Confidentiality Measures

The customer data confidentiality measures of TS Financial Holding Co., Ltd. and its subsidiaries (hereinafter collectively referred to as the “Group”) are implemented in accordance with the Financial Holding Company Act, the Personal Data Protection Act, Regulations Governing Cross-selling Among Subsidiaries of Financial Holding Company (hereinafter referred to as the “Cross-Selling Management Rules”) and relevant laws and regulations of the competent authorities. Meanwhile, each subsidiary is also bound to comply with other relevant laws and regulations pertaining to its profession to fulfill its duty of keeping customer data confidential.

1. Customer Data Collection
   The Group possesses customer data because the customer is an existing customer of the Group, or because the customer provides such data when participating in activities or services organized by the Group, or because the data is obtained from other third parties or public channels that have the right to disclose it legally.
2. Customer Data Storage and Safekeeping
   In addition to the establishment of secure control equipment and mechanisms for customer data, the Group also establishes local or remote backup systems to ensure that when special or emergency events or disasters occur, complete customer data is still retained with confidentiality, availability and integrity.
3. Customer Data Security and Protection
   The Group has adopted strict measures to protect the security of customer data. In addition to using encryption mechanisms such as SSL or SET for data transmission, firewalls are used to prevent illegal intrusion or unauthorized internal use. Personnel who are not officially authorized by the Group are strictly prohibited from accessing customer data.
4. Customer Data Classification, Scope of Use and Items
   Customer data refers to the general information, transaction information and other related information of customers (including account information, credit information, investment information and insurance information). The classification and content of the data may be added or deleted according to the business characteristics of the subsidiaries within the scope permitted by laws and regulations:
   (I)    General information: including information such as name, date of birth, ID number, telephone number and address.
   (II)   Transaction and other related information includes the following:
   1. Account information: including information such as account number or other numbers with similar functions, credit card account number, deposit account number, transaction account number, deposit and loan information and other transaction information and financial status.
   2. Credit information: including information such as records of dishonored negotiable instruments, cancellation records, account rejection records and business operation status.
   3. Investment information: including information such as the subject, amount and time of investment or sale.
   4. Insurance information: including relevant information such as insurance type, term, insured amount and payment method.
      Unless otherwise provided by law or agreed by the customer with a signed contract or an express written consent, the data disclosed, referred or used among the cross-industry subsidiaries of the Group in cross-selling activities shall not contain general information and transaction information other than the customer’s name, address and e-mail address.

5. Purpose of Using Customer Data and Disclosure
   (I)    In order to provide more comprehensive products and services, the Group’s cross-industry subsidiaries may disclose, refer or use among them general information, transaction information and other relevant information of customers for cross-selling activities, subject to compliance with laws and regulations or with the consent of customers.

   (II)   In accordance with laws and regulations or at the request of government agencies, subsidiaries of the Group may provide customer data to the parent financial holding company, competent authorities, tax authorities, courts, judicial authorities and other authorities with investigative powers under the law.

   (III) When handling business-related matters due to entrustment, the Group may disclose customer data to the entrusted entities and require the entrusted entities to strictly abide by the Group’s customer data confidentiality measures and not disclose customer data to third parties; the Group may check and supervise the compliance of the entrusted entities at any time.

   (IV) When conducting credit investigations for business management, subsidiaries of the Group may exchange and disclose customer data with the Join Credit Information Center, the Taiwan Clearing House or other banking peers.

6. Change and Modification of Customer Data
   If there are any changes in customer data, the customer may notify the customer service center of the Group’s subsidiary at any time to request correction or supplement.

7. Opt-out Choices of Customers
   Customers may end the mutual use of their personal data for cross-selling at any time by notifying the customer service center of the Group’s subsidiaries with which they are dealing. Upon receiving the customer’s request, the subsidiary that accepts the request may check the customer’s consent status before updating the information and notify other subsidiaries to immediately stop the mutual use of customer data after the update is completed.

The following are the subsidiaries of the Group that use customer data across industries. For any additions or changes to the Group’s subsidiaries, please refer to the announcement on the Group’s website.

Taishin International Bank Co., Ltd.
Taishin Securities Co., Ltd.
Taishin Securities Investment Advisory Co., Ltd.
Taishin Securities Investment Trust Co., Ltd.
Taishin Asset Management Co., Ltd.
Taishin Venture Capital Investment Co., Ltd.
Taishin D.A. Finance Co., Ltd.
Taishin Life Insurance Co., Ltd.
Taishin Futures Co., Ltd.
Shin Kong Life Insurance Co., Ltd.
Shin Kong Commercial Bank Co., Ltd.
MasterLink Securities Co., Ltd.
Shin Kong Investment Trust Co., Ltd.
Shin Kong Property Insurance Agency Co., Ltd.
Shin Kong Venture Capital International Co., Ltd.
Shin-Kong Life Real Estate Service Co., Ltd.
Shin Kong Marketing Consultant Co., Ltd.
MasterLink Life Insurance Agency Co., Ltd.

Any modification or change to the aforementioned confidentiality measures will be announced on the Group’s website or through other public disclosure channels approved by the competent authority.

Note：This Example has been translated into English. If there is any inconsistency or ambiguity between the English version and the Chinese version, the Chinese version shall prevail.