Welcome to use LinkCredit suite products and services that are provided, operated and controlled by ERIC VSTA LIMITED (hereinafter referred to as “we”, “us” or “ERIC VSTA LIMITED”), including LendCredit (and applications available in LinkCredit which are provided and operated by ERIC VSTA LIMITED), LinkCredit loan, High amount loan and other products and services (hereinafter referred to “this Platform”).

This Privacy Policy sets out the basis on which your personal information will be collected, processed, used and disclosed by us in the process of your access and use of this Platform.

This Privacy Policy constitutes a legally binding agreement between you and us and therefore, we hereby specifically remind you to read carefully and fully understand all the terms of this Privacy Policy, especially such terms that disclaim or relieve our liabilities, terms that restrict your rights, terms of dispute resolution and governing law etc. The terms that may exclude or limit our liabilities are marked in bold or underlined for your special attention. Please read this Privacy Policy prudently and choose whether or not to accept this Privacy Policy and please cease to use or access to this Platform if you disagree with this Privacy Policy.

If you are using this Platform as an Authorized User, we may either collect and check your personal information through your employer (e.g. by contact with your employer via email, phone call and etc.) or from yourself (e.g. when you are using this Platform).

Permissions to access geographical location, camera, microphone and installed application information will not be automatically turned on and they will only be used with your express authorization and to the extent of particular use of functions and services. You can withdraw any of the foregoing permissions. It should be noted that notwithstanding your express authorization to grant us these sensitive permissions, we will not collect any of these information from you if it is not required for the relevant functions and services.

Before you continue to read this Privacy Policy to understand how we process your personal information and our practical methods of processing your personal information, we hereby set forth the following table of contents. You may click on the headings to directly browse the relevant content you would like to check.

I. Basic Definitions

1. Personal Information refers to all types of information recorded electronically or otherwise that can be used independently or collectively to identify the identification of a specific natural person or reflect the activities of such person.

2. Personal Sensitive Information refers to the personal information that may endanger personal and property safety, easily lead to personal reputation, physical and mental health damage or discriminatory treatment once it has been leaked, illegally provided or misappropriated, including identification number, personal biometric information, correspondence record and content, property information, whereabouts, physical health information and transaction information, etc.

3. Affiliates refer to the entities that are controlled by ERIC VSTA LIMITED, control ERIC VSTA LIMITED and under common control with ERIC VSTA LIMITED. Control herein refers to the power of an entity to dominate the main commercial business or activities of another entity and such power can be formed based on equity, voting rights and other relationships that are generally considered to be dominant or significant.

4. De-identification refers to the process during which the data subject cannot be identified without additional information by technical processing of personal information.

5. Anonymization refers to the process during which the data subject cannot be identified by technical processing of personal information and the processed information shall not be recovered.

II. Personal Information We Collect on this Platform

In the process of your use of this Platform, we may collect the following types of personal information.

1. Basic personal information: name, identification number, profile picture, phone number and email address

2. Work information: name of organization, department and position

3. Collect coarse location to determine the products available in your area. This helps prevent fraudulent activities and ensures that loans are only provided to eligible local residents.

4. Collect specific information about your phone like your phone’s unique device identifier, your profile information and phone number to build secure user account and prevent any unauthorized device from acting on your behavior. No data sharing without permission.

6. Installed apps to assess your habit of using financial apps. This enables us to do more accurate credit assessment and risk management.

7. Collect and share user In-App behaviours with third party - Appsflyer to enable analysis of how users use LinkCredit and how the application performs. No data sharing without permission

8. In order to prevent us from contacting you in an emergency, we will ask you to fill in the emergency contact information during application process

9. Personal active device information: including hardware model, type and version of operating system, device screen size, device hardware serial number, MAC address, unique device identity number (IMEI, Android ID, IDFA, OpenUDID, SIM card IMSI information), time zone, language setting and installed application information(Application name).

10. Personal location information: GPS information, WLAN access point, Bluetooth, base station and other sensor information, itinerary, travel and residence information

11. Information from your interaction with our App, services, and contents, including, but not limited to, device ID, device type, unique device identifiers; geo-location information, computer, operating system and connection information, statistics on page views, IP address and standard web log information

Please note that part of the abovementioned information alone will not be sufficient to identify a specific individual. In case we combine such non-personal information with other information to identify certain natural person, or use the same in combination with personal information, then such non-personal information may be deemed as personal information during such combination, and we will anonymize and de-identify such personal information unless with your authorization or otherwise provided by laws and regulations.

III. How We Use Your Personal Information

A. Basic functions of this Platform shall only be operated properly and securely based on certain information and therefore, we may need you to provide us with or allow us to collect the following information

1. Authentication Function

In the process of your use of this Platform, you need to provide your phone number and/or email address which is necessary for your use of this Platform. If you refuse to provide such information, you will not be able to use the normal functions of this Platform. You may also choose to upload profile picture for personalized display purpose once you have logged in with your account. You are not required to register an account and provide the foregoing information if you only browse and search introduction of ERIC VSTA LIMITED products, functions and services on the official website of this Platform.

2. Security Inspection

In order to improve the security of your use of this Platform and protect you or other users or the public’s personal and property security from infringement, prevent fishing websites, frauds, network vulnerabilities, computer viruses, network attacks, network intrusion and other security risks, and more accurately identify violations of laws and regulations, we will automatically collect your IP address, unique device identity number, hardware model and settings, operation system and application functions (such as MAC address) and the details of your use of our services, such as browsing history, time zone, region and language settings, server logs (including visit date and time) and application crash to conduct comprehensive assessment of risks of your account and transactions, authenticate, detect and prevent security incident and take necessary measures including record, audit, analysis and intervention in accordance with laws.

B. In order to optimize your service experience and improve our service quality, you may at your own discretion provide us with or allow us to collect the following information

1. Face Recognition Based Check-in Function

For identity verification purpose, we may collect face images that you voluntarily provide to us and compare with your face image. The aforesaid information is sensitive information and you will not be able to use such function if you reject to provide information on face images, however your use of other functions of this Platform will not be affected.

2. Personal information

LinkCredit collects personal information such as name/phone number/email address/account information and political or religious beliefs to enable normal use of the application, authentication, Fraud prevention, security, and compliance of law.

3. Geographical Location Information

LinkCredit collects location information to enable normal use of the application, Fraud prevention, security, and compliance of law. We collect location information to check our availability in your area. We will use such information to provide you with relevant location-based services. If you refuse to provide such information, we may not provide any location-based services to you, which might affect your normal use of this Platform.

4. Financial information (Optional)

LinkCredit collects bank account information and ATM card information to enable withdrawal and repayment function of the application, If you refuse to provide such information, we may not provide any financial-based services to you, which might affect your normal use of this Platform.

5. Service Optimization Function

In order to provide you with better and more personalized services, such as providing more personalized but consistent services on different server or devices, providing search recommendations, customer service or push information and other services suitable for your needs and understanding product suitability, we will collect your preference, user behavior, location and device information.

6. Interaction with our App

LinkCredit collects and shares user In-App behaviour with third party - Appsflyer to enable analysis of how users use LinkCredit and how the application performs. We collect the interaction information within the App to optimize the user experience to understand the users' needs and discover problems the user may encounter.

7. Installed application information(Application name)

LinkCredit collects list of application installed to enable Fraud prevention, security, and compliance of law,. We collect the names of Apps installed on your device for credit risk assessment, credit limit calculation and credit analysis. Please note that we do not interact with your device or installed app information.

8. Get phone info.

LinkCredit collects device information to enable Fraud prevention, security, and compliance of law. We collect, including but not limited to, device ID, device type, unique device identifiers; Geo-location information, computer, operating system and connection information, statistics on page views, IP address and standard web log information.

IV. How We Use Cookie or Similar Technologies

We will use cookies and other similar technologies (such as, web beacons, flash cookies, etc., together, “Cookies”) in order to optimize your experience of using this Platform. When you are using this Platform, we may use relevant technologies to place Cookie(s) or anonymous identifier(s) to your device to collect and store information of your access and use of this Platform.

V. How We Share, Transfer and Disclose Your Personal Information

A. Sharing of Personal Information

1. WWe will not share and transfer your personal information to any third parties unless authorized and approved by you in advance. Otherwise, we may share and transfer the personal information which has been de-identified and the recipient cannot re-identify the data subject.

2. In the event that we share your personal information, we shall comply with the following principles:

Authorization and Consent: we shall not share your personal information without your consent unless the shared information has been de-identified and the recipient cannot re-identify the data subject. If the purposes of third party using personal information exceed the original scope of your authorization and consent, they shall further obtain your consent to their use of your personal information.

Legitimacy and Necessity: data sharing must have legitimate purpose and the scope of sharing shall be limited to such categories and amount of personal information necessary to achieve the purposes.

Prudence and Diligence: we will prudently evaluate the purposes of third parties’ use of our shared personal information and will conduct a comprehensive assessment of such third parties’ security capability and require them to comply with relevant cooperation agreement for information sharing. We will also conduct rigorous security monitoring of software development kit (SDK) and application programming interface (API) used by the third parties to obtain information in order to protect data security.

3. Sharing of information to enable functions and services

If you choose to use the services provided by third-party service provider on this Platform, such third-party service provider may share certain of your information with us. You shall review the relevant privacy policy of third-party services for such data which may be shared with us.

For example, in order to complete the registration of your account on this Platform, you agree that the carrier will send a SMS verification code to us based on your personal phone number, otherwise you will not be able to register your account.

(1) Log in and link products in this Platform: With your consent, when you use your LinkCredit account to log in to a third-party product and/or service or bind your account to other third-party accounts, we will share your basic information (name, profile picture) and other information authorized by you with the abovementioned products and services.

(2) Location service provider. We will share your de-identified location data to the Location service provider.

(3) Affiliates. We undertake not to share your personal information with any Affiliates under unnecessary circumstances. Exceptions deemed as necessary circumstance shall include: we may provide you with the service you need only after sharing your information, and for the purpose of providing you with better relevant services, we may store, transfer, and process your personal information using more sophisticated services.

(4) Other processing assistance program supporters: you understand and agree that in order to ensure the implementation of the functionalities of this Platform and safe and stable operation of relevant applications, we may integrate SDK provided by third parties for realizing such purposes. We will conduct rigorous security monitoring of SDK used by the third parties to obtain information in order to protect data security.

We will only share with third parties the information necessary to achieve the purpose, and you understand and authorize our information sharing under such circumstances. If the third party is required to use personal information beyond the foregoing purpose for business reason, such third party shall further obtain your consent for such use of personal information.

Before our collaboration with any third parties, we will make commercially reasonable efforts to test the third party’s security capabilities, assess the legitimacy and necessity of sharing relevant information with such third party, enter into a non-disclosure agreement, conduct technical monitoring of the third parties’ inquiries, and make commercially reasonable efforts to urge third parties to comply with laws and regulations and confidentiality and security measures as agreed in the agreement when using users’ information.

B. Transfer of Personal Information

With the continuous development of our business, your personal information may be transferred in the event that we are involved in a merger, acquisition or asset transfer and if it occurs, we will continue to protect or request the successor to protect your information in accordance with laws, regulations and security standards not less than what have been required in this Privacy Policy, otherwise we will require the successor to obtain your authorization and consent again.

C. Disclosure of Personal Information

We will not disclose your information to the public unless your consent is obtained. However, when we are required to disclose your personal information as per the requirements of laws, regulations, rules, other normative documents, mandatory administrative or judicial requirements, we may disclose your personal information to administrative or judicial authorities in accordance with the requested type of personal information and the methods of disclosure as requested. Upon receiving any requests for disclosure, subject to compliance with the applicable laws and regulations, we will ask such authorities to present the corresponding legal documents, and we will only provide the information to the extent that the administrative and judicial authorities are authorized to obtain for specific investigation purposes. To the extent permitted by laws and regulations, all the disclosed documents will be encrypted.

Please note that we may collect your activities on the App(Such as click on pages, click content, click count, click results, etc. ) and may disclose statistics on page views including but not limited to a third-party, AppsFlyer.

Please understand that in accordance with laws, regulations and national standards, we may share, transfer, disclose your personal information without your authorization and consent under the following circumstances:

(1) directly related to national security and national defense security;

(2) directly related to public security, public health and significant public interests;

(3) directly related to crime investigation, prosecution, trial and judgment enforcement;

(4) for the purpose of protecting your and others’ life, property and other significant legitimate interests, and where it is difficult to obtain personal consent, unless explicitly prohibited by applicable laws;

(5) personal information disclosed by you to the public;

(6) where personal information is legally collected from publicly disclosed information, such as from legal news reports, government information disclosure and other channels.

In accordance with the laws, sharing and transferring of de-identified personal information which cannot be recovered by the recipient to re-identify the data subject does not constitute an external share, transfer, and disclosure of personal information and therefore it may be processed without further notice to you and obtaining your consent.

VI. How We Store Your Personal Information

A. Location of Storage

Currently, we will not transmit such information abroad and if there is cross-border data transmission, we will comply with relevant national regulations or ask for your permission.

B. Term of Storage

When you are using this Platform, we will continuously retain your personal information for such term that does not exceed the necessary duration of providing services to you. Unless otherwise stipulated in the laws and regulations for the terms of storing specific information, we will delete or anonymize your personal information upon your termination of using this Platform or withdrawal of relevant authorization. We will also delete or anonymize your personal information within a reasonable period in the event that we suspend the operation of this Platform.

VII. How We Protect Your Personal Information

A. We are highly concerned with the security of your personal information. We have established a data security system to regulate and implement relevant security technical measures in order to prevent your personal information from unauthorized access, amendment and from damage or loss of data. Our network services have adopted a transport layer security protocol and other encryption technologies to ensure the security of your data transmission in the network.

B. We have taken strict data processing permission control to avoid illegal use of data; we have applied various data desensitization methods such as coding and screening and other de-identification technologies to enhance the security of personal information in use; we have adopted encryption technology widely used in the industry to store your personal information and isolated it with data isolation technology, for example, we will encrypt all the information stored in our servers and your terminal devices. We have always implemented such technical measures and organizational management methods and may revise them from time to time to enhance the overall security of the system.

C. In spite that the foregoing reasonable and effective measures have been taken and the standards requested by relevant laws and regulations have been complied with, please understand that even though we have taken every effort to strengthen security measures, the security of personal information for the Internet industry cannot be perfectly guaranteed and warranted due to technical limitations and various potential malicious methods. Nevertheless, we will try our best to assure the security of personal information provided by you to us. Please acknowledge and understand that problems may occur to the system and communication network accessed by you to our services due to the factors beyond our control and therefore we strongly recommend you to take proactive measures to protect the security of your personal information, including without limitation, using complex passwords, changing passwords on a regular basis, and not disclosing personal information such as account password to others.

D. In case of any incidents endangering network security, we will take appropriate remedies in a timely manner in accordance with the emergency precautions for Internet security incident. We will strictly assume corresponding liabilities for any infringement upon your legitimate interests due to any leakage, illegal provision and misappropriation of your personal information arising from the destruction of our physical facilities or technical protection measures.

E. Upon our awareness and knowledge of the unfortunate leakage, illegal provision and misappropriation of your personal information, we will promptly inform you in accordance with the requirements stipulated in laws and regulations and no later than [10] days of: the basic situation and possible impact of such security incident, the measures we have taken or to be taken, suggestions for your own prevention and risk reduction measures, any remedies provided to you, etc. The situation of security incident shall be notified to you by pushing notification in the Platform and we will adopt reasonable and effective means to publish announcements in case it is difficult to notify each subject of personal information. We will also report the personal information security incident and its disposal in accordance with the requirements of regulatory authorities.

VIII. Your Rights

A. How to Access to and Correct Your Personal Information

Access to your personal information: to access to your profile picture, name, work status, email address, mobile phone number- access to check personal information.

B. Delete Your Personal Information

You may request us to delete your personal information under the following circumstances:

1. If we deal with personal information in violation of laws and regulations;

2. If we collect and use your personal information without your explicit consent;

3. If our processing of personal information seriously violates the agreement with you;

4. If you no longer use our products and services, or you voluntarily cancel your account;

5. If we no longer provide you with our products and services.

If we agree with your request to delete information, we will also notify entities that obtain your personal information from us to require them to delete the information concerned in a timely manner (unless otherwise stipulated by laws and regulations or such entity has obtained your separate authorization).

Once you have deleted or we have assisted you in deleting the relevant information, we may not be able to delete the corresponding information from the backup system immediately due to the applicable laws and security technologies. We will store your personal information securely and isolate it from any further processing until the backup can be cleared or anonymized.

IX. Amendment

We will make every reasonable effort to notify every user in case of any substantial amendments to this Privacy Policy, such as post notifications on this Platform. Please review this Privacy Policy on a regular basis in order to check such amendments. We will also update the last update date and the effective date at the top of this Privacy Policy. Your continued use and access to this Platform after the renewal of this Privacy Policy will be deemed as your acceptance of the updated Privacy Policy and otherwise please cease to use or access to this Platform.

X. How to Contact Us

For any questions, suggestions, or requests of this Privacy Policy, please e-mail us at contact@linkcredit.ng In normal cases, we will revert to you within [15] days after the receipt of your contact information and verification of your identity.

We do not charge any fees for your reasonable requests in principle. However, if your requests are lodged repeatedly or beyond a reasonable extent, we will charge fees of a proper amount depending on the cost. We may refuse your requests if they are not directly related to your identity, repeated without reason, need to be replied through too many technical methods (for example, a new system needs to be developed or the existing common practices need to be fundamentally reformed), pose risks to others' legal rights or interests, or are fairly unrealistic.

XI. Miscellaneous

A. This Privacy Policy only applies to your use of the services of this Platform within the territory of Nigeria. There may be multilingual versions of this Privacy Policy. If there is any inconsistency or conflict between the terms of each language version, the Nigeria version shall prevail.

B. The headings of this Privacy Policy are for convenience and readability only and the headings shall not have any effect on the meaning or interpretation of any terms of this Privacy Policy.