“Personal Data” refers to the “Personal Financial Data” and the “Personal Identification Data”. “Personal Financial Data” and “Personal Identification Data” are respectively defined in paragraph 4 below.
“Non-Personal Data” is any data that is not reasonably practicable to directly or indirectly identify you, including but not limited to aggregated data, application usage, in-app browsing activity, and application activity including user interface elements, etc.
“Third-party partners” are any individual or organization that cooperate with us for the purpose of facilitating or improving our services or third-party partners’ services provided to you.
Our Privacy Principles
Planto builds its business on trust between our users and us. Therefore, security and safety of our users’ Personal Data is our top priority. To preserve the confidentiality of all Personal Data you provide to us, we maintain the following privacy principles:
We maintain strict security systems designed to prevent unauthorised access to your Personal Data by anyone, including our employees, agents and contractors.
Any members of the Planto, including our employees, agents and contractors, who are permitted access to any Personal Data may only do so for a specific and limited purpose and limited time and during such access, are specifically required to strictly observe our confidentiality obligations.
By maintaining our commitment to these principles, we will ensure that we respect the inherent trust that you have placed in us.
The data we collect
We may collect and process Personal Data from users in variety of ways, including but not limited to, when you register for, install, download, access or use the App, or contact us in relation to the App. However, we will only use your Personal Data as set out below and always in accordance with the applicable laws.
When you register for and use the Planto App or website, we collect your email address and device ID which we use to:
provide you with our services via the Planto App or website;
identify you and the accounts you have registered with us;
communicate with you;
customise the Planto App or website based on your preference;
notify you of any changes to the Planto App or to our services that may affect you.
We may leverage your mobile device’s built-in biometric authentication tools to provide you with added security to ensure there will be no unauthorized access to the App:
When you use the App or our website to access or connect to your online financial accounts (including but not limited to, online banking accounts, insurance accounts, electronic payment accounts, third party mobile and online payment accounts), we may collect and process details such as account name, currency of the account, outstanding balance, credit limit, your transaction details and history, payment dates and names and addresses of goods and services providers that appear in your account (collectively known as “Personal Financial Data”), for the purposes of displaying the account information and transaction feed to you and providing you with services on the App and our website.
When you use the App or website to apply for third party financial services, we may request and store your identifications such as mobile number, HKID and date of birth (collectively known as “Personal Identification Data”) solely for the purpose of making the application process convenient for you. Your Personal Identification Data will only be used at your request or consent.
We may collect or store any usernames, passwords, other authentication details, bank account numbers or credit card numbers for your online accounts. Online log-in credentials always remain encrypted on your device or securely stored on our server. For the avoidance of doubt, Personal Financial Data for this purpose does not include information that is aggregated with similar data from other users to produce Aggregated Data as defined in section 5 below, or is otherwise no longer identifiable to any specific App user.
When you make any purchases on Planto, your credit card information and other data are not collected by us, but only by third party payment processors.
We may share the Personal Data, Non-Personal Data or Aggregated Data to third parties in the following situations:
Our business partners: we cooperate with our business partners to deliver deliver their services to you. With your consent through our business partner, we may provide some of your Personal Data, Non-Personal Data or Aggregated Data to our business partners, on a need-to-know basis. For instance, we may share your Personal Financial Data to our business partners for them to display or render their services to you. Further, if you have applied certain financial services on the App, we may need to share your Personal Data to our business partners for processing your application. All information and data which we share to our business partners will also be subject to their own privacy policies.
Security, legal and regulatory requirements: We reserve the right to disclose the data about you that is appropriate or necessary to (i) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (ii) take precautions against liability, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the services we provide and any facilities or equipment used to make those services available, (v) comply with any law or regulatory requirement, including pursuant to a court order or other legal process, or (vi) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others.
For the purpose of producing research and statistical collective data amongst the App users and provide you with services on the App, we may aggregate your Personal Financial Data together with similar data from other App users (“Aggregated Data”). Aggregated Data will be produced in such a manner that the underlying data will no longer be identifiable to any specific user. We may share Aggregate Data amongst users as part of the services provided, and also with our third party partners to help us make improvements and/or enhancements to our services and for marketing, research and academic purposes. Rest assured that Aggregate Data cannot be linked to an individual or user in any way.
Whilst we take all reasonable steps to anonymise the Aggregate Data, please be informed that these measures are provided on a best-effort basis. In the event that you believe that any of your Personal Data is or has been inadvertently captured in the App or in any report generated or services provided by us, whether within or outside the App, it is your responsibility to immediately notify us at email@example.com so that we are able to promptly rectify the situation.
We shall take all reasonably practicable steps to ensure that the Personal Data collected is not kept longer than is necessary for fulfilment of the purpose for which it is or is to be used. In some situations, upon we collecting the Personal Data, Non-Personal Data and/or Aggregate Data from you, and transferring such data to our business partners to facilitate our business partners to supply their services to you, we may immediately delete the data that has been passed to our business partners, and we may not store any such data on the App and our website.
Data Deletion, Correction and Access to Personal Data
You have the right to request that your App account or any of your Personal Data to be deleted from our servers at any time. You can make this request to us by contacting us at firstname.lastname@example.org. Please note that once your account is deleted, any data linked to the App shall be excised permanently from our servers and further access to your account will be impossible.
At the end of your trial period, you will still have an option to request for Personal Data deletion anytime either using means listed out in 7.1 or through a feature within the Planto app.
You have the right to request access to and correction of your Personal Data held by Planto. We will respond to your request of data access or correction as soon as practicable upon receiving your request. A reasonable administrative fee may be charged for responding to a data access request to reflect the cost of responding to the request.
The App and website requires a user ID and password and/or biometric verification to log in. You should safeguard your user ID and password and keep them secret and confidential. We will never ask you for your password given that you should be the only person who knows it. We strongly recommend that you use strong passwords between 6-16 characters long that are difficult for others to guess. We also recommend that you change your password periodically. In public areas, you should exercise caution and not leave your mobile device unattended or susceptible to theft whilst logged into your account.
You should only download the App and its updates from official Play Store and App Store and not from any unofficial sources.
Our commitment to safeguarding your Personal Data:
However, the aforementioned security efforts do not preclude us from the possibility of fraud, cyber-attacks, such as hacking, spyware and viruses, and we do not warrant that our servers or network will be immune from such attacks. We are not liable for any loss or damage arising from such risks.
Your Acceptance of these terms