Policy
In order to comply with the relevant laws and regulations of the Personal Data Protection Act, implement personal data protection management, promote the reasonable use of personal data, and safeguard the rights of data subjects, the Company has hereby established the “Personal Data Protection Policy.” This policy governs the principles for the collection, processing, and use of personal data, as well as the operational mechanisms of the management system. The policy applies to all personnel of the Company, including contract employees, part-time workers, and temporary staff. Its scope covers personal data protected under the Personal Data Protection Act, including the personal data of customers and suppliers.
The execution of personal data management for the personal data of the Company’s employees, customers, and suppliers is carried out by the Administration Department, Business Development Department, and Procurement Division, respectively. The heads of the Administration Department, Business Development Department, and Procurement Division serve as the responsible officers for personal data management. They are responsible for the planning, implementation, operation, supervision, auditing, maintenance, and improvement of the personal data management system, and for conducting management reviews of the system on a regular basis or when significant changes occur, in order to ensure its appropriateness and effectiveness. With regard to the collection, processing, use, and protection of personal data privacy involved in business operations, the Company complies with relevant government laws and regulations and uses personal data only within the scope permitted by law. The Company will not provide, lease, or otherwise disclose personal data to third parties in any disguised form, and will implement its “Personal Data Protection Policy” in practice, striving to safeguard the security of personal data and the privacy rights of individuals.
Details of the Company’s “Personal Data Protection Policy” are set forth in the following document:
Implementation Status
- In 2025, all employees received two hours of cyber security training including personal information protection, with a total of 796 attendees and 1,592 training hours, achieving a 100% completion rate.
- A total of 9 new employees in 2025 are required to complete a cyber security training course and sign the “Employee Information Operation Statement,” ”Personal Information Protection Statement and Consent to Collection, Processing, and Use” and “ Employment contract” on their first day of employment, ensuring they understand the regulations for handling and accessing internal and external company information. Further, personal information obtained by business shall be subject to confidentiality obligations.
- In 2025, there were no cases and complaints of privacy or data leaks from employees, customers, and suppliers.
