元大金控元大金控 元大金控元大金控 元大金控元大金控

Customer Privacy Protection

In order to fully protect the personal information and privacy of our customers and investors, Yuanta Financial Holdings set in place the “Yuanta Financial Holdings and Subsidiaries Customer Information Protection Measures” in 2002, and the “Customer Right to Privacy Protection Statement” in 2012, and enforces their compliance on a Group-wide basis.

Yuanta Financial Holdings and its subsidiaries undertake a “Training Course on Personal Data Protection related laws” at least once every year, and test employees to ensure that they fully understand the importance of protecting personal data, and the relevant procedures.

Information is collected through legal and public channels. Customer information will be stored in a data storage system with the highest levels of security and stability by the relevant company or by a commissioned storage provider. All access and usage of the information shall be limited to parties with the necessary authorization. Furthermore, the Company makes use of the appropriate technologies and organizational safety measures to safeguard personal data from being lost or misused. The Company also has a comprehensive personal data protection system in place to enhance the protection of customer privacy.

Yuanta Securities – Committed to Protecting the Privacy of our Customers

Yuanta Securities’ account opening procedures are done in accordance with the duty of disclosure laid out in Article 8, paragraph 1 of the “Personal Data Protection Act”, ensuring that our customers fully understand that trading via the Company’s electronic platform and the accessing of personal information can only be done after the customer has completed the setting of a personal password.

In business cases classified as confidential, in addition to entering a non-disclosure agreement with clients, or stipulating confidentiality terms within the contract agreement, dedicated folders are established on the Company’s internal computer network, with access limited to the team handling the case. Additionally, in adherence with the “Personal Data Protection Act”, all communications sent from Company employees which contain personal information are password protected; furthermore, all emails sent from Company computers to external email addresses must pass through an external letter review process to protect customer’s confidential information.

As a demonstration of our determination to safeguard customers’ personal information, in March of 2015 Yuanta Securities passed “BS 10012: 2009 Personal Information Management System” and received official certification from British Standards Institution (BSI).

Furthermore, on February 1, 2016, following the Group-wide policy for Company email on mobile devices, Yuanta Securities set out the guidelines for the governing the information on company’s email system in “IT Facilities Management and Usage Measures”, clearly stating that to protect personal data and confidential information, sending any confidential materials to external emails, or saving any such information on external devices or cloud storage are prohibited.

Yuanta Bank – Strengthening Information Security Management

Yuanta Bank – Strengthening Information Security Management Protecting customers’ information and privacy and building a long-term relationship on a foundation of trust, have long been one of Yuanta Bank’s guiding principles. In order to increase our competitiveness in financial services, Yuanta Bank established management systems for information security and personal information security, and received certification for “ISO 27001 Information Security Management” and “BS10012 Personal Information Management” in January and July of 2012 respectively as well as the updated edition “BS10012: 2017 Personal Information Management” in December 2018, effectively strengthening its information security management abilities.

To ensure the effective implementation of the information security system, Yuanta Bank holds periodic training courses to raise employees’ information security knowledge and awareness. Additionally, to strengthen controls on information access, the Bank has adopted protective mechanisms and monitoring software to guarantee that information is not improperly accessed, and to protect the security of our customers’ personal information. In terms of business continuity management (BCM), the Bank has implemented responsive measures to provide the very best service to our customers.

Yuanta Life – Focused on Protecting Our Customers’ Personal Information

Yuanta Life has established a “Personal Information Protection Group”, which based on its “Personal Information Protection Group Implementation and Operational Rules”, provides personal data protection procedure management and oversight, and periodically reviews of changes to internal and external personal information related rules and regulations to ensure that all personal information entrusted to Yuanta Life is strictly and effectively protected. Besides receiving the certification for “ISO 27001:2013 Information Security Management" in April, 2017, Yuanta Life was awarded the “BS 10012:2017 Personal Information Management” from British Standards Institution (BSI), strengthening its personal information protection abilities to safeguard the confidentiality and safety of customer information.