How the Group Processes Data
- The purposes of processing of Data:
marketing (including cross-selling); investment management; property management; promotion of cross-industry cooperation; customer management and services; business conduct management; investigation, statistics and research analysis; risk identification; strengthening risk control; the Group's provisional management; other financial management business; personnel management; other business operations in compliance with the business registration items or the articles of association; other consulting and advisory services.
- The Categories of the Processing Data:
including but not limited to your basic information (for example: name, ID number, passport number, residence permit, date of birth, domicile/residence/work/email address, contact information, marriage, family, education, occupation, financial situation, transaction information and other related information (accounting, credit, investment, insurance, etc.), audio, video files, mobile and network media device location information (such as mobile device ID, mobile device location , social network information, Internet Protocol (IP) address, internet browsing trajectories inside and outside the site, cookies, etc.) and other information that an individual can be identified from contained in various business applications or contracts.
The period does not exceed the duration for the specific purpose of Data collection, the period for record keeping in accordance with related laws and regulations (such as Money Laundering Control Act or Business Entity Accounting Act) and the period for the Data to be necessarily retained for performing the Group’s business, which is longer.
- The Group and the overseas branches/offices of the Group.
- Institutions related to the Group's business (such as correspondent bank, Joint Credit Information Center, National Credit Card Center of ROC, Taiwan Clearing House, TWSE, Taiwan Futures Exchange, Taipei Exchange, TDCC, Taiwan Integrated Shareholder Service Company, Financial Information Service Co., LTD., credit guarantee institutions, trade associations, stock issue companies, delivery banks, credit card international organizations, other relevant institutions authorized by laws to handle stock business affairs, acquirers and special stores, institutions or consultants that have contractual relationships or business transactions with the Group due to business needs (such as lawyers, cooperated or outsourced suppliers or partners), and other relatedInstitutions designated by the competent authorities for each industry concerned , including business operations, supervision and inspection, issuance, trading, credit investigation, trading, delivery, and stock affairs, and other recipients of cross-border transfers of personal data that are not restricted by the central competent authorities , companies of the Group that co-market or interactively use customer information, units that cooperate with the Group in the promotion activities, outsourcing agencies, and third-party suppliers.).
- Financial supervisory authorities, judicial authorities, taxation authorities or authorities with investigation power by laws, or dispute resolution and credit reporting agencies.
- The objects consented by the customers (such as the companies that co-market or interactively uses customer information, and the companies that cooperates with the Group to promote business).
The regions of using the Data you have logged in and retained is where the aforementioned recipients are located in, including Taiwan (including Taiwan, Kinmen, Penghu, and Matsu regions), the location of the Group’s overseas branches/offices, the location of the Group’s principal or correspondent banks, the location of the Group’s outsourcing agencies, the location of the operation offices of the companies dealing with the Group.
Processing and utilization by automated equipment or other non-automated methods in compliance with relevant laws and regulations on personal data protection, including but not limited to written, electronic or cross-border transmission.
In accordance with Article 3 of the Personal Data Protection Act, you may request to exercise the following rights via the contact information (e-mail: firstname.lastname@example.org; telephone: (02)2763-8800) with regard to your Data held by the Group:
- Inquire or request to view;
- Request to make copies;
- Request supplements or corrections (provided that you should provide appropriate explanations by laws);
- Request to stop collecting, processing and using;
- Request to delete;
- Request limited processing;
- Request data portability;
- Reject automated profiling; and
- Object to the processing of personal data for direct marketing purposes.
The Group implements adequate measures to protect your Data, including but not limited measures as below:
- The Group implements access control to your Data. Only authorized personnel is able to access and process your Data in a way not excessive in relation to the purposes for which your Data are collected for the avoidance of unlawful disclosure of your Data. All authorized personnel has data protection obligations and will be punished for any breach.
- The Group implements Secure Socket Layer (SSL) information security protocol to elevate the level of Data transmitting security and further uses 256-byte and above or other same level encryption technologies to protect your Data.
- The Group sets up the firewall, unauthorized detection and shield system and anti-virus aided mechanisms to safeguard our servers and other information storage devices to prevent unauthorized access.
- The Group implements physical safety measures, such as entrance control, deployment of security guard, security guard control system and back- up storage system, to keep your Data safe in emergencies or disasters.
- In the event of outsourcing, the Group requests and takes necessary inspection measures to ensure service providers fulfill the data protection requirements. If there is a need to provide your Data to a third party, it should meet the following circumstances or other laws and regulations:
- Your consent is obtained by laws.
- A request is made by judicial units or other competent authorities through legal and formal procedures.
- A cross-border transmission is permitted by laws.
- The Group implements the Data collection, processing and use management procedures to comply with relevant laws and regulations and relevant exemptions. The Group only uses the Data within the purposes as stated in the “How the Group Processes Data” under this policy in an adequate, relevant and moderate manner and limited to what is necessary related to such purposes while keeping the Data accurate and updated.
When you are using your certificates, password or any Data, please be reminded that (Self-Precautions):
Although the Group implements adequate measures to protect your Data, your attention and cooperation is also required.
- When you use your certificates, enter password or use any Data, please avoid disclosing or sharing your Data to others. You should keep your certificates, password and Data in a safe condition to prevent disclosing your Data to others.
- When you log in any services on website of the Group, please remember to log out after using our services. When you use someone’s or public computers, please configure your browser by setting the privacy status to “high” to disable cookies or other recording functions of browsers to prevent disclosing your Data.
- Please install anti-virus software or other internet protection software, and periodically update the virus patterns and program versions to reduce the risks of virus infection or installing Trojan Horse or robot programs to lead the disclosure of your Data.
When you provide your Data to the Group, please be reminded that:
- Unless otherwise stipulated in the laws and regulations, contracts or with your written consent, please do not provide any special (sensitive) personal information such as medical records, genetics information, information regarding sexual life, health examination and criminal record.
- Please refrain from providing threatening, obscene, pornographic information or any information destroying the public order and customs.
- Please refrain from providing other’s information without his freely given consent.
- Except otherwise permitted by relevant laws and regulations and (or) requested by the Group, please refrain from providing any information, such as ID, financial information or password number, to us to prevent disclosing your Data or incur any fraudulent conduct.
The web server of the Group can only read the activity records on this website in cookies, but cannot read your activity records on other websites. You can disable cookies by configuring your browser by setting the privacy status to “high”; however you might not be able to use part of the services on the website of the Group.
Marketing Information and Cross Selling
Only for the extent permitted by laws and regulations, the relationship between you and the Group (contracts or legal contractual relationships) or your explicit consents, the Group will send the marketing information suitable to your needs to you to provide more diversified and comprehensive services and business to you.
You may give notification to the Group by means of e-mail or phone（e-mail: email@example.com；phone:(02)2763- 8800）at any time whenever you determine not to receive any marketing information from the Group.
The Group will no longer send any relevant messages or materials to you and stop using your Data for marketing purpose after receiving aforesaid notification.