How the Group Processes Data
- The purposes of Processing of Data (Based on the Standard Purpose and the Types of personal data in Data Protection Law of the Republic of China as announced and amended from time to time by the supervisory authority):
001 Life and Health Insurance;
002 Personnel Administration (including but limited to new employee’s working experience and working performance, emergency contacts, employee welfare management, employee selection, information of current and previous employees, current job title, education background, test for dispatch of job position, learning and training, determination of salary , salary, attendance, employee welfare, deprivation of right, examination and inspection, or other measures taken for personnel administration);
007 Real Estate Management;
008 Enterprises Counseling;
014 Civil Servants Property-Declaration Administration, Conflict of Interest and Political Donation;
020 Management of Agents and Intermediaries;
022 Foreign- Exchange Regulation;
035 Deposit Insurance;
036 Borrower Account/Credit Facilities Administration;
037 Share and Stock-Holding Registration;
040 Marketing (including cross selling marketing);
044 Investment Management;
059 Processing of Data by Financial Service Industry Necessary for Compliance with Laws and Regulations and Order of Financial Supervisory Authority;
060 Resolve of Financial Dispute;
061 Financial supervising, management and inspection;
063 Data Processing by Non Government Agency Necessary for Compliance with a Legal Obligation;
065 Insurance Broker, Agency and notarization;
067 Credit Card, Debit Card Charge Card and Electronic Stored Value Cards Administration;
068 Trust Business and Management; 069 Processing of Data Necessary for the Performance of a Contract, in Order to Take Steps At the Request of the Data Subject Prior to Entering into a Contract or Other Legal Relationship;
071 Building Administration Urban Renewal and Public Housing Policy;
077 Real Estates Service;
082 Combined Borrower/Saver Account;
088 Borrower Account/Credit Facilities Administration;
090 Consumer, Customer Management and Service;
091 Consumers Protection;
093 Real Estate and Property Insurance;
094 Property Management;
098 Business and Technical Intelligence;
104 Accounts Management and Factoring transaction;
112 Cheque- exchange management;
113 Plead, Petition and Report to the Government Cases;
129 Accounting and Related Services;
136 Information and Data Bank Administration;
137 Information Security and Management;
148 Online Shopping and Other Electronic Transaction;
154 Private Investigation;
157 Research and Statistical Analysis;
160 Certificate Management;
166 Securities, Futures, Securities Investment Trust and Consulting Service;
177 Other Financial Management Service;
179 Other Financial Administration;
181 Other Corporation Registered- Items or Businesses Specified in the By-Laws of Associations and Foundations;
182 Other Consultancy and Advisory Services.
The Categories of the Processing Data (Based on the Standard Purpose and the Types of personal data in Data Protection Law of the Republic of China as announced and amended from time to time by the supervisory authority):
- Types for identifying: C001 Type for identifying individuals; C002 Type for identifying finance; C003 Type for identifying in government data.
- Types of characteristic: C011 Individual description; C012 Physical description; C013 Habit; C014 Characteristic.
- Family: C021 Family; C022 History of marriage; C023 Details about other family member; C024 Other social relations.
- Social Conditions: C031 Residence and facilities; C032 Properties; C033 immigration; C034 Travel and other migration; C035 Recreational activities and interests; C036 Life styles; C037 Membership of charities or other associations; C038 Occupation; C039 Licences or other permissions; C040 Accidents or other mishaps and relevant situation; C041 Courts, the Public Prosecutor's Office or other related departments and procedures.
- Education, technique or other profession: C051 Schools record; C052 Qualification or technique; C053 Membership of occupation Associations; C054 Occupation expertise
- Employment: C061 Current status of employment; C062 Employment experiences; C063 Quit; C064 Working experiences; C065 Working record; C066 Record of health and safety; C067 Membership of the labor union and prerequisite for it's employees; C068 Salaries and the amount to be deducted.
- Details concerning finance: C081 Earning, income, property and investment; C082 Liabilities and expenditure; C083 Ratings of credit; C084 Loans; C085 Record of exchanges; C086 credit of note; C087 Subsidies, welfares, donations; C088 Details concerning insurance; C089 Pension grants and citizens' yearly- grants; C091 Goods or services obtained by data subject; C092 Goods or services provided by data subject; C093 Financial deals; C094 Compensation.
- Business information: C101 Data subject's business activities; C102 Agreement or contract; C103 Licence relating to business.
- Health and other: C111 Record of health; C114 Final verdict and administrative finding concerning traffic violation; C115 Other verdicts and administrative findings; C116 Data relating to suspect of criminal offence; C118 Member of political group; C119 member or supporter of interest groups or other organizations.
- Other kinds of data and information: C131 Research of paper documents; C132 Data unclassified.（For More Information, Please Refer toSchedule 1）
- Except that Processing of Data is necessary for compliance with related laws and regulations, you has given explicit consent to the Group or third parties Processing Data on behalf of the Group, the Group will not disclose your Data to any other third parties.
- The Group, the affiliated companies and subsidiaries of the Group overseas, the correspondent banks, Joint Credit Information Center, the Taiwan Clearing House, Financial Information Service Corporation, credit guarantee institutes, National Credit Card Center of R.O.C, credit card international organization, cards accepting banks, corporation or institutes process Data on behalf of the Group, Taiwan Stock Exchange Corporation, Taiwan Futures Exchange, Taiwan's GreTai Securities Market, Taiwan Depository and Clearing Corporation, business association, Corporations issuing stocks, leasing and settlement banks, Taiwan Integrated Shareholder Service Company and other government authorized institutes in charge of securities affairs and other supervisory authority in charge of subject industry, International Data recipients which locates in the territory not limited by the supervisory authority in charge of subject industry, the companies or institutes with whom the Group cross marketing and selling, the companies or institutes which the Group has business relationship and agencies and financial supervisory authorities investigating powers entitled by related laws and regulations.
- Any request to reply to the inquiry, offer for a review or provide duplications on the Data collected, provided that the Group may charge a fee to those who makes above request.
- Any request to supplement or correct the Data, provided that you shall make proper interpretation to the Group.
- Any request to discontinue Processing of your Data, and any request to delete your Data.
- Request to restriction of processing.
- Right to data portability.
- Right to object automated individual decision-making.
- Right to object to processing of Data for direct marketing purposes.
The Period, Territory, Recipients and Operations of Processing of Data:
For a period which does not exceed the period necessary for the performance of the purpose of Processing of Data, for the fulfillment of an official duty and for compliance with related laws and regulations (such as Money Laundering Control Act or Business Entity Accounting Act).
The Republic of China, where affiliated companies and subsidiaries of the Group and where the correspondent banks are located, where Data transmits to other countries not limited by the supervisory government authority in charge of subject industry, where third parties Processing Data on behalf of the Group and where business offices of the companies or institutes are located which the Group has business relationship with.
Automated Processing of Data, or non-automated Processing of Data, including but not limited to Data transmission in writing, electronic transmission or international transmission.
In accordance with the Data Protection Act and related laws and regulations, you may exercise your right concerning your Data as below by notification to the Group by means of e-mail or phone （e-mail:email@example.com；phone:(02)2763- 8800）:
However, the Group may not perform your request if it is necessary for the performance of an official duty or fulfillment of a legal obligation.
The influence on your rights and interests if you choose not to provide your Data: Please kindly be reminded that you are freely to determine whether to provide your Data or not. If you decline to provide your Data, the Group will not be able to proceed requisite examination, Process your Data and reply your request. Therefore, the Group will not be able to provide our service.
The Group implements adequate measures to protect your Data, including but not limited measures as below:
- The Group implements access control to your Data. Only authorized personnel is able to access and Process your Data in a way not excessive in relation to the purposes for which your Data are collected for the avoidance of unlawful disclosure of your Data. All authorized personnel has duly signed the non-disclosure agreement and any breach of data protection obligation shall be subject to disciplinary action or legal consequences.
- The Group implements Secure Socket Layer (SSL) information security protocol to elevate the level of Data transmitting security.
- The Group implements firewall and unauthorized detection and shield system to safeguard our servers and other information storage devices to prevent unauthorized access.
- The Group implements physical safety measures, such as entrance control, deployment of security guard, security guard control system and back- up storage system, to keep your Data safe in emergencies or disasters. In the event of outsourcing, the Group requests and takes appropriate measures to ensure service providers fulfill the data protection requirements.
- The Group implements Data collection, processing and use management procedures to comply with relevant laws and regulations. The Group only uses the Data within the purposes as stated in the “How the Group Processes Data” under this policy in an adequate, relevant and moderate manner and limited to what is necessary related to such purposes while keeping the Data accurate and updated.
When you are using your certificates, password or any Data, please be reminded that (Self-Precautions):
Although the Group implements adequate measures to protect your Data, your attention and cooperation is also required.
- When you use your certificates, enter password or use any Data, please avoid disclosing or sharing your Data. You should keep your certificates, password and Data in a safe condition to prevent disclosing your Data to others.
- When you log in any services on website of the Group, please remember to log out after using our services.
- When you use someone’s or public computers, please configure your browser by setting the privacy status to “high” to disable cookies or other recording functions of browsers to prevent disclosing your Data.
- Please refrain from providing sensitive information such as medical, genetic, sex life, health examination and prior criminal record.
- Please refrain from providing threatening, obscene, pornographic information or any information destroying the public order and customs.
- Please refrain from providing other’s information without his freely given consent.
- Except otherwise permitted by relevant laws and regulations and (or) requested by the Group, please refrain from providing any information, such as ID, financial information or password number, to us to prevent disclosing your Data or incur any fraudulent conduct.
Marketing Information and Cross Selling
Except that Processing of Data is necessary for compliance with related laws and regulations, Processing of Data is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract or other Legal contractual relationship or you has given explicit consent to the Group, the Group will not send any marketing information to you. You may give notification to the Group by means of e-mail or phone（e-mail:firstname.lastname@example.org；phone:(02)2763- 8800）at any time whenever you determine not to receive any marketing information from the Group.
The Group will no longer send any relevant messages or materials to you and stop using your Data for marketing purpose after receiving aforesaid notification.