Jump to main content
For the best experience, change the screen to portrait mode.

For the best experience, change the screen to portrait mode.


Customer’s Personal Data Protection Declaration

Pursuant to the Personal Data Protection Act and the relevant regulations of the competent authority, Chang Hwa Bank (the “Bank”, “we”, “us”) shall collect, process or use personal data in accordance with protecting for the rights and interests of the parties concerned, conduct it within the scope necessary for the specific purpose in accordance with the honest and trustworthy methods, and have a legitimate and reasonable connection with the purpose of collection; We also take appropriate security measures to prevent the theft, alteration, destruction, loss or leakage of personal data in our possessions, so as to fulfill the obligation of keeping confidentiality of customer information.

I. Methods of collecting personal data

  1. The Bank will collect customer’s personal data through transactions or marketing, business promoting activities in consistent with relevant laws and regulations, customer’s consent or based on expressly agreed in all kinds of contractual agreement signed by customer, or through other lawful public means.

II. Methods of personal data storage and custody

  1. The Bank shall maintain customer’s personal data within the databases of the Bank, and all usage of customer’s personal data will be limited only within the scope of laws, regulations and business specifications. Unauthorized personnel will not be given any access or allowed to use customer’s personal data.

III. Personal data security and protection methods

  1. In order to safeguard the confidentiality, integrity and availability of customer’s personal data, the Bank has adopted secure equipment (software and hardware) and mechanism to protect it, and in accordance with relevant laws and regulations and information management principles, the Bank installed firewalls to block illegal intrusions and malware damage for guarding customer’s personal data against illegal accessing or tampering.

IV. Personal data classification, scope and item of use, and purpose

  1. The customer’s personal data will be classified by basic information, transaction information, and other information as follows:
    1. Basic information: including the name, date of birth, ID card number, telephone number, address etc.
    2. Transaction information and other information as follows:
    1. Account information: including account number or other numbers of similar purpose, credit card numbers, deposit numbers, transaction numbers, deposit, loan and other transaction information and financial summary etc.
    2. Credit information: including records of bounced checks, cancellation records, rejected account records, and business performance etc.
    3. Investment information: including the assets that customer has invested or sold, and the amount and timing of the transactions etc.
    4. Insurance information: including the type of policies that customer has insured, the tenor, the sum insured, payment method etc.

V. Purpose of personal data collecting, processing, usage and the right to opt-in

  1. In order to provide customer with more complete and diverse financial products/services, the Bank shall collect, process and use (include but not limited disclose, referral, exchange or use) customer’s basic information, transaction information and other information in consistent with relevant laws and regulations, signed contract with customer or customer’s written consent and only within the necessary scope of the specific purpose of collection. Customer may freely decide whether to provide personal data or not; however, the Bank may only be able to provide limited services due to the insufficient data for transaction review and processing need.

VI. Recipients of personal data disclosure

  1. Only within the necessary scope of the specific purpose of collection, the Bank may disclose customer’s personal data to subsidiaries, the institution using the information in compliance with laws and regulations, the institutions related to the Bank’s business, domestic or foreign competent authority, and third-party service providers engaged with the Bank etc. 
  1. When the Bank entrusts third-party providers to provide business-related services and discloses the customer's personal data to them (e.g. statements mailing service, etc.), a confidentiality agreement shall always in place to maintain the confidentiality of the customer's personal data and limit its use, and the third-party providers shall not re-disclose such information to other third parties unless otherwise complied with laws and regulations or agreed by the customer in writing.

VII. Methods of personal data change

  1. In order to ensure the correctness and completeness of customer information, if his/her personal data needs to be amended, the customers can contact us via the service access provided by the Bank (e.g. in-writing, telephone or contact the branch in person etc.). After verifying the customer’s identity, the Bank will correct or amend it ensuring the customer’s personal data updated.

VIII. Retention period of personal data

  1. For the retention of customer’s personal data for specific purpose of collection, the Bank should protect and manage customer’s personal data in good faith during the time period mandated by the relevant laws and regulations, the time periods in line with business’s needs, or individual contracts (the longer period shall be applied).

IX. Methods of fulfilling customer’s right and Opt-out option

  1. The customer may, at any time, ask the Bank for querying, reviewing, copying, amending, correcting or stopping collection, procession, use or deletion of customer’s personal data. If the customer has no intention to receive marketing or business promotion information, he/she may notify the Bank through the access provided by the Bank (e.g. in-writing, telephone or contact the branch in person etc.) the Bank will accept right away and to honor customer’s instructions within reasonable time for system processing and operation.
  1. Subject to applicable laws and regulations, the customer shall have the right to take out his/her personal data or to transmit those data to another service provider. (applies only to the customer who is a UK or EU resident and provides his/her personal data from and within the UK or EU)

X. Comment and suggestion

  1. If customer has any questions or comments about this Declaration, please don’t hesitate to contact the Bank’s service hotline (domestic phone please dial 412-2222 or 0800-365-889, handset please dial 02-412-2222), we shall process and response per the customer’s request.

In order to accommodate the ever-changing environment, laws and regulations, and technologies, the Bank shall amend this declaration whenever deemed necessary and any amendments made shall be notified to customers as soon as possible by disclosing it on the website of the Bank or via other authority-recognized public access.