PERSONAL DATA PRIVACY POLICY STATEMENT

1. DEFINITION 1.1 The defined terms used in the Terms and Conditions of Securities Account are adopted herein unless otherwise stated.

2. PURPOSE 2.1 This statement is issued under and pursuant to Personal Data (Privacy) Ordinance (the “Ordinance”). 2.2 The Company shall from time to time collect personal data (“Data”) from individual clients. The purposes for which Data relating to the clients may be used are as follows:- (i) the daily operation of the services and facilities provided to the clients; (ii) to conduct credit check; (iii) to assist other institutions to conduct credit checks; (iv) to ensure clients’ ongoing credit worthiness; (v) to design services or products for the clients’ use; (vi) to market financial services or related products to clients; (vii) to determine the amount of indebtedness owed to or by the clients; (viii) to meet the requirements to make disclosure under the requirements of any applicable laws, codes, rules and regulations; and (ix) any purposes relating to any of the foregoing.

3. DISCLOSURE 3.1 The Company may disclose and it is a condition of the Company providing services, products and information to the clients that each of the clients consents to the disclosure of all Data (and other information) to:- (i) any officer, employee, agent, servant, contractor or third party who provides administration, credit information, debt collection, telecommunication, computer, payment or other services to the Company in connection with the operation of its business; (ii) any financial institution with which the clients have or proposes to have dealings; (iii) regulatory authorities and other relevant government bodies; and (iv) any other person under a duty of confidentiality to the Company including the Associate which has undertaken to keep such information confidential. 3.2 The Company shall share information regarding the clients among the Company and the Associate in accordance with strict internal security standards and confidentiality policies and with applicable laws. 3.3 Without prejudice to the generality of the foregoing, the Company does not share information about the clients with other companies except in order to conduct business, comply with applicable laws, rules and regulations, protect against fraud or make available special offers of products and services that may be of interest to the Client. The Company may also provide information to regulatory authorities and law enforcement officials in accordance with applicable laws, codes, rules and regulations.

4. MATCHING 4.1 The Company may, in accordance with the Ordinance and any other applicable laws match, compare or exchange any of Data or other information provided by, or in respect of the clients with Data or other information held by the Company or any other person for the purpose of:- (i) credit checking procedures; (ii) Data verification; (iii) otherwise producing or verifying Data which may be used for the purpose of taking adverse action against the clients or any other person at any time; and (iv) transfer such Data to any place outside Hong Kong (whether for the processing, holding or use of such Data outside Hong Kong).

5. CLIENTS’ RIGHT 5.1 Under and pursuant to the provisions of the Ordinance, the clients have a right to:- (i) check whether the Company hold Data about the clients and has the right of access to such Data; (ii) require the Company to correct any Data relating to the clients which is inaccurate; and (iii) ascertain the Company’s policies and practices in relation to Data and to be informed of the kind of Data relating to the clients held by the Company. 5.2 Request for access and/or correct any Data that the clients have supplied shall be sent to the following address:- First Securities (HK) Limited Room 1708-10, 17/F., China Insurance Group Building, 141 Des Voeux Road Central, Hong Kong Attn:The Data Protection Officer 5.3 In accordance with the provisions of the Ordinance, the Company has the right to charge a reasonable fee for the processing of any Data access request.

6. GENERAL 6.1 The Company has established high standards for protecting information regarding the clients from unauthorized alteration or destruction. 6.2 The Company shall hold its employee fully accountable for adhering to those standard, policies, laws, codes, rules and regulations relating to personal data privacy. 6.3 The Company shall continue to maintain its dedication to ensure that Data is properly used and appropriately safeguarded.