Directive on the Digital Services Act for global application for SCANDIC FINANCE GROUP LIMITED

The Regulation (European Union Regulation 2022/2065) on a Single Market for Digital Services (hereinafter referred to as the "Digital Services Act") comprehensively revises the responsibility, transparency and obligations of intermediary services and online platforms. The aim is to create a safe, trustworthy online space in which the fundamental rights of users are effectively protected.

SCANDIC FINANCE GROUP LIMITED and its affiliated companies undertake to comply with the provisions of the Digital Services Act

• in a legally binding manner for all offers directed at users in the Member States of the European Union and
• to apply them internally as a global minimum standard worldwide, unless mandatory local regulations prevent this.

This policy

• specifies the requirements of the Digital Services Act for the SCANDIC FINANCE GROUP LIMITED brand ecosystem and
• establishes binding internal processes and responsibilities,
• creates transparency for users, business partners and supervisory authorities,
• serves as an internal guide for management, compliance, information technology, product development, marketing, editorial and all operational units.

2.1 Geographical scope

The Digital Services Act applies to providers of intermediary services that are established in the European Union or offer their services to users in the European Union, regardless of where the company is based. SCANDIC FINANCE GROUP LIMITED therefore applies this policy:

1. mandatory for all digital services of SCANDIC FINANCE GROUP LIMITED that address users in the European Union, and
2. voluntarily, but internally binding as a minimum standard for all comparable services outside the European Union (global applicability), insofar as this is compatible with local legal systems.

2.2 Material scope

This policy covers in particular:

• Intermediary services within the meaning of Article 3(g) of the Digital Services Act (transport services, caching services and hosting services),
• online platforms where users can provide, publish or share content with others,
• Functions of online marketplaces, insofar as platforms of SCANDIC FINANCE GROUP LIMITED enable businesses to offer products or services,
• advertising services and recommendation systems ("recommender systems") of SCANDIC FINANCE GROUP LIMITED.

2.3 Personal scope

This policy is addressed to:

• the management of SCANDIC FINANCE GROUP LIMITED,
• the management of cooperating companies as non-operational service providers,
• all employees, freelancers and service providers
• in the development and operation of digital platforms of SCANDIC FINANCE GROUP LIMITED,
• in the areas of marketing, editorial, customer service, know-your-customer processes, compliance, information security, legal, product management,
• in the administration of the digital infrastructure, including hosting, cloud systems and content delivery structures.

3.1 Digital Services Act as a European framework regulation

The Digital Services Act is a European Union regulation with direct applicability. It:

• reorganises the liability regime and due diligence obligations of intermediary services and online platforms,
• creates a tiered system of obligations for general intermediary services, hosting services, online platforms, very large online platforms and very large online search engines,
• provides for specific transparency, information and compliance obligations for platform operators.

3.2 Relationship with other legislation

This Directive is related to and complements, in particular:

• data protection law, in particular the General Data Protection Regulation and the rules on privacy in electronic communications,
• European Union consumer law,
• special financial market regulations (e.g. the Markets in Financial Instruments Directive, rules on the prevention of money laundering and terrorist financing),
• national criminal law provisions, including regulations on combating terrorism, child pornography, human trafficking, hate crime and related offences,
• national implementing regulations for the Digital Services Act in the individual Member States.

Where multiple sets of regulations apply, SCANDIC FINANCE GROUP LIMITED always complies with the stricter and more fundamental rights-friendly requirements.

For the purposes of this policy, the following definitions apply:

• Intermediary service: an information society service within the meaning of Article 3(g) of the Digital Services Act, which consists of the transmission, caching or storage of information.
• Transport service ("mere conduit"): a service consisting exclusively of the transmission of information over a communications network, transmitted or provided by a user, without the service provider selecting or modifying the information transmitted.
• Caching service: a service that involves the automatic, temporary caching of information for the purpose of more efficient transmission.
• Hosting service: a service consisting of the storage of information provided by a user, such as user accounts, posts, images, comments, files on SCANDIC FINANCE GROUP LIMITED platforms.
• Online platform: a hosting service provided by SCANDIC FINANCE GROUP LIMITED that makes information available to the public on behalf of users, such as marketplaces, review sections, forums or public comment sections.
• Online marketplace: a special online platform where businesses can offer products or services to consumers and conclude contracts.
• User: any natural or legal person who uses a service provided by SCANDIC FINANCE GROUP LIMITED.
• Recipient of the service: any natural or legal person who benefits from an intermediary service provided by SCANDIC FINANCE GROUP LIMITED without necessarily actively using it.
• Illegal content: any information which, in itself or by reference to an activity, is considered to be in breach of European Union law or the law of a Member State, in particular criminal content, infringing content or content that otherwise infringes the rights of third parties.

1. Operational responsibility
SCANDIC FINANCE GROUP LIMITED is responsible for all operational and accountable activities related to digital services.

2. Non-operational service providers
The companies SCANDIC ASSETS FZCO, SCANDIC TRUST GROUP LLC and LEGIER Beteiligungs Gesellschaft mit beschränkter Haftung provide supporting, but not operational, services, such as infrastructure, consulting and representation in the European Union.

3. Internal persons responsible for the Digital Services Act
The management of SCANDIC FINANCE GROUP LIMITED appoints one or more responsible persons (internal officers for the Digital Services Act) who are responsible for:

• monitoring compliance with the Digital Services Act and this policy,
• coordinating and preparing transparency reports,
• cooperating with LEGIER Beteiligungs Gesellschaft mit beschränkter Haftung as the contact point and legal representative in the European Union,
• planning and conducting internal training,
• coordinating inspections, audits and internal controls.

4. Cooperation with other compliance functions
The internal officers responsible for the Digital Services Act work closely with:

• the Data Protection Officer of the Special Administrative Region – People's Republic of China (Data Protection Officer of the SAR – PRC),
• the officers responsible for the prevention of money laundering and the prevention of terrorist financing,
• the information security function,
• the compliance function and the legal department,

to ensure a consistent, integrated system of corporate compliance.

The following central contact point acts on behalf of Member State authorities, the European Commission, the body referred to in Article 61 of the Digital Services Act and users of the services:

• Communication is only possible in English.
• Enquiries are recorded internally, processed in a timely manner and forwarded to SCANDIC FINANCE GROUP LIMITED and the relevant departments.
• The contact point ensures that feedback and communications to authorities and users are fully documented.

As SCANDIC FINANCE GROUP LIMITED is based outside the European Union, it appoints a legal representative in the European Union in accordance with Article 13 of the Digital Services Act. This task is performed by LEGIER Beteiligungs Gesellschaft mit beschränkter Haftung. It is authorised to:

• act as a point of contact for digital service coordinators, competent authorities and the European Commission,
• receive legally binding notifications and forward them to SCANDIC FINANCE GROUP LIMITED,
• – after prior consultation – to issue statements on behalf of SCANDIC FINANCE GROUP LIMITED to the competent authorities.

The powers of attorney granted for this purpose are documented internally and can be presented to the competent authorities if necessary.

8.1 Handling orders relating to illegal content and requests for information

SCANDIC FINANCE GROUP LIMITED undertakes to

• comply with administrative or judicial orders to remove or block illegal content in accordance with Article 9 of the Digital Services Act, as well as
• orders to disclose information about specific users in accordance with Article 10 of the Digital Services Act

in a timely, legally compliant and transparent manner. To this end, internal procedures shall be established to:

• verify the authenticity and authority of orders,
• identify the content or data concerned,
• assess legal risks (in particular data protection, professional secrecy, banking secrecy, where applicable),
• implement the orders in a timely manner,
• document the measures taken and communication with the authorities,
• inform affected users about measures and legal consequences to the extent permitted by law.

8.2 Liability privileges and no general monitoring obligation

SCANDIC FINANCE GROUP LIMITED makes use of the liability privileges provided for in the Digital Services Act, provided that:

• there is no actual knowledge of illegal content, or
• immediate action is taken upon becoming aware of such content in order to remove it or block access to it.

There is no general obligation to proactively monitor all content. Nevertheless, SCANDIC FINANCE GROUP LIMITED carries out risk-oriented checks, particularly in areas with increased risk potential.

8.3 Terms and conditions and transparency (Article 14 of the Digital Services Act)

SCANDIC FINANCE GROUP LIMITED ensures that:

• the general terms and conditions of business and use are easily accessible for all platforms, are written in clear language and are available in at least German and English,
• they clearly describe:
  • what user behaviour is permitted,
  • what content is prohibited,
  • how content is moderated, blocked and deleted,
  • the criteria used to sort, rank or recommend content,
  • to what extent automated systems are used to detect, review or classify content.

Changes to these terms and conditions will be communicated transparently, including the date of entry into force and the essential changes.

8.4 Transparency reports (Article 15 of the Digital Services Act)

SCANDIC FINANCE GROUP LIMITED publishes transparency reports at least once a year, which include in particular:

• the number and types of requests from authorities to remove or block content and to provide information about users,
• statistics on illegal content reported by users,
• an overview of moderation measures taken,
• Information on automated moderation systems used
• Data on internal complaints and the results of complaint procedures,
• where possible, a breakdown by individual brands or platforms of the SCANDIC FINANCE GROUP LIMITED brand ecosystem.

The transparency reports are published and archived on the respective websites of SCANDIC FINANCE GROUP LIMITED.

9.1 Reporting illegal content (Notice-and-action procedure, Article 16 of the Digital Services Act)

SCANDIC FINANCE GROUP LIMITED shall set up user-friendly reporting channels on all relevant platforms through which users or third parties can report content that they consider to be illegal. This shall be done in particular by means of:

• clearly visible buttons for reporting directly on the content in question, and
• a central reporting option via:
  SCANDIC FINANCE GROUP LIMITED
  by Scandic Banking Hong Kong
  Room 10, Unit A, 7/F, Harbour Sky, 28 Sze Shan Street
  Yau Tong, Hong Kong, SAR / PRC
  Head office telephone number in Switzerland, Zurich: +41 44 7979 99 – 85
  Email: Office@ScandicFinance.Global

Where possible, a report should contain:

1. a comprehensible explanation of why the content in question is considered illegal
2. a clear indication of the location of the content, for example the exact Internet address (Uniform Resource Locator), the unique post ID or a comparable identifier,
3. the name and e-mail address of the person making the report, unless the offence is particularly serious, in which case anonymity is permitted,
4. a statement that all information provided is correct and complete to the best of your knowledge and belief.

SCANDIC FINANCE GROUP LIMITED:

• will review all reports promptly, carefully and objectively,
• documents the receipt, review and outcome of the report,
• makes a decision on removal, blocking, no action or further escalation to the authorities,
• informs the reporting person of the result of the review and the measures taken.

9.2 Justification of moderation decisions (Article 17 of the Digital Services Act)

When platforms of SCANDIC FINANCE GROUP LIMITED:

• remove content or reduce its visibility,
• suspend or terminate user accounts, or
• restrict monetisation features,

the affected users shall receive a reasoned notification. This notification shall include, in particular:

• the main reason for the decision, including reference to the relevant legal or contractual basis,
• information on whether and to what extent automated systems were used,
• information on available legal remedies, in particular the internal complaint system, the possibility of out-of-court dispute resolution, where applicable, and the right to take legal action.

9.3 Reporting serious crimes (Article 18 of the Digital Services Act)

If SCANDIC FINANCE GROUP LIMITED becomes aware that certain content indicates or is directly related to a serious crime, in particular if the life, limb or physical and mental integrity of persons is threatened (e.g. terrorism, sexual abuse of children, human trafficking, serious violence), this content will be:

• immediately secured and access to it restricted, and
• reported to the competent law enforcement authorities in compliance with data protection regulations.

9.4 Internal complaint management system (Article 20 of the Digital Services Act)

Users who are affected by a moderation decision by SCANDIC FINANCE GROUP LIMITED can lodge a complaint free of charge within six months of receiving the decision. This can be done via:

Complaints will be:

• processed promptly, carefully and without discrimination
• examined by trained staff who, where possible, are not the same people who made the original decision,
• concluded with a reasoned decision, which is communicated to the complainants in writing.

9.5 Out-of-court dispute resolution (Article 21 of the Digital Services Act)

If complainants disagree with the decision of the internal complaint system, they may contact an approved body for out-of-court dispute resolution within the meaning of the Digital Services Act. SCANDIC FINANCE GROUP LIMITED:

• informs affected users of this option in the complaint decision,
• cooperates with such bodies within the framework of the legal requirements,
• reserves the right to take legal action and is not bound by the results of out-of-court dispute resolution.

9.6 Trusted flaggers (“Trusted Flaggers”, Article 22 of the Digital Services Act)

Insofar as authorities or qualified entities of Member States are recognised as trusted flaggers and submit reports on illegal content on SCANDIC FINANCE GROUP LIMITED platforms:

• these reports will be given priority and expedited,
• internal labels and procedures will be established for these cases,
• close cooperation will be sought to ensure the effectiveness and quality of the reports.

9.7 Measures in the event of misuse (Article 23 of the Digital Services Act)

To prevent misuse of the services:

• users who repeatedly and to a significant extent provide obviously illegal content may be partially or completely excluded from certain services or functions for an appropriate period of time after prior warning,
• persons or entities that frequently submit obviously unfounded reports or complaints may be temporarily excluded from reporting or complaint functions after prior warning.

When making its decision, SCANDIC FINANCE GROUP LIMITED takes particular account of:

• the absolute and relative number of abusive content or reports,
• the severity of individual cases and possible effects on other users and on the integrity of the platform,
• identifiable motives (e.g. harassment, politically motivated reports of abuse).

10.1 Advertising transparency

On platforms of SCANDIC FINANCE GROUP LIMITED where advertising is displayed, it shall be ensured that:

• users can clearly recognise that it is advertising, for example through clear labels such as "advertisement", "advertising" or "sponsored",
• users can understand on whose behalf the advertising is being placed (advertiser or brand),
• the main reasons why a particular advertisement is being displayed are presented in a generally understandable form, insofar as this is permitted under data protection law.

SCANDIC FINANCE GROUP LIMITED also ensures that:

• no advertising is based exclusively on particularly sensitive personal data,
• no profiling-based advertising is specifically targeted at children, insofar as this would require personal data from minors.

10.2 Recommendation systems (Recommendation and ranking mechanisms)

Insofar as content or products are sorted, personalised or recommended by algorithms on SCANDIC FINANCE GROUP LIMITED platforms (e.g. feeds, product suggestions, news sequences), SCANDIC FINANCE GROUP LIMITED undertakes to:

• to explain the essential parameters and signals of these systems in the General Terms and Conditions of Business and Use,
• describe the criteria used to prioritise or hide content,
• (as far as technically feasible) provide options that allow users to choose less or no personalised display, especially if classification as a very large online platform under the Digital Services Act is being considered or has taken place.

Insofar as platforms of SCANDIC FINANCE GROUP LIMITED provide marketplace functions on which entrepreneurs can offer products or services, SCANDIC FINANCE GROUP LIMITED shall ensure that:

• the identity of the traders is collected before they start trading, in particular their name or company name, address, contact details, commercial register details and VAT identification number, if available,
• businesses submit a declaration confirming that they comply with the consumer and product protection regulations applicable to them,
• risk-based spot checks are carried out to verify the accuracy and timeliness of this information.

Consumers are informed whether they are entering into contracts with a business or a private individual and what role SCANDIC FINANCE GROUP LIMITED plays in the respective contractual relationship (platform operator or party to the contract).

12.1 Process for reporting illegal content

• Receipt of the report via the report button or email,
• Assignment of a case number and registration in the internal system,
• Formal and content review,
• Decision on removal, blocking, no action or escalation,
• Notification of the result to the reporting person and, where permissible, to the user concerned,
• Documentation for transparency reports and internal evaluations.

12.2 Internal complaint system process

• User receives moderation decision with reference to the possibility of appeal,
• Submission of the complaint within six months,
• Review by the internal persons responsible for the Digital Services Act,
• Renewed decision (confirmation or amendment of the original measure)
• Written notification to the user with reasons and information on further legal remedies, including out-of-court dispute resolution and court proceedings.

12.3 Process for dealing with abuse

• Identification of recurring patterns of abusive content or reports,
• warning to the user concerned,
• if the abusive behaviour continues: temporary restriction or blocking of corresponding functions or services,
• documentation of all measures and regular review of proportionality.

13.1 Data protection

The processing of personal data in connection with this policy (reports, complaints, contact with authorities, storage of moderation decisions) is carried out:

• on a clearly defined legal basis,
• in accordance with the principles of purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality,
• in compliance with the rights of the persons concerned (information, rectification, erasure, restriction of processing, objection, right to lodge a complaint with supervisory authorities).

The Data Protection Officer of the Special Administrative Region – People's Republic of China (Data Protection Officer of the SAR – PRC) monitors compliance with data protection regulations within the scope of this policy and works closely with the internal officers responsible for the Digital Services Act.

13.2 Information security

SCANDIC FINANCE GROUP LIMITED takes technical and organisational measures to:

• prevent unauthorised access to content and data,
• prevent accidental or unlawful deletion, loss, alteration or disclosure of data,
• ensure the availability of systems.

Information security incidents affecting content or data processed in connection with the Digital Services Act are handled and documented in accordance with internal emergency and response plans.

13.3 Know-your-customer processes and money laundering prevention

If reports, complaints or internal audits indicate fraud, money laundering, terrorist financing or other criminal activities:

• these indications shall be investigated in accordance with internal processes for identifying customers and preventing money laundering and terrorist financing,
• if there is sufficient suspicion, a report is made to the competent financial or law enforcement authorities,
• it is ensured that the reporting structures under the Digital Services Act are not used to circumvent or duplicate money laundering supervision, but are sensibly integrated with these processes.

• All relevant employees in the areas of platform operation, moderation, customer service, product development, information technology, compliance and legal will receive regular training on the content and application of this policy.
• Mandatory modules on the Digital Services Act and this policy will be included in induction programmes for new employees.
• Recurring random checks and audits verify:
  • the correct application of processes for reporting and handling illegal content,
  • the quality and completeness of transparency reports,
  • compliance with deadlines for reports, complaints and requests from authorities,
  • the appropriate use of automated systems.

Findings from training and checks are used to continuously improve processes, technical systems and this policy.

SCANDIC FINANCE GROUP LIMITED continuously monitors:

• legal developments relating to the Digital Services Act, including future guidelines, implementing acts and case law,
• national implementation regulations of Member States and other relevant legislative changes,
• technical developments and best practices in the field of digital services and platform governance.

This guideline will be:

• at least once a year and
• additionally on an ad hoc basis (e.g. in the event of new platform features, security incidents, regulatory proceedings or important court decisions)

and adjusted as necessary.

This policy shall enter into force upon resolution by the management of SCANDIC FINANCE GROUP LIMITED and shall be:

• binding for all digital services and platforms of SCANDIC FINANCE GROUP LIMITED,
• part of the corporate governance and compliance structure of SCANDIC FINANCE GROUP LIMITED,
• binding on employees within the scope of their employment contract obligations.