Personal Data Protection Policy
Net-Chinese Co., Ltd. (hereinafter referred to as "the Company") is to implement the protection and management of personal data, and comply with the requirements of the Personal Data Protection Act and Enforcement Rules of the Personal Data Protection Act, ISO/IEC 29100: 2011 International Standard, and CNS 29100 National Standard, the following policy statement is specially formulated as the highest guideline for the protection of personal data of the Company.
- 2.1Personal Data Protection Act
- 2.2Enforcement Rules of the Personal Data Protection Act
- 2.3IISO/IEC 29100: 2011 International Standard
- 2.4CNS 29100 National Standard
- 3.1The Company's corporate governance, domain name registration and value-added services, domain name registration service management services and other personal data collection, processing, use and international transmission related operations. o 3.2 The personal data mentioned in this policy refers to a natural person's name, date of birth, ID Card number, passport number, features, fingerprints, marital status, family information, education background, occupation, medical records, healthcare data, genetic data, data concerning a person's sex life, records of physical examination, criminal records, contact information, financial conditions, data concerning a person's social activities and any other information that may be used to directly or indirectly identify a natural person.
- 3.2The personal data mentioned in this policy refers to a natural person's name, date of birth, ID Card number, passport number, features, fingerprints, marital status, family information, education background, occupation, medical records, healthcare data, genetic data, data concerning a person's sex life, records of physical examination, criminal records, contact information, financial conditions, data concerning a person's social activities and any other information that may be used to directly or indirectly identify a natural person.
4.Personal Data Protection Statement
- 4.1The Company established the "Personal Data Protection Management Committee" (hereinafter referred to as the "Personal Information Management Committee") to formulate the Company's personal data protection policy and personal data file security maintenance plan, and clearly define the rights and responsibilities involved in the protection of personal data, Promote and review the legality and effectiveness of the personal data protection management system, and coordinate and discuss matters such as overall planning and resource scheduling.
- 4.2The Company implements a personal data protection management system, and establishes and implements relevant control measures for personal data protection management to ensure the safety of personal data and implement personal data protection.
- 4.3The Company respects the rights and interests of the parties under legal operations and related businesses, collects, processes, uses and internationally transmits personal data within the scope of specific purposes in a reasonable and safe manner in accordance with honesty and credibility methods, except for personal data Except for the proviso of Article 20, Paragraph 1 of the Data Protection Act, it shall not be used outside the scope of a specific purpose.
- 4.4When the Company entrusts other agencies to collect, process and use personal data, it will properly supervise the entrusted agency, specify the responsibility of the agency's personal data security protection and confidentiality regulations, and include it in the contract, and require the entrusted agency to abide by and regularly check it.
- 4.5The Company respects the rights that parties can exercise over their personal data, including
- (1)The right to make an inquiry of and to review his/her personal data;
- (2)The right to request a copy of his/her personal data;
- (3)The right to supplement or correct his/her personal data;
- (4)The right to demand the cessation of the collection, processing or use of his/her personal data; and
- (5)The right to erase his/her personal data.
- 4.6The Company sets up a personal data protection contact person to accept personal data submissions, complaints, consultations, exercise of personal rights, coordination and contact of personal data protection management matters and other related matters.
- 4.7The Company establishes the necessary personal data protection management record and track data preservation system with the current technology and measures.
- 4.8The Company establishes and maintains a list of personal data files, identifies the specific purpose and legality of personal data, and classifies them, uses systematic risk assessment methods, assesses risks and implements appropriate control measures, and updates them every year. Check to ensure the correctness and completeness of the personal data held by the Company.
- 4.9The Company enhances its personnel's awareness of personal data protection safety awareness and management capabilities, reduces operational risks, and creates a trustworthy personal data protection environment.
- 4.10The Company formulates a personal data accident response drill plan every year and conducts regular drills.
- 4.11The Company has established a personal data incident notification mechanism. When a personal data incident occurs, it will be notified in accordance with regulations, and contingency measures will be taken within the shortest period of time. After the incident is handled, it must be reviewed and improved.
- 4.12The Company conducts internal audits of the personal data protection management system and convenes individual asset management committee meetings every year. Through the continuous improvement process, that is, the spirit of PDCA, the effectiveness of the implementation of the personal data protection management system is ensured to comply with the Personal Data Protection Act and Relevant laws and regulations, and comply with the requirements of relevant international standards and national standards.
- 4.13Anyone of our Company who violates relevant laws or relevant provisions of the Company's personal data protection management system will be handled in accordance with relevant laws and relevant penalties of the Company, and shall bear equivalent legal liabilities.
5.Implementation and Amendment
- 5.1This policy shall be reviewed once a year or in the event of a major change, an individual asset management committee meeting shall be held to ensure that this policy meets the requirements of laws, regulations, international standards and national standards.
- 5.2This policy will be announced and implemented after being reviewed and approved by the Asset Management Committee, and it will be the same when amended.