Privacy Policy

1. To ensure the security of personal data files, the company has designated a responsible person to carry out maintenance activities in accordance with the following personal data file security maintenance plan, as required by law.

2. Security Maintenance Plan for Personal Data Files:

Regarding Data Security

(1) For personal data files stored in databases, the scope of use and permissions should be defined using "user codes" and "identification passwords." Identification passwords should be kept confidential and not shared with others.
(2) For personal data files stored on personal computer hard drives, the data retention unit should set up a boot password, screen protection program password, and related security measures on that personal computer.
(3) Personal data files may not be used without authorization.
(4) Personal data files should be exited immediately after use and should not be left on the computer display screen.
(5) Personal identification passwords should be kept confidential, and they must be changed by the individual after a set period of time to prevent others from stealing and using them for an extended period.
(6) If a customer inquires about their personal information over the phone, authentication is required before providing relevant information to protect the customer's rights.
(7) When collecting, processing, internationally transmitting, and utilizing personal data via the Internet, necessary preventive and protective measures should be taken to detect and prevent computer viruses and other malicious software to ensure the normal operation of the system.
(8) When conducting transactions over the Internet, security risks should be assessed, and appropriate security control measures should be devised.

Regarding Data Auditing

(1) When processing personal data on a computer, the input, output, editing, or correction of personal data should be verified to ensure it matches the original file.
(2) When providing personal data for use, it should be cross-checked with the file data. If there are any doubts, the original file should be reviewed for verification.
(3) A regular auditing system should be established, and audit records should be retained.

Regarding Equipment Management

(1) Regarding computer equipment used for personal data management, the data retention unit should perform regular maintenance.
(2) Unless necessary, computer equipment should not be moved arbitrarily.
(3) Personal computers used for personal data management should not be directly used as front-end tools for public queries.
(4) Establish a remote backup system.
(5) Ensure the proper deletion of personal data stored in obsolete or resold computer hardware.

Other Security Maintenance Matters

(1) Personnel handling personal data files on computers, when their duties change, should transfer the stored media and relevant data inventory to the incoming personnel. The incoming personnel should set a new password for management purposes.
(2) After an employee leaves the company, all passwords they had access to must be revoked and adjusted appropriately.
(3) Adhere to relevant regulations on general computer security maintenance.