I. Establishment and Disclosure of Personal Data Protection Policies
In accordance with the Personal Data Protection Act and relevant regulations, the Company has established and implemented documents such as the Personal Data Protection Management Regulations and the Employee Personal Data Collection Consent Form. These documents clearly define the principles governing the collection, processing, use, and security maintenance of personal data to ensure the legality, accuracy, and security of all personal information.
Relevant policy contents have been published on the Company’s internal website and management department bulletin boards for all employees’ reference and compliance.
II. Scope of Application and Responsible Departments
This policy applies to all employees of the Company, as well as vendors conducting business with the Company (including their employees), and covers all personal data files collected, processed, and used through automated or non-automated methods.
The Human Resources Division under the Administration Department is responsible for coordinating the promotion and implementation of personal data protection, while cooperating with all departments to enforce data security management and employee training.
The Company’s management units are required to conduct annual self-assessments of personal data protection management, and the internal audit unit shall perform annual audits to ensure the continuous effectiveness and implementation of the system.
III. Annual Implementation and Training Statistics
To effectively implement the personal data protection policy, the signing rate of Employee Personal Data Collection Consent Forms among all Taipei employees reached 100%.
In 2025, the Company conducted personal data protection awareness training for all Taipei employees. The training covered topics including:
- Basic concepts of the Personal Data Protection Act
- Regulations governing the collection and use of personal data
- Employee rights
- Data security maintenance
A total of 135 employees participated in the training (excluding expatriate Taiwanese employees). Each employee completed one hour of training, resulting in a total of 135 training hours.
All training sessions were fully completed with attendance records retained. The Company will continue strengthening employees’ awareness and implementation effectiveness regarding personal data protection through annual training programs and internal audits.