The personal data and privacy management policy of the Company shall be implemented after the approval of the president or his designated agent, and the same shall apply when the policy is amended. The summary is as follows:
This policy, as the highest guideline for the management of personal data and privacy protection, is enacted to regulate the collection, processing and use of the personal data and privacy so as to prevent harm on personality rights, and to facilitate the proper use of personal data.
The objectives are as follows:
In order to avoid possible risks and hazards to the Company due to factors such as human negligence, intentional or natural disasters, resulting in improper use, leakage, tampering, and destruction of relevant information, the personal data and privacy will follow the matters covered by the information and communication security management, and the following will be the issues managed by the personal data and privacy controller and processor.
As the controller and manager of the personal data and privacy, the management issues are as follows:
1. Consent and Choice:
The consent of the data subject shall be obtained when collecting the data of the subject, and a channel shall be provided for the data subject to choose to refuse the processing of personal data and privacy.
2. Purpose Legality and Compliance:
The collection of personal data and privacy can only be based on specific legitimate purposes and to the extent necessary.
3. Collection restrictions:
Data collection is only based on the consent of the data subject.
4. Data minimization:
We will only collect the minimum necessary personal data and privacy for specific legitimate purposes, and will not process redundant personal data and privacy.
5. Restrictions on use, possession and disclosure:
The use, possession and disclosure of data is only based on the consent of the data subject.
6. Accuracy and Quality:
We will ensure the accuracy of personal data and privacy and update when necessary.
7. Fairness, transparency and notification:
8. Personal participation and access:
We will respect the data subjects to exercise the rights for their personal data and privacy, including the right to make an inquiry of and to review their personal data, to request a copy of their personal data, to supplement or correct their personal data, to stop of the collection, processing or use of their personal data, and to delete their personal data, etc.
We will ensure that the personal data and privacy collected by the organization are appropriate for the organization's purposes.
We will ensure the accountability of the above principles.
11. Information and Communication Security:
Information and communication security requirements shall be considered.
12. Personal Data and Privacy Compliance:
In addition to the above principles, other relevant personal data and privacy principles shall be considered.