Dear customers: We have updated the E-banking Privacy Policy of Postal Savings Bank of China. The revision made in this version focuses primarily on the “How We Collect and Use Your Personal Information” section and the “How We Store and Protect Your Personal Information” sections.

Released on: December 15, 2023

Effective on: December 15, 2023

Postal Savings Bank of China Co., Ltd. (hereinafter referred to as “PSBC”, “we”, “us” or “our”) is well aware of the importance of personal information to you, and hence will use great efforts to protect the security of your personal information. We are committed to maintaining your trust in us and protecting your personal information by adhering to the following principles: accountability, purpose limitation, consent, data minimization, security, and transparency. We also undertake to take appropriate security measures to protect your personal information in accordance with laws.

Please read and confirm the E-banking Privacy Policy of Postal Savings Bank of China (hereinafter referred to as this “Policy”) carefully. This Policy contains general privacy practices adopted by all electronic channels of Postal Savings Bank of China, including our mobile banking, personal online banking and WeChat banking systems, and is applicable to all products and services available through such electronic channels. When it comes to a specific product (or service), we will expressly inform you of the information we will collect and use about you, and for what purpose and in what way they will be collected and used through the relevant product (or service) agreement, letter of authorization or otherwise, in order to obtain your authorization or consent to such collection and use. The said documents shall, together with this Policy, constitute the entire privacy policy between PSBC and you, and in case of any inconsistency between this Policy and relevant product (or service) agreement or letter of authorization, the latter shall prevail. In order to better protect your personal information, you are suggested to read the updated Policy in its entirety, and you are kindly requested to pay special attention to the content highlighted in bold in this Policy. Immediately after you give explicit consent to this Policy (by clicking or checking “Agree”) and confirm the submission, you will be deemed to have agreed to this Policy and agreed that we will collect, use, store and share relevant information about you in accordance with this Policy.

This Policy will help you understand:

I. How We Collect and Use Your Personal Information

II. How We Use Cookies

III. How We Store and Protect Your Personal Information

IV. How We Share, Transfer Control of and Publicly Disclose Your Personal Information

V. How to Manage Your Personal Information

VI. Protection of Personal Information of Minors

VII. How this Policy is Updated

VIII. How to Contact Us

I. How We Collect and Use Your Personal Information

Personal information refers to all kinds of information relating to an identified or identifiable natural person recorded electronically or otherwise, excluding information that has been anonymized. Personal information includes name, date of birth, ID number, personal biometric information, correspondence address and contact information, place of residence, account information, property information, whereabouts, communication records and content, account password, credit information, accommodation information, health and physiological information, and transaction information. Any personal information that, once leaked or illegally used, may easily result in an infringement of the personal dignity of a natural person or damage to personal or property safety, shall be sensitive personal information, which includes biometric information, religious beliefs, specific identities, medical health, financial accounts and whereabouts, and the personal information of minors (individuals under the age of fourteen).

i. How we collect your personal information

In order to provide services to you and ensure the security of any account you create in the e-banking system of Postal Savings Bank of China (hereinafter referred to as “e-banking”, including mobile banking, personal online banking and WeChat banking), when you use e-banking services, the e-banking system will collect the information you input voluntarily during your use of the services or generated as a result of your use of the services. You may need to provide us with, or authorize us to collect, such personal information as is necessary to provide the relevant services. If you refuse to provide such information, you may not be able to use the relevant functions or services.

Please note: If you submit any personal information relating to other people, you should make sure that you have obtained the authorization or consent of the person whose personal information you are submitting. Where facial information (which is sensitive personal information) is requested for a service, we will separately display to you a Letter of Authorization for Users of the Personal E-banking Face Verification Service of Postal Savings Bank of China, and obtain your consent (you give your consent by checking “Agree”) before using the information. Such consent is specific to the identity verification service for which such consent is requested, i.e., separate consent is required for your use of any other face verification services or for any subsequent use of the same function or service. If any other sensitive personal information is involved in a service, we will inform you of the necessity and impact of processing the sensitive personal information, and obtain your separate consent in compliance with laws.

1. Personal information you choose to provide in connection with key business functions and/or services we offer to you

1.1 Account management services

(1) To register to be a PSBC user without binding a card, you need to provide your mobile phone number, and we will verify whether your identity is valid by sending a SMS verification code. According to laws, regulations and regulatory requirements, when you register for e-banking with a PSBC card, we will collect your ID card information, bank card number and login password, and verify your bank card password; and we will collect your facial information for identity authentication purpose and store your facial information after obtaining your explicit consent separately. If you are a registered e-banking customer of PSBC, you may directly login to our e-banking system using your mobile phone number/user name/ID information and login password registered for e-banking. We will collect and verify the login information you provide, and may request permissions on your phone for the sake of transaction security. If you refuse to provide such information, you will not be able to register for e-banking or use our services in a normal way.

(2) To make it safer and more convenient for you to log in to our mobile banking app, provided that your device and our mobile banking app both have Touch ID (fingerprint recognition) or Face ID (face recognition) feature, you may enable the Touch ID (fingerprint recognition) or Face ID (face recognition) login feature and log in by completing Touch ID (fingerprint) or Face ID (face) recognition on your device. We only receive the verification results and do not collect your Touch ID (fingerprint recognition) or Face ID (face recognition) information. You can enable or disable this feature on our mobile banking app at “Me > Settings > Security Center > Login Management > Touch ID/Face ID Login”. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(3) When you login to our mobile banking app through an authorized third party, we may obtain from such third party (WeChat, Alipay or Apple) your public profile picture and nickname information that you have permitted such third party to share with us, and may bind your account created with such third party to you as a user of our mobile banking app after you agree to this Policy, so that you may log in to our app and use our products or services through such third-party account. During the binding and login process, we will collect your facial information for identity authentication purpose and store such facial information after obtaining your explicit consent. Your mobile phone number will be collected during the binding process. You may remove the bound account on our mobile banking app at “Me > Settings > Security Center > Login Management”. When you login to our mobile banking through PSBC corporate banking app or PSBC credit card app, we may obtain and verify your mobile phone number and ID information for login to PSBC corporate banking app, and during the login process, we will collect your facial information for identity authentication purpose and store such facial information after obtaining your explicit consent. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions. You may log in using password, Touch ID (fingerprint recognition), Face ID (face recognition) or gesture password.

(4) If you want to reset your login password, we need to verify your identity information, including mobile phone number, name, ID type, ID number, card number, card password and face-scan authentication information, as well as (if you reset your login password through a video call with our customer service representative) to verify the local device authentication information tied to your mobile phone number. To change your login password and transaction password, we need to verify your original password, and SMS verification is also required for change of login password. When you reset your transaction password, we need to verify your mobile phone number, ID information and face-scan authentication information. We also need to verify the local device authentication information tied to your mobile phone number and the card password information if you reset your transaction password through a video call with our customer service representative. We will collect your facial information for identity authentication purpose and store such facial information after obtaining your explicit consent separately. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions. You may reset your password at a PSBC outlet by presenting your ID and any registered e-banking account.

(5) When you want to authenticate your e-banking account, we will collect your ID card information and bank card number, and verify your bank card password; and we will collect your facial information for identity authentication purpose and store such facial information after obtaining your explicit consent separately. If you refuse to provide such information, you will not be able to use the relevant functions or services.

(6) When you add a PSBC account in the e-banking system, we need to verify your identity information, including bank card number, card password, SMS information and face-scan authentication information. We will store your facial information after obtaining your explicit consent separately. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(7) When you open a Category II/III account without physical media through e-banking, for the purpose of providing such services, we will collect your name, gender, nationality, occupation, tax status, domicile or work address, mobile phone number, ID number, ID validity period, ID issuer, ID card photo (in case of opening a Category II account without physical media through Quick Registration - Link Other Bank’s Card), bound account information (account number, account type and institution with which the account is opened), uses of the account, geolocation (if access to location is allowed by you, we will be able to show you a nearby branch, and if access to location is denied, your use of the account opening function will not be affected, except for certain partial restrictions on applying for virtual theme cards in the region), IP address, and device MAC address. In order to verify your identity, ensure the security of your transactions, and provide convenient and high-quality services, we will collect your facial information to complete face verification after obtaining your explicit consent. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(8) When you bind a new card to a Category II/III account without physical media through e-banking, we will collect information about the bound account (account number, account type, institution with which the account is opened, and mobile phone number reserved with the account), in order to facilitate the verification of your account information and the use of the relevant services. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(9) You may modify or reset the password to a Category II/III account without physical media through e-banking, provided that when you modify your account password, we need to verify the original account password in order to ensure the security of the funds in your account; and when you reset your account password, we will collect your ID number in order to enable you to use the relevant services. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(10) When you make inquiries about the account opening progress concerning a Category II/III account without physical media through e-banking, we will collect your name, ID number and mobile phone number reserved with the account (Quick Registration - Account Opening Progress Inquiry), and may verify the validity of relevant information by verifying the transaction password (Open an Electronic Account - Account Opening Progress Inquiry). Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(11) When you use deposit-related business functions (such as account opening/withdrawal/account cancellation related to time deposits, and account opening/withdrawal/account cancellation/transfer related to large-denomination certificates of deposit) of our mobile banking or personal online banking system, we will retrieve and use your account number, account name, ID type and ID number retained in our system. When you use relevant feature to give a gift deposit e-receipt to others, we will, in addition to retrieving and using the above information, collect the name and mobile phone number of the recipient. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other functions.

(12) When you use the family account feature of our mobile banking app, we will collect your ID number, ID type, name, card number and mobile phone number. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(13) When you use features related to Flash Cards and Fat Tiger Cards available in our WeChat official account “PSBC Co-branded Cards” in our WeChat banking system, we will collect your card number, mobile phone number and the OpenID (OpenID is an identifier of ordinary users, and is unique to the developer account concerned. One OpenID relates to one WeChat official account) of such WeChat official account. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(14) When you use the Account Security Lock/Quick Pay Settings/Star Customer Inquiry features of our mobile banking, personal online banking or WeChat banking system, we will collect your card number, and if the page leads you to the H5 page of the UnionPay Cloud QuickPass app, your mobile phone number will also be collected. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(15) When you use the Transfer from Other Banks feature of our mobile banking system, we will collect your card number with such other bank, the bank that issues the card and your mobile phone number, and we will further retrieve and use your name, ID type and ID number retained in our system. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(16) When you use the discount details inquiry feature related to Easy Mix Cards in our personal online banking system, we will collect your card number. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(17) When you use the Card Replacement (Card Number Unchanged) feature of our mobile banking system, we will collect your card number, mobile phone number, customer name, ID type and ID number. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(18) When you use the personal pension account features of our mobile banking system, we will collect your customer name, ID type, ID number, mobile phone number and card number. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(19) When you use the relevant features of our mobile banking app to unfreeze your account, we will collect your name, ID type, ID number, mobile phone number and face-scan authentication information, and will verify your account password in order to authenticate your identity. We will collect and store your facial information after obtaining your explicit consent separately. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other account functions. You may unfreeze your account at a PSBC outlet by presenting your ID and other supporting documents.

(20) When you unfreeze your account through mobile banking, we will collect your identity information, including name, ID type, ID number, mobile phone number and face-scan authentication information, and will verify your account password in order to authenticate your identity. We will collect and store your facial information after obtaining your explicit consent separately. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other account functions. You may unfreeze your account at a PSBC outlet by presenting your ID and other supporting documents.

1.2 Transfer and remittance services

(1) When you use the Transfer to Bank Account, Transfer to Mobile Phone Number, Scheduled Transfer, Charity Donation or Batch Transfer features in our mobile banking or personal online banking system, you need to provide the payee’s mobile phone number and name, payee’s bank card number/account number, payee’s bank and transfer postscript, and you may also need to provide your name, account information, mobile phone number, ID type and ID number, in order to authenticate your identity and use the payment services of such features. We may also verify the transaction using transaction password, Touch ID (fingerprint recognition), Face ID (face recognition), SMS verification code, face verification or otherwise. During this process, we may collect your facial information for identity authentication purpose, and will store your facial information after obtaining your explicit consent separately, and we may also request access to your location for anti-fraud purposes. In addition, we will collect your relevant receipt and payment records to provide you with the inquiry and convenient transfer services. Detailed requirements are set out in the Personal E-banking Service Agreement of Postal Savings Bank of China, which you agree to sign when adding your bank card. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(2) When you use the scan-to-pay feature in our mobile banking system, you may need to provide your name, mobile phone number, ID type and ID number to authenticate your identity and use the payment services of such feature. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(3) When you use the Transfer to Mobile Phone Number feature of our mobile banking system, we will only obtain the contact information you select from your Contacts, and transmit the same in an encrypted manner to prevent malicious interception. If you refuse to provide such information, you may manually enter the contact information before proceeding to the next step, which will not affect your normal use of other e-banking functions.

(4) When you manage your payments through the e-banking app, such as enabling the Scan-to-Pay feature, we will verify your transaction password. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(5) To make it convenient for you to use the transfer services on our mobile banking app, provided that your device and our mobile banking app both have Touch ID (fingerprint recognition) or Face ID (face recognition) feature, you may enable Touch ID (fingerprint recognition) or Face ID (face recognition) Transfer. When you make a transfer using Touch ID (fingerprint recognition) or Face ID (face recognition), you need to complete Touch ID (fingerprint) or Face ID (face) recognition on your device. We only receive the verification results and do not collect your Touch ID (fingerprint recognition) or Face ID (face recognition) information. You can enable or disable this feature on our mobile banking app at “Me > Settings > Security Center > Transfer and Limit Management > Touch ID/Face ID Transfer”. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(6) When you use the International Remittance feature of our mobile banking or personal online banking system, we will collect your name, address, phone number, zip code, remittance account number, and the payee’s name, country, detailed address and account number (limited to PSBC international remittance only). We will also collect your relevant receipt and remittance records for your future inquiry. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(7) When you use the Transfer from Other Banks or Cash Pooling feature of our personal online banking system, we will retrieve and use your name, account number, ID type, ID number and mobile phone number retained in our system, and will collect the bank card number, account opening bank and mobile phone number of the payer/inquired party. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other functions.

(8) When you use the remittance and inquiry features in the PSBC Remittance and Exchange section (address-based remittance, remittance with password, remittance inquiry) of our mobile banking, personal online banking or WeChat banking system, we will collect your mobile phone number, name, exchange/payment password, zip code, address, account number and postscript. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(9) To make it convenient for you to use the transfer services on our mobile banking app, you may enable the Local Number Authentication feature, in which case, we will collect your local device number and transaction password. As a part of local number authentication, we will, upon your separate consent, send your mobile phone number bound to e-banking to the relevant telecommunications operator (China Mobile, China Unicom or China Telecom) to check whether your mobile phone number bound to e-banking matches the mobile phone number in your mobile device. You may enable or disable this feature on our mobile banking app at “Me > Settings > Security Center > Security Authentication > Local Number Authentication”. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of the e-banking transfer functions.

1.3 Loan services

(1) When you use loan-related services, we will expressly inform you of the purpose, method and extent of information that we will collect from you and use in the relevant product (or service) agreement, letter of authorization etc., and obtain your authorization or consent. We may also verify your identity through transaction password, SMS verification code, face verification or other means, and will, with your authorization, verify the same with the databases and entities that legally hold your information. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(2) When you use the loan application features, we may collect your IP address, MAC address, device ID, device model and operating system information to prevent fraud. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(3) In order to provide you with Internet-based loan pre-approval services, the credit-based farmer loan features on our mobile banking app will collect and use your personal identity and location information for the purpose of helping you find a nearby branch on the electronic map, and carrying out necessary review and verification activities as a part of the pre-approval process. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

1.4 Investment and wealth management services

(1) When you use the relevant features of our mobile banking or personal online banking system to sign up for a wealth management service, we will collect your name, gender, ID type, ID number, phone number, mobile phone number, zip code, address, nationality, date of birth, ID issuance date, ID expiry date, qualifications of overseas individuals, investor’s occupation and email address. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(2) When you use the features of our mobile banking or personal online banking system related to maintenance of investor information, we will collect information about your investor type, job title, asset status, investment experience, actual beneficiary of the transaction, whether there are bad records, and whether there is actual control. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(3) When you use the features of our mobile banking or personal online banking system related to risk rating questionnaire, we will collect your name, age, net asset value of your family, proportion of the net asset value of your family that can be used for financial investment, investment experience, investment risk, the length of time you have invested in venture capital products, investment attitude, investment preference, maximum investment period, investment purpose, and tolerance to investment fluctuations. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(4) When you use the features of our mobile banking or personal online banking system related to authentication of eligible investor, we will collect your name, investment experience, total financial assets of your family and financial liabilities. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(5) When you use the transaction functions related to wealth management business in our mobile banking or personal online banking system, we will collect your name, ID type, ID number, gender, nationality, occupation, ID expiry date, zip code, mail address, phone number, mobile phone number, email address and customer risk rating. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(6) When you use the transaction functions related to fund business in our mobile banking or personal online banking system, we will collect your name, ID type, ID number, ID expiry date, mail address, email address, zip code, investor occupation (primary category, secondary category and tertiary category), minor identifier, and tax information about non-resident customers. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(7) When you use insurance services through mobile banking or personal online banking, we will collect information about the policyholder and the insured (name, gender, date of birth, ID type, ID number, household registration type, marital status, mobile phone number, country/region, province, city/district/county, detailed address, zip code, occupation code, personal annual income, family annual income, educational background, customer risk rating, benefit category, and whether you are the insured), information about the beneficiary (relationship with the insured, name, gender, nationality, ID type, ID number, ID validity period (start date and expiry date), and date of birth) and information about the insurance. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(8) When you carry out asset management or trust-related transactions through our mobile banking or personal online banking system, we will collect your name, ID type, ID number, ID validity period, email address, mobile phone number, occupation, mail address and TA account number. If you are a minor, we must collect your agent’s name, ID type and ID number; and if you use a non-resident account, we need to collect information about your current country of residence, current address and country of tax residence. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(9) When you use precious metal services through mobile banking, personal online banking or WeChat banking, we will collect your name, ID type, ID number, gender, nationality, occupation, ID expiry date, employer, zip code, correspondence address, telephone number, mobile phone number, email address, customer risk rating, customer level and gold transaction code, and we may also request access to the Contacts of your mobile phone. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(10) When you are led to the page of a third party to receive your benefits using the VIP Privilege feature on our mobile banking app, we will collect your name, mobile phone number, phone number, ID type, ID number, consignee and delivery address through such third party. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(11) When you use the Wealth Health Check feature of our mobile banking app, we will retrieve and use your account number, information about the assets held and risk appetite information retained in our system. When you use the Add External Assets feature, we will, in addition to retrieving and using the said information, separately collect information about the primary category of your external assets. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

1.5 Daily services

(1) When you use Jisuxian Mall, Youle Mall or other related daily service features embedded in our e-banking system, you need to provide the consignee’s name, delivery address and mobile phone number on the order page, and besides that, the order will contain the order number, information about the goods or services you are purchasing, the amount you should pay, and the payment method. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions. We may collect your location information to provide services available at your location. Your refusal to provide such information will not affect your use of the said functions.

(2) When you use the Mobile Shopping District or other related daily service features embedded in our e-banking system, you need to provide the consignee’s name, delivery address and mobile phone number on the order page, and besides that, the order will contain the order number, information about the goods or services you are purchasing, the amount you should pay, and the payment method. We may collect your location information to provide services available at your location. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(3) When you book air tickets, train tickets, hotels, scenic spot tickets or movie tickets, you may also be required to provide your real-name information in accordance with national laws, regulations and regulatory requirements, or at the request of the service providers (including ticket sellers, hotels, travel agencies or their authorized agents, basic telecom operators and mobile resale operators). Such real-name information may include your identity information (e.g., a photocopy or the number of your ID card, military officer certificate, passport, driver’s license or other identity certificates), photo or video of you, and your name and phone number. The orders may contain your itinerary or hotel address information. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

All the information stated above constitutes your order information. We will use your order information to verify your identity, confirm the transaction, settle the payment, complete delivery, respond to your inquiries about your order, and provide business consulting and after-sales services; and we will also use your order information to determine whether there are any anomalies in your transactions so as to protect the security of your transactions.

(4) After you place an order in the Mobile Shopping District, you can choose to pay with a PSBC card or a card with other banks. When you place an order with an agriculture aid merchant in the Mobile Shopping District and provide your delivery address, the merchant will arrange delivery to the delivery address you provided through courier service. You hereby agree that the agricultural aid merchant in the Mobile Shopping District will use your order information to provide goods or services to you. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(5) When you use the Manage Agency Collection Contracts feature of our mobile banking or personal online banking system, we will collect your mobile phone number. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(6) When you use the UnionPay card-not-present payment feature of our personal online banking system, we will collect your mobile phone number. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(7) When you use the electronic social security card or medical insurance e-voucher features of our mobile banking system, we will collect your facial information, mobile phone number, customer name, ID type and ID number. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

1.6 E-CNY services

(1) If you use our e-CNY services, in accordance with the requirements of the People’s Bank of China on the control of e-CNY pilot areas, our mobile banking and WeChat banking systems need to collect your geolocation information when you submit your personal wallet whitelist information, and will use such information to determine whether you are in the pilot area. If you are in the pilot area, you can submit the whitelist information, otherwise you cannot submit the whitelist information. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(2) If you use our personal wallet services, in order to ensure that the transactions in your personal wallet are handled by you personally, your facial information or personal ID information will be collected and used by our mobile banking system when you sign up for e-CNY face-scan transaction, reset password to the personal e-CNY wallet module (identity-verified wallet), activate or close your wallet, or upgrade a category 4 wallet to category 2 wallet, for the purpose of verifying or authenticating your identity information. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(3) If you use our corporate digital wallet services, in order to make sure that you are willing to create a corporate wallet, your facial and voice information, ID information and employer’s certificate will be collected and used to create a wallet through the corporate digital wallet module of our mobile banking system, so that we may verify your identity and willingness to create such wallet. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(4) If you want to use our e-CNY collection products and services, as a part of the merchant due diligence process, the Youhuifu tool (merchant version) of our mobile banking system will collect and use your location and facial information when you register to become a merchant online and activate an e-CNY collection product or service, in order to record the business location of the merchant. Liveness detection will be performed when you sign the digital currency collection agreement, and the face photo taken during the detection will be used to form a part of the CFCA evidence chain; and if you are an existing merchant and want to quickly activate an e-CNY collection product, your facial information will be collected and used for liveness detection when you sign the digital currency collection agreement, and the face photo taken during the detection will be used to form a part of the CFCA evidence chain. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

1.7 Credit card services

(1) When you use credit card application services, we will collect your mobile phone number, SMS verification code and location information. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(2) When you use services related to credit card repayment or automatic repayment of credit cards, we will collect your name, ID type, ID card number, mobile phone number and bank card number to help us verify your identity, and we will also verify your payment password. Repayment cannot be completed until such verification is made successfully. When you make a repayment for others, you also need to provide the name of the cardholder and credit card number, and your payment password will be verified to complete repayment for others. When you make repayment with a debit card of another bank, you are also required to provide the number of the bank card in your name, the mobile phone number you registered with such other bank, and information about the bank that issues the bank card. Where SMS verification code is required during use of such functions, we may need to read the content of the SMS that contains the verification code to help you submit the verification code. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(3) If you want to use the Share and Get Rewarded service, we will collect your name, ID card number, mobile phone number and location information to better complete the referral. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(4) When you check your credit card application status, we will collect your name, ID card number and mobile phone number. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(5) When you inquire about your virtual card information, we will collect your ID card number, credit card number and credit card security code (CVV2). Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(6) When you activate a credit card, we will collect your name, ID type, ID card number, mobile phone number, credit card number and credit card security code (CVV2) to verify your identity and card information. At the step where SMS verification code is required, we may need to read the content of the SMS that contains the verification code to help you submit the verification code. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(7) When you apply for an add-on card, we will collect your name, ID card number, bank card number and mobile phone number. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

1.8 Other services

(1) When you use the e-banking messaging service, we will collect your mobile phone number, account information and transaction information to send you timely notifications regarding changes to your account balance and related transactions. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(2) When you use the search service provided by our e-banking system, we will collect your keyword search information to save you the trouble of inputting the words again during subsequent searches. You may delete such search history by yourself. The Keyword search information is not considered personal information unless it can be used to personally identify you. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(3) When you use our e-banking SMS service, we will collect your mobile phone number, account information and transaction information to send you timely notifications regarding changes to your account balance and other relevant matters; and we may share your account information and transaction information with our partners upon your explicit consent in order to send you timely notifications regarding changes to your account balance and other relevant matters. If you choose mobile SMS dynamic password as a security authentication tool, we will send a mobile SMS dynamic password to your registered mobile phone number for the verification of e-banking transactions. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(4) When you use the Make an Appointment for Commemorative Coins feature, we will collect your name, ID number and mobile phone number. This is necessary for the regulatory authority to check and verify the reservation information and notify you of the verification result via text messages. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(5) When you use the Make an Appointment for Cash Services feature, we will collect your name, ID number, mobile phone number and account number for which the appointment is made. This is necessary for our staff to confirm the appointment details with you. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(6) When you use the Document Verification and Inquiry feature, we will collect your deposit receipt/passbook printing number, account opening/transaction date, serial number and seal verification code for verification of the electronic seal on the document. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(7) If you want to bind a device, we will obtain your device information and will, depending on the way you choose to bind the device, authenticate your identity through face scan, mobile SMS, video call, local number, card password or binding code. If you choose face-scan authentication, we will collect your facial information for identity authentication purpose after obtaining your explicit consent. We will store your facial information after obtaining your explicit consent separately. You may also choose another way of binding your device. We may also need to obtain your mobile storage permissions in order to provide more stable services. If you refuse to provide the said information, we will not be able to provide such services to you.

(8) When you use the currency exchange (foreign exchange settlement and sale, foreign currency exchange) features of our mobile banking or personal online banking system, we will collect your name, ID number and account information. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(9) When you use the Cash/Exchange Conversion feature of our mobile banking or personal online banking system, we will collect your name, ID number and account information. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(10) When you use the fee-based business transaction features (such as signing and modification of agency collection/payment contracts, bill payment, batch agency payroll, and deposit payment suspension, etc.) of our mobile banking, personal online banking or WeChat banking system, we will collect your name, account number, ID type, ID number, phone number, address, license plate number, transaction amount and transaction postscript. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(11) When you download updates for apps using the Version Update feature prompted in a pop-up window of our mobile banking app, we may need to use your storage permissions. Your failure to grant such permissions or refusal to provide such information may affect your use of the said functions, but you are still able to update the app through an app market.

(12) When you use the screenshot sharing or voice broadcast/prompt features of our mobile banking app, we may need to use your storage permissions. If you do not grant such permissions or refuse to provide such information, we will not be able to provide such services to you.

(13) When you use the Print Account Statements feature, our mobile banking app will collect and use your name, account number and email address in order to send transaction history as you requested to your designated email address. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(14) When you use the Make an Appointment to Activate a Card feature, our mobile banking app will collect and use your name, ID type, ID number and mobile phone number. This is necessary to prepare for card activation and schedule an appointment at an outlet in advance, which improves our service efficiency. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(15) When you use the deposit certificate issuance feature, our mobile banking app will collect and use your name, ID number, account number, delivery address and mobile phone number. This is necessary for us to issue a written certificate for the personal funds you have deposited with a PSBC institution, which will be printed and mailed to you by our operation center. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(16) When you use the Digital Collectibles feature, we will collect your name, mobile phone number, ID type and ID number, to allow you to claim and view your collectibles. When you use the Save to Album and Show Off features of Digital Collectibles, we need to use your storage permissions. When you use the Remind Me to Get One feature of Digital Collectibles, we need to use your calendar permissions. Your failure to grant such permissions or refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

(17) When you use the card wallet design service in the Virtual Theme Card Zone, we will collect the account information and transaction information related to your virtual theme card, to allow you to use services such as theme image. If you do not want to use this service, you may disable the feature at “Virtual Theme Card Zone > Card Wallet Design > Disable Personalized Design”.

(18) When you want to bind WeChat banking services through mobile banking, we will collect and use your WeChat UnionID information (UnionID is used to identify WeChat users, and each single user has a unique UnionID under the same WeChat open platform account), in order to check and verify your WeChat information. Your refusal to provide such information will prevent you from using the said functions, but will not affect your normal use of other e-banking functions.

2. Personal information we collect and use when we provide products and/or services to you

To comply with laws and regulations, satisfy fundamental service requirements, protect the security of your account and system operation, and be more accurate in preventing telecom and Internet frauds, we may collect the information generated in your use of our services relevant to your account's risk assessment, proper service provision, system problem analysis, traffic calculation, and response to any abnormalities you report to us. Such information includes:

2.1 Log information

When you use the products and/or services provided by PSBC, we will automatically collect the details about your use of our services, and save such information as web logs and transaction logs. The web logs collect various information such as the language used, date and time of visit, requested web pages, operating system and software information, device MAC address, and login IP. The transaction logs record transaction details including the amount, date, time, currency, transaction card number, type, terminal, results, and certificate information. Your refusal to provide such information will not affect your normal use of other e-banking functions.

2.2 Device information

When you use our products and/or services, subject to your specific permissions during software installation and use, we may receive and record relevant information about your device, including device ID, device model, device MAC address, IP address, operating system and International Mobile Equipment Identity (IMEI). To prevent telecom fraud, we may collect your MAC address information in high-risk scenarios such as login and money transfer. Your refusal to provide such information will not affect your use of other PSBC e-banking services.

2.3 Location information

When you use our products and/or services, subject to your specific permissions during software installation and use, we will collect your location information pursuant to relevant laws and regulations. To prevent telecom fraud, we may collect your geolocation information in high-risk scenarios such as login and money transfer. Your refusal to provide such information will not affect your use of other PSBC e-banking services.

3. When you use the services provided by our apps, we may, in certain scenarios, provide services for you using software development kits (hereinafter referred to as “SDK”) offered by third-party service providers with appropriate business qualifications and capabilities. These providers collect necessary information from you. The specific information to be collected, the purpose and method of collection, and each SDK that involves the use of personal information are provided below:

(1) Face verification SDK: We use the face verification SDK provided by Tencent Cloud Computing (Beijing) Co., Ltd. (https://cloud.tencent.com/document/product/867/73149) to provide face verification service to you. When you bind a device, reset your password or authenticate your identity in e-CNY scenarios through face verification, the app will call the face verification SDK to perform liveness detection and recognition, collect face pictures, and verify user identity through online verification.

(2) OCR (Optical Character Recognition) SDK: We use the OCR SDK provided by Hanwang Technology Co., Ltd. (https://www.hw99.com/) to provide you with image/character recognition services. The SDK collects your ID card, bank card and driver’s license information, then uses OCR to identify your ID and read the content of the certificate.

(3) WeChat SDK: We use the WeChat SDK provided by Tencent Holdings Limited (https://www.tencent.com/zh-cn/privacy-policy.html) to provide you with login, money transfer and screenshot sharing services on our mobile banking app. The SDK collects your nickname and profile picture information, obtains personal information and authorized login through WeChat login, and enables sharing of pictures and links via WeChat.

(4) Xiaomi push SDK: We use the Xiaomi push SDK provided by Beijing Xiaomi Mobile Software Co., Ltd. (https://dev.mi.com/console/doc/detail?pId=1822) to push account balance changes, system messages or marketing messages to you. The app calls the message push SDK to generate push tokens. The SDK collects your device OAID, encrypted Android ID, information about apps using push services (app package name, version number and operating status), device-related information (device manufacturer, device model, device memory, operating system version, Xiaomi push SDK version, device registration location (country or region), SIM card operator name, and type of network being used), and notification bar settings (whether the notification bar is blocked, whether lock screen pop-up message is enabled, whether permission to produce sound is granted, whether permission to enable vibration is granted, and whether permission to enable app icon badges is granted).

(5) Huawei push SDK: We use the Huawei push SDK provided by Huawei Software Technology Co., Ltd. (https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides/sdk-data-security-0000001050042177) to push account balance changes, system messages or marketing messages to you. The app calls the message push SDK to generate push tokens. The SDK collects general information about your app (AppID, push service and HMS Core version number, Huawei push SDK version number, app version number, app package name), in-app device identifier (AAID, push token), device hardware information (device type, device model), basic system information (system type, system version), system settings (country code), Wi-Fi network information (Wi-Fi DHCP information), Wi-Fi information (BSSID), and the processes that are running.

(6) OPPO push SDK: We use the OPPO push SDK provided by Guangdong HeyTap Technology Co., Ltd. (https://open.oppomobile.com/new/developmentDoc/info?id=10288) to push account balance changes, system messages or marketing messages to you. The app calls the message push SDK to generate push tokens. The SDK uses information related to your device (IMEI or OAID, serial number, IMSI, user ID, Android ID, Google Advertising ID, mobile region settings, device model, mobile battery, version and language of mobile operating system), information about apps using push services (app package name and version number, operating status), push SDK version number, network-related information (IP or domain name connection results, type of network being used), message sending results, notification bar status (notification bar permissions, user clicks), lock screen status (whether the screen is locked, whether lock screen notifications are permitted), and the processes that are running.

(7) VIVO push SDK: We use the VIVO push SDK provided by Vivo Mobile Communications Co., Ltd. (https://dev.vivo.com.cn/documentCenter/doc/652#w1-12075822) to push account balance changes, system messages or marketing messages to you. The app calls the message push SDK to generate push tokens. The SDK collects your device and app information, including operating system version number, app information (including list of installed apps), device identifier (IMEI, ICCID, EMMCID/UFSID, oaid/vaid/aaid, SN code and IMSI, Android ID, mobile country code, and mobile network code for vivo Android device), MAC address, mobile operator, language used, system settings, device and app data, and push log information, in each case, in connection with your use of the vivo device and services.

(8) UnionPay Cloud QuickPass SDK: We use the UnionPay Cloud QuickPass SDK provided by China UnionPay Co., Ltd. (https://wallet.95516.com/s/wl/WebAPP/helpAgree/page/agreement/regPrivacy.html?cntryCode=86) to allow you to make payment in the Mobile Shopping District and use Youhuifu services. The app calls the UnionPay Cloud QuickPass SDK on the backend to complete the payment. The SDK does not ask for your personal information.

(9) Baidu Maps positioning SDK: We use the Baidu Maps positioning SDK provided by Beijing Baidu Netcom Science Technology Co., Ltd. (https://lbsyun.baidu.com/index.php?title=openprivacy) to provide location service to you at the daily service page or in connection with utilities payment, local services, gray release or display of region-specific splash ads. The SDK collects your latitude and longitude information, MAC information, storage information, SD card root directory, BSSID and Wi-Fi SSID. The app uses Baidu Maps to determine the user's location and obtain device information, such as the Android ID. It also requires sensor permissions for gravity, gyroscope, accelerometer and light sensor, as well as permissions to write data to the SD card for storage information.

(10) Device fingerprint SDK: We use the device fingerprint SDK provided by Elianda E-service (Beijing) Co., Ltd. (http://www.elianda.cn/) to help us check the security of your payment device and identify transaction fraud. The SDK may collect your device hardware information, network information (including operator, network type, MAC address, IP address), whether device is changed, version, software, device ID (including ANDROID_ID, IDFA, IDFV, IMEI, IMSI unique device identifier), time, and GPS location information. The app uses the device fingerprint SDK to monitor the safety of the device used for payment and prevents transaction fraud the risks. To prevent telecom fraud, we may collect your MAC address and Android ID information at a certain frequency when our mobile banking app is silent in the foreground or running in the background.

(11) UnionPay transit SDK: We use the UnionPay transit SDK provided by China UnionPay Co., Ltd. (https://open.unionpay.com/tjweb/api/detail?apiSvcId=3181&index=6) to provide you with transport expense payment services. The SDK collects your user ID, city, and longitude and latitude. By calling the UnionPay transit SDK, the app generates transit QR codes in transit scenarios.

(12) Video signing SDK: We use the video signing SDK provided by Egoo Networks Co., Ltd. (http://www.egoonet.com/) to provide you with loan contract online signing services. The SDK collects your name, ID card number and mobile phone number, to allow you to sign a loan contract on your mobile phone through video conversations.

(13) Sensors SDK: We use the Sensors Analytics SDK provided by Sensors Network Science and Technology (Beijing) Co., Ltd. (https://manual.sensorsdata.cn/sa/latest/tech_sdk_client_privacy_policy-87163323.html) to provide better services to you. The SDK collects user ID, location information (including longitude and latitude), app permissions, app version, information about app processes that are running, device ID (including IMEI, MAC address and unique device identifier (Android ID for Android, IDFV and IDFA for iOS)), method, type and status of network access (including whether through Wi-Fi, operator, network type), network IP and region information, device-related parameters (including device brand, model and manufacturer, and screen height, width and orientation), mobile system version, and in-app click records. Through this SDK, we analyze user characteristics and evaluate our functions in order to optimize app functions and products, recommend tailored content, and improve user experience. Where business requires, we may collect network IP information at a certain frequency when our mobile banking app is silent in the foreground or running in the background.

(14) iFLYTEK smart voice SDK: We use the smart voice SDK provided by iFLYTEK Co., Ltd. (https://www.xfyun.cn/doc/policy/privacy.html) to provide you with voice search, voice-based transfer and e-CNY services. The SDK collects your voice information and uses such information to support search functions, identify transfer information, and verify your willingness to create a corporate digital wallet.

(15) Alipay SDK: We use the Alipay SDK provided by Alipay (China) Network Technology Co., Ltd. (https://render.alipay.com/p/f/fd-jm7jym6r/alipay/multi-agreement.html) to allow you to log in to our mobile banking app with an Alipay account. The SDK collects your nickname, profile picture, IMSI, IP address, IMEI and mobile serial number to achieve single sign-on.

(16) Tencent TBS SDK: We use the PDF reader provided by Tencent Holdings Limited (https://www.tencent.com/zh-cn/privacy-policy.html) to provide you with summary information about fund products. Through the PDF reader, we obtain your device ID (including IMEI, IMSI, MAC address, unique device identifier) so that we can display the summary information about fund products directly in our mobile banking app for Android.

(17) Video SDK: We use the video SDK provided by Egoo Networks Co., Ltd. (http://www.egoonet.com/) to provide you with video call services. The SDK collects information such as your customer number, customer type and customer level, as well as details about your device, including the operating system, mobile phone model, and mobile banking app version. Additionally, it collects data about the menu you are visiting and your geolocation. This is used to provide better consultancy and transaction handling, and allows you to make screen recordings during a call.

(18) Index market SDK: We use the index market SDK of a professional investment research institution, GF Securities Co., Ltd. (https://zzkh.gf.com.cn/landingpage/index.html?channel=bdpz-kh-mr&gffrom=baidu&gffromno=wxpz1-anniu&scene=kaihu), to provide you with market or index information-related services and solutions. The SDK does not ask for your personal information.

(19) Local number authentication SDK: We use the local number authentication SDKs of telecom operators (China Mobile, China Unicom and China Telecom) to provide you with the Local Number Authentication feature. The SDKs are provided respectively by China Mobile (https://wap.cmpassport.com/resources/html/contract.html), China Unicom (https://opencloud.wostore.cn/authz/resource/html/disclaimer.html?fromsdk=true) and China Telecom (https://e.189.cn/sdk/agreement/detail.do?hidetop=true), which collect your local mobile phone number, network type, network IP address, operator type, mobile device type, mobile operating system, hardware manufacturer, Android ID and iOS BundleID, and use such information to verify mobile number consistency and control risks in the fund transfer, device binding, login password reset and transaction password reset scenarios.

(20) Digital customer service SDK: We use the digital customer service SDK provided by Beijing Baidu Netcom Science & Technology Co., Ltd. (https://home.baidu.com/) to provide digital customer service to you. The SDK collects your customer number, name, customer type, customer level, operating system, mobile phone number, mobile phone model, mobile banking app version, information about the menu you are visiting, date of birth, geolocation and login status information, in order to provide you with digital customer service, business consultancy, question suggestion, and intelligent Q&A services.

(21) Internet phone SDK: We use the Internet phone SDK provided by Egoo Networks Co., Ltd. (http://www.egoonet.com) to provide Internet phone service to you. The SDK collects your customer operating system, mobile phone number, mobile phone model, mobile banking app version, and information about the menu you are visiting, so as to enable you to contact us at 95580 hotline using an Internet phone, and get access to hotline services such as business consultancy, transaction handling, and complaints and suggestions.

(22) WeChat Work sharing SDK: We use the WeChat Work sharing SDK provided by Shenzhen Tencent Computer Systems Co., Ltd. (https://work.weixin.qq.com/nl/act/p/47eb57a00e9f4ad5) to enable you to share things from our mobile banking app to WeChat Work. The SDK allows you to share pictures and links via WeChat Work without asking for your personal information.

(23) mPaaS-supported wireless bodyguard SDK: We use a wireless bodyguard SDK to ensure the security and stability of our mobile banking app. The SDK is provided by Alibaba Group Holding Limited (https://render.alipay.com/p/c/180021120000000340/index.html?agreementId=AG01000579) and is used for security and risk control. It collects your network BSSID, MAC address, SSID, IMSI, Android ID, IP address, sensor list, hardware serial number, device system construction and location information, and asks for camera permissions.

(24) libcore.io.IoBridge library: We use the open-source libcore.io.IoBridge library of Google LLC (https://policies.google.cn/privacy) to improve the efficiency of network usage, which asks for your network IP information.

(25) OkHttp library: We use the open-source OkHttp library of Block (formerly Square, https://squareup.com/us/en/legal/general/ua) to improve the efficiency of network usage, which asks for your network IP information. For the sake of network stability, we may collect network IP information at a certain frequency when our mobile banking app is silent in the foreground or running in the background.

(26) org.chormium.net library: We use the open-source org.chormium.net library of Google LLC (https://policies.google.cn/privacy) to improve the efficiency of network usage, which asks for your network SSID information.

4. When you use the services on our app, to maintain safe and stable operation of the services and reduce transaction and financial risks, we will collect, among others, your device model, operating system, unique device identifier, PSBC app version number, IP address, method, type and status of network access, network quality data, information about the operation logs and service logs of PSBC app, geolocation information, and app list information. If you do not consent to our collection of such information, we may not be able to complete the risk control verification. As a result, you will not be able to use the functions or services until the risk control verification is completed. However, this will not affect your normal use of other functions or services of our app.

In order to be more accurate in preventing phishing websites, fraud and Trojan viruses, we may assess risks by getting to know some of your network usage habits and information regarding the software you frequently used, and may further record some URLs, apps or software that we deem may pose a risk. You can disable the location service on your mobile phone, so that we will cease to collect your location information. This will not affect your payment, but may affect our assessment result regarding whether it is safe.

5. To provide you with more targeted, personalized and convenient services, enhance service experience, improve service quality, or to prevent risks, subject to your separate consent, we will collect the information provided in your feedbacks, suggestions or complains, the information you provide to us in any questionnaires, as well as the type of e-banking functions or services you used, methods of use and operation information, and your personal information retained with the Bank. We will gather, sort and analyze such information, and provide you with appropriate services or products based on such information. If you do not want to receive any service information pushed by our mobile banking app, you may refuse to accept message notifications when you install the app for the first time, or disable the relevant notification function in the Notification Center of the mobile operating system.

6. When you use any services provided by a third party in our e-banking system, such third party may, through our e-banking system, obtain your public nickname and profile picture, as well as the unique identifier for single sign-on. Subject to your explicit consent to the third party’s collection of your geolocation information, we will grant the third party an interface to obtain terminal geolocation information, through which it can obtain your detailed location information; with your explicit consent, the third party may obtain your mobile phone number; if you provide any information to the third party voluntarily when you use the services provided by such third party, we will deem that you have permitted the third party to obtain such information; and matters concerning the collection and use of any information generated during your use of the services of such third party shall be agreed upon by you and such third party in accordance with laws. If you refuse to authorize the third party to collect, use or transmit the above information when it provides services to you, you may be denied access to the relevant services of the third party in our e-banking system, which, however, will not affect your use of other e-banking functions.

7. You may decide whether to authorize PSBC to collect and use your personal information in connection with the following features and functions:

(1) Camera (Android/IOS): This feature allows you to use services related to scan-to-pay, bank card recognition, ID card recognition, face-scan authentication, online customer service, remote account manager, e-CNY, utilities payment, cloud-based processing, scanning and credit card. Without your authorization, the above functions may not work properly.

(2) Photo album (picture library) (Android/IOS): This feature allows you to upload profile pictures, save e-receipts, scan QR codes, recognize bank cards and ID cards, use online customer service, get access to remote account manager, and share screenshots in our mobile banking and personal online banking systems. Without your authorization, the above functions may not work properly.

(3) Geolocation (Android/IOS): You may enable the location service to improve the accuracy of your location information when you want to find a nearby outlet, obtain merchant offers information, or use the daily service page or functions related to utilities payment, local services, gray release, display of region-specific splash ads, e-CNY, loan application and credit card. Without your authorization, the above functions may not work properly.

(4) Microphone and media volume control (Android/IOS): These features allow you to use the voice search, e-CNY, online customer service, remote account manager, and cloud-based business handling services on our mobile banking app. Without your authorization, the above functions may not work properly.

(5) Touch ID/Face ID (IOS): This feature allows you to log in, transfer funds and make payment via Touch ID/Face ID on our mobile banking app. Without your authorization, the above functions may not work properly.

(6) Calendar (Android/IOS): This feature allows you to use the calendar service on our mobile banking app. Without your authorization, the above functions may not work properly.

(7) Contacts (Android/IOS): This feature allows you to use services related to transfer to mobile phone number, SMS notification of remittance, and notification to recipient of money transferred. Without your authorization, the above functions may not work properly.

(8) QR code (Android): You can use public transportation services through a transit QR code. Without your authorization, the above functions may not work properly.

(9) NFC (Android/IOS): This feature allows you to use the POS transfer service. Without your authorization, the above functions may not work properly.

(10) Device information (Android/IOS): For anti-fraud purpose when you make a transaction through our mobile banking app, we will obtain your device identifier (IMEI) and status, Bluetooth, Android ID, IMSI and MEID information, and use such information to protect the transaction security when you log in, bind a device, make a payment or apply for a loan in our mobile banking app. Without your authorization, we will not read your device information.

(11) Storage space (Android): This feature is used to cache the graphic or text information generated during your use of our e-banking system in such scenarios as voice search, utilities payment, cloud-based business handling, scanning or credit card. Without your authorization, we will not read the content stored on your device.

(12) Clipboard (Android): This is used to identify any bank account number in the clipboard, and provide a quick jump function during money transfer. Our system will not save the content in your clipboard in the background. Without your authorization, the above functions may not work properly.

(13) Access app list (Android): This is used to ensure transaction security during your use of our loan services. Without your authorization, we will not read the content of the current app list.

(14) Control vibrator (Android): This is used for vibrotactile feedback when you type information through a secure keyboard in reader mode, or in connection with certain prompt messages in the large-font version. Without your authorization, the above functions may not work properly.

(15) GET_TASKs retrieve running apps (Android): This is used to check the security of the operating environment of our mobile banking app. Without your authorization, we will not read the content of the list of currently running apps.

(16) Sensor (gravity, gyroscope, accelerometer, light sensor) (Android/IOS): This is called at the daily service page of our mobile banking app to realize positioning and the Shake to Call out Shortcut Menu feature. Without your authorization, the above functions may not work properly.

(17) Write data to SD card (storage information) (Android): This is used for you to download app self-updates, save pictures, read a pdf document, long-press to save pictures, share screenshots and read photo album on our mobile banking app. Without your authorization, the above functions may not work properly.

During your use of the relevant e-banking system, in order for us to collect and use the information involved in the aforesaid functions, we may need you to grant us, on your device, the permissions to access your camera, photo album (picture library), geolocation (location information), microphone, Touch ID/Face ID, calendar, contacts, QR code, NFC, device identifier (IMEI) and status, Bluetooth, Android ID, IMSI, MEID, storage space, clipboard, access app list, control vibrator, GET_TASKs retrieve running apps, sensors, and write data to SD card. Please note that by granting these permissions, you authorize PSBC to collect and use the said information to implement the said functions. You can manage them at “Me > Settings > Privacy Management > Manage System Permissions.” If you revoke these permissions, we will cease to collect and use the relevant information from you, and will not be able to provide you with the above functions corresponding to these permissions. However, this will not affect your normal use of other functions or services of our mobile banking app.

8. Others

If we collect or use your personal information in any circumstances other than those stated above, we will fully explain to you the content, scope, purposes and uses of the relevant information to be collected and used, in order to seek your consent or authorization prior to such collection or use.

Please understand that the functions and services we offer to you are updated and developing constantly. If any function or service other than those described above collects your information, we will separately explain to you the content, scope and purpose of the information to be collected through page prompts, interactive processes, website announcements or otherwise, in order to obtain your consent to such collection.

ii. How we use your personal information

To comply with national laws, regulations and regulatory requirements, provide services to you and improve service quality, or to protect the security of your account and funds, we will use your information as described below:

1. We will use the personal information we collected about you in accordance with this Policy and for the purpose of implementing our services or functions.

2. Subject to your separate consent, we will use your information for other PSBC services or for marketing and promotional purpose, such as when we recommend products or services that may be of interest to you. If you do not want to receive the message notifications on the pages of our mobile banking app, you may refuse to accept message notifications when you install the app for the first time, or disable the relevant notification function in the Notification Center of the mobile operating system. We will send you information about marketing activities through text messages. If you do not want to receive such information, you may choose to opt-out by following our instructions.

3. To ensure service security, we will use your information for the purpose of identity verification, safety protection, fraud monitoring, prevention or prohibition of illegal activities, risk reduction, and for archive and backup purposes. In order to help us better understand the operation of our e-banking system, we may record information related to the operation of the e-banking system, such as the frequency of your use of the system, crash data, overall usage and performance data. We will not associate the information stored in our analytics software with any personally identifiable information you enter into our e-banking system.

4. We may report the information to competent authorities in accordance with laws, regulations or regulatory requirements.

5. We may invite you to participate in a customer survey on our services, products or functions. In order to provide you with better services, we may, subject to your separate consent, use your financial information for improvement of customer experience and service quality or for market research. For instance, we may send you information related to our products and services, customer experience, service quality improvement or market research through phone calls, text messages, emails, WeChat, mobile banking app, personal online banking system, corporate online banking system or other instant messaging tools. Your decision to grant or refuse such consent will not affect your normal use of other e-banking functions or services. To modify your consent, please contact us at 95580 (service hotline). Alternatively, you may opt-out or make adjustments through other methods specified by us.

6. If we intend to use your personal information for any purposes other than those specified herein, or beyond what is reasonably necessary, we will ask for your consent separately before doing so.

7. After PSBC anonymizes the information and data collected from you through technical measures to prevent identification of personal identity, we have the right to use directly any personal information collected without your consent, and has the right to analyze and make commercial use of the user database.

8. We will gather statistics on the usage of our services or functions, and may share such statistical information with the public or third parties to show the overall trend in the usage of our services or functions, provided that such statistical information does not contain any of your personally identifiable information.

9. Where stricter identity verification is required according to regulatory requirements, business rules or risk control requirements, we will use your ID photo filed with the regulators for face verification. If you do not agree to our use of such information, you may not be able to complete the business that requires stricter identity verification through face verification. However, this will not affect your use of other services provided by PSBC.

10. In order to determine the accuracy and completeness of the information you provide when you open a Category II/III account without physical media, we will check such information with the state agencies, financial institutions, enterprises or public institutions that legally hold your information. If we need to collect your information from such organizations as a part of the verification process, we will request the relevant organizations to disclose the sources from which they obtained such personal information, and will verify the legality of the sources of personal information in accordance with laws, regulations and regulatory requirements.

11. In order to provide you with more targeted, personalized and convenient services, we may display personalized products or ads and send targeted push notifications based on your identity information, transaction information and browsing information after anonymization and de-identification. You can disable Personalized Recommendation at “Me > Settings” of our mobile banking app, after which non-customized default content will be displayed. If you refuse to provide the above information, we will not be able to send you targeted push notifications. However, this will not affect your normal use of other mobile banking functions. We will also show you personalized menus and version services based on your characteristic tag. You may disable Intelligent Menu Recommendation through “Me > Settings” of our mobile banking app, after which, personalized content will be replaced with non-customized default content. To reactivate the Intelligent Menu Recommendation service again, you may use the same path. You can access non-personalized versions of our services by clicking the “+” and “Version Switch” button at the top of the mobile banking homepage.

12. To improve our services related to the opening of securities/futures accounts and confirmation of depository contracts, we will use the customer information we hold about you and your account opening information held by the securities/futures companies, which include ID type, ID number, name, futures capital account number, and futures capital account password, so as to verify whether the account is successfully opened.

13. In order to provide you with better securities trading services, we will use your mobile phone number, bank card account number, ID type and ID number for securities account opening and securities trading.

iii. Exceptions to the requirement for consent

According to relevant laws, regulations, regulatory requirements and national standards, we may collect or use your relevant personal information without seeking further consent from you:

1. Where it is necessary for the conclusion and performance of a contract to which you are a party, or it is necessary for exercising HR management pursuant to any labor regulations formulated under laws or any collective contract executed under laws;

2. Where it is necessary for the performance of any statutory duties or statutory obligations;

3. Where it is necessary for responding to public health emergencies, or for protecting your life, health or property safety in emergencies;

4. Where such personal information is processed to a reasonable extent in order to carry out news reporting, supervision by public opinions, etc. for the public interest;

5. Where such personal information has been disclosed by you voluntarily or has otherwise been legally made available to the public, and is processed by us to a reasonable extent in accordance with the Personal Information Protection Law; or

6. In any other circumstances specified by laws and administrative regulations where such collection or use is permitted.

II. How We Use Cookies and Similar Technologies

i. Cookies

To make the e-banking system work properly, we will place a small piece of data known as a cookie on your computer or mobile device. It is a small file containing a series of text and is stored on your computer, mobile phone or other devices when you login to a website or other Internet content. A cookie often consists of identifiers, site names, and some numbers and characters. We use encrypted cookie information to determine whether you have successfully logged in, so as to improve service quality and customer experience.

We will not use cookies for any purposes other than those stated herein. If you do not want information to be stored in cookies, you may manage or delete cookies based on your preferences. You may remove all cookies saved on your computer, and most web browsers have the feature to block cookies.

ii. Do Not Track

Many web browsers have the Do Not Track feature which can issue Do Not Track requests to websites. At present, major organizations for Internet standardization have not set policies relevant to how websites shall cope with such requests. But if Do Not Track is enabled in your browser, all websites of PSBC will respect your choice.

III. How We Store and Protect Your Personal Information

i. Storage

1. Any personal information we collect and generate within the territory of China will be stored by us within the territory of China in accordance with laws, regulations and regulatory requirements. When you use cross-border financial services, your personal information (such as customer name, remitter account number and remitter address in cross-border remittance service) may be transmitted to an overseas institution as part of the transaction information in order to process the transaction. In such case, your separate consent is required, and we will act in accordance with laws and inform you of the name and contact information of the overseas recipient, the purpose and method of processing, type of personal information transmitted, and the ways and procedures for you to exercise your legal rights against such overseas recipient. We will take effective measures to protect the security of your information, such as encrypted transmission.

2. We will only keep your personal information for as long as necessary for the purposes stated herein and within the period specified by laws, regulations and regulatory requirements. Any personal information that has been stored for longer than the specified time frame will be deleted or anonymized. Specifically:

Mobile phone number: We need to save your mobile phone number for so long as you need to use our e-banking services, so as to ensure that you can use the services properly. The relevant information will be deleted after your e-banking account is closed;

User profile picture: We will save your profile picture after it is set by you, which will be displayed at the login page and “Me” page;

Login area: After you log in, we will record information about the place of registration of the card you hold to ensure that you can officially use the services. Such information will be deleted when the app is uninstalled.

ii. Protection

1. We will take necessary measures to ensure the security of personal information pursuant to relevant laws and regulations, so as to prevent personal information against illegal access, alteration, transmission, loss, damage, processing or use in an accidental or unauthorized manner. We take various measures to safeguard your personal information, including encrypted storage and transmission, anonymization, and database locking.

2. We have put in place supporting management policies, internal control mechanisms and processes to ensure the security of your information. In particular, we provide strictly limited access to information, monitor access and processing behaviors, and require the relevant staff members to sign confidentiality agreements.

3. We will use our best efforts to ensure the security of any information you send to us, but please understand that it is impossible to guarantee that the information is 100% safe at all times due to technical limitations and the existence of a variety of malicious means in the Internet industry. Please be aware that the system and communication network you use to access our services may experience problems due to factors beyond our control. In the event of any personal information leakage or other security incidents, we will implement our emergency response plan to prevent the incident from escalating, and will promptly notify you of incident-related information through push notifications, text messages or phone calls.

4. The Internet environment is not 100% secure, and we will use our best efforts to ensure the security of any information you send to us. We will be held legally responsible for any harm caused to your lawful rights and interests resulting from unauthorized access, public disclosure, alteration, or destruction of information due to any damage to our physical, technical, or protective facilities. In the event of force majeure, we will be exempted from liability, in whole or in part, depending on the impact of the force majeure, unless otherwise specified by the law.

5. We have passed the national test and completed the registration related to the classified protection of cybersecurity.

IV. How We Share, Transfer Control of and Publicly Disclose Your Personal Information

i. Sharing

We will not share or transfer control of your personal information to any other company, organization or individual, except where:

1. Your separate and unambiguous consent has been obtained by us in advance;

2. Such information is shared with a partner as necessary for business needs, provided that we shall inform you of the name and contact information of the recipient of the shared personal information, the purpose and method of processing and the type of personal information shared, and obtain your separate consent. If sensitive personal information is involved, we will also inform you of the type of sensitive personal information, the identity of the data recipient, the necessity and impact on personal rights and interests, and will obtain your express consent separately. We will rigorously test the security of the application programming interface (API) and software development kit (SDK) used by such partner to obtain relevant information, and impose strict data protection measures on such partner to ensure that they process the personal information in compliance with the purposes specified by us, the service description, this Policy and any other relevant confidentiality and security measures. For instance, when you use our mobile banking app for Android, we will share your IP address, IMIE and mobile serial number with Alipay (China) Network Technology Co., Ltd. through Alipay SDK to achieve single sign-on; or

3. Such information is shared as specified by laws and regulations, or as mandatorily required by government authorities. For instance, when you use services related to electronic social security card or medical insurance e-voucher, your name, mobile phone number and identity information will be encrypted and shared with the Ministry of Human Resources and Social Security, Jinbaoxin Social Security Card Technology Co., Ltd. and the National Healthcare Security Administration for providing social security or medical insurance services. We will obtain your explicit consent using a separate pop-up window before sharing such information.

ii. Transfer of control

We will not transfer control of your personal information to any company, organization or individual, except where:

1. Your separate and unambiguous consent has been obtained by us in advance;

2. The control of your personal information is transferred as specified by laws and regulations, or as mandatorily required by government authorities; or

3. The control of your personal information is transferred in connection with a merger, acquisition, asset transfer or other similar transactions, provided that we will inform you of the name and contact information of the recipient, and require the succeeding company or organization that holds your personal information to be bound by this Policy, or alternatively we will require such company or organization to seek consent from you again.

iii. Public disclosure

We will publicly disclose your personal information only if:

1. Your separate and unambiguous consent has been obtained by us in advance; or

2. Such public disclosure is specified by laws and regulations, or mandatorily required by government authorities.

iv. Exceptions to the requirement for consent

We may share, transfer control of, or publicly disclose user information without your prior consent if so required by relevant laws, regulations, regulatory requirements and national standards, or under the same circumstances as specified in “I. How We Collect and Use Your Personal Information > iii. Exceptions to the requirement for consent” of this Policy.

V. How to Manage Your Personal Information

In accordance with the relevant laws, regulations and regulatory requirements of China, we guarantee that you can exercise the following rights with respect to your personal information:

i. Access, correct and update your personal information

During your use of our e-banking system, you have the right to modify or update your personal information on your own, unless the laws, regulations or regulatory policies require otherwise. According to the management requirements related to anti-money laundering, we will restrict your access to our services if your basic personal information is incomplete or untrue, or your valid ID has expired and is not extended in a reasonable period. To ensure continued use of our services, you are advised to update your personal information promptly. We will verify your identity when you modify your personal information.

After you log in to our e-banking app, you can check, modify and reproduce your basic information at “Me”, including modifying your profile picture and personal identity information; or you can check and modify your security settings in the “Security Center,” such as modifying a third-party agreement or enabling the account security lock.

In particular, to modify your personal identity information, you can log into our mobile banking app and click “Me > Settings > Security Center > Information Management > Modify Personal Information”, and correct or modify your personal identity information, occupation, address and telephone number. Upon successful modification, you can login to our e-banking system again.

You can also manage the bound bank cards and view transaction details through our e-banking app. To do so, navigate to “Homepage > My Account” or “Me > Transaction Details”. You can also change your login password or enable/disable Quick Pay by going to “Me > Settings > Security Center.”

You have the right to obtain a copy of your personal information and you may make reproductions of your personal information by yourself when you check your personal information.

ii. Delete your personal information

You may directly remove or delete your information, such as a bound bank card or cache records, at “Me > Settings” or on other product and/or service pages of PSBC.

You may request us to delete your personal information:

1. If the purpose for which we process the information has been achieved or cannot be achieved, or the information is no longer necessary for the purpose of processing;

2. If we cease to provide the products or services, or the retention period has expired;

3. If you personally withdraw your consent by deregistering from our system as stated in Clause iv of this chapter;

4. If we have processed your personal information in violation of laws, administrative regulations or agreements; or

5. Otherwise as specified by laws or administrative regulations.

If we decide to respond to your deletion request, we will notify the entities that have obtained your personal information from PSBC to delete such information promptly, unless otherwise specified by laws, regulations or regulatory policies, or such entities have obtained your separate authorization.

After you delete any information from our services, we may not immediately delete such information from our backup system, but will delete the same when the backup is updated.

Where the retention period specified for such personal information under laws and administrative regulations has not expired, or the deletion of the same is technically difficult to achieve, we will only store the information and take necessary security measures to protect it, without processing it further.

iii. Change the scope of your consent or withdraw your authorization

To complete each business function, some basic personal information is required. You can grant or withdraw your consent at any time for the collection and use of any additional personal information.

You may prevent PSBC or a third-party service provider from obtaining your personal information in connection with certain features or services by disabling such features of the e-banking system, or by refusing to provide the relevant personal information when you enable and use such features or services. You may also withdraw your consent to the permissions obtained by our app through “Settings” on your mobile device, so as to restrict our access to the information corresponding to such permissions. This may make PSBC or the relevant third party unable to provide the relevant services to you.

To withdraw your consent for the collection of your personal information, you may either generally withdraw your consent to our future collection of your personal information by deregistering from our mobile banking system, or withdraw each specific consent you granted to third parties for the collection of your personal information by going to “Me > Settings > Privacy Management > Manage Third-Party Authorization.”

iv. Deregister as a user

You may deregister from our mobile banking system by logging into our mobile banking app and clicking “Me > Settings > Deregister.” You may also request for deregistration from our e-banking system at the counter of a PSBC outlet, through a self-service equipment or otherwise. Your e-banking account will be canceled upon your deregistration from our e-banking system. Cancellation of your e-banking account is irreversible. Once you deregister from our e-banking system, we will cease to collect your personal information through our e-banking app and will delete all information about your e-banking account, unless a different retention period is specified by laws, regulations or regulators.

Please note that if you only delete the e-banking app from your mobile device, we will not cancel your e-banking account or delete all information about your e-banking account. You need to deregister from our e-banking system to achieve the above purposes.

v. Restrict automatic decision-making by information systems

For certain business functions, we may rely solely on non-artificial and automatic decision-making mechanisms, such as information systems and algorithms. If such decisions significantly affect your legitimate rights and interests, you shall have the right to request an explanation from PSBC, and we will also provide appropriate remedies.

vi. Right to our response to your above requests

If you are unable to access, correct or delete your user information as stated above, or you need to access, correct or delete any other user information generated when you use our services or functions, or you believe that we are in violation of any laws and regulations or the agreement between you and PSBC regarding the collection or use of user information, you may contact us using the contact information provided in this Policy.

For the sake of security, you may be required to submit a written request or otherwise prove your identity. We will complete the verification and processing, and give a reply to your request within 15 calendar days after receiving your feedback and verifying your identity.

Please note that we may reject any requests that are illegal, non-compliant, lack legitimate reasons, or are unnecessarily repetitive. Requests that require excessive technical means (such as developing a new system or fundamentally changing existing practices), pose a risk to the legitimate rights and interests of others, or are impractical will also be rejected.

In addition, in accordance with applicable laws, regulations, and regulatory requirements, we may be unable to respond to your request if required by state regulatory or competent authorities, or if such response:

1. is relevant to the performance of the personal information controller’s obligations under laws and regulations;

2. is directly related to national security or national defense security;

3. is directly related to public safety, public health or vital public interests;

4. is directly related to any criminal investigation, prosecution, trial or execution of judgments;

5. The controller of personal information has enough evidence to prove that the subject of personal information acted with malicious intent or abused its rights;

6. is necessary to protect the life, property, or other legitimate rights and interests of the subject of personal information or others, but obtaining consent is difficult;

7. will result in material damage to the legitimate rights and interests of the personal information subject or any other individuals or organizations; or

8. involves trade secrets.

VI. Protection of Personal Information of Minors

If you are a minor, please ask your guardian to read this Policy carefully, and not use our services or provide information to us until you obtain the consent of your guardian. We will only use and disclose the personal information of a minor, which we collect with the consent of their guardian, as permitted by laws, regulations and regulatory requirements, upon the unambiguous consent of the guardian, and as necessary to protect the minor. We will protect the confidentiality and security of the personal information of minors in accordance with relevant national laws and regulations. If your guardian does not consent to your use of our services or to your provision of information to us in accordance with this Policy, please cease to use our services immediately and send a notice to us promptly.

If you are the guardian of a minor, please contact us using the contact information provided herein when you have any doubts about the processing of the personal information of the minor under your guardianship.

If you are a child under the age of 14, please obtain the consent of your parent or guardian before using our services or providing information to us. We will use your information with the consent of your parent or guardian, following the provisions agreed upon herein regarding personal information of users. We will adhere to the principles of justification, necessity, informed consent, specific purpose, security safeguards and legal use, ensure strict compliance with laws and regulations in the storage, use and disclosure of such information, and will not retain it for a longer period than that is necessary to achieve the purpose of collection and use. Upon expiration of its retention period, we will delete or anonymize your personal information.

For more details, please refer to the Rules on the Protection of Children’s Personal Information in the E-Banking System of Postal Savings Bank of China.

VII. How this Policy is Revised

We will revise this Policy and related rules from time to time in response to any changes in national laws, regulations and regulatory policies, or as necessary for service operation. When this Policy is changed, we will release an updated version of this Policy in our e-banking app, and will notify you of such changes through pop-up windows, website announcements or other reasonable means before the changes take effect, so as to keep you informed of the latest content of this Policy. We will ask for your consent again. If you do not agree to the updated content, you have the right to, and shall, immediately cease using the corresponding services and cancel the relevant account. In this case, we will stop collecting your relevant personal information. By continuing to use our e-banking services after a revision of this Policy is made, you acknowledge that you have fully read, understood and accepted the revised Policy, and agree that we will collect, use, save and share your relevant information in accordance with the revised policies.

You can view or download the full text of this Policy through our mobile banking app (Path: Me > Settings > Privacy Management > E-banking Privacy Policy), WeChat banking (Path: Finance > More Financial Services > Privacy Policy), our official website (https://www.psbc.com/cn/; Path: Personal Services > Service Announcements > E-banking Privacy Policy of Postal Savings Bank of China), or our personal online banking (https://pbank.psbc.com/perbank/; Path: Home Page > Privacy Policy).

VIII. How to Contact Us

If you have any comments, suggestions, questions or complaints about this Policy, you can contact or consult us through our product consultation and complaint hotline 95580, our banking outlets, or other PSBC customer service channels. We will promptly handle your comments, suggestions, complaints or questions, and provide feedback for complaints with clear facts and simple disputes within 15 calendar days.

If you are unsatisfied with our response, especially if you believe that our processing of personal information has infringed upon your legitimate rights and interests, you may file a complaint with the Cyberspace Administration of China, the State Administration for Market Regulation, or other competent authorities or industry associations. You may also seek resolution by filing a lawsuit with a court in the jurisdiction where we are located.

Company name: Postal Savings Bank of China Co., Ltd.

Registered address: No. 3 Jinrong Street, Xicheng District, Beijing.

Rules on the Protection of Children’s Personal Information in the E-Banking System of Postal Savings Bank of China

Released and effective on: December 15, 2023

Postal Savings Bank of China Co., Ltd. (hereinafter referred to as “PSBC,” “we,” “us” or “our”) is well aware of the importance of personal information to children and their guardians, and appreciates their trust in us. In order to better protect children’s information, in addition to the E-banking Privacy Policy of Postal Savings Bank of China, we will, through our Rules on the Protection of Children’s Personal Information (hereinafter referred to as these “Rules”), inform children and their guardians about how we collect, store, protect, use and disclose the personal information of children (hereinafter referred to as “Children’s Information”) in connection with our e-banking services (services made available through electronic channels, including mobile banking, personal online banking and WeChat banking systems), as well as the rights that children and their guardians may have.

These Rules contain special rules formulated on the basis of the E-banking Privacy Policy of Postal Savings Bank of China and are applicable specifically to our products or services that involve the processing of personal information of children. In case of any inconsistency between the E-banking Privacy Policy of Postal Savings Bank of China and these Rules, the latter shall prevail. For any matters not covered herein, the E-banking Privacy Policy of Postal Savings Bank of China will apply mutatis mutandis.

To protect the legitimate rights and interests of children, if you are the parent or other guardian of a child, please read carefully and determine whether to agree to these Rules. If you are a child, you need to read these Rules carefully together with your parent or other guardian, and you shall not use our products or services or provide any personal information to us until you obtain the consent of your parent or other guardian.

You shall read these Rules carefully and make sure that you understand our rules for processing children’s personal information, especially those highlighted in bold. If you have any questions during your reading of these Rules, you may contact and consult us using the contact information set out in Article VII How to Contact Us of these Rules. By clicking or checking 'Agree' to explicitly consent to these Rules, you will be deemed to have accepted them. By doing so, you agree that we will collect, use, store, and share relevant information about children in accordance with these Rules.

I. How We Collect Children’s Information

When you use the e-banking services (hereinafter collectively referred to as “services”) provided by PSBC, we may need to collect some personal information from you in order to provide the services to you, improve our service quality, protect the security of your account and funds, and comply with national laws, regulations and regulatory requirements. Such information may involve Children’s Information. In the E-banking Privacy Policy of Postal Savings Bank of China, we have explained, for each specific service, the type of information to be collected by us upon your consent, the uses of such information, and the consequences of your refusal to give your consent. For details, please refer to the E-banking Privacy Policy of Postal Savings Bank of China.

The services provided by PSBC in relation to children are constantly updated and developing. If you want to use any services not covered by the E-banking Privacy Policy of Postal Savings Bank of China and these Rules, or in other circumstances where we need to collect Children’s Information beyond the scope of collection described above, we will give further notice to you through page prompts, interactive processes, agreements or otherwise, and will obtain separate consent from the child’s parent or other guardian.

II. How We Store and Protect Children’s Information

1. We will store and protect Children’s Information in accordance with the E-banking Privacy Policy of Postal Savings Bank of China. We will carefully regulate access to such information, limit the authority of staff members who may access Children's Information to the minimum necessary standard, and take technical measures to monitor and control their actions when processing Children’s Information to prevent any unauthorized processing.

2. We have formulated an emergency response plan in respect of information security incidents. In the event of a security incident involving Children’s Information, we will, as required by laws and regulations, promptly inform the parents or guardians of the affected children about the basic details and potential impacts of the incident, the actions we have taken or will take in response, suggestions for children and their guardians on how to prevent and reduce risks, as well as our remedies. We will also keep the guardians informed of the development of the incident by phone or text message. Where it is difficult to inform the guardians one by one, we will issue relevant alerts in a reasonable and efficient way. Additionally, we will report the resolution of a security incident involving Children’s Information to regulatory authorities as required. For any harm to the legitimate rights and interests of children caused due to our reasons, we will bear relevant legal responsibilities.

3. After you disable our services or terminate the use of children-related services provided by us, we will immediately terminate the collection and use of the relevant Children’s Information, unless otherwise specified by laws, regulations or regulatory authorities.

III. How We Use Children’s Information

1. To comply with national laws, regulations and regulatory requirements, and to provide you with services and improve service quality, or protect the security of your account and funds, we will use Children’s Information in accordance with the E-banking Privacy Policy of Postal Savings Bank of China and these Rules.

2. If we intend to use Children’s Information for any purposes other than those specified in the E-banking Privacy Policy of Postal Savings Bank of China and these Rules, we will inform you separately of such intention and obtain the consent of the children’s parents or guardians again in accordance with laws, regulations and regulatory requirements.

IV. How We Disclose Children’s Information

1. We undertake to keep Children’s Information strictly confidential, and only disclose it under the circumstances agreed upon in the E-banking Privacy Policy of Postal Savings Bank of China. If we need to share Children’s Information with a third party in order to provide services to you, we will assess and determine whether receipt of the Children’s Information by such third party is legal, legitimate, necessary and safe. We will require the third party to take measures to protect the Children’s Information and act in strict accordance with relevant laws, regulations and regulatory requirements. In addition, we will, as required by laws, regulations and national standards, inform you of the type of the Children’s Information shared, the purpose and method of processing, and the name and contact information of the recipient, and we will obtain the consent of the child’s parent or other guardian, or make sure that the third party has obtained the consent of the child’s parent or other guardian.

2. To increase the efficiency of information processing, lower the costs of information processing or increase the accuracy of information processing, we may appoint a capable affiliate of PSBC or other professional institution to process Children’s Information on our behalf. We will assess the security of the appointed agent and the appointment process. Through a written agreement or on-site audits, we will require the agent to adhere to strict confidentiality obligations and take effective measures to maintain confidentiality. The agent is prohibited from processing Children's Information beyond the scope of their authority, and must fulfill the following obligations:

(1) To process Children’s Information in accordance with laws, administrative regulations and our requirements;

(2) To assist us in responding to requests from a child’s parent or other guardian;

(3) To take measures to protect information security, and promptly take effective measures against, and notify us of, any unauthorized disclosure of Children’s Information;

(4) To delete the Children’s Information promptly after termination of the appointment;

(5) Not to transfer the appointment to others; and

(6) Any other obligations under laws concerning the protection of Children’s Information.

V. How to Access and Manage Children’s Information

During your use of our e-banking services, to make it more convenient for you to access and manage (including checking, correcting, reproducing, withdrawing the consent to, or deleting) Children’s Information, and to protect your right to deregister your account, we have provided relevant option settings, and you can follow the instructions in “V. How to Manage Your Personal Information” in the E-banking Privacy Policy of Postal Savings Bank of China.

VI. Application and Update of these Rules

We will update these Rules as appropriate in the event of any major change stated below:

(1) Changes in the basic structure of PSBC, for instance, change of owners as a result of merger, acquisition or restructuring;

(2) Changes in the scope, purpose and rules for collecting, storing, using or disclosing Children’s Information;

(3) Changes in the location or period of retention of Children’s Information, or the way it will be processed upon expiration of the retention period;

(4) Changes in data security capabilities, information security risks, and security measures to protect Children’s Information;

(5) Changes in the consequences of refusal to give consent;

(6) Changes in the channels and mechanisms for users to make an inquiry or complaint, or changes to external dispute resolution agencies and their contact details;

(7) Changes in the ways and methods of correcting or deleting Children’s Information;

(8) Other changes that may have a material impact on the rights and interests in Children’s Information; or

(9) Updates to these Rules to reflect changing national laws, regulations and regulatory policies, or as necessary for service operation.

The updated content will be released through our online banking system, WeChat banking system, mobile banking app or other channels, and we will seek further consent from children’s parents or other guardians. Please pay attention to any relevant announcements, prompts, or changes in agreements, rules, or other related content that may occur from time to time.

Once these Rules are updated, we will remind you to confirm and agree to the updated rules on the login page. If you do not agree to the updated content, you shall immediately cease using the relevant services and deregister your relevant account. In this case, we will stop collecting your personal information. If you continue to use the services, we will implement the updated rules.

VII. How to Contact Us

If you have any questions, comments or suggestions about these Rules on the Protection of Children’s Personal Information, you may contact or consult us through our product inquiry and complaint hotline 95580, our banking outlets, or other PSBC customer service channels. We will promptly handle your comments, suggestions, complaints or questions, and provide feedback for complaints with clear facts and simple disputes within 15 calendar days.

Company name: Postal Savings Bank of China Co., Ltd.

Registered address: No. 3 Jinrong Street, Xicheng District, Beijing.

VIII. Definitions of Terms in these Rules

For the purposes of these Rules, the term “children” refers to minors under the age of 14.