Welcome to Ksher! Ksher (Hong Kong) Co., Limited and its affiliates (“Ksher” or “we”) thank you for the your trust in providing your personal information. It is our bounden obligation to protect the security of your personal information, and we will provide adequate assurance for the security of your personal information as required by laws and regulations. To that end, we have developed the Ksher Privacy Policy (the “Policy”) to help you fully understand how we collect, use, share, store and protect your personal information when you use our products and services, and how you can manage your personal information for the purpose of making appropriate choices.

Before you start to use our products and services, it is kindly requested that you carefully read and understand the Policy so as to ensure that you fully understand and agree before you start to use our products and services.

In addition to this Policy, in specific situations, we will also inform you of the purpose, scope and usage of relevant information by means of immediate notice (including pop-up window, page reminder, etc.) and function update description. Such immediate notice and function update description shall constitute part of this Policy and shall have the same effect as this Policy. We will try to explain to you the technical terms used in this Policy by plain and concise words so that you can understand. Should you have any questions, comments or suggestions concerning the content of this Policy, you may contact us at the contact information at the bottom of Section 10 of this Policy.

By agreeing to this Policy, you represent that you understand the functions that Ksher provides and the personal information necessary to operate those functions. When you use Ksher, Ksher may process relevant information in order to carry out the functions and services that you choose to use or to comply with the requirements of laws and regulations. You may refuse to allow Ksher to process information other than that required to carry out the basic Ksher functions and services or that necessary to comply with the requirements of laws and regulations. This may prevent Ksher from providing the corresponding functions and services.

This Policy will help you to understand:

1.Scope of Application

2.How we collect and use your information

3.The use of cookies and similar technologies

4.How we keep and protect your personal information

5.How do we share, transfer and publicly disclose your personal information

6.How you exercise your rights to manage personal information

7.How we handle minors' personal information

8.How your personal information is transferred globally

9.Updates to this Policy

10.Contact us

1.Scope of Application

“Ksher” mentioned herein means the Ksher website, the Ksher client, the Ksher software development kit (SDK), application programming interfaces (API) and applets marked with the name “Ksher”, which are legally owned and operated by Ksher, as well as various products and services offered to you based on new forms of technology that emerge with the development of technology (collectively, “Ksher”). Actual functionality may vary slightly between versions of Ksher, but in the absence of a separate privacy policy for each version, we will follow this policy in collecting and processing your personal information. In the event that the related version of Ksher has a separate privacy policy, then the privacy policy of the related version is also applicable at the same time. Where there is any discrepancy between this Policy and the policy of the related version, the privacy policy of the related version shall prevail. Some queries and action paths may not be consistent between Ksher and the associated versions, depending on the situation.

Other than the relevant information collection and use activities described herein, this Policy does not apply to any other service provided to you by any third party. Such other service shall be governed by the rules for collection and use of personal information separately explained to you by such third party.

2.How We Collect and Use Your Information

We will collect and use your personal information, provided by you in the course of or as a result of your use of Ksher, or obtained from third parties with your authorization, to meet your needs for using Ksher, to communicate with you, and to improve or optimize our products or services, in accordance with the principles of legality, justification and necessity and for the following purposes as described in this Policy. With the development of our business, the products and services we provide may be adjusted and changed. If we intend to use your information for any purposes other than those described in this Policy, or for any purposes other than those we have collected for a specific purpose, we will notify you in a reasonable manner and obtain your consent again before using your information, unless there is a lawful basis or justification for other processing of your information. Please note that, some information you provide cannot identify you alone or is not your personal information. Only when the information you provide is used together with other information of yours and accurately identifies you, will we process and protect such information in accordance with this Privacy Policy during the period of combined use.

2.1.Scenarios for Information Collection

(1)Registration and Login

When you register as a Ksher user or use the Ksher Services, you are required to provide your mobile phone number and email address. We collect this information to create and manage your Ksher account for identification and verification; to secure your account against unauthorized access; to provide a personalized Ksher Service experience; to send important account notifications, such as security alerts, service updates, etc.; and to fulfill your real-name obligations as required by laws and regulations. If you do not provide this information, we will not be able to create your Ksher account and you will not be able to use our Services.

(2)Merchant Real-name Authentication

In order to use Ksher's payment services, you are required to complete a real-name authentication process based on the type of merchant you are. The information we need to collect according to the type of merchant is as follows:

• Corporate merchant

When you apply for real-name authentication as a corporate merchant, we need to collect the following information:

1)Corporate basic information: Business license/registration certificate, corporate name, corporate uniform credit code/registration number, corporate registration time, corporate expiration time, corporate registration detailed address, corporate operation detailed address.

2)Corporate related legal person/director information: Name of legal person/director, region/country where legal person/director is located, type of identity document of legal person/director, photo of legal person/director's identity document, number of legal person/director's identity document, validity of legal person/director's identity document, address of legal person/director.

3)Corporate related ultimate beneficiary information: Name of beneficiary, region/country where the beneficiary is located, type of identity document of the beneficiary, identity document number of the beneficiary, date of birth of the beneficiary, address of the beneficiary, and validity of the identity document of the beneficiary.

4)Business operation information: the nature of enterprises' business, the type of main business, the main trading countries and the annual turnover of the enterprises.

5)Authorized applicant information: Name of the applicant, region/country where the applicant is located, type of identity document of the applicant, photo of the applicant's identity document, number of the applicant's identity document, date of birth of the applicant, address of the applicant, validity of the applicant's identity document, and face verification of the applicant.

• Individual business

When you apply for real-name authentication as an individual business, we need to collect the following information:

1)Corporate basic information: Business license/registration certificate, corporate name, corporate uniform credit code/registration number, corporate registration time, corporate expiration time, detailed registration address, and detailed business address.

2)Business operation information: the nature of enterprises' business, the type of main business, the main trading countries and the annual turnover of the enterprises.

3)Operator information: name, photo, identity number, date of birth, address and the validity of the identity of the operator.

• Individual business merchant

When you apply for real-name authentication as an individual business, we need to collect the following information:

1)Personal basic information: Personal employment, name, photo, identity document number, date of birth, address and the validity of the identity document.

2)Business operation information: annual transaction volume and business term.

We collect the above real-name authentication information of merchants to verify your identity information and ensure its authenticity and accuracy, to perform the obligations required by the laws and regulations concerning anti-money laundering and anti-terrorism financing, to evaluate and manage potential business risks, to grant relevant payment service and account authorization for you, to ensure transaction security and prevent fraud, to provide customized services that meet your business needs, to establish and maintain business relationship with you, to conduct necessary background investigation and due diligence. If you fail to provide this information, we will not be able to complete real-name authentication for you, and you will not be able to use our payment service.

(3)Transaction information

When you use Ksher to conduct transactions, we will collect the trade order information, logistics document information and fictitious account entering information.

We collect this information to: verify the relationship of your entries and trade orders; provide trade documents to issuers for you for import and export of funds; process and execute your payment transactions; verify the legality and authenticity of transactions; comply with relevant laws and regulations concerning customs and tax; monitor transactions to prevent money laundering and other illegal activities; provide transaction recording and financial management services. If you fail to provide this information, we will not be able to process the relevant transactions or provide corresponding services for you.

(4)Withdrawal/Payment

When you withdraw or pay cash through Ksher, we need to collect the beneficiary's name, beneficiary's document number and beneficiary's bank card. We collect this information to: (1) examine and verify the consistency of the amount of your income and the beneficiary account number provided by you, verify the accuracy and consistency of the beneficiary account number to avoid wrong binding, provide you with the beneficiary account number to the bank or issuing institution for payment, conduct safe funds transfer operation, prevent wrong operations and fraud, comply with relevant financial regulations and bank requirements, provide fast and convenient funds settlement service, record and track funds to meet the audit requirements. If you fail to provide this information, we will not be able to process any withdrawal or payment for you.

2.2.Processing personal information according to laws

In accordance with relevant laws, regulations and national standards, we may legally process your personal information under the following circumstances:

(1)Obtaining your consent;

(2)Necessary for the execution and performance of a contract according to your requirements;

(3)Necessary for the performance of statutory obligations, such as information required by relevant laws and regulations concerning anti-money laundering, counter- terrorist financing, anti-telecommunication and internet fraud, real-name management, etc;

(4)Directly related to national security and the security of national defense;

(5)Necessary in response to any public health emergency or in case of emergency, in order to protect the life, health and property of any natural person;

(6)Where the transfer is directly related to criminal investigation, prosecution, trial and execution of judgments;

(7)The personal information collected is disclosed by you on your own;

(8)Personal information collected from legally and publicly disclosed information, such as legal news reporting, government information disclosure or other channels;

(9)Information necessary for maintaining the safe and stable operation of services provided, for example, to identify and handle the malfunction of products or services;

(10)Other circumstances provided by laws and regulations.

Please note that, if your personal information processing falls within the circumstances set forth in (2) to (10) above, we may not be required to obtain your consent in accordance with applicable laws and regulations.

2.3.Authority

In order to provide its services to you, Ksher may be required to apply to you for certain authorities to the extent necessary. Please rest assured that such authorities will not be turned on by default. Ksher may collect your information through these authorities only if you actively confirm to turn on such authorities and will only be used in the necessary scenarios explained to you. It should be noted that, a specific authority available to Ksher does not mean that Ksher necessarily collects relevant information about you. Even if you have confirmed to turn on the authority, Ksher will only collect relevant information about you to the extent lawful, justified and necessary. If you choose not to turn on this authority, this may result in your inability to use certain functions to which this authority relates and will not affect your ability to use other services provided by Ksher.

3.Use of cookies and similar technologies

Cookies, device information identifiers and other similar technologies are commonly used on the Internet. When you use Ksher or related services, we may use technology to send one or more cookies or anonymous identifiers to your device, in order to collect and identify information about your access to, and use of, our products. We undertake not to use cookies for any purposes other than those described in this Policy. We use cookies and similar technologies primarily to make it easier for you to use our products and services, to ensure our products and services are secure and function efficiently, to improve login and response speed and to help provide you with an easier access experience. If you use Ksher on the web, most browsers offer the ability to clear the browser's cache of data. You may clear your cookie data from your browser settings. However, you may not be able to use any cookie -dependent functions or services we provide after you clear your cookie.

4.HOW WE STORE AND PROTECT YOUR PERSONAL INFORMATION

4.1.RETENTION PERIOD

During any time you use the Service, we will retain your personal information for such period of time as is necessary to achieve the purposes described in this Policy (except as required or permitted by law to extend such retention period or as permitted by law). If it is necessary to delete personal information, you may contact us in the contact details set forth in Section 10 of this Policy. Furthermore, unless expressly required by law or regulation, we may delete or anonymize your personal information after the retention period has expired.

The criteria that we apply to determine our retention period are as follows:

(1)The period during which we maintain a relationship with you, provide you Ksher products and services (e.g., as long as you have a Ksher account or continue to use Ksher products);

(2)Whether the account owner has modified, or a user has deleted, information through their account;

(3)Whether we have a legal obligation to retain data (for example, certain laws require us to retain your transaction records for a period of time before they can be deleted); or

(4)Whether a retention requirement should be recommended from our legal standpoint (e.g. in relation to enforcement of our agreements, dispute resolution, limitation period, litigation or regulatory investigation).

4.2.TERRITORY OF RETENTION

In principle, the personal information that we collect and generate will be stored in Hong Kong. If we need to transfer your personal information to Ksher Affiliates located outside of Hong Kong, we will process and implement such information in accordance with "8. How Your Personal Information is Transferred Globally".

4.3.SECURITY MEASURES

We take the security of your information very seriously, and are committed not only to following current information security standards, but also to ensuring that our security measures are always at the forefront of the industry. To ensure the security of your data we have implemented a number of sophisticated security techniques, including, but not limited to, encrypted transmission, secure storage, firewall protection and regular security vulnerability scans. In addition to these technical measures, we have also implemented supporting management systems to enhance the security of information, ensure that our employees are trained in data protection, and that all data processing and storage processes are rigorously reviewed and improved. We fully recognize that no system can be completely invulnerable, so we are continuously committed to identifying and managing possible risks and taking preventive measures to reduce the risk of your information being leaked, destroyed, misused, unauthorized accessed, unauthorized disclosed or altered. If a security incident does unfortunately occur, we have clear processes and response mechanisms to address the issue, including promptly notifying affected users, fixing security vulnerabilities and taking measures to prevent similar incidents in the future.

(1)We collect and use your information in accordance with proven security standards and practices, and inform you of the purpose and extent of the use of relevant information through our User Agreement and Privacy Policy.

(2)Our network services adopt encryption technology such as Transport Security Protocol (TSP) to ensure the security of your data in transit.

(3)Your personal information is stored encrypted through the use of encryption technology and segregated through isolation technology.

(4)When personal information is used, such as personal information presentation, personal information associated computing, we adopt a variety of data desensitization technologies, including content replacement, encryption desensitization and so on, to enhance the security of personal information in use.

(5)We shall establish strict data use and access policies. We use strict data access control and multiple identity authentication technology to protect personal information to avoid illegal use of data. We shall verify the identity and control the access rights of our employees who are authorized to access personal information, and sign confidentiality agreements with them to ensure that only authorized personnel have access to personal information.

The Internet is not an absolutely secure environment. Even though we have made every effort to strengthen security protection measures, we cannot always guarantee the absolute security of information. Please understand that, your use of our products and services may be subject to malicious attacks and security issues beyond our control.

4.4.Your Cooperation

Although we have taken the reasonable and effective measures and followed the standards required by applicable law, we cannot guarantee the security of your personal information when it is communicated through insecure means. Therefore, you shall take active measures to protect the security of your personal information, such as setting up complex passwords, changing your account and password regularly, not disclosing your account and password to others, and assist us in keeping your account and personal information safe.

4.5.Handling of Information Security Incidents

We formulate contingency plans for cyber security incidents. In the event of any unfortunate personal information security incident, we will immediately initiate contingency plans and convene members of emergency cyber security response teams, trace the causes and reduce losses in the shortest possible time, and report the same to the corresponding competent authority for the record in accordance with provisions. Meanwhile, we will, by platform notice, text message notice, telephone, email and other contact information you reserve, inform you of the basic information and possible impact of the security incident, the actions we have taken or will take in response to the incident, suggestions for prevention and reduction of risks on your own, and remedial measures to be taken in accordance with the requirements of the laws and regulations in time. Where it is difficult to inform you one by one, we will take reasonable and effective measures to publish an announcement thereon.

5.How do we share, transfer and publicly disclose your personal information

5.1.Application programming interface (API)

In order to ensure the safe and stable operation of our products and services or implement the relevant functionality, Ksher may include application programming interfaces (APIs), which, for example, may collect or process your personal information when you use the products and services implemented with the support of such APIs. We perform security examination and assessment on third party APIs and strictly comply with applicable laws, rules and regulatory requirements to protect data security. In order to ensure the maximum security of your information, third parties will undertake their own obligations and responsibilities related to your personal information in accordance with their privacy terms and personal information protection policy. This policy shall not apply to your active login or a jump to the products or services used by third parties. We are not responsible for how third parties’ products or services collect, use or process your personal information.

5.2.Sharing

We will not share your personal information with any companies, organizations or individuals other than Ksher or its affiliates, except in the cases where:

(1)Express authorization or consent has been obtained from you or your supervisor;

(2)The information is required to be disclosed by judicial or administrative authorities based on legal procedures;

(3)Lodging a lawsuit or arbitration against the User to safeguard our lawful rights and interests;

(4)In accordance with the relevant service agreement and use rules between you and Ksher;

(5)To the extent permitted by laws and regulations, to protect Ksher and its affiliates, the users of the Service and the public interest from any damage;

(6)In compliance with the relevant agreement between you and other third parties;

(7)Used based on academic research.

5.3.Transfer

We will not transfer your personal information to any companies, organizations or individuals other than affiliates, except in the cases where:

(1)Your express authorization or consent has been obtained in advance;

(2)Compliance with the requirements of laws, regulations, legal procedures, or mandatory government requirements or judicial rulings;

(3)If we or any of our affiliates are involved in any merger, division, liquidation, or acquisition or sale of assets or business, your personal information may be transferred as part of such transaction. We will ensure that such information is kept confidential during such transfer and will, to the greatest extent possible, ensure that any new company or organization holding your personal information continues to be bound by this Privacy Policy. Otherwise we will require such company or organization to obtain your authorization from you again.

5.4.Public Disclosure

We will publicly disclose your personal information only under the following circumstances:

(1)Your express consent has been obtained;

(2)Based on laws, regulations, legal procedures, litigation or mandatory requirements of competent government authorities.

5.5.Exceptions to prior consent obtained for sharing, transfer and public disclosure of personal information

In the following circumstances, no prior authorization or consent from the subject of personal information is required to share, transfer and public disclosure of personal information:

(1)Directly related to national security and national defence security;

(2)Directly related to public security, public health and significant public interest;

(3)Directly related to criminal investigation, prosecution, trial, execution of judgments, etc.; or

(4)Disclosure of personal information due to protection of significant legitimate rights and interests such as the life and property of the subject of personal information or other individuals but difficult to obtain the consent of such individuals;

(5)Personal information disclosed to the public by the subject of personal information itself;

(6)Collection of personal information from legally and publicly disclosed information, such as legal news reports, government information disclosure and other channels.

6.How you exercise your rights to manage personal information

6.1.In accordance with applicable laws, regulations and standards, we guarantee that you exercise the following rights in relation to your personal information:

(1)Access your personal information

(2)Correct your personal account information

(3)Change the scope of your consent granted or revoke your consent

(4)Deleting your personal information

If we process your personal information in violation of the law or regulation or if we collect or use your personal information without your consent or if you cancel your account because you no longer use our products or services and you need to delete your personal information, you may request to delete your personal information by contacting us at any time using the contact information stated in Section 10 of this Policy. We will respond to your request within 15 business days. After deleting your personal information, we will no longer use such data. However, we may not be able to delete immediately, but store or back up such data for such period of time as may be necessary to comply with relevant laws, policies or requirements or to protect the integrity of data necessary to the proper functioning of the services. We may delete such data promptly thereafter.

(5)Closing your account

You have the right to close your Ksher account. You may also contact us at the contact information set forth in Section 10 of this Policy. We will respond to your log-out request by deleting your personal information under the account linked to your registered mobile phone number or email address within 15 business days after verifying your identity information.

(6)Obtaining copies of personal information

You have the right to obtain a copy of your personal information by contacting us using the contact information stated in Section 10 of this Policy.

(7)Constraining information system automated decision making

In certain business functions, we may make decisions solely based on information systems, algorithms and other decision-making, instead of manual automated decision -making mechanisms. If these decisions significantly affect your legitimate rights or interests, you have the right to seek explanations or amendments from us, and we will provide appropriate remedies.

(8)Responding to your requests above

For security purposes, you may be required to provide a written request or otherwise identify yourself. We may ask you to verify your identity before we process your request.

We will respond within 15 business days.

We will not charge a fee for your reasonable requests. We may refuse requests if they are gratuitously repetitive, technically demanding (for example, if they require the development of a new system or a fundamental change in existing practice), put others’ legitimate interests at risk, or are impractical (for example, if they involve the provision of information on backup tapes).

According to the requirements of the laws and regulations, we will not be able to respond to a request if:

①The request relates to the personal information controller’s performance of the obligations stipulated by laws and regulations;

②The request directly relates to the national security and national defense security;

③The request directly relates to public security, public health and vital public interests;

④The request directly relates to criminal investigation, prosecution, trial and enforcement of judgment, etc.;

⑤The controller of personal information has sufficient evidence to prove that the subject of personal information has subjective malice or abuses rights;

⑥The request aims to protect important legitimate rights and interests of the subject of personal information or the life, property and other individuals, but the individuals’ consent is difficult to obtain;

⑦Responding to the request of the subject of personal information will lead to serious damage to the legitimate rights and interests of the subject of personal information or other individuals or organizations; and

⑧The request relates to trade secrets.

This Policy does not, and is not intended to, create, extend or modify the rights of data subjects and consumers or the obligations of Ksher in any jurisdiction, except to the extent otherwise provided by applicable data privacy law.

7.How we deal with the personal information of minors

As we provide our products and services to adults only, if you are a minor under the laws of your home country or region, we ask that you stop using Ksher immediately. If the guardian has reason to believe that personal information has been collected without the consent of the guardian, please contact us and we will delete the relevant data at your request as soon as possible.

8.How is your personal information transferred globally

Ksher is a global business headquartered in Hong Kong. Ksher and Ksher Affiliates provide their products and services from resources and servers located throughout the world. This means that your personal information may be transferred to, or accessed from, offshore jurisdictions other than the countries/regions where you use products or services in accordance with the requirements of laws and regulations.

When required, in order to provide the Ksher services to you and to the extent permitted by applicable laws and regulations, we will transfer your personal information from the place where your account is registered to Ksher Affiliates located in other countries or regions based on data minimization principles.

9.Updates to this Policy

We may change this Policy from time to time. We will not impair any of your entitlements under this Policy without your explicit consent. We will post any changes we make to this policy on this page. For significant changes, we will notify you by one or more of such means as push notice, pop-up window and email, and will seek your consent again.

Significant changes referred to in this Policy include but are not limited to:

9.1.Significant changes in our service model. For example, the purpose of handling personal information, the type of personal information handled and the method of use of personal information, etc.;

9.2.We have undergone significant changes in the ownership structure and organizational structure. For example, change in ownership that is caused by business adjustment, bankruptcy, merger and acquisition, etc.;

9.3.Changes in the main object of personal information sharing, transfer or public disclosure;

9.4.Significant changes in your rights to participate in the processing of personal information and the forms and methods of such participation;

9.5.Changes in our department in charge of personal information security, contact information or complaint channels;

9.6.Personal information security impact assessment report indicates that there is a high risk.

If you click "agree" and continue to use the Service after we have updated this Policy, you agree to this Policy (including the updated version) and to us to collect, use, keep, disclose and transfer your relevant information in accordance with this Policy.

10.CONTACT US

10.1.If you have any question, comment or suggestion concerning this Policy or our services, you may contact us in the following ways:

(1)You can contact us through "Contact Us" in Ksher;

(2)We have a personal information protection specialist who may be contacted at:

Email: service@ksher.com;

Phone: 852- 92377683

10.2.We will require proof of your identity, valid contact information, written request and other relevant evidence in order to ensure our efficient processing of your inquiry and timely feedback to you. We will process your request within 15 business days of verifying your identity.

Effective Date:    11 April 2025

Last Updated:    7 April 2025