“Personal Data” refers to the “Personal Financial Data” and the “Personal Identification Data”. “Personal Financial Data” and “Personal Identification Data” are respectively defined in paragraph 4 below.
“Non-Personal Data” is any data that is not reasonably practicable to directly or indirectly identify you, including but not limited to aggregated data, application usage, in-app browsing activity, and application activity including user interface elements, etc.
“Third-party partners” are any individual or organization that cooperate with us for the purpose of facilitating or improving our services provided to you.
Our Privacy Principles
Planto builds its business on trust between our users and us. Therefore, security and safety of our users’ Personal Data is our top priority. To preserve the confidentiality of all Personal Data you provide to us, we maintain the following privacy principles:
We maintain strict security systems designed to prevent unauthorised access to your Personal Data by anyone, including our employees, agents and contractors.
Any members of the Planto, including our employees, agents and contractors, who are permitted access to any Personal Data may only do so for a specific and limited purpose and limited time and during such access, are specifically required to strictly observe our confidentiality obligations.
We will not disclose, sell, trade or rent your personal data to any third parties, unless we:
have your consent, or
are required by law, enforcement or regulatory agency
We work with third-party partners to provide and improve our services. Here are the types of third parties that we share information with:
For processing your financial service application, we will share necessary information for the purpose of service application after receiving your consent
By maintaining our commitment to these principles, we will ensure that we respect the inherent trust that you have placed in us.
The data we collect
We may collect and process Personal Data from users in variety of ways, including but not limited to, when you register for, install, download, access or use the App, or contact us in relation to the App. However, we will only use your Personal Data as set out below and always in accordance with the applicable laws.
When you register for and use the Planto App, we collect your email address and device ID which we use to:
provide you with our services via the Planto App;
identify you and the accounts you have registered with us;
communicate with you;
customise the Planto App based on your preference;
notify you of any changes to the Planto App or to our services that may affect you.
We leverage your mobile device’s built in biometric authentication tools to provide you with added security to ensure there will be no unauthorized access to the Planto App:
When you use the App to access or connect to your online accounts (including but not limited to, online banking accounts, insurance accounts, electronic payment accounts, third party mobile and online payment accounts), we may collect and process details such as account name (but not the number), currency of the account, outstanding balance, credit limit, your transaction details and history, payment dates and names and addresses of goods and services providers that appear in your account (collectively known as “Personal Financial Data”), for the purposes of displaying the account information and transaction feed to you and providing you with services on the App.
When you use the App or website to apply for third party financial services, we may request and store your identifications such as mobile number, HKID and date of birth (collectively known as “Personal Identification Data”) solely for the purpose of making the application process convenient for you. Your Personal Identification Data will only be used at your request or consent.
We do not collect or store any usernames, passwords, other authentication details, bank account numbers or credit card numbers for your online accounts. Online log-in credentials always remain encrypted on your device and is never stored on our server. For the avoidance of doubt, Personal Financial Data for this purpose does not include information that is aggregated with similar data from other users to produce Aggregated Data as defined in paragraph 5 below, or is otherwise no longer identifiable to any specific App user.
When you make any purchases on Planto, your credit card information and other data are not collected by us, but only by third party payment processors.
For the purpose of producing research and statistical collective data amongst the App users and provide you with services on the App, we may aggregate your Personal Financial Data together with similar data from other App users (“Aggregated Data”). Aggregated Data will be produced in such a manner that the underlying data will no longer be identifiable to any specific user. We may share Aggregate Data amongst users as part of the services provided, and also with our third party partners to help us make improvements and/or enhancements to our services and for marketing, research and academic purposes. Rest assured that Aggregate Data cannot be linked to an individual or user in any way.
Whilst we take all reasonable steps to anonymise the Aggregate Data, please be informed that these measures are provided on a best-effort basis. In the event that you believe that any of your Personal Data is or has been inadvertently captured in the App or in any report generated or services provided by us, whether within or outside the App, it is your responsibility to immediately notify us at email@example.com so that we are able to promptly rectify the situation.
We shall take all reasonably practicable steps to ensure that the Personal Data collected is not kept longer than is necessary for fulfilment of the purpose for which it is or is to be used.
Nevertheless, Non-Personal Data including Aggregate Data will continue to be stored and retained on our servers indefinitely. We reserve the right to retain and use Aggregate Data derived from the use of the App.
Data Deletion, Correction and Access to Personal Data
You have the right to request that your App account or any of your Personal Data to be deleted from our servers at any time. You can make this request to us by contacting us at firstname.lastname@example.org. Please note that once your account is deleted, any data linked to the App shall be excised permanently from our servers and further access to your account will be impossible.
At the end of your trial period, you will still have an option to request for Personal Data deletion anytime either using means listed out in 7.1 or through a feature within the Planto app.
You have the right to request access to and correction of your Personal Data held by Planto. We will respond to your request of data access or correction as soon as practicable upon receiving your request. A reasonable administrative fee may be charged for responding to a data access request to reflect the cost of responding to the request.
The App and website requires a user ID and password and/or biometric verification to log in. You should safeguard your user ID and password and keep them secret and confidential. We will never ask you for your password given that you should be the only person who knows it. We strongly recommend that you use strong passwords between 6-16 characters long that are difficult for others to guess. We also recommend that you change your password periodically. In public areas, you should exercise caution and not leave your mobile device unattended or susceptible to theft whilst logged into your account.
You should only download the App and its updates from official Play Store and App Store and not from any unofficial sources.
Our commitment to safeguarding your personal information
However, the aforementioned security efforts do not preclude us from the possibility of fraud, cyber-attacks, such as hacking, spyware and viruses, and we do not warrant that our servers or network will be immune from such attacks. We are not liable for any loss or damage arising from such risks.
Your Acceptance of these terms