Point Money Card -PMC-

Basic Policy on the Secure Management of Personal Data

March 1, 2025

In this Privacy Policy, "personal information" refers to any information that can be used to identify an individual customer collected through this website—such as name, address, phone number, and email address—as well as any unique information related to the individual.

Nation Gain Limited (hereinafter referred to as "the Company") is committed to the responsible protection of personal information. Based on our Privacy Policy, we have established the following principles regarding the protection of personal information on the websites operated and managed by the Company.

To prevent leakage, loss, or damage of personal data and to ensure its secure management, the Company complies with all applicable laws, regulations, and guidelines related to the handling of personal information. We will take the following three key steps—among other necessary and appropriate safety management measures—and will continue to review and improve them to ensure the safe handling of personal data:

1. Personal Information Management System

The Company maintains accurate and up-to-date personal information and takes all necessary measures to prevent unauthorized access, loss, damage, falsification, or leakage of such data. These measures include the implementation and maintenance of security systems, the establishment of a robust management framework, and thorough employee training. Through these efforts, we ensure strict and secure management of personal information.

2. Human Security Measures

The Company clearly defines the roles and responsibilities of all employees handling personal information and provides appropriate education and training to ensure awareness and compliance. We also regularly monitor employee adherence to personal information management procedures.

3. Technical Security Measures

The Company enforces proper access controls to personal information by assigning appropriate access permissions. Through user identification and authentication, access is restricted based on authorization levels to prevent unauthorized disclosure or alteration of personal data. Additionally, regular audits are conducted on system access and operational status to ensure security and compliance.

If a customer wishes to inquire about or correct their personal information, we will respond only after verifying the identity of the individual in accordance with our designated procedures.

The Company is not responsible for the protection or handling of personal information on websites linked to or from this website. We recommend that users carefully review the privacy policies and data handling practices of any third-party websites they visit. If such policies are not readily available, users should directly contact the website's administrator to confirm how personal data is managed.

The Company complies with all applicable laws and regulations of the British Virgin Islands (BVI), the regulations of King Luster Limited (the card issuer), relevant Hong Kong laws, and other applicable standards. We regularly review and improve this policy to ensure the continued protection of personal information.