Personal Data Protection Policy Statement of EasyCard Corp.
This statement declares EasyCard Corp. (hereinafter referred to as the Company) upholds the implementation of personal data protection and management measures, complies with the relevant requirements described in “Personal Information Protection Act of R.O.C.” and protects the rights of personal data subjects, and reduces any impact given by any infringed incident related to personal data file, and continue to operate and improve the personal data management system.
The Company’s personal data management policy statement is as follows:
- Comply with the laws and regulations related to “Personal Information Protection Act of R.O.C.”;
- The Company will only collect personal data based on legitimate and specific reasonable purposes;
- Based on legitimate and specific reasonable purposes, collect the minimum necessary personal data, and will not process redundant personal data;
- The Company will inform the data subjects on how their personal data will be used and by whom clearly;
- The collected customer information data will only be processed appropriately and relevantly;
- Handling personal data fairly and legally;
- Maintain a list of personal data categories handled by the Company;
- Ensure the correctness of personal data and update it as necessary;
- The collected personal data will be kept in accordance with the law or for a specific reasonable purpose that is legal;
- Respect the rights of the data subjects to exercise their personal data, including inquiries or requests for access, requests for copies, requests for supplements or corrections, requests for cessation of collections, processing or utilization, and requests for deletion;
- Utilize the appropriate level of security technical protection for the collected, processed, utilizing personal data, to ensure the safety of all personal data;
- The Company will only transmit personal data internationally if it is indeed adequately protected;
- When personal data is applied to the exceptions allowed under “Personal Information Protection Act of R.O.C.”, its appropriateness and legality should be ensured;
- Establish and carry out the personal data management system under continuous maintenance, and enforce the personal data protection policy to ensure the safety of personal data files;
- Identify the extent to which internal and external stakeholders and their participation in the management and operation of the personal data management system;
- Clearly define the responsibilities and obligations of employees in the operation of the personal data management system.
- Plan emergency procedures to deal with accidents such as theft, tampering, damage, loss or leakage of personal data;
- Properly supervise the trustee if it is entrusted to collect, process and use personal data.
- Implement a platform to provide the data subjects to exercise their rights regarding personal data or to make relevant complaints and inquiries.
The promulgation of this statement clearly declares the importance of maintaining personal data management. All employees should have a clear understanding of the contents of this statement in order to ensure the safety and sustainable operation of all personal data files of the Company.
Last revised date: 28/03/2019