Privacy Policy Statement of Sumitomo Mitsui Finance and Leasing (Hong Kong) Limited (“SMFL”)
1.COMMITMENT TO PROTECTING PERSONAL DATA PRIVACY
2.KINDS OF PERSONAL DATA HELD BY SMFL
There are three broad categories of personal data held in SMFL. They are personal data contained in: (i) customer records; (ii) personnel records; and (iii) records of other individuals (other than customer records and personnel records).
Customer records include records containing information provided by customers (including prospective customers) (in the context of this Privacy Policy Statement, including all or any of the customers’ and prospective customers’ signers, directors, shareholders, officers and managers or individual beneficial owners) and collected in connection with the opening or continuation of accounts, the provision or continuation of finance lease, installment transaction and/or other business permitted by laws and regulations (collectively, the “Finance Services”) or in the ordinary course of the continuation of relationship with the customers (for example, when customers write cheques or generally communicate verbally or in writing with SMFL, by means of documentation or telephone recording system, as the case may be). Personal data contained in the customer records may include the following:
Personnel records include records containing information provided by or compiled about the employees (including family members of the employees, potential employees and former employees of SMFL, as applicable) relating to employment applications, employment, health data, human resources management and/or monitoring or security control of any facility, equipment or system. Personal data in the personnel records may include the following:
Records of other individuals (other than customer records and personnel records) include records containing information provided by (i) any of SMFL’s group companies (as defined in paragraph 3.1(h) below) and (ii) suppliers, contractors, sub-contractors, agents, professional advisors, third party service providers, business partners, landlords, tenants, visitors and other contractual counterparties of SMFL and any SMFL’s group companies (including the employees and other representatives of the abovementioned parties (as applicable)) in connection with the provision of supplies or services to support SMFL’s or any SMFL’s group company’s business, operations and office administration, and the provision of operational, administrative and/or other service support by SMFL or any SMFL’s group company in the course of business collaboration amongst SMFL and/or SMFL’s group companies. Personal data contained in the records of other individuals (other than customer records and personnel records) may include the following:
3.MAIN PURPOSES OF KEEPING PERSONAL DATA
The purposes for which personal data held in the customer records may be collected and used are as follows:
complying with the obligations, requirements or arrangements for disclosing and using data that apply to SMFL and/or any SMFL’s group company or that it is expected to comply according to:
The purposes for which personal data held in the personnel records may be collected and used are as follows:
The purposes for which personal data held in the records of other individuals (other than customer records and personnel records) may be collected and used are as follows:
4.SECURITY OF PERSONAL DATA AND OUTSOURCING ARRANGEMENTS
5.DISCLOSURE AND SHARING OF PERSONAL DATA
The third parties with whom SMFL may share personal data is mainly divided into four broad categories:
third parties related to SMFL:
third parties related to customers:
6.RETENTION OF PERSONAL DATA
Personal data kept by SMFL is retained as long as the purpose for which it was collected remains and until it is no longer necessary for the fulfillment of the purpose for which it is or is to be used. Different retention periods apply to the various kinds of personal data collected. As a general rule, the retention period is 7 years after the date of full repayment of customer’s debts to SMFL (if there are multiple debts, it means all debts to SMFL) or termination of employment, business collaboration, servicing and/or contractual relationship (as the case may be) with SMFL unless otherwise expressly specified in relevant notices or the other relevant documents.
7.DATA ACCESS AND CORRECTION
Under and in accordance with the terms of the Ordinance, any Data Subject, or a “relevant person” (as defined in the Ordinance) on behalf of a Data Subject, has the right, where applicable, by way of a data access request (as defined in the Ordinance):
The person to whom requests for access to personal data or correction of personal data or for information regarding policies and practices and kinds of personal data held are to be addressed is as follows:
Sumitomo Mitsui Finance and Leasing (Hong Kong) Limited
Units 4206-08, 42/F, Dah Sing Financial Centre
248 Queen’s Road East
Wanchai
Hong Kong
Nov 2023
Note: In case of discrepancies between the English and Chinese versions, the English version shall prevail.