Privacy Policy

Your Privacy Is Important to Samuel Sekuritas Indonesia
In the course of serving you as an individual client or as someone associated with a corporate or institutional client, PT Samuel Sekuritas Indonesia Tbk. (SSI) or its affiliates may obtain personal information about you. Obtaining this information is important to our ability to deliver the highest level of service to you, but we also recognize that you expect us to treat this information appropriately.
This policy describes the types of personal information we may collect about you, the purposes for which we use the information, the circumstances in which we may share the information and the steps that we take to safeguard the information to protect your privacy. As used throughout this policy, the term ‘SSI’ refers to PT. Samuel Sekuritas Indonesia Tbk. and its subsidiaries or affiliates.

The Sources of Information
The personal information we collect about you comes primarily from the account applications or other forms and materials you submit to SSI during the course of your relationship with us. We may also collect information about your transactions and experiences with SSI relating to the products and services SSI provides. In addition, depending on the products or services you require, SSI may obtain additional information about you, such as your credit history, from consumer reporting agencies.
Finally, in the provision of financial services to you and subject to strict compliance with all applicable laws and regulations, information may be collected about you indirectly from monitoring or other means (e.g. recording of telephone calls and monitoring e-mails). In these circumstances, the information is not accessed on a continuous or routine basis, but it may be used for compliance or security purposes.

The Information We Have about You
If you deal with SSI in your individual capacity (e.g. as a private client), or as a settlor/trustee/beneficiary of a trust, or as an owner or principal of a company or other investment vehicle established to invest on your behalf or on behalf of your family, etc., the typical information we collect about you would include:

• Your name, address and other contact details;
• Your age, occupation and marital status;
• Extensive financial information, including source of wealth, investment experience and objectives, risk tolerance and, in certain jurisdictions, representations required under applicable law or regulation concerning your financial resources;
• A head and shoulders photograph from, as applicable, your passport, national identity card or driver’s license, as required by laws and regulations addressing due diligence and related matters; and
• A personal identifier such as, depending on your country of residence, your Social Security Number, National Insurance Number, Tax File Number, etc.

If you are an employee/officer/director/principal, etc. of one of our corporate or institutional clients, the typical information we collect about you personally would include:

• Your name and contact details;
• Your role/position/title and area of responsibility; and
• Certain identifying information (e.g. passport photo, etc.) as required by laws and regulations addressing money laundering and related matters.

Of course, you are not required to supply any of the personal information that we may request. However, failure to do so may result in our being unable to open or maintain your account or to provide services to you. While we make every effort to ensure that all information we hold about you is accurate, complete and up to date, you can help us considerably in this regard by promptly notifying us if there are any changes to your personal information.

Our Use of Your Personal Information
We may use your personal information to:

• Administer, operate, facilitate and manage your relationship and/or account with SSI. This may include sharing such information internally as well as disclosing it to third parties, as described in the following two sections, respectively;
• Contact you or, if applicable, your designated representative(s) by post, telephone, electronic mail, facsimile, etc., in connection with your relationship and/or account;
• Provide you with information (such as investment research), recommendations, or advice concerning products and services offered by SSI; and
• Facilitate our internal business operations, including assessing and managing risk and fulfilling our legal and regulatory requirements.

If your relationship with SSI ends, SSI will continue to treat your personal information, to the extent we retain it, as described in this policy.

Disclosures of Your Personal Information within SSI
In order to provide efficient and reliable services and to improve product and service options available to you, more than one entity within SSI may be given, or given access to, your personal information. For example, one SSI entity might share your information with another in order to facilitate settlement of your transactions or the maintenance of your accounts, or as part of its arranging for the performance of specialized services such as US and international brokerage, asset management and advisory and trust services. When so sharing your personal information, we adhere to applicable legal and industry standards regarding the protection of personal information. Additional information on how your personal information is protected while within SSI is provided below, under Information Security: How We Protect Your Privacy.

Disclosures of Your Personal Information to Third Parties
SSI does not disclose your personal information to third parties, except as described in this policy. Third party disclosures may include sharing such information with non-affiliated companies that perform support services for your account or facilitate your transactions with SSI, including those that provide professional, legal or accounting advice to SSI. Non-affiliated companies that assist SSI in providing services to you are required to maintain the confidentiality of such information to the extent they receive it and to use your personal information only in the course of providing such services and only for the purposes that SSI dictates.
We may also disclose your personal information to fulfill your instructions, to protect our rights and interests and those of our business partners or pursuant to your express consent. Finally, under limited circumstances, your personal information may be disclosed to third parties as permitted by, or to comply with, applicable laws and regulations; for instance, when responding to a subpoena or similar legal process, to protect against fraud and to otherwise cooperate with law enforcement or regulatory authorities or with organizations such as exchanges and clearinghouses.
You should know that SSI will not sell your personal information.

Information Security: How We Protect Your Privacy
SSI is committed to protecting the privacy and confidentiality of your personal information. We limit access to your personal information to authorized SSI employees or agents and, as described above in Disclosures of Your Personal Information to Third Parties, our service providers are held to stringent standards of privacy. We also maintain physical, electronic and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure. Some of the other central features of our information security program are:

• A dedicated group ‘ the Information Security Department ‘ that designs, implements and provides oversight to our information security program;
• The use of specialized technology such as firewalls;
• Testing of the security and operability of products and services before they are introduced to the Internet, as well as ongoing scanning for publicly known vulnerabilities in the technology;
• Internal and external reviews of our Internet sites and services;
• Monitoring of our systems infrastructure to detect weaknesses and potential intrusions;
• Implementing controls to identify, authenticate and authorize access to various systems or sites;
• Protecting information during transmission through various means including, where appropriate, encryption; and
• Providing SSI personnel with relevant training and continually updating our security practices in light of new risks and developments in technology.

Privacy and the Internet
The following additional information will be of interest to you if you access SSI products or services through one or more SSI Web sites:

• ‘Cookies’ are small text files consisting of information stored by your Web browser. This information is used for administrative purposes and to improve your experience with our Web sites. For example, this information helps authenticate you (i.e. verify that you are who you say you are), an essential component of site security. Cookies also make it easier for you to navigate a SSI Web site by, among other things, ‘remembering’ your identity so that you do not have to input your password multiple times as you move between pages or services. You can set your Web browser to inform you when cookies are set, or to prevent cookies from being set. However, if you decline to use cookies, you may experience reduced functionality, and declining to use authentication related cookies will prevent you from using the Web site altogether.
• ‘Clickstream’ or similar data (e.g. information regarding which of our Web pages you access, the frequency of such access and your product and service preferences) may be collected and shared internally within SSI in order to assess the usage, value and performance of our online products and services and, if you are a SSI client, to suggest products or service offering that may be of interest to you.

Other Privacy Policies or Statements; Changes to Policy
This policy provides a general statement of the ways in which SSI protects your personal information. You may, however, in connection with specific products or services offered by SSI, be provided with privacy policies or statements that supplement this policy. This policy may be changed from time to time to reflect changes in our practices concerning the collection and use of personal information. The revised policy will be effective immediately upon posting to our Web site. This version of the Policy is effective May 1, 2009.
You are entitled to access any personal data about you held by SSI by sending a written request to the applicable individual identified below. You may be required to supply a valid means of identification as a security precaution to assist us in preventing the unauthorized disclosure of your personal information. We will process your request within the time provided by applicable law. You are also entitled to have SSI modify or delete any information that you believe is incorrect or out of date.
SSI may occasionally contact you by post, telephone, electronic mail, facsimile, etc., with details of products and services that we believe may be of interest to you. If you do not wish to be contacted in this way, if you wish to exercise your rights of correction and access, or if you require further information regarding our privacy policies and practices in the above-referenced regions, please contact:

Beware Fraudulent E-Mails and Web Sites
‘Phishing’ is a rampant Internet scam that relies on ‘spoofed’ e-mails, purportedly from well known firms, to lure individuals to fraudulent Web sites that look and feel like the well known firm’s Web site. At such Web sites, victims are asked to provide personal information about themselves, such as their name, address and credit card number. These fraudulent e-mails and Web sites may also try to install malicious software on your computer that monitors your activities and sends sensitive personal information (your passwords, for example) to a remote location. With that information, criminals can commit identity theft, credit card fraud and other crimes.
You can protect yourself by following these best practices when using the Internet:

• Be aware that e-mail is insecure and easy to forge. E-mail that appears to be from a friend or company you do business with may be fraudulent and designed to trick you into providing personal information about yourself or installing dangerous software.
• Do not respond to e-mails or pop-up messages that solicit your personal information: name, address, Social Security number, etc.
• Only access trusted Web sites that you found other than by clicking on a Web site address in an e-mail and then added to your browser’s bookmarks. Otherwise, manually type the address into your browser and then bookmark it. When you receive an e-mail, rather than clicking on a Web site address in the e-mail, which can bring you to a fraudulent site, use the bookmark to access that site. Please view this list of valid SSI URLs.

If you receive an e-mail from SSI you are uncertain about, or which you believe to be fraudulent, please forward it to abuse@samuel.co.id. SSI will investigate the e-mail and respond back to you. If you are a client of the firm, please notify your sales representative or investment professional, as well.

Personal Computer Security Tips
No security practice is foolproof. You can, however, help protect yourself by following these best practices to secure your personal computer:

• Install antivirus and anti-spyware software on your computer and make sure it is up to date with the most recent virus/spyware signatures.
• Make sure your computer is up to date with the most recent software patches. Patches are software updates that often address software vulnerabilities that phishing scams and viruses exploit.
• Install a firewall between your computer and the Internet. A firewall is software or hardware that acts as a buffer between your computer and the Internet that limits access to your computer and blocks communications from unauthorized sources.

Please contact the manufacturer of your computer for additional information and recommendations.

Glossary of Terms

• Phishing: Phishing attacks use ‘spoofed’ e-mails and fraudulent Web sites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, Social Security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.
• Firewall: A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
• Patch: Also called a service patch, a fix to a program bug. A patch is an actual piece of object code that is inserted into (patched into) an executable program. Patches typically are available as downloads over the Internet.
• Computer Virus: A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.
• Antivirus Software: A utility that searches a hard disk for viruses and removes any that are found. Most antivirus programs include an auto-update feature that enables the program to download profiles of new viruses so that it can check for the new viruses as soon as they are discovered.
• URL: Abbreviation of Uniform Resource Locator, the global address of documents and other resources on the World Wide Web.
• Spoof: To fool. In networking, the term is used to describe a variety of ways in which hardware and software can be fooled. IP spoofing, for example, involves trickery that makes a message appear as if it came from an authorized IP address (the numerical identifier for a computer).