Neat Privacy Policy

Effective from 5 July 2021.
Last updated on 5 November 2021.

1. Scope of this Policy
   1. Data privacy. We are committed to protecting and respecting your privacy rights under the Personal Data (Privacy) Ordinance in Hong Kong (PDPO).
   2. Coverage. This Policy sets out details of how we collect, use, disclose, process and manage your Personal Data (as defined below). Information will be collected from you via the Neat Dashboard, the Neat App, via email, our main website at https://www.neatcommerce.com/, and the Neat Services.
   3. Definitions. Unless otherwise defined in this Privacy Policy in the Schedule, all capitalised terms have the meaning given in the Neat Master Terms.
   4. Application. This policy applies to information we collect about:
      1. visitors to our website;
      2. an individual’s Personal Data which is in our possession and under our control through using any of the Neat Services, including the Neat Dashboard and Neat App; or
      3. any other means as required to provide the Neat Services.
   5. Amendments. This Policy may be updated from time to time. Changes are effective when we post the updated Policy on our website. By continuing to access our website, use the Neat App or Neat Services when such changes are made, you agree to the revised Policy.
   6. Priorities. Any regional specific Privacy Policy will take priority over this text.
   7. Inconsistencies. In the event of any inconsistency between different language versions of this policy, the English version shall prevail. Any other language versions are translations of the English language version of this policy.
2. Who is Neat and how to Contact Us?
   1. About Neat. In this Policy, “we”, “us”, “our”, or “Neat” means Neat Limited, “you”, “your” or “yours” means the persons to whom this policy applies, and “Neat Group” means Neat Limited, its holding companies, subsidiaries, associated entities and any of their branches and offices. 

We are the data user in respect of your Personal Data under the PDPO. 

1. Get in touch. You can contact us on any aspect of this Policy or your Personal Data, or provide any feedback that you may have by contacting our customer solutions team through the following channels:
   1. via the Neat Dashboard;
   2. via the Neat App; and
   3. via email at [email protected].
2. What information may we collect from you (and why)?
   1. We will only collect your information in line with relevant regulations and law. We may collect it from a range of sources: it may come directly from you, e.g. when you provide your identity details  to open a Neat Account, or we may collect information about you when you interact with us, e.g. visit our Website or Neat App, call us, or ask about any of our products and services.Information collected from you. For example:
      1. personal particulars (e.g. your full name; contact details, residential address, date of birth, identity card/passport details, and education details);
      2. your financial details (e.g. income, expenses, and/or credit history);
      3. information about your transactions made using the Neat Services (e.g. balances, parties to the transactions, and account usage);
      4. specimen signature(s);
      5. employment details (e.g. occupation, directorships and other positions held, employment history, salary, and/or benefits);
      6. tax and insurance information;
      7. communications made by you (e.g. recorded conversations, images, emails, and personal opinions made known to us, such as feedback or responses to surveys);
      8. user login and registration data (e.g. login credentials for phone);
      9. marketing and sales information (e.g. details of the Neat Services you receive and your preferences);
      10. information obtained from a mobile device with your consent (e.g. device location and information);
      11. other personal data which you have provided to us or any of our third party partners, in any forms of interaction with you; and
      12. information related to the usage of the Neat Services, our website, and other services or technology, including your IP address (see the “Cookies” section below).
   2. Other ways to send Personal Data. You may also submit information to us via any methods of your choice, such as:
      1. posting on social media or online forums;
      2. responding to marketing or other communications; and
      3. participating in an offer or program.
3. How do we use your Personal Data?
   1. Lawful basis for collecting your Personal Data. We will only use your Personal Data where we have your consent or we have a lawful reason for using it. These reasons include where we:
      1. need to pursue our legitimate interests;
      2. need to process the information to enter into or carry out the Master Service Agreement;
      3. need to process the information to comply with a legal obligation;
      4. believe the use of your information as described is in the public interest, e.g. for the purpose of preventing or detecting crime;
      5. need to establish, exercise or defend our legal rights; and
      6. need to use your information for insurance or debt recovery purposes.
   2. Purposes of using Personal Data. Specifically, we will use your Personal Data for the following core business purposes:
      1. verifying your identity for the purpose of providing the Neat Services;
      2. assessing and processing applications, instructions, or requests;
      3. setting up, managing, maintaining, and developing your Neat Account and your Neat Services (whether made available by us or through us), including but not limited to:
         1. executing commercial or other transactions and clearing or reporting on these transactions;
         2. carrying out research, planning, and statistical analysis; or
         3. analytics for the purposes of developing or improving our Neat Services, security, service quality, and advertising strategies;
      4. determining, displaying, and communicating with you regarding the transaction status, providing you with updates on changes to Neat Services and facilities (whether made available by us or through us) including any additions, expansions, suspensions, and replacements of or to such Neat Services and facilities and their terms and conditions;
      5. performing our obligations under any agreement with our third party providers;
      6. allowing us to provide Neat Services to you;
      7. complying with our requirements for screenings or due diligence, or to make disclosures under any law, regulation, or court order, and following any guidelines issued by regulators or any other authorities;
      8. managing our infrastructure and business operations and complying with internal policies and procedures;
      9. monitoring products and services provided by or made available through us;
      10. financial reporting, regulatory reporting, management reporting, risk management (including monitoring credit exposures), audit and record keeping purposes;
      11. conducting marketing and statistical research and analysis;
      12. ensuring, checking, or reviewing your ongoing creditworthiness;
      13. responding to queries or feedback;
      14. addressing or investigating any complaints, claims, or disputes;
      15. designing financial services or related products for your use;
      16. enforcing obligations owed to us;
      17. seeking professional advice, including legal advice; and
      18. any other purpose directly related to the above mentioned purposes.
4. To whom may your Personal Data be transferred?
   1. Information that we can disclose. We may disclose your Personal Data to third parties where lawful to do so including where we or they:
      1. need to provide you with products or services you have requested;
      2. have a public or legal duty to do so, e.g. to assist with detecting and preventing fraud and other crime;
      3. need to in connection with regulatory reporting, litigation or asserting or defending legal rights and interests;
      4. wish to send marketing communications to you, as long as we have a legal basis to do so (including obtaining your consent where required by applicable laws);
      5. have a legitimate business reason for doing so, e.g. to manage risk, verify your identity, enable another company to provide you with services you have requested, or assess your suitability for products and services; or
      6. have asked you for your permission to share it, and you have agreed.
   2. We may share your Personal Data for the above purposes with the following classes of persons or entities:
      1. Neat Group companies and any sub-contractors, agents or service providers who work for us or provide services to us or other Neat Group companies (including their employees, sub-contractors, service providers, directors and officers);
      2. to any governmental or regulatory authorities;
      3. financial institutions, tax authorities, credit reference agencies, payment service providers and debt recovery agents;
      4. any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or obligations under Master Service Agreement;
      5. law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities;
      6. other parties involved in any disputes, including disputed transactions;
      7. anyone who provides instructions or operates your Neat Account on your behalf, e.g. Power of Attorney, lawyers, intermediaries, etc;
      8. companies which provide marketing or advertising services for us;
      9. a party to a transaction that you have entered into; and
      10. any interested party that requests reasonable information, where you have failed to perform your obligations under an agreement with us or entered by us on your behalf.
   3. Confidentiality. The above mentioned third parties are under an obligation to us or relevant regulators to keep the information confidential. For more information about the third parties with whom we share your personal data, you may contact us for more information (please see the “How to contact us” section above).
   4. Sale of Business. If our business is sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers and their advisers will be passed on to the new owners of the business.
   5. Overseas transfers. We may transfer, store, process, and/or deal with your Personal Data outside Hong Kong, including countries that may not have the same level of protection for Personal Data. When we do this, we will ensure it has an appropriate level of protection and that the transfer is lawful. We will comply with all applicable Data Privacy Laws in this regard.
   6. Aggregated and anonymized data. Aggregated and anonymised data are records which have been stripped of sufficient elements that your identity can no longer be identified, and which have been combined or manipulated to provide generalised, anonymous information. We may share this kind of data within and outside of the Neat Group with partners such as research groups or advertisers. You will not be able to be identified from this information.
5. Location data
   1. If you have switched on your location services, you may provide any information about your physical location sent from your mobile device (e.g. GPS signals), and we may make use of such information. You will be asked to consent to the use of location services when you download the Neat App or, for iOS devices, the first time you use our functions which require access and use of your location data. You may withdraw your consent at any time by turning off the location services settings on your mobile device.
6. Direct Marketing
   1. Use of your Personal Data for direct marketing.  We would like to use your contact information, including your phone number, address, and email address, for direct marketing purposes but we cannot do this unless we have received your consent, and you can withdraw your consent without charge at any time (see paragraph 7.3 below). We may send you marketing messages by post, email, telephone, text, secure messages, or through social media to promote and market the following services:
      1. our financial, merchant, and related services and products; and
      2. to promote our reward, loyalty, co-branding or privileges programs, and related services. 
   2. Sharing of your Personal Data. Where required to do so in accordance with applicable laws, we will seek your consent to share your contact information with our co-branding partners, including financial services companies, software companies, and insurance companies, to market their services and products, which may be for our commercial gain. We cannot do this unless we have received your consent, and you can withdraw your consent without charge at any time (see paragraph 7.3 below).
   3. Stopping Direct Marketing Communications. If you later decide you no longer wish to receive any such direct marketing communications, you may withdraw your consent at any time by contacting our Data Protection Officer (see paragraph 10.3 below for contact details) or following the unsubscribe instructions in the marketing communications we send to you by email. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving direct marketing communications from us, we may still send you important administrative messages that are required for the provision of Neat Services.
   4. Laws. When using your data for direct marketing, we will comply with the applicable Data Privacy Laws.
7. Security, transfer, and retention of your Personal Data
   1. Protection of your Personal Data. The security of your Personal Data is our top priority. We take all reasonable steps to protect your personal data. We function via a proactive ‘Defense in Depth’ and ‘Privacy by Design’ concept and have put in place multiple layers of security controls throughout our IT system. This includes complying with the PCI DSS (Payment Card Industry Data Security Standard), transmitting all information via TLS version 1.2, and encrypting all data using minimum SHA-256. We have also set up secure coding procedures and complexity password rules; and enabled 2 Factor Authentication on all internal systems. In addition, we conduct background checks on all employees and perform annual penetration testing to avoid unauthorised access to and use of your Personal Data.
   2. Limitations. Where Personal Data is stored, accessed, or transmitted via the internet, it is not completely secure. We will take all reasonable steps to protect your Personal Data, but we do not have any control over, and cannot guarantee the security of your Personal Data transmitted via the internet outside the Neat Dashboard and Neat App. Therefore, any such storage, access, or transmission is at your own risk.
   3. Third party links. Our Neat Dashboard, Neat App, and Website may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these mobile apps or websites, please note that these mobile apps and websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these mobile apps and websites.
   4. Retention of Personal Data. We will retain and procure our service providers to retain your Personal Data only for so long as is necessary to fulfil the purposes outlined in this Privacy Policy, unless we are required to keep it for a longer period in accordance with applicable laws and regulatory requirements.
8. Cookies
   1. Use of cookies. In order to improve the quality of your experience when using Neat Services, and to distinguish you from other users of these services, we may use tracking technologies on our Website, the Neat Dashboard and Neat App, such as cookies, for the collection and use of Personal Data or other information. A cookie is a small file of letters and numbers that our web servers send to your computer or mobile device when you visit certain parts of our Neat Dashboard, Neat App, or our Website. The cookies we use are ‘analytical’ cookies. They allow us to recognize and count the number of visitors and to see how visitors move around the site when they are using it.
   2. Disabling cookies. Cookies may be disabled by changing the setting on your web browser or mobile device but this cannot be done while using our Neat App. However, if cookies are disabled, you may not be able to use certain functionalities or login to secured pages on our Neat Dashboard, Neat App, or Website.
   3. Information recorded. Information that may be recorded include:
      1. IP address;
      2. MAC address;
      3. device type
      4. operating system; and
      5. internet browser type; and
      6. usage data such as time spent on our website, websites visited, links clicked, and the pages that led or referred you to our website.
9. Your rights – access and correction
   1. Subject to the PDPO, you may:
      1. check whether we hold Personal Data about you and may access that information and information as to how we have used and disclosed that information;
      2. require us to correct any inaccuracies in any of your Personal Data held by us;
      3. request us to stop processing your Personal Data held by us; and
      4. ascertain our policies and practices in relation to your Personal Data.
   2. Data Access Requests (DAR). If you request access to or correction of Personal Data, we have the right under the PDPO to:
      1. charge a reasonable fee for processing a data access request, in which case we will inform you of the fee amount and accepted payment methods; or
      2. reject a request if there is a valid reason for such rejection, which we will tell you.
   3. Requests for access or correction of Personal Data, for us to stop processing your Personal Data, or for information regarding our data protection policies and practices, may be addressed to us as follows:

Allen Slingsby – Data Protection Officer

Neat Limited

10/F China Hong Kong Tower

8-12 Hennessy Road

Wan Chai

Hong Kong

Email: [email protected]

1. Response time. To the maximum extent possible, we will respond to a request for access to, or amendment of your Personal Data within 40 calendar days upon receipt of the request. If, however, for any reason we cannot comply with the request before the expiry of the 40-day period, we will notify you in writing of the reasons and comply with such request as soon as practicable.

Schedule – Definitions 

In this Policy:

“Data Privacy Laws” means all applicable laws, regulations and regulatory guidance in relation to the processing or protection of Personal Data, as amended from time to time, including but not limited to:

1. Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong);
2. Personal Information Protection Law of the People’s Republic of China, and the relevant Guidelines, Civil Code and Decisions; and
3. Regulation (EU) 2016/679 of 27 April 2016, General Data Protection Regulation.

“Neat Account” means the account you set up to access the Neat Dashboard, where you and your Business Admin manage your Neat Services.

“Neat Services” means the Basic Services offered by Neat under the Master Service Agreement; and Advanced Services under any supplementary terms, or any other services added from time to time provided through the Neat Dashboard.

“Personal Data” has the meaning given to it under the applicable Data Privacy Laws.