隐私政策

更新日期：2024年9月12日

生效日期：2024年9月12日

尊敬的用户，中国国际金融股份有限公司（以下简称“中金公司”或“我们”）作为中金固收产品及服务的运营者，深知个人信息对您的重要性，我们将按照法律法规的规定，保护您的个人信息及隐私安全。本隐私政策与您所使用的中金固收服务相关，我们努力用通俗易懂、简明扼要的文字进行表达，并对本隐私政策中与您的权益存在重大关系的条款以粗体字形式进行标注以提示您注意。请您务必认真阅读本隐私政策，在确认充分了解并同意后使用中金固收提供的服务。如果您就本政策点击或勾选“同意”并提交，即意味着同意中金固收按照本隐私政策收集、存储、使用和共享您的相关信息。我们制定本隐私政策并希望提示您了解下述内容，以便作出适当选择：

下文将帮您详细了解我们如何收集、使用、存储、共享与保护您的个人信息，并且帮您了解查询、复制、删除、更正、撤回授权个人信息的方式。

1. 本服务如何收集和使用个人信息

为了向您及客户提供本服务、维护本服务的正常安全运行、优化本服务的功能体验，中金固收会按照如下目的与方式，收集您在注册、使用本服务时主动提供、授权提供的个人信息，以及您使用本服务时产生的个人信息：

1.1 注册、登录、认证

1.1.1 注册、登录

a.当您注册、登录本服务时，您需要通过必要信息（手机号）创建账号，并且您可以完善相关的网络身份识别信息（姓名、邮箱、工作信息、设置密码等），收集这些信息是为了帮助您完成注册。手机号码是履行国家法律法规关于网络实名制要求的必要信息，如果您不提供信息用于注册、登录，我们可能无法为您提供本服务。

b.当您登录本服务时，需要您提供手机号、密码，同时可能采用验证短信验证码、指纹或面容的手段便于验证您的身份。为了让您更安全、便捷地使用登录服务，如您的设备和中金固收APP版本均支持指纹或面容功能，您可选择开通指纹或面容登录功能，我们将在您的授权下调用您设备上的指纹或面容信息进行验证登录。我们仅接收验证结果，并不收集处理您的指纹或面容信息。如您不想使用指纹或面容验证，仍可通过其他方式进行登录。

c.请您了解，中金固收App是面向企业和机构投资者的服务平台。为了更好地向您提供服务，当您所在的公司信息、邮箱、职务等发生变化时，请您及时和对口销售取得联系，我们将及时为您做相应的变更。因未能将前述事项通知我们而导致的法律后果、风险和责任将由您及/或您所在的公司自行承担。

1.1.2 认证

在您使用“中金主承” 、“中金市场观察-地产债周报”、“中金市场观察-ABS周报”等功能或使用其他需要身份认证的功能或相关服务所需时，根据相关法律法规，您可能需要提供您的真实身份信息（真实姓名、电话号码、公司邮箱、名片等）以完成认证。同时为了验证该类信息的准确性和完整性，中金固收会将您提供的信息与合法存有您信息的机构（政府机关、事业单位、商业机构）进行验证核对。您可以拒绝提供，如果拒绝提供您将可能无法获得相关服务，但并不影响您使用我们的其他服务。

1.2 消息通知

1.2.1 您知悉并同意，对于您在使用本服务过程中提供的您的联系方式（例如：联系电话、邮箱），我们在运营中可能会向其中的一种或多种方式发送多类通知，用于活动提醒、身份验证、安全验证、用户使用体验调研等用途。您可以拒绝提供联系方式，如果拒绝提供您可能无法获得相关服务，但并不影响您使用我们的其他服务。

1.2.2 您可以自由选择是否参加我们举办的营销活动，若您选择参与，根据活动需要，可能需要您提供姓名、联系地址、联系方式等信息。这些信息是您收到活动礼品所必要的，您可以拒绝提供这些信息，但我们将无法向您发放活动礼品。

1.3 资讯及影音内容

1.3.1当您访问固收FM、视频直播等音视频资源时，需要调用手机的多媒体功能、更改您的音视频设置权限。如果您拒绝提供相应权限，并不影响您使用我们的其他服务。

1.3.2为了向您提供App内嵌的Zoom会议功能，需要使用蓝牙权限，以便在您使用蓝牙设备时将蓝牙设备作为声音的播放端，同时需要使用麦克风权限，以便您在会议中发言。如果您拒绝提供相关权限，并不影响您使用我们的其他服务。

1.3.3为了向您提供持续的视频播放服务，我们需要将固收APP设置为前台服务，以防止应用被系统回收，从而提供持续的视频播放。如果您拒绝提供相关权限，并不影响您使用我们的其他服务。

1.3.4为了向您提供固收FM音频、研究报告音频等后台播放服务，如果您在播放音频时退出App，我们需要将固收APP提升为前台服务，以防止应用被系统回收， 从而保持持续的音频播放。同时，我们在系统通知栏添加音频操作按钮，在您点击相关操作按钮后可能会启动App。如果您拒绝提供相关权限，并不影响您使用我们的其他服务。

1.4 复制与分享

1.4.1在您复制、分享信息时，我们需要访问您的剪切板，读取其中包含的文字、链接及其他内容信息，以实现跳转、复制、分享等功能或服务。如果您拒绝提供相应权限，并不影响您使用我们的其他服务。

1.4.2在您分享信息时，我们需要查询手机安装的应用，以将信息分享到您希望分享的应用中。如果您拒绝提供相应权限，并不影响您使用我们的其他服务。

1.5 意见反馈

1.5.1在使用本服务过程中，您可以对使用过程中遇到的问题及服务体验进行问题反馈，帮助我们更好地了解您使用我们产品或服务的体验和需求，在帮您解决问题的同时，帮助我们改善产品和服务，为此我们会记录您的联系信息、反馈的问题或建议、您与我们的通信/通话记录及相关内容（包括账号信息、您为了证明相关事实提供的其他信息，或您留下的其他联系方式），以便我们进一步联系您，向您反馈我们的处理进度。

1.5.2当您使用意见反馈功能时，如果您需要发送图片，需要获取相册访问、摄像头拍照的权限。如果您拒绝提供相应权限，并不影响您使用我们的其他服务。

1.6 活动提醒

为了提醒您观看直播或参与活动，需要获取日历权限，将活动信息导入手机日历中。如果您拒绝提供相应权限，并不影响您使用我们的其他服务。

1.7 电话会议

为了联系客户经理或参加电话会议，需要获取电话权限。如果您拒绝提供相应权限，并不影响您使用我们的其他服务。

1.8 消息推送

当您需要及时接收中金固收给您发送的消息通知时，需要获取通知的权限，Android手机还需获取开机启动、通知管理、控制振动的权限。如果您拒绝提供相应权限，并不影响您使用我们的其他服务。

1.9 浏览、点击记录

为了向您提供个性化、精准化的服务以提升您的用户体验，我们会收集您的点击操作记录（兴趣、点击、收藏、浏览、搜索和转发记录），并结合您的客户基本信息、及从关联方、合作伙伴、信用机构及依法成立并合法收集和留存您的相关信息的第三方机构获取的您的相关信息（包括与您相关的个人信息），给您推荐今日新发债。若您希望关闭我们基于有关信息向您进行的推荐，可前往【我的】-点击右上角-【设置】-【个性化推荐设置】关闭个性化推荐机制。您可以拒绝提供点击操作记录，如果拒绝提供您可能无法获得相关服务，但并不影响您使用我们的其他服务。如您需要查阅个人的兴趣、点击、浏览、搜索和转发记录，您可以通过邮件发送查阅兴趣、点击、收藏、浏览、搜索和转发记录的申请至FI_APP_SERVICE@cicc.com.cn。一般情况下，我们将在收到申请后的15个工作日内进行核实处理，并以邮件的方式进行反馈。

1.10 收集、使用个人信息目的变更

请您了解，随着我们业务的发展，可能会对中金固收的功能和提供的服务有所调整变化。原则上，当新功能或服务与我们当前提供的功能或服务相关时，收集与使用的个人信息将与原处理目的具有直接或合理关联。在与原处理目的无直接或合理关联的场景下，我们收集、使用您的个人信息，会再次按照法律法规及国家标准的要求以页面提示、交互流程、协议确认等合理的方式另行向您进行告知说明，并征得您的同意。

1.11 安全运行

1.11.1 运营与安全保障

我们致力于为您提供安全、可信的产品与使用环境，提供优质而可靠的服务与信息是我们的核心目标。为了维护我们服务的正常运行，保护您或其他用户或公众的合法利益免受损失，我们会收集用于维护产品或服务安全稳定运行的必要信息。

1.11.2 设备信息与日志信息

a.为了保障软件与服务的安全运行、运营的质量及效率，我们会收集您的：硬件型号、操作系统版本号、设备标识符（如IMEI、AndroidID、OAID、IMSI、ICCID、GAID、MEID，不同的标识符在有效期、是否可由用户重置以及获取方式方面会有所不同）、软件安装列表、网络设备硬件地址（MAC地址）、IP地址、WLAN接入点（如SSID，BSSID）、基站、软件版本号、网络接入方式、类型、状态、网络质量数据、操作、使用、服务日志。

b.为了预防恶意程序、保障运营质量及效率，我们会收集安装的应用信息或正在运行的进程信息、应用程序的总体运行、使用情况与频率、应用崩溃情况、总体安装使用情况、性能数据、应用来源。

c.我们可能使用您的账号信息、设备信息、服务日志信息以及我们关联方（包括中金香港子公司、中金新加坡子公司、中金日本子公司）、合作方在获得您授权或依法可以提供的信息，用于判断账户及交易安全、进行身份验证、识别违法违规情况、检测及防范安全事件，并依法采取必要的记录、分析、处置措施。

1.12 征得授权同意的例外

请您理解，在下列情形中，根据法律法规及相关国家标准，我们收集和使用您的个人信息无需征得您的授权同意：

a.为订立、履行您作为一方当事人的合同所必需，或者按照依法制定的劳动规章制度和依法签订的集体合同实施人力资源管理所必需；；

b.为履行法定职责或者法定义务所必需；

c.与国家安全、国防安全直接相关的；

d.与公共安全、公共卫生、重大公共利益直接相关的；

e.与犯罪侦查、起诉、审判和判决执行等直接相关的；

f.出于维护个人信息主体或其他个人的生命、财产等重大合法权益但又很难得到本人同意的；

g.所收集的您的个人信息是您自行向社会公众公开的；

h.从合法公开披露的信息中收集的您的个人信息的，如合法的新闻报道、政府信息公开等渠道；

i.用于维护中金固收所提供的产品及相关服务的安全稳定运行所必需的，例如发现、处置软件及相关服务的故障；

j.为合法的新闻报道所必需的；

k.学术研究机构基于公共利益开展统计或学术研究所必要，且对外提供学术研究或描述的结果时，对结果中所包含的个人信息进行去标识化处理的；

l.法律法规规定的其他情形。

1.13 添加水印服务

我们将收集用户信息（可能包括您的移动电话号码、邮箱号、用户姓名），用于在中金固收APP、小程序、PC Web端和H5端的研报摘要页，研报原文PDF页，该信息不会用于任何商业用途，该水印会展示在用户本人所观看的页面或者本人所下载的文档上，除非用户本人对外转发，否则第三方不可见。

1.14 自启动服务

为了在您播放固收FM音频、研究报告音频时，能够在系统通知栏操作音频，我们需要使用自启动服务以便监测系统多媒体按钮事件。如您想关闭自启动功能，可能会导致无法正常播放APP内的音频。您可以在系统设置-应用-自启动管理中关闭自启动功能。

1.15 其他

当您在使用手机App时希望屏幕保持常亮，需要获取防止手机休眠的权限。如果您拒绝提供相应权限，并不影响您使用我们的其他服务。

为了向您提供稳定的网络连接，提供连续的服务，需要获取使用网络、完全的网络访问权限、查看网络连接、更改网络连接查看WLAN状态、更改WLAN状态权限。

2. 我们如何使用Cookie和同类技术

2.1 我们使用操作系统API、Cookie等类似技术，以提升您使用本服务的体验。当您使用本服务时，我们可能会使用相关技术向您的设备发送一个或多个Cookie或匿名标识符，以收集和存储您访问、使用本服务时的信息。我们承诺，不会将Cookie用于本隐私政策所述目的之外的任何其他用途。我们使用Cookie和同类技术主要为了实现以下功能或服务：

a.保障产品与服务的安全、高效运转：我们可能会设置认证与保障安全性的Cookie 或匿名标识符，使我们确认您是否安全登录服务，或者是否遇到盗用、欺诈及其他不法行为。这些技术还会帮助我们改进服务效率，提升登录和响应速度；

b.帮助您获得更轻松的访问体验：使用此类技术可以帮助您省去重复填写个人信息、重复登录等繁琐操作。

3.我们如何对外提供个人信息

3.1 原则

3.1.1 合法原则:与第三方合作过程中涉及数据使用活动的，必须具有合法目的、符合法定的合法性基础。如果合作方使用信息不再符合合法原则，则其不应再使用你的个人信息，或在获得相应合法性基础后再行使用。

3.1.2 正当与最小必要原则：数据使用必须具有正当目的，且应以达成目的必要为限。

3.1.3 安全审慎原则：我们将审慎评估合作方使用数据的目的，对这些合作方的安全保障能力进行综合评估，并要求其遵循合作法律协议。我们会对合作方获取信息的软件工具开发包（SDK）、应用程序接口（API）进行严格的安全监测，以保护数据安全。SDK目录请参考附录4：《第三方SDK目录》。

第三方的范围包括我们的关联方、合作金融机构以及其他合作伙伴，下同。

3.2 共享

我们承诺对您的个人信息进行严格保密。除法律法规及监管部门另有规定外，我们仅在以下情形中与第三方共享您的个人信息。确需向第三方共享时，我们将评估该第三方收集信息的合法性、正当性、必要性，我们将要求第三方对您的个人信息采取保护措施，并且严格遵守相关法律法规、监管要求或协议约定。

（1）根据适用的法律法规，遵守法院生效法律文件或强制性的行政或司法要求、其他法律程序的规定，将客户信息披露予有管辖权的政府机构、司法机构、监管机构、自律组织、或任何应前述机构或适用法律法规要求而需接收客户信息的机构或人士；

（2）在法律法规及监管规定允许的范围内，为维护社会公共利益，或保护中金固收的客户、中金固收或中金固收的关联方、合作伙伴、其他用户或雇员的人身和财产安全或合法权益而有必要提供；

（3）在法律法规及监管规定允许的范围内，为安全防范、诈骗监测、预防或禁止非法活动、风控合规及经营管理而有必要提供；

（4）某些产品或服务可能由第三方提供或由我们与第三方共同提供，因此，只有共享您的信息，才能提供您需要的产品或服务；

（5）如您选择参与我们和第三方联合开展的营销活动，我们可能与其共享活动过程中产生的、为完成活动所必要的信息，以便第三方能及时向您发放礼品或为您提供服务，我们会依据法律法规或国家标准的要求，在活动规则页面或通过其他途径向您明确告知需要向第三方提供何种信息；

（6）事先获得您明确同意的情况下，我们会在法律法规允许且不违背公序良俗的范围内，依据您的授权范围与第三方共享您的信息。

3.3 实现功能或服务的数据使用

a. 地理位置服务：当您使用地理位置相关服务时，位置服务提供商(神策统计分析、极光推送)可能会通过SDK或相关技术使用您的GPS信息、设备信息，以便向您返回位置结果。位置信息是个人敏感信息，拒绝提供仅会影响地理位置服务功能，但不影响其他功能的正常使用。

b. 推送功能：为与您使用的终端机型适配消息推送功能，终端设备制造商（华为、小米、OPPO、VIVO等）可能通过SDK等技术使用你的手机型号、版本及相关设备信息。

3.4 转移

随着我们业务的持续发展，我们将有可能进行合并、收购、资产转让，您的个人信息有可能因此而被转移。在发生前述变更时，我们将按照法律法规及不低于本隐私政策所要求的安全标准继续保护或要求个人信息的继受方继续保护您的个人信息，否则我们将要求继受方重新征得您的授权同意。

3.5个人信息全球转移

原则上，中金固收在中华人民共和国境内收集和产生的个人信息，将存储在中华人民共和国境内。

由于中金固收可能通过遍布全球的资源和服务器提供产品或服务，这意味着，在获得您的授权同意后，您的个人信息可能会被转移到您使用产品或服务所在国家/地区的境外管辖区，或者受到来自这些管辖区的访问。

此类管辖区可能设有不同的数据保护法，甚至未设立相关法律。在此类情况下，中金固收会履行法律法规要求的程序，努力确保您的个人信息得到在中华人民共和国境内足够同等的保护。

3.6 公开

我们不会公开您的信息，除非遵循国家法律法规规定或者获得您的同意。如确需公开时，我们公开您的个人信息会采用符合行业内标准的安全保护措施。

3.7 委托处理

对于委托处理个人信息的场景，我们会与受托合作方根据法律规定签署相关处理协议，并对其个人信息使用活动进行监督。

4. 我们如何存储个人信息

4.1 存储地点

我们依照法律法规的规定，将在境内运营过程中收集和产生的您的个人信息存储于中华人民共和国境内。目前，我们不会将您的个人信息传输至境外，如果我们向境外传输，我们将会遵循相关国家规定或者征求您的同意。

4.2 存储期限

4.2.1 您在使用本服务期间，我们将持续保存您的个人信息，保存期限将以不超过为您提供服务所必须的期间为原则。如我们停止运营本服务，我们将在合理期限内依照所适用的法律对所持有的您的个人信息进行删除或匿名化处理。在您终止使用本服务或关闭相应授权后，我们会对您的信息进行删除或做匿名化处理，但以下情况除外：

a.遵从法律法规、监管规定有关信息留存的要求（例如：《网络安全法》规定：采取监测、记录网络运行状态、网络安全事件的技术措施，并按照规定留存相关的网络日志不少于六个月。）。

b.出于财务、审计、争议解决等目的需要合理延长期限的。

4.2.2 若您是企业授权用户，针对企业控制的数据，我们将根据客户指示处理，如您对相关内容有疑问或主张相关的个人信息权益，您可以联系客户或企业客户管理员处理。

5. 我们如何保护个人信息的安全

5.1、我们非常重视您个人信息的安全。建立了数据安全制度规范和实施了安全技术措施，防止您的个人信息遭到未经授权的访问、修改，避免数据的损坏或丢失。我们的网络服务采取了传输层安全协议等加密技术，确保您的数据在网络传输过程的安全。中金固收将尽一切可能采取适当的技术手段，保证您可以访问、更新和更正自己的预留信息或使用中金固收的服务时提供的其他个人信息。

5.2 我们采用严格的数据处理权限控制，避免数据被违规使用。我们采用行业广泛应用的加密技术对您的个人信息进行加密保存，并通过数据隔离技术进行隔离。我们始终落实该等技术措施和组织管理方式，并可能不时加以修订完善以提升系统的整体安全性。

5.3 尽管已经采取了上述合理有效措施，并已经遵守了相关法律规定要求的标准，但请您理解，由于技术的限制以及可能存在的各种恶意手段，即便竭尽所能加强安全措施，也不可能始终保证信息百分之百的安全，我们将尽力确保您提供给我们的个人信息的安全性。请您知悉并理解，您接入我们的服务所用的系统和通讯网络，有可能因我们可控范围外的因素而出现问题。因此，我们强烈建议您采取积极措施保护个人信息的安全，包括但不限于使用复杂密码、定期修改密码、不将自己的账号密码等个人信息透露给他人。

5.4 在发生危害网络安全的事件时，我们会按照网络安全事件应急预案，及时采取相应的补救措施。

5.5 在我们获悉发生了您的个人信息不幸被泄露、非法提供或滥用的个人信息安全事件后，我们将按照法律法规的要求及时向您告知：安全事件的基本情况和可能的影响、我们已采取或将要采取的处置措施、您可自主防范和降低风险的建议、对您的补救措施等。事件相关情况我们将以推送通知的方式告知您，难以逐一告知个人信息主体时，我们会采取合理、有效的方式发布公告。请您注意，根据法律法规的规定，如果我们采取措施能够有效避免信息泄露、篡改、丢失造成危害的，我们可以选择不向您通知；但是监管部门认为可能造成危害并要求我们向您通知的，我们将根据要求向您通知。同时，我们还将按照监管部门要求，上报个人信息安全事件的处置情况。

5.6 您一旦浏览或使用其他网站、服务及内容资源，我们将没有能力和直接义务保护您在使用第三方产品过程中提交的任何个人信息，无论您登录、浏览或使用上述软件、网站是否基于本服务的链接或引导。当您查看第三方创建的网页或使用第三方开发的应用程序时，这些第三方可能会放置他们自己的Cookies或像素标签，这些Cookies或标签不受中金固收的控制，且它们的使用不受本隐私政策的约束。请您与他们直接联系以获得他们隐私政策的详细情况。如果您发现这些第三方创建的网页或第三方开发的应用程序存在潜在风险时，建议您终止相关操作以保护您的合法权益。

6. 管理您的个人信息

我们非常重视您对个人信息的管理，并尽全力保护您对于您个人信息的查阅、复制、修改、删除、撤回同意授权、注销账号等权利，以使您有能力保障您的隐私和信息安全。

6.1 访问隐私政策

您可以在登录账号后“我的”页面-隐私政策，查看本隐私政策的全部内容。请您了解，本隐私政策中所述的本服务的相关功能可能会根据您所使用的账号权限、设备型号、系统版本、软件应用程序版本等因素而有所不同。最终的产品和服务以您所使用的软件及相关服务为准。

6.2 改变或撤回授权范围

6.2.1 您可以在设备本身操作系统中关闭相关权限，改变同意范围或撤回您的授权。撤回授权后我们将不再收集与该权限相关信息。

6.2.2 您使用中金固收中的产品与服务后，您可以在这些产品与服务中撤回权限授权。同时您可以通过邮件发送撤回隐私政策同意申请至FI_APP_SERVICE@cicc.com.cn。一般情况下，我们将在收到申请后的15个工作日内进行核实处理，并以邮件的方式进行反馈。

6.2.3 特定的业务功能和服务将需要您的信息才能得以完成，当您撤回同意或授权后，我们无法继续为您提供撤回同意或授权所对应的功能和服务，也不再处理您相应的个人信息。但您撤回同意或授权的决定，不会影响我们此前基于您的授权而开展的个人信息处理。

6.3 查询、更正账号信息

您可以点击我的，查询登录账号；点击我的-注册资料，查询、修改姓名、工作信息。特别提示您注意，出于安全性和身份识别的考虑，您可能无法自主修改注册时提交的某些初始注册信息。如您确有需要修改该类注册信息，请根据本隐私政策载明的联系方式联系我们。

6.4 查询、更正、删除其他信息

您可以在使用本服务过程中根据您的需要及我们提供的具体产品与功能，在相应功能界面进行操作与调整（例如您可以在视频直播-直播预约功能中取消预约）。

6.5 注销账户

6.5.1 您可以注销使用手机号注册的账户，通过邮件发送注销申请至FI_APP_SERVICE@cicc.com.cn。邮件内需提供您的注册手机号。一般情况下，我们将在收到申请后的15个工作日内进行核实处理，并以邮件的方式进行反馈。

6.5.2 在您的账号被注销前，我们可能会要求您进行身份验证，以保障账户安全。您知悉并理解，注销账号的行为是不可逆的行为，在您的账号被注销后，我们将删除有关您的相关信息或进行匿名化处理，但法律法规另有规定或根据客户需要就客户使用的数据另行处理的除外。 当您从中金固收的服务中删除信息后，中金固收可能不会立即在备份系统中删除相应的信息，但会在备份更新时删除这些信息。

6.6 停止运营并向您公告

如我们停止运营，我们将及时停止收集您个人信息的活动，将停止运营的通知以逐一送达或公告的形式通知您，并对所持有的您的个人信息进行删除或匿名化处理。

如果您或其他有权主体对相关法律法规赋予的个人信息权利的行使，有任何主张、要求或者疑问，您可以通过发送邮件至本隐私政策载明的联系方式与我们联系，我们将尽快审核所涉问题。

对于您合理的请求，我们原则上不收取费用，但对多次重复、超出合理限度的请求，我们将视情况收取一定成本费用。对于那些无端重复、需要过多技术手段（例如，需要开发新系统或从根本上改变现行惯例）、给他人合法权益带来风险或者非常不切实际的请求，我们可能会予以拒绝。

尽管有上述约定，但按照相关法律法规及国家标准，在以下情形中，我们可能无法响应您的请求：

（1） 与国家安全、国防安全直接相关的；

（2） 与公共安全、公共卫生、重大公共利益直接相关的；

（3） 与犯罪侦查、起诉、审判和执行判决等直接相关的；

（4） 有充分证据表明您存在主观恶意或滥用权利的；

（5） 响应您的请求将导致其他个人、组织的合法权益受到严重损害的。

7. 我们如何保护未成年人的信息

7.1 本APP的产品或服务主要面向成年人。我们非常重视对未成年人个人信息的保护。我们只会在受到法律法规允许、父母或其他监护人同意的情况下处理未成年人的个人信息。

7.2 若您是未成年人的监护人，当您对您所监护的未成年人的个人信息有相关疑问时，请通过本隐私政策载明的联系方式与我们联系。

7.3 特别提示：14周岁以下的儿童及其监护人，请仔细阅读以下儿童个人信息保护规则：

若您是未满14周岁的未成年人，在使用本APP的产品或服务前，应在您的父母或其他监护人监护、指导下共同阅读本隐私政策，并在征得您的父母或其他监护人同意的前提下使用我们APP的产品或服务，或向我们提供信息。

对于经父母同意而收集未满14周岁未成年人个人信息的情况，中金固收只会在受到法律允许、父母或监护人明确同意或者保护未成年人所必要的情况下处理此信息。

如果中金固收发现在未事先获得可证实的父母同意的情况下收集了未满14周岁的未成年人的个人信息，则会设法尽快删除相关数据。

8. 隐私政策的修订和通知

基于业务功能、使用规则、联络方式、保存地域变更或法律法规及监管要求，中金固收可能会适时对本隐私政策进行修订。如本隐私政策发生变更，中金固收将以通知推送或者在APP发布公告的方式来通知您。若您不同意该变更可以停止使用相关服务，若您在本隐私政策修订后继续使用中金固收服务，这表示您已充分阅读、理解并接受修订后的本隐私政策并愿意受修订后的本隐私政策约束。

9. 联系我们

如您对本政策存在任何疑问，或任何相关的投诉、意见，可发送邮件至FI_APP_SERVICE@cicc.com.cn与我们联系。为保障您的信息安全，我们需要先验证您的身份和凭证材料。收到您的问题后，我们会及时、妥善处理。一般情况下，我们将在15个工作日内给予答复。

《Privacy Policy》

Update On: July 13, 2023

Effective On: July 14, 2023

Dear users,

China International Capital Corporation (Singapore) Pte. Limited (hereinafter referred to as "CICC" or "we", "our", "us"), as the operator of CICC products and services, is fully aware of the importance of personal information to you, and we will follow laws and regulations to protect your personal information and privacy. This Privacy Policy is related to the CICC services and online applications (as available on App stores and web browsers) (“apps”) that you may use. Where applicable, the Schedule appended hereto shall form part of this Privacy Policy, and any reference to “this Privacy Policy” herein shall also include such Schedule. We have strived to express this Privacy Policy with easy-to-understand and concise words, and have marked in bold the clauses in this Privacy Policy that are materially related to your rights and interests. Please pay attention. Please read this Privacy Policy carefully, and only use the services and apps provided by CICC after you fully understand and agree with the information contained herein. If you click or check "Agree" and submit, you agree to the collection, storage, usage, sharing and processing of your relevant information in accordance with this Privacy Policy. We have developed this Privacy Policy and would like to remind you of the following to help you make appropriate choices:

1. When you use or enable our apps and services, we will collect and use your personal information for the realization of certain functions, to perform services or for management purposes. For details of the types of personal information which will be collected, please refer to Appendix I: Checklist of CICC Service Personal Information Collection.。
2. Furthermore, in order to achieve business functions or as required by laws and regulations, we will collect and use your sensitive personal information when you use specific functions or services. For details of the types of sensitive personal information which will be collected and the purposes of such collection, please refer to Appendix II: Checklist of CICC Service Sensitive Personal Information Collection.。
3. For some of our apps and services, contacts, precise geographic location, camera, microphone, photo album (save-in), calendar permissions will not be enabled by default, and will only be used for specific functions or services with your express authorization. You can also withdraw the authorization at any time. It is important to point out that even if we have obtained these sensitive permissions with your authorization, we will not use them unless required by the relevant functions or services. For details, please refer to Appendix III: Permission Application and Usage Description.

For the purposes of this Privacy Policy, references to “personal information” include “personal data” as defined under the Personal Data Protection Act 2012 (“PDPA”) of Singapore.

The following will help you learn more about how we collect, use, store, share and protect your personal information, and help you understand how to check, copy, delete, correct, and withdraw authorized personal information.

1. How and Why We Collect and Use Your Personal Information

In order to provide you and other customers with our apps and services, maintain the normal and safe operation of our apps and services, and optimize the functional experience of our apps and services, you agree and consent to CICC, entities within the CICC Group including CICC’s subsidiaries, business partners, respective agents, authorized service providers and relevant third parties collecting and using the information you actively provide or authorize to provide when registering and using our apps and services as well as the personal information generated during your use of our apps and services in accordance with the following purposes and methods:

1.1 Registration, Login, Authentication

1.1.1 Registration and Login

a. When you register for our apps and services, you need to create an account using the necessary information, and you can complete the relevant online identification information(name, email, work information, password, etc.). The information is collected to help you complete your registration to use our apps and services. If you refuse to provide the information for registration and login, we may not be able to offer you the service you seek from us.

b. When logging into this service, you need to provide your mobile phone number and password. Additionally, you may use verification methods such as fingerprints, facial recognition, and SMS verification codes to confirm your identity. To provide a more secure and convenient login experience, if your device and your version of the App both support fingerprint and/or face recognition functions, you can choose to enable such functions on the App and log into the App by completing fingerprint or face verification on your device. It is important to note that we only receive the verification results and do not collect your fingerprint or facial information. If you prefer not to use fingerprints or facial recognition, you can still log in using other methods.

c. Please be aware that our apps and services are intended for corporate and institutional investors. In order to provide you with better services, please contact your sales representative in time when your company information, department, email address, phone number and job title change, and we will keep your information in our system up to date. You and/or the company you work for shall bear the legal consequences, risks and responsibilities arising from the failure to notify us of the foregoing matters.

1.1.2 Authentication

When you use the functions or related services in the App that require identity authentication, you may need to provide your real identity information (real name, phone number, company email, company information, department, job title, business card, etc.) to ensure that you are able to use the identity authentication functions. Meanwhile, in order to verify the accuracy and completeness of such information, CICC may check the information you provide with the institutions (government agencies, institutions, and commercial institutions) that legally possess your information. You can refuse to provide such information. If you refuse to provide such information, you may not be able to obtain access to related services, but it will not affect your use of our other services.

1.2 Notification

1.2.1 You know and agree that for your contact information (such as phone number, email address) provided by you during the use of our apps and services, we may send multiple notifications to one or more of these contact addresses during service operation, including activity reminders, identity verification, security verification, user experience research and other notifications. You can refuse to provide your contact information. If you refuse to provide your contact information, you may not be able to obtain access to related services, but it will not affect your use of our other services.

1.2.2 You can freely choose whether to participate in the marketing activities or events held by us. If you choose to participate, you may be required to provide your name, address and other contact information according to the needs of the activity or event. This information is necessary for you to receive event gifts (if applicable). You can refuse to provide such information but we will not be able to deliver the event gift to you.

1.3 News and Audio-visual Content

In order to access audio and video resources including live streaming, etc., you may need to enable the multimedia functions of your device and change your audio and video settings. If you refuse to authorize the required permissions, it will not affect your use of our other services.

In order to provide you with the Zoom meeting feature embedded in the App, Bluetooth permission is required so that you can use your Bluetooth device as a sound player, and microphone permission is also required so that you can speak in the meeting. If you refuse to authorize the required permissions, it will not affect your use of our other services.

In order to provide you with continuous video playback services, we need to upgrade the App to a foreground service to prevent the App from being killed by the system, thereby providing continuous video playback. If you refuse to authorize the required permissions, it will not affect your use of our other services.

1.4 Copy and Share

In order for you to copy and share information, we need to access your clipboard and read the text, links and other content contained within so as to realize functions or services such as page-jumping or switching, copying, and sharing. If you refuse to authorize the required permissions, it will not affect your use of our other services.

When you share information, we need to check the Apps installed on your phone to share the information with the Apps you want to share. If you refuse to authorize the required permissions, it will not affect your use of our other services.

1.5 Feedback

1.5.1 During the use of our apps and services, you can give your feedback on the problems encountered and service experience in order to help us better understand your experience and needs when using our products or services. While helping you solve problems that you encountered during your use of our apps and services, this will help us improve our products and services as well, so we will collect your contact information, feedback questions or suggestions, your correspondence/call records with us and other related content (including account information, the information you provide to prove relevant facts, or other contact information you have submitted or provided to us), so that we can further get in touch with you and keep you up to date about your feedback processing.

1.5.2 For some of our apps and services, when you use the feedback function, if you want to send pictures, you need to authorize permissions to access the photo library and the camera to take pictures. If you refuse to authorize the required permissions, it will not affect your use of our other services.

1.6 Event Reminder

In order for us to remind you of live-streaming events or for you to participate in relevant activities, you need to authorize the calendar permission to so that the event information will be added into the calendar function on your device. If you refuse to authorize the required permissions, it will not affect your use of our other services.

1.7 Browse History

In order to provide you with personalized and accurate services to improve your experience in using our products and services, we will collect your browsing, searching and forwarding records and conduct reasonable analysis based on your information. You can refuse to provide such information. If you refuse to provide such information, you may not be able to get access to related services, but it will not affect your use of our other services. At the same time you can send a request to check your personal browsing, searching and forwarding records by email to FICC_APP_SERVICE@cicc.com. In general, we will verify and process the request within 15 working days after receiving it. The feedback will also be sent by email.

1.8 Teleconference

For some of our apps and services, phone call access is required in order for us to allow you to contact a customer manager or attend a teleconference. If you refuse to authorize the required permissions, it will not affect your use of our other services.

1.9 Push Notifications

For some of our apps and services, when you want to receive the push notifications sent to you by CICC in a timely manner, you need to enable the notification function, and for Android users, you also need to authorize the permission to start-up launching, notification management and vibration control. If you refuse to authorize the required permissions, it will not affect your use of our other services.

1.10 Changes in the Purpose of Collecting, Using, Disclosing and/or Processing Personal Information

Please be aware that with the development of our business, there may be adjustments and changes to the functions and services provided by CICC. In principle, when the new functions or services are related to the functions or services we currently provide, the personal information collected and used will be directly or reasonably related to the original purposes. In scenarios that personal information is collected, used, disclosed and/or processed for new purposes which are not directly or reasonably related to the original purposes, we will inform you of such change in reasonable ways such as by page prompts and other interactive processes, and obtain your consent for such changes in accordance with the requirements of relevant laws and regulations.

1.11 Safe Operation

1.11.1 Operation and Security

We are committed to providing you with safe and reliable products and experiences, and it is our core goal to present you with high-quality and reliable services and information. In order to maintain the smooth operation of our services and protect the legitimate rights and interests of you or other users or the general public from loss, we will collect the necessary information set out at 1.11.2 below to maintain the safe and stable operation of our products or services.

1.11.2 Device and Log Information

• a. In order to ensure the safe operation, quality and efficiency of our software and services, we will collect the following information from you: hardware model, operating system version, device identifiers (such as IMEI, AndroidID, OAID, IMSI, ICCID, GAID, MEID, different identifiers will vary in terms of validity period, whether they can be reset by the user, and how to obtain them), software installation list, MAC address, IP address, WLAN access (eg. SSID, BSSID), base station, software version number, network access method, type, status, network quality data, operation, usage, service log, computer system (Windows or Mac), browser and version, screen resolution.
• b. For some of our apps and services, in order to prevent malwares and ensure operational quality and efficiency, we will collect installed application information or information of the running process, overall application operation, usage and frequency, application crashes, overall installation usage, performance data and application sources.
• c. We may use your account information, device information, service log information, and information provided by our associated parties and partners with your authorization or in accordance with the law to check account and transaction security, perform identity verification, and identify violations of laws and regulations, detect and prevent security incidents, and take necessary recording, analysis, and handling measures in line with the law.

1.12 Others

For some of our apps and services, if you want to keep the screen on when using an App, you need to authorize permission to prevent the device from sleeping. If you refuse to authorize the required permissions, it will not affect your use of our other services.

In order to provide you with stable network connection and continuous services, you need to authorize permission to network functions, complete network access, network links, network link changes, WLAN status, and WLAN status changes.

2. How We Use Cookies and Similar Technologies

2.1 We use operating system APIs, Cookies and other similar technologies to give you better experience of using our apps and services. When you use such apps and services, we may use related technologies to send one or more Cookies or anonymous identifiers to your device to collect and store the data when you visit and use such apps and services. We promise not to use Cookies for any purpose other than those described in this Privacy Policy. We use Cookies and similar technologies mainly to achieve the following functions or services:

• a. To make sure the safe and efficient operation of products and services: We may set Cookies or anonymous identifiers for authentication and security, so that we can confirm whether you are safely logging in to the service, or whether you have encountered account theft, fraud or other illegal activities. These technologies will also help us improve service efficiency and shorten the time for login and App response.
• b. To make sure you have an easier visit experience: Using such technologies could streamline the repetitive operations such as filling in your personal information and logging in repeatedly.

3. How We Disclose Personal Information to the Public

3.1 Principles

3.1.1 Principle of legality: During cooperation with a third party, data usage activities must have a legitimate purpose and comply with the legal basis of law. If the use of information by the partner no longer conforms to the principle of legality, it should stop using your personal information, or use it after obtaining the corresponding legal approval.

3.1.2 The principle of legitimacy and necessity: The use of data must have a legitimate purpose and should only be necessary to achieve the purpose.

3.1.3 The principle of security and prudence: If required by applicable laws, we will carefully evaluate the purpose of data usage by our partners, and will use commercially reasonable efforts to conduct a comprehensive assessment of the security assurance of these partners as well as require them to follow the legal agreement of cooperation. If required by applicable laws, we will also use commercially reasonable efforts to conduct security monitoring on the Software Development Kits (“SDKs”) and Application Programming Interfaces (“APIs”) used by our partners to obtain information so as to ensure data security. For more information about SDKs, please refer to Appendix IV: Third-Party SDKs.

In this Section 3, “third parties” include our associated parties, cooperative financial institutions and other partners, and the term “third party” shall be construed accordingly.

3.2 Sharing

We promise to keep your personal information strictly confidential. Unless otherwise stipulated by laws, regulations and regulatory authorities, we only share your personal information with third parties in the following circumstances. When it is indeed necessary to share the personal information with a third party, we will evaluate the legality, legitimacy and necessity of the third party in terms of information collection, we will require the third party to take protective measures for your personal information, and strictly abide by relevant laws and regulations, regulatory requirements or agreement.

• (1) In accordance with applicable laws and regulations and by following the effective legal documents of the court or mandatory administrative or judicial requirements as well as other legal procedures, customer information will be disclosed to the relevant government agencies, judicial agencies, regulatory agencies, self-regulatory organizations, or any institution or individual who needs to receive customer information as required by the aforementioned institutions or applicable laws and regulations.
• (2) To the extent permitted by applicable laws, regulations and regulatory provisions, the personal information will be necessarily disclosed in order to safeguard social and public interests, or to protect personal and property safety or legitimate interests and rights of CICC and customers of CICC, or its associated parties, partners, other users or employees.
• (3) To the extent permitted by applicable laws, regulations and regulatory provisions, the personal information will be necessarily disclosed for security concerns, fraud monitoring, prevention or prohibition of illegal activities, risk control, compliance and business management.
• (4) Some products or services may be provided by third parties or jointly provided by us and third parties. Therefore, only by sharing your information can we provide the products or services you need.
• (5) If you choose to participate in the marketing activities jointly carried out by us and third parties, we may share with them the information generated during the activity and the information necessary to complete the event, so that the third party can deliver gifts to you or provide you with services in a timely manner. We will clearly inform you on the activity page or through other channels of the information required by third parties and if required, obtain your consent in accordance with the requirements of applicable laws and regulations.
• (6) With your explicit consent in advance, we will share your information with third parties to the extent permitted by applicable laws and regulations and without violating public order and social norms.

3.3 Data Used for Realizing Functions or Services

a. Location Services: When you use location-related services, location service providers (e.g. Sensors Data, Aurora Mobile) may use your GPS and device information through SDKs or related technologies so as to give you location-based results. Location data are sensitive personal information, and refusal to provide it will only affect the Location Services, but will not affect the normal access of other functions.

b. Push Notifications: For some of our apps and services, in order to adapt the message push function to your devices, manufacturers (Huawei, Xiaomi, OPPO, VIVO, etc.) may require your device model, version and related device information through SDKs and other technologies.

3.4 Transfer

As our business continues to develop, we may carry out mergers, acquisitions, and asset transfers, and your personal information may be transferred as well. In the event of the aforementioned changes, we will continue to protect or require the new receiving party of personal information to continue to protect your personal information in accordance with laws and regulations and the security standards not lower than that required by this Privacy Policy, otherwise we will require the new receiving party to re-obtain your authorization for your personal information access permission.

3.5 Global Transfer of Personal Information

In principle, the personal information collected and generated by CICC within Singapore will be stored in Singapore, the People’s Republic of China and/or the Hong Kong Special Administrative Region of the People's Republic of China.

CICC may provide products or services through resources and servers across the globe, which means that after obtaining your authorization and consent, your personal information may be transferred outside the jurisdictions of the country/region where you use the products or services, or subject to access from those jurisdictions.

Such jurisdiction areas may have different data protection laws or even no relevant laws. CICC will ensure that your personal information is adequately and equally protected in accordance with applicable data protection laws.

3.6 Public Disclosure

We will not disclose your information unless required by national laws and regulations or we have obtained your consent to do so. If it is necessary to disclose your information, we will adopt appropriate security protection measures when disclosing your personal information.

3.7 Entrusted Circumstances

You agree and consent to us entrusting the processing of your personal information to third parties. For cases where the processing of personal information is entrusted, we will sign relevant agreements with the entrusted partners in accordance with the law.

4. How we store personal information

4.1 Location

In accordance with the provisions of laws and regulations, your personal information collected and generated during domestic operations will be stored in Singapore, the People’s Republic of China and/or the Hong Kong Special Administrative Region of the People’s Republic of China.

4.2 Storage Period

4.2.1 When you are using our apps and services, we will continue to store your personal information, and the storage period will not exceed the period necessary to provide you with our services. If we stop providing our apps and services, and if we no longer require your personal information for any legal or business purpose, we will delete or anonymize your personal information in accordance with applicable laws. After you stop using our apps and services or cancel the authorization for relevant permissions, we will delete or anonymize your information, except in the following cases:

a. Comply with the requirements of applicable laws, regulations and regulatory provisions on information storage.

b. Reasonable extension of the storage period that is required for financial, auditing, dispute resolution and other business or legal reasons.

4.2.2 If you are an authorized corporate user, we will handle the data controlled by the corporation according to the customer’s instructions. If you have questions about the relevant content or claim related personal information interests and rights, please contact the customer or the corporate customer administrator for more details.

5. How We Ensure Personal Information Security

5.1 We take security of your personal information very seriously. We have established a data security system and implemented reasonable technical security measures to prevent unauthorized access to and modification of your personal information so as to protect personal information from misuse or accidental, unlawful or unauthorised damage, loss, alteration, disclosure, acquisition or access. Our network services employ encryption technologies such as transport layer security protocols to ensure security of your data during network transmission. CICC will take appropriate technical measures to ensure that you can access, update and correct the reserved information or other personal information you have provided when using CICC’s services.

5.2 We use strict data processing access controls to prevent unauthorized use of data. We employ encryption technology, which is widely used in the industry, to store your personal information encrypted and isolated by data isolation technology.These technical measures and organizational management methods are always implemented and may be revised from time to time to improve the overall security of the system.

5.3 Although the above reasonable and effective measures have been taken and the standards required by the relevant legal provisions have been complied with, please understand that due to the limitations of technology and the possibility of various malicious means, it is not always possible to guarantee 100% information security, even with all efforts to strengthen security, but we will do our best to ensure the security of personal information provided to us. Please be aware and understand that the systems and communication networks you use to access our services may experience problems due to factors beyond our control. Therefore, we strongly recommend that you take proactive measures to protect your personal information, including but not limited to using complex passwords, changing your password regularly, and not disclosing your account password and other personal information to others. If you find that your personal information has been compromised, especially your account number and password, please contact us immediately through the contact information set out in this Privacy Policy so that we can take appropriate counter measures.

5.4 In the event of an incident that jeopardizes cyber security, we will take appropriate measures in a timely manner in accordance with the cyber security contingency plan.

5.5 After we encountered a personal information security incident in which your personal information is unfortunately leaked, illegally provided or misused, we will inform you in a timely manner if required by applicable laws and regulations: the incident situation and the possible impact, the response measures we have taken or will take, the suggestions for you to independently prevent and reduce the risk, the fix plan for you, etc. In such situation, we will inform you of the incident-related situation through notification, and if it is difficult to inform the related parties one by one, we will take a reasonable and effective approach to publish an announcement on such matter. At the same time, we will also report the result of personal information security incidents in accordance with the requirements of the regulatory authorities.

5.6 Once you browse or use other websites, services and content resources, we will not have the ability and direct obligation to protect any personal information you submit in the course of using third party products, whether or not your login, browsing or use of the above-mentioned software or website is based on a link or portal contained in our apps and services. When you visit web pages created by third parties or use applications developed by third parties, those third parties may place their own Cookies or pixel tags that are not controlled by CICC and not governed by this Privacy Policy. Please contact them directly for details of their privacy policies. If you find that these third-party-created web pages or third-party-developed applications have potential risks, it is strongly recommended that you terminate the relevant operations to protect your legitimate rights and interests.

6. Manage Your Personal Information

We take the management of your personal information very seriously and make every effort to protect your rights to access, copy, modify, delete, withdraw consent authorization, and cancel your account with respect to your personal information so that you are able to safeguard your privacy and information.

6.1 View Privacy Policy

You can view the entire contents of this Privacy Policy on the App after logging in to your account. Please be aware that the features of the service described in this Privacy Policy may vary depending on your account privileges, device model, system version, software application version, among other factors. The final products and services are subject to the software and related services you use.

6.2 Change or Withdraw Your Authorization

6.2.1 You can turn off the relevant permission in the device's own settings, in order to change or withdraw your authorization. If you withdraw your authorization, we will no longer collect information related to this permission.

6.2.2 After you start using the products and services in CICC, you may withdraw your authorization in those products and services. At the same time you can send a request to withdraw your consent to the Privacy Policy by email to FICC_APP_SERVICE@cicc.com. In general, we will verify and process the request within 15 working days after receiving it. The feedback will also be sent by email.

6.2.3 Specific functions and services will require your information in order to be completed. When you withdraw your consent or authorization, we will no longer be able to provide you with the functions and services for which you have withdrawn your consent or authorization and will no longer process your personal data accordingly. However, your decision to withdraw your consent or authorization will not affect the processing of your personal data that we have previously carried out on the basis of your authorization.

6.3 Check and Correct Your Account Information

You can check and change your name and work information directly in the App.

Please note that for security and identification concerns, you may not be able to change some of the initial registration information submitted during registration on your own. If you do need to change such registration information, please contact us through the methods in the contact details in this Privacy Policy.

6.4 Check, Correct and Delete other Information

You can adjust the service in line with your needs and the specific products and features we offer in the corresponding function page (e.g. you can cancel a booking reminder in the “Live Streaming – Booking”).

6.5 Account Cancellation

6.5.1 You can cancel a registered account by sending an account cancellation request to FICC_APP_SERVICE@cicc.com. The information which you used to register the account which you wish to now cancel should be provided in the email. In general, we will verify and process the request within 15 working days after receiving it. The feedback will also be sent by email.

6.5.2 Before cancelling your account, we may ask you to verify your identity in order to protect your account. Please be aware and understand that the act of account cancellation is irreversible, and after your account is canceled, we will delete or anonymize your information, except as otherwise required by laws and regulations or as otherwise asked by the customer regarding the data use. When you delete information from the services of CICC, CICC may not immediately delete the corresponding information in the backup system, but will delete the information when the backup is updated.

6.6 Discontinuation of Operation and Announcement

If we discontinue the operation of our apps and services, we will promptly stop collecting your personal information, inform you of the operation offline by individual notification or announcement, and delete or anonymize your personal information which we possess.

In addition to the above, if you or other entitled subjects have any claims, requests or questions regarding the exercise of personal information rights granted by relevant laws and regulations, you may contact us by sending an email to the address stated in this Privacy Policy, and we will review the issues involved as soon as possible.

7. Underage Users Clause

7.1 If you are a minor under 18, you should jointly read and agree to this Privacy Policy under the supervision and guidance of your parents or other guardian before using this application.

7.2 In cases where personal information of minors is collected with parental consent, CICC will only use or publicly disclose the information as permitted by law, with the explicit consent of their parents or guardians, and in accordance with the other terms set out under this Privacy Policy.

7.3 If CICC finds out that the personal information is collected from minors without prior verifiable parental consent, we will seek to delete the relevant data as soon as possible.

7.4 If you are the guardian of a minor, please contact us through the contact information in this Privacy Policy if you have questions about the personal information of the underage user in your custody.

8. Notice on Privacy Policy Revisions

This Privacy Policy may be revised from time to time by CICC based on changes in business functions, usage rules, contact information, storage location, or legal and regulatory requirements. If there’s any change to this Privacy Policy, CICC will notify you by means of a push notification or issue an announcement in the App or webpage (as the case may be). If you do not agree with the changes, you may stop using the relevant services. If you continue to use the CICC services after the revision of this Privacy Policy is made, it is taken that you have fully read, understood and accepted the revised Privacy Policy and are willing to be bound by the revised Privacy Policy.

9. Contact Us

If you have any questions about this Privacy Policy, or any related complaints or comments, please send an email to our Data Protection Officer at CICC_SG_PDPA@cicc.com.cn. After receiving your email, we will handle them timely and properly. Generally, we will send you our reply within 15 working days.

Privacy Policy for Online Applications

Update On: July 5, 2023

Effective On: July 14, 2023

Dear users,

China International Capital Corporation Limited as an operator of CICC products and services and China International Capital Corporation (Japan) Limited as a facilitator of users' registration process of the CICC services and online applications (hereinafter referred to as "CICC" or "we", "our", "us"), , are fully aware of the importance of personal information to you, and we will follow laws and regulations to protect your personal information and privacy. This Privacy Policy is related to the CICC services and online applications (as available on App stores and web browsers) (“apps”) that you may use. Where applicable, the Schedule appended hereto shall form part of this Privacy Policy, and any reference to “this Privacy Policy” herein shall also include such Schedule. We have strived to express this Privacy Policy with easy-to-understand and concise words, and have marked in bold the clauses in this Privacy Policy that are materially related to your rights and interests. Please pay attention. Please read this Privacy Policy carefully, and only use the services and apps provided by CICC after you fully understand and agree with the information contained herein. If you click or check "Agree" and submit, you agree to the collection, storage, usage, sharing and processing of your relevant information in accordance with this Privacy Policy. We have developed this Privacy Policy and would like to remind you of the following to help you make appropriate choices:

• When you use or enable our apps and services, we will collect and use your personal information for the realization of certain functions, to perform services or for management purposes. For details of the types of personal information which will be collected, please refer to Appendix I: Checklist of CICC Service Personal Information Collection.。
• Furthermore, in order to achieve business functions or as required by laws and regulations, we will collect and use your sensitive personal information when you use specific functions or services. For details of the types of sensitive personal information which will be collected and the purposes of such collection, please refer to Appendix II: Checklist of CICC Service Sensitive Personal Information Collection.。
• For some of our apps and services, contacts, precise geographic location, camera, microphone, photo album (save-in), calendar permissions will not be enabled by default, and will only be used for specific functions or services with your express authorization. You can also withdraw the authorization at any time. It is important to point out that even if we have obtained these sensitive permissions with your authorization, we will not use them unless required by the relevant functions or services. For details, please refer to Appendix III: Permission Application and Usage Description.

For the purposes of this Privacy Policy, references to “personal information” include “personal data” as defined under the Personal Information Protection Law of China and Act on the Protection of Personal Information in Japan.

The following will help you learn more about how we collect, use, store, share and protect your personal information, and help you understand how to check, copy, delete, correct, and withdraw authorized personal information.

1. How and Why We Collect and Use Your Personal Information

In order to provide you and other customers with our apps and services, maintain the normal and safe operation of our apps and services, and optimize the functional experience of our apps and services, you agree and consent to CICC and a partner SDKs (Appendix IV: Partner SDKs) collecting and using the information you actively provide or authorize to provide when registering and using our apps and services as well as the personal information generated during your use of our apps and services in accordance with the following purposes and methods:

1.1 Registration, Login, Authentication

1.1.1 Registration and Login

a. When you register and log in to our apps and services, you need to create an account using the necessary information, and you can complete the relevant online identification information(name, email, work information, password, etc.). The information is collected to help you complete your registration to use our apps and services. If you refuse to provide the information for registration and login, we may not be able to offer you the service you seek from us.

b. When logging in to this service, you need to provide your mobile phone number and password. Additionally, you may use verification methods such as fingerprints, facial recognition, and SMS verification codes to confirm your identity. To provide a more secure and convenient login experience, if your device and the FICC APP version both support fingerprint or face recognition functions, you can choose to enable it in FICC APP and sign in by completing fingerprint or face verification on your device. It is important to note that we only receive the verification results and do not collect your fingerprint or facial information. If you prefer not to use fingerprints or facial recognition, you can still log in using other methods.

c. Please be aware that our apps and services are intended for qualified institutional investors

In order to provide you with better services, please contact your sales representative in time when your company information, department, email address, phone number and job title change, and we will keep your information in our system up to date. You and/or the company you work for shall bear the legal consequences, risks and responsibilities arising from the failure to notify us of the foregoing matters.

1.1.2 Authentication

When you use the functions or related services in the App that require identity authentication, you may need to provide your real identity information (real name, phone number, company email, company information, department, job title, business card, etc.) to ensure that you are able to use the identity authentication functions. Meanwhile, in order to verify the accuracy and completeness of such information, CICC may check the information you provide with the institutions (government agencies, institutions, and commercial institutions) that legally possess your information. You can refuse to provide such information. If you refuse to provide such information, you may not be able to obtain access to related services, but it will not affect your use of our other services.

1.2 Notification

1.2.1 You know and agree that for your contact information (such as phone number, email address) provided by you during the use of our apps and services, we may send multiple notifications to one or more of these contact addresses during service operation, including activity reminders, identity verification, security verification, user experience research and other notifications. You can refuse to provide your contact information. If you refuse to provide your contact information, you may not be able to obtain access to related services, but it will not affect your use of our other services.

1.2.2 You can freely choose whether to participate in the marketing activities or events held by us. If you choose to participate, you may be required to provide your name, address and other contact information according to the needs of the activity or event. This information is necessary for you to receive event gifts (if applicable). You can refuse to provide such information but we will not be able to deliver the event gift to you.

1.3 News and Audio-visual Content

In order to access audio and video resources including live streaming, etc., you may need to enable the multimedia functions of your device and change your audio and video settings. If you refuse to authorize the required permissions, it will not affect your use of our other services.

In order to provide you with the Zoom meeting feature embedded in the App, Bluetooth permission is required so that you can use your Bluetooth device as a sound player, and microphone permission is also required so that you can speak in the meeting. If you refuse to authorize the required permissions, it will not affect your use of our other services.

In order to provide you with continuous video playback services, we need to upgrade the App to a foreground service to prevent the App from being killed by the system, thereby providing continuous video playback. If you refuse to authorize the required permissions, it will not affect your use of our other services.

1.4 Copy and Share

In order for you to copy and share information, we need to access your clipboard and read the text, links and other content contained within so as to realize functions or services such as page-jumping or switching, copying, and sharing. If you refuse to authorize the required permissions, it will not affect your use of our other services.

When you share information, we need to check the Apps installed on your phone to share the information with the Apps you want to share. If you refuse to authorize the required permissions, it will not affect your use of our other services.

1.5 Feedback

1.5.1 During the use of our apps and services, you can give your feedback on the problems encountered and service experience in order to help us better understand your experience and needs when using our products or services. While helping you solve problems that you encountered during your use of our apps and services, this will help us improve our products and services as well, so we will collect your contact information, feedback questions or suggestions, your correspondence/call records with us and other related content (including account information, the information you provide to prove relevant facts, or other contact information you have submitted or provided to us), so that we can further get in touch with you and keep you up to date about your feedback processing.

1.5.2 For some of our apps and services, when you use the feedback function, if you want to send pictures, you need to authorize permissions to access the photo library and the camera to take pictures. If you refuse to authorize the required permissions, it will not affect your use of our other services.

1.6 Event Reminder

In order for us to remind you of live-streaming events or for you to participate in relevant activities, you need to authorize the calendar permission to so that the event information will be added into the calendar function on your device. If you refuse to authorize the required permissions, it will not affect your use of our other services.

1.7 Browse History

In order to provide you with personalized and accurate services to improve your experience in using our products and services, we will collect your browsing, searching and forwarding records and conduct reasonable analysis based on your information. You can refuse to provide such information. If you refuse to provide such information, you may not be able to get access to related services, but it will not affect your use of our other services. At the same time you can send a request to check your personal browsing, searching and forwarding records by email to FICC_APP_SERVICE@cicc.com. In general, we will verify and process the request within 15 working days after receiving it. The feedback will also be sent by email.

1.8 Teleconference

For some of our apps and services, phone call access is required in order for us to allow you to contact a customer manager or attend a teleconference. If you refuse to authorize the required permissions, it will not affect your use of our other services.

1.9 Push Notifications

For some of our apps and services, when you want to receive the push notifications sent to you by CICC in a timely manner, you need to enable the notification function, and for Android users, you also need to authorize the permission to start-up launching, notification management and vibration control. If you refuse to authorize the required permissions, it will not affect your use of our other services.

1.10 Changes in the Purpose of Collecting, Using, Disclosing and/or Processing Personal Information

Please be aware that with the development of our business, there may be adjustments and changes to the functions and services provided by CICC. In principle, when the new functions or services are related to the functions or services we currently provide, the personal information collected and used will be directly or reasonably related to the original purposes. In scenarios that personal information is collected, used, disclosed and/or processed for new purposes which are not directly or reasonably related to the original purposes, we will inform you of such change in reasonable ways such as by page prompts and other interactive processes, and obtain your consent for such changes in accordance with the requirements of relevant laws and regulations.

1.11 Safe Operation

1.11.1 Operation and Security

We are committed to providing you with safe and reliable products and experiences, and it is our core goal to present you with high-quality and reliable services and information. In order to maintain the smooth operation of our services and protect the legitimate rights and interests of you or other users or the general public from loss, we will collect the necessary information set out at 1.11.2 below to maintain the safe and stable operation of our products or services.

1.11.2 Device and Log Information

• a. In order to ensure the safe operation, quality and efficiency of our software and services, we will collect the following information from you: hardware model, operating system version, device identifiers (such as IMEI, AndroidID, OAID, IMSI, ICCID, GAID, MEID, different identifiers will vary in terms of validity period, whether they can be reset by the user, and how to obtain them), software installation list, MAC address, IP address, WLAN access (eg. SSID, BSSID), base station, software version number, network access method, type, status, network quality data, operation, usage, service log, computer system (Windows or Mac), browser and version, screen resolution.
• b. For some of our apps and services, in order to prevent malwares and ensure operational quality and efficiency, we will collect installed application information or information of the running process, overall application operation, usage and frequency, application crashes, overall installation usage, performance data and application sources.
• c. We may use your account information, device information, service log information, and information provided by our associated parties and partners with your authorization or in accordance with the law to check account and transaction security, perform identity verification, and identify violations of laws and regulations, detect and prevent security incidents, and take necessary recording, analysis, and handling measures in line with the law.

1.12 Others

For some of our apps and services, if you want to keep the screen on when using an App, you need to authorize permission to prevent the device from sleeping. If you refuse to authorize the required permissions, it will not affect your use of our other services.

In order to provide you with stable network connection and continuous services, you need to authorize permission to network functions, complete network access, network links, network link changes, WLAN status, and WLAN status changes.

2. How We Use Cookies and Similar Technologies

2.1 We use operating system APIs, Cookies and other similar technologies to give you better experience of using our apps and services. When you use such apps and services, we may use related technologies to send one or more Cookies or anonymous identifiers to your device to collect and store the data when you visit and use such apps and services. We promise not to use Cookies for any purpose other than those described in this Privacy Policy. We use Cookies and similar technologies mainly to achieve the following functions or services:

• a. To make sure the safe and efficient operation of products and services: We may set Cookies or anonymous identifiers for authentication and security, so that we can confirm whether you are safely logging in to the service, or whether you have encountered account theft, fraud or other illegal activities. These technologies will also help us improve service efficiency and shorten the time for login and App response.
• b. To make sure you have an easier visit experience: Using such technologies could streamline the repetitive operations such as filling in your personal information and logging in repeatedly.

3. How We Disclose Personal Information to the Public

3.1 Principles

3.1.1 Principle of legality: During cooperation with our partner, data usage activities must have a legitimate purpose and comply with the legal basis of law. If the use of information by the partner no longer conforms to the principle of legality, it should stop using your personal information, or use it after obtaining the corresponding legal approval.

3.1.2 The principle of legitimacy and necessity: The use of data must have a legitimate purpose and should only be necessary to achieve the purpose.

3.1.3 The principle of security and prudence: If required by applicable laws, we will carefully evaluate the purpose of data usage by our partners, and will use commercially reasonable efforts to conduct a comprehensive assessment of the security assurance of these partners as well as require them to follow the legal agreement of cooperation. If required by applicable laws, we will also use commercially reasonable efforts to conduct security monitoring on the Software Development Kits (“SDKs”) and Application Programming Interfaces (“APIs”) used by our partners to obtain information so as to ensure data security. For more information about SDKs, please refer to Appendix IV: PartnerSDKs.

In this Section 3, “third parties” include our associated parties, cooperative financial institutions and other partners, and the term “third party” shall be construed accordingly.

3.2 Sharing

We promise to keep your personal information strictly confidential. Unless otherwise stipulated by laws, regulations and regulatory authorities, we do not share your personal information with third parties except a partner SDKs.

• (1) In accordance with applicable laws and regulations and by following the effective legal documents of the court or mandatory administrative or judicial requirements as well as other legal procedures, customer information will be disclosed to the relevant government agencies, judicial agencies, regulatory agencies, self-regulatory organizations, or any institution or individual who needs to receive customer information as required by the aforementioned institutions or applicable laws and regulations.
• (2) To the extent permitted by applicable laws, regulations and regulatory provisions, the personal information will be necessarily disclosed in order to safeguard social and public interests, or to protect personal and property safety or legitimate interests and rights of CICC and customers of CICC, or its associated parties, partners, other users or employees.
• (3) To the extent permitted by applicable laws, regulations and regulatory provisions, the personal information will be necessarily disclosed for security concerns, fraud monitoring, prevention or prohibition of illegal activities, risk control, compliance and business management.
• (4) Some products or services may be provided by third parties or jointly provided by us and third parties. We will clearly inform you in advance and obtain your consent in accordance with the requirements of applicable laws and regulations, as necessary if it is necessary to share your information to provide the products or services you need.
• (5) If you choose to participate in the marketing activities jointly carried out by us and third parties, we may share with them the information generated during the activity and the information necessary to complete the event, so that the third party can deliver gifts to you or provide you with services in a timely manner. We will clearly inform you on the activity page or through other channels of the information required by third parties and obtain your consent in accordance with the requirements of applicable laws and regulations.
• (6) With your explicit consent in advance, we will share your information with third parties to the extent permitted by applicable laws and regulations and without violating public order and social norms.

3.3 Data Used for Realizing Functions or Services

a. Location Services: When you use location-related services, location service providers (e.g. Sensors Data, Aurora Mobile) may use your GPS and device information through SDKs or related technologies so as to give you location-based results. Location data are sensitive personal information, and refusal to provide it will only affect the Location Services, but will not affect the normal access of other functions.

b. Push Notifications: For some of our apps and services, in order to adapt the message push function to your devices, manufacturers (Huawei, Xiaomi, OPPO, VIVO, etc.) may require your device model, version and related device information through SDKs and other technologies.

3.4 Transfer

As our business continues to develop, we may carry out mergers, acquisitions, and asset transfers, and your personal information may be transferred as well. In the event of the aforementioned changes, we will continue to protect or require the new receiving party of personal information to continue to protect your personal information in accordance with laws and regulations and the security standards not lower than that required by this Privacy Policy, otherwise we will require the new receiving party to re-obtain your authorization for your personal information access permission.

3.5 Global Transfer of Personal Information

In principle, the personal information collected and generated by CICC within China will be stored in China, the People’s Republic of China and/or the Hong Kong Special Administrative Region of the People's Republic of China

CICC may provide products or services through resources and servers across the globe, which means that after obtaining your authorization and consent, your personal information may be transferred outside the jurisdictions of the country/region where you use the products or services, or subject to access from those jurisdictions.

Such jurisdiction areas may have different data protection laws or even no relevant laws. CICC will ensure that your personal information is adequately and equally protected in accordance with applicable data protection laws.

3.6 Public Disclosure

We will not disclose your information unless required by national laws and regulations or we have obtained your consent to do so. If it is necessary to disclose your information, we will adopt appropriate security protection measures when disclosing your personal information.

3.7 Entrusted Circumstances

You agree and consent to us entrusting the processing of your personal information to third parties. For cases where the processing of personal information is entrusted, we will sign relevant agreements with the entrusted partners in accordance with the law.

4. How we store personal information

4.1 Location

In accordance with the provisions of laws and regulations, your personal information collected and generated during domestic operations will be stored in China, the People’s Republic of China and/or the Hong Kong Special Administrative Region of the People’s Republic of China

4.2 Storage Period

4.2.1 When you are using our apps and services, we will continue to store your personal information, and the storage period will not exceed the period necessary to provide you with our services. If we stop providing our apps and services, and if we no longer require your personal information for any legal or business purpose, we will delete or anonymize your personal information in accordance with applicable laws. After you stop using our apps and services or cancel the authorization for relevant permissions, we will delete or anonymize your information, except in the following cases:

a. Comply with the requirements of applicable laws, regulations and regulatory provisions on information storage.

b. Reasonable extension of the storage period that is required for financial, auditing, dispute resolution and other business or legal reasons.

4.2.2 If you are an authorized corporate user, we will handle the data controlled by the corporation according to the customer’s instructions. If you have questions about the relevant content or claim related personal information interests and rights, please contact the customer or the corporate customer administrator for more details.

5. How We Ensure Personal Information Security

5.1 We take security of your personal information very seriously. We have established a data security system and implemented reasonable technical security measures to prevent unauthorized access to and modification of your personal information so as to protect personal information from misuse or accidental, unlawful or unauthorised damage, loss, alteration, disclosure, acquisition or access. Our network services employ encryption technologies such as transport layer security protocols to ensure security of your data during network transmission. CICC will take appropriate technical measures to ensure that you can access, update and correct the reserved information or other personal information you have provided when using CICC’s services.

5.2 We use strict data processing access controls to prevent unauthorized use of data. We employ encryption technology, which is widely used in the industry, to store your personal information encrypted and isolated by data isolation technology.These technical measures and organizational management methods are always implemented and may be revised from time to time to improve the overall security of the system.

5.3 Although the above reasonable and effective measures have been taken and the standards required by the relevant legal provisions have been complied with, please understand that due to the limitations of technology and the possibility of various malicious means, it is not always possible to guarantee 100% information security, even with all efforts to strengthen security, but we will do our best to ensure the security of personal information provided to us. Please be aware and understand that the systems and communication networks you use to access our services may experience problems due to factors beyond our control. Therefore, we strongly recommend that you take proactive measures to protect your personal information, including but not limited to using complex passwords, changing your password regularly, and not disclosing your account password and other personal information to others. If you find that your personal information has been compromised, especially your account number and password, please contact us immediately through the contact information set out in this Privacy Policy so that we can take appropriate counter measures.

5.4 In the event of an incident that jeopardizes cyber security, we will take appropriate measures in a timely manner in accordance with the cyber security contingency plan.

5.5 After we encountered a personal information security incident in which your personal information is unfortunately leaked, illegally provided or misused, we will inform you in a timely manner if required by applicable laws and regulations: the incident situation and the possible impact, the response measures we have taken or will take, the suggestions for you to independently prevent and reduce the risk, the fix plan for you, etc. In such situation, we will inform you of the incident-related situation through notification, and if it is difficult to inform the related parties one by one, we will take a reasonable and effective approach to publish an announcement on such matter. At the same time, we will also report the result of personal information security incidents in accordance with the requirements of the regulatory authorities.

5.6 Once you browse or use other websites, services and content resources, we will not have the ability and direct obligation to protect any personal information you submit in the course of using third party products, whether or not your login, browsing or use of the above-mentioned software or website is based on a link or portal contained in our apps and services. When you visit web pages created by third parties or use applications developed by third parties, those third parties may place their own Cookies or pixel tags that are not controlled by CICC and not governed by this Privacy Policy. Please contact them directly for details of their privacy policies. If you find that these third-party-created web pages or third-party-developed applications have potential risks, it is strongly recommended that you terminate the relevant operations to protect your legitimate rights and interests.

6. Manage Your Personal Information

We take the management of your personal information very seriously and make every effort to protect your rights to access, copy, modify, delete, withdraw consent authorization, and cancel your account with respect to your personal information so that you are able to safeguard your privacy and information.

6.1 View Privacy Policy

You can view the entire contents of this Privacy Policy on the App after logging in to your account. Please be aware that the features of the service described in this Privacy Policy may vary depending on your account privileges, device model, system version, software application version, among other factors. The final products and services are subject to the software and related services you use.

6.2 Change or Withdraw Your Authorization

6.2.1 You can turn off the relevant permission in the device's own settings, in order to change or withdraw your authorization. If you withdraw your authorization, we will no longer collect information related to this permission.

6.2.2 After you start using the products and services in CICC, you may withdraw your authorization in those products and services. At the same time you can send a request to withdraw your consent to the Privacy Policy by email to FICC_APP_SERVICE@cicc.com. In general, we will verify and process the request within 15 working days after receiving it. The feedback will also be sent by email.

6.2.3 Specific functions and services will require your information in order to be completed. When you withdraw your consent or authorization, we will no longer be able to provide you with the functions and services for which you have withdrawn your consent or authorization and will no longer process your personal data accordingly. However, your decision to withdraw your consent or authorization will not affect the processing of your personal data that we have previously carried out on the basis of your authorization.

6.3 Check and Correct Your Account Information

You can check and change your name and work information directly in the App.

Please note that for security and identification concerns, you may not be able to change some of the initial registration information submitted during registration on your own. If you do need to change such registration information, please contact us through the methods in the contact details in this Privacy Policy.

6.4 Check, Correct and Delete other Information

You can adjust the service in line with your needs and the specific products and features we offer in the corresponding function page (e.g. you can cancel a booking reminder in the “Live Streaming – Booking”).

6.5 Account Cancellation

6.5.1 You can cancel a registered account by sending an account cancellation request to FICC_APP_SERVICE@cicc.com. The information which you used to register the account which you wish to now cancel should be provided in the email. In general, we will verify and process the request within 15 working days after receiving it. The feedback will also be sent by email.

6.5.2 Before cancelling your account, we may ask you to verify your identity in order to protect your account. Please be aware and understand that the act of account cancellation is irreversible, and after your account is canceled, we will delete or anonymize your information, except as otherwise required by laws and regulations or as otherwise asked by the customer regarding the data use. When you delete information from the services of CICC, CICC may not immediately delete the corresponding information in the backup system, but will delete the information when the backup is updated.

6.6 Discontinuation of Operation and Announcement

If we discontinue the operation of our apps and services, we will promptly stop collecting your personal information, inform you of the operation offline by individual notification or announcement, and delete or anonymize your personal information which we possess.

In addition to the above, if you or other entitled subjects have any claims, requests or questions regarding the exercise of personal information rights granted by relevant laws and regulations, you may contact us by sending an email to the address stated in this Privacy Policy, and we will review the issues involved as soon as possible.

7. Underage Users Clause

7.1 If you are a minor under 18, you should jointly read and agree to this Privacy Policy under the supervision and guidance of your parents or other guardian before using this application.

7.2 In cases where personal information of minors is collected with parental consent, CICC will only use or publicly disclose the information as permitted by law, with the explicit consent of their parents or guardians, and in accordance with the other terms set out under this Privacy Policy.

7.3 If CICC finds out that the personal information is collected from minors without prior verifiable parental consent, we will seek to delete the relevant data as soon as possible.

7.4 If you are the guardian of a minor, please contact us through the contact information in this Privacy Policy if you have questions about the personal information of the underage user in your custody.

8. Notice on Privacy Policy Revisions

This Privacy Policy may be revised from time to time by CICC based on changes in business functions, usage rules, contact information, storage location, or legal and regulatory requirements. If there’s any change to this Privacy Policy, CICC will notify you by means of a push notification or issue an announcement in the App or webpage (as the case may be). If you do not agree with the changes, you may stop using the relevant services. If you continue to use the CICC services after the revision of this Privacy Policy is made, it is taken that you have fully read, understood and accepted the revised Privacy Policy and are willing to be bound by the revised Privacy Policy.

9. Contact Us

If you have any questions about this Privacy Policy, or any related complaints or comments, please send an email to FICC_APP_SERVICE@cicc.com . After receiving your email, we will handle them timely and properly. Generally, we will send you our reply within 15 working days.