Privacy Policy

The personal data and privacy management policy of the Company shall be implemented after the approval of the president or his designated agent, and the same shall apply when the policy is amended. The summary is as follows:

Compliance with policies and laws

  1. All personnel shall follow this policy, and those who violate this policy shall be punished in accordance with relevant regulations. If any relevant civil compensation, criminal liability, or administrative penalty is involved, the employment relationship may be terminated and the legal liability may be prosecuted at the discretion of the Company. The employee's obligation to protect personal data and privacy will continue to be effective after the employment relationship is terminated.
  2. The commissioned suppliers or third-party partners involved in the collection, processing and use of personal data and privacy shall follow this policy, and those who violate this policy shall be handled in accordance with the relevant contract requirements.

Purposes and objectives

This policy, as the highest guideline for the management of personal data and privacy protection, is enacted to regulate the collection, processing and use of the personal data and privacy so as to prevent harm on personality rights, and to facilitate the proper use of personal data.

The objectives are as follows:

  1. To ensure that personal data and privacy within the scope of business are properly protected.
  2. To build customer trust and protect customer rights and interests.

Scope

In order to avoid possible risks and hazards to the Company due to factors such as human negligence, intentional or natural disasters, resulting in improper use, leakage, tampering, and destruction of relevant information, the personal data and privacy will follow the matters covered by the information and communication security management, and the following will be the issues managed by the personal data and privacy controller and processor.

As the controller and manager of the personal data and privacy, the management issues are as follows:

  1. General requirements
  2. Collection and processing
  3. Obligations of the personal data and privacy to the data subject
  4. Privacy considerations design and default privacy settings
  5. Personal data and privacy sharing, transfer and disclosure

Principles of Personal Data Management and Privacy Protection

1. Consent and Choice:
The consent of the data subject shall be obtained when collecting the data of the subject, and a channel shall be provided for the data subject to choose to refuse the processing of personal data and privacy.

2. Purpose Legality and Compliance:
The collection of personal data and privacy can only be based on specific legitimate purposes and to the extent necessary.

3. Collection restrictions:
Data collection is only based on the consent of the data subject.

4. Data minimization:
We will only collect the minimum necessary personal data and privacy for specific legitimate purposes, and will not process redundant personal data and privacy.

5. Restrictions on use, possession and disclosure:
The use, possession and disclosure of data is only based on the consent of the data subject.

6. Accuracy and Quality:
We will ensure the accuracy of personal data and privacy and update when necessary.

7. Fairness, transparency and notification:
We will process personal data and privacy fairly and transparently, and inform in the privacy policy.

8. Personal participation and access:
We will respect the data subjects to exercise the rights for their personal data and privacy, including the right to make an inquiry of and to review their personal data, to request a copy of their personal data, to supplement or correct their personal data, to stop of the collection, processing or use of their personal data, and to delete their personal data, etc.

9. Suitability:
We will ensure that the personal data and privacy collected by the organization are appropriate for the organization's purposes.

10. Accountability:
We will ensure the accountability of the above principles.

11. Information and Communication Security:
Information and communication security requirements shall be considered.

12. Personal Data and Privacy Compliance:
In addition to the above principles, other relevant personal data and privacy principles shall be considered.