The purpose of this Privacy Policy Statement is to ensure that YY ADVISORY. (“the Company”) abide by and effectively implement the requirements set out in the provisions of the Hong Kong Personal Data (Privacy) Ordinance Cap.486 (the “Ordinance”). The Company values personal privacy and guarantees the confidentiality and security of all the personal information which the Company collected so as to continuously maintain the relationship between the Company and the Data Subjects, Employees, Users and Other Individuals (as hereinafter defined).

The term “Data Subject(s)”, wherever mentioned in this Statement, includes the following categories of individuals:

1. applicants for or customers, authorized signatories, and other users of financial/related services or products and so forth provided by the Company; and
2. directors, shareholders, officers and managers of any corporate applicants and Data Subjects/users.

The term “Employee(s)”, wherever mentioned in this Statement, includes employees and/or applicants for any openings offered by the Company.

The term “user(s)”, wherever mentioned in this Statement, includes visitors and/or users of the Company’s Website and/or mobile application, or when the visitors and/or users communicate with the Company via any electronic or computer devices (“Electronic Devices”).

The term “Other Individuals”, wherever mentioned in this Statement, include suppliers, contractors, service providers, business partners, landlords, tenants, participants of seminars, visitors, other contractual counterparties of the Company and the employee(s) of the above-mentioned parties (if applicable).

Types of Personal Data

There are three main categories of personal data to be collected or held with the Company as follows:

1. Data Subject records, which are necessary for Data Subjects to supply to the Company from time to time:
   1. in connection with the opening or renewal or termination of accounts; the establishment or renewal or      termination of financial/related services or products;
   2. in the ordinary course of the relationship between the Company and the Data Subject, for example, when Data Subject effects or executes the financial/related services or products serviced by the Company or generally communicate verbally or in writing with the Company.
2. Employee records, are personal and bio data which include but are not limited to the name, birth date, identification document, address, e-mail address, contact phone number, educational background, curriculum vitae, fingerprints, bank account information and relevant personal data of family members of Employees.
3. Other Individuals records, which include but not limited to the name, address, e-mail address, contact phone number of suppliers, contractors, service providers, business partners, landlords, tenants, participants of seminars, visitors, other contractual counterparties of the Company and the employee(s) of the above-mentioned parties (if applicable); and other operational and administrative records that contain personal data.

Collection and Use of Personal Data

1. In relation to the collection of the personal data, the Company will provide the Data Subjects with a copy of the DPN and/or (as and where applicable) the Employees with a copy of relevant Notice in connection with the collection of Employee records and/or (as and where applicable) will notify Other Individuals of the purpose of collection, classes of persons to whom the data may be transferred, their rights to access and correct the data, and other relevant information.
2. In relation to the collection of the information and personal data on-line/in mobile application of the Company or when the Users communicate with the Company via Electronic Devices, the following provisions shall be applicable to the Company’s Website/mobile application or when the Users communicate with the Company via the Electronic Devices:
   1. This section is limited to the information collected on the Company’s Website/mobile application, the Company’s online advertisements and electronic communications. This section does not apply after the Users leave the Company’s Website/mobile application or when the users visit third-party’s websites where the Company’s online advertisements are displayed or links to third-party websites not operated or controlled by the Company.
   2. By browsing the Company’s Website, using the Company’s mobile application, electronically responding to the Company’s online advertisements, communicating with the Company via any Electronic Devices, the User’s consent to the Company’s use of cookies and the Company’s use of the Users’ Information in the manner as set out in this section. The Users do not proceed further and do not provide the Information unless the Users’ consent to the above.
   3. The Company will record the information of visitors visiting the Company’s Website/using the Company’s mobile application through the web server access log (including but not limited to the clicking date and time, IP address, pages clicked, options selected, browser type, device, operating system and card number (if applicable)). The Company might use the Users’ record (and may combine with other personal information of the Users) for the purposes of improving the operation of this website/the Company’s mobile application, statistical analysis and marketing. The Company will keep the relevant information for an appropriate period of time based on the actual needs. The Company’s web server access log will record the Users’ information automatically by default. By continuing browsing the Company’s Website/using the Company’s mobile application, users are deemed to have given their consent for the Company to store, use and transfer the information in the above manner. Some of the Users’ information including Users’ personalized settings information will be gathered through the use of “cookies”. Cookies are small bits of information that are automatically stored in the web browser in Users’ Electronic Devices that can be retrieved by the Company’s Website. The information collected by “cookies” is anonymous visitor’s personalized settings information and contain no name or address information or any information that will enable anyone to contact the Users via any means. No Users’ personal data will be collected or stored by the Company. For Internet services, a “cookie” with a unique identifier assigned by the Company will be stored in the Users’ web browsers throughout the session after login. Cookies will be expired upon logging off. Should the Users wish to disable these cookies, the Users may do so by changing the setting of the browser. However, the Users will then not be able to login the Company’s Internet services.
   4. There are sections of the Company’s Website/mobile application where the Company specifically asks for the Users’ personal data, for example, when completing forms in the Company’s Website/mobile application to submit an enquiry, applying for a particular product or service or if registering to use the online services, such as Internet services. Please refer to and read the applicable terms and conditions for these products and services as well as the DPN informing the types of data collected, purposes of collection, classes of persons to whom the Users’ data may be transferred, the rights to access and correct the personal data, and other relevant information. If the Users do not consent to the same, please do not proceed further and do not provide the Users’ personal data to the Company.

Purposes of Obtaining and Keeping Personal Data

1. In relation to Data Subjects:
   The purposes for which the data relating to the Data Subjects may be used are as follows:
   1. assessing the suitability of the Data Subject as actual customer or potential applicants for financial /related services and products and/or processing and/or approving their applications, variation, renewals, replacements, cancellations, redemptions, reinstatements and claims;
   2. facilitating the daily operation of the services provided to the Data Subjects;
   3. conducting background checks whenever appropriate (including, without limitation, at the time of application and at the time of regular or special reviews which normally will take place one or more times each year) and carrying out matching procedures (as defined in the Ordinance);
   4. creating and maintaining the Company’s scoring models;
   5. ensuring ongoing credit worthiness of Data Subjects;
   6. researching, customer profiling and segmentation and/or designing financial and related services and products for Data Subjects’ use;
   7. marketing services, products and other subjects (please see further details in paragraph 9 of the Company’s Data Policy Notice (“DPN”));
   8. determining amounts owed to or by the Data Subjects;
   9. enforcing Data Subjects’ obligations, including without limitation the collection of amounts outstanding from Data Subjects’ obligations;
   10. complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Company or any of its offices or authorized agents or that it is expected to comply according to:
       1. any law binding or applying to it within or outside the Hong Kong Special Administrative Region existing currently and in the future;
       2. any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the Hong Kong Special Administrative Region existing currently and in the future;
       3. any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Company or any of its offices or authorized agents by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
   11. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the Company and/or any other use of data and information in accordance with the compliance program for sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
   12. maintaining a history or otherwise, a record of Data Subjects (whether or not there exists any relationship between Data Subjects and the Company) for present and future reference; and
   13. purposes incidental, associated or relating to the abovementioned purposes.
2. In relation to employees (as and where applicable):
   The purposes for which the data relating to the Employees may be used in connection with the employer and employee relationship and human resources management, including but not limited to the purposes as mentioned herein:
   1. processing employment application;
   2. determining and reviewing salaries, bonuses and other benefits should be employed;
   3. conducting reference check with previous employers;
   4. consideration for promotion, transfer or secondment;
   5. any other purposes directly or indirectly relating to any of the employment or statutory obligations; and
   6. administration of any affairs or benefits relating to the retirement and insurance plan of Employees.
3. In relation to Other Individuals(as and where applicable):
   The purposes for which the data relating to the Other Individuals may be used are as follows:
   1. engaging, managing, monitoring and assessing the business relationship with the suppliers, contractors, service providers, business partners and their staff who provide services to the Company;
   2. managing, monitoring and assessing the landlord and tenant relationship with the landlords and/or tenants;
   3. organizing and delivering seminars for the Company; and
   4. facilitating the daily operation and administration of the above.

Retention of Personal Data
In compliant with legal, regulatory and accounting requirements, the personal data and relevant information provided by Data Subjects, Employees, Users and Other Individuals will not be kept longer than necessary time.

Disclosure of Personal Data
The personal data and information would not be disclosed to other parties unless such disclosure is made in accordance with DPN or (as and where applicable) the relevant Notice in connection with the collection of Employee records and/or the Data Subjects and/or the Employees and/or the Users and/or Other Individuals have been previously consented to and/or the disclosure is permitted or required by any law binding on the Company.

Security of Personal Data
The personal data and relevant information provided to the Company are secured with restricted access by authorized personnel or law enforcement or regulator. Encryption technology is adopted for data transmission.

If the Company engages service providers to handle or process personal data (whether local or oversea) on the Company’s behalf, the Company would adopt contractual or other means to prevent unauthorized or accidental access, processing, erasure, loss or use of the data transferred to the service providers for processing.

Changes to the Privacy Policy Statement
The contents of this Statement may be amended from time to time. Please contact the Company or visit the Company’s Website for the latest privacy policy.

Request for Data Access or Data Correction
The Company complies with the provisions of the Ordinance when processing all data access or data correction requests.

The Company may impose reasonable fee for data access request in accordance with the Ordinance.

Contact Details
Please address your requests for data access or correction, or for information about the data policy or kinds of data held, to the personnel stated below:

In case any inconsistency between the English and Chinese versions of this Statement, the English version shall prevail.

Jan 2020