KGI Financial Holding Co., Ltd. and its Subsidiaries Client Data Protection and Confidentiality Statement

Statement
KGI Financial Holding Co., Ltd. (formerly known as China Development Financial Holding Corporation) and its subsidiaries (hereinafter collectively referred to as the “Group”) have always put much emphasis on safeguarding the clients’ data. For the purpose of providing diversified and comprehensive financial products and services, the Group has stipulated and announced on its official websites the “Client Data Protection and Confidentiality Statement” in compliance with the “Financial Holding Company Act”, “Regulations Governing The Cross-selling among Subsidiaries of Financial Holding Company”, “Self-Disciplinary of Financial Holding Company and its Subsidiaries”, “Personal Data Protection Act” and other related statutes and regulations. The Group hereby declares that it will follow the principles as described below to protect the rights and interests of the Group’s clients while collecting, processing, and using the clients’ data.
Statement
1. Collection of Clients’ Data
The Group may obtain, use and maintain clients’ data because the clients have been the existing customers of the Group, or have ever used or accepted the Group’s services provided through the Group’s staff, telephone calls, fax, mail, internet, or in accordance with relevant laws/orders, with your consent, or other ways that may obtain client’s data legally and publicly by the Group.
2. Storage and Maintenance Methods of Clients’ Data
The Group will strictly conform with the principle of safety and confidentiality to safeguard the clients’ data. In addition to the safety controlling equipment and mechanism, the Group also sets up a backup storage in different location to maintain the clients’ data in a safe and sound condition and continuously provide the clients with good services in the event of emergency or disasters.
3. Safety and Protection Methods of Clients’ Data
After obtaining the clients’ data, the Group will file and store them in the database in accordance with the relevant operation standards. The access and use of the database shall be managed by a designated person pursuant to its authority and function of business, and the firewalls have been set up to prevent the invasion of external messages and to control the transmission of internal messages in order to protect the clients’ data from any unauthorized or illegal acquisition or any destruction.
4. Classification, Scope of Usage of Clients’ Data, and items
The clients’ data refers to the clients’ basic information, accounting information, credit information, investment information, and insurance information, etc. The categories and scope of use are as follows, but the actual items will be adjusted according to business characteristics:

(1) Basic information: including name, date of birth, ID number, passport number, telephone/mobile/fax number, address, email address, education level, occupation, family information, etc.
(2) Accounting information: including account number or number with similar function, credit card account number, deposit account number, transaction account number, deposit and loan and other transaction and financial information.
(3) Credit information: including refund records, cancellation records, refusal/banning records, and business operation status.
(4) Investment information: including information on the target, amount and time of investment or sale of investment.
(5) Insurance information: including relevant information on the type of insurance, term, insured amount, payment method, claims status and refusal records.

When the Group conducts cross-selling, it will comply with the regulations dictated by the competent authorities, relevant trade associations, or other units that have the power to supervise the business activities of the Group, or interactively use and disclose customer information in accordance with the scope of information agreed to provide in the application form or relevant contract between the customer and the company in the group.
5. Purpose of using Clients’ Data
The Group only discloses, refers or exchanges customer information for marketing (including cross-selling), entrusting a third party to handle business-related affairs, complying with the requirements of the competent authority and information sharing, or disclosure, referral or interactive use of customer information in management supervision and other situations as permitted by law or with the consent of the customer in order to provide comprehensive and diversified financial products and services to clients. The Group shall conscientiously and carefully manage the clients’ data to ensure that it is well-protected.
6. Parties of Disclosure of Clients’ Data
The clients’ data will be used and disclosed in compliance with the “Financial Holding Company Act”, “Regulations Governing the Cross-selling among Subsidiaries of Financial Holding Company”, “Self-Disciplinary of Financial Holding Company and its Subsidiaries”, “Personal Data Protection Act”, and by the Group for the purpose of conducting cross-selling. Except for parties commissioned by the Group to collect, use and process the clients’ data under the authority of and on behalf of the Group, the clients’ data will not be disclosed to any other third party.
7. Methods for Change and Update of Clients’ Data
The Group will maintain the completeness and accuracy of clients’ data. If the clients’ data requires updates, the clients may apply to amend the data by contacting the business locations of the Group directly or through the Group’s staff or customer service.
8. Termination of using Clients’ Data
The clients may give notice to the Group at any time whenever the clients are unwilling to receive any information regarding the financial services or marketing advertisements of the Group. The Group will no longer send any relevant messages or materials to the clients and will stop using the clients’ data after a reasonable operating period from the date of such notice.
Modifications
The modifications of the “Client Data Protection and Confidentiality Statement”, if any, will be announced on the Group’s websites or via means deemed public by the competent authority. If there is any amendment regarding the 7th or 8th principles of the above, the subsidiaries of Group will further notify you in writing or email in addition to the public announcement.
Names and contact numbers of companies within the Group that collect, process and interact with client data are listed as below
In accordance with the provisions of Article 13, Item 3 of the Regulations Governing the Cross-Selling among Subsidiaries of Financial Holding Company, we would like to list the names and contact numbers of companies within the Group that sharing client data:

KGI Financial Holding Co., Ltd. Tel: 02-27638800
KGI Bank Co., Ltd. Tel: 02-80239088 / 0800255777
KGI Securities Co., Ltd. Tel: 02-23890088 / 0800085005
KGI Life Insurance Co., Ltd. Tel: 0800098889