Sorry, this webpage uses script but your browser does not support it. The script used on this website does not affect your ability to read the information on this website. Please continue browsing, thank you!

Customer data protection

顧客權益 顧客權益

Privacy Policy

Our data protection measures, including the "Operational Guidelines Regarding Exercise by Customers of Rights Under the Personal Data Protection Act" in accordance with the "Bank of Taiwan Personal Data File Security Maintenance Plan And Rules Governing The Handling Of Personal Data Following A Business Termination", and the Directives for Personal Data Processing after Termination of Transactions, regulate the management and procedures of customer data protection across all business units. In 2022 we formed a task force with guidelines to conduct and convene exclusively personal data protection topics to reinforce applicable laws and practices, and improve related measures.

In addition, to following up on digitalization, we continue to supervise the business managing units the e-commerce service system to plan drills and improvements regarding the monitoring and contingency plan over unlawful and exceptional behaviors. Conducted by the Consumer Finance Department and the Department of Trusts, two drills in 2023 ensured proper use of customer personal data by BOT.

Aspect BOT Approach
Personal data breach drill To raise the awareness and practice the reacting procedure, we have adopted a Personal data Grading Guide and conduct drills every year. In case of personal data breaches, we grade the risk level case-by-case and complete reporting in line with procedure.
  • The 2023 personal data breach drill and "Personal Data Protection System Targeted Examination" were completed as requested by the FSC.
  • Zero privacy intrusion and loss of customer data incidents in 2023.
    		•
    Customer privacy
  • We have adopted the "Standard Operating Procedures for Security Maintenance of Personal Data and Files in Wealth Management, Financial Commodity Sales and Bancassurance Businesses" to prevent data breaches and unlawful use.
  • Before reporting to their positions, BOT financial planners are required to sign a "Confidentiality Agreement and Code of Ethics for Financial Service Staff" and Proxies. Financial product salespersons are required to observe customer data privacy practice.
    		•
    Cyber transaction security All online services provided by BOT are governed our "Privacy Statement". We also renew and upgrade to ensure online transaction security.
    In compliance with the regulations governing the cross-border transfer of personal data protection
  • In response to the EU's General Data Protection Regulation (GDPR) and UK Data Protection Act 2018, our practice includes GDPR-based regulations, including the Bank of Taiwan Personal Data Protection Consent Form(Applies only to data subjects of European Union and UK), the "Notice for Existing EU Customers", and Bank of Taiwan Privacy Statement(Applies only to juridical person).
  • GDPR training and reminders: We include GDPR as part of training, and have logged forms, regulations, Q&As, and training materials in the "EU&UK GDPR Information" section on BOT's intranet.
    		•

    The Unqualified Assurance Report by KPMG Taiwan of March 2023 based on Personal Data Protection System Targeted Examinations for 2022 and the Implementation Rules for the Internal Audit and Internal Control System of Financial Holding Companies and the Banking Industry has been proposed in a managing director meeting, and submitted before the end of April 2023 to the FSC for future reference.

    Handling Procedure for Privacy Violations

    According to "Bank of Taiwan Personal Data File Security Maintenance Plan And Rules Governing The Handling Of Personal Data Following A Business Termination", in the case of personal data leakage, a cyber attack on customer credentials, or other personal data incidents, the heads of related units are required to adopt BOT's Notice for Crisis Reporting (including the approach to manage loss and damage to victims, and the procedures regarding how and what to contact and inform victims when the investigation is completed) and draft a report. As regulated in the Employee Reward and Punishment Policy, when customer information is leaked and/or privacy breached by employees causing damage to victims' rights and interests, the HQ business managing units will conduct an investigation and report the incident to the general manager and Personnel Review Committee, who will punish any violators accordingly.

    Secondary Use of Customer Data

    To increase convenience for customers, enhance risk management and promote cross-sector cooperation between financial institutions, we facilitate the reasonable use of customer data based on the principles for ensuring information security and established the data sharing mechanisms between financial institutions. With reference to the Guidelines for Data Sharing between Financial Institutions published by the Financial Supervisory Commission, we established the Guidelines for Data Sharing between Bank of Taiwan and Financial Institutions. Taiwan Financial Holding, BOT's parent company, fully supervises the utilization of customers' personal data, and ensures evaluations of the compatibility of processing and secondary use of data before proceeding.

    1. Regarding the methods of data collection
      The source of data is from existing customers which is provided by customers when engaging in the services or activities organized by Taiwan Financial Holding Group through personnel, phones, internet exchanges, or other methods, or is acquired through other legal and public channels.

    2. Regarding the purpose of using data
      Customer's personal data is sharing among Taiwan Financial Holding and its subsidiaries for the purpose of investment and financial Management. As a result, we can provide various products and comprehensive services to customers.

    3. Regarding the participants of the data sharing
      Customer's personal data is solely sharing among Taiwan Financial Holding and its subsidiaries or the third parties to which such business is entrusted; unless authorized by laws or specified in contracts with the customer, Taiwan Financial Holding does not share nor refer to anyone, nor using customer data other than aforementioned targets.

    4. Regarding the customer complaint for information leakage or misuse
      Customers can file a complaint through a number of services provided by Taiwan Financial Holding Group., who, or the subsidiaries of which, shall assess the case and conduct and investigation following due process. The case results will be communicated to the customer. Customer complaints shall be handled and investigated appropriately and respond to the customer as soon as possible.