PRIVACY STATEMENT

PRIVACY AND PERSONAL DATA POLICY

This Statement applies to RIPER (referred to as “RIPER” or “we”).

In this Statement, the term “data subjects” or “you” shall include visitors to this website, users of RIPER Chatbot, applicants for loan facilities and customers of loan facilities.

The content of this Statement shall apply to all data subjects and form part of the terms and conditions of the Loan Agreement and/or any agreement or arrangement that the data subjects have or may enter into with RIPER from time to time. In the event of any inconsistency or discrepancy between this Statement and the relevant agreement or arrangement, this Statement shall prevail insofar as it relates to the protection of the data subject’s personal data.

Principles of Privacy

RIPER values your trust. RIPER is committed to the full implementation and compliance with the six data protection principles and the requirements of the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong) (the “Ordinance”). This statement is intended to assist you in understanding RIPER’s privacy policies and practices in relation to the personal data.

Our Pledge

We pledge to safeguard your personal data by complying with the requirements of the Ordinance as well as the relevant codes of practice and guidance notes issued by the Office of the Privacy Commissioner for Personal Data. We will ensure that all our employees and third parties with permitted access to your personal data uphold these obligations.

Personal Data Collection

Personal data means any information relating to an individual from which the identity of the individual can be ascertained, directly or indirectly. We may collect the following data relating to you, which may be personal data from time to time, including but not limited to:

  • name and/or corporate name;
  • age;
  • gender;
  • phone number;
  • email address;
  • identity card number or passport number;
  • copies of identity card or passport
  • nationality or residency status and/or company registration and correspondence address;
  • birth date and/or date of incorporation;
  • personal and/or corporate finance status, intention or goals;
  • income or assets information;
  • education level;
  • employment information;
  • residential information;
  • bank account or stored value facility account details;
  • Facebook ID and first name or business tradename displayed in Facebook;
  • LinkedIn ID and related information;
  • preferences related to any products or services;
  • communications between you and RIPER;
  • data regarding your visits to and use of RIPER website or services; and
  • location data.

In addition, when you use RIPER website or services, we may automatically collect certain data which may, when combined with other information about you, be personal data, including but not limited to:

  • attributes of the equipment or device you are using, such as the operating system, hardware version, device settings, software and device identifiers;
  • device locations, including specific geographic locations identified through GPS, Bluetooth or WiFi signals or other means;
  • connection information such as the name of your mobile operator, ISP or other service provider, browser type and IP address;
  • the website from which you have reached RIPER website;
  • the RIPER website pages viewed;
  • details of the products and services on the RIPER website that you look at, information, tools and content available on RIPER website that you use; and
  • links from RIPER website that you click onto.

With your request or authorization, RIPER may additionally receive information about you from our business partners or co-branding partners or from credit reference agencies. RIPER may also obtain information about you from the public domain.

We may use the personal data collected for the purpose set out in the Personal Information Collection Statement (see below). The use and disclosure of personal data and your right to access or correct your personal data held by RIPER are also set out in the Personal Information Collection Statement (see below).

Use of Cookies

Cookies are small data files which are placed on data subject’s device when data subject visits RIPER’s website or clicks on RIPER’s online advertisements. Cookies or similar technologies are used for the purposes of (a) statistical analysis of your on-site behaviour such as number of visits to our site, page views, length of time spent on each page. These are aggregated and therefore anonymous; (b) provide enhanced user experience, remember your preference within our website, enable easy navigation between public section and member owner section of our web property; (c) promote personalized products using your visited pages, and the website links you have followed to (i) make RIPER’s website more relevant to your interests, (ii) provide online advertisements or offers on RIPER’s website or third-party websites which are most relevant to you; (iii) evaluate the effectiveness of RIPER’s online marketing and advertising programs.

The above cookies may be placed on data subject’s device by RIPER or by third parties on RIPER’s behalf (for example, advertising networks and providers of external services like web traffic analysis services). Information recorded through the use of cookies by third parties are aggregated and then shared with RIPER as anonymous aggregated research data. No personal contact information about data subjects is collected or shared by third parties with RIPER as a result of the use of cookies.

Most web browsers are initially set up to accept cookies. Should you wish not to be tracked by this kind of technology, you can choose to “not accept” cookies by changing the settings on your web browser. However, if you block all cookies, including strictly necessary cookies, you may not be able to use the RIPER website properly to the full extent.

Retention of Personal Data

We will take practical steps to ensure that your personal data will not be kept longer than necessary and that we will comply with applicable statutory and regulatory requirements concerning the retention of personal data.

Security Measures

We provide and maintain stringent security measures to protect RIPER’s system and information and personal data retained therein, including (a) use of OTP to authenticate users or customers; (b) use of firewalls and network segregation to protect against unauthorized access; (c) use of encryption to keep data subjects’ personal data private; (d) regular review of our information collection, use, storage and processing practices; (e) restriction of access of personal data to relevant employees on a “need-to-know” basis; and (f) employee training on proper handling of personal data.

It is imperative to remind you that your personal device security and general measure in handling your own personal and transactional digital data are equally important. In most cases, an imprudent transmission and handling of sensitive data such as confidential documents, password, personal identifiers, hashes, etc. would facilitate unauthorized access resulting in a data breach. We, hereby, remind you to be cautious when using RIPER’s website and handling your own sensitive documents and data.

Personal Information Collection Statement

Purpose of Collection

  1. For the purposes of the provision of RIPER services and/or products, it is necessary for data subjects to supply RIPER with personal data for the opening or continuation of accounts and for the purposes of the establishment or continuation of trade finance and related financial services or the processing of new or renewal applications or other services through the RIPER website.
  2. Failure to supply such personal data by data subjects may result in RIPER being unable to open or continue accounts, provide trade finance and related financial services or process applications or other services.
  3. For the purposes of the provision of RIPER services, personal data of data subjects may also be obtained from credit reference agencies (whose contact details can be provided upon request) or from the public domain through different channels, including public registers, public search engines, public directories or any social media with public view setting authorized by the data subject. In addition, device information may be collected from data subjects’ web browsers.

Use of Personal Data

4. The personal data of data subjects may be used by RIPER for:

    1. considering and processing applications for products and services and the daily operation of products and services (including trade finance and related financial products and services provided to data subjects);
    2. conducting credit checks whenever appropriate (including at the time of application for loan and when we review credit which normally takes place one or more times each year);
    3. creating and maintaining RIPER’s credit scoring or risk related models;
    4. ensuring ongoing credit worthiness and good standing of data subjects;
    5. designing and developing trade finance facilities and related financial products and services for customers’ use;
    6. conducting marketing research or developing membership programmes;
    7. subject to obtaining the consent of data subjects, direct marketing services, marketing products, services and other subjects as described in paragraphs 6 and 7 below;
    8. exercising RIPER’s rights under contracts with data subjects, including collecting amounts outstanding from data subjects;
    9. meeting obligations, requirements and arrangements, of RIPER or its affiliates, whether compulsory or voluntary, to comply with or in connection with:
      1. any law, regulation, judgement, court order, voluntary code, sanctions regime applicable to RIPER or its affiliates, existing currently or in the future;
      2. any guidelines, guidance, rules or codes of practice or requests given, published or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, relevant stock exchange, self-regulatory or industry bodies or associations of financial service providers within or outside Hong Kong existing currently or in the future;
      3. any present or future contractual or other commitment with legal, regulatory, judicial, administrative, public or law enforcement body, or governmental, tax, revenue, monetary, court or other authorities, relevant stock exchange, self-regulatory or industry bodies or associations of financial service providers or any of their agents that is assumed by, imposed on or applicable to RIPER or its affiliates; and
      4. any agreement or treaty between the authorities described in (iii) above;
    10. complying with any obligations, requirements, policies, procedures, measures or arrangements of RIPER or its affiliates for the use of data and information for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
    11. enabling an actual or proposed assignee or transferee of all or any part of RIPER’s business and/or assets, or participant or sub-participant of RIPER’s rights in respect of trade finance/credit facilities relating to data subjects, to evaluate the transaction intended to be the subject of the assignment, transfer, participation or sub-participation and enabling the actual assignee or transferee to use such data in the operation of the business or rights assigned;
    12. enabling credit checking and data verification;
    13. maintaining a credit history of the data subjects for present and future reference; and
    14. any other purposes relating to the purposes listed above.

Disclosure of Personal Data

5.  All personal data held by RIPER will be kept confidential but RIPER may disclose or transfer such information to the following parties for the purposes set out in paragraph 4 above, without limitation:

    1. any agent, contractor, sub-contractor or associates of RIPER (including its employees, officers, agents, contractors, service providers and professional advisers);
    2. any third-party service provider who provides administrative, professional, advisory, telecommunication, information service, computer, payment, data processing, debt collection or other services to RIPER or its affiliates in connection with the operation or maintenance of its business;
    3. any other person who is under a duty of confidentiality to RIPER and has undertaken to keep such information confidential;
    4. credit reference agencies and, in the event of default, debt collection agencies;
    5. any actual or proposed assignee or transferee or RIPER or, participant or sub-participant of RIPER’s rights in respect of trade finance facilities relating to data subjects;
    6. any persons giving or proposing to give a guarantee or security to guarantee or secure the data subject’s obligations to RIPER; and
    7. business partners or co-branding partners of RIPER, together with whom RIPER provides products or services to data subjects.

Personal data collected in Hong Kong by RIPER may be transferred in and to a place outside Hong Kong.

Direct Marketing

6. RIPER intends to use data subject’s data to conduct direct marketing of products or services and requires the data subject’s consent (which includes an indication of no objection) for that purpose. In this connection, please note that:

    1. the name, contact details, products and other service portfolio information, transaction pattern and behaviour, financial background and demographic data of data subject held by RIPER from time to time may be used by RIPER in direct marketing;
    2. the classes of services, products and subjects which may be marketed includes trade finance facilities and other financial services and products, membership programs and related products and services, products and services offered by our co-branding partners;
    3. the above services, products and subjects may be provided by RIPER or its affiliates, third party financial institutions, insurers, securities and investment services providers, third-party membership program providers or our co-branding partners;
    4. in addition to marketing the above services, products and subjects itself, RIPER also intends to provide the data described in sub-paragraph (a) above to all or any of the persons described in sub-paragraph (c) above for use by them in marketing those services, products and subjects, and RIPER requires the data subject’s consent (which includes an indication of no objection) for that purpose; and
    5. RIPER may or may not receive money or other property in return for providing the data to the other persons in sub-paragraph (c) above and, when requesting data subject’s consent or no objection as described in sub-paragraph (d) above.

 

7. If you do not wish RIPER to use or provide to the other persons your data for use in direct marketing as described above, you may exercise your opt-out right by notifying us via customer support.

Access and Correction of Personal Data

8. Under and in accordance with the terms of the Ordinance and the Code of Practice on Consumer Credit Data (the “Code”), you have the right:

    1. to check whether RIPER holds personal data about you and to access such data;
    2. to require RIPER to correct any personal data relating to you which is inaccurate;
    3. to ascertain RIPER’s policies and practices in relation to personal data and to be informed of the kind of personal data held by RIPER; and
    4. in relation to consumer credit data, to be informed, upon request, which items of personal data are routinely disclosed to credit reference agencies or debt collection agencies and be provided with further information to enable the making of an access and correction request to the relevant credit reference agency or debt collection agency.

 

9. In accordance with the terms of the Ordinance, RIPER has the right to charge a reasonable fee for the processing of any data access request.

10. You should send any requests for access to personal data or correction of personal data or for information regarding our policies and practices to customer service.

11. Nothing in this Notification shall limit the rights of the data subjects under the Ordinance.

12. In case of discrepancies between the English and other language versions, the English version shall prevail.