Last Update: June 28, 2019
By accessing or using our websites, you agree to this Statement. Please note that this Statement may be amended from time to time without prior notice. Your continued use of our websites after we make changes is deemed to be acceptance of these changes, so you are advised to check the latest version on a regular basis. If there is any inconsistency or conflict between the English and Chinese versions of this Statement, the English version shall prevail.
We are committed to safeguarding the privacy of individuals with respect to their personal data through our compliance with this Statement. We assure you that our policies and practices, and those adopted by our affiliated companies and agents in relation to the collection, use, retention, disclosure, transfer, security and access of your personal data comply with the requirements of the Personal Data (Privacy) Ordinance (Chapter 486) (the “Ordinance”) under the laws of Hong Kong, as well as with the relevant code of practice and guidance issued by the Office of the Privacy Commissioner for Personal Data, Hong Kong. The meaning of the term “personal data” adopted in this Statement is defined in the Ordinance.
Where our operations are subject to privacy legislation other than that of Hong Kong (such as due to our carrying out of operational functions outside of Hong Kong), this Statement shall apply so far as it is consistent with such local legislation.
Collection of Personal Data
At times, you may be required to give your personal data and/or survey data including, but not limited to, your name, gender, age, date of birth, identity document number and/or its copy, telephone number, fax number, home address and/or its proof, email address, credit card information, and bank account number. Whilst some of the above requested data are optional (and the furnishing of which are subject to your voluntary choice), the refusal to provide certain requested data may render us unable to handle an application, or may deny you access to certain parts of our websites, or may otherwise defeat the objectives of your visit. If you are under the age of 18, consent from your parent or guardian is required before you give us any personal data and/or survey data.
You represent that all of the personal data and/or survey data you provide to us is correct, complete and not misleading. We shall not be liable for any losses or damages in relation to or arising from the incorrectness or incompleteness of the personal data and/or survey data provided by you to us from time to time.
We may use automatic data collection technologies to collect certain information relating to your use, purchase or order of our services and/or products, such as call/connection time, duration, origin and destination for our accurate reporting and administration of your accounts.
Some of our websites may disclose non-personally identifiable aggregate statistics relating to our visitors to advertisers. Some of our websites may collect aggregate information about our visitors, e.g. statistics on the number of visits. This type of data may include, but is not limited to, the browser type and version, operating system, IP address and/or domain name of our visitors.
The technologies we use for this automatic data collection may include Cookies. Cookies used (if any) in any part of our websites will not be deployed for collecting personal data. For your information, Cookies are small computer files that can be stored in web surfers’ computers for the purposes of obtaining configuration information and analyzing web surfers’ viewing habits. They can save you from registering again when re-visiting a website and are commonly used to track your preferences in relation to the subject matter of the website. You may refuse to accept Cookies by modifying the relevant Internet options or browsing preferences of your computer system, but if you do so you may not be able to utilize or activate certain available functions in our websites. Our websites may bar users who do not accept Cookies.
Calls between you and our Customer Service may be recorded for various purposes, including but not limited to regulatory compliance, audit compliance, staff training, service quality control and contractual clarification purposes.
Accuracy of Personal Data
Your application to use, purchase or order of any of our services and/or products may be subject to, credit assessments and verification of your personal details. If we regard the results of such validation to be unsatisfactory, we reserve the right to not enter into any agreements, arrangements or engagements with you. Data provided by you will be validated either (1) by using generally accepted practices, (2)against our pre-existing data, or (3) we may require you to send us copies of the applicable original documentation before the data may be used, such as personal identifiers and/or proof of address.
Use of Personal Data Collected
Specific purposes for which your personal data may be used are set out in our “Personal Information Collection Statement” in Part II below (particularly those contained in points 1. through to 8. in the first paragraph of Part II below).
Data Access and Correction
Under the Ordinance, you have the right to:
• Check whether we hold any of your personal data;
• Access your personal data held by us;
• Request us to correct any inaccurate personal data held by us; and
• Ascertain our policies and practices established (from time to time) in relation to personal data
and the types of personal data held by us.
If you want to access and/or correct your personal data which you have given us via application form, internet or other means, or if you want to ascertain our policies and practices in relation to personal data and the kind of your personal data held by us, please contact our Data Protection Officer in writing. We will respond within 40 days after receiving the request. We may charge you a reasonable fee for each personal data access. However, such fee will be waived if the data access is made for the purpose of correcting your personal data.
Security of Personal Data
We use various encryption techniques to transmit via the Internet your personal data, which can only be accessed by our authorized personnel. Given the operational nature of the Internet, we cannot guarantee that the transmission is 100% secure. Please refer to our “Security Statement” in Part III below for details on the steps that we have taken to ensure that any personal data collected by us via our websites is safe and secure to avoid third party’s unauthorized interference. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data tra
nsmitted to our websites. Any transmission of personal data is at your own risk. We are not responsible for any circumvention of any privacy settings or security measures contained on the websites.
Internal Guidelines on Record Retention and Access to Personal Data
Our staff are required to strictly adhere to our Internal Guidelines on Record Retention and Access to Personal Data. Physical records containing personal data are securely stored in locked areas when not in use. Access to such physical and/or computer records is strictly controlled and requires management approval for each access. Approvals for access to customers’ personal data are granted only on a “need to know” basis. Where we retain, use and/or transmit customers’ personal data, we have put in place measures designed to protect it from accidental and/or unauthorized disclosure, modifications, loss and/or destruction.
Retention of Personal Data
If you are a customer of ours, the personal data which you have given us during your subscription period for our services and/or products will be retained for a reasonable period after termination of your subscription. We will erase any unnecessary personal data from our system in accordance with our internal policies.
We may promote on-line stores or service providers or product providers operated by third party merchants on our website. If you want to use or order any services and/or products from these third parties, please note that we transfer any information that you provide in connection with these transactions to the relevant merchant, after which it is beyond our control and thus outside the scope of protection afforded by us (and will not be covered by this Statement).
II. Personal Information Collection Statement
As a customer of our company, or a visitor or user of our websites, it may be necessary for you to provide us with your personal data when you submit an application to us and/or continue to subscribe with us for any services and/or products. If your personal data is incomplete or incorrect, we may not be able to provide or continue to provide the services and/or products to you. We shall keep your personal data confidential at all times. Our policies and practices with respect to the collection, use, retention, disclosure, transfer, security and access of personal data will be in accordance with requirements under the Ordinance and this Statement. We may use the personal data provided by you for the following purposes and for other purposes as shall be agreed between you and us or required by law from time to time:
• Processing of your application for the use, purchase or order of any services and/or products, and provisioning of the services and/or products;
• Subject to your consent, we may use your personal data (which may include name, gender, telephone number, fax number, postal address, email address and/or month and year of birth) in connection with marketing the services and/or products (restricted to insurance, reinsurance, banking, mortgage referral, credit card, property development, retailing, securities and investment, telecommunications, third party reward, loyalty and privilege programme, co-branding, finance, education, media, entertainment and leisure, health and beauty, apparel, jewelry, electrical and electronic products, hotels and travelling, restaurant and catering, logistic and transport, real estate agency, concierge and social network services) (irrespective of whether we are remunerated for such marketing activities) relating to us, our affiliated companies, business partners and Morgan Stanley’s group of companies and any of its subsidiaries and/or affiliates and any company in which it has a direct or indirect interest or with which it is in joint venture or co-operation or their successors and assigns (the “Morgan Stanley Group”).
• We may dispatch to you promotional information via direct marketing telephone calls, e-mail, electronic messages delivered via mobile short messaging service (SMS) / multimedia messaging services (MMS) / cross-platform mobile messaging application (e.g. smartphone messaging application), facsimile, direct mailings, etc. We will enquire your preferences with regard to nature of services and/or products before we provide you with any direct marketing promotional materials.
• Processing of any benefits for you arising out the services and/or products you apply for;
• Analyzing, verifying and/or checking of your credit, payment and/or account status in relation to the provision of the services and/or products you apply for;
• Processing of any payment instructions, direct debit facilities and/or credit facilities requested by you;
• Facilitating the daily operation of your account, providing customer services and/or collecting overdue amounts in your account in relation to the services and/or products you subscribe to;
• Enabling us to conform to other industry practices, or to comply with any requests stipulated by governmental or regulatory authorities; and
• Helping us to prevent of crime.
We may disclose and transfer (whether in Hong Kong or overseas) your personal data to the following parties to use, disclose, process or retain such personal data for the purposes mentioned above:
• Our agents and contractors (including IT, network, customer service, sales agents, mailing houses, telecommunication service providers, telemarketing and direct sales agents, call centers, data processing service providers, third party reward, loyalty and privilege programme providers, co-branding partners and contractors), telecommunications operators, and service providers for the provision of our services and/or products;
• Our affiliated companies, business partners and affiliated companies and business partners of the Morgan Stanley Group;
• Banks, financial institutions and credit providers;
• Debt collection agencies, credit reference agencies and security agencies;
• Regulatory bodies, law enforcement agencies and courts;
• Our professional advisers, and any other persons under a duty of confidentiality to us; and
• Any of our actual or proposed assignees or transferees of our rights with respect to you.
In addition, in accordance with your agreement with us or consent given to us (as the case may be), we may disclose and transfer your personal data (whether in Hong Kong or overseas) to our affiliated companies, business partners and/or the Morgan Stanley Group for the purposes of carrying out market research and credit assessments and ensuring that such personal data fulfills the aforesaid or other purposes as shall be agreed between you and us or as required by law from time to time.
If you do not wish to receive direct marketing promotional information from us with respect to the services and/or products we provide and/or other categories of servi
ces and/or products mentioned above, or do not wish us to disclose, transfer or use your personal data for the aforesaid direct marketing purposes, please either (1) contact our Customer Service Hotline 3163 3260 or (2) click here to download the “Marketing Message Opt-out Request Form” and return the completed form to our Customer Service Department either by post: 23/F – 25/F Nexxus Building, 41 Connaught Road, Central, Hong Kong or by fax: 3163 3493.
III. Security Statement
While the Internet is not an inherently secure environment for communications, the security of Internet communications can be enhanced by the application of appropriate technology. However, Internet security is not solely a technical issue; knowledge about security of personal and transaction data as well as general measure are equally important. “Hackers” can only attack a system through a “door”. However, in most cases, imprudent transmission and handling of sensitive data such as confidential documents, password, personal identifiers etc. facilitate unauthorized access to such a “door” by “hackers”. Hence, Internet users should be cautious when handling such kind of sensitive documents and data.
In order to prudently preserve all personal data obtained from users of our websites, in addition to firewalls and other sophisticated technical facilities, we also provide and maintain other stringent security measures so as to protect our systems as well as the information and data retained therein from accidental or malicious destruction or damage.
Should you have any enquiries concerning this Statement, please feel free to contact our Data Protection Officer in writing at:
Data Protection Officer
23/F Nexxus Building, No. 41 Connaught Road Central, Central, Hong Kong
Note: Important: By accessing this website and any of its pages, you are agreeing to the terms set out above.