DATA PRIVACY NOTICE – UBS SECURITIES CO. LIMITED

To run our business, UBS Securities Co. Limited (“UBSS”, “we”, “our”, or “us”) collects and uses information about individuals (“Personal Information”), including information about our current and former clients (“you”).

UBSS takes your privacy seriously. This Privacy Notice (“Notice”) contains information on what Personal Information UBSS and other companies of the group to which we belong (the “UBS Group” or” UBS”) collect(s), what they do with that information, and what rights you have.

As part of our commitment to protect your Personal Information, we want to inform you in a transparent manner:

• why and how UBSS collects, uses and stores your Personal Information;
• the lawful basis on which your Personal Information is processed; and
• what your rights are in relation to such processing and how you can exercise them.
  

For prospective clients with whom we have not yet made contact, we may collect (to the extent permitted by applicable law):

• Personal identification details (such as name, address, gender, nationality), contact information (such as telephone, e-mail address), and family details (such as marital status);
• Information related to the professional profile (such as directorship / positions and professional networks) and information related to company ownership and financial background.

For former and current clients or prospective clients with whom we are taking steps to enter into a contractual relationship, we collect (to the extent permitted by applicable law):

• personal details such as your name, identification number, date of birth, compliance related documents (including a copy of your national identity card or passport), phone number, address and domicile and electronic address, and family details such as the name of your spouse, partner or children;
• financial information, including payment and transaction records and information relating to your assets (including fixed properties), financial statements, liabilities, taxes, revenues, earnings and investments (including your investment objectives);
• tax domicile and other tax-related documents and information;
• where relevant, professional information about you, such as your job title and work experience;
• your knowledge of and experience in investment matters;
• details of our interactions with you and the products and services you use, including electronic interactions across various channels such as e-mails and mobile applications:
• any records of phone calls and video footages between you and UBSS, specifically phone log information such as your phone number, calling-party number, receiving-party number, forwarding numbers, time and date of calls and messages, duration of calls, routing information, and types of calls
• where relevant, details of your nomination of a mandate;
• identifiers we assign to you, such as your client, business relation, partner or account number, including identifiers for accounting purposes;
• when you access UBS websites or our applications, data transmitted by your browser or device you are using and automatically recorded by our server, including date and time of the access, name of the accessed file as well as the transmitted data volume and the performance of the access, your device, your web browser, browser language and requesting domain, and IP address (additional data will only be recorded via our Website if their disclosure is made voluntarily, e.g., in the course of a registration or request). When you visit a UBS website, that website will contain additional information about how we use your information while you are visiting that website; and
• in some cases, and to the extent permitted by applicable law, the Personal Information that we collect will also include Personal Sensitive Information (information that, once leaked or illegally used, may lead to personal discrimination or material harm on natural persons’ dignity of human personality or harm to personal or property security) such as number of ID certificate, nationality, financial information, including payment and transaction records and information relating to your assets, bank account, communication records and contents, Online Identity Information, property information, credit information, whereabouts, accommodation information, health and physiological information, transaction information; and information about alleged or proven criminal offences or convictions.

For our usage of cookies and other tracking technologies in relation to UBS websites please also refer to the UBS Website and Cookie Notice available at https://www.ubs.com/global/en/legal/privacy.html

In some cases, we collect this information from public registers (which, depending on the product or service you receive, may include beneficial ownership and other registers), public administration or other third-party or public sources, such as wealth screening services, credit reference agencies, fraud prevention agencies, intermediaries that facilitate data portability, and other UBS Group entities.

We might also ask you for certain of the above Personal Information types in relation to your business relationship, such as your additional account holders, business partners (including other shareholders, or beneficial owners), dependants or family members, representatives or agents.

Where you are an institutional or corporate client or investor, we may also ask you for information about your directors, representatives, employees or shareholders or beneficial owner. Before providing UBSS with this information, you should provide a copy of this notice to those individuals.

3.1 Purposes of processing

We always process your Personal Information for a specific purpose and only process the Personal Information which is relevant to achieve that purpose. In particular, we process Personal Information, within applicable legal limitations, for the following purposes:

a) Client Onboarding. For example:

• to verify your identity and assess your application (including the need for guarantees or other securitisation tools if you apply for credit). For legal and regulatory compliance checks (for example, to comply with anti-money laundering regulations, and prevent fraud), please see Section e) below.

b) Client Relationship Management. For example, to:

• manage our relationship with you, including communicating with you in relation to the products and services you obtain from us and from our business partners, handling customer service-related queries and complaints, facilitating debt recovery activities, making decisions regarding credit or your identity, tracing your whereabouts, and closing your account (in accordance with applicable law) if it remains dormant and we are unable to contact you after a period of time;
• help us to learn more about you as a client, the products and services you receive, and other products and services you may be interested in receiving, including profiling based on the processing of your Personal Information, for instance by looking at the types of products and services that you use from us, how you like to be contacted and so on.

c) Product implementation and execution. For example, to:

• provide products and services to you and ensuring their proper execution, for instance by ensuring that we can identify you and make payments to and from your accounts in accordance with your instructions and the product terms;
• perform underwriting.

d) Engaging in prospecting and business development and / or protecting and enhancing the UBS brand. For example, to:

• evaluate whether and how UBSS may offer products, services and events that may be of interest to you;
• contact you for direct marketing purposes about products and services we think will be of interest to you, including those offered by us, UBS Group entities, and our other business partners, and facilitating competitions and promotions.

e) Compliance and Risk Management and / or Crime Prevention, Detection and Investigation. For example, to:

• carry out legal and regulatory compliance checks as part of the onboarding process, including to comply with anti-money laundering regulations and fraud prevention;
• meet our on-going regulatory and compliance obligations (e.g., laws of the financial sector, anti-money laundering and tax laws), including in relation to recording and monitoring communications, disclosures to tax authorities, financial service regulators and other regulatory, judicial and governmental bodies or in proceedings and investigating or preventing crime;
• receive and handle complaints, requests or reports from you or third parties made to designated units within UBSS or the UBS Group;
• reply to any actual or potential proceedings, requests or the inquiries of a public or judicial authority;
• prevent and detect crime, including fraud or criminal activity, misuses of our products or services as well as the security of our IT systems, architecture and networks.

f) Supporting, Enhancing and Maintaining UBS’s technology. For example, to:

• take steps to improve our products and services and our use of technology, including testing and upgrading of systems and processes, and conducting market research to understand how to improve of our existing products and services or learn about other products and services we can provide.

g) Other purposes:

• for the UBS Group’s prudent operational management (including credit and risk management, technological support services, reporting, insurance, audit, systems and products training and similar administrative purposes);
• to enable a transfer, merger or disposal to a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer, merger or disposal of part or all of UBSS business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it;
• to collect data to ensure the security of buildings as well as property and information located or stored on the premises, to prevent, and if necessary, investigate unauthorized physical access to secure premises (e.g., maintaining building access logs and CCTV system images);
• to undertake transactional and statistical analysis, and related research;
• exercise our duties and/or rights vis-à-vis you or third parties.

3.2 Basis for the processing of Personal Information

Depending on the purpose of the processing activity (see Section 3.1), the legal basis for the processing of your Personal Information will be one of the following:

• necessary for taking steps to enter into or executing a contract with you for the services or products you request, or for carrying out our obligations under such a contract, such as when we use your data for some of the purposes in Section 3.1 a) and c) above;
• necessary to meet our legal or regulatory responsibilities, including when we conduct the legal and regulatory compliance checks and make the disclosures to authorities, regulators and government bodies referred to in Section 3.1 e) above;
• processing relates to the personal information made publicly available by you or otherwise lawfully made publicly available within a reasonable scope and in accordance with the Personal Information Protection Law (PIPL);
• where we have obtained your prior consent, or where we have obtained your separate consent (where required by law) such as in the case of transferring Personal Information cross-border, providing Personal Information to third party personal information processors (as defined by China’s Personal Information Protection Law), and processing sensitive Personal Information.

Where the Personal Information we collect from you is needed to meet our legal or regulatory obligations or enter into an agreement with you, if we cannot collect this Personal Information there is a possibility we may be unable to on-board you as a client or provide products or services to you (in which case we will inform you accordingly).

5.1 Within the UBS Group

We may share Personal Information with other UBS Group companies in order to ensure a consistently high service standard across our group, and to provide services and products to you.

We will only share personal data necessary for UBS Group's internal operations, and such recipient will also be subject to confidentiality obligations.

5.2 Outside UBS and the UBS Group

5.2.1 Third Parties

We share Personal Data with other credit and financial services institutions, comparable institutions and to our professional advisers and consultants to perform the business relationship with you. In particular, when providing products and services to you, we will share personal data with persons acting on your behalf or otherwise involved (depending on the type of product or service you receive from us), including, where relevant the following types of companies:

• issuers of securities (including third parties appointed by them) in which you have an interest, where such securities are held by third party banks for you;
  
• payment recipients, beneficiaries, account nominees, intermediaries, correspondent and agent banks (including custodian banks);
  
• clearing houses, and clearing or settlement systems and specialised payment companies or institutions such as SWIFT;
• market counterparties, upstream withholding agents, swap or trade repositories, stock exchanges;
• other financial institutions, credit reference agencies or credit bureaus (for the purposes of obtaining or providing credit references);
• Any third-party product providers/issuers which may provide banking, securities, financial, wealth management and/or asset management services to you, e.g., third party banks, fund houses, trust companies, private asset managers, insurance companies etc;
• any introducing broker to whom we provide introductions or referrals, and
  
• lawyers, auditors and accountants providing legal, audit, consultancy or accounting services to us.
  

5.2.2 Service Providers

In some instances, we also share personal data with our suppliers, who are contractually bound to confidentiality, such as IT hardware, software and outsourcing providers, logistics, mail, courier, printing services and storage providers, marketing and communication providers, facility management companies, market data service providers, transportation and travel management providers and others. When we do so we take steps to ensure they meet our data security standards, so that your personal data remains secure.

Where UBSS transfers your data to service providers processing data on UBSS behalf, we take steps to ensure they meet our data security standards, so that your Personal Data remains secure. Third party service providers are thereby mandated to comply with a list of technical and organisational security measures, irrespective of their location, including measures relating to: (i) information security management; (ii) information security risk assessment and (iii) information security measures (e.g., physical controls; logical access controls; malware and hacking protection; data encryption measures; backup and recovery management measures).

5.2.3 Public or regulatory authorities

If required from time to time, we disclose personal data to public authorities, regulators or governmental bodies, or courts or party to proceedings where we are required to disclose information by applicable law or regulation, under a code of practice or conduct, at their request.

5.2.4 Other

• A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of UBSS’ business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it;
  
• Any legitimate recipient required by applicable laws or regulations.
  

5.3 Data Transfers to other countries

The Personal Information transferred within or outside UBSS and the UBS Group as set out in Sections 5.1 and 5.2, is in some cases also processed in other countries. We only transfer your Personal Information abroad to countries which are considered to provide an adequate level of data protection, or in the absence of such legislation that guarantees adequate protection, based on appropriate safeguards (e.g., standard contractual clauses adopted by the European Commission to the extent recognized by the competent Data Protection Authority or another statutory exemption) provided by local applicable law.

A list of the countries in which UBS Group operates can be found at：https://www.ubs.com/global/en/our-firm/locations.html.

7.1 Your rights

You have a right to request explanation of processing rules, to consult and to copy your Personal Information that we process. If you believe that any information we hold about you is incorrect or incomplete, you may also request the correction of your Personal Information.

You also have the right to:

• be informed on the processing of your Personal Information

• request the erasure of your Personal Information;

• restrict or prohibit the processing of your personal information

• refuse to receive any commercial advertisements based on your Personal Information;

• request for a copy of your Personal Information and, if technically feasible, to directly transmit a copy of your Personal Information to a third party designated by you;

• request information about consent choices and the consequences of refusing consent where UBSS seeks to rely on your consent as a lawful ground for processing your Personal Information; and

• withdraw your consent where UBSS obtained your consent to process Personal Information (without this withdrawal affecting the lawfulness of any processing that took place prior to the withdrawal).
  

In certain circumstances UBSS may process your Personal Information through automated decision-making. Where this takes place, you will be informed of such automated decision-making that uses your Personal Information and be given information on criteria and procedures applied. You can request an explanation about the automated decision making carried out and request that a natural person reviews the related decision where such a decision is exclusively based on such processing.

UBSS will honour such requests, withdrawal or objection as required under applicable data protection rules but these rights are not absolute: they do not always apply and exemptions may be engaged. We will usually, in response to a request, ask you to verify your identity and/or provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.

7.2 Exercising your rights

To exercise the above rights, please send an e-mail to:

• SH-UBSS-WMSC@ubs.com, if you are a Wealth Management client of UBSS;
• info@ubs.com, if you are an Investment Banking client of UBSS.

If you are not satisfied with any aspect of the processing of your Personal Information by UBSS, we would like to discuss it with you to understand how we can rectify the issue. Please raise any concerns by contacting us at the e-mail addresses indicated above.