Personal Information and Privacy Protection Policy

DBS China Mobile Banking Personal Information and Privacy Protection PolicyIssued on: Feb 11, 2025Effective as of: Feb 18, 2025DBS Bank (China) Limited ("DBS China", “DBS Bank”, the "Bank", "we" or "us") understands how important your personal information means to you, takes the confidentiality and security of personal information very seriously, and strives at all times to protect your personal information and privacy according to law. We therefore formulate this DBS China Mobile Banking Personal Information and Privacy Protection Policy (this "Policy" or “Privacy Policy”), and will collect, store, use, provide, publicly disclose, delete, and protect your personal information (including personal information of persons represented by you).This Policy applies to the App (name as DBS digibank CN the "Mobile Banking App"，“Mobile Banking”) for DBS China mobile banking service (the "Mobile Banking Service"). If there is any discrepancy between this Policy and other terms and conditions agreed between you and us, such other agreements shall prevail.Please be sure to read this Policy carefully before applying for or using the Mobile Banking Service, signing the relevant agreement, or browsing, logging in, or using the Mobile Banking App, to help you understand the purposes, methods, and scope of our processing of personal information, our practices regarding personal information and privacy protection, your rights and interests relating to personal information and privacy and how to safeguard your rights and interests.We strive to use plain and concise language in preparing this Policy. The terms of this Policy which are closely related to your rights and interests and the sensitive personal information are highlighted in bold for your special attention.By clicking on the “Agree” button or checking the "Agree" box, you are deemed to have agreed to this Policy and consented to the collection, storage, use, provision, public disclosure and deletion of your information by the Bank in accordance with this Policy.If you have any questions about this Policy when reading it, you may contact the Bank for enquiries by any of methods set out in Section IX of this Policy. This Policy includes the following contents:

I. How We Protect Your Personal Information
II. How We Collect Your Personal Information
III How We Store Your Personal Information
IV. How We Use, Entrust the Processing of, Share, Transfer and Publicly Disclose Your Personal Information
V. How We Use Cookies and Relevant Technologies
VI. Your Rights Relating to Personal Information
VII. How We Process and Protect Minors' Personal Information
VIII. Amendment and Update of this Policy
IX. How to Contact Us
X. Others

I. How We Protect Your Personal Information

A. OverviewIn order to protect the confidentiality, security and privacy of the personal information you provide to us, we follow the principles of reasonableness, legality and legitimacy and comply with the following policies regarding personal information and privacy protection:

Information collected by us will be limited to those we consider necessary for us to comply with laws, regulations and regulatory rules, to understand your needs, establish, review, maintain and develop our relationship with you, and/or to provide you with products and services and continuously improve the quality of our products and services.

Our use of your relevant information is for the purpose of compliance with laws, regulations and regulatory rules, providing you with products and services of high quality, and establishing, reviewing, maintaining and developing our relationship with you.

We will not provide your personal information to any third party, unless such provision is required for the compliance with laws, regulations and regulatory rules, or according to this Policy or other agreements between the Bank and you.

We may be required from time to time to disclose your information to regulators or other authorities (governmental, judicial and etc.) and their agents, but we will only do so to the extent necessary to comply with the relevant laws and regulations, or requirements of the regulators or other authorities.

We make every effort to ensure that the information records we keep about you are accurate and up-to-date.

We have strict security systems in place to prevent unauthorized access to your information.

All members within the DBS Group, all our employees and any third party who have been given permission by us to access your personal information are required to strictly comply with the confidentiality obligation or are under a duty of confidentiality as required by laws or regulations.

We abide by our commitment to the above policies, do our best to maintain the trust you have placed in us.

B. Security Protection Measures

The Bank has taken security measures that meet industry standards to protect the personal information you provide, and the Bank will make every effort to protect the data from unauthorized access, public disclosure, use, modification, damage or loss. The Bank will take all reasonably practicable steps to protect your personal information. For example, the Bank will use encryption technology to ensure the confidentiality of data; the Bank will use trusted protection mechanisms to prevent malicious attacks on data; and the Bank will deploy access control mechanisms to restrict access to personal information being given to authorized personnel only.

The secure area of the Bank's website supports the Transport Layer Security Protocol and 256-bit encryption technology. This encryption technology is the current industry standard for securing data on the Internet. When you provide sensitive personal information through the Bank's website, such information will be automatically encrypted for subsequent secure transmission. The Bank's web servers are equipped with firewalls and our systems are monitored for unauthorized access.

We maintain strict management of employees who may have access to your information, including, but not limited to, contracting with the relevant employees on their confidentiality obligations, establishing, implementing and providing training on rules and regulations regarding information confidentiality and security. When we need to use services provided by external service providers/persons, we also agree with them on strict confidentiality obligations and require them to comply with our security standards for processing personal information.

The Bank has completed the evaluation and filing for the PRC Cybersecurity Multi-level Protection Scheme.

Please understand that the Internet is not an absolutely secure environment and is subject to a variety of factors that may result in circumstances that the Bank cannot reasonably foresee, prevent, avoid or control. Therefore, the Bank strongly recommends that you take proactive measures to protect the security of your personal information, including but not limited to setting up complex passwords and changing them regularly. At the same time, please note that you have the same important responsibility as we have for the security of your information. You should properly safeguard your personal information, such as your bank account information, identification information (such as user name, passwords and other dynamic passwords, authentication codes, etc.), as well as relevant files, devices or other media or that may record such information, and ensure that such information and related files, devices or other media are used only in a secure environment. At no time should you disclose such information to or permit any other person to use such information or related files, devices or other media. If you believe that your personal information and/or related documents, devices or other media have been leaked, lost or stolen, which may affect your safe use of our mobile banking products or services, it is your responsibility to notify us immediately so that we can take appropriate measures to prevent further damage.

In the unfortunate event of a personal information security incident, we will initiate the emergency plan and take appropriate management and remedial measures to prevent the escalation of the incident and the expansion of losses. If the information security incident may cause serious damage to your legitimate rights and interests, we will, in accordance with the requirements of laws and regulations, inform you of the basic situation and possible impact of the incident, the measures we have taken or will take, the recommendation for you to self-prevent and reduce the risk and the applicable remedial measures. We will promptly inform you about the incident by email, letter, telephone, SMS, push notification or other appropriate means. When it is difficult to inform each personal information subject individually, we will take a reasonable and effective way to make an announcement. Moreover, we will report personal information security incidents and status of treatment in accordance with laws and regulations and the requirements of regulatory authorities.

II. How We Collect Your Personal Information1. In order to provide you with the Mobile Banking Service and to ensure its security, you need to provide us with, or allow us to collect from you or (per your consent) a third party, necessary information for the purposes or service functions provided below.

Service functions	Purpose & Necessity	Information We Need to Collect
Signing up for a Mobile Banking App account	Verifying your identity and creating account information for you	Your ID number, a one-time dynamic verification code sent to your preset mobile number. If you use the facial recognition service, you will need to provide facial recognition information, but we will not retain your facial features and movements for our own sake. If you use the Bank’s debit card for verification, you will need to provide your DBS China debit card number and card PIN. If you use email code verification service, you will need to provide a one-time dynamic verification code sent to your preset email address at the Bank.
Logging in to Mobile Banking App account and retrieving username or login password	Verifying your identity for account security	Your username, your preset login password, a one-time dynamic verification code sent to your preset mobile phone. If you use the facial recognition service, you will need to provide facial recognition information, but we will not retain your facial features and movements for our own sake. If you use the Bank’s debit card for verification, you will need to provide your DBS China debit card number and card PIN. If you use email code verification service, you will need to provide a one-time dynamic verification code sent to your preset email address at the Bank.
Using the Mobile Banking Service and Mobile Banking App	Maintaining the normal and safe operation of the Mobile Banking Service and Mobile Banking App, and ensuring the security of transactions, preventing and controlling transactional risks	Your device model, device manufacturer, operating system, unique device identifier, software version number, carrier service provider, login IP address, MAC address, network connection method, Installed list of Apps info, logs related to application browsing, usage, clicks and operations, service log information. When such technical information cannot identify or connect to an individual, it is not considered personal information. When such information alone or in combination with other information can identify or connect to you personally or otherwise constitute personal information under the applicable laws and regulations, we will treat and protect such technical information as your personal information.

If you refuse to provide such information, you will not be able to complete your registration, log in or use the Mobile Banking Service or Mobile Banking App functions safely and properly.

2. You may choose to use the following mobile banking functions at your own discretion. To use the following functions, you need to provide us with, or allow us to collect from you or (per your consent) a third party, the relevant information.

Service functions	Purpose & Necessity	Information We Need to Collect
Initially setting or resetting your DBS China Mobile Banking Service transaction PIN	Verifying your identity for account and transaction security	One-time dynamic verification code sent to your preset mobile number. If you use the facial recognition service, you will need to provide facial recognition information, but we will not retain your facial features and movements for our own sake. If you use the Bank’s debit card for verification, you will need to provide your DBS China debit card number and card PIN. If you use email code verification service, you will need to provide a one-time dynamic verification code sent to your preset email address at the Bank.
Transaction/service verification	Verifying your transaction for transaction security	Based on your choice, we will collect your downloaded digital certificate, preset transaction password and/or the one-time dynamic verification code (on mobile phone) entered by you to verify the acceptance of transaction/service.
Money transfer function	Providing money transfer and remittance services and fulfilling legal obligations such as anti-money laundering and security management.	Domestic fund transfer and payee management: payee’s name, account opening bank information for the receiving account, receiving account number. Cross-border remittance and payee management: payee's name, account opening bank information for the receiving account, receiving account number, the country/area or address of the account opening bank for the receiving account, intermediary bank information
Fingerprint or face based biometric login functions	Verifying your identity	your fingerprint and/or facial biometric verification result generated from your mobile device The above information is only used for identification and login verification. For the purpose of this function, we will not collect your fingerprints and facial image information.
Appointment functions	Recording your appointment request and contacting you	Your name, mobile phone number, registered e-mail address (if applicable) When you make a appointment, the above information will be displayed for your confirmation based on your registered information.
Providing you with better services and enhancing service experience	Based on such information, conducting analysis and statistics to serve as a basis for service adjustments/updates/upgrades, to upgrade customer journey, or to contact you or provide you with appropriate responses, services or products.	Device screen size and resolution, device CPU and memory usage, information provided in your feedback, suggestions or complaints, information provided during your participation in our marketing activities or questionnaire survey.
Financial needs analysis	Assessing your risk profile, and then to provide products and services that match your risk profile	Financial goals, education level, career information, financial situation, investment preferences, risk appetite
Onshore fund products distribution	perform suitability assessment, risk matching and other statutory obligations	Personal annual income

If you refuse to provide such information, you will not be able to use the corresponding service functions, but this will not affect your use of other Mobile Banking Service or Mobile Banking App functions.

3. Our Mobile Banking App may request system permission from you for the following authorized functions and collect your personal information based on your authorization.

System Permissions	Authorized Functions
Camera	Facial recognition
Face ID (for Apple iOS)	Mobile Banking App facial recognition login for certain mobile devices launched by Apple
Fingerprint (for Apple iOS)	Mobile Banking App fingerprint recognition login supported by your mobile device
Call phone (for Android)	Calling our customer service center or relationship manager's phone number
Phone (device info and network info)	Used to get device identifier info, network info like network type, status etc info and for communication with backend systems
External Storage	Used to cache the messages etc. system created/received when using App.
Notification	Push messages in the form of message notification

You can choose whether or not to authorize system permissions when prompted to do so. Refusal to grant permission will prevent you from using the corresponding authorized functions, but will not affect your access to other functions of the Mobile Banking App.

4. When you use the Bank's Mobile Banking Service or Mobile Banking App functions, we may use software development kits ("SDK(s)") provided by third party service providers to provide you with the services. Only by allowing such third party SDKs to process your information, will the Bank be able to implement responsive functions. For the purpose of providing such services, these third party SDKs may collect information from you as follows:

SDK	Third Party Service Provider	Information Collection Purpose, Scope and Required Permissions
Yun Zheng Tong (CFCA) SDK	China Financial Certification Authority Co., Ltd.	Purpose: In order to provide you with Yun Zheng Tong e-signature (digital certificate) service, we use the Yun Zheng Tong (CFCA) SDK for implementing e-signature (digital certificate) function Information fields collected by SDK: Common fields: Customer name, customer ID type, ID number iOS device-specific: Mobile device model, system version, IP address, network connection, IDFV (IdentifierForVendor), whether mobile is jailbreak, APP creation time, APP Bundle ID, APP version, whether the phone has TEE, SE module, Keychain information (used to obtain a unique identifier) Android device-specific: MAC address, system version, device name, model and manufacturer, hardware name, serial number and manufacturer, Android ID, APP producer information, whether mobile is ROOT, Android Keystore logo, whether the phone has TEE, SE module Required system permissions: None
Live Recognition (CFCA) SDK	China Financial Certification Authority Co., Ltd.	Purpose: In order to provide you with live facial recognition & verification function, we will use the Live Recognition (CFCA) SDK, obtain camera access, to securely verify your identity by recognizing your facial features and movements, but we will not retain your facial features and movements for our own sake. Information fields collected by SDK: Facial recognition information, customer name, customer ID type, ID number Required system permissions: Camera permission
Tencent Technology Co., Ltd WeChat Sharing SDK	Tencent Technology Co., Ltd	Purpose: To enable you to share relevant pages in the Mobile Banking App (such as product pages) to the WeChat platform Information fields collected by SDK: Unique device identifier, Device MAC address Required system permissions: None
Baidu push notification SDK	Beijing Baidu Netcom Science and Technology Co., Ltd.	Android specific (for China Android market), no such SDK in iOS Purpose: Used for message push notification Information fields collected by SDK: Android ID, Device Info Required system permissions: Notification Phone (device info and network info) External Storage Special Note: In order to realize the message push notification function such as transaction information, this SDK may start automatically when the device is turned on or restarted. Refer to Baidu push notification SDK privacy policy: https://push.baidu.com/doc/guide/baidu_legal
Xiaomi push notification SDK	Beijing Xiaomi Mobile Software Co.,Ltd.	Android specific (for China Android market), no such SDK in iOS Purpose: Used for message push notification Information fields collected by SDK: Android ID，Device info，App package name、version no, running status Required system permissions: Notification Phone (device info and network info) Refer to Xiaomi push SDK privacy policy: https://dev.mi.com/console/doc/detail?pId=1822
Oppo push notification SDK	Guangdong HeyTap Technology Co., Ltd.	Android specific (for China Android market), no such SDK in iOS Purpose: Used for message push notification Information fields collected by SDK: Device info (IMEI, OAID，Serial Number，IMSI，User ID，Android ID，Google Advertising ID, Region setting，device model，quantity of phone's electricity，version of phone's OS, language), App info (package name, version code, SDK version), network info (connection with IP or domain, network type), notification info(result of message delivering, permission of notification showing, notification clicking), screen lock (if screen lock or not, if allow to show notification when screen lock) Required system permissions: Notification Phone (device info and network info) External Storage Refer to Oppo push privacy policy: https://open.oppomobile.com/new/developmentDoc/info?id=10288
Huawei push notification SDK	Huawei Technologies Co., Ltd.	Android specific (for China Android market), no such SDK in iOS Purpose: Used for message push notification Information fields collected by SDK: Basic app information (App ID, Push SDK version number, and HMS Core (APK) version number, app version number, and app package name), In-app device identifier(AAID and push token), Device hardware information (Device type (such as mobile phone or tablet), Device model), Basic system information (System type (Android) and version), System version, System settings (Country/Region code) Required system permissions: Notification Phone (device info and network info) Refer to Huawei push privacy policy: https://developer.huawei.com/consumer/en/doc/development/HMSCore-Guides/sdk-data-security-0000001050042177
Meizu push notification SDK	Zhuhai Xingji Meizu Technology Co., Ltd.	Android specific (for China Android market), no such SDK in iOS Purpose: Used for message push notification Information fields collected by SDK: Device info (Phone brand, Phone Model, System Version, Language, Device Identifier), Notification info (Notification Content) Required system permissions: Notification Phone (device info and network info) Refer to Meizu push privacy policy: https://open.flyme.cn/docs?id=202
Vivo push notification SDK	Vivo Communication Technology Co. Ltd.	Android specific (for China Android market), no such SDK in iOS Purpose: Used for message push notification Information fields collected by SDK: Device Identifier Info (like IMEI, EmmCID, UFSID, Android ID, GUID, GAID, OPENID, VAID, OAID, RegID), App info (like Package Name, Version, APPID, SDK Version), Device Manufacturer and Network Info (like IP, Network type, Country Region Code, Device type (such as mobile phone or tablet)), Notification Info (timestamp of notification creating, delivering and clicking, notification delivering result), System Info (Device model, OS version, Notification bar status, if screen lock or not, setting about whether to show notification when screen is locked) Required system permissions: Notification Phone (device info and network info) External Storage Refer to Oppo push privacy policy: https://dev.vivo.com.cn/documentCenter/doc/652
Zdefend and ZDetection SDK	Zimperium, Inc.	Purpose: To assess and protect the security of Mobile Banking App running in installed device Information fields collected by SDK: Running processes System version Mobile device model Installed list of Apps info Android ID SSID (not collect yet) BSSID (not collect yet) Required system permissions: Phone (device info and network info) Note: As this SDK is used to ensure the safety of the Mobile Banking App, this SDK cannot be turned off specifically
Cisco AppDynamics Mobile RUM Agent SDK	Cisco Systems, Inc.	Purpose: Provide end-to-end visibility on the performance of mobile applications as well as help customer troubleshoot problems such as slow mobile network requests and crashes. Information fields collected by SDK: Mobile Carrier Name Network Connection Type Device Model App Version OS Version IP Address App Crash info Network requests and responses info including errors Required system permissions: Phone (device info and network info) Note: As this SDK is used for performance monitoring as well as customer problems troubleshooting like App crash on the Mobile Banking App, this SDK cannot be turned off specifically
Google Firebase Notifications SDK	Google LLC	Android specific (for Overseas Android market), no such SDK in iOS Purpose: Used for message push notification Information fields collected by SDK: Application Version OS Version Device Model Name Device Model ID Device Brand APP that was used to install our Digibank App (like Google Play Store) Firebase SDK version Required system permissions: Notification Phone (device info and network info
Share SDK	MobTech	Android specific, no such SDK in iOS Purpose: One tool SDK used for implementation to let user to share some page of the App (like public product info page) or information to Wechat platform Information fields collected by SDK: None Required system permissions: None
Mob SDK	MobTech	Android specific, no such SDK in iOS Purpose: One tool SDK used for implementation to let user to share some page of the App (like public product info page) or information to Wechat platform Information fields collected by SDK: None Required system permissions: None
Google Architecture and UI component SDK	Google inc.	Android specific, no such SDK in iOS Purpose: One tool SDK used for implementation to realize App related front-end functions Information fields collected by SDK: None Required system permissions: None
ADMod SDK	Google inc.	Android specific, no such SDK in iOS Purpose: One tool SDK used to check whether phone has Google Play service or not Information fields collected by SDK: None Required system permissions: None
Android Support SDK	Google Inc.	Android specific, no such SDK in iOS Purpose: One tool SDK used in implementation to support Android old versions Information fields collected by SDK: None Required system permissions: None
Okhttp SDK	Square	Android specific, no such SDK in iOS Purpose: One tool SDK by utilizing its network libraries to realize related features during App implementation. Information fields collected by SDK: None Required system permissions: None
Okhttp3 SDK	Square	Android specific, no such SDK in iOS Purpose: One tool SDK by utilizing its network libraries to realize related features during App implementation. Information fields collected by SDK: None Required system permissions: None
Okio SDK	Square	Android specific, no such SDK in iOS Purpose: One tool SDK by utilizing its network libraries to realize related features during App implementation. Information fields collected by SDK: None Required system permissions: None
Squareup SDK	Square	Android specific, no such SDK in iOS Purpose: One tool SDK by utilizing its network libraries to realize related features during App implementation. Information fields collected by SDK: None Required system permissions: None
Apache SDK	Apache	Android specific, no such SDK in iOS Purpose: One tool SDK by utilizing its native Java library (JDK8) to realize related features during App implementation. Information fields collected by SDK: None Required system permissions: None
Github open source SDK	Github	Android specific, no such SDK in iOS Purpose: One tool SDK to realize PDF display Information fields collected by SDK: None Required system permissions: None
Facebook Shimmer SDK	Meta Platforms, Inc	Purpose: One tool SDK to realize shimmer effect of UI display Information fields collected by SDK: None Required system permissions: None
Glide SDK	Bumptech	Android specific, no such SDK in iOS Purpose: One tool SDK for App frontend images fast loading and display Information fields collected by SDK: None Required system permissions: None
Bmob Sdk	Bmob	Android specific, no such SDK in iOS Purpose: One tool SDK used to realize Wechat sharing function Information fields collected by SDK: None Required system permissions: None
PinLayout SDK	layoutBox	iOS specific, no such SDK in Android Purpose: One tool SDK used for front-end UI layout display Information fields collected by SDK: None Required system permissions: None
Macaw SDK	exyte	iOS specific, no such SDK in Android Purpose: One tool SDK used for front-end UI layout display Information fields collected by SDK: None Required system permissions: None
Lottie SDK	Airbnb	iOS specific, no such SDK in Android Purpose: One tool SDK used for front-end UI layout display Information fields collected by SDK: None Required system permissions: None
FlexLayout SDK	layoutBox	iOS specific, no such SDK in Android Purpose: One tool SDK used for front-end UI layout display Information fields collected by SDK: None Required system permissions: None
HanziPinyin	teambition	iOS specific, no such SDK in Android Purpose: One tool SDK used for App localization Information fields collected by SDK: None Required system permissions: None
Charts SDK	danielgindi	iOS specific, no such SDK in Android Purpose: One tool SDK used for front-end charts display Information fields collected by SDK: None Required system permissions: None
Teambition Wechat SDK	teambition	iOS specific, no such SDK in Android Purpose: One tool SDK used for implementation to let user to share some page of the App (like public product info page) or information to Wechat platform Information fields collected by SDK: Device info, DBS public product info that user shares Required system permissions: None
Adobe SDK	Adobe Systems Software Ireland Limited	Purpose: Collection of clickstream data, including user interactions, page views, app usage, and event tracking, from mobile apps and other digital platforms for advanced analytics and insights Information fields collected by SDK: Page Views Button click events Session duration/frequency Device information (model, operation system, screen resolution, device type, browser type, connection speed) App version Referrers Campaign tracking Error tracking In-app behavior (navigation patterns, feature usages) IP Address Required system permissions: Phone (device info and network info)
Live Recognition (Junyu) SDK	Shanghai Junyu Technology Co. ltd.	Purpose: One tool SDK used by Live Recognition (CFCA) SDK to support live facial recognition & verification function. Information fields collected by SDK: None Required system permissions: None

If you do not agree to the above information collection by the above third party service provider SDKs, you may not be able to receive the corresponding services, but this will not affect your normal use of other Mobile Banking Services or Mobile Banking App functions. If any of the above third party service providers that collect the above information causes leakage of the information or uses such information in violation of the law, the third party service provider shall bear the corresponding legal liability.

5. Please understand that the Mobile Banking Services we provide to you will be constantly updated and developed. If you choose to use other services that are not covered in the preceding description, for which we need to collect your information, we will separately explain to you the purpose, method and scope of information to be collected through reasonable means such as prompts, interactive processes, agreements, etc., and obtain your consent. We will use, store, provide and protect your information in accordance with this Policy and any other agreements (if any); if you choose not to provide such information, you may not be able to use a particular service or part of a service, but this will not affect your use of other services provided by us.

6. To the extent permitted by laws and regulations, in the following circumstances, we may collect and use your personal information without your consent:

(1) where it is in relation to our performance of obligations under laws and regulations;

(2) where it is in direct relation to state security or national defense security;

(3) where it is in direct relation to public security, public health, or major public interest;

(4) where it is in direct relation to criminal investigation, prosecution, trial, enforcement of judgment, etc.;

(5) where the purpose is to protect your or other individuals' life, property or other material legitimate rights and interests but it is difficult to obtain your consent;

(6) where the personal information involved is disclosed by you to the public at your own discretion;

(7) where it is necessary for the conclusion and performance of a contract at your request;

(8) where personal information is collected from lawful public disclosures, such as lawful news reports, government information disclosure and other channels;

(9) where it is necessary for maintaining the safe and stable operation of the products or services provided, such as discovering, handling product or service failures;

(10) other circumstances provided by laws and regulations.

III． How We Store Your Personal InformationWe comply with the laws and regulations of the People's Republic of China on data storage, store your personal information collected or generated in the People’s Republic of China, within the territory of the People’s Republic of China. And will, according to and to the extent necessary for complying with laws and regulations, regulatory rules, archiving, accounting, auditing or reporting requirements, and the purposes set forth in this Policy, retain your personal information for a minimum period.To the extent permitted by laws and regulations, for the purpose such as providing cross-border services (e.g. cross-border remittance), your personal information may be transmitted to another country or region. Under such circumstances, we will obtain your consent according to the requirements under laws and regulations, and adopt appropriate, necessary and effective measures (e.g. encrypted transmission) to safeguard the security of your information.After the retention period expires, we will destroy, delete or anonymize relevant information, except for those that need to be retained for settlement of indebtedness between you and us, resolving complaints and disputes related to you, or providing records to or responding to enquiry request by you, regulators or other authorities. In such case, we will not further use the information for additional daily business operation purpose.

IV. How We Use, Entrust the Processing of, Share, Transfer and Publicly Disclose Your Personal Information

A. We will use your information in the following circumstances:

To achieve the purposes and functions mentioned in above Section II of this Policy "How We Collect Your Personal Information", to verify your identity, to contact you, to approve, process or execute your application or instruction for transactions;

to ensure safe and stable financial services, we will use your information for identity verification, security precautions, fraud detection, preventing or prohibiting illegal or incompliant activities, controlling or reducing risks, recording or filing purposes;

to report to relevant regulators or other competent authorities according to laws, regulations or regulatory requirements;

to maintain and improve mobile banking business functions, develop new service function (if the use of your personal information under the new service function goes beyond your consent, we will further seek your prior consent to such use);

subject to your authorization, to promote the Bank’s other products and services and to introduce to you the products or services that may interest you, such marketing messages may be sent to you in various forms, including but not limited to social media (such as WeChat push), email, direct mail, SMS, telephone, fax and other mobile communication services, but excluding personalized targeted push via the Mobile Banking App;

to make statistics and analysis of our business, the use of our products, services or functions, so as to present overall trend of such business, products, services or functions. But such statistics will not contain any information that could identify you;

to resolve complaints, claims or disputes, or to conduct relevant investigations.

B. Marketing and Promotion

The above-mentioned information collection and use set out herein does not affect our use of your information in accordance with the purpose that you have otherwise specially agreed with us. If we want to use your personal information for other purposes other than those stated in this Policy or otherwise agreed between you and us, we shall re-obtain your consent before using it.Only upon your prior consent and to the extent no subsequent request to withdraw the consent has been received from you, will the Bank directly send you marketing messages, including special offers, promotions and activities that you may be interested in or eligible for. Such marketing messages may be sent to you in various forms, including but not limited to social media (such as WeChat push), email, direct mail, SMS, telephone, fax and other mobile communication services, but excluding personalized targeted push via the Mobile Banking App. When sending you marketing messages, the Bank will comply with all applicable personal information and privacy protection laws and regulations.If you do not want us to use your personal information for marketing purposes, you may notify us to exercise your right to opt out of receiving such marketing messages. If you choose not to receive marketing messages, please call our hotline at 4008208988. We will, as soon as possible after receiving your request (usually no later than 15 working days after receiving your request), take relevant measures to ensure that marketing messages will no longer be sent to you.Currently, the Bank will not provide personalized targeted push on the Mobile Banking App based on your personal information.

C. Entrusted Processing and SharingThe Bank will not provide your personal information to any other companies, organizations or individuals, unless we obtain your explicit consent or authorization. We will only entrust third parties to process your personal information or share your personal information (to the extent related to specific purposes) with third parties for legitimate, justifiable, necessary and specific purposes.When we entrust a third party to process your personal information, we will agree with the third party on matters such as the processing purpose, time period, method, type of personal information involved, protection measures, rights and obligations of the parties. We will supervise the personal information processing activities of the third party by adopting standards no lower than our own personal information protection standards.If the Bank needs to share your personal information with another party, we will fulfill the obligation to notify you and obtain your consent in accordance with the law. For the purposes listed above in this Policy, the Bank will provide and disclose part or all of your personal information to the following recipients on confidential basis and to the extent that such provision is necessary and is made with proper protective measures (the recipients may also, subject to relevant laws and regulations, use, process and disclose the received information for the above purposes, provided that it takes appropriate protective measures in accordance with applicable laws and regulations or our requirements):(1) any member of the DBS Group;(2) any contractor, subcontractor, agent, service or product supplier, licensor, professional consultant, business partner, or associated person (including employees, directors and officers) of the DBS Group;(3) any related regulator or other competent authorities, or any entity or individual designated by such regulator or competent authorities;(4) anyone acting on your behalf according to your authorization or per law, payees, beneficiaries, account nominees, intermediaries, correspondent and agent banks (e.g. those for CHAPS, BACS and SWIFT), clearing houses, clearing or settlement systems, upstream withholding agents, swap or trade repositories, stock exchanges, companies in which you have an interest in securities (where such securities are held by us for you), or anyone making any payment to you;(5) any person or relevant party who has right or obligation, acquires an interest or assumes risk, in or in connection with any product or service you receive from the Bank, or any business you conduct at the Bank or any transaction you make with the Bank (e.g. the person who provides or proposes to provide any mortgage or other security for any of your debts to the Bank, or the beneficiary of the insurance product that the Bank distributes to you);(6) other financial institutions, industry associations, bank card organizations, credit rating agencies, credit reference agencies (including but not limited to the Basic Financial Credit Information Database) and information service providers;(7) any third party asset manager providing you with asset management services through us;(8) any third party to whom we provide referral, agency or intermediary service;(9) any person to whom the Bank or any member of the DBS Group is obliged or required to disclose information for the purposes specified herein;(10) relevant third parties as set out in the agreements and/or the terms and conditions governing the relationship between the Bank and you.Since we rely on the group's global resources to provide products or services, to the extent permitted by laws and regulations, we may use intra-group systems located overseas (such as Singapore) to process your personal information, which means that your personal information may be transferred to offshore entity(ies) within the DBS Group. Meanwhile, we may need to provide your personal information to relevant overseas partners or service providers for the purpose of conducting cross-border business, for example, in order to provide cross-border remittance service(s) to you or your affiliate(s), provide your personal information to third party participants such as overseas intermediary bank(s) and receiving bank(s); or provide your personal information to our cooperation bank(s) in Hong Kong for the purpose of providing Great Bay Area Wealth Management products/services to you or your affiliate(s). For the aforementioned cross-border information transfer, you may seek further information on the recipient, the type of information to be transferred and other specific information in relevant business documents or by contacting us via the contact information listed in "IX. How to Contact Us" of this Policy. If we provide your personal information overseas, we will comply with provisions and requirements on cross-border personal information transfer under laws and regulations. According to applicable laws and regulations, your personal information will be protected by a code of confidentiality and security which the Bank, members of the DBS Group, their staff and third parties are subject to, whether it is processed domestically or overseas.

D. TransferWithout your explicit consent, we will not transfer your personal information to any other company, organization or individual, except where it is necessary in the case of our business/asset transfer, restructuring, disposal (including securitization), merger, spin-off or acquisition transaction of the Bank. In such case, we will inform you of the identity and contact information of the personal information recipient via methods such as email, private message, online announcement in accordance with law. The Bank will request the new company, organization or entity holding your personal information to continue to be bound by this Policy. If the personal information recipient intends to change the processing purposes or methods of personal information, we will request it to re-obtain your consent according to the requirements of applicable laws and regulations then in force.

E. Public Disclosure

We will not disclose your personal information to the public unless we have your explicit consent. If public disclosure is necessary, we will notify you of the disclosure purpose, types of personal information to be disclosed; if any sensitive personal information is involved, the Bank will also notify you of the types of your sensitive personal information, the necessity to process sensitive personal information, as well as the impact on your personal rights and interests.

Please kindly understand that the Bank may publicly disclose your personal information under the mandatory requirements of laws, legal procedures, litigations or government authorities.

F. Exemptions to Authorization and Consent

According to relevant laws and regulations, regulatory requirements, and national standards, the Bank may share, transfer, publicly disclose your information without your prior authorization and consent in the following circumstances:

where it is in relation to our performance of obligations under laws and regulations;

where it is in direct relation to state security or national defense security;

where it is in direct relation to public security, public health, or major public interest;

where it is in direct relation to criminal investigation, prosecution, trial, enforcement of judgment, etc.;

where the purpose is to protect your or other individuals' life, property or other material legitimate rights and interests but it is difficult to obtain your consent;

where the personal information involved is disclosed by you to the public at your own discretion;

where it is necessary for the conclusion and performance of a contract at your request;

where personal information is collected from lawful public disclosures, such as lawful news reports, government information disclosure and other channels;

other circumstances provided by laws and regulations.

V. How We Use Cookies and Relevant TechnologiesWhen you visit, browse and use the Mobile Banking App, the App will record to analyze the number of visitors to the application, general usage patterns and your personal usage patterns and optimize your experience. Some information will be collected through "Cookies". Cookies are small text files placed on your mobile device when you use an application. Cookies collect information about users and how they use an application, such as their Internet Protocol (IP) address, and how they navigate within the application. We use cookies and other technologies to facilitate your use of our application, to provide products and/or services based on your preferred settings, to track the use of our application, and to compile statistics on the activities conducted on our application.You may manage or delete Cookies according to your preference, including removing all the Cookies stored on your mobile device from local terminal. However, after changing the setting you may not be able to enjoy the convenience that Cookies bring, but your normal use of other functions of the Mobile Banking App will not be affected.In addition, the Bank's Mobile Banking App may also engage third-party companies to investigate application traffic and other activities on the application. Such companies may use Cookies and other technologies to collect more information about the visitors to the Bank's applications (such as user distribution, behavior and usage patterns) and to improve the efficiency of the Bank's marketing. Such companies will provide the Bank with the information collected in a consolidated manner, and the Bank will not provide to or obtain from such companies personal data that can identify you.

VI. Your Rights Relating to Personal Information

You have the right to request us to safeguard the security of your personal information in accordance with the provisions of laws, regulations and this Policy.

You have the right to check with the Bank whether we hold your personal information, and to access and review the personal information you have provided to the Bank.

You have the right to obtain a copy of your personal information. Please contact us through the contact details provided in section XI. Subject to relevant legal requirements and technical feasibility, we will provide you a copy of your personal information after receiving your request.

You have the right to check with the Bank about our policies regarding the protection of personal information and privacy. If you have any queries about this Policy, you are entitled to request us to provide you with explanations and interpretations so as to help you further understand our practices in relation to the protection of personal information and privacy and possible consequences, as well as your rights and interests in relation to personal information and privacy under this Policy.

You have the right and obligation to promptly update your personal information with the Bank to ensure that all the relevant information is accurate and up-to-date. You have the right to request the Bank to provide convenience for you to update your personal information and to request the Bank to correct any of your information that is inaccurate. Under normal circumstances, the Bank will update your personal information within 1 working day after receiving your request.

Where personal credit business is related, you have the right to request to be informed of your personal information that is provided to credit reference agencies by the Bank, so as to enable your request to the relevant credit reference agencies for access to and correction of your information.

You may request to access and review, or correct your personal information held by DBS China. The Bank reserves the right to charge a reasonable fee for handling your request for information access and review or correction, the amount of which depends on the nature and complexity of your request.

You have the right to supervise or make suggestions on the Bank's practices regarding personal information and privacy protection, and to file complaints or make claims in accordance with the law for any infringement on your rights and interests by the Bank or its employees in relation to personal information and privacy.

This Policy will not restrain the rights you have under the PRC laws as a personal information subject.

You have the right to request us to delete or otherwise properly process your personal information in accordance with laws and regulations, this Policy and agreement(s) between you and us. Under normal circumstances, we will respond to you within 15 working days after receiving your request.

You may exercise the abovementioned rights via the contact information listed in Section IX hereof.

Even if you accept this Policy, you still have the right to withdraw your previous consent at any time. You can withdraw your consent via the "More - Privacy Policy" menu after logging in to the Mobile Banking App.

You have the right to choose to uninstall the Mobile Banking App. Please note that if you are a registered user of the Mobile Banking Service of the Bank, uninstalling the Mobile Banking App is not equivalent to deregistering your mobile banking account.

You have the right to deregister your mobile banking account (close the bank account or suspend the mobile banking service for the bank account. For the safety of the bank account, please call customer service hotline (4008208988) or personally visit the branch office of the Bank to conduct the deregistration. Under normal circumstances, the Bank will complete deregistration of the mobile banking account within 1 working day after receiving your request). After you deregister your mobile banking account, we will no longer collect relevant information of you, and will delete or anonymize your relevant personal information in accordance with laws and regulations, this Policy and agreement(s) between you and us, except for those that need to be retained in accordance with laws and regulations, regulatory rules, archiving, accounting, auditing, reporting requirements, or for settlement of indebtedness between you and us, resolving complaints and disputes related to you, or providing records to or responding to enquiry request by you, regulators or other authorities. In such case, we will not further use the information for additional daily business operation purpose.

VII. How We Process and Protect Minors' Personal Information

Minors may only use the Bank's services under the supervision of their parents or other guardians. The Bank will protect the confidentiality and security of the personal information of minors in accordance with relevant laws and regulations of the state.

We pay particular attention to the protection of minors' personal information. We have no intention to collect any personal information of minors, unless we have the consent of their parents or other guardians and it is necessary for us to provide relevant products or services to the minors (e.g. the minors may be the holders of the junior accounts opened with the Bank, the beneficiaries of the insurance products distributed by the Bank, or heirs of the Bank’s individual customer(s)).

If you are under 18 years of age, it is suggested that your parents or other guardians should carefully read this Policy and your personal information should be provided only after obtaining consent from them. Meanwhile, it is suggested that your use of our products and services should be under the guidance of your parents or guardians. If your parents or guardians do not give consent to your provision of your personal information or your use of any of our products or services, you should immediately stop providing the information or stop using our product or service, and notify us of such circumstance as soon as possible, so as to allow us to take appropriate actions accordingly.

If you are under 18 years of age, for the personal information we collect with the consent of your parents or guardians, we will only use or disclose such personal information to the extent permitted by laws and regulations or explicitly consented to by your parents or guardians or where necessary for the protection of your rights and interests.

If you are children under 14 years of age, you should use our services or provide your information to the Bank and third parties after obtaining the consent from your parents or guardians. We will only process personal information of children under 14 in accordance with Provisions on the Cyber Protection of Children's Personal Information, to the extent permitted by laws and regulations or explicitly consented to by your parents or guardians. If your parents or guardians do not agree to your use of the Bank's services or provision of information to the Bank in accordance with this Policy, please immediately stop using the Bank’s services and notify the Bank in a timely manner, so as to allow the Bank to take appropriate actions accordingly.

Where we are aware that we are processing personal information of minors without prior verifiable consent of their parents or guardians, we will seek to delete such personal information as soon as possible.

VIII. Amendment and Update of this Policy
1.The Bank reserves the right to update or amend this Policy from time to time, to ensure this Policy is in line with the developments of how your personal information is used or changes in applicable laws and regulations. The change to this Policy will not restrict or reduce the rights you have under the PRC laws as a personal information subject.

2. We will release the changes to this Policy or the updated Policy on relevant pages of the Mobile Banking App via push notifications, pop-up prompts, announcements, etc. and notify you to re-consent. For material changes, we will notify you via pop-up prompts or emails, and provide necessary explanations on the materials changes.
Material changes referred to in this Policy include without limitation:(1) major changes in our service model, such as changes in the purpose of personal information processing, the types of personal information being processed, the manners in which personal information is used, etc.;(2) major changes in our ownership structure, organizational structure, etc., such as changes in owners as a result of business adjustments, bankruptcy, mergers, acquisitions and etc.;(3) changes in the main recipients with/to whom personal information is shared, transferred or publicly disclosed;(4) major changes in your rights to participate in the processing of your personal information or the manners in which such rights may be exercised;(5) changes in our contact details to deal with your personal information request, or changes in channels for complaints filing;If you do not agree on the updated content, please stop using the Mobile Banking Service immediately and deregister the relevant account; if you continue to use the Mobile Banking Service or Mobile Banking App after the update of this Policy, you will be deemed as having fully read, understood and accepted the updated version of this Policy and agree to the Bank’s collection, storage, use, provision, disclosure, deletion and protection of your relevant personal information in accordance with the updated Policy.

3. You may access and view this Policy on the Mobile Banking App via “More-Privacy Policy”.

IX. How to Contact Us

If you have any question, comment or suggestion, or any relevant complaints, whistle-blowing, please contact the Bank. You may contact us by calling the Bank’s customer service hotline (4008208988) or visit the branch office of the Bank, you may also visit the Bank’s official website (www.dbs.com.cn) or the WeChat public account “DBS Treasures” (WeChat account: DBSTreasures) to check the nearby business outlets. The Bank will process your comment, suggestion and relevant questions in a timely manner. Under normal circumstances, the Bank will reply within 15 working days or the shorter period stipulated by laws and regulations (if applicable) after receiving your request.Company name: DBS Bank (China) LimitedAddress: Unit 1301, 1306, 1701 and 1801, DBS Bank Tower, 1318, Lujiazui Ring Road, Pudong New Area, ShanghaiData Protection Officer email address: dbspip@dbs.comCustomer service hotline: 4008208988 (7*24 hours)Notwithstanding the foregoing, we may reject your request that is illegal, in violation of regulatory rules, repeated without ground, unreasonable or technically impracticable. According to laws and regulations, we may not be able to respond to your request under any of the following circumstances: (1) where the request is in relation to our performance of obligations under laws and regulations;(2) where the request is in direct relation to state security or national defense security;(3) where the request is in direct relation to public security, public health, or major public interest;(4) where the request is in direct relation to criminal investigation, prosecution, trial, enforcement of judgment, etc.;(5) where we have sufficient evidence of malice or abuse of rights on your part;(6) where the purpose is to protect your or other individuals' life, property or other material legitimate rights and interests but it is difficult to obtain your consent;(7) where responding to your request will lead to significant damage to the legitimate rights and interests of you or any other individual or entity;(8) where the request involves any trade secret.If you are not satisfied with our reply, especially if you believe that the Bank's processing of personal information have damaged your legitimate rights and interests and cannot be resolved through effective communication with the Bank, you can also file a complaint or report to the regulatory authorities such as Cyberspace Administration, Ministry of Industry and Information Technology, Ministry of Public Security, and Administration for Market Regulation, or seek solutions by filing a lawsuit with the competent people's court where the Bank is domiciled.

X.Others

Where you provide to us personal information of another person, you should ensure that such person is aware of and has consented to this Policy and, in particular, you should inform him/her of how we may use his/her information. You may remind such person to read this Policy in advance and may also give him/her a copy of this Policy. If you fail to provide the notification or obtain sufficient consent, you shall be solely liable for all the consequences and the Bank reserves the right to make claims against you and get indemnified in this regard.

The Bank's Mobile Banking App and related websites/online service platforms may contain links to other websites/online service platforms that are not operated by the Bank. When you visit these third-party websites/online service platforms, the privacy policies of such third-party websites/online service platforms shall apply, and we remind you to read and pay attention to the content of these privacy policies.

In case of any discrepancy between the Chinese version and English version of this Policy, the Chinese version shall prevail.

Personal Information and Privacy Protection Policy

About DBS

Useful Links

Need Help?

Markets