永豐金控

1. Protection of Customer Information

   The collection, processing, use and protection of customers' personal data on SinoPac Financial Holdings Company Limited ("SinoPac FHC") and its affiliated companies (hereinafter the "Group") are conducted in accordance with Personal Data Protection Act and the Guidelines for Data Sharing among Financial Institutions and other relevant laws and regulations, the Privacy Policy is formulated as follows. Unless otherwise stipulated by law or otherwise agreed between you and the Group, the contents of this Privacy Policy will be followed.

   To protect the privacy and integrity of customers' personal data, the Group strictly adheres to the related government regulations and information management principles by using the network firewall supported by an invasion detection system and the enterprise-wide anti-virus information protection system that prevents unlawful invasion and damage caused by malware.

2. The Scope of Privacy Policy

   This Privacy Policy applies to the overall operation of the Group, supply chain and business partners to abide by it. SinoPac FHC also requires all suppliers to abide its Privacy Policy to ensure that the privacy of the Group and individuals is not compromised.

3. Data Collection

   What data we collect

   • Online application & market research
     When you complete a form on our website, such as an application or survey, we may ask you to provide information, including name, ID number, phone number, email address, address, and other required information.
   • Website services
     When you apply to register an account for our website, we may ask you to provide information according to the nature of the service you are signing up for, including name, screen name, phone number, email address, address, and other required information.
   • Other data
     When you visit or make an inquiry on our website, the Group retains relevant data generated automatically by the server, including your IP address, device type, browser, visit duration, and activity. Unless we obtain your consent in advance, we cannot and will not match this data with your personal identity.
      
4. Commitment to Data Security Protection

   To prevent unauthorized access to your personal data, the Group has formulated a set of security control principles to ensure the correct and lawful use of your data. In order to implement the protection and management of personal data, the Group should set up a personal data protection management executive team. The executive team should be convened by a senior executive designated by the general manager. The executive team will regularly review and revise relevant regulations related to personal data protection, and according to the scale and characteristics of the business, consider the reasonable allocation of operating resources, and formulate an appropriate personal data security audit mechanism. The Group incorporates privacy rights and related mechanism into the processes of risk management, internal control, auditing, and conducts an inventory check at least once a year to confirm the current status of the personal data. The Group holds and defines the scope of privacy rights to ensure that personal data you provide online is used correctly and legally as well. The Group only allows authorized staff who have received customer information processing training courses to access the personal information of customers. All relevant personnel have signed confidentiality contracts. Those who violate the confidentiality obligations will be punished by relevant regulations. Staff who violate the privacy protection regulations will be punished in accordance with relevant regulations. If the customer's personal data is leaked, the Group will immediately follow the company's "Emergency Response Rules" and notify the relevant parties.

   The Group should comply with Implementation Rules of Internal Audit and Internal Control System of Financial Holding Companies and Banking Industries, and based on Paragraph 2, Article 28 of aforementioned Implementation Rules, the competent authority may request a banking business to provide the examination report of its personal data protection and AML/CFT mechanism issued by CPA.

5. Exercise of the Rights of the Parties

   In order to provide diversified and better financial products and services to customer, the Group will only send you wealth management and business promotion information that meets your needs after obtaining your consent according to contract or similar contract relationship as well as within the scope permitted by laws and regulations. You may also opt out of related marketing activities and other use of personal data. However, you may not be able to use some personalized services or activities and your participation in some activities may be restricted.

   Except as otherwise provided by laws and regulations, the Group will only collect and storage your personal data after your consent. you may request the followings regarding the collection, processing, use and storage of your personal data that collect via the Group's website:

   • Termination the previous consent regarding collection, processing, or use of your personal data.
   • Restrict processing or use methods (applicable to EU residents and EU residents who provide personal data from within the EU).
   • Query or review your personal data.
   • Make a copy, or transfer the personal data to a third party, supply chain or device as you specify (applicable to EU residents and EU residents who provide personal data from and within the EU).
   • Stop collecting, processing or using your personal data.
   • Delete your personal data.
   • Any request to supplement or correct the Data, provided that you shall make proper interpretation to the Group.

   The Group will decide whether to accept your application under the Personal Data Protection Act and relevant laws and regulations. Unless otherwise stipulated by laws and regulations, the Group will delete your data according to the internal rules of the Group or de-identify and retain your personal data subsequently in an untraceable way after the specific purpose of the collection is achieved or eliminated. The aforementioned trajectory data, relevant evidence and records shall be retained for at least five years, except for those otherwise stipulated by laws and regulations or otherwise stipulated in other contracts.

6. The Policy of Providing Personal Data to Third Parties

   The Group will never arbitrarily sell, exchange, rent or expose your personal data to other groups or individuals in different disguised ways. However, the Group will provide your personal data collected to a third party and require them to abide by the Group's privacy protection regulations under the following circumstances and in compliance with laws and regulations:

   • With your prior consent or authorization.
   • When require by judicial units, financial supervision authorities, or other competent authorities in legal and formal procedure.
   • To provide you with other services or preferential rights, if you need to share your data with a third party who provides you with the services or preferential rights, the Group will inform you and give a full illustration during the event. You can choose whether to accept the services or preferential rights or not.
   • When your activities on this website violate the terms of service on this website or may damage or hinder the Group's rights and interests or cause damages to any parties, the Group assesses that the disclosure of your personal data is for identifying, contacting or taking any legal actions.
   • Other situations stipulated by laws or regulations.
      
7. Use of Cookie Technology

   A cookie is a small piece of text data which is transmitted from a web server to a customer's browser and stored in the hard drive of the customer's computer. The purpose of using cookies is to store the activities conducted or text data input by customers on the web page at any time and to record customers' personal information and preferences, so as to provide customized service to deliver advertisements based on customers' interests and hobbies. If customers do not want to accept cookies, they may close the cookie function on the browser, then the website will not store customers' information in the cookies it uses. The refusal to write cookies may cause some parts of the website not to work correctly.

8. External Links on the Website

   The websites or web pages of the Group may contain links to other websites or web pages. The contents of other websites or web pages are not owned by the Group and therefore not apply to the privacy protection policies of this website. Such other websites and webpages which are not owned by the Group shall be governed by their respective privacy protection policies of such other websites.

9. Amendments to this Policy

   To meet social and environmental changes, business needs, technology development, and amendments to related laws and regulations, this Privacy Policy may be amended and announced from time to time.

   The Group may from time to time update this Privacy Policy and may notify you of any changes to this Privacy Policy in verbal or writing or by means of phone, text messages, e-mail, facsimile, electronic documents or any other methods that you may receive or know, including but not limited you may re-visit the Privacy Policy page of this website at any time. Please visit the Privacy Policy page of this website at any time to protect your rights and interests.

10. Contact Us

    If you have any questions, please call +886-2-8761-2285. You can also contact us by email: privacy@sinopac.com

IMPORTANT: By accessing this website and any of its pages, it represents that you agree to the terms set out above. Thank you.