1. Purpose
In order to implement the protection and management of the personal data of customers and employees and comply with the provisions of the Personal Data Protection Law (hereinafter referred to as the Personal Data Law), a personal data protection and management policy (hereinafter referred to as this policy) has been formulated.
2. area
This policy applies to all personnel of the company (including employees, contracted personnel, work-study students, etc.), outsourcing service providers, personnel and visitors, etc.
3. Goal
In order to protect the personal data of the parties involved in the company's business operations, all staff of the center will work together to achieve the following goals:
3.1 In accordance with the provisions of the Personal Information Law and the Implementing Rules of the Personal Information Law, the process of collecting, processing, utilizing, storing, transmitting, and destroying personal data shall be protected.
3.2 In order to protect the security of personal data related to the company's business, it is protected from risks such as theft, tampering, damage, loss or leakage due to external threats or improper management and use by internal personnel.
3.3 Improve the protection and management capabilities of personal data, reduce operational risks, and create a trustworthy personal data protection and privacy environment.
3.4 Regularly implement personal data protection education and training, and strengthen the promotion of personal data protection and management policies.
4. Rights and Responsibilities
The company's management department is responsible for the data protection advisory group coordinating the promotion of personal data protection matters.
5. Responsibility for personal data protection
5.1 The company's operational procedures for the collection, processing and utilization of personal information within the scope of business shall prevent personal information from being stolen, tampered with, damaged, lost, leaked or other unreasonable and illegal uses, and shall be a good manager. Pay attention to responsibility.
5.2 The company should establish a complete personal data protection system in compliance with the Personal Data Protection Law and the regulations of the competent authorities to ensure that personal data within the business scope are properly managed to maintain the reputation of the center.
6. Implementation
This policy will be revised appropriately every year or in response to changes in current events, amendments to laws, etc.