Updated: July 20, 2022
Effective: July 20, 2022

We, Jia Finance Inc. (hereinafter “we” or “Jia Finance”), understand the importance of your privacy. We strive to ensure the safety of your Personal Information. We are committed to maintaining your trust in us and protecting your Personal Information by adhering to the following principles: the principle of consistent rights and responsibilities, the principle of clear purpose for our actions and practices, the principle of choice by consent, the principle of efficiency, the principle of ensuring security, the principle of participation by data subjects, and the principle of openness and transparency. At the same time, we dedicated to take appropriate security measures to safeguard your Personal Information in accordance with the industry’s proven safety standards. This Privacy Policy explains how we collect, use and share Personal Information on our own website and mobile applications (including applications/applets hosted by third party providers), through our provision of relevant services (collectively, the “services”), or through your use of our services.

Please carefully read this Privacy Policy and gain an understanding before using our products or services. In particular, please pay extra attention to the emboldened and highlighted terms, and make sure that you fully understand and agree to them before you begin using our products or services. By continuing to use the services, you agree to the terms of this Privacy Policy and to the collection, use, disclosure, and storage of your Personal Information as described herein. If you have any questions, comments, or suggestions regarding the content of this Policy, you may contact us via the contact methods provided by Jia Finance.

Particularly, we would like to bring to your attention that this Privacy Policy is common to all our products and/or services. When you use any of our products and/or services, this Privacy Policy applies regardless of whether the products and/or services contains separate privacy provisions, or whether you are a browsing user (guest) or a registered login user. However, please note that this Privacy Policy does not apply in the following situations:

• (1) Information collection/processing practices by third parties who provide advertising services for our products and/or services.
  
  
• (2) Our products and/or services may contain or link to information and/or services provided by third parties (including any third-party applications, websites, products, services, etc.). These components of information and/or services are operated by third parties, and your use of such information and/or services is not related to our products and/or services. We hereby kindly remind you that when you use such third-party information and/or services, you should pay attention and carefully read the relevant user agreements and privacy policies displayed to you by such third parties, and store and provide your Personal Information with caution. This Privacy Policy applies only to your Personal Information collected by us and does not apply to the collection of your Personal Information by any third party, nor the services provided by any third party, nor the rules for the use of information by third parties. We will not be liable for any collection, storage and use of your Personal Information by third parties to the extent permitted by law.
  
  
• (3) Other products and/or services not provided to you by Jia Finance.

Please click on the links below to obtain more information on relevant parts of this Privacy Policy.

The types of Personal Information we need/may need to collect and use about you in connection with your use of our products and/or services include:

• 1. To achieve the basic functions of our products and/or services provided to you, you must authorize us to collect and use certain necessary information. If you refuse to provide relevant information, you will not be able to properly use our products and/or services, as well as our basic business functions, including user registration services, real name authentication, mortgage rate inquiries, and security operations.
  
  
• 2. To provide you with additional features of our products and/or services, you may choose to authorize other forms of information that we collect and use. If you refuse to provide authorization, you will not be able to use certain additional features properly or to achieve the functions we intend to achieve, but this will not affect your normal use of the basic features of our products and/or services.

You understand and agree that:

• 1. We are committed to creating a wide range of products and services to meet your needs. Due to the variety of products and services we provide to you and the differences in the scope of specific products/services that different users choose to use, accordingly, the basic/additional features and the type and scope of Personal Information collected and used may differ, so please refer to the specific product/service features.
  
  
• 2. Please understand that, as our business develops, there may be adjustments and changes to the functions and services provided by Jia Finance. In principle, when a new function or service is related to the function or service we currently provide, the Personal Information collected and used will be directly or reasonably related to the original purpose of processing. In scenarios where there is no direct or reasonable connection to the original purpose of processing, we will again inform you and obtain your consent for the collection and use of your Personal Information. When doing so, we will explain to you the purpose and scope of collection of relevant information as well as ways of use by updating this Privacy Policy, providing you with pop-up windows, page prompts, and/or notification through other means. We will also provide you with the means to choose the way you give consent, and then collect and use information with your express consent.
  
  In this process, if you have any questions, comments, or suggestions, you can contact us via the contact information in Section XI. We will answer as soon as possible.

For the purposes of this Privacy Policy, we will only collect and use your Personal Information for the following core business functions. If you do not provide the relevant information, you will not be able to enjoy the products and/ or services we offer.

• We provide you with basic user services through your Jia Finance account. To register as a user and use our basic services, you will need to provide your cell phone number, proposed username and password to create a Jia Finance account. If you only need to use the browsing and search services, you do not need to register as a user and provide the above information.
  
  
• For services that require a Murray Home account to access, we may verify your user identity based on the information you provide above to ensure that we are providing the service to you personally.
  
  
• If you choose to use SMS verification codes to log in, you authorize and agree to our invoking your SMS receiving and processing functions to send you SMS messages to verify your identity.
  
  
• When you use a third party platform account (e.g. WeChat) to log in to Jia Finance, you need to authorize Jia Finance to read and share the public information that you have published and recorded on that third party platform (including one or more types of information such as your nickname, avatar, region, gender, and contact email), within the permission of relevant laws and regulations, in order to bind your third party account to your Jia Finance account and to remember your Jia Finance user login identity.

• When you use the function of identity authentication or related services, in accordance with relevant laws and regulations, you may need to provide your real identity information (real name, ID card number, telephone number, e-mail address) to complete the real name verification. Such information may involve Sensitive Personal Information, for which we will separately explain to you the purpose, scope and use of the corresponding information by means of pop-up windows, page prompts, etc., and provide you with the means to independently choosing to give consent. We collect and use such information after obtaining your express consent. You may refuse to provide information. If you refuse, you may not be able to access the relevant services, but it will not affect the normal use of other functions and services.

• When you use the mortgage interest rate search, we will collect information provided by you, including property information, location information, asset information, etc. This information may involve Sensitive Personal Information, for which we will separately explain to you the purpose, scope and use of the corresponding information by means of pop-up windows, page prompts, etc., and provide you with the means to independently choosing to give consent. We collect and use such information after obtaining your express consent. You may refuse to provide information. If you refuse, you may not be able to access the relevant services, but it will not affect the normal use of other functions and services.
  
  
• When you use the human service function, we will request identification and ask you to authorize camera and photo permissions. If you refuse to provide authorization, you will not be able to use this feature, but it will not affect your normal use of other features of Jia Finance.
  
  
• With your authorization, we may obtain your phone status including Unique Device Identifier (unique ID or UUID) and identity, memory card contents, external storage space, system settings to provide real-time push message and notification functions, and information related to the location of the Equipment. Most cell phone terminal manufacturers currently support the change of Equipment identifier to ensure your independent control of Personal Information. The specific withdrawal or change methods can be found in the description of the Equipment you are using.

• We are committed to providing a safe and reliable product and use environment for you. Providing quality and reliable service and information is our core objective. The information collected to achieve these safety functions is necessary information.
  
  
• To ensure the safe operation of our software and services, we collect your hardware model, operating system version number, IMDI, Unique Device Identifier, network device hardware address, IP Address, WLAN access point information, and phone status, including obtaining IMEI, Bluetooth, base station, software version number, network access method, type, status, network quality data, operation, usage, and Server Logs.
  
  
• To prevent malicious programs and ensure security operations, we may use third-party SDKs, including Umeng and Tencent Bugly, to collect information on installed applications or running processes, overall application operation, usage and frequency, application crashes, overall installation and usage, performance data, and application sources. For the identity of the relevant third party and the purpose of information collection practices, etc., please refer to the description of the third party SDK in Annex I.
  
  
• We may use your account information, Equipment information, Server Logs, and information that our affiliates and partners have been authorized or are legally allowed to share for the purpose of determining account security, authenticating, detecting, and preventing security incidents.

We may send marketing communications and information about products and services that we think may be of interest to you directly to the email address you have used to register. You may contact us through the contact information in Section XI, and it is up to you to opt out of any future marketing communications from us.

To provide you with Jia Finance products and/or services, we may need to use the system permissions in your Equipment to collect relevant Personal Information. This part of the Privacy Policy summarizes all the system permissions that we cover in Section I(I) to facilitate a more systematic, complete and transparent presentation to you. We will prompt you in a pop-up window when you use a relevant service in order to ask whether you want to enable the corresponding permission. You can check the status of each of these permissions in your Equipment settings and decide for yourself whether to turn them on or off at any time. Please note that by turning on any permission, you authorize us to collect and use the relevant Personal Information to provide you with the corresponding services, and by turning off any permission, you cancel your authorization, and we will no longer collect and use the relevant Personal Information based on the corresponding permission and will not be able to provide you with the services corresponding to that permission. For more information about the permissions, please refer to the “Jia Finance Permissions List” in Annex I.

Please understand that, in accordance with laws and regulations and relevant national standards, we do not require your authorized consent to collect and use your Personal Information in the following circumstances:

• 1. Information directly related to national security or national defense security.
• 2. Information directly related to public safety, public health, or significant public interests.
• 3. Information directly related to crime investigations, prosecution, trial, and sentence enforcement.
• 4. For safeguarding the life, property, and other significant legitimate rights and interests of the subject of Personal Information or other individuals, but where it is difficult to obtain the consent of the individual.
• 5. Personal Information collected about you that is disclosed to the public by you at your own discretion.
• 6. Personal Information is collected from legitimate public disclosures, such as legitimate news reports, government disclosures, and other sources.
• 7. Information necessary to enter or perform a contract upon your request.
• 8. Information necessary for maintaining the safe and stable operation of the software and related services, such as detecting and disposing of malfunctions of the software and related services.
• 9. Information necessary for legitimate journalism.
  
  
• 10. When an academic research institution conducts statistical or academic research for the purpose of the public interest and provides the results of academic research or descriptions to the public, in a manner that de-identifies the Personal Information contained in the results.
  
  
• 11. Other circumstances as stipulated by laws and regulations. In particular, we remind you that if information cannot be used to identify to your personal identity, alone or in combination with other information, it is not your Personal Information in a legal sense; when your information can be used to identify to your personal identity, alone or in combination with other information, or when we use data that cannot be linked to any specific Personal Information in combination with your Personal Information, such information will be treated as your Personal Information, and is treated and protected in accordance with this Privacy Policy.

• To ensure that Jia Finance’s app and applets work properly, to make the access experience easier for you, and to suggest content that may be of interest to you, we may store cookies, Flash cookies, or other local storage provided by your browser (or associated application) on your Equipment that typically contains an identifier, site name, and some numbers and characters (collectively "cookies"). With the help of cookies, apps and applets can store data such as your preferences and the items in your shopping cart.
  
  
• You may modify your acceptance of cookies or reject our cookies if your browser or browser add-on service allows you to do so, but if you do so, it may in some cases affect your secure access to our app and applets and may require you to change your user settings each time you visit our app and applets.

• In addition to cookies, we may also use Tokens and other similar technologies. Tokens allow us to track the buttons or links you click on our products and help us understand your product or service preferences so that we can proactively improve the customer service experience.

To provide and optimize our products or services, we have third-party SDKs embedded in our apps and applets. These third-party SDKs, when assisting our efforts to provide you with more comprehensive services, may collect your Personal Information and provide such Personal Information to third parties in a limited manner under our control. We will take the necessary steps to control the collection and use of your Personal Information by these third-party SDKs and to ensure, including through contracts, that your Personal Information is protected to a degree no less than that set forth in this policy. For details on the identity of the third parties and the purpose of collection, etc., please see the description of the third-party SDKs in Annex I of this policy.

We limit the information we send to our service providers and require our service providers to use any shared Personal Information only to provide the requested services in accordance with this Privacy Policy, and require such service providers to have adequate security measures in place to protect any Personal Information you share. We will not share, sell, or disclose your Personal Information except as set forth in this Privacy Policy.

We do not share your Personal Information with companies, organizations, and individuals outside of Jia Finance, except for under the following situations:

• 1. Sharing under legal circumstances: We may share your Personal Information to the public in accordance with laws and regulations, litigation, dispute resolution needs, or as requested by administrative or judicial authorities in accordance with the law.
  
  
• 2. Sharing with explicit consent: We may share your Personal Information with other parties after obtaining your explicit consent.
  
  
• 3. Sharing with affiliates: Your Personal Information may be shared with our affiliates. We will only share Personal Information that is necessary and subject to the purposes stated in this Privacy Policy. We will seek your consent again if we share your Sensitive Personal Information or if our affiliates change the purposes for which the Personal Information is used and processed.
  
  
• 4. Sharing with Partners: We may delegate some functions to our partners to provide certain services to you or for them to perform functions on our behalf, such as providing credit history services, identity verification, and employment verification. We will only share your information for purposes that are legal, legitimate, necessary, specific, and explicit as stated in this Privacy Policy. Authorized partners will only have access to the information they need to perform their duties and will not use this information for any other purpose. We will carefully evaluate the purposes for which third parties use shared information, make a comprehensive assessment of the security and safety capabilities of those partners, and require that they follow the legal agreements for cooperation. We will conduct strict security monitoring of the software tool development kits (SDKs) and application program interfaces (APIs) used by our partners to obtain information to protect data security. Please see Annex II for an itemized list of situations in which we share your Personal Information with our authorized partners.

We will not transfer your Personal Information to any company, organization or individual, except for under the following situations:

• 1. Transfers with explicit consent: we will transfer your Personal Information to other parties after obtaining your explicit consent.
  
  
• 2. In the event of a merger, acquisition, or bankruptcy liquidation, or in other situations involving a merger, acquisition, or bankruptcy liquidation, if the transfer of Personal Information is involved, we will require the new company or organization holding your Personal Information to continue to be bound by this policy, or we will require the company, organization and individual to seek your authorized consent again.

We will only publicly disclose your Personal Information when:

• 1. We have obtained your express consent or are doing so based on your voluntary choice.
  
  
• 2. We may disclose your Personal Information publicly if compelled to do so by law, legal procedures, litigation, or orders from a competent governmental authority.

Please understand that, in accordance with laws, regulations and national standards, we do not need your prior authorized consent to share, transfer or publicly disclose your Personal Information under the following circumstances:

• 1. Information that is directly related to national security or national defense security.
• 2. Information that is directly related to public safety, public health, or significant public interests.
• 3. Information that is directly related to crime investigations, prosecution, trial, and sentence enforcement.
• 4. For the purpose of safeguarding your or other individuals’ vital legal rights and interests such as life and property, but where it is difficult to obtain consent.
• 5. Personal Information that you disclose to the public at your own discretion.
• 6. Personal Information that has been collected from legitimate publicly disclosed information, such as legitimate news reports, government information disclosure, and other sources.

Please be aware that, in accordance with applicable laws, if we take technical measures and other necessary measures to process Personal Information in such a way that the recipient of the data cannot re-identify a specific individual and cannot recover it, the sharing, transfer, or public disclosure of such processed data does not require separate notification to you and your consent.

• (I) We have implemented reasonable and practicable security measures that meet industry standards to protect your information from unauthorized access, public disclosure, use, modification, damage, or loss. For example, we use encryption technology to enhance the security of Personal Information; we use trusted protection mechanisms to prevent malicious attacks on Personal Information; we deploy access control mechanisms to ensure that only authorized personnel have access to Personal Information; and we enhance employee awareness of the importance of protecting Personal Information.
  
  
• (II) We will improve the security of the whole system in multiple dimensions, such as organization construction, system design, personnel management, and product technology.
  
  
• (III) We will take all reasonable and practical steps to ensure that no unrelated Personal Information is collected. We will only retain your Personal Information for as long as is necessary to achieve the purposes described in this Privacy Policy unless an extended retention period is needed or permitted by law.
  
  
• (IV) The Internet is not an absolutely secure environment, and since it is impossible to determine whether email, instant messaging, social networking software and other methods of communication with other users are fully encrypted, we recommend that you use complex passwords when using such tools and take care to protect the security of your Personal Information. We will make every effort to safeguard the security of any information you send us. If our physical, technical, or administrative safeguards are breached, resulting in unauthorized access, public disclosure, tampering or destruction of information, which lead to damage to your legal rights and interests, we will be liable in accordance with relevant laws.
  
  
• (V) After an unfortunate occurrence of any Personal Information safety breach incident, we will inform you in accordance with the requirements of laws and regulations, including: the basic situation of the incident and the possible impact, measures we have taken or will take, suggestions for you to independently prevent and reduce relevant risks, remedial measures for you, etc. We will inform you by email, letter, telephone, push notification, etc. When it is difficult to inform the subjects of Personal Information one by one, we will choose a reasonable and effective way to publish an announcement.
  
  
• (VI) At the same time, we will also report the disposition of Personal Information security breach incidents as required by the regulatory authorities. However, no website, app or transmission can fully guarantee the security of Personal Information. Therefore, while we have established and are maintaining procedures that we believe are reasonable to protect the confidentiality, security and integrity of Personal Information obtained through our services, we cannot guarantee the security of any Personal Information that you transmit to us.

We may retain Personal Information about you for the purposes expressed in this Privacy Policy. When Personal Information is no longer necessary to achieve such purposes, we will retain the Personal Information in a form that does not identify you, unless we are required by law to retain the Personal Information for a longer period.

The Personal Information associated with your account is usually retained as long as your user account is active. After cancellation of your account, your Personal Information will be deleted or anonymized within one month.

You can access and manage your Personal Information in the following ways:

You may request access to any Personal Information we hold about you at any time. If you believe that the Personal Information we hold about you is incorrect, incomplete or inaccurate, you may request that we correct that information. We will consider whether such information needs to be amended. If we do not both agree that there is a reason to amend the relevant Personal Information, then we will add a note to the Personal Information to indicate that you do not consent to the amendment of such information. In response to the foregoing request, you may contact us by using the contact information in Section XI.

You may delete some of your information in the manner specified in Section XI. You may also make a request to us to delete your Personal Information in the following cases:

• 1. If our handling of Personal Information violates laws and regulations.
• 2. If we collect and use your Personal Information without your explicit consent.
• 3. If our processing of Personal Information is in material breach of our agreements with you.
• 4. If you no longer use our products or services, or if you voluntarily cancel your account.
• 5. If we permanently cease to provide products or services to you.
  
  If we decide to respond to your request for deletion, we will also notify the subjects who received your Personal Information from us, if possible, and request that they delete it promptly (unless otherwise required by applicable laws or regulations, or unless these subjects have independently obtained your authorization).

After you have deleted, or we have assisted you in deleting the relevant information, we may not be able to immediately remove the corresponding information from the backup system because of applicable laws and security technology. We will securely store your Personal Information and isolate it from any further processing until the backup can be made anonymous.

Each business function requires some basic Personal Information in order to be completed (see Section I of this Privacy Policy). You may give or withdraw your authorized consent for the collection and use of additional Personal Information collected at any time. You may give or withdraw your consent by, for example, changing the settings of your Equipment.

When you withdraw your consent, we will no longer process the corresponding Personal Information. However, your decision to withdraw your consent will not affect the processing of personal data previously carried out on the basis of your authorization.

You can apply for cancellation of your account in the ways listed in Section XI.

After you voluntarily cancel your account, we will stop providing you with products or services, delete your Personal Information or anonymize it as required by applicable law.

For security purposes, you may be required to provide a written request or otherwise prove your identity. We may ask you to verify your identity before processing your request.

We will respond within 15 days. If you are not satisfied, you can also initiate a complaint through the methods listed in Section XI.

In principle, we do not charge a fee for your reasonable requests, but we will charge a fee for repeated requests that exceed reasonable limits, at our discretion. We may deny requests for information that is not directly related to your identity, that is unwarrantedly repetitive, or that requires excessive technical means (for example, requiring the development of new systems or fundamental changes to current practices), that poses a risk to the legal rights of others, or that is impractical.

We will not be able to respond to your request if we are required by law or regulation to do so under the following circumstances:

• 1. Circumstances related to national security or national defense security.
• 2. Circumstances related to public safety, public health, or significant public interests.
• 3. Circumstances related to crime investigations, prosecution, trial, and execution of sentences, etc.
• 4. Where there is sufficient evidence of subjective malice or abuse of rights by the subject of relevant Personal Information.
• 5. Where responding to your request will result in serious damage to the legitimate rights and interests of you or other individuals or organizations.
• 6. When trade secrets are involved.

You have the right to request that we explain this Privacy Policy to you at any time by contacting us through the contact information in Section XI.

Our products, websites and services are intended primarily for adults. If you are a Minor, please do not use or discontinue using our products and/ or services.

If you are the guardian of a minor, when you have any questions about whether a Minor in your custody is using our services or whether he or she has provided information to us, please contact us promptly through the contact information in Section XI. If we discover that we have unknowingly collected Personal Information from a Minor, we will attempt to delete the relevant data as soon as possible.

As a global company, your personal data collected by us may be processed or accessed in the country/region where you use our products and services or in other countries/regions where us or our affiliates, subsidiaries, service providers or business partners have a presence. These jurisdictions may have different data protection laws. In such circumstances, we will take measures to ensure that data is processed as required by this Policy and applicable laws, which includes obtaining the consent to the cross-border transfer from you or implementing security measures like anonymizing personal data before conducting cross-border data transfers. If you need to know the details of the data recipient, you can contact us through the contact information in Section XI.

Our privacy policies are subject to change. We will not limit your rights under this Privacy Policy without your express consent. We will post any changes to this Privacy Policy or wider privacy policies on a dedicated page.

We will also provide more prominent notice of material changes (including when we do so through public announcements or pop-up alerts). Material changes within the meaning of this Privacy Policy include but are not limited to:

• 1. Significant changes in our product or service model, such as the purpose of processing Personal Information, the type of Personal Information processed, and the way Personal Information is used.
• 2. We have significant changes in control, etc., such as changes in information controllers caused by mergers and acquisitions, reorganizations, etc.
• 3. Changes in the primary recipients of Personal Information sharing, transfer, or public disclosure.
• 4. Significant changes in your rights to participate in the processing of Personal Information and in how the rights are exercised.
• 5. Changes in the department responsible for handling the security of Personal Information, contact information and complaint channels.
• 6. Where Personal Information security assessment reports indicate a high risk.

Our websites or mobile applications may contain links to other websites or applications operated by third parties. We make no representations or warranties regarding the privacy practices of such third-party services, and we assume no responsibility for their privacy policy or their contents.

We recommend that you periodically review this Privacy Policy to be informed of the most current version. By continuing to use our products and services after this Privacy Policy has been updated, you acknowledge that you have fully read, understood and accepted the updated Privacy Policy and are willing to be bound by the updated Privacy Policy.

You can contact us via the following methods, and we will respond to your request within 15 days.

• 1. If you have any questions, comments, or suggestions regarding the content of this policy or the Personal Information of minors, you may contact us through the online contact/customer service system provided on the Jia Finance App.
• 2. We have a Personal Information protection officer who you can contact at support@jiafinance.com.

Jia Finance Inc.

Use scenario/purpose: Taking photos for real name authentication.
Types of Personal Information collected: Real identity information, including ID card information, personal photos.
Consequences of refusing authorization: Once turned off, you may not be able to use the functions such as scanning and taking photos, but it will not affect your access to basic services such as browsing.

Usage scenario/purpose: Real name authentication via an uploaded photo.
Types of Personal Information collected: Real identity information, including ID card information, personal photos.
Consequences of refusing authorization: Once turned off, you may not be able to use the functions such as scanning and taking photos, but it will not affect your access to basic services such as browsing.

Usage scenario/purpose: Push messages.
Types of Personal Information collected: Device model, hardware serial number, device MAC address, Unique Device Identifier (such as IMEI /androidID /IDFA / OPENUDID /GUID /OAID, SIM card IMSI, ICCID information and other device identifiers), mobile application list, telecom operators, sensor information, cell phone number, etc.
Consequences of refusing authorization: Once turned off, you may not be able to receive push messages from us, but it will not affect your use of basic services such as browsing.

Usage scenarios/purpose: Provide customized services.
Types of personal information collected: Obtain location information through IP addresses, GPS and sensor information such as WLAN (e.g. Wi-Fi) access points, Bluetooth and base stations that can provide location information.
Consequences of refusing authorization: You have the right to choose to provide us with precise location information, rough location information or background location information when you turn on location authorization. When you refuse the location authorization, you can still manually select or enter location information, but it will not affect your use of basic services such as browsing.