First Pay Merchants App (SPay) Privacy Protection Policy

The First Pay Merchants App Privacy Protection Policy (hereinafter the “Policy”) will help you understand the following:

1. How we collect personal information

2. How we use cookies

3. How we store and protect personal information

4. How we use personal information

5. How we disclose personal information

6. How you access and manage your personal information

7. Third party liability statement

8. Update of the privacy protection policy

First Pay Pvt. Ltd. (hereinafter “We”) respects and protect the user’s (hereafter “Your”) privacy. In order to effectively protect your right to privacy and optimize your experience, we have developed the First Pay Merchants privacy protection policy (hereinafter the Policy) in accordance with existing laws and regulations. When you use our services, we will collect, store, use and disclose your personal information in accordance with the Policy. In the meanwhile, we will explain to you how we provide you with services for accessing, updating, managing and protecting your information through the Policy. Since the Policy is closely related to your use of our services, we suggest that you read carefully and understand fully the contents of the Policy or make choices as you think fit.

1. How we collect personal information

During your use of the First Pay Merchants App services, we may collect the information you provide or information generated due to use of the services in the manners given below to provide you with services, optimize our services and ensure the security of your account:

(1)When you use First Pay Merchants App, we will collect your user ID, Email, mobile phone and address to make sure that you can use the First Pay Merchants App functions normally and ensure the security of your account. When you use First Pay Merchants App, we will also collect your transaction records to facilitate your operations and queries. If you do not provide such information, you may be unable to use our services normally.

(2)When you use First Pay Merchants App, to make sure that you can use our services normally, maintain normal operation of our services, improve and optimize our service experience and ensure the security of your account, we will collect your device type, operating system, unique device identifier, login IP address, First Pay Merchants App software version, method, type and status of network access, network quality data, operation log, service log and other log information, which constitute the basic information that must be collected for the provision of services.

(3)When you use the inter-operability function of First Pay Merchants App with other software or hardware, the provider of other software or hardware may obtain relevant information disclosed or transmitted by you on First Pay Merchants App with your consent and you should develop a full understanding of the functions and information protection strategy of other software or hardware products before making the choice.

Please understand that the functions and services we provide to you are constantly evolving. If a function or service is not described above and your information is collected, we will explain to you the contents, scope and purpose of information collection by means of page prompts, interaction process and website announcements, etc to obtain your consent.

Please note that we will not obtain your personal information from a third party now. If we need to obtain your personal information from a third party directly due to business needs in the future, we will inform you of the source, type and scope of use of your personal information before obtaining the information and obtain your express consent before your personal information is processed. In addition, we will comply strictly with applicable laws and regulations and require the third party to ensure the legitimacy of the information it provides.

2. How we use cookies

To allow you better access experience when you use our services, we may authenticate your identity through the small data files, which may save you the trouble of entering the registration information repeatedly or help you judge the security status of the account. These data files may be Cookie, Flash Cookie and other local storage provided by the applications (hereinafter “Cookie”). Please understand that some of our services are rendered possible only through the use of Cookie. We promise that the cookie information will be used for the purposes of improving service/product quality and optimizing user experience only.

If you use the services provided by third parties other than us through our website or APP, we cannot guarantee that these third parties will take protective measures in accordance with our requirements. In order to ensure the security of your account as far as possible and allow you more secure access experience, we may use dedicated network protocol and proxy technology (hereinafter “dedicated network channel” or “network proxy”). The use of the dedicated network channel may help you identify high risk websites already known to us to reduce the risks of phishing and account leakage associated with them and in the meanwhile better protect the common rights and interests of you and the third parties and prevent the outlaws from tampering the normal service contents between you and the third party websites you want to access, for instance, advertisement placement, and illegal content tampering resulting from non-secure router and illegal base station. During this process, we may also obtain and store information relating to your computer, such as IP address and hardware ID.

3. How we store and protect personal information

(1)We promise that we will bring information security to the industry-leading level. To ensure the security of your information, we are striving to minimize the risks of your information being leaked, destroyed, misused, accessed, disclosed , and changed without authorization through the use of various safety technologies and supporting management system, for instance, encrypted transmission through the secure sockets layer (SSL), encrypted storage of information, strict control over access to the data center and use of the dedicated network channel and network proxy. In the meanwhile, we have set up the department responsible for personal information protection and developed relevant internal control policies and adopt the minimum sufficient principle toward the staff who might have access to your information; monitor the processing of your information by the staff in a systematic manner, keep training the staff in applicable laws, regulations and privacy safety rules to improve their safety awareness and organize all staff to take participate in the safety exam each year. Moreover, we hire independent external third parties to conduct a review of our information security management system annually.

(2)We have developed the personal information security incident contingency plan, organize the relevant internal personnel to carry out emergency response training and drills so that they may grasp their job responsibilities and emergency handling strategies & codes. Whenever a personal information security incident occurs, we will, in accordance with the requirements of applicable laws and regulations, inform you of the basic status and possible impact of the security incident, handling measures already taken or to be taken by us, suggestions for preventing and reducing the risks by yourself, and remedies available to you in a timely manner. We will keep you informed of the incident-related information by means of APP push notification, Email/SMS in a timely manner, and where it is impossible to notify the personal information subjects one by one, we will take reasonable and effective measures to publish announcements. In the meanwhile, we will, in accordance with the requirements of the regulatory body, report on the handling of the personal information security incident actively. In the event that your lawful interest is damaged, we will assume relevant legal liabilities accordingly.

(3)Please be sure to keep your login ID and other key identity information safe. When you use the First Pay Merchants App services, we will authenticate your identity through your login ID and other key identity information. Once you leak the aforesaid information, you may sustain losses and possibly be faced with negative legal consequences. If you find that the First Pay Merchants App login ID and/or other key identity information is leaked or likely to be leaked, please contact us immediately so that we may take actions accordingly in a timely manner to prevent or reduce relevant losses.

(4)Once you stop using the First Pay Merchants App services, we will stop collecting and using your information unless otherwise required by the laws or the regulatory bodies. If we suspend operation, we will stop collecting your personal information in a timely manner and notify you of the suspension of operation one by one or by means of announcement, and delete or anonymize your personal information in our possession.

4. How we use personal information

(1)In order to comply with the laws, regulations and regulatory requirements of the State, provide you with services and improve the quality of the services, we will use your information under the following circumstances:

(i)To achieve the purpose described in “how we collect personal information” in the Policy;

(ii)To ensure the stability and security of the services, we will use your information for such purposes as identity authentication, safety protection, fraud detection, preventing or forbidding illegal activities, reducing risks, archiving and backup,etc;

(iii)Report to relevant departments in accordance with the laws, regulations or regulatory requirements;

(iv)Invite you to participate in customer surveys relating to our products or services;

(v)We will summarize, analyze and process your information so as to provide you with more accurate, personalized, seamless and convenient services, or help us assess, improve or design the products, services and operational activities, etc.

(2)If we are to use the information for any purpose not specified in the Policy, we will seek your consents again by means of the confirmation agreement or text confirmation action under specific scenarios in accordance with the requirements of the laws, regulations and national standards.

5. How we disclose personal information

Without your consent, we will never disclose (including sharing, transfer and public disclosure) your personal information to any third party, except under the following circumstances:

(1)We have obtained your authorization or consent;

(2)Disclosure is made by us as required by the judicial agency or administrative agency in accordance with the legal procedures;

(3)We bring any sort of lawsuit or arbitration claim against the user in order to safeguard our own lawful rights and interests;

(4)Disclosure is made in accordance with the provisions of relevant service clauses and app license agreements between you and us;

(5)Disclosure is made to protect the public interests against damages to the extent permitted by the laws;

(6)Disclosure is made in accordance with relevant agreements between you and other third persons.

With the development of our business, we may enter into transactions such as merger, acquisition, asset transfer or similar transactions with our connected parties and in that case your personal information may be transferred as part of such transactions. We will notify you prior to such transfer.

6. How you access and manage your personal information

Once your complete registration with First Pay Merchants App, you can check, edit or delete the personal information you submit to us. Generally, you can browse, edit or delete the information you provide at any time; however, out of considerations for security and identity authentication, you may be unable to edit certain initial registration information and verification information provided upon registration.

We always put the protection of your personal information in the first place, In the meanwhile, we appreciate your concerns over personal information. You can query, edit or delete your personal information by means of the mobile client, etc.

You have the right to update or correct your personal information in your sole discretion or authorize us to update or correct the information. Before you update or correct the information, we will authenticate your identity first before the information can be updated or corrected.

If you have any comments or suggestions regarding the personal information protection policy or the collection, use, storage or protection of your personal information in the Policy, you can feedback your comments or complaints through our customer service channel and we will provide you with feedback after we receive your comments and suggestions as soon as possible.

7. Third party liability statement

Please note that third parties connected through us and third parties that receive your personal information from us may have their own privacy protection policies; when you check and use the apps developed by the third parties, these third parties may put their own cookies or pixel tags, which, however, are beyond our control and their use is not bound by the Policy. We will use commercially reasonable efforts to require these entities to take protective measures for your personal information, but we cannot guarantee that these entities will take protective measures in accordance with our requirements. You are kindly required to contact them directly to obtain details on their privacy policy. When you find any risk in these third party apps, it is suggested that you stop relevant operations to protect your own lawful rights and interests.

8. Update of the privacy protection policy

(1)The Policy will be updated with the development of our services in order to provide you with better services. However, without your express consent, we will not reduce the rights that you are entitled to pursuant to the Policy now in force.

We will publish the updated versions on the website and mobile client and remind you of the updates of relevant contents by means of website announcements or other appropriate means so that you can learn the latest personal information protection policy in a timely manner.

(2)For the major changes, we will provide more visible notices(we will inform you of the specific changes of the Policy through such means( including but not limited to) as Email, SMS, private message or special prompts on the browsing page,etc).

For the purpose of the Policy, major changes include, but not limited to:

(i)There are major changes in our service model, for instance, the purpose of personal information processing, type of personal information processed as well as the way that the personal information is used, etc;

(ii)There are major changes in our ownership structure, organizational structure, etc, for instance, owner change as a result of business restructuring, bankruptcy and M&A;

(iii)There are changes in the main target groups to which the personal information is shared, transferred or disclosed;

(iv)There are major changes in the right of you to participate in personal information processing and the manner to exercise the right;

(v)There is change in our responsible department, contact method and complaint channel for handling personal information security;

(vi)The personal information security impact assessment report indicates there exist high risks.