies including cookies, spotlight and web beacons to conduct research, understand user demographics, behaviour and usage patterns, generate reports and assist in improving marketing effectiveness. During these research processes, no personally identifiable information is collected or shared with us by those third parties.

Most browsers are set to accept cookies by default. Users may configure their browser to stop accepting cookies or to notify them when cookies are being used. However, disabling cookies may affect access to certain online financial products and services.

11. Direct Marketing

The Company may intend to use personal data for direct marketing purposes only where the required consent or indication of no objection has been obtained from the data subject.

The Company may use the data subject’s personal information, contact details, product and service portfolio information, transaction patterns and behaviour, financial background and statistical data for direct marketing purposes.

The services, products and initiatives that may be promoted include:

  • Credit and related services and products;
  • Reward, loyalty or incentive programmes and related services and products;
  • Services and products provided by the Company’s co-branding partners;
  • Donations and sponsorships for charitable or non-profit purposes.

If the data subject does not wish the Company to use or provide their data for direct marketing, the data subject may notify the Company to exercise the right to opt out.

Facial data is not used for direct marketing, advertising, marketing profiling or unrelated analytics.

12. Credit Reference Agencies and Credit Data

When considering any credit application or conducting periodic credit reviews, the Company may obtain credit reports from credit reference agencies regarding the data subject.

The Company may periodically access and retrieve personal credit information from credit reference agencies for purposes including:

  • Verifying the identity of the data subject;
  • Increasing credit limits;
  • Reducing or cancelling credit limits;
  • Formulating or implementing debt repayment plans.

Where the Company accesses personal credit information from credit reference agencies, the Company will comply with the relevant requirements under the Code of Practice on Consumer Credit Data and applicable law.

For mortgage-related data, where applicable, the Company may provide relevant information to credit reference agencies in accordance with applicable requirements.

13. Data Access and Correction Rights

In accordance with the Personal Data (Privacy) Ordinance and applicable requirements, a data subject has the right to:

  • Check whether the Company holds personal data relating to them;
  • Access personal data held by the Company;
  • Request correction of inaccurate personal data;
  • Ascertain the Company’s policies and practices in relation to personal data;
  • Be informed of the types of personal data held by the Company;
  • Be informed of the categories of personal data that may be routinely disclosed to credit reference agencies or debt collection agencies, where applicable.

The Company may charge a reasonable fee for processing any data access request in accordance with applicable law.

Once personal data is submitted through our online facilities, it may not be possible to cancel, correct or update it online. To request cancellation, correction or update, users should contact the Company.

14. In-App Access to This Privacy Policy

Users can review this Privacy Policy before and during the loan application flow, including when agreeing to application terms that reference this Privacy Policy and the Personal Information Collection Statement.

The Privacy Policy available in the app is consistent with the Privacy Policy published on our official website.

15. Contact Information and Data Protection Enquiries

For privacy enquiries, data access requests, correction requests or enquiries relating to facial data or other personal data, please contact:

Data Protection Officer
Hansui Service Company Limited
Flat 1103, 11/F, Causeway Bay Commercial Building,
No. 3 Sugar Street, Causeway Bay,
Hong Kong

Tel: 3611 7348
Email: [email protected]

16. Important Notice

By browsing this website, accessing any page, using our mobile application, using our electronic services or submitting a loan application, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy forms part of the terms and conditions of any loan account, credit-related service, agreement or arrangement entered into or to be entered into between the data subject and the Company.

Nothing in this Privacy Policy limits the rights of data subjects under the Personal Data (Privacy) Ordinance or other applicable laws.