Statement on Personal information Management Policy for Agricultural Bank of Taiwan

Agricultural Bank of Taiwan (hereinafter referred to as “the Bank”) upholds the spirit of implementation of personal information protection and management measures in order to be in compliance with the relevant provisions of the "Personal Information Protection Act", to reduce the impact of any incidents of personal data file infringement, and to ensure the Bank’s management goal of protecting personal data, hereby announce following statement.

The Bank’s statement on personal information management policy is as follows:

1. The Collection, processing, and using of personal data shall be within the necessary scope for specific purposes of lawfulness.
2. The processing of personal data shall be in a safe and legal manner.
3. The parties shall be informed in accordance with the law of the use of their personal data.
4. Make an Inventory of personal data and create a list of categories.
5. Ensure the accuracy of personal data and update according to law.
6. Personal data shall be saved according to law.
7. Esteem the parties' right to exercise their personal data, including inquiries or requests for review, requests for copies, requests for supplements or amendments, requests to stop collecting, processing or using, and requests for deletion.
8. Ensure the security of personal data in custody.
9. Before conducting international transmission of personal data, check whether it is restricted by the competent authority and follows the rule.
10. When personal data is used in the exceptions allowed by the "Personal Information Protection Act," ensure its appropriateness and legality.
11. Establish and execute personal data management systems to implement personal data protection policies.
12. Clearly define the personal responsibilities and obligations of the personal data management system.

The promulgation of this statement clearly declares the importance of maintaining personal data management. All employees should indeed understand the contents of this statement in order to safeguard the security and sustainability of all personal data in custody of the Bank.

Last revised date June 23, 2015