To use the Aurora Card and PA Alliance App, you have given your consent to the Privacy Policy Statement and Personal Information Collection Statement pursuant to Personal Data (Privacy) Ordinance in relation to the Aurora Card and PA Alliance Mobile App.
PA Alliance Limited
Privacy Policy Statement
September 2024 Version
PA Alliance Limited (the “PAA”, “we”, “us” and/or “our”) is committed to protecting the privacy of personal data and this Privacy Policy Statement (“Policy”) sets out our personal data privacy policies and practices in accordance with the provisions of the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong) (“PDPO”).
The content of this Policy is meant to provide a general overview. For further details, please refer to our Personal Information Collection Statement (“PICS”). For the avoidance of doubt, should there be any inconsistencies between this Policy and the PICS, the PICS shall prevail. This Policy sets out the policy and practices in connection with your access to and use of the Aurora Card (“Aurora Card”) and the Hong Kong PA Alliance mobile application on iOS and Android (the “App”).
Kinds of personal data held
We may collect personal data from you in connection with the matters and purposes set out in the PICS and this Policy. This may include Device Information, Registration Information, Account Information, KYC Information and Identity Verification Information as defined in the PICS. For details on the kinds of personal data held, please refer to the PICS.
Main purposes of collecting and keeping personal data
We may collect your personal data from time to time in the ordinary course of your relationship with us for any of the following purposes:
1. Verifying your identity, including during account creation, password reset and authorisation of transaction processes, as well as the process of changing your mobile phone number in our records.
2. Verifying your eligibility to download the App or to use any of the features and functions of the App. Verifying your eligibility to register as a user of the Aurora Card (including detection and verification of any anti-money laundering, counter-terrorist financing or other unlawful activities) or to use any of the features and functions of the Aurora Card.
3. Handling your service requests after processing your registration with PAA as a user of the Aurora Card and supporting PAA in relation to maintaining and managing your registration.
4. Processing your registration with us as a user of the Aurora Card, providing you with a log-in ID and maintaining and managing your registration.
5. Providing you with Aurora Card services and related customer services, including facilitating the settlement of purchase price for goods and services, cash advance, charge-backs, sending notices about your transactions, and responding to your queries, feedback, claims or disputes. Allowing you to access and/or enjoy particular functions provided within the App and services provided by financial institutions including banks and/or financial service companies (“Third Party Financial Institutions”) with whom you have selected to register.
6. Allowing you to access and/or enjoy particular features and functions provided within the App, and services (including apps and mini programs) operated by third parties (“Third Party Operators”) which are accessible through links provided on the App.
7. Improving and expanding our offerings by way of research and development of new functions of Aurora Card and the App or other new products and services that we may offer from time to time.
8. Performing research, statistical analysis or surveys, whether orally or in writing, in order to manage and protect our business operation including our information technology infrastructure, to measure the performance of Aurora Card, the App and other services we offer and to ensure your satisfaction with our services.
9. Analysing trends, usages and other behaviours (whether on an individualised or aggregated basis), which helps us better understand how you and our collective user base access and use Aurora Card and the App and the underlying commercial activities conducted, including for purposes of improving our services and responding to customer queries and preferences.
10. Subject to having obtained your consent in accordance with applicable law and as contemplated in Part D of the PICS, we may provide direct marketing information to you relating to goods and services (defined in the PICS) offered by us, Our Group Companies and affiliates, our business partners and selected third parties using your personal data to contact you, including but not limited to by telephone, text (SMS), email, post, fax, push notification and any other electronic means.
11. Managing risk, performing creditworthiness and solvency checks, or assessing, detecting, investigating, preventing and/or remediating fraud or other potentially prohibited or illegal activities and otherwise protecting the reputation of our payment platform (the Aurora Card) and information technology platform (the App).
12. Detecting, investigating, preventing or remediating violations of the Aurora Card T&C and App Agreement (defined in the PICS), any applicable internal PAA policies, relevant industry standards, guidelines, laws or regulations.
13. Making such disclosures as may be required by any law or regulation of any country applicable to us or Our Group Companies, government official or other third party that PAA has contractual or regulatory obligations to, including any card association or other payment network. Disclosures may also be made pursuant to any subpoena, court order, decision or other legal process or requirement in any country applicable to us or Our Group Companies (including anti-money laundering and counter-terrorist financing reporting requirements).
14. Making any disclosure to prevent any harm or financial loss, to report any suspected illegal activity or to deal with any claim or potential claim brought against us or Our Group Companies.
15. Enabling any due diligence and other appraisals or evaluations for actual or proposed merger, acquisition, financing transactions or joint ventures.
16. Any other legitimate business purposes, such as protecting you and other users of Aurora Card or the App from losses, protecting lives, maintaining the security of our systems and products, and protecting any of our other rights and/or properties; meeting or complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within Our Group Companies and/or any other use of data and information pursuant to any of Our Group Companies’ group-wide programs for compliance with sanctions or prevention or detection of money laundering, terrorist financing, fraudulent activities or other unlawful activities.
17. Any other purposes directly relating to the purposes listed above.
We also may use your personal data in other ways for which we provide specific notice at the time of collection or for which you have subsequently consented.
Retention of personal data
Personal data collected from you will not be kept longer than necessary for the carrying out of the purposes for which such data were initially collected, unless otherwise required or permitted by applicable laws or regulations.
We will retain and procure our service providers to retain your personal data only for so long as is necessary for the purposes set out in the PICS and in accordance with the PDPO and all applicable regulatory requirements.
Security of personal data
We take all reasonable steps, including technical, administrative and physical safeguards to help protect your personal data that we process from loss, misuse and unauthorized access, disclosure, alteration and destruction.
For registered users of the Aurora Card, your Registration Information (as defined in the PICS) can be viewed and edited in the App through your account with us, which is protected by a password. We recommend that you do not divulge your password to anyone. Our staff will never ask you for your password in an unsolicited phone call or in an unsolicited email. If you share a computer with others, you should not choose to save your log-in information for the Aurora Card (e.g., user ID and password) on that shared computer.
Disclosure of data
We will comply with the applicable requirements and restrictions under the PDPO in disclosing personal data to any other person. We may, when appropriate and necessary, provide, transfer or disclose your personal data to Our Group Companies and any third party (whether within or outside Hong Kong) set out in the PICS for the purposes set out above and/or in the PICS.
For details on the disclosure of personal data to third parties, please refer to the PICS.
Outsourcing arrangement
We may appoint suppliers, agents, contractors, service providers and other contractual counterparties within or outside Hong Kong to process data collected by us, in order to provide administrative, telecommunication, computing, remittance or other services to us, such as in connection with the operation or maintenance of the Aurora Card or App or the provision of services and products, including for fraud prevention, payment settlement and transaction processing, insurance, bill collection, data entry, database management, promotion, marketing, customer service, technology service, product and service alerts and payment extension services.
All suppliers, agents, contractors, service providers and other contractual counterparties are required to comply with the applicable requirements and restrictions under the PDPO and personal data access will be restricted to authorised personnel on a need-to-know basis.
Direct Marketing
We may wish to use your personal data in direct marketing activities for the purposes set out above and/or in the PICS. We will comply with the applicable requirements and restrictions under the PDPO and the PICS in direct marketing activities.
We will not use your personal data unless we have received your consent. If you at any time you do not wish for us to continue to use or provide to other persons your personal data for direct marketing purposes as described herein, you may exercise your “opt-out” right by notifying us at admin@paa.global.
Use of cookies, spotlight tags and web beacons, etc.
Cookies are text files placed in a user’s computer or mobile device Internet browser to collect and store information about the users of our websites and mobile applications. When you use or browse our websites, mobile applications, or the Aurora Card, information will be collected from you by cookies and other similar technologies including but not limited to super position model (SPM) technologies, web beacons and spotlight tags. The information collected by using such technologies may include but is not limited to information about your electronic device, mobile device, browser details, IP address, and your preferences and habits on language, webpage layout and other matters. We will analyse and use the information collected to maintain, manage and enhance our websites, mobile applications, products, services and user experience.
Use of information gathered from cookies, etc.
We may share the information gathered through the use of cookies, SPM and other technologies referenced in the previous section of this Policy with third party research agencies for analysis and research purposes which will enable us to adopt a more focused marketing strategy and customer experience for our services and products. No personally identifiable information about you will be collected or shared with any of these third party research agencies as a result of this analysis and research.
We do not use spyware or hidden identifiers or other similar technologies to gain access to your personal data or store hidden information when you visit our mobile applications or websites.
Managing cookies, etc.
— Our websites
You will not be able to disable the spotlight tags and web beacons functions when browsing our websites.
— Our mobile applications (including the App)
Our mobile application uses cookies, SPM and similar technologies to help us improve our services to you. You will not be able to restrict or disable the use of such cookies and technologies in our mobile application. If you do not agree to our use of the such cookies and technologies, please refrain from using or accessing our services or products via the mobile application. By continuing browsing, you agree to the collection and use of your information as set out above.
Accessing your personal data
You have the right to access and update your information and contact us. For example, you may:
(a) check whether we hold data about you and/or access such data;
(b) require us to correct any data relating to you which is inaccurate;
(c) to the extent required in accordance with applicable laws and regulations, require us to correct inaccurate, or unlawfully collected or unlawfully processed data;
(d) ascertain our policies and procedures in relation to data and to be informed of the kind of personal data held by us; and
(e) request us not to use your personal data for direct marketing purposes, in which case we will cease to do so at no cost to you.
If you have any question about this Policy, or would like to request for access to data or correction of data, or for information regarding our policies and practices and kinds of data held, please write to us at:
The Data Protection Officer
PA Alliance Limited
Address: Flat/Rm. A, Dolford Mansion, 1-3 Chatham Court, Tsim Sha Tsui, Kowloon, Hong Kong
Email: admin@paa.global
In this Policy, unless inconsistent with the context or otherwise specified, the words below shall have the following meanings:
- “Hong Kong” means the Hong Kong Special Administrative Region of the People’s Republic of China.
Personal Information Collection Statement pursuant to Personal Data (Privacy) Ordinance (Cap.486) (“Ordinance”) in relation to Aurora Card and the App
Updated in September 2024
This Statement sets out how PA Alliance Limited (“PAA”, “we” or “us”) may collect, use and disclose your “personal data”, “personally identifiable information” or other personal information as ascribed under the Ordinance (collectively, “Personal Data”) in connection with your access to and use of Aurora Card (“Aurora Card”) and/or the Hong Kong PA Alliance iOS and Android mobile applications (the “App”).
From time to time, it is necessary for you to provide us with Personal Data in connection with your registration and use of the Aurora Card and the App, to accept the services of PAA (these services are based on the PA Alliance Aurora Card Terms and Conditions (“Aurora Card T&C“) and the PA Alliance Mobile App Terms and Conditions (“App Agreement”)) and other service agreements that you consent to as part of your registration for and use of the Aurora Card at the time of registration, or for compliance with any laws, guidelines or requests issued by regulatory or other authorities.
If you do not supply such Personal Data to us, it may result in us being unable to complete your registration for the Aurora Card / the App or provide you with the services in the Aurora Card / the App under the Aurora Card T&C and the App Agreement respectively.
The App in combination with Aurora Card that is also provided by PAA provides a gateway for Hong Kong registered users of Aurora Card to participate in a variety of activities, including making payments and cash advance globally.
Registered users of the App can also sign up for an Aurora Card virtual account with PAA, a co-brander of Key Solution Ventures Limited (“Issuer KSV”), which is a principal MasterCard credit card issuing licensee with the license to issue MasterCard credit cards to co-branded card members in Hong Kong.
The word “including” shall not be limiting.
A. COLLECTION OF PERSONAL DATA
We may obtain your Personal Data (directly or indirectly), including:
1. Information obtained about your computer, mobile device or other item of hardware through which you access and use the App through the use of cookies, super position model (SPM) technologies and other similar technologies (including your IP address, geographical location, device identification codes, device Installed Packages and other features/data that can be used to identify a device, browser/platform type and version, internet service provider, operating system, referral source/exit pages, length of visit/usage, page views and device operations) (“Device Information”).
2. Information obtained by us or provided by you while you register as a user of the Aurora Card or App, including your telephone number and/or email address (“Registration Information”).
3. Information obtained by us or provided by you during your use of the App, including your name, date of birth, address (“Account Information”).
4. As required by Issuer KSV, and in order to complete the “Know-Your-Client” (“KYC”) process necessary for the security of our system and that of our customers, we will also collect your identity document (including Hong Kong Identity Card) and your occupation, source of funding, and/or other information from bank statements (“Necessary KYC Information”). We may also collect your facial images and identification document images to complete the KYC (together with the Necessary KYC Information, are collectively referred to as the “KYC Information”).
5. When we are dealing with your request of changing password or changing the mobile phone number that is associated with your Aurora Card or the App, or when we detect potential risks to the assets stored in a particular Aurora Card or the App account, we may need to verify your identity by requesting data from you or a third party. Those data may include, but without limit, proof of your top-up records or otherwise funding the Aurora Card User Account (collectively, “Identity Verification Information”).
6. Any combination, derivation or updated version of the above Device Information, Registration Information, Account Information, KYC Information, Identity Verification Information or such other information may be provided by you or collected by us (automatically or manually) at the time of your downloading the App, during your registration as a user of the Aurora Card and/or during the course of your use of the Aurora Card or the App.
The above information may constitute your Personal Data. We have taken steps to ensure that we do not collect more information (whether or not such information constitutes Personal Data) from you than is necessary for us to provide you with our services, to perform the purposes set out in Part B of this notice, to protect your Aurora Card, to comply with our legal obligations, to protect our legal rights, and to operate our business.
B. USE OF PERSONAL DATA
We may use the Personal Data that we obtained about you for the following purposes:
1. Verifying your identity, including during account creation, password reset and authorization of transaction processes, as well as the process of changing your mobile phone number in our records.
2. Verifying your eligibility to download the App or to use any of the features the functions of the App. Verifying your eligibility to register as a user of the Aurora Card (including detection and verification of any anti-money laundering, counter-terrorist financing or other unlawful activities) or to use any of the features and functions of the Aurora Card.
3. Processing your registration with us as a user of the Aurora Card, providing you with a log-in ID and maintaining and managing your registration.
4. Handling your service requests after processing your registration with PAA as a user of the Aurora Card and supporting PAA in relation to maintaining and managing your registration.
5. Providing you with Aurora Card services and related customer services, including facilitating the payment of goods and services, cash advance, charge-backs, sending notices about your transactions, and responding to your queries, feedback, claims or disputes. Allowing you to access and/or enjoy particular functions and services provided by credit card issuers, banks and/or financial service companies (“Third Party Financial Institutions”) with whom you have selected to register.
6. Allowing you to access and/or enjoy particular features and functions provided within the App, and services (including apps and mini programs) operated by third parties (“Third Party Operators”) which are accessible through links provided on the App.
7. Improving and expanding our offerings by way of research and development of new functions of Aurora Card and the App or other new products and services that we may offer from time to time.
8. Performing research, statistical analysis or surveys, whether orally or in writing, in order to manage and protect our business operation including our information technology infrastructure, to measure the performance of Aurora Card and the App and other services we offer and to ensure your satisfaction with our services.
9. Analyzing trends, usages and other behaviors (whether on an individualized or aggregated basis), which helps us better understand how you and our collective user base access and use Aurora Card and the App and the underlying commercial activities conducted, including for purposes of improving our services and responding to customer queries and preferences.
10. Subject to having obtained your consent in accordance with applicable law and as contemplated in Part D below, we may provide direct marketing information to you relating to goods and services offered by us, Our Group Companies and affiliates, our business partners and selected third parties using your Personal Data to contact you, including but not limited to by telephone, text (SMS), email, post, fax, push notification and any other electronic means.
11. Managing risk, performing creditworthiness and solvency checks, or assessing, detecting, investigating, preventing and/or remediating fraud or other potentially prohibited or illegal activities and otherwise protecting the reputation of our payment and information technology platform.
12. Detecting, investigating, preventing or remediating violations of the Aurora Card T&C and/or App Agreement, any applicable internal PAA policies, relevant industry standards, guidelines, laws or regulations.
13. Making such disclosures as may be required by Issuer KSV, any law or regulation of any country applicable to us or any of Our Group Companies, government official or other third party that PAA has contractual or regulatory obligations to, including any card association or other payment network. Disclosures may also be made pursuant to any subpoena, court order, decision or other legal process or requirement in any country applicable to us or any of Our Group Companies (including anti-money laundering and counter-terrorist financing reporting requirements).
14. Making any disclosure to prevent any harm or financial loss, to report any suspected illegal activity or to deal with any claim or potential claim brought against us or any of Our Group Companies.
15. Enabling any due diligence and other appraisals or evaluations for actual or proposed merger, acquisition, financing transactions or joint ventures.
16. Any other legitimate business purposes, such as protecting you and other users of Aurora Card or the App from losses, protecting lives, maintaining the security of our systems and products, and protecting any of our other rights and/or properties; meeting or complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within Our Group Companies and/or any other use of data and information pursuant to any Our Group Companies’ group-wide programs for compliance with sanctions or prevention or detection of money laundering, terrorist financing, fraudulent activities or other unlawful activities.
17. Any other purposes directly relating to the purposes listed above.
We also may use your Personal Data in other ways for which we provide specific notice at the time of collection or for which you have subsequently consented.
C. DISCLOSURE OF PERSONAL DATA
Your Personal Data held by us will be kept confidential but we may provide such information to the following parties (whether within or outside Hong Kong) for the purposes set out in B.1 to B.17 above:
1. Our Group Companies and affiliates.
2. Our agents, contractors, professional advisers or third party service providers that we engage (including their employees, directors and officers) who are under a duty of confidentiality to us and who provide administrative, telecommunication, computing, remittance or other services to us in connection with the operation or maintenance of the Aurora Card, the App or the provision of services and products, including but not limited for fraud prevention, payment settlement and transaction processing, insurance, bill collection, data entry, database management, promotion, marketing, customer service, technology service, product and service alerts and payment extension services.
3. Merchants to whom payments are made using the Aurora Card or the App.
4. Marketing service providers under a duty of confidentiality to us who provide administrative, data processing, research and marketing, distribution, professional or other similar services to us.
5. Law enforcement agencies, government and regulatory authorities or any other organizations to which PAA is under an obligation or expected to make disclosures under the requirements of any applicable law, regulation or commercial arrangement, including arrangements with Issuer KSV, any card association or payment network.
6. Actual or proposed entities involved in any merger, acquisition, financing transaction or joint venture with us. We may disclose and transfer to any of our actual or proposed assignees or transferees of our rights with respect to your Personal Data in connection with a company re-structuring, and/or merger (as between us and a third party), sale, or transfer (whether of assets or shares, in whole or in part), to use, hold, process or retain such Personal Data for the purposes mentioned in Parts B and D of this Statement.
D. DIRECT MARKETING
For the purpose specified at B.10, PAA may wish to use your Personal Data in direct marketing activities. Please note that:
1. We will solicit your consent by way of explicit indication of no objection and will use your Personal Data for direct marketing purposes after receipt of your consent.
2. PAA may use your name, contact information, products and service portfolio, transaction pattern and history, financial background, demographic data and geographical location in order to send to you marketing communications on the goods and services.
3. PAA may market to you the goods and services. This may include goods and services that are offered by us, any of Our Group Companies and affiliates and our business partners or any other selected third parties.
4. We may provide your Personal Data to certain third parties with which we maintain business referral or other similar commercial arrangements, including (i) Our Group Companies and affiliates, and (ii) business partners, for use by them in marketing their own goods and services.
5. If at any time you do not wish for us to continue to use or provide to other persons your Personal Data for direct marketing purposes as described herein, then you may exercise your “opt-out” right by notifying us at Email: admin@paa.global.
E. PUSH NOTIFICATIONS
We may send you push notifications from time to time in order to update you about your account activities and service related information. If you no longer wish to receive these types of communications, you may turn them off at the device level.
F. SECURITY MEASURES AND RETENTION
We take all reasonable steps, including technical, administrative and physical safeguards to help protect your Personal Data that we process from loss, misuse and unauthorized access, disclosure, alteration and destruction.
We will retain and procure our service providers to retain your Personal Data only for so long as is necessary for the purposes set out in this Statement and in accordance with the Ordinance and all applicable regulatory requirements.
For registered users of the Aurora Card, your Registration Information and Account Information (if any) can be viewed and edited in the App through your account with us, which is protected by a password. We recommend that you do not divulge your password to anyone. Our staff will never ask you for your password in an unsolicited phone call or in an unsolicited email. If you share a computer with others, you should not choose to save your log-in information for the Aurora Card (e.g., user ID and password) on that shared computer.
G. THIRD PARTY SERVICES AND WEBSITES
The Aurora Card and the App may provide links to other websites and services (including apps and mini programs operated by third parties) for your convenience and information. These services and websites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review before you use any of their services or conduct any activities on those websites. To the extent that any linked websites and services you visit are not owned or controlled by us, we are not responsible for their contents, their privacy practices and the quality of their services.
H. CHANGES TO THIS NOTICE
From time to time we may update this Statement to reflect changes to our data practices. If we make any material changes, we will notify you by means of a notice within the App or we may notify you by email (sent to the e-mail address specified in your account). Please review this page periodically for the latest information on our privacy practices. After we have issued a notice to you either through the App or by email, if you continue to use the App, you will be deemed to have agreed to and been notified of any updated version of this Statement concerning the collection, use, storage, transfer and disclosure of your Personal Data as set out in this Statement.
I. FURTHER INFORMATION
Under the Ordinance, you have the right to access or correct your Personal Data or exercise any “opt-out” right. If you wish to exercise any of these rights, please do so by logging into your account in the App or by contacting us through the following means:
PA Alliance limited
Address: Flat/Rm. A, Dolford Mansion, 1-3 Chatham Court, Tsim Sha Tsui, Kowloon, Hong Kong
Email: admin@paa.global
PAA may charge a reasonable fee for processing any data access request.