Personal Information Protection Policy

Amended on: 06/19/2023

Effective on: 06/19/2023

Preface

The Personal Information Protection Policy is applicable to the e-CNY App (hereinafter referred to as “App”), e-CNY related Mini Programs and H5 pages (together hereinafter referred to as “Product”). The Product is jointly developed by authorized operators (Industrial and Commercial Bank of China Limited, Agricultural Bank of China Limited, Bank of China Limited, China Construction Bank Corporation, Bank of Communications Co., Ltd., Postal Savings Bank of China Co., Ltd., China Merchants Bank Co., Ltd., INDUSTRIAL BANK CO., LTD., Zhejiang MyBank Co., Ltd., Shenzhen Qianhai WeBank Share Limited Company, hereinafter referred to as “Operators” or “We”) who provide wallet opening and other wallet services, and is designed to offer technical support for e-CNY wallet services.

We fully understand the importance of personal information and we appreciate your trust. We will comply with the relevant laws, regulations, and regulatory requirements, and take appropriate security measures to protect your personal information based on mature security standards of the industry. Please read the Personal Information Protection Policy (hereinafter referred to as the “Policy”) carefully before using this Product.

This Policy will help you understand the following contents:

I. How we collect your personal information

II. How we store your personal information

III. How we use your personal information

IV. How we provide, transfer, and disclose your personal information to external parties

V. Exceptions to obtaining consent when processing personal information

VI. How we protect your personal information

VII. Your rights to manage your personal information

VIII. Protection of minor personal information

IX. Instructions on obtaining permissions

X. Scope of application of this Policy

XI. Modifications and amendments to this Policy

XII. How to contact us

XIII. Appendix

This Policy is designed to help you understand how we collect, store use and disclose your personal information when you use this Product, as well as the methods that we provided for you to view, update, delete, manage, and protect such information. Please make sure to read carefully and understand this Policy before using this Product, especially contents in bold. You shall not use our Product or services until you have fully understood and agreed to this Policy. If you have any doubts, comments, or suggestions regarding this Policy, you can contact us through the contact information provided in this Policy.

For the relevant terms used in this Policy, we will try our best to phrase them concisely and clearly to facilitate your understanding. Meanwhile, for the terms that may be significantly important to your legitimate interests and contents involving sensitive personal information, we have presented them in bold  form as a special reminder. You may refuse to provide us certain sensitive personal information, but it may limit your access to specific functions of this Product.

Please note that the e-CNY wallet services related to this Product are provided by the authorized operators who open the e-CNY wallets for you. Please read carefully and fully understand the policies on personal information protection of your respective authorized operators before using the e-CNY wallet services. In case of any doubts, comments, or suggestions regarding relevant policies on protection of personal information, you may contact the authorized operators through the contact information provided by them.

Please note that this Product is not designed for individuals located outside the People’s Republic of China (hereinafter referred to as “China”). We have no intention to provide services to such individuals nor will we process their personal information. If you are not located inside China or have left China, please opt out of the services provided by this Product and notify us.

I. How do we collect your personal information

For the sake of your normal use of this Product, we will collect certain personal information under the following circumstances:

(i) To provide you with services related to the account of the App

1. To determine whether you are qualified to sign up. E-CNY pilots in certain designated areas (please refer to information in the pop-up window during registration); customers who are located in specified regions or part of specified pilot programs are qualified to register. We need to determine whether you are in the pilot area based on the location information of your mobile phone or other devices (hereinafter referred to as “device”). If you do not provide us your location information (which contains your sensitive personal information) or do not allow us to record such information, you will not be able to register.

Due to abnormal location information of your device or other reasons, we may not be able to determine your location. In this case, we will provide your mobile phone number to your mobile phone carrier (China Telecom service hotline: 10000 / China Mobile service hotline: 10086 / China Unicom service hotline: 10010), and the mobile phone carrier will inquire about your located city information and return it to us.

2. App account registration. In order to ensure the security of your e-CNY wallet, you need to sign up for an App account before using this App. When you register an App account, you need to provide your mobile phone number , which will be used as the login username, and set your login password. Your login password will be stored in an encrypted form. We will send you an SMS verification code . Login password and SMS verification code contain your sensitive personal information. You may change the mobile phone number used for registration by going to “Me → More Settings → Account and Security → Login Username”, and change your password through “Me → More Settings → Account and Security → Login password”. If you do not provide the aforementioned information, you will not be able to use all the functions of this App. You can choose to create your exclusive profile photo. Yet, if you do not, all other functions will still be available.

3. Login password retrieval. As the login password is critical to your private personal data and the security of funds in the e-CNY wallet, we need to fully verify your identity before helping you to retrieve your login password. The authorized operator who opened the e-CNY wallet for you may verify your wallet payment PIN, identity information (including name, type and number of your valid identity document), as well as the facial information you provided to the App; if necessary, you need to upgrade your wallet to retrieve your login password. When upgrading your wallet, you may need to provide personal identity information (including name, type and number of your valid identity document), facial information and bank card information (including bank card number, mobile number linked to your bank account, SMS verification code) to the respective operators. Personal identity information, facial information and bank card information contain your sensitive personal information. If you do not provide such information, you will not be able to retrieve login password.

4. App unlock methods. You may set the unlock methods “Opening the App” or “Entering the payment page” by going to “Me → More Settings → Account and Security → App Unlock Method”. In case you choose to use Face ID or fingerprint to unlock, we will invoke the face ID or fingerprint ID that you have set on your device. We will only receive the verification results and will not collect any of your fingerprint ID or Face ID information. In case you choose to use “gesture password”, the gesture password you set will be saved to your current device locally. We will only collect the verification results and will not upload your gesture password to the server.

5. Customer service. Your authorized wallet operators will provide service to you when you submit a complaint, appeal or inquiry, or request to settle a dispute. We may need you to provide App account (mobile phone number) information, and cross check this information with personal information associated with your account to verify your identity. Meanwhile, you may need to provide the following personal information: name, mobile phone number and other contact information, city/region, for us to contact you or help you to solve the problems. In addition, we may also collect communication records between you and us (including text/picture/audio and video/call record) and other necessary information related to your requests. The purpose for collecting such information is to investigate and help you solve your problems. If you refuse to provide the aforesaid information, we may not be able to provide you with feedbacks on the complaints, appeals or inquiries in a timely manner.

In case we have not disclosed any particular function or product/service that needs to collect your personal information in this Policy, or in case we go beyond the scope that are directly or reasonably related to the purpose for which we claim to collect your personal information, we will, before collecting and using your personal information, explain to you about this separately via updating this Policy, page prompts, pop-ups, or other means that are convenient for you, and will provide you with optional consent methods, and collect and use the information after obtaining your explicit consent. In addition, the third-party may provide services to you through this product. When you enter the page of the service provided by the third-party, please note that the relevant service is provided by the third-party. If a third-party collects personal information from you, we recommend that you check their personal information protection policies carefully.

(ii) To secure your App account and e-CNY wallets

For the purpose of enhancing your App account and e-CNY wallet security, protecting your personal and property security against infringement, ensuring the safe and stable operation of the App, safeguarding against security risks such as phishing websites, fraud, network vulnerabilities, computer viruses, network attacks and network intrusion, and more accurately identifying violations of laws and regulations, we need to record your device information including International Mobile Equipment Identity (IMEI, IMSI), Media Access Control (MAC), device location information, Identifier For Vendor (IDFV), Universally Unique Identifier (UUID), device serial number, Android_ID, equipment model, system type, operating system version number, screen features, manufacturer modeland GPU information; network information including IP address, Wi-Fi information, Internet access type, base station ID, network type and SIM card information; device environment information including CPU usage, memory usage, device usage status, local environment security status and App install information; information regarding the using of this App including the version number, the time and frequency at which buttons are clicked, the values of some key configurations and software crash log, as well as other log information related to our services. If you do not give us permission to record the aforementioned information, it may affect the security verification of your operating environment and your user experience.

(iii) To provide you with e-CNY wallet services

The e-CNY wallet services will be provided by the authorized operators through this Product, with whom you opened the e-CNY wallets. When you enter the e-CNY wallet service page, please note that the services are provided by the respective operators. Please read carefully and fully understand the policies on personal information protection of the respective operators when opening/adding e-CNY wallets. Please refer to Appendix I for the notice on collecting important personal information through this Product by your respective authorized operators. To learn more about personal information protection policies of respective authorized operators, please go to: “Me → More Settings → Privacy → Personal Information Protection Policy”.

To make sure you will be able to use e-CNY wallets linked to your App account, we will record all e- CNY wallet ID s linked to your App account (i.e. your mobile phone number). E-CNY wallet IDs are sensitive personal information, if you do not allow us to collect the aforementioned information, you will not be able to link any e-CNY wallets to this App.

(iv) Other purposes

To the extent permitted by laws and relevant regulations, we may anonymize, aggregate, desensitize, de-identify and encrypt your personal information and use such processed data to form statistical analysis or indirect user profiles (statistical analysis and indirect user profiles cannot be used to identify any specific individuals). In case we use your information for other purposes not specified in this Policy, or use the information collected for specific purposes for other purposes, we will seek your prior consent.

II. How we store your personal information

Personal information collected or generated in the People’s Republic of China will be stored in the People’s Republic of China pursuant to applicable laws and regulations.

If it is deemed necessary to transmit relevant personal information collected in China to overseas institutions to process cross-border businesses, we will carry out security assessment in accordance with laws, administrative regulations, and the provisions of relevant regulators. Besides, we will inform you the purpose on transmitting the information out of China, categories of personal information involved, name of the foreign receiving parties, their data security capability as well as possible security risks, and obtain your explicit consent. Furthermore, we will clarify the obligations and responsibilities of the parties by signing agreements, conducting supervision and verifications, perform security audits and take other effective measures, and require the overseas institutions to keep the personal information obtained confidential. We will ensure that your personal information is adequately protected by means such as anonymization, de-identification, encrypted storage, etc.

We will store your personal information for the shortest time period necessary for fulfilling the purposes described in this Policy and within the time limit mandated by applicable laws and regulations. In case you close your account, your personal information will be deleted or anonymized within 15 working days, unless the retention period mandated by applicable laws and administrative regulations has not expired, or deletion is technically infeasible. In such circumstances, we will cease to process your personal information other than retention and taking necessary protection methods.

In case we cease to provide this Product or related services, we will notify you of the cessation individually or through an announcement, immediately stop collecting your personal information, and delete or anonymize the personal information we have stored.

III. How we use your personal information

In order to comply with the relevant laws, regulations, and regulatory requirements, and provide you with services and improve service quality; secure your account, e-CNY wallet and fund safety, we will use your personal information under the following circumstances:

1.To realize certain purposes of Section I of this Policy “How we collect your personal information”.

2.To secure your App account and e-CNY wallet safety, protect your personal and property security against infringement, ensure the safe and stable operation of the App, we will use your information for identity verification, customer service, security protection, risk alerts, transaction monitoring, prevention or prohibition of illegal activities, archiving and filing purposes.

3.To report to relevant competent authorities according to applicable laws and regulations.

4.To help us understand how you use this Product, or to invite you to participate in user survey.

5.To desensitize, de-identify or anonymize your personal information and use such processed data to form statistical analysis, in order to provide you with more accurate, personalized, quick and convenient services, or to help us evaluate and improve our services.

6.For other purposes as agreed or authorized by you.

If we want to use your personal information for other purposes not stated in this policy, or beyond the scope that is directly or reasonably related to the stated purpose of collecting your personal information, we will ask for your consent again prior to using your personal information, according to applicable laws and regulations, and in the form of agreements confirmation, click confirmation actions under specific scenarios, etc., except in cases where the laws and regulations do not require the consent of the individual.

IV. How we provide, transfer, and disclose your personal information to external parties

(i) Provide your personal information to the third party

We are committed to keep your information strictly confidential. We will only provide your information to a third party under the following circumstances. To the extent necessary to provide your information to a third party in order to provide services to you, we will evaluate the legality, legitimacy, and necessity of collecting the information by the third party. We will require the third party to take protective measures for your information and strictly abide by applicable laws, regulations, and regulatory requirements. In addition, we will ask for your explicit consent in the form of agreement confirmation, text confirmation under specific scenarios, pop-up notice, etc., or require the third party to seek your separate consent in accordance with applicable laws, regulations, and national standards, except where your consent is not required under applicable laws, regulations and national standards.

1. We may provide necessary personal information to a third party when cooperating with it to provide you services. Some products or services may be provided by third parties. Thus, we may provide necessary personal information to such third parties in order to provide you with the products or services you require. When you choose to use the relevant products or services, we will provide necessary information to the cooperative provider for the purpose of delivering the services to you according to the relevant agreement you have signed with such provider, and you may check the personal processing information in the corresponding business service agreements and the specific scenario page prompts. In order for you to receive notification push, use map services and other third-party services, our App will embed Software Development Kit (SDK) or similar applications from authorized partners. You may tap Appendix II to view the name, provider, purpose and type of personal information collected by these third-party SDKs. Before you use the services provided by the third party, please confirm that you have fully understood the rules of that third party related to collection and usage of personal information. If you need help, please consult the customer service of that third party. Please note that the above developer documents or privacy policy links are generated and published by the respective SDK developers/providers. The links and the page contents of the links may be changed or adjusted by the respective SDK developers/providers to the extent permitted by law. Please refer to the latest link and the content of the links published by the relevant SDK developer/provider. As some SDK developers/providers do not provide online documents, we are unable to provide links to the privacy policies of all third-party SDK development documents.

2. We may provide the necessary personal information to the third party when you use third-party services with e-CNY App account. When you use products or services in the e-CNY App provided by third party entities through Mini Programs or other applications, we will pass your user number and relevant page prompt information to the third party based on your authorization of the specific scenario. You may check the personal information processing information in the corresponding business service agreement, personal information protection guideline, and specific scenario page prompt.

3. We may provide our affiliates with necessary personal information for them to provide services to you or to us. We may provide your personal information to our affiliated parties in cases they provide services to you or to us. However, we will only provide necessary personal information and will explicitly inform you of such affiliated parties. We will make it clear to our affiliated parties that their processing of your information shall be subject to this Policy. In case the affiliated party wants to change the purpose for which your personal information is processed, they will ask for your consent again.

4. We may provide your personal information to a third party according to laws and regulations, legal procedures, litigation disputes resolution purposes; or according to mandates made by administrative, judicial, and other competent authorities according to applicable laws and regulations. The scope of personal information provision will be subject to laws and regulations and mandates made by relevant competent authorities.

5. We will, to the extent permitted by laws and regulations, share any personal information deemed necessary to respond to public health emergencies or emergencies related to the protection of life, health and property security of natural persons, except where the provision of your personal information is explicitly prohibited by any laws and regulations.

6. Unless we obtain your explicit authorization and consent, we will not provide your personal information to a third party. We may provide such information in a compiled, anonymized form, or in a manner that cannot be used to identify you to third parties.

(ii) Transfer

We will not transfer your personal information to any other company, organization or individuals, except in the following circumstances:

1. As the business develops, we and our affiliated parties may carry out mergers, acquisitions, asset transfers or other similar transactions. In the case where the relevant transaction involves the transfer of your personal information, we will require the company, organization and individual who will possess your personal information in the future to continue to be subject to this Policy, or we will require them to re-obtain your consent.

2. To the extent explicitly agreed by you, we will transfer your personal information we have obtained to other parties.

(iii) Public disclosure

We will only publicly disclose your personal information under the following circumstances:

1. We have obtained your explicit consent.

2. We may publicly disclose your personal information if mandated by law, legal procedures, litigation, or government authorities. However, we guarantee that in case of the above circumstances, we will require the requesting party to produce the relevant valid legal documents, and will take security protection measures for any information disclosed in accordance with laws and industry standards to the extent permitted by laws, regulations, and relevant national standards.

3. Other circumstances mandated by laws and regulations.

V. Exceptions to obtaining consent when processing personal information

We may, in accordance with relevant laws, regulations, and national standards, process your personal information pursuant to applicable laws without obtaining your prior consent under the following circumstances:

1. where it is necessary for the conclusion and performance of a contract to which you are a party.

2. where it is necessary for the performance of statutory duties or obligations.

3. where it is necessary for coping with public health emergencies or for the protection of your life, health, and property safety.

4. where such acts as news reporting and public opinions supervision are carried out for the public interest, and the processing of personal information is within reasonable parameters.

5. any personal information publicized by you or has been legally publicized will be processed within reasonable parameters in accordance with the Personal Information Protection Law .

6. other circumstances specified by laws and administrative regulations.

VI. How We Protect Your Personal Information

We have adopted security protection measures that are in conformity with industry standards to protect the personal information you provided to prevent unauthorized access, public disclosure, use, modification, damage or loss of data. We will take all reasonable and feasible measures to protect your personal information. We are committed to strictly follow any applicable national regulations to ensure user information security protection. To ensure your information security, we will utilize the necessary security technology and supporting management system to prevent any leakage damage or loss of your information.

1. We will establish internal departments for personal information protection and accept public supervision.

2. We will establish information security guarantee policies and take technical and other necessary measures to ensure your personal information security as mandated by applicable laws, regulations and standards such as the Civil Code, Personal Information Protection Law, Cybersecurity Law, and Cryptography Law .

3. We will transfer and store any identifiable personal identity information and personal sensitive information in an encrypted manner to ensure data confidentiality.

4. We will adopt authorized access control technical security measures and multi-factor authentication techniques to protect your personal information and avoid illegal use of data.

5. We will be subject to assessment and inspections regarding information security by relevant national agencies on a regular basis. We will only allow access to personal information by employees and third parties on a need-to-know basis and at the same time, require all personnel who may have access to your personal information to fulfill corresponding confidentiality obligations. If they fail to fulfill these obligations, either they may be prosecuted by law or their cooperation with us may be terminated.

6. We will adopt the principle of minimum and necessary authorization for any personnel who may have access to your personal information, and check the access personnel lists and access records on a regular basis.

7. Our server systems to store users’ personal information are security reinforced operating systems. We will conduct security audits and operation monitoring on these servers. If there are any external announcements regarding security problems of the server operating systems, we will complete security upgrades on any affected server as soon as feasible to ensure the safety of server systems and applications.

8. We will administer training on personal information protection laws and regulations on a regular basis to raise staff awareness regarding user privacy protection, and systematically monitor staff actions related to handling of your personal information.

9. In the unfortunate event that our physical, technical or management preventive measures are damaged, we will invoke emergency response protocol in a timely manner to prevent the security incident from worsening, submit it to the national competent authorities as mandated by laws and regulations, and adopt reasonable and effective measures such as push notifications, announcements to inform you of basic details regarding the security incident, possible impacts, measures that have been taken or will be taken, etc.

10. We  will use our best efforts to guarantee the security of any information you send to us. However, please understand the systems and communication networks that you use to access our services may have problems due to factors beyond our control. When you use e-mails, SMS, etc. to carry out information exchange with other users, you might not be certain whether the transmission of information by third-party software is fully encrypted. Therefore, please pay attention to ensure the security of your personal information. We suggest you not to send personal information via methods of such kinds to avoid divulging your personal information. Please use sophisticated passwords to assist us to guarantee the security of your e-CNY wallets and personal information.

VII. Your Right to Manage Your Personal Information

We take your personal information seriously and will do our best to protect your legal rights, including viewing, correcting, deleting, withdrawing and canceling your personal information. During your use of this product, you may view and manage your personal information using the following methods:

i. View and correct your personal information

You may view and modify the mobile phone number used to register the App account by going to “Me→More Settings→Account and Security→Login Username”; view, save and modify your profile photo by going to “Me→profile photo on the upper-left corner”; modify App account password by going to “Me→More Settings→Account and Security→Login Password”; view and modify the default receiving wallet of your choice by going to “Me→Payment Settings→Send and Receive Money Settings→Set Default receiving wallet”.

ii. Delete your personal information

Under the following circumstances, you have the right to request us to delete your personal information, except in cases where data has been anonymized, retention period stipulated by applicable laws and administrative regulations has not expired, or it is technically infeasible to delete such personal information:

1. the purpose for processing your personal information has been realized, cannot be realized, or is deemed no longer necessary.

2. we have ceased the provision of products or services to you, or the retention period for your personal information has expired.

3. you have withdrawn your consent to our handling of your personal information.

4. we have violated applicable laws, administrative regulations or agreements while handling your personal information.

5. Other circumstances stipulated by laws and administrative regulations.

You may contact us to request deletion of your personal information via contact information provided in Section XII of this Policy, and we will complete checking and resolving processes within 15 working days.

iii. Close your App account

You may close your App account at any time by going to “Me→More Settings→Account and Security→Close Account”. Please note that if you choose to close your account, in order to guarantee the security of your personal property, you must cancel the e-CNY wallets opened or added with this Product first, otherwise you will not be able to complete with the closure process.

Once the closure is complete, you will not be able to use the account, and we will cease to provide this Product for you. Except for cases prohibited by laws or regulations or it is technically infeasible to delete your personal information, all information related to the account will be deleted or anonymized within 15 working days.

iv. Withdrawal of your consent or authorization

You may withdraw your consent to the collection and use of your personal information by turning off respective functions on your device. With respect to this Product, you may stop us from using your location, face ID, camera, album or other permissions in system settings on your device. The display and disabling of permissions may not be the same in different device systems, please refer to device or system developer specifications or instructions for more details.

Please understand that the realization of every business function requires some basic personal information (see Section I of this Policy). Upon your withdrawal of consent or authorization, we will not be able to provide you with the respective services, and will no longer process the corresponding personal information. However, your decision to the withdrawal of consent will not affect any previous processing of your personal information carried out based on your previous authorizations.

v. Personal information rights of deceased users

After the death of a user (natural persons only) of this Product, except in cases the decreased user has made other arrangements, their close relatives may exercise relevant rights such as the right to view, copy, correct and delete personal information related to his/her App account for their own legal and legitimate interests by using contact information listed in Section XII  of this policy.

You understand and confirm that in order to fully protect the personal information rights and interests of the deceased user, the close relatives of a deceased user applying to exercise the rights outlined in this article shall submit any relevant documents and specify the types and purposes of the rights they wish to exercise according to our designated process or customer services instructions.

vi. Responding to your request

In order to guarantee security, we may require you to be subject to identity verifications first before handling your requests. You may need to provide a written request or prove your identity by other means. Regarding all requests made under this section, in principle, we will resolve your request within 15 working days upon receiving your requests and verifying your identity.

We may reject repeated requests without legitimate reasons, request that require excessive technical means (for example, requiring the development of new systems or fundamental modifications to existing practices), carrying risks to legitimate interests and rights of others, or requests that are very impractical.

Under the following circumstances, we will not be able to respond to your requests mentioned above as mandated by laws and regulations:

1. situations related to our fulfillment of obligations stipulated by laws and regulations.

2. directly related to national security and national defense security.

3. directly related to public security, public health, and major public interests.

4. directly related to the criminal investigation, prosecution, trial, execution of judgments, etc.

5. we have sufficient evidence to indicate your subjective malice or abuse of rights (for example, your request will jeopardize public security and the legitimate interests and rights of others, or your request is beyond the coverage of general technical means and commercial costs).

6. for the purpose of protecting your or others’ life, property or other major legal rights and interests but when it is difficult to obtain your consent.

7. responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals and organizations.

8. involving trade secrets

9. other circumstances stipulated by laws and regulations.

VIII. Personal Information Protection of Minors

If you are a minor under 14, you shall use this Product (or services) accompanied by your guardian. You or your guardian may refer to the Children’s Personal Information Protection Policy . Before a minor registers this Product, it shall be confirmed that he/she has obtained his/her guardian’s consent to this Policy and the Children’s Personal Information Protection Policy, and complete registration under the guidance of his/her guardian. If you are the guardian of a minor, you may contact us using the contact information stated in Section X of this Policy if you have any questions regarding personal information of the minor under your guardianship.

IX. Instructions on Obtaining Permissions

The e-CNY wallet services will be provided to you by the authorized operators through this Product, and they will ask for your permissions related to the provision of e-CNY wallet services in this Product. Please refer to the following table for the respective permissions and function/business use cases (Purpose of request):

Function/Business Use Cases Use Case Description Access Permissions
1. App account registration
2. Q-wallet
3. Security protection
To determine whether you are in the pilot region and qualified to register. For merchants not located in your region, their display priority on the Q-wallet page will be lowered. Location information will be used for account, transaction and other security protections, and risk prevention. Access to your location
1. Scan to Pay
2. Submit images in help and feedbacks
3. Remove wallets
Scan to Pay requires access to photos stored on your device to scan photos in your albums; help and feedbacks requires access to photos stored on your device to upload any local images; after you remove wallets, you can choose to save your wallet information as a photo in your device albums. Access to photo albums (iOS system), access to read and write to store (Android system)
1. Scan to pay
2. Scan bank cards when binding
3. Scan ID documents for entering identity information.
4. Facial verification for verifying your identity or if an operation is done by you.
Scan to pay needs to use your camera function; camera function is required for scanning bank cards during the binding process; camera function is required to scan your ID documents when processing identity information for identity verified wallets related operations; camera function is required to verify your identity or if an operation is done by you. Camera access
1. Transfers using mobile number
2. Send Cash Red Packet
Access to your contact list is required to select mobile numbers saved on your phone when making transfers or sending Cash Red Packets; system contact list will only be displayed to user, selected mobile number will be auto filled and your contact list will not be uploaded. Access to contacts list
Ensure account and transaction safety, complete security risk control To safeguard against risks such as account theft, we will use your mobile network to approximate your location. Mobile network information (Android system)
Ensure account, transaction safety, complete security risk control To enhance the security of your App account, we will collect unique identifier of your mobile device. Phone status (Android system)
Transaction alerts and important information notifications To send the transaction alerts and important information notification to your mobile device. Notification permissions
1. Account login
2. Wallet payment
3. Secure unlock
When unlock with face ID or fingerprint ID, we will use the face ID or fingerprint ID that is stored on your device. We will only check the verify outcome, and will not collect your face ID or fingerprint ID. Face ID (iOS system), fingerprint ID (iOS system)

X. Scope of Application of This Policy

This Policy only applies to this Product, and it does not apply to the following situations:

1. Information collected by third-party products (or services) when this Product (or service) is embedded into the third-party products (or services).

2. Information collected by third-party services embedded in this product (or service), other companies, organizations, or individuals.  

XI. Modifications and Amendments to This Policy

Modifications may be made to this Policy. Without your express consent, we will not limit your rights specified under this Policy.

Regarding major changes to this Policy, we will also provide pronounced notice (for example, you will be informed by pop-up windows when the software is revised or upgraded, or when you log in again). If you do not agree with the updated Policy, you are entitled to opt out of the relevant services.

Major changes referred to in this Policy include but are not limited to:

1. major changes to our service model, such as the purpose of processing personal information, the types of personal information processed, and the ways in which personal information are used, etc.

2. major changes to our control rights, etc., such as the change of ownership induced by merges and acquisitions, etc.

3. disclosure or transfer of personal information, or changes to the subjects we share.

4. major changes to your rights of participating in personal information processing or the method with which you exercise such right.

5. changes to the department responsible for handling personal information security, contact information or complaint channels.

6. when the personal information security impact assessment report indicates the existence of high risks.

If the terms and conditions separately agreed between you and us on personal information processing are inconsistent with this Policy, the separate agreement between you and us shall prevail.

You may view this Policy in the App through “Me → More Settings → Privacy → Personal Information Protection Policy ”, or go to Mini Programs &H5 login page as well as red packet claiming result page. We encourage you to check the personal information protection policy each time you use this Product.

XII. How to Contact Us

If you have any questions, comments, suggestions or complaints about this Policy and the processing of personal information, please contact us using one of the following methods:

Customer service hotline: 956196  Hours of operation: 8:00 – 22:00

Under normal circumstances, we will resolve your requests within 15 working days. To ensure efficient handling of your questions and provide feedbacks in a timely manner, we may require you to submit proof of identity, valid contact information, written requests and relevant evidences in certain cases, and we will handle your request after verifying your identity.


The E-CNY Mini-Program Privacy Protection Guidelines displayed on WeChat, QQ and other platforms are automatically generated by the relevant platforms. In case of discrepancy, this Personal Information Protection Policy shall prevail.

XIII. Appendix

The special terms and key words covered in this policy are as follow:

1. Personal Information: all kinds of information related to identified or identifiable natural persons recorded by electronic or other means, excluding information after anonymization.

2. Sensitive Personal Information: any personal information that, once leaked or abused, could seriously endanger personal and property safety, including biometrics, religious beliefs, medical health, financial accounts, individual location tracking, as well as information of minors under the age of 14 and other information.

3.Personal Identity Information: name, type and number of your valid identity document or other information related to personal identity.

4. De-identification: the process by which personal information is processed so that it cannot be used to identify a specific natural person without the aid of additional information.

5. Anonymization: The process by which personal information is processed in such a way that it cannot be identified with a specific natural person and cannot be recovered.

6. SDK: Software Development Kit, an embedded technical tool that provides an interface or collects information in support of a specific function.