The Company adheres to the information security concept of maintaining the trading environment, and comprehensively protects and prevents the information application system of the Company and the information stored, processed, transmitted or disclosed, so as to prevent damage, theft, leakage, tampering, abuse and infringement and other accidents, and hereby formulates the following information security policy statement:

Information security is everyone's responsibility

The Company's information security policy is as follows:

• 1. Ensure that the company's information security management and related policies and regulations are in compliance with laws and regulations.
• 2. Implement the information security management system and maintain the effectiveness of the system.
• 3. Ensure the effective implementation and communication of the Company's information security policies and objectives.
• 4. Ensure that the Company's core business and critical infrastructure are not disrupted due to information security incidents.
• 5. Ensure that the possible risks of the Company's information and communication systems are managed and controlled.
• 6. Maintain the security of the company's network environment from external intrusion and damage.
• 7. Implement the management and supervision of outsourced manufacturers.
• 8. Enhance the awareness and awareness of information security of all employees of the company.
• 9. We respect the privacy of personal information of our internal and external stakeholders.
• 10. All colleagues should actively promote and implement the company's information security management system (ISMS).

This Policy shall be promulgated after approval by the Information Security Steering Committee of the Company and shall be amended accordingly.