China Development Financial Holding Corporation and its Subsidiaries Personal Data Management Policy and Personal Data Notification Statement

To our beloved clients:

In order to protect your rights, China Development Financial Holdings Co., Ltd. and its subsidiaries "China Life Insurance Co., Ltd.", "KGI Bank Co., Ltd.", "KGI Securities Co., Ltd.", "KGI Futures Co., Ltd." Co., Ltd., "KGI Securities Investment Trust Co., Ltd.", "KGI Securities Investment Consulting Co., Ltd.", "KGI Insurance Brokers Co., Ltd.", "CDC Finance and Leasing Corp." and the new domestic subsidiaries (hereinafter collectively referred to as the Group) that should be publicly announced on this website due to organizational changes in the future will provide you with diversified services through customer service centers, commodity consulting services, website activities, online applications (services), contact mailboxes on the Group's website, and/or through the use of cookies or other similar technologies, collect, process, use and internationally transfer your personal data in accordance with the law.

In order to protect your rights and interests, please read the following statements carefully before saving or logging in your personal information or using this website. If you continue to use this website or complete and submit your personal information, you will be deemed to have fully understood and agreed to the following statements. In accordance with Article 8 of the Personal Data Protection Act, the Group would like to inform you of the following matters:

  1. The Group's personal data management and protection policies are as follows:
  2. The purpose of the Group's collection, processing, utilization and international transmission of your personal data, the types of personal data and the period, region, object and method of personal data utilization are as follows:
    1. Purposes of collecting, processing, utilizing and transferring your personal data internationally: consumer protection; marketing (including cross-selling); promotion of cross-industry cooperation; enhancement of customer convenience; collection, processing and utilization of financial service industry laws and regulations and financial supervision needs; financial dispute resolution; consumer and customer management and services; advertising or business conduct management; investigation, statistics and research analysis; risk identification; strengthen risk control; the Group's provisional management; other financial management business; other business operations in compliance with the business registration items or the articles of association; other consulting and advisory services.

    2. Types of personal data: Including but not limited to your basic information (for example: name, ID number, passport number, residence permit, date of birth, domicile/residence/work/email address, contact information, marriage, family, education, occupation, financial situation, transaction information and other related information (including accounting, credit, investment, insurance, etc.), audio, video files, mobile and network media device location information (such as mobile device ID, mobile device location , social network information, Internet Protocol (IP) address, internet browsing trajectories inside and outside the site, cookies, etc.) and other information that can directly or indirectly identify an individual contained in various business applications or contracts .

    3. The period of use: necessary for the execution of the business (the duration of the specific purpose), and the retention period of the data according to the relevant laws and regulations (such as the money laundering prevention law, the commercial accounting law, etc.) and the retention period necessary for the Group to carry out the business or the retention period determined by the individual contract for the retention of data, whichever comes later shall prevail.

    4. Objects of Use:
      • 4.1.The Group and the overseas branches of the Group
      • 4.2.Institutions related to the Group's business including suppliers (such as: correspondent bank, Joint Credit Information Center, National Credit Card Center of ROC, Taiwan Clearing House, TWSE, Taiwan Futures Exchange, Taipei Exchange, TDCC, Taiwan Integrated Shareholder Service Company, Financial Information Service Co., LTD., credit guarantee institutions, trade associations, stock issue companies, delivery banks, credit card international organizations, other relevant institutions authorized by law to handle stock business affairs, acquirers and special stores, EasyCard Co., Ltd., iPass Corporation, Taiwan Insurance Institute, Taiwan Insurance Guaranty Fund, Financial Ombudsman Institution, institutions or consultants that have contractual relationships or business transactions with the Group due to business needs (such as lawyers, related cooperative manufacturers or partners who are outsourced), and other target businesses designated by the competent authority, including business operations, supervision and inspection, issuance, trading, credit investigation, trading, delivery, and stock affairs, and other related organizations, recipients of international transfers of personal data that are not restricted by the central target business authority, companies that jointly market or interactively use customer information of the Group, units that cooperate in the promotion of the Group, outsourced business agencies, and third parties suppliers, companies that have reinsurance business with the company, etc.),
      • 4.3.Financial supervisory authority, judicial, taxation or authority with investigation power according to law, or dispute resolution and credit reporting agencies.
      • 4.4.The object of the customer's consent (such as the company that the Group co-sells or mutually uses customer information, and the company that cooperates with the Group to promote business, etc.).
    5. Region of use: The region of use of the personal data you have logged in and retained is the location of the aforementioned object of use, including Taiwan (including Taiwan, Kinmen, Penghu, and Matsu regions), the location of the Group’s overseas offices, the location of the correspondent bank, the location of the outsourced business organization, the location of the operation office of the cooperating businesses, etc.
    6. Method of utilization: Processing and utilization by automated machines or other non-automated use methods in compliance with relevant laws and regulations on personal data protection, including but not limited to written, electronic or international transmission.
  3. In accordance with Article 3 of the Personal Data Protection Act, you may request to exercise the following rights to the contact information (e-mail: ir@cdibh.com; telephone: (02)2763-8800) provided to the Group with your personal data held by the Group:
  1. Based on specific legitimate purposes, the Group collects and processes personal data within the necessary scope.
  2. Collect the minimum and necessary personal data for legitimate specific purposes, and do not process personal data excessively.
  3. The parties will be clearly informed about the period, objects, regions and methods of using their personal data.
  4. Unless otherwise stated by law, the collection, processing or use of children's personal data by the Group shall be subject to special protection.
  5. Based on the principles of fairness and lawfulness, only relevant and appropriate personal data will be processed.
  6. Manage a list of personal data held.
  7. Maintaining the accuracy of personal data, and make corrections or supplements voluntarily at the request of the parties.
  8. The collected personal data will be stored in accordance with the law or for specific legal purposes.
  9. Respect the rights that the parties can exercise over their personal data, and shall not abandon or restrict them in advance, including inquiries, requests for viewing or making copies, requests for supplements or corrections, requests for cessation of collection, processing or utilization, and requests for deletion, etc.
  10. Appropriate controls should be in place to ensure the security of personal data.
  11. International transfers of personal data shall be conducted in accordance with relevant laws and regulations, and only under conditions of adequate and sufficient protection.
  12. Appropriateness and legality should be ensured when personal data is used in the exceptions permitted under the Personal Data Protection Act.
  13. Establish and continuously maintain a personal data management system to implement the requirements of personal data protection.
  14. Identify internal and external stakeholders and the extent to which they participate in the governance and operation of the personal data management system.
  15. The responsibilities and obligations of employees are clearly defined in the operation of the personal data management system.
  16. The Group shall properly keep records of the collection, processing or utilization of personal data.
  17. The disclosure of personal data to third parties shall comply with the requirements of relevant laws and regulations. If the Group entrusts others to collect, process or utilize personal data, it shall supervise the entrusted person appropriately to meet the requirements of the Group's personal data management.
  • Inquire or request to view.
  • Request to make copies.
  • Request supplements or corrections (provided that you should provide appropriate explanations according to the law).
  • Request to stop collecting, processing and using.
  • Request to delete.
  • Request processing limit.
  • Request data portability.
  • Reject automated profiling.
  • Object to the processing of personal data for direct marketing purposes.

While exercising the above rights, the Group may charge the necessary costs and fees according to Article 14 of the Personal Data Protection Act. If the process does not comply with the application procedures, the Group is legally obliged to save or otherwise stipulated by the law, it may not be able to handle your request. You are free to choose whether to provide relevant personal information and categories. However, if the personal information and categories you refuse to provide are required for business review or operation, the Group may not be able to perform necessary operations and provide you with relevant services, or unable to provide better services.

The Group will collect, process, utilize and transfer your personal data internationally in accordance with the content of this notification in the future; When collecting, processing, utilizing and transferring your personal data within the scope of this notification, the Group will not notify you repeatedly.

In order to protect your rights and interests, please read the above notices in detail. However, in response to the changes in the social environment, laws, and the technological advancements, in order to protect the rights of customers' personal data, the Group reserves the right to revise this announcement statement at any time. It will be updated on the website and announced to clients as soon as possible.