EPS Merchant Services
EPS Company (Hong Kong) Limited


This policy statement provides information on the obligations and policies of EPS Company (Hong Kong) Limited ("we, us or our") in relation to the provision of EPS Merchant Services under the Hong Kong SAR Personal Data (Privacy) Ordinance 1995 - Cap.486 (the "Ordinance").

Throughout this policy, our use of the term "personal data" has the meaning ascribed to it by the Ordinance.


We shall fully comply with the obligations and requirements of the Ordinance. Our officers, management, and members of staff shall, at all times, respect the confidentiality of and endeavor to keep safe any and all personal data collected and/or stored and/or transmitted and/or used for, or on our behalf.

We shall endeavor to ensure all collection and/or storage and/or transmission and/or usage of personal data by us shall be done in accordance with the obligations and requirements of the Ordinance.

Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by us, then we shall provide and/or correct that data in accordance with the times and manner stipulated within the Ordinance.



For the purpose of providing the EPS Merchant Services, you may be requested to provide personal data such as, but not limited to, the following, without which it may not be possible to satisfy your request:

a. Personal details, including your name, identity card/passport number and date of birth;

b. Merchant details, including merchant name, business registration number, merchant address;

c. Contact details, including contact name, address, telephone number and email address.

Our web servers may also collect data relating to your online session, the use of which is to provide aggregated, anonymous, statistical information on the server's usage so that we may better meet the demands and expectations of visitors to the Sites. This type of data may include, but is not limited to:

a. The browser type and version;

b. Operating system; and

c. The IP address and/or domain name.

Some of our web sites may place a "cookie" on your machine; for example to provide personalised services and/or maintain your identity across multiple pages within or across one or more sessions. This information may include, but is not limited to, relevant login and authentication details as well as information relating to your activities and preferences across our website.


Where possible, we will validate data provided using generally accepted practices and guidelines. In some instances, we are able to validate the data provided against pre-existing data held by us.

Please refer to the section titled "Access and Correction of Personal Data" below for details on how you can obtain and correct any personal data relating to you that we may hold.


We will destroy any personal data we may hold in accordance with our internal retention policy. The policy states that:

a. Personal data will only be retained for as long as is necessary to fulfil the original or directly related purpose for which it was collected, unless the personal data is also retained to satisfy any applicable statutory or contractual obligations; and

b. Personal data are purged from our electronic, manual, and other filing systems in accordance with specific schedules based on the above criteria and our internal procedures.


Subject to the paragraphs below, all personal data held by us will be kept confidential but we may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose, for which the data was collected provide such information to the following parties:

a. Any of our subsidiaries, holding companies, associated companies, or affiliates of, or companies controlled by, or under common control with us;

b. Any person or company who is acting for or on our behalf, or jointly with us, in respect of the purpose or a directly related purpose for which the data was provided;

c. Any other person or company who is under a duty of confidentiality to us and has undertaken to keep such information confidential, provided such person or company has a legitimate right to such information; and

d. Any financial institutions, charge or credit card issuing companies, credit information or reference bureaux, or collection agencies necessary to establish and support your instructions relating to payments made through any Site.

Personal data may also be disclosed to any person or persons that have a right under the Ordinance to gain access to such information provided they are able to prove their authority to access such information. For example, if we were served with a court order demanding certain customer information then we would disclose the information to the duly appointed officer of the court or such other persons as the court orders.


At times it may be necessary and/or prudent for us to transfer certain personal data to places outside of the Hong Kong SAR in order to carry out the purposes, or directly related purposes, for which the personal data were collected. Where such a transfer is performed, it will be done in compliance with the requirements of the Ordinance.


Physical records containing personal data are securely stored in locked areas and/or containers when not in use.

Computer data are stored on computer systems and storage media to which access is strictly controlled and/or are located within restricted areas.

Access to records and data without appropriate management authorization are strictly prohibited. Authorizations are granted only on a "need to know" basis that is commensurate with an individual's responsibilities and their training.

Our records are under the control of assigned information officers who are responsible to ensure the transfer of or access to information is legitimate and complies with the Ordinance.

Audit records may be produced to validate data modifications in order to verify the data's integrity.

There may be violations logging processes for investigation of any unauthorized attempt to access information.

Encryption technology, such as SSL, may be employed for the transmission of data collected online.


Under the terms of the Ordinance, individuals have the right to:

a. Check whether we hold any personal data relating to them and, if so, obtain copies of such data;

b. Require us to correct any personal data relating to them which is inaccurate for the purpose for which it is being used; and

c. Ascertain our policies and practices in relation to personal data, which are those policies and practices set out in their entirety herein.

An individual may exercise their right of correction by:

a. Writing to us at the address listed below, specifying the data which they believe to be incorrect, the reason they believe it is incorrect, and the applicable corrections; and

b. Providing "proof of identity" verifying that the individual making the request is authorized to request such corrections.

c. Correcting his personal data through this website.

We will, upon satisfying ourselves of the authenticity and validity of the correction request, make every endeavor to comply with and respond to the request within the period set by the Ordinance.


All enquiries regarding our compliance with our obligations under the Ordinance should be in writing to:

EPS Company (Hong Kong) Limited
12/F, 82-84 Nathan Road
Tsim Sha Tsui

Or via email to:



© 2012 - EPS Company (Hong Kong) Limited . All rights reserved. This web site and any information available from this web site may be protected by copyright. Any unauthorised use, publication, copying, distribution or exploitation of such information is prohibited.

Disclaimer notice:

a. We endeavour to provide convenient and functional Sites, but we do not guarantee that the Content will be error free or that the Sites or the servers that operate the Sites are free of viruses or other harmful components. Communications over the Internet may be subject to interruption, delay or blackout.

b. Although we will use reasonable endeavours to maintain the Content, we do not undertake to provide support or maintenance services for the Content. We urge you to keep backup copies of Content you post to, maintain on or use with the Sites.

c. If your use of any Site results in the need for servicing or replacing property, material, equipment or data, we will not be responsible for such costs.

d. Without limiting the above provisions, all information and materials contained or provided on or through the Sites (including the Services) are provided to you "as is" and "as available" without warranty or condition of any kind, either expressed or implied, including, but not limited to, any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. To the fullest extent permitted by the Applicable Law, we exclude all representations and warranties in relation to the information, materials and services available through or from the Sites and disclaim all liabilities for any direct, indirect, consequential, special or incidental damage, loss or expense arising out of, consequent on or which relates to: (i) any access by you to the information, materials and services available through or from the Sites; (ii) any use of the Sites; or (iii) any use of any information, materials or services available through or from the Sites.

e. If a jurisdiction does not allow the exclusion of implied warranties or liabilities in accordance with paragraph (d) but allows limitations of a certain maximum extent then we limit our warranties and liabilities to that extent.

By using any Site and any information, materials or services available through or from any Site, you irrevocably and unconditionally accept and agree to be bound by this disclaimer notice. Terms used in this disclaimer notice have the same meanings as ascribed to them in the accompanying EPS Merchant Services General Terms and Conditions of Use.