PRIVACY POLICY

I. Definitions

• Roc Bank Platform means the Services provided by the Bank and online service platform set up and operated by Bank for the Roc Bank to provide the service through relevant website and APPs.
• Bank Account means one or several bank accounts opened by Client with Bank and its Associates.
• Roc Bank and Its Associates means the Banking service network set up by Ro c Bank and other Associate companies that combines the best offline service elements of each its Associates and integrates work flows and data to offer the service to each Client through Roc Bank Platform;
• Bank means Roc Bank Limited, an international bank duly incorporated in Vanuatu
• Client means a user of the Roc Bank Services who voluntarily agrees to be bound by applicable terms and conditions of the Roc Bank Service Agreements, provided that its/his Client Service Agreement with Bank has entered into force. User of the Appliance Platform shall only be deemed as Client when this Agreement enters into force.
• Associates means a financial service provider with the appropriate qualifications for its business operation in the relevant jurisdiction, which has entered into a cooperation agreement with Bank.
• Personal Information means any information kept electronically or otherwise that may be used, alone or together with other information, to authenticate the identity or reflect the activities of a particular natural person.
• Platform Account means the account registered by User at the Roc Bank Platform in accordance with this Agreement;.
• Other Account means one or several other accounts opened by the Client at any Its Associates (including but not limited to stock account).
• Sensitive Personal Information means any personal information, in case of leakage, unlawful provision or misuse of which may endanger personal and property safety or result in damages to personal reputation, physical or mental health or discriminatory treatment, etc.
• Service Agreements means the User Registration Agreement and the Client Service Agreement.
• User means a user of the Roc Bank Services who voluntarily agrees to be bound by applicable terms and conditions of the Roc Bank Service Agreements, no matter he has or has not or shall or shall not become a Client of Bank. .

II. Applicable Scope

This Privacy Policy is applicable to all the service provided to you by the Bank through the Roc Bank Platform.

To be noted, this Privacy Policy is not applicable to the service provided by an Associate or other third parties. The Roc Bank Platform may contain links to other websites, and we will take necessary measures to check relevant websites in accordance with applicable laws and regulations (including checking website operators’ basic qualifications, reasonable and preliminary identification of security of relevant websites through technical methods and urging these website operators to protect your personal information in accordance with law), but we cannot guarantee that the operators of these websites will take protective measures as we have required. We advise you to review the privacy policy of these websites and understand how they will process your personal information so as to make a prudent decision.

III. For What Purposes We Collect Information

You agree and authorize us to collect the following necessary information related with the service we provide to you when you sign up, log in and use the service provided by us, but we will not collect your personal information prohibited by applicable laws and regulations. You may choose not to provide one or some pieces of the information, and by doing so, you may be unable to use or use in a normal way some service, but this will not affect your use of other service of the Roc Bank Platform. For the present, under this Privacy Policy, we will collect your personal information only for the following purposes, and when these purposes and types of information to be collected have to be changed, we will send you a prior notice and re-obtain your consent.

• Creation of, connection or log-in to the Platform Account
  We will collect your mobile phone number, email address and log-in password when you sign up a Platform Account or log in to the Roc Bank Platform.
• Performance of the statutory anti-money laundering obligations of the Associates and real-name administration
  When you trigger, apply for or use the Service of Associates through the Roc Bank Platform, we will authenticate your identity so as to synchronize the update of your personal information at the Bank and the Associates (including ID authentication and risk assessment information) or to comply with real-name, investor eligibility and anti-money laundering requirements. For this purpose, we will collect your personal information provided to the Bank or the Associates by you at the time of identity authentication (if applicable), bank account binding (if applicable) and risk assessment (if applicable), including name, gender, date of birth, nationality, ID Card number and valid period, passport number and valid period (if any). You will not be able to use the corresponding service of the Bank and the Associates if you do not provide such information or fail to pass real-name authentication.
• Provision of relevant service of the Roc Bank Platform
  When you open a Bank Account, Roc Bank or its Associates will collect your name, gender, mobile phone number, email address, date and place of birth, permanent address, passport number and photo, ID certificate number and photo, occupation, employer and contact details, your political affiliation and that of your direct relatives, education, marital status, names of your direct relatives, certificates of sources of income and signature or other information that Roc Bank or its Associates may collect upon separately obtaining your explicit consent as necessary for the provision of service. Roc Bank or its Associates will not provide the service to you and your use of the corresponding service will be affected if you do not provide such information.

  When you open other Account, the Associate will collect your name, mobile phone number, email address, country/region of residence, identification certificate number and photo and signature, or other information that the Associate may collect upon separately obtaining your explicit consent as necessary for the provision of service. The Associate will not provide the service to you and your use of the corresponding service of the Roc Bank Platform will be affected if you do not provide such information.

  The information collected is strictly for the purpose of regulatory requirement from regulatory bodies of Roc Bank or its associates or information required to perform service as you requested, and for the safety of your assets.

• Improvement of service and provision of individualized options
  For the purpose of providing more convenient, smooth and individualized Roc Bank service, we will collect your risk analysis assessment information, transaction information (amount, products and time of transaction), behaviors (online searches, information browsed and followed, time of access, clicks of advertisement, frequency of clicks of page, visit time, information provided when contacting the client service team and information submitted when participating in questionnaire survey) and geographic location (position), and predict and derive a model of your characteristics so as to show you the products and/or service information that you are interested in, for example, notifications of specific products and/or service, commercial information and customized pages on the basis of your searches and focuses.

IV. How We Use Information

• As necessary for the provision of better service to you as well as our own risk control and protection of lawful rights and interests of all parties, you consent and authorize us to use your information for the following purposes:
  • To achieve the purposes as set out in the section of “For What Purposes We Collect Personal Information” herein;
  • To identify and authenticate your ID and ensure the security of your account;
  • To provide, maintain, improve and optimize the service that suits you, and de-identify, analyze and process your personal information or use your information for data modeling;
  • To prevent, discover and investigate any fraud, safety hazard or violation of laws or our Service Agreements, policies and rules so as to protect your, other Clients’ or our legitimate rights and interests;
  • To assess your risk tolerance;
  • To combine de-identified personal information from a particular service with that from other services so as to offer you with better and individualized services, contents and suggestions; and
  • To collect from you various charges (if any).
• We will notify and obtain your consent in advance if we will use your information for purposes or businesses not specified herein. However, pursuant to relevant laws, regulations and criteria, we may duly collect and use your information without your consent in the following cases:
  • It is related to our performance of statutory obligations;
  • It is directly related to national security and national defense security;
  • It is directly related to public security, public health or major public interest;
  • It is directly related to criminal investigation, prosecution, judgment and execution of the judgment;
  • It is intended to protect your or others’ life, property or other major legitimate rights and interests but difficult to obtain your consent in time;
  • It is made public by yourself;
  • It is collected from information known to the public after legal disclosure;
  • It is necessary for maintaining safety and steady operation of the service provided, for example, to troubleshoot and remove a product or service failure; or
  • It is to comply with information collection and disclosure requirements specified in any applicable laws and regulations and other regulatory requirements that are binding upon us.

V. How We Share and Transfer Information

We undertake to keep your personal information confidential in accordance with relevant laws, regulations and regulatory requirements and not to share your personal information with or transfer your personal information to any third party, unless with your explicit consent or authorization.

You agree and authorize us to share your personal information with the Roc Bank Associates in the following cases so that the Associates can provide the service to you through the Roc Bank Platform. We will require the Associates with which we will share your personal information to retain and process your personal information in a manner as specified in this Privacy Policy. Before sharing, we will conduct commercially reasonable review to assess the lawfulness, legitimacy and necessity of sharing your personal information, and urge the Associates to process your information in accordance with relevant laws and regulatory requirements. Without your explicit consent or authorization, the Members shall not use the shared personal information for the purposes other than those specified in this Privacy Policy.

• Your personal information will be shared between the Bank, the Associates and its partners when you trigger, apply for or use the service through the Roc Bank Platform, so that subject to relevant laws and regulations, you will have a more convenient access to the service provided by the Associates.
• You agree that we may provide your personal information to necessary entities that conduct due diligence investigation when the Bank is merged with or acquired by another Bank or be involved in capital market activities (IPO, bond issuance) or other circumstances under which statutory provisions and reasonable commercial practices require the Bank to be subject to due diligence investigation, but we will sign a NDA or otherwise require these entities to take non-disclosure measures equal to this Privacy Policy, and to delete your personal information within a reasonable period of time after they complete necessary work.
• We may disclose your personal information to our auditor, legal counsel or other external consultants for the purpose of operational compliance and financial and risk tolerance assessment, and ask them to handle your information in accordance with relevant statutory and regulatory requirements.
• We may have merger, acquisition, asset transfer or similar transactions along with our business development, and your personal information may be transferred as a part of such a transaction. We will notify you before such transfer and require the Bank or organization holding your personal information to be bound by this Privacy Policy. We will require such a Bank or organization to re-obtain your explicit consent if it is to change the purposes of information use.
• In case that you have any dispute with others concerning the use of the Roc Bank Platform, we may provide your name and valid certificate number, contact details and dispute-related information to regulatory authority or other dispute resolution body as agreed, so as to timely resolve the dispute and protect your and others’ legitimate rights and interests, except for the information the provision of which is explicitly Prohibited by laws and regulations.
• We may disclose your personal information in accordance with applicable laws and regulations or the purpose of lawsuit or as duly required by competent administrative or judicial authorities. We may also disclose your personal information if we are certain of your violation of applicable laws and regulations, or to hold harmless the rights, property or safety of ourselves, our affiliates or other Users or the public, including relevant violations and measures imposed upon you
• Other circumstances with your prior authorization or consent.
• Pursuant to relevant laws and regulations, we may duly share, transfer or disclose to the public your personal information without your consent, provided that:
  • It is related to our performance of statutory obligations;
  • It is directly related to national security and national defense security;
  • It is directly related to public security, public health or major public interest;
  • It is directly related to criminal investigation, prosecution, judgment and execution of the judgment;
  • It is intended to protect your or others’ life, property or other major legitimate rights and interests but difficult to obtain your consent in time;
  • It is made public by yourself;
  • It is collected from duly published and disclosed information; or
  • It is required by applicable laws and regulations, competent authorities or industrial associations, etc.

VI. How We Retain Information

We will retain necessary information you submit or generated in the course of your application for or using the service so as to comply with regulatory requirements, provide the service to you and facilitate your review of transaction status or previous records. We will segregate general personal information from sensitive personal information and retain them separately, subject sensitive personal information to necessary de-identification and encryption so as to ensure the security of your personal information. Unless otherwise specified in laws and regulations, we will retain your information as follows:

• We will retain your personal information for a period as necessary for achievement of the purposes specified herein, unless a longer period is required or permitted by applicable laws. Upon expiry of such a period, we will delete or anonymize your personal information.
• After anonymization, your personal data will become data that can be used and circulated, and we will retain and process such data without a separate notice and your consent.

VII. How We Protect Information

• We have complied with relevant industrial criteria and taken security measures accordingly to protect your personal information and prevent unauthorized data access, disclosure, use, alternation, damage or loss. We will take all reasonably practical measures to protect your personal information, for example, SSL encryption for data exchange (such as debit card information) between your browser and the Roc Bank Platform, https safe browsing for the Roc Bank Platform and employment of encryption means to ensure data confidentiality. We will back up the data on other servers to ensure that the information in our possession will not get lost; we will adopt reliable protective mechanisms to prevent data from hostile attack; we will deploy access control mechanisms to ensure that only authorized persons could access to personal information; and we will provide safety and privacy protection training courses to improve employees’ awareness of the importance of personal information protection. Despite these security measures, to be noted, there are no “perfect security measures” for information network. Once you find the leakage of your personal information, in particular your account or password, you shall promptly contact us through the means provided by the Roc Bank Platform so that we can take proper measures.
• The information of your account is very important personal information, and you can use your account only through your password. Please use a complicated password to assist us in protecting your account. If you leak your password, you may lose your ID information and be exposed to negative consequences. So, you shall properly set and keep the information of your Platform Account. Once you find your account number and password has leaked or will leak due to whatever reason, you shall promptly contact us so that we can timely take proper measures to prevent or reduce relevant losses.
• You are aware and agree that the information generated at the Roc Bank Platform or collected by the Roc Bank with authorization in the course of your using the Roc Bank services or using the Associates’ service through the Roc Bank Platform and kept in a certain form will belong to you and the Roc Bank Platform jointly, unless with explicit consent from the Bank, you shall not lend out your account or authorize access to your account by way of some technical means so as to allow any third party to collect, use or retain such information.
• Security event
  • Once a personal information security event indeed happens, pursuant to applicable laws and regulations, We will timely notify you of the basic information and possible impact of the event, measures we have or will take, advise on how you can prevent and reduce the risk and remedial measures available to you, etc. We will timely notify you of the particulars of the event by private message, SMS, phone call, mail or other means of contact as you have provided, and if not everyone can be notified, we will use reasonable and effective means to publish an announcement.
  • We will timely resolve system bugs, network attacks, virus attacks, network intrusions and other security hazards. When an event occurs that may endanger network security, We will timely take remedial measures in accordance with the contingency plan for network security events and report to relevant competent authorities as required.
  • We will bear the corresponding liability in strict accordance with law if your legitimate rights and interests are damaged as a result of unauthorized information access, disclosure, alteration or destruction arising from damages to our physical, technical or administrative protection facilities.

VIII. Cookies, etc.

In order to provide you with a better experience, when you access or use the Roc Bank Services, we may authenticate your ID through small data files so as to release you from repeatedly inputting your registration information or help find out your account safety status. These data files may be Cookies or FlashCookies or other Cookies provided by your browser or related applications. You understand that we cannot provide some service unless by using Cookies, and when permitted by your browser or add-on service, you may change the extent of acceptance of Cookies of the Bank or refuse Cookies of the Bank (the section of “Help” of most browsers will tell you how to prevent your browser from accepting new Cookies or completely shut down Cookies), but this may affect your safe access or use of the Roc Bank Platform.

You understand that these third parties may collect your personal information through their own Cookies when you access their web pages through the Roc Bank Platform, and such activities are not under our control and are bound by the privacy policy of relevant third parties rather than this Privacy Policy. Before using the service provided by a third party through Cookies, we advise you to carefully read the privacy policy of this third party. We also will conduct necessary review and make best efforts to require third parties to take measures to protect your personal information.

IX. How You Can Manage Your Information

We respect your concern with personal information and will provide the means for you to manage your personal information. You are entitled to access to, correct, delete, revoke and manage your information, and you need to back up relevant service data on your own and protect your privacy and security.

• Right to access and correct
  Unless under the exceptions prescribed by laws and regulations, we will do the best to ensure your smooth access to your personal information whenever you use our service. You are entitled to update or correct when such update is necessary or you find any error with respect to your personal information. You may access to and update or correct any personal information at any time in the following ways:
  • Log in to your Account to check your bank account information, transaction records, asset and revenue information under “Account Management”;
  • Log in to your Account to check your personal information under “Personal Information”. To change your personal information, you may contact our customer service staff at any time and change your personal information in accordance with relevant procedures;
  • Log in to your Account to change your log-in password, payment password and email address under “Settings”; or
  • If you intend update risk assessment information, directly contact our customer service staff and update your risk assessment information as instructed by the customer service staff
  For the purpose of your information security and our legitimate rights and interests, without our consent, you shall not use other ways or authorize any third party to access to or collect your personal information kept by the Roc Bank.
• Right to delete
  You may contact your customer service staff and request us to delete your personal information, provided that:
  • We process your personal information in a way violating relevant laws and regulations;
  • We collect and use your personal information without your consent;
  • We process your personal information in a way violating the agreement with you; or
  • We discontinue our operation and service.

  If we decide to respond to your deletion request, we will also notify the Associates that have obtained your personal information from us to timely delete the information, unless otherwise specified by laws and regulations or these entities have separately obtained your authorization.

  Upon deletion of your information from our service, we may not promptly delete the corresponding information from the backup system, but will delete such information when the backup is updated.

• Right to revoke
  • You can request to revoke some or all authorizations through the system authorization settings or means of contact provided by the Roc Bank.
  • Once you revoke your consent or authorization, we cannot continue to provide the service in connection with the revoked consent or authorization, and will cease to process your corresponding personal information. However, your revocation of consent or authorization will not affect personal information processing previously conducted on the basis of your consent or authorization.
• Right to deregister
  You may request to deregister your account through our online customer service system or our customer service hotline. You are advised to be prudent before you deregister your account, because you will not be able to use the service related to the Account once you do so. For the purpose of your or others’ legitimate rights and interests, we need to authenticate your ID before you deregister the account, and upon verification of your deregistration information, ID information, your use of the Roc Bank Platform and other particulars, we will timely process your deregistration request. Unless otherwise specified by laws and regulations, once your account is deregistered, we will cease to provide you the corresponding service, and will delete your personal information as requested or have it anonymized. With your explicit consent, we will continue to maintain your personal information so as to facilitate you to use the Roc Bank services later on and reduce the burden of re-registration.
• Administration
  • You can contact us in the means provided by the Roc Bank Platform when you cannot access to, correct, delete or revoke your personal information through above ways, or you cannot complete the application for account deregistration, or you have any doubt or question on our deregistration and use of your information. For the sake of security, we may ask you to submit a written request or otherwise prove your identity. Upon receiving your request and authenticating your ID, we will reply to you within the prescribed period (if any) or as soon as possible.
  • We will use commercially reasonable efforts to satisfy your needs with respect to personal information access, correction, deletion, revocation and administration. We may refuse the request that is repeatedly raised, or subject to excessive technical means, or harmful to others’ legitimate rights and interests or very unrealistic.
  • In principle, your reasonable request will be free of charge, but, for repeated or unreasonable request, we may charge a fee as the case may be.
• Exceptions
  Pursuant to relevant laws and regulations, we cannot respond to your request in the following cases:
  • It is directly related to national security and national defense security;
  • It is directly related to public security, public health or major public interest;
  • It is directly related to criminal investigation, prosecution or judgment;
  • There is solid evidence indicating your deliberate malice or abuse of rights; or
  • Response to your request may cause serious damages to your or other individuals or organizations’ legitimate rights and interests.

X. Amendment to this Privacy Policy

We may amend our privacy policy. We will publish any amendment to this Privacy Policy at this page.

In case of any major changes, we will show you the amended privacy policy in a pop-up when you log in, and only after you click th e “A g ree” b u tton in the pop-up will we collect, use, share and store your personal information in accordance with the amended privacy policy. For the purpose of this Privacy Policy, major changes mean:

• Major changes to our pattern of service, for example, purposes of personal information processing, types of personal information being processed, and ways of how personal information is used;
• Major changes to our ownership or organizational structure, etc., for example, owner changes due to business adjustment, bankruptcy, merger or acquisition;
• Major changes to your right to participate in personal information processing and ways of exercise of such right;
• Changes of contact details and where to complain in connection with personal information security, etc.; and
• Existence of high risk as indicated by personal information security assessment.

XI. How to Contact Us

• Channels of communication
  You can contact us in the following way when you have any query, opinion or suggestion with respect to this Privacy Policy, or you have any opinion or suggestion with respect to the collection, use, sharing, access, correction, deletion, revocation or deregistration of your personal information when you are using the Roc Bank Services, or you come into any problem when using the Roc Bank Platform.
  
  Email: contact@rocbank.com
• Special notice
  In some circumstances, in order to protect your personal information, we may ask you to submit a written request or otherwise to prove your identity. We will respond to your request within fifteen days upon receiving your request and authenticating your identity

XII. Miscellaneous

We are concerned with protection of personal information of minors. If you are under 18 years old, we will not provide service to you. If we find that we have collected your information, we will voluntarily delete relevant information.

This Privacy Policy shall prevail in case of any inconsistency or conflict between the provisions of this Privacy Policy and privacy protection or authorization clauses of any service agreement adopted by the Roc Bank Platform.

Relevant statutory or regulatory requirements shall prevail in case of any inconsistency or conflict between the provisions of this Privacy Policy and statutory and regulatory requirements concerning personal information.