in1bank Ltd, ABN 62 627 541 011 (in1bank, we, us or our) recognises that your privacy is very important to you and we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Privacy Act). This Privacy Policy (Policy) applies to personal information we handle about visitors to our website www.in1bank.com.au (Website) or any version or format of in1bank application (Application), and members of the public. It provides information about the Personal information, as defined in the Privacy Act, that we collect, as well as the ways in which we use that Personal information. The Privacy Act defines Personal information as ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether recorded in a material form or not’.

1.Privacy Collection Notice

We collect your personal information for the primary purposes of:

Delivering banking services and customer support.

Complying with regulatory and legal obligations.

Developing, enhancing and marketing our services.

Preventing fraud and meeting AML/CTF obligations.

If certain information is not provided, this may limit our ability to offer you with our services.

2. The types of personal information we collect

The kinds of Personal information that we collect and hold about you depends on the nature of your dealings with us. At present, the types of Personal information we typically collect or store include, but not limited to, the following:

Identity details: name, date of birth, address and occupation.

Contact information: telephone number, email address.

Financial information: bank account details and / or details of debit / credit cards issued by in1bank.

Information required under KYC/AML obligations or any other information required by law.

3. How we collect personal information

We collect Personal information when you voluntarily provide it to us, including:

Directly from you (e.g. account application, webforms, emails, letters and calls)

When you interact with our website or application (cookies, analytics)

From third parties (e.g. credit reporting bodies, identify verification providers); or

Creating or updating your user profile, which includes Personal information such as your name and contact details.

4. Use of Cookies and Analytics

We use cookies and tracking technologies (e.g. Google Analytics, Cloudflare) to:

Under website usage patterns.

Enhance security and performance.

Personalise your experience.

You can manage cookie preferences in your browser setting.

5. Purposes for which we collect and use Personal information

The purposes for which we collect and use your Personal information are to:

Optimise and personalise our Website and Application and deliver content to you;

Operate, maintain, analyse and improve our services;

Develop new features, products and services;

Provide you with information about our products and services;

Communicate with you about new features, services and products that may be relevant or of interest to you;

Respond to queries or complaints;

Prevent fraud and unauthorised activity; and

Comply with our obligations under Australian laws and regulations.

We may also use your personal information to send you alerts and contact you about our goods and services, programs, events, campaigns, functions or news updates that may be relevant or of interest to you. We will, in accordance with The SPAM Act 2003 (Spam Act), give you the option of opting out of receiving promotional and marketing communications when we contact you. Additionally, commercial electronic communications sent by us will contain a functional unsubscribe facility or otherwise allow you to easily opt out of such communications.

6. Storage, protection, retention and deletion of data

As it pertains to the Website and Application, in1bank advises that:

i. Any third-party with whom the Application shares data will provide the same level of data protection as stated within this Policy;

ii. Data will not be retained by in1bank except in connection with carrying on banking business as requested by you, if it is permissible to do so, and records may be requested for deletion at privacy@in1bank.com.au; and

iii. In1bank will regularly delete or cleanse data that is no longer required, is requested for deletion and may be deleted, subject to any legal or regulatory requirements that may otherwise require retention thereof.

7. The circumstances in which we may disclose Personal information

So that we may use your information for the purposes acknowledged above, we may disclose it to external providers of specialised services, (for example, IT or other outsourced service providers). We may also share Personal information internally to our employees, agents or contractors (i.e., within in1bank and its related bodies corporate). We may also disclose your Personal information to regulatory and enforcement agencies (e.g. AUSTRAC, ASIC, APRA and ATO). We may also disclose your Personal information where required to do so by law, including in relation to any legal proceedings or anticipated legal proceedings, or in order to comply with any legal obligation, subpoena request, or to establish and exercise our own legal rights. In the case of credit information, we may transfer, or otherwise disclose our database containing your Personal information to an actual or potential successor entity, purchaser, or investor in connection with a corporate merger, consolidation, sale of our assets or a substantial part of our assets, share sale, investment transaction or other corporate rearrangement. You may withdraw your consent to use or disclose your Personal information at any time by contacting us at the details below. Please note that withdrawing your consent may mean that we are unable to provide you with products, services and ongoing access to our Website and / or Application.

Some disclosures may occur overseas (see Section 8).

8. Do we transfer or disclose any Personal information overseas?

As part of our normal business practices, we do not transfer or disclose any Personal information overseas, so your Personal information shall be stored onshore within Australia in the ordinary course of business. However, your data may be stored or processed by cloud service providers located outside Australia. These providers are contractually required to adhere to Australian privacy laws or equivalent standards. Personal information may be transferred overseas if we transfer or disclose our database of Personal information to an actual or potential successor entity, purchaser or investor of in1bank who is located or has offices overseas. In such circumstances it is not feasible to specify the likely countries in which recipients of information may be located.

9. Storage and security of your Personal information

We implement technical and organisational measures to protect your information from loss, misuse, unauthorised access, alteration or disclosure including:

Encryption of data at rest and in transit.

Access controls and role-based restrictions.

Regulation testing and security audits.

Incident detection and response processes.

We retain personal data for as long as necessary to fulfil legal and business purposes, in accordance with regulatory requirements (e.g. AML/CTF obligations) and subject to retention periods outlined in our internal recordkeeping policies. Data no longer required will be securely destroyed or de-identified unless retention is legally mandated.

10. Access to and correction of your information

Under the Privacy Act, you have the right to:

Ask us to update or correct your Personal information when it is inaccurate, incomplete or out-of-date; and

Seek access to any Personal information that we hold about you.

If any of your details provided have changed or if you believe that any information we hold is inaccurate, please contact us via the details below. You may also request us to provide you with access to the Personal information (information) we hold about you at any time by using the contact details below. We will respond to your access request as soon as possible, however, prior to disclosing any such information it will be necessary for you to satisfactorily verify your identity. There are exceptional circumstances where access to or correction of your Personal information may be refused by us such as where access would be unlawful. We will advise you of such circumstances if they arise.

11. Contact us

If you have any questions or complaints about this Policy or our treatment of your Personal information, or if you would like to access or amend your personal information, please contact us at: complaints@in1bank.com.au. We will endeavour to:

provide an initial response to your query or complaint within 48 hours; and

resolve your query or complaint within 10 business days.

If you are still not satisfied, you can contact:

The Office of the Australian Information Commissioner (OAIC), on: (https://www.oaic.gov.au/about-us/contact-us/ or call 1300 363 992)

The Australian Financial Complaints Authority (AFCA), on: (https://www.afca.org.au/ or call 1800 931 678)

12. Changes to this Policy

This Policy will be reviewed periodically to take account of new or updated legislation and / or changes to our operations. Any information we hold about you will be governed by our most current Policy. We recommend that you periodically review this Policy for any changes.

Disclaimer

The official language of Australia is English. The Chinese translation of the Policy is for your reference and information only and has been prepared to enable you to understand the contents of the Policy in the Chinese language. Whilst every effort has been made to ensure the accuracy of the translation, we cannot guarantee that the translation is error-free and we do not take responsibility for any loss or damage caused by such error. The English version of the material contained within the Policy shall prevail, as shall the jurisdiction of New South Wales, and any dispute or ambiguity is to be resolved in accordance with the English version only.

此中文版本仅供参考。若本文与英文原本有所出入，一切以英文原文为依据。

in1bank Ltd（合壹银行，或称“我们”），澳大利亚公司注册号为62 627 541 011，深刻懂得您的隐私对我们非常重要。 本隐私政策（称“本政策”)适用于我们处理访问我们的网站www.in1bank.com.au（称“网站”）或任何版本或格式的应用程序（称“应用程序”）的访问者和公众的个人信息。根据《1988年隐私法》（称“隐私法”），本政策提供了关于我们收集个人信息以及我们如何使用这些个人信息的信息。 隐私法将个人信息定义为“关于已识别的或可合理识别的个人信息或意见，无论该信息是否真实，也无论是否以实质形式记录”。

1. 隐私信息收集通知

我们收集您的个人信息，主要用于以下目的： 提供银行服务和客户支持； 遵守监管和法律义务； 开发、优化及推广我们的服务； 防范欺诈行为并履行反洗钱/反恐融资义务。 如果您未能提供某些信息，我们可能无法向您提供相应服务。

2. 我们收集的个人信息的种类

我们收集和保存的有关您个人信息的种类取决于您与我们的业务性质。 目前，我们收集的个人信息，包括但不限于：

身份信息：姓名、出生日期、地址和职业。

联系信息：电话号码、电子邮箱地址。

财务信息：银行账户详情和/或由合壹银行发行的借记卡/信用卡信息。

根据客户身份识别（KYC）/反洗钱（AML）义务或其他法律要求提供的信息。

3. 我们如何收集个人信息

我们收集您自愿提供给我们的个人信息，包括:

直接由您提供（例如：账户申请、网页表单、电子邮件、信件和电话）

当您使用我们的网站或应用程序时（例如通过 cookies 和分析工具）

来自第三方（例如：信用评估机构、身份验证服务提供商）

在创建或更新您的用户档案时，包括您的姓名和联系方式等个人信息

4. Cookie 和分析工具的使用

我们使用 Cookie 和跟踪技术（例如 Google Analytics、Cloudflare）来：

了解网站的使用模式；

提升安全性和性能；

个性化您的使用体验。

您可以在浏览器设置中管理 Cookie 偏好。

5. 我们收集和使用个人信息的目的

我们收集和使用您的个人信息的目的是:

优化和个性化我们的网站和应用程序，并为您提供合适的内容;

运营、维护、分析并优化我们的服务；

开发新功能、产品和服务;

向您提供关于我们产品和服务的信息;

告知您可能感兴趣或与您相关的新功能、新服务及新产品;

回应咨询或投诉；

防范欺诈和未授权行为；

履行澳大利亚法律规定我们的义务。

我们还可能使用您的个人信息向您发送消息，并就可能与您相关或您可能感兴趣的产品和服务、程序、事件、活动、功能或新闻与您联系。我们将根据《2003年反垃圾邮件法》，在与您联系时，为您提供拒绝接收促销和营销信息的选项。此外，我们发送的商业电子通信将包含一个退订功能，或以其它方式使您可以轻松地选择退订此类信息。

6. 数据的存储、保护、保留和删除

就网站和应用程序而言，我们建议:

一、与应用程序共享数据的任何第三方将提供与本政策中所述相同级别的数据保护；

二、如果允许的话，除非您要求进行银行业务，您可以通过privacy@in1bank.com.au要求删除记录，合壹银行不会保留您的资料；

三、我们将定期删除或清理我们不再需要、被要求删除和可能被删除的数据，并将遵守任何可能要求保留这些数据的任何法律或监管要求。

7.我们可能披露您的个人信息的情形

我们可能会将您的个人信息披露给提供专业服务的外部供应商（例如IT或其他外包服务的供应商）以便我们可以将您的信息用于上述目的。 我们也可能在内部向我们的员工、代理或承包商（即合壹银行与其关联机构之内）共享您的个人信息。 此外，我们可能会向监管和执法机构披露您的个人信息（例如澳大利亚交易报告与分析中心AUSTRAC、澳大利亚证券投资委员会ASIC、澳大利亚审慎监管局APRA及澳大利亚税务局ATO）。 我们也可能在法律要求的情况下披露您的个人信息，包括任何与法律诉讼或预期的法律诉讼相关的信息。或者，我们也可能为了履行任何法律义务、专票要求或为了建立和行使我们自己的法律权利而披露您的个人信息。 在信用信息方面，我们可能在企业合并兼并、出售我们的全部或大部分资产、股票销售、投资交易或者其他公司重组过程中转让含有您个人信息的我们的数据库给一个实际的或者潜在的继任者实体、购买者或者投资者。 您可以随时通过以下联络方式与我们联系，撤回我们使用或披露您的个人信息的同意。请注意，撤回您的同意可能意味着我们无法向您提供产品、服务和我们网站和/或应用程序的访问。

部分披露可能发生在海外（详见第8节）。

8. 我们是否向海外转移或披露您的个人信息?

作为我们正常商业惯例的一部分，我们不会向海外转移或披露您的任何个人信息，以确保您的个人信息将在正常业务过程中存储在澳大利亚境内。但是，您的数据可能会由位于澳大利亚境外的云服务提供商存储或处理。这些提供商在合同中被要求遵守澳大利亚隐私法或同等标准。如果我们将我们的个人信息数据库转让或披露给在海外的或在海外设有办事处的合壹银行的实际的或潜在的继任者实体、购买者或投资者，您的个人信息可能会被转移到海外。在这种情况下，我们目前无法具体说明可能接收信息的国家。

9. 您个人信息的储存和安全

我们采取一切合理的预防措施保护您的信息不被滥用、干扰、丢失、未经授权地访问、修改或泄露，包括：

静态数据加密和数据传输过程中的加密；

访问权限管理与控制；

定期安全审计；

安全事件检测与响应流程。

我们会根据监管要求（例如反洗钱/反恐融资义务）及内部档案管理政策规定的保存期限，保留个人数据，以满足法律和业务需求。对于不再需要的数据，将予以安全销毁或去标识化，除非法律另有规定必须保存。

10. 查阅及修正您的信息

根据隐私法，您有权:

当个人信息不准确、不完整或过期时，您可以要求我们更新或更正;

获取我们掌握的有关您的任何个人信息。

如果您提供的信息发生了任何变化，或者您认为我们所持有的信息不准确，请通过以下联络方式与我们联系。 您也可以要求我们通过以下联络方式向您提供我们随时掌握的您的个人信息。我们将尽快回复您的要求。然而，在向您提供任何此类信息之前，我们有必要对您的身份进行验证。 在某些特殊情况下，我们可能会拒绝您查阅或更正您的个人信息的要求。例如，在某些情况下，查阅您的个人信息是非法的。如果出现这种情况，我们将通知你。

11. 联系我们

如果您对本政策或我们对您个人信息的处理有任何疑问及投诉，或您想查阅或修改您的个人信息，请联系发送电子邮件至complaints@in1bank.com.au。 我们将尽力:

在48小时内对您的查询或投诉提供初步答复;

在10个工作日内解决您的查询或投诉。

如您仍不满意，可联络:

澳大利亚信息专员办公室（OAIC） （https://www.oaic.gov.au/about-us/contact-us/或致电1300 363 992）。

澳大利亚金融投诉管理局（AFCA） (https://www.afca.org.au/ or call 1800 931 678 或致电 1800 931 678)。

12. 本政策的变更

本政策将定期进行审查，以反映新的或更新的法律法规和/或我们业务的变化。我们持有的任何关于您的信息将受最新版政策的约束。我们建议您定期查阅本政策，以了解可能的变更。

免责声明

澳大利亚的官方语言是英文。本政策的中文翻译仅供您为参考资料使用，目的是为了使您更明确本政策内容的中文意思。我们尽可能地确保该翻译内容的准确性，但不保证该翻译内容无任何错误，并且对于该错误所造成的任何损失或损害，我们不予承担责任。本政策以英文版本为准，以及新南威尔士州的管辖权，任何争议或歧义应仅遵照英文版本进行处理解决。