SDIL PRIVACY POLICY

Thank you for your trust and support, we understand the importance of your personal information, we will take appropriate measures to protect your personal information. NOW, THEREFORE, SDIL and other related companies (hereinafter “We/SDIL”) have instituted this Privacy Policy (hereinafter “this Policy/this Privacy Policy”) and hereby reminded you of:

SDIL has entered into or will enter into a Customer Agreement with you for the relevant products or services provided to you (including services such as brokerage account opening and trading) and this Policy is part of the Customer Agreement and applies to the products or services provided by SDIL.

This Policy has a close relationship with your use of our products and services. Please read this Policy carefully before using any of our products and services, and use the relevant products and services after you acknowledge that you fully understand and agree to this Policy. By starting to use any of our products or services, it represents that you fully understand and agree to this Policy and agree that we will collect, use, store, share and protect your related information in accordance with this Policy. Depending on the different use of the products and services and the different type of transactions, your personal information will be treated strictly in accordance with the Data Protection Act.

If you have any questions about this Policy or related matters, please contact us through our customer service. 

This Policy will help you understand the following:

1.      How we collect and use your personal information

2.      How we use cookies and similar technologies

3.      How we share, transfer and publicly disclose your information

4.      How we protect your information

5.      Your rights

6.      How we protect minors' information

7.      How does your information move globally

8.      How is this Policy updated

9.      How to contact us.

 

1.     How we collect and use your personal information

When you use our products and/or services, your personal information may be collected and used in the following two scenarios:

1.1. To provide you with the basic functions of our products and/or services, you must authorize us to collect and use the necessary information. If you refuse to provide such information, you will not be able to properly use our products and/or services;

1.2. Information you have chosen to authorize us to collect and use in order to provide you with additional functionality for our products and/or services. If you refuse to provide this information, you will not be able to use the related additional features or achieve the desired results, but it will not affect your normal use of the basic features of our products and/or services. 

You understand and agree that:

1.3. We are committed to developing a diverse range of products and services to meet your needs. We provide you with a large range of products and services and the scope of specific products/services can be chosen to be used by different users. Therefore, the basic/additional functions and the type and scope of personal information collected and used will vary accordingly. 

1.4. In order to bring you a better product and service experience, we continue to strive to improve our technology, with which we may launch new or optimized features from time to time, and may need to collect, use, or change the purpose or the way that personal information is used. In this regard, we will otherwise explain to you the purpose, scope and use of the relevant information by updating this Policy, pop-up window and webpage reminder and provide you with methods to approve the same, and collect and use such information upon express consent from you. If you have any questions, comments or suggestions during such process, you may contact us by the contact information provided on our website and we will answer your questions as soon as possible. 

1.5. We will implement the following functions of this Policy to collect and use your personal information:

a)     Performance of anti-money laundering obligations and real-name system management in accordance with laws and regulations and regulatory provisions.

When you apply for opening an account, you shall provide your identity information as required in accordance with laws, regulations and regulatory provisions, including name, nationality/country of legal residence, type/number of valid identity certificate, mobile phone number, email address, residential address information, date of birth, personal specimen signature, face identification information, tax information, the country of birth; if your permanent address is different from the ID address, you are required to separately provide documents to prove your residential address (for example, water and electricity bill/bank statement/driver license/housing property certificate/household register, etc. which contains address information). 

During the account opening process, when you perform face recognition and identity verification, you may need to enable the camera and album (photo album) permissions of the device. We will collect your facial features and valid identity documents and use them strictly within the scope of your authorization to safeguard the security of your account and transaction. If you do not want to provide the above information or refuse to open the above device permission, you may not be able to complete the account opening process and will not be able to use the corresponding services and functions provided by us.

b)   Perform the "Know Your Client" assessment, client rating and risk rating evaluation in accordance with laws, regulations and regulatory provisions.

According to the requirements of laws and regulations, at the time of opening your account, we need to assess and rate your investment appropriateness, and provide you with a risk rating assessment, you must provide occupational status, asset information (scope of net current assets, scope of net assets, scope of total assets, and scope of net annual income) , investment objectives, and investment experience information (trading years and times of different varieties, and investment preferences). For retirees, you may be requested to provide information of your previous occupation. When you are employed or starting a business, you will need to provide detailed employment information, including company name, location and address, industry, and position. If you or your immediate family member is working with a regulator or listed company, you also need to fill in the name of the regulator, the stock code of the listed company and the name of the Exchange; when you are a student or homemaker, you may need to fill in the source of fund and source of wealth information. 

c)     Orders & Transactions

When you buy or sell securities or other financial products, on your own or by instructing us, you may need to provide us with the order type, the code, price and quantity, whether to trade through margin or short selling, the percentage of margin trading or short selling (if applicable), and/or time in force, and whether trading during pre-opening session and late trading session.

When you use the reminder function, you may need to enable the calendar permission of your device, and we will read/record the date of the company action you are following into the calendar according to your operation, to provide you with a timely reminder service.

When you open the fingerprint or face transaction verification function, you agree to authorize us to verify your fingerprint or face ID instead of verifying your transaction password for transaction security. You can also open the fingerprint or face verification function before entering the Trade page so that you can have a more secure experience.

If you do not wish to provide the above information or refuse to provide the above permissions, you will not be able to use the corresponding services and functions provided by us.

d)     Deposit/Withdrawal of Fund

When you deposit/withdraw funds from your account, based on risk control and anti-money laundering requirements, you need to provide your bank account number, name of bank account holder (which must be consistent with the name of the securities account) and information about the amount of funds deposited/withdrawn. 

e)     Customer Service

To ensure the security of your account and system, you must provide us with the necessary personal information to verify your identity when you contact us or file a dispute or personal account application.

For the convenience of contacting you and to help you resolve the problem as soon as possible or to record solutions and results of related problems, we may maintain records of your correspondence/telephone conversations with us and the relevant content (including account information, order information, other information you provide to substantiate the relevant facts, or contact information you left), and we will use your account information and order information if you make inquiries, complaints or suggestions with respect to a specific order. 

We may also use additional information about you, including the information you provided when contacting customer services and the replies you sent to us when you participated in the survey, to provide reasonable service and to improve the quality of service. 

1.6. To provide you with safety assurance

When you use our products and/or services, we may use or integrate your personal information and operation log information, including account status, login time, browsing history, watchlist, trading markets, trade symbol information, trading funds information, which also includes your IP address, browser type, language used, operating system version, date and time of access, network requests, etc. In this manner, we can comprehensively identify the risks to your account, conduct identity verification, detection and prevent security incidents, and take necessary recording, auditing, analysis and disposal measures according to the law. Such instances of collection and use are also intended to improve the security of your use of our services, protect your personal information and property safety, or other users, or the public from being infringed upon, better prevent phishing sites, fraud, network vulnerabilities, computer viruses, network attacks and intrusions as well as other security risks, and more accurately identify violations of laws and regulations.

1.7. In accordance with relevant laws, regulations and national standards, we may collect and use your personal information in accordance with law without your authorization if the following circumstances apply:

a)      Directly relevant to national security and national defence security;

b)      Relates directly to public security, public health or important public interest; and

c)      Those directly related to the criminal investigation, prosecution, trial and execution of judgments;

d)     Your consent cannot be obtained in a timely manner for the purpose of protecting your or others’ material legitimate rights and interests such as life and property;

e)     The personal information collected is made public to the society by yourself;

f)   Collect your personal information from legally disclosed information, such as legal news reports, government information disclosure and other channels; 

g)      It is necessary for the execution and performance of this Policy in accordance with your requirements;

h)    Necessary for maintaining the safe and stable operation of the Services provided, such as detection and handling of service failures;

i)        Required for lawful news reporting;

j)        Other circumstances stipulated by relevant laws and regulations. 

1.8. Rules for use of Personal Information

a)      Please understand that the services we provide to you are constantly updated and evolving. If you choose to use other services that are not covered by the above instructions, we will inform you of the scope and purpose of the information collection through page prompts, interaction processes, and agreement, subject to your consent. We will use, store, provide external service and protect your information in accordance with this Policy and the corresponding client service agreement; if you choose not to provide the above information, you may be unable to use a certain service or part of the service, but your use of other services shall not be affected. 

b)    All personal information you provide when using our products and/or services unless you have opted out of our collection through your system Settings, will be deemed to continue to authorize us to use it during your use of our products and/or services.

c)      We may keep statistics on the use of our products and/or services and may share these statistics with the public or third parties to demonstrate overall usage trends of our products and/or services. These statistics, however, do not contain any identifying information about you.

d)    We may use your account information and transaction information to conduct comprehensive statistics and analysis of your preferences, habits, account status and other information to form a user profile, which may be used to recommend or show you information about products and/or services that may be of interest to you, send you promotional information or display commercial advertisements via SMS, email, etc., or provide you with information consultation services or invite you to participate in customer research related to services, products or features in telephone follow-up.

For example, we will use your account opening information, including account opening time, account type, and employer information, and send business notifications, user experience research, and provide guidelines, marketing and promotional information through the contact information you have provided (including but not limited to: cell phone number, e-mail, etc.). If you do not want to use this service, you can contact us directly through the contact information in Article 9 "How to contact us" to request us to stop providing the above information, and we will deal with it in a timely manner.

2. How we use cookies and similar technologies

2.1. Cookies

A cookie is a small text file created by a website server and saved on a user's browser, and when a user visits a website server, the website can access cookie information. In addition to being used to identify users, cookies can also be used to store user information and track user access behaviour. 

We do not use cookies to collect and track any information or behaviour about a user, other than to verify the user's identity and login status. 

You can manage and delete cookies according to your preferences, and most browsers have the ability to disable or delete cookies from your system. Note that blocking cookies can cause some features on our website or system to not work or work effectively, which can affect your experience. 

2.2. Cookie homogeneity technology

In addition to cookies, we use Authorization or Web Beacon and other similar technologies on the website. Authorization is an HTTP protocol header that is passed behind the browser and the server of the Internet, instead of cookie use. The Web Beacon can calculate who browses the web or access some cookies. We use Authorization to record your identity and collect information about your web browsing activities through the Web Beacon, such as Internet Protocol (IP) Address, Browser Type, Internet Service Provider (ISP), Visited Pages, Operating System, Date/Time Stamp, Click Data Stream, and so we can learn more about and improve our products and services. 

2.3. SDK technology

Our products and services will embed the third-party SDK and collect some information from you to ensure that you can use our services normally. Please refer to the Statement for using third-party SDK for details.

We will conduct strict security monitoring of APIs, SDKs and other SDKs and agree with authorizing partners on strict data protection measures to enable them to process personal information in accordance with our delegated purpose, service instructions, this Policy and any other relevant confidentiality and security measures. 

3. How we share, transfer, and publicly disclose your information

3.1. Sharing

a. Business Assistance

We undertake to keep your personal information strictly confidential. Unless otherwise required by laws, regulations and regulatory authorities, we will only share your information with a third party, including our affiliated companies, cooperative financial institutions and other partners, in the following circumstances. If we need to share your information with a third party in order to provide services to you, we will evaluate the legitimacy and necessity of the third party's collection of information. We will require third parties to protect your information and strictly comply with the relevant laws, regulations and regulatory requirements. In addition, we will obtain your consent in accordance with laws, regulations and national standards by way of confirmation agreement, copyright-confirmation in specific scenes, pop-up reminder and other means, or confirm that a third party has obtained your consent.

i. Certain products or services may be provided by a third party or jointly by us and a third party. Therefore, in certain circumstances we may require to submit your identity information, contact information, professional information, asset information, investment information and order information to third parties (including liquidators and exchanges) in order to provide the products or services that you need;

ii. With your prior consent, we will share your information with a third party to the extent permitted by laws and regulations and not against public order and good morals within the scope of your authorization. 

b. Information validation

As required by laws and regulations, in order to effectively identify you, we will provide your name, date of birth, gender and ID number information to the third-party authentication provider during the account opening process, so that we can identify you as a legitimate and valid customer, complete the account opening for you and provide follow-up services. 

c. Supervisory Review

Relevant regulatory bodies, self-regulatory associations or competent organizations (including but not limited to various exchanges and governmental authorities) may request that we provide your account and transaction information for purposes of supervision and inspection to confirm whether we have complied with our legal obligations. 

d. Complaint Handling

If you make a complaint against us or another person or are complained against, to protect your and another person’s legitimate rights and interests, we may keep your name, contact information and content relevant to the complaint in the customer service system provided by a third party supplier and may provide the same to the consumer rights and interests protection department and regulatory authorities so that we may resolve complaints and disputes in a timely manner, except where such provision is expressly prohibited by laws and regulations. 

3.2 Transfer

We will not transfer your personal information to any company, organization or individual except in the following circumstances:

a)   Obtain your consent in advance;

b)   In accordance with laws, regulations or mandatory administrative or judicial requirements

c)   Where the transfer of assets, acquisition, merger, reorganization or bankruptcy liquidation is involved, if the transfer of personal information is involved, we will inform you of the relevant situation, and require the new companies and organizations that hold your personal information to continue to be bound by this Policy. If the purpose for the use of personal information is changed, we will request the company or organization to obtain your consent. 

3.3. Disclosure to the public

We do not disclose your information in principle except for the desensitized display of the winner's mobile phone number or user nickname when announcing prize winners. If any public disclosure is required, we will obtain your consent by notifying you of the purpose of such public disclosure, the type of information to be disclosed and any sensitive information that may be involved. 

3.4. In accordance with relevant laws, regulations, policies and standards, we may share, transfer and publicly disclose your personal information in accordance with the law without your consent in the following circumstances:

a)     Directly relevant to national security and national defence security;

b)     Relates directly to public security, public health or important public interest; 

c)     Those directly related to the criminal investigation, prosecution, trial and execution of judgments;

d)     Your consent is difficult to obtain for the purpose of protecting your or other individuals’ material legitimate rights and interests such as life and property;

e)     The personal information you disclose to the public by yourself;

f)   Personal information collected from legally and publicly disclosed information, such as legal news reports, government information disclosure and other channels. 

Please understand that, in accordance with applicable laws, if we take technical and other necessary measures to process personal information so that the data recipients cannot re-identify specific individuals and are unable to restore the same, you shall not be required to separately notify and obtain your consent for the sharing, transfer and public disclosure of such processed data. 

4. How we protect your information

4.1. We have taken reasonable and practical security measures in line with industry standards to protect your personal information against unauthorized access, public disclosure, use, modification, destruction or loss of data. We will take all reasonable and feasible measures to protect your personal information. We take physical, technical and administrative security measures to mitigate the risks of loss, misuse, unauthorized access, disclosure and alteration, including, but not limited to, transport-level data encryption, firewall and encrypted storage, physical access controls, and information access authorization controls. We've set up a security program to protect your information from unauthorized access. For example, you can communicate with all of our network communications and we ensure encryption is protected with encryption (SSL). Your personal information is encrypted and stored on our server with high strength encryption. We will use a trustworthy protection mechanism to prevent malicious attacks on personal information; we will deploy strict data access authority control and multiple identity authentication technologies to protect personal information and avoid illegal access and use of data. In the use of personal information, such as personal information presentation, personal information correlation calculation, we will use a variety of data desensitization techniques including content replacement, SHA256 to enhance personal information security. We strengthen the audit of personal information security by adopting automatic code security check and data access log analysis technology. 

4.2. We have an advanced data management system, which focuses on data life cycles, to improve the security of the whole system from organization construction, system design, personnel management, product technology and so on. For example, we have established data classification systems, data security management rules and security development rules to regulate the storage and use of personal information. We require all employees to sign a confidentiality agreement. We hold training courses on security and privacy, strengthen employees' understanding of the importance of protecting personal information and conduct operations in strict accordance with protection requirements by such means as assessment and review as well as including data protection in their daily assessment. To further enhance security certification and services, we have passed the ISO27001 certification. 

4.3. We will take all reasonable and practical measures to avoid collecting unrelated personal information and will retain your personal information only for such periods of time as are necessary to achieve the purposes described in this Policy unless an extension of the retention period is required or is permitted by law. 

4.4. Please understand that the Internet is not an absolutely secure environment. We strongly recommend that you use our products and services in a secure, sophisticated and reliable manner to help us secure your account. If you find that your personal information is leaked, especially if your account or password is leaked, please contact us immediately according to the contact information provided in this Policy so that we can take appropriate measures. 

4.5. In the event of a personal information security incident or we believe that there has been a privacy breach, we will identify the issue and take steps to minimize any harm. If we believe the breach has caused or is likely to cause serious harm, we will contact our Security Department, the Personal Information Protection Commissioner. We will also inform you of the basic situation and possible impact of the incident, the measures we have taken or will take, the recommendations you can take to prevent and mitigate the risks, and the remedial measures you have taken. We will inform you by mail, letter, telephone or push notification. When it is difficult to inform each user one by one, we will take a reasonable and effective way to publish announcements. At the same time, we will also report the disposal of information security incidents according to regulatory requirements. If you believe there has been a privacy breach, please contact us as soon as possible.

5. Your Rights

In accordance with relevant laws, regulations and standards as well as common practices in other countries and regions, we guarantee that you exercise the following rights with respect to your personal information:

5.1. Access your personal information

a)      You have the right to access your personal information, subject to exceptions provided by laws and regulations;

b)      You can manage your account by logging on to the App or web portal;

5.2. Correct your personal information

You can correct or supplement your personal information in the way listed in Access to Your Personal Information. 

If you are unable to manage this personal information in this way, you can contact our customer service at any time. We will respond to your request for access within 20 working days. 

5.3. Delete your personal information

You can contact us through the contact information in "9. How to contact us" and request the deletion of your personal information, upon which we will delete your personal information in accordance with the applicable law (where allowed by applicable law).

If we decide to respond to your request for deletion, we will also notify the entities that receive your personal information from us of the request to delete it in a timely manner, unless otherwise required by relevant law or regulation, or if they receive your separate authorization. When you remove information from our services, we may not immediately remove that information from the backup system, but we will remove it when we back up updates. 

5.4. Protect your personal information

You can protect your personal information by using a complex password without revealing your logon password or account information to anyone. Once you reveal your account number and password, it may have adverse consequences for you. If you find that your account and password have been leaked or will be leaked for any reason, please contact our customer service immediately so that we can take appropriate measures. But we are not responsible for this until we are aware of it and act within a reasonable period of time. 

We will not be liable for any loss of third party access to your personal information due to your failure to protect the confidentiality of your personal information. If you discover any unauthorized use or other security breaches, you must notify us immediately. Your assistance will help us to protect your personal information better. 

5.5. Change the scope of your authorized consent or revoke your authorization

You may change the scope of our continuous collection of personal information or revoke your authorization by deleting information, turning off the functions of the device or otherwise. You may also revoke our full authorization to continue to collect your personal information by cancelling your account.

You understand that each business function requires some basic personal information to complete. After you withdraw your consent or authorization, we cannot continue to provide you with the service for which you withdraw your consent or authorization, and we will no longer process your personal information. However, your decision to withdraw your consent or authorization will not affect the processing of personal information previously conducted based on your authorization. 

5.6. Cancel your account

You may apply for the cancellation of your account by submitting via the App.

5.7. Constrained information system automatic decision

In some business functions, we may make decisions based solely on non-human automatic decision-making mechanisms such as information systems, algorithms, etc. If these decisions significantly affect your legitimate rights and interests, you have the right to request us to explain, we will also provide information without prejudice to our trade secrets or other rights and interests of users, social public interests. 

5.8. Respond to your request above

For security, you may be required to provide a written request or otherwise certify your identity. We may ask you to verify your identity before you process your request. We will give an answer within 20 working days. If you are not satisfied, you can also make a complaint through our customer service. For your reasonable request, we do not charge fees in principle, but for repeated, beyond the reasonable limit of the request, we may refuse or as appropriate charge a certain cost. In particular, we have the right to reject requests for information that is not directly related to your identity, information that is repetitive for no reason, or requests for which too much technical means are needed (for example, requests necessary to develop a new system or fundamentally change existing practices), which result in risks to the legitimate rights and interests of others or which are impractical. 

We shall have the right to reject your request in accordance with relevant laws and regulations in the following circumstances:

a)      Related to national security or national defence security;

b)      Related to public security, public health and major public interests;

c)      Related to criminal investigation, prosecution, trial and enforcement of judgments;

d)      There is sufficient evidence to prove that who has malicious intent or abuses his or her right;

e)      Response to your request will seriously impair the legitimate rights and interests of you or other individuals or organizations;

f)        Involving trade secrets. 

6. How we protect minors' information

6.1. If you are a minor, according to the relevant laws and regulations, we will refuse to provide certain services to you. 

6.2. If we find that you are a minor, we will refuse to provide you with certain services and delete your personal information in accordance with the applicable law.

7. How does your information move globally

The personal information collected and produced within the territory of the relevant area will be stored within the location of the main entity of SDIL providing the service to you, except for the following circumstances:

7.1. The applicable laws have specific provisions; 

7.2. Obtain your explicit authorization; or

7.3. You obtain cross-border services directly through the Internet and commit other acts on your own initiative.

In response to the above, we will ensure adequate protection of your personal information under this Policy. 

8. How is this Policy Updated

Our Privacy Policy may be updated and adjusted from time to time. 

Without your consent, we will not limit your rights under this Policy. We will show you the latest version of the Privacy Policy on our website. We will also provide even more significant notifications for major changes (including notifying you, sending emails to you or even providing you with pop-up tips). 

Material changes referred to in this Policy include but are not limited to:

8.1. Our service model has changed significantly. For example, the purpose of processing personal information, the type of personal information processed, the way to use personal information, etc.;

8.2. We have a significant change in control and other aspects, such as mergers and acquisitions caused by the information controller change;

8.3. Changes to the main objects of sharing, transfer or public disclosure of personal information;

8.4. There are significant changes in your right to participate in personal information processing and the way in which you exercise such right;

8.5. Changes in the department, contact information and complaint channel responsible for handling personal information security;

8.6. Personal information security impact assessment report shows that there is a high risk. 

9. How to contact us

9.1. If you have any questions, comments or suggestions relating to this Policy or to your personal information or when you believe there has been a privacy breach, please send emails to enquiry@skysdil.com.

9.2. Under normal circumstances, we will reply to your comments within 20 working days after receiving them. If you are not satisfied with our reply, especially if you think that our personal information processing behavior has damaged your legitimate rights and interests, you can also complain or report to the relevant regulatory departments.