China Gas Holdings Limited

(the “Company”)

Privacy Policy

In order to comply with applicable laws and regulations and secure protection of customer information, the Company and its entities that adopt the management and control system of the Company (the “China Gas Group” or the “Group”) have formulated this Privacy Policy (the “Policy”).

1. Customer Information

Personal information to be provided to the Group by customers for opening or maintaining a gas account, and for the Group in providing other relevant facilities and services, such as: customers' names, addresses, ID card numbers, telephone numbers, account numbers, transaction information, information about gas consumption and bills, and other data required for the service of the Group.

2. Possible Use of Customer Information

Possible use of customer information are as follows:

2.1. for running daily services of the Group and dealing with applications related to products, facilities, and services of the Group.

2.2. for opening and maintaining customers' gas accounts.

2.3. for providing after-sales and maintenance service.

2.4. for conducting survey on customers, products, facilities and services.

2.5. for handling complaint and inquiry from customers.

2.6. for calculating outstanding payment the Group owed customers, or vice versa and collecting outstanding amount.

2.7. for any staff of China Gas Group to disclose the information as required by any applicable laws, regulations, codes, or guidelines.

2.8. any matter directly related to the above.

3. How the Group Protects Customers' Personal Information

3.1. The Group has adopted reasonable and feasible protection measures which meet the industry standards, to secure protection of customers' personal information, and is prevented from unauthorized access, public disclosure, use, modification, destruction or loss.

3.2. The Group shall use encryption technology to enhance safety of personal information; use reliable protection system to protect personal information from

malicious attack, use security fortress platform to protect the system, deploy access control mechanism and make sure personal information can only be accessed by authorized persons.

3.3. The Group shall endeavor to secure the protection of any materials provided by the customers. If the materials are accessed without authorization, tampered, or destroyed because of technical, management or maintenance issues of the Group and cause harm to the customers' legal rights, the Group shall bear corresponding legal liabilities.

3.4. In the event of a personal information security incident, the Group shall inform the customers in accordance with the requirements of laws and regulations: the basic situation and possible impact of security incident, the handling measures has been taken or will be taken by the Group, suggestions to customers to safeguard against and reduce risks and remedial measures for customers. The Group will inform customers of the incident by way of email, telephone, etc. In case it is impracticable to inform the data subjects one by one, the Group will take reasonable and effective means to publish announcements. At the same time, the Group will also report the handling of personal information security incidents in accordance with the requirements of the regulatory authorities.

4. Inspection and Correction of Personal Information

Customers have the rights to:

4.1. inquire whether their personal information is held by the Group; and

4.2. correct any inaccurate information.

5. How the Group Transfers and Discloses Customers' Personal Information

5.1. Transfer

The Group will not transfer the customers' personal information to any company, organization or individual except in the following cases:

5.1.1 transfer with clear consent: after getting the customers' clear consent, the Group may transfer the customers' information to other parties.

5.1.2 any member of the Group, according to laws, regulations, codes or guidance that is applicable, is responsible or expected to disclose the information.

5.2 Use and Disclosure

The Group will use and disclose the customers' personal information only under following circumstances:

5.2.1. The Group may use and disclose the customers' personal information with their clear consent or based on their own choice;

5.2.2. If the Group has confirmed that the customers violated the law and regulations or the provisions of this privacy policy, or in order to protect the personal and property security of any Group members or the public, the Group may disclose the customers' personal information, including any non-compliance behaviors involved and the measures that China Gas Group has taken against the customers with the customers' consent as per laws and regulations or the provisions of this privacy policy.

6. Exemption for Transferring and Disclosing Personal Information with Prior Authorized Consent

In the following situations, the transfer and disclosure of the customer’s personal data does not require the prior consent of the customer:

6.1. situations related to national security and national defense security.

6.2. situations related to criminal investigation, prosecution, trial and judgment execution.

6.3. situations related to public safety, public health, and major public interests.

6.4. situations in which it is necessary to protect customers' and other people's life, property and other material legal interests, but it is difficult to obtain consent of the disclosed data subject.

6.5. personal information that the customers voluntarily to the public.

7. Date of Adoption

This policy was issued for implementation in June 2020, and will be updated in due course.