This Privacy Policy Effective Date: 2026/06/13.

This Policy was released on 2026/06/12.

Standard Chartered Bank (China) Limited (“we”, “us” or “SCB China”) is fully aware of the importance of personal information to you and strives at all times to respect and protect your privacy. We therefore formulate this Mobile Banking Privacy Policy (this “Policy”) to better explain how we collect, store, protect, use and disclose personal information and to help you understand the rights you have.

This Policy applies only to the “Standard Chartered Bank China” mobile application (the “App”) operated by us. We will collect, store, use and disclose your information (including sensitive personal information) in accordance with this Policy when you use the services within the App to, among others, manage your bank accounts, make payments and fund transfers, trade in foreign exchange, make time deposits, purchase wealth management products, and purchase bank-distributed fund products and market-linked series products (save for services subject to a separate privacy policy or governed by any user agreement that provides otherwise). This Policy is closely related to your use of our services through the App. We advise you to carefully read and understand this Policy in full. The provisions in this Policy which have a material bearing on your rights and interests and the sensitive personal information are IN BOLD for your special attention. Please do not use the App if you do not understand or accept this Policy in full.

In addition to this Policy, we will separately provide you with a <Consent Letter for Sensitive Personal Information>, a   <Consent Letter for – Disclosure of Personal Information to Third Parties>and a <Consent Letter for Personal Information Cross-border Transfer>  to make further disclosure as to how we process your sensitive personal information and how we disclose personal information to third parties. The <Consent Letter for Sensitive Personal Information> , the  <Consent Letter for – Disclosure of Personal Information to Third Parties>and the <Consent Letter for Personal Information Cross-border Transfer>  are in addition to this Policy and together with this Policy form a complete set of rules for us to process your personal information.

Should you have any question, comment or suggestion, please contact us at:

• Our official website: https://www.sc.com/cn/contact-us/
• Our customer service hotline: 956083

This Policy will help you to understand:

I. How we collect and use your personal information

II. How we have third parties to process, and how we share, transfer and publicly disclose, your personal information

III. Exceptions to obtaining consent

IV. How we store your personal information

V. How we protect your personal information

VI. How you could manage your personal information

VII. How we protect the personal information of minors

VIII. How we update this Policy

IX. How to contact us

X. Other provisions

I. How we collect and use your personal information

Personal information refers to any kind of information whether recorded in an electronic or other form that is associated with an identified or identifiable natural person, excluding information that has been anonymized.

(A) How we collect your personal information

When you use the App, we will collect the information that you voluntarily provide in the process of using our services or that derives from your use of our services on a lawful, just and need-to basis if by doing so it allows us to provide you with the products and services in accordance with applicable laws and regulations, to improve the quality of our services, to maintain the safety of your accounts and funds, and to fulfil our legal obligations. We will collect your information under the following circumstances:

1.  When you register an account with the App, we will verify your registered mobile phone number with us that is used to receive SMS verification code, the card number and the transaction password of your debit card or the initial username and initial password of your online banking account; we collect such personal information to verify your identity, complete the user registration process and meet our anti-money laundering obligations under laws, regulations and regulatory requirements. Please note that if you do not provide the information below, you would not be able to access and use the relevant services within the App
2. According to the requirements in relation to real-name authentication under Chinese laws and regulations, we must collect your name, ID number, gender, ethnicity, date of birth, address, validity period of your ID, photo of front and back sides of your ID, and your facial image, and will send your name, ID number and facial image to a legitimate third party to verify your identity. Your registration application will be automatically approved once the verification is completed. Please note that if you do not provide the information below, you would not be able to access and use the relevant services within the App

In the process of your use of the App, we will collect the following information of yours on a lawful, just, and need-to basis to the extent necessary for us to provide you with the relevant services through our mobile banking Please note that if you do not provide the information below, you would not be able to access and use the relevant services within the App.

(1) You are required to provide your username and password to log in to the App. We may also offer you several alternative ways to verify your identity. You may choose to use your static password or dynamic passcode, or if you choose to use our FaceID Login Service to access the App, you need to register your face ID on your device. Please note that the App itself will not collect and store biometric information related to your face or fingerprints; we only use third-party software development tools to unlock the facial or fingerprint recognition functions in your device to complete the identity verification process.

(2) When you activate your debit card in the App, we will collect the card number and expiration date of your debit card.

(3) When you use the basic mobile banking functions in the App, you are required to provide certain personal information, which mainly includes:

• Using the mobile phone funds transfer service: your mobile phone number, name, transaction details and the payee’s mobile phone number.
• Making intra-bank or inter-bank funds transfers, or international funds transfers (including international transfers, transfers via Global Link or Cross-boundary Wealth Management Connect):your account details and the account details of the payee (including the payee’s name, account number, branch or sub-branch of the bank, SWIFTCODE, the payee’s address and any other information that may be necessary pursuant to local laws and regulatory requirements of the relevant jurisdiction). Meanwhile, we will record the details of the funds transfer transaction (including the payer’s name, the payee’s name, the payer’s account number, the name of the paying bank, the banking office of the paying bank, the payee’s account number, the name of the receiving bank, the banking office of the receiving bank, the method of transfer, the amount transferred and the currency used, the time of transfer, the agreed frequency of transfer, the transaction notes, and the status, date and time of the transaction) for your inquiry In order to confirm a funds transfer or wire transfer transaction, we will collect your debit card password to complete the verification.
• Using the function of managing third party payments: the number of your SCB debit card;
• Activating the virtual debit card service: the number of the Type II/III account opened with us, and the number of the virtual debit card;
• Having or updating a client investment profile: your employment status, age, level of education, financial status, investment objectives, knowledge of the investment products and investment experience, and results of your risk appetite assessment based on such information;
• Purchasing wealth management products, bank-distributed  wealth management,  bank-distributed  funds, bank-distributed  private equity asset management schemes, and market-linked series products; creating Fixed Deposits, Certificates of Deposit, Special Deposit and other financial products: your identity information (including type of ID, ID number, name, gender, mobile phone number, residential address, annual household income, source of income, occupation, account details, transaction details (including transaction amount and transaction account number), FATCA U.S. Person information and CRS tax residency information (Country/Jurisdiction of Tax Residence and Taxpayer Identification Number);
• Having or updating client insurance financial needs analysis: your level of education, protection goals, financial status, and the results of your insurance financial needs analysis based on such information;
• Purchasing insurance products on agency basis (including offline sales or electronic orders related to Remote Voice and Video Recording Service): your and the insured’s ID certificate information, addresses, employment details, tax residency information, payment ability information, payment details, and health statement (if any), history of your operations on the relevant pages of the App (what and when the applicant and the insured have filled in or clicked the relevant content on the sales page) and other information that may be required from time to time to meet updated legal and regulatory requirements.
• Using the App for foreign exchange settlement and trading, foreign exchange trading and foreign currency conversion: your transaction details and your identity information (including type of ID, ID number, name, age, nationality (jurisdiction), mobile phone number, residential address, occupation, account information) and your transaction details (including the basic information of foreign exchange trading/settlement such as transaction account, transaction amount, transaction currency, time and purpose of use of the foreign currency);
• Using the App for e-CNY exchange and removing SC debit card from your e-CNY Wallet: your transaction details (including Account Number, wallet ID, wallet institution, amount and currency, summary of transaction, payee’s name, mobile phone number, device, username) and SC debit card number.
• Other information you are required to provide in using the abovementioned functions by applicable laws, regulations and regulatory requirements as amended from time to time.

(4) In order to ensure the safe and normal operation of the App, prevent exposure to transactional and fund risks, and protect the safety of your account, we need to record the model, operation system, unique equipment identifier (Android ID, IDFV), mobile banking software version number, login IP address, operation logs  basic information of the devise you use. In addition, in order to verify the accuracy and completeness of the information you provide, we will check with the State organs, financial institutions, enterprises or public institutions that lawfully hold your information. If, for the purpose of such verification and check, we need to collect your information from any of the foregoing entities, we will request the relevant entity to specify its source of personal information and confirm the lawfulness of such source in accordance with applicable laws, regulations or regulatory requirements.

(5) In the event that you provide any feedback, make a voice/video call to, or communicate by text with, our customer service, or lodge a complaint, or take part in our marketing activities or surveys through the App, we need to collect the information you submit in such process and the information (including voice/video call records, chat history) relating to your operation so as to contact you or provide follow-up responses and services.

(6) In order to enhance your experience with our services, we have made available a SMS banking function to provide you with secure and easy access to our SMS alerts and SMS inquiries. Depending on your preference, you can have SMS alerts sent to your designated mobile phone number while using our Online Banking, Mobile Banking, or other services offered by SCB China. You can also check your account balance, change your SMS Banking password and access a variety of other services through SMS. For more details on SMS Banking, please go to https://www.sc.com/cn/en/bank-with-us/mobile-sms-banking/.

(7) When you use the functions and services of the App, under certain circumstances, we may need to use the software service toolkit or code (“SDK”) provided by a qualified third-party service provider in order to provide the service for you, where the third-party service provider will collect the necessary information about you, including:

• TMX SDK: we use TMX (Lexis Nexis Risk Solutions, contact: +1 212 448 2200, privacy policy: www.lexisnexis.com/global/privacy/en/privacy-policy.page) to guarantee security of funds, prevent anyone from harming your rights and interests in and to your account and mitigate transactional risks. This SDK requires access to your  International Mobile Equipment Identity (IMEI)，Android ID,GAID, address, age, IP address, WIFI SSID, list of applications, running process information, clipboard, list of sensors, card number of the card linked in the App, account type, name of the issuing bank of the card linked in the App, IMEI (international mobile equipment identity) information, and account opening date in order to meet the requirements of local laws and regulations of relevant jurisdiction for verifying your transaction details when you open a Type II or Type III Renminbi account, log in or make funds transfers, and further to improve the risk control for mobile banking.
• CUPD SDK: we use CUPD (China UnionPay Data Services Co., Ltd., contact: 021-6106 8888, privacy policy: https://web.cupdata.com/dmop/cdn/privacy/privacy_policy.html) to help you fully understand and purchase remotely through voice and video recording bank-distributed insurance products on agency basis(as explained to you by our sales personnel). This SDK will collect your name and ID information provided during your use and store your facial image provided during your use, and images and videos and such other data as generated during the process of identity verification and sales communications, in order to identify you and record the sales process through this function module, and will also request permissions to access your device’s camera, microphone, photo album, floating window, and to read your device’s phone state, so as to serve you in compliance with the applicable laws and regulations of the State.
• Zego SDK: we use ZEGO (Shenzhen Zego Technology Co., Ltd., contact: 400-1006-604, privacy policy: https://doc-zh.zego.im/policies-and-agreements/zego-sdk-privacy-policy) to help you fully understand and purchase remotely through voice and video recording insurance products on agency basis (as explained to you by our sales personnel). This SDK will collect image data captured by camera and audio data collected by microphone during your use in order to communicate with you remotely through voice and video and record the process through this function module, so as to serve you in compliance with the applicable laws and regulations of the State.

• RASP SDK: we use RASP (One Span International GmbH, contact: +1 312 766 4001, privacy policy: https://www.onespan.com/privacy-center) to assess the integrity of the APP and detect any potential security vulnerabilities on a customer’s mobile phone. This SDK requires access to the list of installed Apps and the list of active processes, so as to prevent customers from operating the APP on a mobile phone with security concerns.

• WeChat SDK: we use WeChat (Shenzhen Tencent Computer System Co., Ltd., contact: 86013388, privacy policy: www.weixin.qq.com/cgi-bin/mmsupportaccnodeweb-bin/pages/RYiYJKLOrQwu0nb8) to help you easily share articles with WeChat friends and WeChat Moments through the sharing function. This SDK will collect the title, description, thumbnail, and chapter link of the article for sharing with WeChat friends or WeChat Moments.
• Chromium SDK: we use Chromium (Google,contact: 010 – 6250 3000, privacy policy: https://policies.google.com/privacy) to enhance the webpage loading speed and rendering efficiency. This SDK requires access to the list of available sensors (Acceleration sensor and Gyroscope sensor) on your device, which will be used by the built-in browser when browsing webpages.
• HKE SDK: we use CFCA (China Financial Certification Authority, contact: 400 – 880 – 9888, privacy policy: https://www.cfca.com.cn/upload/20241117flsm.pdf) to enable easier login to the App with digital certificate service. For Android OS system, the SDK will collect WIFI MAC address, device, model, brand, ROM build user, ROM build host, manufacture, CPU manufacture. For iOS system, the SDK will collect device, model, IP address, APP information (e.g., APP version, IDFV). All above information will be collected for digital certificate issuing, download and digital signing service.
• Flutter Device Info Plus SDK: we use Flutter Device Info Plus(Google, contact number: 010–6250-3000, privacy policy: https://policies.google.com/privacy ) for device status identification, detailed operational log, and security event audit trail. This SDK requires access to application’s Android ID and iOS IDFV on your device.

If you do not agree the said third-party service providers to collect the information they require, you could be refused certain services. However, it would not affect your use of the other services within the App.

Please note that when you use the biometric information service, we will collect your face recognition information to verify your identity during transaction processes and to ensure that you can access this service successfully. We may send your facial recognition information to the Ministry of Public Security’s systems for the verification purpose and accept the verification results; however, the App itself will not collect and store the biometric information related to your face.

Please understand that the services we provide to you are updating and developing constantly. If you choose to use any service not specified hereinabove, and we need to collect your information in light of your use of such service, we will send you separate notices of the scope and purpose of, and obtain your consent to (if required by applicable laws and regulations), such collection by means of pop-up message, webpage prompt, interactive process, agreement or an update of this Policy. We will use, store, disclose and protect your information in accordance with this Policy and the corresponding user agreement. Should you choose not to provide any of the information specified hereinabove, you may be refused certain services or parts of services, but your use of the other services provided by us would not be affected.

(B) How we use your personal information

We will use your information to abide by applicable laws, regulations and regulatory requirements, to provide services for you and improve the quality of the services provided for you, and to guarantee the security of your accounts and funds. In particular:

1. We will use your personal information in accordance with the provisions of this Policy, in particular, the purposes and functions as described in the “How we collect your personal information” section above and to achieve our other related service purposes and functions;
2. To ensure the stability and security of our services, your information may be used for verifying identity, safeguarding, anti-fraud monitoring(including monitoring for the purpose of preventing telecom fraud), preventing or prohibiting illegal activities, minimizing risks or for archival and backup purposes;
3. To invite you to take part in customer surveys on our services, products or functions;
4. To comply with our obligations relating to customer due diligence, anti-money laundering, and real-name system regulation, and obligations to report or file information to the relevant authorities, as well as other obligations imposed on us by laws and regulations, in accordance with applicable laws, regulations or regulatory requirements;

We will inform you and seek your prior consent (if required under applicable laws and regulations) if we need to use any information for any purpose other than the one for which it is collected.

(C) In rendering our services, we may ask you for certain access permissions on your device to guarantee your use of our services, maintain the normal functioning of our services, improve and optimize the user experience, and safeguard the security of your account. In particular, we may ask you for the following personal access permissions:

1. Camera: to help identify your personal facial features to assist us in providing you with the video call function used for online customer services, insurance remote audio and video recording function and QR code authentication function;
2. Contacts: to help you quickly select the phone number of the payee when using the mobile phone funds transfer service.
3. Microphone: to help you call our customer service hotline using the remote video call function.
4. Access phone status: to fetch a device’s IMEI identification information to identify a user’s regularly used devices and detect any unusual login activities related to the APP account, and to pause remote audio and video recording function when you answer a call.

Please note that by turning on these permissions, you grant us the right to collect and use the aforementioned information to enable the above functions. You can also turn off part or all of these permissions at any time in the settings on your mobile device. If you turn off these permissions, we will no longer collect the relevant information from you and will not be able to provide you with the function that requires such permission. The display and turn-off of such permissions may vary on different mobile devices. Please refer to the instructions or guidelines from the developer of the device or system for details.

II. How we have third parties to process, and how we share, transfer, and publicly disclose, your personal information

(A) Entrusted processing

Your personal information may be processed by our affiliates and third-party service providers who provide products and/or services to us and our business partners on our behalf. For example:

1. It may be disclosed to professional advisors (including auditors) or insurers for risk diversification and assessment purposes;
2. It may be disclosed to third-party service providers, agents or independent contracted employees who provide services in support of our business;
3. It may be disclosed to our other suppliers, service providers and other partners.

List of affiliated companies, third-party service providers, and partner representatives entrusted with, or providing products and/or services to, our company:

We will sign strict non-disclosure agreements with third parties appointed by us to process personal information and require them to deal with personal information in compliance with our instructions, this Policy and any other relevant confidentiality and security measures mandated by laws and regulations.

(B)   Sharing

We will only share your personal information with a company, organization or individual other than SCB China in the following circumstances:

1. Sharing with a separate consent: we will share your personal information with others upon obtaining your separate consent;
2. We will provide your personal information to payees, beneficiaries, intermediaries, correspondent and agent banks (e.g. the correspondent and agent banks in the SWIFT system), clearing houses, clearing or settlement systems, etc., to the extent required for entering into or performing our contracts with you, such as when we provide international transfers and related services to you;
3. We may disclose your personal information as required under applicable laws and regulations or in accordance with the mandatory requirements of relevant government authorities, courts, regulators, tax authorities, or any other authorities (including any authority that investigates criminal activities);
4. Disclosure to your legal guardian or heir upon your death or loss of legal capacity so that he/she may make payments from your account;
5. Sharing with our affiliates: your personal information may be shared with SCB China’s branches and sub-branches to the extent necessary and solely for the purposes stated in this Policy. We will seek your consent if there is any change in the purpose of use of your personal information by any of our affiliates.
6. Sharing with the functional departments of our group: we will disclose the FATCA U.S. Person information and the CRS tax residency information (Country/Jurisdiction of Tax Residence and Taxpayer Identification Number) to the relevant functional departments of the Standard Chartered Group (Standard Chartered Singapore, website: https://www.sc.com/sg/ and Standard Chartered Global Business Services Co., Ltd., website: https://www.sc.com/cn/en/help-centre/about-scgbs/).
7. Sharing with our authorized partners: for the sole purpose of serving the purposes stated in this Policy, some of our services will be provided by our authorized partners in the course of performance of our agreement with you, or your personal information has to be provided to our partners in order to fulfil the purpose of your transaction. For such purpose and to such extent, we will only share your personal information for lawful, just, necessary, particular and specific purposes, and we will only share the personal information that is necessary for the provision of services. Our partners have no right to use the personal information we share with them for any other purposes. Our authorized partners mainly include financial institutions we cooperate with, including the managers and issuers of the products sold by SCB China as an agent (e.g. onshore fund companies and onshore insurance companies). For contact details of onshore fund companies, please refer to the specific fund company’s official website and customer service number provided in the Fact Sheet of a fund. We will need to disclose your fund investment information (including the investor’s name, the number, type, expiration date of the investor’s ID, the investor’s gender and date and city of birth, the investor’s tax resident country or region, taxpayer identification number, the investor’s occupation code, the investor’s mobile phone number, residence phone number and office phone number, the investor’s email address, fax number and postcode, the investor’s annual income, the investor’s current residence country or region and current address, the name of the investor’s employer, the investor’s IP address and MAC address, the account name and number of the investor’s receiving account, the bank with which the investor opens its receiving account, connected persons, the investor’s fund account, Get Investor Certificate flag, Non-Resident flag, transaction product details (amount and units)) to the above mentioned entities in order to fulfil your transaction purposes. Onshore insurance company: CITIC Prudential Life Insurance Co., Ltd. (for contact details, please reach out to its official website and customer service hotline). We will need to disclose to the insurance company the details of your insurance application, including the applicant’s name, gender, date of birth, ID type, ID number, ID expiration date, nationality, mobile phone number, mailing address, postcode, email, occupation code, annual income, name of employer, relationship with the insured (if any), risk preference, applicant’s job descriptions, health statement and source of premium; the insured’s name (if any), gender, date of birth, ID type, ID number, ID expiration date, nationality, mobile phone number, mailing address, postcode, occupation code, health statement, annual income, name of employer and job descriptions; the beneficiary’s name, gender, date of birth, ID type, ID number, ID expiration date, nationality, relationship with the insured, order of precedence and percentage of benefits to be received; name of the applicant’s collection and payment bank, name of the account for such collection and payment, bank account, the city of account opening, the applicant’s height and weight; the insured’s height and weight, the applicant’s annual household income, etc..

We will sign strict non-disclosure agreements with the companies, organizations and individuals that we share personal information with and require them to deal with personal information in compliance with our instructions, this Policy and any other relevant confidentiality and security measures.

(C)     Transfer

We will not transfer your personal information to any companies, organizations or individuals, except:

1. We may transfer your personal information to others after obtaining your separate consent;
2. In the case of mergers, acquisitions, bankruptcy, liquidation, transfer of assets or other similar transactions where transfer of personal information is required, we will request the succeeding company or organization holding your personal information to be bound by this Policy; otherwise, we will require such company or organization to seek separate consent from you.

(D)     Public Disclosure

We will only disclose your personal information to the public in the following circumstances:

1. After obtaining your separate consent;
2. To the extent required by laws, regulations, judicial or legal proceedings, or mandatory administrative enforcement by government authorities, we may disclose your personal information to the public to the extent and in the manner required. In such cases, we will request reasonable documentation from the requesting authority to ensure that the request has a lawful basis and that the requesting authority has the lawful power and a legitimate purpose to obtain your personal information;

III. Exceptions to obtaining consent

According to the relevant laws and regulations, regulatory requirements and national standards, we may collect, use or disclose your personal information without otherwise obtaining your authorization and consent under the following circumstances:

1. to the extent necessary to enter into or perform a contract with you;
2. to the extent necessary to fulfil statutory duties and responsibilities or statutory obligations;
3. to the extent necessary to respond to public health emergencies, or to protect the life, health and security of property of natural persons under emergency conditions;
4. where personal information is processed to the extent reasonable in order to report news, supervise public opinion and perform such other acts in the interest of the public;
5. where the personal information in question is collected from information that you have disclosed to the public by yourself or other information that has been lawfully disclosed to the public, and is processed to the extent reasonable; and
6. other circumstances provided for under laws and administrative regulations.

IV. How we store your personal information

(A) Location of storage

We will store your personal information collected within the territory of the People’s Republic of China in accordance with the requirements of applicable Chinese laws and regulations.

We may transfer certain personal information (such as paying account numbers, information regarding the receipt of funds, etc.) outside of China for the purposes outlined in this Policy, including to enable our affiliates and/or business partners outside of China to assist us in providing products and/or services to you or in processing your personal information; in such cases, we will take appropriate, necessary and effective measures (such as having the transfer encrypted) to keep your information safe. The data protection laws applicable in these countries may differ from those in China, but we have taken the appropriate measures to ensure that your personal information is protected in accordance with the requirements of this Policy.

(B) Retention Period

We will take all reasonably practicable steps to ensure that no irrelevant personal information is collected.

Unless otherwise required by laws or regulations, we will retain your personal information for the following periods:

1. We will retain your personal information to meet our legitimate business needs (e.g. to provide services to you or to meet relevant legal, tax, and financial requirements).
2. When we do not have a legitimate business need to use your personal information, or the retention period specified under Chinese laws and regulations has expired, we will either delete or anonymize your personal information or, if neither option is feasible (e.g. if your personal information is already stored in a backup), we will store it securely and keep it separate from other data to be processed. To delete any information you provide in the App in relation to the payee of domestic and overseas funds transfers, you may log in as a user on www.sc.com/cn, click “To a Local Account” or “To Overseas” on the “Transfer Money” page and select the information that you wish to delete.

V. How we protect your personal information

(A)     We have used safety measures up to industry standards to protect the personal information you provide and to prevent the data from unauthorized access, disclosure, use, modification, damage or loss. We will take all reasonably practical measures to protect your personal information. For example, we will perform safety scans on the App and safety penetration tests on a regular basis, and we have put in place a series of identity and access management, encryption, safety risk management and other rules and systems to ensure that your information is processed safely. In addition, your browser is protected by SSL encryption when exchanging data with the App. We will deploy an access control mechanism based on minimum access and behaviour traceability requirements to make sure that only authorized persons have access to your personal information. We will organize security and privacy protection training courses to enhance our employees’ awareness of the importance of protecting personal information.

(B)     We will take all reasonably practical measures to ensure that no irrelevant personal information is collected. We will only store and retain your personal information for a period as minimum as necessary to fulfil the purposes stated in this Policy unless we need to extend the retention period or where laws and regulations permit.

(C)     The Internet is not an absolutely safe place. E-mails, instant messages, and communications with other App users are not encrypted; therefore, we strongly recommend that you do not send any personal information through these ways. Please use complex passwords to help us keep your account safe.

(D)     We will regularly/irregularly assess safety risks and personal information safety implications.

(E)     The Internet is not absolutely safe, and we will take every effort to guarantee the security of the information you send us. We will take responsibility in accordance with the law if your information suffers from unauthorised access, public disclosure, erasure or damage as a result of any damage to our physical, technical or management protection facilities and your lawful rights and interests are so impaired.

(F)     If unfortunately a personal information security incident occurs, we will, in accordance with the requirements of laws and regulations, promptly inform you and any interested parties of the type of personal information that has or may have been leaked, tampered with or lost, the cause of the incident and the possible harm that this could bring; the remedial measures that we have taken; the measures that you can take to mitigate the harm, and our contact details. We will promptly inform you and any interested parties about the incident by email, SMS, letter, call or other means. Where it is difficult to inform each personal information subject, we will give a public notice in a reasonable and effective way.

Meanwhile, we will report the handling of such personal information security incident on our initiative in accordance with the requirements of regulatory authorities.

IV. How you could manage your personal information

In accordance with the relevant laws, regulations and standards of the People’s Republic of China as well as the common practices in other countries and regions, we guarantee that you may exercise the following rights in relation to your personal information:

(A)     Access and correct your personal information

You may view or update your personal information by logging in to the App or through our online banking or telephone banking services or at any of our counters, unless otherwise provided by laws, regulations or regulatory policies.

You have the right and obligation to update your personal information in a timely manner to ensure that such information is accurate. To protect the safety of your account, you may need to access and correct certain personal information through online banking or at our counters. For example, if you wish to modify your contact information and correspondence address, please log in as a user on www.sc.com/cn, click “Change contact information or change correspondence address” on the “My Online Banking” page, select the item you wish to modify and enter the new information.

When you change any of your information through our online banking service, we will send a one-time SMS verification code to the mobile number you register with SCB China for the safety of your account.

(B) Obtain a copy of your personal information

If you wish to obtain a copy of your personal information, please contact us through the contact details provided at the bottom of this Policy.

(C)   Delete your personal information

To delete any information you provide in the App in relation to the payee of domestic and overseas funds transfers, you may log in as a user on www.sc.com/cn, click “To a Local Account” or “To Overseas” on the “Transfer Money” page and select the information that you wish to delete.

If you find that our collection or use of your personal information is in violation of laws and regulations or the agreement between you and us, you may request us to delete your personal information in accordance with the law. We will delete your personal information to the extent permitted by laws or regulations (e.g. upon expiration of the legal retention period).

When you delete information from our App, we may not immediately delete the information from our backup system but we will delete such information at the time of next update of our backup.

Please note that uninstalling the App will not lead to the cancellation of your account or the deletion of your personal information.

(D)  Withdraw your authorization, and change the scope of your authorization and consent

You may change the scope of your authorization for us to collect your personal information or withdraw your consent by turning off certain functions on your device(path: Settings – Privacy & Security – Permission Management. Note that the path may vary depending on the mobile phone model). However, your decision to withdraw your consent will not affect any collection of personal information based on your consent prior to such withdrawal.

(E)     Transfer your personal information

You have the right to request that we transfer the personal information you provide to us to a third party of your choice. However, this right may only be exercised in certain circumstances as specified under Chinese laws. For further information on your rights in this regard, please reach out to us through the contact details at the bottom of this Policy.

(F)     Cancel your account

Since your account with the App is the same as your online banking account, if you wish to cancel your App account (i.e., cancel your online banking account), you may do so at a branch or sub-branch of SCB China or by calling our customer service hotline (956083). Please follow the instructions to complete the verification of your identity at the branch or sub-branch or in the service call and, after the verification is completed, you may submit an application for cancelling your SCB online banking account (including your App account). We will verify and process your application within 15 working days after receiving it.

After you meet all the conditions for cancellation according to law and your online banking account is cancelled, you will no longer have access to the SCB online banking account and the App. Unless otherwise provided in laws, regulations, regulatory requirements or special agreements or for the purpose of settling certain specific debtor-creditor relationships, the information relating to your App account will also be deleted. We will no longer collect or use the personal information relating to such account through SCB online banking or the App. In addition, we still need to retain the information provided by you or generated during the term of your use of the App service for a period of time as required by regulatory authorities (no less than 5 years after you cancel your App account) and to cooperate with inquiries or other requirements of relevant authorities in accordance with law during such retention period.

(G)     Response to your requests above

For your security, you may need to submit a written request or identify yourself through other ways. We may ask you to verify your identity before processing your request. Unless otherwise specifically provided in laws and regulations, we will, in principle, review and process your requests for correcting your personal information, deleting or cancelling your account with the App submitted in accordance with the procedures described in this Policy within 15 working days:

According to the requirements of applicable laws and regulations, we will not be able to respond to your request under the following circumstances:

1. Where it relates to the performance of our obligations under laws and regulations;
2. Where it directly relates to national security and national defence security;
3. Where it directly relates to public security, public health or major public interest;
4. Where it directly relates to criminal investigations, prosecutions, trials or execution of rulings, etc.;
5. Where we have sufficient evidence showing that you are intentionally malicious or abuse your rights;
6. Where it is for the purpose of protecting your own or another individual’s life, property, or other material legal rights and interests, but where it is difficult to obtain your consent;
7. Where responding to your request will cause serious damage to the legitimate rights and interests of yours or of other individuals or organizations.
8. Where the request involves any trade secret.

VII. How we protect the personal information of minors

We will protect the confidentiality and security of the minors’ information in accordance with applicable laws and regulations of the People’s Republic of China.

Before collecting the personal information of minors aged 14 years or older, we will obtain consent from you， your parent(s) or guardian(s); for those under 14 years old, we will obtain consent from your parent(s) or guardian(s). For the personal information we collect with the consent of your parent(s) or guardian(s), we will only use such information to the extent permitted by law or necessary for protecting you or with the express consent of your parent(s) or guardian(s). If your parent or guardian does not agree you to use our services or provide information to us in accordance with this Policy, please stop using our services immediately.

VIII. How we update this Policy

Our Privacy Policy may be updated from time to time. Once it is updated, we will notify you about the latest version of our Privacy Policy through pop-ups within the App.

We will not reduce your rights under this Policy without your explicit consent. You can read this Policy as updated from time to time by visiting “More” – “About SCB” – “Mobile Banking Privacy Policy” within the App. If you do not agree with any or all of the terms of this Policy, please stop using the App.

IX. How to contact us

If you have any question, comment or suggestion about the App, especially those regarding personal information or this Policy, please contact us through the means set forth below and we will in principle respond within 15 working days of receiving your question, comment or suggestion:

• Company Name: Standard Chartered Bank (China) Limited
• Address: 201 Century Avenue, Pudong New Area, Shanghai, China
• Customer Service Hotline: 956083
• Contact us via our official website: https://www.sc.com/cn/contact-us/

If you are not satisfied with our reply, and in particular consider that our processing of personal information has caused harm to your legitimate rights and interests, you may also lodge a complaint or report to authorities with personal information protection duties, or resort to a people’s court of competent jurisdiction in accordance with the laws of the People’s Republic of China or seek solutions through other means as provided in applicable laws and regulations.

X. Other provisions

(A) In the event that this Policy conflicts in any way with the Terms and Conditions of Bank Accounts and Services and/or the Private Online Banking Terms and Conditions of SCB China, this Policy shall prevail insofar as it concerns SCB China’s personal information processing rules for personal mobile banking. This Policy is in addition to the Terms and Conditions of Bank Accounts and Services and/or the Private Online Banking Terms and Conditions of SCB China.

(B) If this Policy is translated into English, the English version is for reference only. The Chinese version of this Policy shall prevail in the case of any inconsistency between the two language versions.