Security and Other Privacy Information

• The Schwab Customer Center
• Browsers and Internet Security
• Your Password and Other Security Issues
• Logging Off
• Security Risk of Using Non-Approved Automated Software Applications
• Cookies, GIFs and Other Web Tools
• E-mail Communications and Opting Out
• Schwab Alliances and Promotions
• Account Registration Data
• Correcting and Updating Your Information
• Investor Protection Sites

The Customer Center is the area of our Web Site available only to account holders. The Customer Center provides a private and secure Web environment to place trade orders and access account information. Logging-in to the Customer Center requires both a personal account number and a password individually selected by each customer. The Customer Center uses leading encryption technology so that the data we transmit to you and the data you transmit to us across the Internet is safe. Secure data includes account information, trade orders, and e-mail sent from within the Customer Center.

Any time you enter an order or provide personal information in our Customer Center (such as an account number or password), we encrypt it using Secure Socket Layer (SSL) technology. SSL protects information as it crosses the Internet. To support this technology, you need an SSL-capable browser. Schwab recommends using a strong encryption, 128-bit browser such as Netscape Navigator 7.0 or higher, Microsoft's Internet Explorer 6.0 or higher, or AOL 8.0 or higher. These browsers will activate SSL automatically whenever you sign on to your Schwab account.

You can tell if you are visiting a secure area within a Web site by looking at the symbol on the bottom of your browser screen. In the above referenced browsers, you will see either a lock or a key. When the symbol appears unbroken or the padlock is in the locked position, your session connection is taking place via a secure server.

If you need a strong encryption browser, you can go to the Netscape Web site or the Microsoft Web site to download the latest Navigator or Internet Explorer browser. We do not recommend the use of beta browser versions.

Your Schwab password is your private entry key into your account. You should never share it with anyone and you should change it periodically. You can change your password any time you like after logging in to our Customer Center.

Our password requirements, which facilitate online account security, are as follows:

Your password must be 6-8 characters long. It also must:

1. Include both letters AND numbers.
2. Include at least one number BETWEEN the first and last character.
3. ontain no symbols (!, %, #, etc.)

Examples of valid passwords: kev6in, 2be111,will1am

Examples of invalid passwords: kevin, 111111, will1, #1abcd

If you forget your password, please call a Schwab representative at +852-2101-0500 and we will be glad to help you.

After you've finished accessing your Schwab account, don't forget to log off. This prevents someone else from accessing your account if you leave your computer and your session hasn't "timed out," or automatically shut down.

For security reasons and to guard the safety of your data, access to this site is limited to SSL-capable browsers like Netscape Navigator 7.0 or higher, Microsoft's Internet Explorer 6.0 or higher, or AOL 8.0 or higher. Under no circumstances should you use any software, program, application, or any other device to access or log-in to the Schwab Web site, or to automate the process of obtaining, downloading, transferring, or transmitting any content to or from Schwab's computer systems, Web site, or proprietary software.

When you interact with a Schwab online channel, such as one of our Web sites or through email or a wireless device, we strive to make that experience easy and meaningful. To do so, we use several tools. When you come to our Web site, our Web server sends a cookie to your computer. A cookie is simply an electronically transmitted file that holds small pieces of information. When you navigate through our Web site, your browser "requests" pages for you to view, and that request will include the information stored in the cookie we previously sent to your computer. This process is like an electronic "handshake" between Schwab's system and your computer; the information exchanged allows us to recognize your browser. For example, if you go to our Mutual Fund OneSource Web page we ask you to read the "10 Important Facts about Mutual Fund Investing." Once you click and confirm that you've read it, we reflect that fact in a cookie, so if you visit us again with the same browser we won't ask you to read it again. Schwab also uses other technology, such as "Graphics Interchange Format" files (GIFs) to recognize users and collect and transmit information online, as described below.

1. Cookies and Personal Identification. Standing alone, cookies, GIFs and other Web tools, as well as data derived from them, do not identify you personally. They merely recognize your browser. Unless you choose to identify yourself to Schwab, either by responding to a promotional offer, opening an account, or registering for an online service such as Learning Center, you remain anonymous to Schwab.
2. Persistent Cookies. Cookies come in two flavors: persistent and session-based. Only persistent cookies remain on your computer after you've closed your browser or turned off your computer. They include such information as a unique identifier for your browser that only Schwab can read and use, and the fact that you are a Schwab customer or prior Schwab Web site visitor (whatever the case may be). We are especially careful about the security and confidentiality of the information we send through persistent cookies. For example, we do not store account numbers or passwords in persistent cookies.
3. Session Cookies. Session cookies exist only during an online session with Schwab. They disappear from your computer when you close your browser software or turn off your computer. Session cookies allow you to conduct transactions or request your own personal or account information on our Web site. They contain encrypted or encoded information about your account(s), and/or identifying information that you have previously provided to us. This information allows Schwab to process your online transactions and requests. Examples include a request to see your account balance or to place a trade order on your behalf. Without the session cookie information, we would not be able to complete your Web transactions securely. Session cookies help us make sure you are who you say you are after you've logged in.
4. Graphics Interchange Format. On our Web sites, including Schwab pages hosted by our agents, and in emails we sometimes include a GIF. On the Web, they allow us to keep your session active while you may be using research, education or bulletin board services so that you will not have to log in again when you return to the Customer Center. In an email message, we may embed a GIF in the message that allows us, for example, to determine if your email reader is HTML capable or how fast your connection to the Internet is. This allows us to deliver content in a format most appropriate to your computer's capabilities.
5. Other Web Tools. Sometimes we include links to Web pages in an email or in banner advertisements which include a code that allows us to know if you clicked on that link. We do this so that we can personalize your experience, such as recognizing you when you reach the Web page you clicked to, or by displaying information and content we believe will be relevant to you. We also do this to measure the effectiveness and usefulness of our advertisements and the messages we send, and we use this information to continually improve the way we communicate.
6. Other Ways Schwab Uses Information Obtained From Cookies and GIFs. Cookies enable us to understand better how you and others use Schwab's online channels. They allow us to collect information about where your browser goes on our Web sites. This assists us in understanding your preferences and improving our Web site. For example, the information we obtain from cookies or GIFs helps us understand whether our customers use certain Web features and how to improve navigation. We also may use information gathered as the result of GIFs or cookies to target emails or Web messages to groups of customers based on the parts of our Web site they visit the most. Knowing where your browser has been on our Web site helps us present useful information and offers to you. We do not sell this or any other information about you to other Web sites, merchants or financial institutions. Unless you have affirmatively consented, we do not provide any personally identifiable information about you to anyone else for their marketing purposes.

E-mail is an important communication channel between Schwab and its customers. Schwab also uses e-mail to communicate with prospective customers.

E-mail sent to Schwab from within our Customer Center (after you have logged on with your account number and password) is secured with the same Secure Socket Layer (SSL) technology we use to transmit private account information. So please remember that any e-mail you send to Schwab identifying your account should originate in the secure Schwab Customer Center.

Our news and information services are delivered to our customers via e-mail from outside our Customer Center. You will receive your subscription via unencrypted e-mail. As stated in your account agreement, we reserve the right to use your e-mail address to send you important information relating to your account, including regulatory communications. For example, such communications relate to margin or trading requirements. At times we may ask for your informed consent to send important information to you by e-mail.

We may also use your e-mail address to send you information about services and products we believe may be of interest to you. If you are a customer and do not want to receive e-mail related to services and products, simply log into the Customer Center and send us an e-mail from the Services/Contact Us section or call us at +852-2101-0500.

If you are a customer or a prospective customer and receive an e-mail from Schwab about a product or service, you may unsubscribe to future e-mails about that product or service by following the instructions in the e-mail message.

When Schwab joins with another company to offer or provide products and services, both parties may cross-reference their databases to search for customers in common. This existing information may be used to help identify business alliance opportunities and to enhance the information already contained in the existing databases.

Schwab on its own, or jointly with other organizations and Web sites, may offer contests, sweepstakes, and promotions. You may be asked to supply certain personal information to participate in these promotional events, which may then be used by the sponsoring parties for marketing purposes. Even if you have previously opted not to receive information or mailings about Schwab, you may still receive information about Schwab via these promotions if you choose to register for them. Rules and guidelines for each promotion will be clearly posted, as will notification about how the information gathered may be used. You may opt not to participate in these special promotions if you do not want to receive information about Schwab or share your information with all sponsoring parties.

Potential customers applying online at Schwab.com.hk for a Schwab account have the ability to opt out of the application process before completing it. However, we may use the information gathered on the application form during this process to send you further information about Schwab services and products we believe may be of interest to you. You will be notified of this during the application process.

The accuracy of your personal information is important to us. If you are a customer and have a concern about your personal or account information maintained at Schwab, or want to correct, update, or confirm your information, please login to the Customer Center and send us an e-mail from the Services/Contact Us section. Customers and others may also send an e-mail to asia@schwab.com.hk or call us at +852-2101-0500. We will be happy to review and update our records.

• How Schwab Protects Your Identity
• How You Can Protect Your Identity and Accounts
• What to do if You Are A Victim of Identity Theft
• Other Resources to Learn More about ID theft

Your privacy is our priority and Schwab is committed to protecting you:

• We do not sell customer information to anyone.
• We use encryption technology to protect sensitive information that is transmitted over the Internet.
• We control access to your information inside our company by limiting employee access to systems and data.
• We ensure all employees are trained to safeguard your information.
• We continue to evaluate our efforts to protect personal information and make every effort to keep your personal information accurate.
• Our most important asset is our relationship with you. We understand that you have entrusted us with your private financial information, and we do everything we can to maintain that trust.

Identity theft occurs when someone uses your personal information such as your name, Identity Card number, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes.

Identity theft is a serious concern. Here are few steps to remember in order to protect your identity and accounts:

1. Schwab will never request or disclose your personal information (account number, Login password, Social Security number) in either a non-secure or unsolicited email communication.
2. If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email.
3. When you enter account or personal information at the Schwab Website, it will always be over a secure connection. You can be sure of this because you will see the secure site indicator in the lower right corner of your browser's frame in the shape of a padlock. It signals that your information is secure during transmission.
4. Shred financial documents that contain your personal information before you discard.
5. Check your credit report regularly to make sure no unauthorized activity has occurred.
6. Protect your personal information (such as your PIN, Identity Card number, Social Security number, date of birth, etc.). Do not give it out to any person or company or in an email unless you are familiar with them and you have initiated your communication with them.
7. Don't carry unneeded credit cards, your Social Security card, your birth certificate or other personal documents in your purse or wallet.
8. Monitor all your bank statements from every credit card every month. Check to see if there is anything that you do not recognize and call the credit grantor to verify that it is truly yours.

It's also important to protect your computer at home. Here are few best practices to follow:

• Use and update antivirus software which will not only protect your machine from malicious viruses, but also helps to protect the networks to which you connect.
• Use a firewall to protect the data on your computer from users entering your computer.
• Do not re-use passwords for sensitive systems.

Again, the protection of your account and personal information is very important to Schwab.

If you are a victim of identity theft, here are some recommended steps:

• Contact us and let us know you have been a victim of identity theft.
• Report the identity theft and request a "fraud alert." This ensures that you will be contacted before any new account is opened and/or an existing account is changed.
• Request copies of credit reports. Review the reports carefully and identify any new accounts that may have been opened. Pay particular attention to the section of the report that lists "inquiries" from new companies. Contact these companies immediately and have them remove any pending or new accounts from their system.
• Contact the fraud departments of creditors to dispute unauthorized charges (e.g., credit card issuer, phone companies, utilities, banks, other lenders.) Describe your identity theft problem and follow up with a letter.
• File a report with your local police department and ask to file a report. This may help when clearing your credit.

• Federal Trade Commission—IDTheft—www.consumer.ftc.gov/features/feature-0014-identity-theft
• Federal Trade Commission—Phishing—www.consumer.ftc.gov/articles/0003-phishing
• Identity Theft Resource center—www.privacyrights.org
• Identity Theft Prevention and Survival—www.identitytheft.org
• Social Security Administration—http://oig.ssa.gov/report-fraud-waste-or-abuse/what-cant-oig-investigate/identity-theft
• Justice Department—www.justice.gov/criminal-fraud/identity-theft/identity-theft-and-identity-fraud
• Postal Inspection Service—https://postalinspectors.uspis.gov

Please note, these links are being provided as a service convenience. Schwab is not affiliated with any of these organizations and cannot guarantee their accuracy, effectiveness and/or completeness.

• What is Phishing?
• How to spot a phishing attack?
• Protect your identity online
• Learn more about phishing scams or identity theft
• Need to report a phishing attack?

Phishing is the illegal attempt to mislead consumers into providing personal or financial information, including account numbers, passwords and Social Security numbers, via email or through fraudulent Web sites.

The most frequent phishing attacks occur through email disguised to appear as though it came from a reputable financial institution or company.

Most phishing attempts urge you to update or validate your account information, typically through a link in an email directing you to a fake Web site that appears to be legitimate.

There are many phishing attacks active on the Internet. Here are a few of their lines and lures:

• An email contains an "urgent" or "shocking" tone requesting your immediate action on an account-related matter. Phishers frequently succeed by getting consumers to act quickly without thinking.
• An email is sent from a user falsely claiming to be a legitimate company with an attachment. An unsolicited email attachment more than likely contains a virus. Do not open it.
• A pop-up window appears from a user falsely claiming to be a legitimate company's Web site asking for personal information.

• Do not provide your personal or financial information in response to an email request or after clicking on a link from an email. Legitimate companies do not ask for this type of information through an email communication, no matter how official the email may look.
• Do not enter your personal information into a form within an email message or a pop-up. Email messages and pop-ups are not secure. It is never safe to enter your personal information in a form unless it is on a secure web site.
• Do not open an email from a sender you do not recognize that contains an attachment. A legitimate financial institution would not deliver unsolicited attachments. Delete the email with the attachment immediately.

Please note that Schwab does include attachments if you subscribe to Schwab Alerts. The email attachments use a secure technology that encrypts the content, so the privacy of the data is ensured.

• Check that you are interacting with a secure Web site. Before you submit personal or financial information on a Web site:
• Look for the locked padlock or key icon at the bottom of your browser or Make sure the web site address begins with "https://" instead of "http://". The "s" indicates that the site is secure.

The absence of either of these items will indicate that the site is not secure. If you are unsure of the validity of the email, contact the institution directly but not via any links in the email.

• Keep your browser software up-to-date with security updates. To adequately protect your computer, make sure you have current anti-virus and firewall software installed to help protect your personal information.
• Review your account statement carefully. Verify that all transactions are authorized and report any discrepancies immediately.

Additional information can be found at www.antiphishing.org or www.consumer.gov/idtheft/.

If you suspect you have received a fraudulent email from The Charles Schwab Corp. or any of its subsidiary companies, please contact: asia@schwab.com.hk. If you believe that any communications with or from Schwab resulted in identity theft, call us immediately at +852-2101-0500.