Privacy Policy

This privacy policy (“Privacy Policy”) sets out the basis on which Serai Limited (the “Company” or “we” or “us” or “our”) collects, uses, maintains and discloses personal data collected from you in your individual, business or other capacities as the users (hereby also referred to as “Users”, “you” or “your”) of and/or any other applications or software we provide from time to time (collectively, “Serai”). We will also explain the measures being and to be taken to ensure that your personal data stays secure and confidential in compliance with the provisions of the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (the “Ordinance”).

By downloading, accessing and/or using Serai, you accept and consent to the practices set out below.

We know that legal terms can sometimes be difficult to navigate, so we wanted to give you a roadmap of our Privacy Policy:

  1. The types of personal data we collect and how we collect personal data

    This section is about information that you give us in the course of signing up for and maintaining your Serai account, what types of information and data are gathered automatically by our systems and information we collect from third parties. In particular, any personal data you provide about someone other than you is also covered by the terms of this Privacy Policy.

  2. How we use personal data

    This section sets out all of the purposes for which we use your personal data, these include, for example, we need your personal data in order to provide Serai services and products to you but we also use this information to improve existing services and products, and to come up with new and innovative ways to improve and expand your experience on Serai.  

  3. Disclosure and transfer of personal data

    In order to provide you with the full set of our services and products, we may disclose or transfer your personal data to third parties within or outside of Hong Kong.

  4. Use of personal data in direct marketing

    This section provides you with more information on how we send you promotional offers and invitations to events via e-mail, telephone or other means of communication, and how to unsubscribe if you no longer wish to receive these.

  5. Collection and transfer of consumer credit data

    This section applies to you if you are a personal guarantor in relation to an application for credit facilities on Serai.

  6. Use of cookies and other tracking data

    Cookies and other tracking software are used to store your preferences and improve your experience when using Serai. This section explains what information we collect and track and how you may disable these settings.

  7. Data security

    Here you will find some measures we have implemented to keep your personal data secure.

  8. Your rights

    This section outlines the rights that you have in relation to your personal data.

  9. Changes to our Privacy Policy

Please check Serai every now and then to view the latest version of our Privacy Policy.

1. The types of personal data we collect and how we collect personal data

1.1 For the purposes outlined in Clause 2, we may request, collect and process the following information about you:

(a) Information you give us (for example when you register for an account, sign up to our newsletter or otherwise communicate with us) – which may include personally identifiable information of your employees and individual shareholders such as their names, email addresses, telephone numbers, street addresses, profession, work titles, work experience, social media accounts, products and services information, financial information, background and demographic data, proprietary information about your business, corporate shareholdings, photographs, audio responses, consumer credit data (as defined in clause 5 below) and any other personal information you provide to us (collectively, “personal data”).

(b) Information we automatically collect about you when you use Serai, for example:

(i) information about how you use Serai, including what you click on and/or tap when using our services and transaction pattern behaviour;

(ii) general diagnostic and usage data, including various unique system or hardware identifiers, information about your mobile device, operating system and application software;

(iii) if you enable location services, the real-time geographic location of your mobile device and location search queries;

(iv) technical information, including the Internet protocol (IP) address used to connect your computer to the Internet and your log-in information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and

(v) information about your visit, including the full Uniform Resource Locators (URLs), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), metThods used to browse away from the page, and any phone number used to call our customer service number.

(c) Information we collect about you from third parties – which would be personal data provided to us from third party sources, such as your employer or colleagues, or from our partners such as credit reference agencies.

1.2 We only retain personal data for so long as it is reasonably necessary to fulfil the purposes outlines in this Privacy Policy.

In some circumstances, we may retain your personal data for longer periods of time, for instance where we are required to do so to meet legal, regulatory, tax or accounting requirements.

In specific circumstances, we may also retain your personal data for longer periods of time (and where permitted to do so under applicable data protection laws), so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your personal data or dealings.

1.3 Where you provide to us personal data about another person, you must give to that person a copy of this Privacy Policy and, in particular, tell him or her how we may use his or her data, and obtain their permission to share their details with us.

1.4 Certain personal data is required for the provision of our services and products. If you are unable to provide us with the personal data we require (for example, data which is marked as mandatory), we may not be able to provide you with all or some of our services and products.

2. How we use personal data

We use and intend to use the data we collect or hold about you for the following purposes:

(a) providing our current and future services and products, such as the search, connect and messaging functions on Serai, processing credit application, evaluating your financial situation and needs (including conducting credit checks and processing guarantees) and maintaining a credit history about you for present and future reference;

(b) with your consent, providing you with alerts, updates, materials or information about our services or other types of services or information that you and/or your business requested or signed up to;

(c) conducting data analytics, such as analysing trends, usages and other user behaviours (whether on an individualized or aggregated basis to derive insights;

(d) administrating your account, including sending push notifications from time to time in order to update you about your Serai account activities and service related information;

(e) communicating with you and responding to your questions or requests;

(f) improving and designing new services or products;

(g) improving and developing Serai, such as launching and supporting new features so we can present content and information on Serai in the most effective manner for you and for the device you use;

(h) conducting big data analytics and commercial exploration of big data applications to derive insights;

(i) applying for insurance cover, administering our policies and processing any claims that may involve you (including investigation of claims);

(j) detecting anomalies and preventing and/or remediating fraud or other potentially prohibited or illegal activities and otherwise protecting the integrity of Serai;

(k) responding or taking part in legal proceedings, including seeking professional advice;

(l) collecting debts in the event of default;

(m) complying with laws and regulations applicable to us in or outside of Hong Kong; and

(n) all other legitimate business purposes and purposes directly related or incidental to the above.

3. Disclosure and transfer of personal data

3.1 We may provide your personal data to the following:

(a) any member of our group, which includes our ultimate holding company, and its subsidiaries or affiliates;

(b) other users of Serai to perform searches and communicate with you;

(c) any agents, contractors, and service providers which provide services to us in relation to the operation of our business (including without limitation administrative, telecommunications, computer, payment, processing or investigation services);

(d) our business partners who may offer their products and services on Serai (on a need-to-know basis only);

(e) credit reference agencies and debt collection agencies;

(f) any persons under a duty of confidentiality to us who requires the personal data in the course of their duties (including auditors and advisors);

(g) our insurers and their reinsurers, brokers and agents;

(h) any person to whom we propose to sell, assign or transfer, or has sold, assigned or transferred, all or any part of our business and/or asset; and

(i) persons to whom we are required to make disclosure under applicable laws and regulations in or outside of Hong Kong (which may include the government, regulatory authorities or law enforcement bodies) or if a regulatory authority or law enforcement body so requires.

3.2 All of the transfers referred to in Clause 3.1 may occur within or outside Hong Kong. If we transfer your personal data outside Hong Kong, we will ensure a comparable degree of security in accordance with the applicable data protection laws and (where required under applicable data protection laws) ensure at least one of the following safeguards is in place:

(a) we will only transfer to countries that have been approved by the relevant data protection regulatory authority as providing an adequate level of protection for personal data; and/or

(b) ensure we have in place appropriate contractual protections with the entity to which we are transferring the personal data as required under applicable data protection laws, which may include entering into standard contractual clauses or data processing agreements.

4. Use of personal data in direct marketing

4.1 We intend to use your personal data in direct marketing and your consent is required before we do so. You undertake to us that you have the authority to provide personal data to us for this purpose. In this connection, please note the following:

(a) we may use your name, contact details (including address, contact number, e-mail address, profession, social media accounts), products and services information, transaction pattern and behaviour, background and demographic in direct marketing.

(b) we may send you targeted and promotional offers and invitations to events (such as seminars/webinars/tele-seminars, conferences or live programmes) in relation to the following services and products offered by us, our group members or our business partners:

(i) financial, insurance, credit card, banking and related services and products (including marketing affiliates programs we are a part of);

(ii) business networking services, buyer/supplier discovery tools, import/export facilitation services, market research and competitor intelligence reports;

(iii) reward, loyalty or privileges programmes; and

(iv) products and services for which you have indicated in or which we believe may be of particular relevance to you.

(c) We may also transfer your personal data to our group members for their direct marketing on the services and products mentioned above.

(d) We may conduct direct marketing via fax, e-mail, direct mail, telephone (including push notification) and other means of communication.

4.2 If you, or any other person for whom you have provided personal data to us, do not wish us to use the personal data in direct marketing as described in Clause 4.1 above, please contact us at [email protected], and we will cease to do so, without charge.

5. Collection and transfer of consumer credit data

5.1 We will collect personal data of your named guarantor(s) in relation to an application for credit facilities with us. To enable us to assess your credit application, we may provide the following data relating to you and your named guarantor(s) (including any updated data of any of the following data) (“consumer credit data”) to credit reference agencies:

(a) full name;

(b) address;

(c) contact information;

(d) date of birth;

(e) Hong Kong identity card (HKID) number and/or other travel document number;

(f) credit application data;

(g) account general data;

(h) account repayment data; and

(i) credit card loss data.

5.2 You can instruct us to make a request to the relevant credit reference agency to delete from its database any account data relating to any credit that has been terminated by full repayment provided that there has not been, within 5 years immediately before such termination, a default in payment under the credit for a period in excess of 60 days according to our records.

5.3 If there is any default in payment, unless the amount in default is fully repaid or written off (other than due to a bankruptcy order) before the expiry of 60 days from the date of default, your account repayment data may be retained by the credit reference agency until the expiry of 5 years from the date of final settlement of the amount in default.

5.4 In the event of any amount being written off due to a bankruptcy order being made against you, the credit reference agency shall retain your account repayment data regardless of whether the account repayment data reveals any material default, until the earlier of the expiry of 5 years from the date of final settlement of the amount in default or the expiry of 5 years from the date of your discharge from bankruptcy as notified to the credit reference agency by you with evidence.

6. Use of cookies and other tracking software

We may use “cookies” or other tracking software in Serai, which are text files placed in your Internet browser or software in Serai used to store your preferences, for the following purposes, all of which are designed to improve your experience when using Serai:

(a) collecting statistical information on how you use Serai to help us understand how users use Serai and help us improve its structure and content;

(b) collecting non-identifiable information to gain a better understanding of visitor behaviours on Serai to develop engagement strategies to better serve you and to improve the overall user experience;

(c) gathering information such as IP address and browser type or other data to authenticate you and your computer;

(d) maintaining security and verifying your details while you use Serai as you navigate use Serai, which enables you to avoid having to re-enter your details each time you enter a new page;

(e) customizing settings offering maximum convenience to you when using Serai, such as remembering user names, passwords and preferences; and

(f) tracking the efficiency of our online advertising campaigns and marketing communications and allowing us to deliver advertisements more relevant to you and your interests.

We may link the data stored in the “Cookies” or other similar tracking software with your personal data. Most browsers are initially set to accept “Cookies”, but you can set your Internet browser to reject all “Cookies” or accept just selected types of “Cookies”. We will request your consent to use tracking software on Serai if you choose to. Please note that if you decide not to accept “Cookies” or not allow us to use tracking software on your use of Serai, this may interfere with your ability to use certain functionalities of Serai.

7. Data security

7.1 We are committed to safeguarding your personal data and have implemented, and maintain, technical and organisational security measures to secure and keep confidential your personal data against accidental destruction or loss, or the authorised, disclosure or access, theft, misuse, alteration or deletion of your personal data. Such measures shall be appropriate to the nature of the information concerned, including but not limited to ensuring personal data is properly encrypted, adopting authentication techniques and access controls, adopting processes to conduct regular security audits and inspections.

7.2 The transmission of information via Internet or mobile network is not completely secure. The security measures described above do not preclude us from the possibility of fraud, cyber-attacks, such as hacking, spyware and viruses, and we do not warrant that our servers or network will be immune from such attacks. Although we will implement security measures to protect your data, we cannot guarantee the security of the data transmitted to Serai via Internet or mobile network. We are not liable for any loss or damage arising from risks relating to any transmission.

8. Your rights

8.1 Under the Ordinance, you have the right to:

(a) check whether we hold any personal data about you;

(b) access any personal data we hold about you;

(c) where we have obtained your consent, withdraw such consent for direct marketing purposes, or where you have registered for an account with us, to request de-registration of your account; and

(d) require us to correct any inaccuracy or error in any personal data we hold about you.

In relation to consumer credit data specifically, you also have the right to:

(a) to request us to inform you as to what items of consumer credit data about you are routinely disclosed to credit reference agencies and/or debt collection agencies, and to provide you with further information to enable you to make an access and correction request to the relevant credit reference agency and/or debt collection agency, as the case may be; and

(b) instruct us, upon termination of an account by full repayment, to make a request to the credit reference agency to delete such data from its database, provided that there has not been any material default (namely, a default in payment for a period in excess of 60 days) on the account within five (5) years immediately before account termination.

To exercise your rights noted above, or if you have any questions about this Privacy Policy, please contact our Data Protection Officer in writing at [email protected] or Level 23, One Taikoo Place, 979 King’s Road, Quarry Bay, Hong Kong.

8.2 In accordance with the Ordinance, any request under Clause 8.1 may be subject to a reasonable fee of not more than HK$100 to meet our cost in processing your request.

9. Changes to our Privacy Policy

We may amend this Privacy Policy from time to time by posting the updated policy on Serai. By continuing to use Serai after the changes come into effect means that you agree to be bound by the revised Privacy Policy.

Last updated: 28 August 2019