[Note] Please carefully read the Personal Mobile Banking Information Protection Policy of Industrial and Commercial Bank of China (especially those in bold), and make sure that you have been aware of the Bank’s rules on handling your personal information. If you disagree to any term of the Protection Policy, you should immediately stop access to the customer APP operated by ICBC.
Contents:
I. Personal Information Protection Guide and Product Introduction
II. Information Collected by the Bank and Necessary Authority
III. Information Storage
IV. Information Security Protection
V. Way of Information Use
VI. Management of Personal Information
VII. Provision of Information
VIII. Use of Positioning Information
IX. Information Protection for Minors
X. Notification and Modification
XI. How to Contact the Bank

This Protection Policy will help you understand the following contents:
I. Personal Information Protection Guide and Product Introduction
The Industrial and Commercial Bank of China (the “Bank” or “ICBC”, registered address: 55 Fuxingmennei Avenue, Beijing, China) attaches great importance to the protection of personal information. When you use ICBC’s online products and/or services, the Bank may collect and utilize your related information. Through the Personal Mobile Banking Information Protection Policy of Industrial and Commercial Bank of China, the Bank hopes to let you know how it collects, utilizes, stores and shares the information when you use our products and/or services, and the way of access to, update, deletion and protection of such information that the Bank provides to you.
Introduction to “ICBC Mobile Banking” Products:
ICBC has developed a customized mobile banking App for you, providing you comprehensive mobile banking services and good customer experience, and enabling you to handle account inquiry, transfer and remittance, foreign exchange trading, time deposit and other daily banking services.
The App applies to the customers of the following overseas institutions: ICBC (Asia), ICBC (Macau), Tokyo Branch, Hanoi Branch, Madrid Branch, ICBC (Canada), ICBC (London), Singapore Branch, ICBC (Thai), ICBC (New Zealand), ICBC (Malaysia), Vientiane Branch, Phnom Penh Branch, ICBC (USA), ICBC (Indonesia), Sydney Branch, Seoul Branch, etc.

 

II. Information Collected by the Bank and Necessary Authority
When you use “ICBC Mobile Banking” services, the App will collect, in a way set out below, the information provided by you when using such services or generated due to use of such services, so as to render services to you, optimize the Bank’s services and ensure your account security:
2.1 When you register “ICBC Mobile Banking” services, the Bank will collect your account picture and mobile phone number, for the purpose of helping you complete registration, protecting your App account security and rendering relevant services. If you do not provide such information, you possibly cannot use our services normally.
2.2 When you use “ICBC Mobile Banking” services, the Bank will collect the following log information in order to ensure you use our services normally, safeguard the normal operation of our services, improve our services and protect your account security:
Equity model number, operating system, unique equity ID (or Android ID), clipboard information, equity MAC address, equity IMEI, log-on IP address, way of network access, type and state, network quality data, equipment accelerator (e.g. gravity sensing equipment, etc.), operation log, system parameters, application permission, installed application information or running process information, service log, etc.
Such information is the basic information that must be collected to render services.
2.3 When you use the "ICBC e Account Link" function services, in order to ensure your normal use, the Bank needs to obtain the data information of your "name, ID type/ID number, date of birth, account number/balance, transaction details and credit card bill" with the Bank in the territory of China, conduct identity consistency verification for you, and provide the "ICBC e Account Link" function services. Relevant information will be transmitted in an encrypted and secure manner. The Bank will strictly abide by laws, regulations and regulatory requirements and promise to process your personal information only within the scope of authorization. You can close the service function and revoke the authorization through the "ICBC e Account Link" column of the international version of mobile banking. The aforementioned information is personal information necessary for the development of “ICBC e Account Link” product services. If you refuse to provide it, you may not be able to use the product services.
2.4 When you use “ICBC Mobile Banking” services, the Bank may require you to grant the following personal authorities to it in order to ensure you use our services normally, safeguard the normal operation of our services, improve our services and protect your account security:
Camera: QR code scanning, face identification, check image scanning, bank card scanning and other functions.
Album: Storage of and access to QR code pictures and identity certificate pictures, and other functions.
Positioning: Getting a user’s location, automatically providing corresponding regional services and outlet map, and other functions
Fingerprint/FaceID: Log-on or micropayment certification and other functions.
Address book: Used to provide services related to the necessary mobile phone number more simply.
Clipboard: Used for quick transfer. 
Bluetooth: Used to obtain the mobile phone name.
Microphone/recording: Used for voice search and intelligent customer service. 
Siri: Used to process remittance requests through Siri.
Such authorization information is sensitive information. Refusal to provide such information will not only disenable you to use corresponding authorization functions, but also affect your normal use of other App functions.
2.5 According to relevant laws, regulations and regulatory rules, in the following circumstances, the Bank may collect and use your related personal information without your authorization or approval:
(1) Information directly relating to national security and defense and other national interests; information directly relating to public security, public health, public right to know and other major public interests;
(2) Information directly relating to criminal detection, prosecution, judgment and execution of judgment;
(3) For the purpose of safeguarding your or other persons’ life, property, reputation and other major legitimate rights and interests, for which personal consent is hard to obtain;
(4) The personal information collected is made public by you;
(5) The personal information collected from the information disclosed to the public according to law, including legal news report, government information and other channels;
(6) Information necessary for signing and executing a contract according to your requirements;
(7) Information necessary for maintaining the safe and stable operation of products or services provided, e.g. finding and handling product or service failure;
(8) Other circumstances as stipulated by laws, regulations and regulatory rules.
(9) Other circumstances related to the performance of the obligations set out in laws and regulations.
Please make sure that the functions and services the Bank provides to you will be updated and developed from time to time. If a certain function or service is not included in the above description and the Bank has collected your information, the Bank will inform you of the content, scope and purpose of information collection by page prompt, interactive process and announcement on website, and solicit your express consent or authorization.

 

III. Information Storage
The Bank will properly store your personal information according to relevant laws, regulations and regulatory rules of China and the countries (regions) where the Bank operates.
Generally, the Bank only keeps your personal information for a period necessary for realizing customer services, e.g.:
Mobile phone number: If you need to use the “ICBC Mobile Banking” service, the Bank needs to keep your mobile phone number all the time. When you cancel your mobile banking account, the Bank will delete the corresponding information.
User account picture: If you need to use “ICBC Mobile Banking” services, the Bank will keep the account picture uploaded by you, and will delete it after you change your account picture.
In case of suspension of our products or services, the Bank will inform you by notice, announcement, etc., and will delete your personal information or make it anonymous within a reasonable time limit according to relevant laws and regulations.

 

IV. Information Security Protection
The Bank strive to provide guarantee for users’ information security, so as to avoid information loss, improper use, and unauthorized access or disclosure.
The Bank will take various security protection measures to ensure information security within a reasonable security level. For example, the Bank will protect your personal information by encryption technique (e.g. SSL), anonymous processing and other means.
The Bank will constantly improve technical means to strengthen the security capability of the software installed to your devices, and prevent the leakage of your personal information. For example, the Bank will complete encryption of part of information in your local devices for the purpose of transmission security.
The Bank will establish special management rules, processes and organizations to safeguard information security. For example, the Bank will strictly restrict the scope of persons with access to information, and require them to observe confidentiality obligations and conduct audits.
If security events, including personal information leakage, occur, the Bank will initiate an emergency plan to prevent the deterioration of such events, and inform you by notice, announcement, etc.

 

V. Way of Information Use
In order to ensure service security and give the Bank a better knowledge of the operating status of our application programs, the Bank may record relevant information, including your application program use frequency, crash data, overall use condition, performance data and sources of application programs. The Bank will not combine our information stored in the analysis software with any personal identity information that you provide to the application programs.
The Bank will not use the “address list”, “photos” or information on other APIs with access to user data to create the database of your contact persons for self-use or distribution to a third party, nor will the Bank collect other Apps installed in your device for the purposes of, among other, analyzing or launching advertising/marketing. Meanwhile, the Bank will not contact you by the information collected via the “address list” or “photos”.
If the Bank uses your personal information in excess of the purposes stated at the time of collection and the scope of direct or reasonable association, before using such information, the Bank will inform you by online notice or other means and obtain your express consent or authorization.

 

VI. Management of Personal Information
6.1 Inquiry about, correction, update and deletion of personal information. You can inquire about personal information related to the “ICBC Mobile Banking” service through outlets of the Bank’s corresponding overseas institutions, and file an application to an outlet for updating personal information, unless otherwise provided by laws, regulations and regulatory requirements. You can also inquire about your personal information through the “ICBC Mobile Banking” client. As the Bank provides services to different countries (regions), the Bank will offer the function of modifying personal information online according to local laws, regulations and regulatory requirements. In countries (regions) that allow personal information to be modified online, you can update, through the “ICBC Mobile Banking” client, the personal information that can be modified online according to laws, regulations and regulatory rules.
You can ask the Bank to delete personal information in the following circumstances:
(1) You believe that the Bank’s processing of personal information violates laws, regulations and regulatory requirements.
(2) You believe that the Bank has collected and used your personal information without your consent.
(3) You have no longer used the Bank’s products or services, or you have cancelled your account.

6.2 Scope of inquiry and change of authorization. You can use a mobile phone to inquire about the permissions granted to the “ICBC Mobile Banking” client to use your camera, album and positioning, or read your fingerprint/face ID, etc., and change or cancel the corresponding permissions at any time. Refusing to grant these permissions will prevent you from using the corresponding features in the client, but will not affect your normal use of other features of the client. You can also use the “ICBC Mobile Banking” client to inquire about and modify various settings you have made to facilitate relevant services. Before you modify your personal information, the Bank will verify your identity. After logging on to the “ICBC Mobile Banking” client, you can perform the following operations.
Personal information setting——Allow you to change name, address, occupation, email address, account picture, etc. without prejudice to local laws, regulations and regulatory rules.
Security device management——Allow you to bind, unbind and view security devices, etc.
Logon management——Provide you with the logon-related setting functions, including enabling or disabling the fingerprint/face and gesture password logon methods, modifying the logon password, setting the gesture password, etc.
ICBC Messenger——You can enable or disable local ICBC Messenger message push and set different types of ICBC Messengers. If you choose to enable it, the system will record your device information.
Account management——You can set an alias for an account in account management.

6.3 Cancellation of user. A registered user of our e-banking can cancel e-banking through our counter, e-banking or other channels. After cancellation, you will no longer be able to log on to the “ICBC Mobile Banking” client. Your cancellation of e-banking is irrevocable. Once you have cancelled your e-banking, the Bank will no longer collect your personal information via the “ICBC Mobile Banking” client, and will delete all information regarding you, unless otherwise stated by laws, regulations and regulatory requirements on the storage time of personal information. You can also choose to uninstall or stop using the “ICBC Mobile Banking” client. After uninstalling or stopping using it, the Bank will no longer obtain personal information that may arise, such as transaction information and behavior information.
Please note that if a registered user of our e-banking only deletes the “ICBC Mobile Banking” client in the mobile device without cancellation of e-banking, the Bank will not cancel your registration status and all the information about you will not be deleted.
6.4 Response to your above requests. If you cannot access, update, or delete your personal information through the above methods, or you believe that the Bank has improperly obtained or used customer information or violated your agreement on personal information, you can directly contact the Bank by calling the customer service hotline of ICBC’s overseas institution with which you have opened an account or via the “Contact Us” function of the client. The Bank will actively responds to your request to the extent permitted by laws, regulations and regulatory requirements. The Bank may first verify your identity before responding to your request. The Bank may reject some repeated requests or the requests that many bring risks to other persons’ legitimate rights and interests, or unrealistic requests.
Notwithstanding the above provisions, ICBC may not be able to respond to your requests in the following circumstances as per relevant laws, regulations and regulatory requirements:
(1) Where it is related to the fulfillment of the obligations set out in laws, regulations and regulatory requirements by the controller of personal information;
(2) Information directly relating to national security or defense;
(3) Information directly relating to public security, public health and other major public interests;
(4) Information directly relating to criminal detection, prosecution, judgment and execution of judgment;
(5) Where the controller of personal information has sufficient evidence that you have the subjective act of bad faith or abuses rights;
(6) For the purpose of safeguarding your or other persons’ lives, property and other major legitimate rights and interests, for which it is difficult to obtain personal consent;
(7) Where response to personal information owner’s requests may result in serious damages to the legitimate rights and interests of personal information owner or other persons and organizations;
(8) Where business secrets are concerned;
(9) Other circumstances required by competent authorities or laws, regulations and regulatory rules of the countries (regions) in which ICBC’s overseas institutions are located.

 

VII. Provision of Information
7.1 Disclosure to the public
The Bank will not make public the personal information the Bank collected. If the Bank must disclose it to the public, the Bank will inform you of its purpose, the type of information to be disclosed and sensitive information possibly involved, and solicit your express consent or authorization by online notice or other means.
7.2 Third-party SDK services
When you use ICBC Mobile Banking’s functions or services, in certain specific usage scenarios, ICBC may use software development kit (“SDK”) provided by third-party service providers with corresponding business qualifications and capabilities to render services to you, and the third-party service providers may collect your necessary information. Relevant third parties directly obtain relevant information needed to satisfy the service in accordance with the general principles output by their SDK, and do not share your personal information with the Bank. The Bank will not obtain or store such information on its own initiative.It mainly includes:(1) SDK pushed by Huawei. In order to promptly push notification messages to users of Huawei mobile phones, the Bank uses the SDK pushed by Huawei. The SDK needs to obtain the unique logo information of your mobile terminal and the subscription relationship information of the watch list to implement the APP push services.(2) SDK pushed by Xiaomi. In order to promptly push notification messages to users of Xiaomi mobile phones, the Bank uses the SDK pushed by Xiaomi. The SDK needs to obtain the unique logo information of your mobile terminal, operating system version and language, model, regional settings, system type and network type of mobile phones, so as to implement APP push service.(3) Baidu positioning SDK. In order to provide you with position-based services, the Bank uses Baidu's positioning SDK. The SDK needs to obtain your mobile terminal's unique identification information, latitude and longitude information, and operating system version to implement the positioning function. Relevant functions will be provided with your authorization to use positioning information. If you do not grant the authority, it will only affect the use of such functions.(4) SDK of Hong Kong Transunion Consulting Co., Ltd. In order to provide e-account opening services to users in Hong Kong, the Bank uses the SDK of Hong Kong Transunion Consulting Co., Ltd. If you apply for this services, the SDK needs to obtain your certificate picture, certificate avatar picture, certificate video e-account opening, and face picture information, which is used to realize certificate scanning and live detection services. Related functions will be provided with your authorization to use storage and camera permissions. If you do not grant the authority, it will only affect the use of such functions.(5) ZOLOZ identification SDK. In order to provide e-account opening services to users in Macau, the Bank uses the ZOLOZ identification SDK. If you apply for the services, the SDK needs to obtain your certificate picture, certificate avatar picture, and face picture information, so as to realize ID scanning and live detection services. Relevant functions will be provided with your authorization to use storage and camera permissions. If you do not grant the authority, it will only affect the use of such functions.(6) Bonree SDK (Android): To enhance the stability of the "ICBC Mobile Banking" mobile application, the Bank applies the Bonree SDK, which needs to obtain your Android ID, CPU, device model, mobile phone system version, mobile phone power, network status, partial click record in the application, rough location and other information. This involves reading phone status and accessing coarse location permissions for performance monitoring and optimization of the application such as network requests, crashes, etc.
Bonree SDK (iOS): To enhance the stability of the "ICBC Mobile Banking" mobile application, the Bank applies the Bonree SDK, which needs to obtain your IDFV, CPU, device model, mobile phone system version, mobile phone power, network status, partial click record in the application, rough location and other information for performance monitoring and optimization of the application such as network requests, crashes, etc.
7.3 Exclusions for Grant Authorization
According to relevant laws, regulations, regulatory rules and national standards, in the following circumstances, the Bank is likely to share and make public personal information without soliciting your authorization or consent:
(1) Information directly relating to national security or defense;
(2) Information directly relating to public security, public health and other major public interests;
(3) Information directly relating to criminal detection, prosecution, judgment and execution of judgment;
(4) For the purpose of safeguarding the your or other persons’ life, property and other major legitimate rights and interests, for which personal consent is hard to obtain;
(5) The personal information made public by you;
(6) The personal information collected from the information disclosed to the public according to law, including legal news report, government information and other channels;
(7) Other circumstances related to performance of the obligations set out in laws and regulations.
(6) Bonree SDK (Android): To enhance the stability of the "ICBC Mobile Banking" mobile application, the Bank applies the Bonree SDK, which needs to obtain your Android ID, CPU, device model, mobile phone system version, mobile phone power, network status, partial click record in the application, rough location and other information. This involves reading phone status and accessing coarse location permissions for performance monitoring and optimization of the application such as network requests, crashes, etc.
Bonree SDK (iOS): To enhance the stability of the "ICBC Mobile Banking" mobile application, the Bank applies the Bonree SDK, which needs to obtain your IDFV, CPU, device model, mobile phone system version, mobile phone power, network status, partial click record in the application, rough location and other information for performance monitoring and optimization of the application such as network requests, crashes, etc.

 

VIII. Use of Positioning Information
When you use “ICBC Mobile Banking” services, the Bank will collect your positioning information in order to ensure you use our services normally, safeguard the normal operation of our services, improve our services and protect our accurate security. Such information is sensitive information, which can only be used to provide you with relevant services only if the Bank obtains your authorization. Refusing to provide the information will only make you unable to use positioning-related functions, but will not affect your normal use of other functions of the App.

 

IX. Information Protection for Minors
“ICBC Mobile Banking” provides online financial services to qualified customers in accordance with the laws, regulations and regulatory rules of the corresponding countries/regions on the use of financial services by adults/minors. The Bank strictly protects the personal information of all qualified overseas users, including minors.

 

X. Notification and Modification
In order to provide you with better service, this Protection Policy will also be updated from time to time with business development. However, without your explicit consent, the Bank will not reduce your rights that you should enjoy under this Policy. The Bank will post an update on the website or the App and notify you by means of a website announcement or other appropriate means before the entry into force.

 

XI. How to Contact the Bank
If you have any questions, comments or suggestions about this Protection Policy or your personal information, please use the “Contact Us” function of the client to understand the customer service channels of the Bank, and contact the Bank by calling the customer service of ICBC’s overseas institutions or other means.