CONTACT
RECRUIT
.png)
.png)
Personal Data Management
To safeguard the personal data of customers, employees, and other stakeholders, the Company has established its Personal Data Management Policy in accordance with the Personal Data Protection Act and related regulations. The policy was first enacted on December 31, 2014, as the guiding framework for the collection, processing, use, and protection of personal data. In response to regulatory updates and practical operational needs, the Policy was revised on January 22, 2024. The revised policy has been internally announced and communicated, and is publicly disclosed on the Company’s website (Company Website > Corporate Governance > Important Internal Policies > Personal Data Management Policy).
The scope of the Company’s personal data protection policy covers all operating locations and extends to subsidiaries, customers, and suppliers. All activities involving the collection, processing, use, and protection of personal data are conducted in accordance with applicable laws and the Company’s internal management systems. Personal data is used only within legally permitted purposes, and improper disclosure, provision, or transfer to third parties is strictly prohibited.
To strengthen personal data management and risk control, the Administration Department and the Corporate Governance Team jointly oversee the implementation of personal data protection policies and management systems. Their responsibilities include policy promotion, risk assessment, internal awareness programs, and periodic system reviews, with the aim of enhancing the overall effectiveness of personal data protection governance.
In terms of information security and personal data protection measures, the Company continues to enhance its safeguards based on operational needs, addressing technical controls, management practices, and personnel procedures. These measures include access control mechanisms, information security awareness initiatives, and employee training programs, thereby reducing the risk of unauthorized access or data leakage.
The Company has also established reporting and response procedures for potential personal data incidents. In the event of unauthorized access, leakage, or other infringements involving personal data, the Company will handle the matter in accordance with relevant laws and internal procedures, and cooperate with the appropriate authorities where necessary. Any breach of confidentiality obligations will be addressed in accordance with applicable regulations.
Implementation Status of Personal Data Protection in 2025
• A total of 8 new employees received internal awareness training to strengthen understanding of personal data protection and legal compliance.
• Internal audit: A comprehensive review of personal data protection practices was conducted in accordance with internal management systems, with no material deficiencies identified.
• No major incidents involving personal data breaches or violations of personal data protection regulations occurred during the year.
Looking ahead, the Company will continue to review and update its personal data protection policies in line with regulatory developments and operational needs, further strengthening management mechanisms and training programs to ensure proper protection of personal data and to enhance stakeholder trust in the Company’s information security and privacy practices.
The scope of the Company’s personal data protection policy covers all operating locations and extends to subsidiaries, customers, and suppliers. All activities involving the collection, processing, use, and protection of personal data are conducted in accordance with applicable laws and the Company’s internal management systems. Personal data is used only within legally permitted purposes, and improper disclosure, provision, or transfer to third parties is strictly prohibited.
To strengthen personal data management and risk control, the Administration Department and the Corporate Governance Team jointly oversee the implementation of personal data protection policies and management systems. Their responsibilities include policy promotion, risk assessment, internal awareness programs, and periodic system reviews, with the aim of enhancing the overall effectiveness of personal data protection governance.
In terms of information security and personal data protection measures, the Company continues to enhance its safeguards based on operational needs, addressing technical controls, management practices, and personnel procedures. These measures include access control mechanisms, information security awareness initiatives, and employee training programs, thereby reducing the risk of unauthorized access or data leakage.
The Company has also established reporting and response procedures for potential personal data incidents. In the event of unauthorized access, leakage, or other infringements involving personal data, the Company will handle the matter in accordance with relevant laws and internal procedures, and cooperate with the appropriate authorities where necessary. Any breach of confidentiality obligations will be addressed in accordance with applicable regulations.
Implementation Status of Personal Data Protection in 2025
• A total of 8 new employees received internal awareness training to strengthen understanding of personal data protection and legal compliance.
• Internal audit: A comprehensive review of personal data protection practices was conducted in accordance with internal management systems, with no material deficiencies identified.
• No major incidents involving personal data breaches or violations of personal data protection regulations occurred during the year.
Looking ahead, the Company will continue to review and update its personal data protection policies in line with regulatory developments and operational needs, further strengthening management mechanisms and training programs to ensure proper protection of personal data and to enhance stakeholder trust in the Company’s information security and privacy practices.