Notification for the Collection, Processing, and Utilization of Personal Data

 

1.With respect to the collection, processing, use and international transmission of your personal data, we, KGI Securities Co. Ltd. (hereinafter “the Company”) hereby inform you of the followings according to Paragraph 1 of Article 8 of Personal Data Protection Act and if applicable, Article 13 of the EU General Data Protection Regulation:

 

No.

Notification Item

Notification Content

1

Purpose of Collection

  1. To operate the businesses approved by the competent authorities and in accordance with the Company’s business registration or articles of incorporation, including but not limited to securities, futures, wealth management, trust, derivatives trading, bonds and short-term bills, underwriting, shareholder services, and proxy solicitation for shareholders’ meetings, as well as any other financial services the Company may be permitted to operate in the future (based on the latest scope of business announced by the Company).
  2. To perform matters and operations arising from contractual relationships, quasi-contractual relationships, or other legal relationships between you and the Company, and to provide services and operations related to your status as a customer or shareholder. These include credit investigation, marketing (including cross-selling and cooperative promotions), customer management and services, certificate management, e-commerce services, consulting and advisory services, statistical surveys and research analysis, information and database management, shareholder notifications, and related services.
  3. To perform legal obligations, such as anti-money laundering and counter-terrorism financing operations, risk management, internal control and audit, whistleblowing systems, information security and management, and compliance with domestic and international financial regulations (including but not limited to the U.S. Foreign Account Tax Compliance Act (FATCA), Common Reporting Standard (CRS), and the EU Shareholders’ Rights Directive II (SRD II)).
  4. To comply with orders, investigations, and inspections by financial supervisory, judicial, tax authorities, and other authorities with judicial, prosecutorial, or administrative investigative authority, and to handle litigation, non-litigation, arbitration, or other financial disputes.

2

Types of Personal Data

Personal data collected within the necessary scope for the aforementioned specific purposes includes basic information (such as name, national identification number, passport number, date of birth, residential/work/email address, telephone/mobile/fax number, education, occupation, employer’s name, family status, etc.), account information, credit information, income information, asset or financial information, credit extension information, investment information, location data, online identifiers, data recorded by cookies and similar technologies, and any other information contained in relevant business application forms or contracts that can directly or indirectly identify an individual.

3

Duration of Use

Within the duration of the Company’s business operations as permitted by the competent authority, and within any of the following periods (whichever is the longest):

  1. The duration of the aforementioned specific purposes.
  2. The retention period as required by applicable laws or as stipulated in contracts (or similar agreements).
  3. The retention period necessary for the execution of business operations.
  4. The period consented by you.

4

Areas of Use

The relevant areas where the Company is authorized by the competent authority to operate and where its registered business activities or those stipulated in its articles of incorporation are conducted, as well as areas necessary for achieving the purposes of personal data collection, processing, and use, include:

the Company (including its headquarters and all branches), parent companies, subsidiaries, or affiliates under the Company’s control or subordinate relationship, and their respective branches; areas where institutions or consultants that have contractual or business relationships with the Company or the aforementioned companies are located; areas where financial supervisory, judicial, tax authorities, or other domestic or foreign government agencies or third-party institutions to which data must be provided by law are located; and areas where recipients designated by you are located (in the case of international transmission of personal data, limited to jurisdictions not restricted by the central competent authority).

5

Entities Using Personal Data

  1. The Company (including its headquarters and all branches), parent companies, subsidiaries, or affiliates under the Company’s control or subordinate relationship, and their respective branches (including but not limited to those engaged in cross-selling or sharing customer data with the Company); institutions or consultants (such as lawyers or accountants) that have contractual or business relationships with the Company or the aforementioned companies due to business needs (including but not limited to companies cooperating with the Company in promotional activities or entities entrusted in accordance with the “Guidelines for Securities Firms Outsourcing Operations”); and assignees of all or part of the Company’s business.
  2. Financial supervisory, judicial, tax authorities, or other authorities with investigative authority, or dispute resolution and credit agencies, including but not limited to the stock exchange, futures exchange, over-the-counter trading center, central securities depository, securities or futures industry associations (or other relevant trade associations), the Securities and Futures Investors Protection Center, the Financial Ombudsman Institution, and other institutions authorized by law to handle shareholder services, such as the issuing companies of securities held by you, settlement banks, custodians, and the Taiwan Clearing House. This also includes other institutions designated by the competent authority related to business operations, supervision, issuance, trading, credit investigation, settlement, shareholder services, and financial supervisory authorities with jurisdiction over the recipients listed in Item 1, or other domestic or foreign government agencies or third-party institutions to which data must be provided by law.
  3. Recipients designated by you.

6

Method of Use

By means of automated machines or other non-automated methods (including but not limited to written, electronic, or international transmission), personal data will be used within the scope of the aforementioned specific purposes in a reasonable and lawful manner.

If the EU General Data Protection Regulation (GDPR) is applicable, the Company will ensure that international data transfers are subject to an appropriate level of security protection as required by law. If the Company transfers your personal data to a country or jurisdiction that cannot guarantee a level of personal data protection equivalent to that of the Republic of China (Taiwan), the Company will require the recipient to enhance its data protection measures to a level equivalent to that of the Company, in order to ensure that your personal data remains protected despite the international transfer.

7

Your Rights and How to Exercise

You may exercise the following rights regarding your personal data held by the Company:

  1. To inquire about, request access to, or request a copy of your personal data (the Company may charge necessary fees to cover costs).
  2. To request supplementation or correction of your personal data (you must provide an appropriate explanation).
  3. To request the cessation of collection, processing, or use, or to request deletion of your personal data (however, the Company may refuse such requests if it is necessary for the Company to comply with relevant laws, regulations, and contracts, or to carry out its business.).
  4. To request restriction of processing.
  5. To request data portability.
  6. To object to automated profiling.
  7. To object to the processing of personal data for direct marketing purposes.

 

If you wish to exercise any of the above rights, you may submit a request through the following contact methods or any other means by which you can reach the Company. If you believe the Company has collected, processed, or used your personal data in violation of applicable regulations, you may also file a complaint with the Company or the competent authority.

 

Contact Numbers: (02) 2389-0088 / 0800-085-005

Email Address: service1@kgi.com

8

Impact on your rights if you refuse to provide your personal data

You have the right to freely decide whether to provide your personal data. However, if you choose not to provide such data, the Company may be unable to carry out the necessary reviews, processing operations, and other related services required for business purposes. As a result, the Company may refuse to engage in business transactions with you or process related matters and applications.

 

For example, if you do not fully provide the personal data required for the Company to comply with the U.S. Foreign Account Tax Compliance Act (FATCA) in conducting U.S. account investigations, or if you do not consent to the Company reporting your U.S. account information to the U.S. federal government or the government of the Republic of China (Taiwan), the Company may, in accordance with the provisions of FATCA, be required to withhold taxes on certain payments and may further be required to close your account.

 

2.If the dealings between you and the Company call for collection of your personal data from TWSE’s securities firms credit checking system, the Company hereby informs you of the followings in accordance with Paragraph 1 of Article 9 of Personal data Protection Act and if applicable, Article 13 of the EU General Data Protection Regulation:

Your personal data (including personal information, credit or investment information, breach or criminal records related to securities transactions) is obtained by the Company from TWSE’s securities firms credit checking system for credit checking purpose. For other matters please refer to the above.

 

The Company will continue to collect, process, and use your personal data in accordance with the content of this notification. The Company will not provide separate or repeated notifications for such collection, processing, and use within the scope of this notification.

 

You agree that the Company has the right to amend the content of this notification and that, upon such amendment, the Company may notify you by posting on its website or through verbal, written, telephone, SMS, email, fax, electronic documents, or any other means sufficient to inform or make the content accessible to you (including, but not limited to, providing a website link containing the full content of this notification via the aforementioned methods).

 

If the data you provide to the Company includes personal data of third parties other than yourself, you declare that you have properly informed such third parties that their personal data will be provided to the Company and will be collected, processed, and used within the scope of this notification. You shall also ensure that such third parties have consented to the aforementioned collection, processing, use, and international transfer of their personal data, and that they understand all legally required notifications and their rights. Therefore, the Company is not required to provide separate notification to such third parties.

  

version 7, 2025 June