To our valued customers:
In order to protect your rights, KGI Financial Holdings Co., Ltd. (formerly known as China Development Financial Holding Corporation, hereinafter referred to as the “Company”) and its domestic subsidiaries and the new domestic subsidiaries publicly announced on this website due to organizational changes in the future (hereinafter collectively referred to as the “Group”) will provide you with diversified services through customer service centers, commodity consulting services, website activities, online applications (services), contact mailboxes on the Group's website, and/or through the use of cookies or other similar technologies, or other lawful channels or methods, collect, process, use and cross-border transfer your personal data in accordance with the law.
In order to protect your rights and interests, the Group hereby, in accordance with Article 8, Paragraph 1 and Article 9, Paragraph 1 of the Personal Data Protection Act (hereinafter referred to as the "PDPA"), notifies you of the following matters: (1) the name of the Company and/or Group, (2) the purpose of the collection, (3) the types of the personal data to be collected, (4) the period, areas, parties, and methods of which the personal data is used, (5) the source of personal data collected, (6) the data subject's rights under Article 3 of the PDPA and the methods for exercising such rights, (7) the data subject's rights and interests that will be affected if he/she elects not to provide his/her personal data.
I. The personal data management practices of the Group are as follows:
1.Based on specific lawful purposes, the Group shall collect, process and use personal data within the necessary scope, and shall have legitimate and reasonable connections with the purposes of collection.
2.Personal data is collected to the minimum and necessary extent based on specific lawful purposes. The data subject will be clearly informed of the period, parties, areas, and methods regarding use of their personal data.
3.Unless otherwise stated by law, the collection, processing or use of children's personal data by the Group shall be subject to special protection.
4.Based on the principles of fairness and lawfulness, only relevant and appropriate personal data will be processed.
5.Properly manage the personal data held.
6.Ensure the accuracy of personal data and correct or supplement such data on its own initiative or upon the request of data subjects.
7.The personal data collected will be retained in accordance with the law or for specific lawful purposes, and will be kept for the period required by relevant laws and regulations or within the necessary retention period for the Group’s business needs.
8.Respect the rights that the data subject can exercise over their personal data, and such rights shall not be waived or limited contractually in advance, including making an inquiry of, reviewing, requesting a copy of, supplementing, correcting, demanding the cessation of collection, processing or use of, and erasing his/her personal data, etc.
9.Appropriate control measures should be adopted to ensure the security of personal data.
10.The cross-border transfer of personal data shall comply with relevant laws and regulations, and may only be conducted under appropriate protective measures.
11.Appropriateness and legality should be ensured when personal data is used under exceptions permitted by the PDPA.
12.Establish and continuously maintain a personal data management system to implement the requirements of personal data protection.
13.Identify internal and external stakeholders and the extent of their involvement in the governance and operation of the personal data management system.
14.The Group shall properly keep records of the collection, processing or use of personal data.
15.The disclosure of personal data to third parties shall comply with the requirements of relevant laws and regulations. If the Group outsources collection, processing or use of personal data to other government agencies/ non-government agencies, it shall supervise the outsourced parties appropriately to meet the requirements of the Group's personal data management.
II. The Group's purposes regarding collection, processing, use and cross-border transfer of your personal data, the types of the personal data and the period, areas, parties and methods of which the personal data is used are as follows:
1.Purposes regarding collection, processing, use and cross-border transfer of your personal data: consumer protection; marketing (including cross-selling); facilitating cross-industry collaboration; enhancement of customer convenience; collection, processing and use of personal data by the financial service industry in accordance with laws and regulations and the needs of financial supervision; financial dispute resolution; financial supervision, administration and inspection; collection, processing and use of personal data by non-governmental agencies as defined by law; contract, quasi-contract or other legal relationship matters; consumer, customer management and services; business and technical information; information (communication) services; information (communication) and database management; information and communication security and management; advertisement or commercial conduct administration; investigation, statistics and research analysis; risk identification; strengthen risk control; supervision and management of the Group; other financial management business; other business operation in accordance with the business registration or the articles of association; other advisory and consultant services; lucky draw event and gift dispatch.
2.Types of personal data: including but not limited to your basic information (e.g., name, ID number, passport number, residence permit, date of birth, domicile/residence/work/email address, contact information, marriage, family, education, occupation, financial situation, transaction information and other related information (including accounting, credit, investment, insurance, etc.), audio, video files, mobile and network media device location information (such as mobile device ID, mobile device location , social network information, Internet Protocol (IP) address, internet browsing trajectories inside and outside the site, cookies) and other information that can directly or indirectly identify an individual as contained in various business application forms or contracts, and all information is subject to the information concerning the relevant business and services between you and the Group and the information provided by you or third parties, or actually collected.
3.Period of use: as a general rule, the retention period for personal data is five years, unless other retention period is necessary for the execution of the business (as the duration of the specific purpose), required by relevant laws and regulations (such as the Money Laundering Control Act, the Business Entity Accounting Act), or stipulated in individual contracts, whichever comes later shall prevail.
4.Parties of use:
4.1. The Group and the overseas branches of the Group.
4.2. The Institutions in relation to the Group's business (e.g., correspondent bank, Joint Credit Information Center, National Credit Card Center of R.O.C., The Taiwan Clearing House, TWSE, Taiwan Futures Exchange, Taipei Exchange, TDCC, Taiwan Integrated Shareholder Service Company, Financial Information Service Co., LTD., credit guarantee institutions, trade associations, stock issue companies, delivery banks, credit card international organizations, other relevant institutions authorized by law to handle stock business affairs, card acquirers and contracted merchant, electronic payment institutions, Taiwan Insurance Institute, Taiwan Insurance Guaranty Fund, Financial Ombudsman Institution, institutions or consultants that have contractual relationships or business transactions with the Group due to business needs (such as lawyers, firms, accountants, vendors), and other institutions designated by the competent authority for the relevant business, including those involved in business operations, as well as supervision, management, inspection, issuance, trading, credit investigation, transactions, delivery, stock affairs, etc., and recipients of internationally transferred personal data not restricted by the central competent authority, companies that are permitted by law to engage in cross-selling or to share and utilize customer data with the Group, entities collaborating with the Group for promotional purposes, outsourced business agencies, and third parties suppliers, companies that have reinsurance business with the Group).
4.3. Financial supervisory authorities, judicial authorities, tax authorities, or agencies with investigative powers according to law, as well as dispute resolution and credit investigation institutions.
4.4. Parties agreed by the customer (e.g., companies engage in cross-selling or collaborative use of customer data with the Group, companies collaborating with the Group to promote business).
5. Areas of use: the utilization areas of your registered personal data that may be used include both domestic and foreign locations of the aforementioned parties, including Taiwan (including Taiwan, Kinmen, Penghu, and Matsu regions), the locations of the Group’s overseas offices, the locations of correspondent banks, the locations of outsourced business agencies, the locations of business partners’ operation offices, etc.
6. Methods of use: processing and use by automatic machines or other non-automatic methods in compliance with relevant laws and regulations of personal data protection, including but not limited to written, electronic or cross-border transfer.
III. Source of personal data collected:
1.Direct collection from customers by the Group.
2.Information voluntarily disclosed by customers in public domain or lawfully disclosed by others.
3.Lawfully collected by the Group from third parties (e.g., persons acting as agents, representatives, or assistants of the data subject, third parties with whom the Group has relationships for data sharing, joint promotions, or other collaborations, or third parties engaged by the Group in connection with various business operations).
IV. In accordance with Article 3 of the PDPA and GDPR requirements, you may request to exercise the following rights concerning your personal data held by the Group using the contact information (e-mail: ir@kgi.com; telephone: (02)2763-8800) that the Group provided:
1.Excluding the circumstances described in Article 10 of the PDPA, you may inquire, request to review, and request to obtain copies of your personal data from the Group. However, the Group may charge a fee to cover its necessary costs in accordance with Article 14 of the PDPA.
2.You may request to supplement or correct your personal data from the Group. However, in accordance with Article 19 of the Enforcement Rules of the PDPA, you shall appropriately explain the reasons and facts.
3.In the event the Group violates the provisions of the PDPA in collecting, processing, or using your personal data, you may request the Group to erase the personal data collected or cease collecting, processing or using the personal data according to Article 11, Paragraph 4 of the PDPA.
4.According to Article 11, Paragraph 2 of the PDPA, in the event of a dispute regarding the accuracy of the personal data, you may request the Group to cease processing or using your personal data. However, according to the provision in the same paragraph, this provision does not apply as the processing or use is either necessary for the Group to fulfill its official or business duty, or has been agreed to by you in writing, and the dispute has been recorded.
5.According to Article 11, Paragraph 3 of the PDPA, when the specific purpose of personal data collection no longer exists, or upon expiration of the relevant period, you may request the Group to erase or cease processing or using your personal data. However, according to the provision in the same paragraph, this provision does not apply as the processing or use is either necessary for the Group to fulfill its official or business duty or has been agreed to by you in writing.
6.You may request for restriction of processing and data portability from the Group.
7.You may request not to be subject to automated profiling your personal data and not to process your personal data for direct marketing purposes from the Group.
V. If the Company collects your personal data as lawfully provided by its subsidiaries, the Company hereby informs you of the above in accordance with Article 9, Paragraph 1 of the PDPA. You may also refer to the respective subsidiaries’ official websites for relevant personal data notification information.
For the exercise of the above rights, if such exercise of rights fails to comply with the application procedure, or where the Group bears the obligation to preserve the personal data according to the laws, or where the laws specified otherwise, it may not be handled according to your request. You may choose, on your own decision, whether to provide relevant personal data and the type of data. However, if the personal data and type of data that you refuse to provide is necessary for the business review or operation, the Group may not be able to perform necessary operations such that relevant services cannot be provided to you, or optimal services cannot be provided.
In addition, please carefully read the above statements before providing, registering, or using your personal data on this website. If you continue to use this website, or complete and submit your personal data, it will be deemed that you have fully understood and agreed to the above statements.
The Group will collect, process, use and internationally transfer your personal data in accordance with the content of this notification statement. Within the scope of this notification statement, the Group will not provide separate or repeated notifications regarding the collection, processing, use, and international transfer of your personal data.
To protect your rights and interests, please carefully read the above notification. However, in response to changes in the social environment, laws, and technological advancements, and to protect customers' personal data rights, the Group reserves the right to revise this notification statement at any time and will promptly update it on the website.
(202604 version)