PointCool Personal Data Privacy Policy Statement

This Policy is established by 益萊科技有限公司 (the “Company”) pursuant to the Personal Data Protection Act (PDPA) and related laws and regulations of the Republic of China (Taiwan). It applies to users of the PointCool service (the “Service”). To safeguard users’ personal data and privacy, the Company sets forth this Policy as follows:

Article 1: Purposes of Collection

The Company collects personal data for the following specified purposes:

• Providing the Service and performing contractual obligations

• Customer management and after-sales support

• Marketing activities and promotional notifications

• Processing online transactions (e.g., payment, logistics, returns)

• Business activities within the Company’s registered business scope

Article 2: Categories of Personal Data

Depending on the nature of the Service and actual needs, the Company may collect the following categories of personal data:

• Identifiers: name, gender, date of birth, telephone number, address, email, national ID number or passport number

• Account data: member account, password, verification information

• Transaction information: purchase history, payment method, logistics records, invoices, etc.

• Identity-verification data (only for high-risk or anomalous cases): copies of identification documents, facial images, SMS verification, passport, ARC, driver’s license, etc.

Article 3: Impact of Not Providing Data

If required and accurate personal data are not provided, the following may be affected:

• Member registration and login

• Order processing and logistics services

• Returns/exchanges and after-sales services

• User notifications and identity-verification procedures

If any loss arises from false or inaccurate information provided by the user, the user shall bear such loss and fully compensate the Company for any resulting damages.

Article 4: Use and Protection of Personal Data

• The Company will use personal data only within the scope of the collection purposes and will adopt reasonable technical and organizational security measures in accordance with law to prevent leakage, alteration, loss, or misuse.

• Unless required by law or a formal request from judicial/administrative authorities, or with the user’s explicit consent, the Company will not provide or disclose users’ personal data to third parties.

Article 5: Validity and Governing Law

• If any provision of this Policy is held invalid by a court, the remaining provisions shall remain in full force and effect.

• The interpretation and application of this Policy are governed by the laws of the Republic of China (Taiwan).

Article 6: Dispute Resolution

• Any disputes arising from this Policy shall first be resolved through good-faith negotiation.

• If negotiation fails—and without prejudice to consumers’ statutory right to choose jurisdiction—both parties agree that the Taipei District Court, Taiwan shall be the court of first instance.

Article 7: Amendments and Announcements

• The Company may amend this Policy at any time in accordance with laws and business needs.

• The Company is not required to notify users individually; users are responsible for reviewing the latest version of this Policy.

• Continued use of the Service after amendments constitutes the user’s acknowledgment, understanding, and acceptance of the revised terms.