Policy on the Protection of Privacy and Personal Data

ProLogium Technology Co, Ltd. (“Company”) values the importance of privacy and personal data protection. This Policy on the Protection of Privacy and Personal Data (the “Policy”) is adopted by Company in accordance with the Personal Data Protection Act of Taiwan and applicable laws and regulations on the protection of privacy and personal data in countries or areas where Company and its subsidiaries (collectively “ProLogium”) operate, to guide and manage the compliance by ProLogium. The Policy aims to protect the privacy and personal data of persons interacting with ProLogium including customers and suppliers, visitors, website users, investors, and shareholders (”data subject”). ProLogium shall commit to collecting, processing and using personal data in strict accordance with the Policy and requesting ProLogium’s suppliers to respectively comply with the Policy and cooperate with ProLogium to protect the privacy and personal data, securing the rights and interests of data subject.

A. Purpose of Collection, Processing and Use

ProLogium may collect, process and use personal data for the following purposes (“Specific Purpose”):

  1. Business operation: via email or other channels to perform, cooperate or communicate relevant business matters and agreements, etc.
  2. Marketing: via website or other channels, to provide commercial information or and communicate marketing and other relevant matters.
  3. Security management: by using appropriate measures to ensure the security of data, and safety of personnel and the facility.
  4. Website maintenance and communication: to improve the function and services of the company’s website, provide the latest information related to business and investment, or respond to website user’s inquiries.
  5. Where it is necessary to fulfill statutory obligations under applicable laws.
  6. Where it is necessary to assist public authorities in with respect to statutory duties.
  7. Where it is necessary or appropriate to assert, exercise or protect ProLogium’s legal rights.
  8. To conduct and execute operational management procedures.

B. Collection, Processing and Use of Personal Data

I. Under specific circumstances, ProLogium may collect, process and use certain personal data as follows:

  1. ProLogium may collect, process and use the personal data of personnel in the course of communicating, collaborating or conducting any activity, as follows:
    • Personal information including name, gender, employer and business title
    • Contact information including telephone number and e-mail address
    • Other information that may be used to directly or indirectly identify the personnel
  2. In order to ensure the safety and security of both related personnel and workplace environment, ProLogium may collect, process and use the following personal data of persons who enter facilities of ProLogium for the purpose of performing job duties or business visits:
    • Personal information including name, gender, employer, business title or other forms of identification and facial photography
    • Contact information including correspondence address, telephone number and e-mail address
    • Other information necessary for public interests
  3. ProLogium may collect, process and use the personal data of persons visiting the Company’s website and utilizing the web services, as follows:
    • Personal information including name, gender, employer, business title or other forms of identification
    • Contact information including correspondence address and e-mail address
    • Other information that may be used to directly or indirectly identify the website user
    • Data collected by Cookies

II. ProLogium will not actively collect, process and use sensitive personal data including medical records, healthcare, physical examination and criminal records except for the following situations:

  1. Where it is expressly required by applicable laws or regulations
  2. Where it is necessary to fulfill statutory obligations with maintenance and protective measures that are appropriate and secure
  3. Where it is necessary to assist the public authority in performing its statutory duties of investigating or preventing illegal activities and criminal cases
  4. Consent is given by the data subject

III. Unless notification may be waived in accordance with the applicable laws and regulations, ProLogium shall inform the data subject of the following matters:

  1. Specific Purpose of collection, processing and use of personal data
  2. Data subject may decide to consent or reject ProLogium’s collection, processing and use of requested or suggested personal data
  3. Data subject rejecting collection, processing and use of personal data by ProLogium, or providing inaccurate or incomplete personal data for ProLogium to collect, process and use may result in ProLogium’s inability to provide the data subject with specific or complete information, feedbacks, or services

IV. ProLogium shall collect, process and use personal data to the extent not exceeding the necessary scope of Specific Purpose and ensure the collection, processing and use of personal data that have legitimate and reasonable connection with Specific Purpose.

The data subject may request the cessation of the collection, processing and use of personal data by ProLogium, or deletion/destruction of personal data collected, processed or used by ProLogium and ProLogium shall proceed accordingly in accordance with such request.

C. Third Party Disclosure

I. ProLogium may disclose personal data to third parties under the following circumstances:

  1. The third party is a public authority (the Court, Prosecutor/Policy/Investigation Bureau, or national or local government agency, etc.):
    • Where it is necessary to fulfill statutory obligation
    • Where it is necessary to assist the public authority in performing its statutory duties of investigating or preventing illegal activities a investigating criminal cases
    • Where it is necessary to assert, exercise or protect ProLogium’s legal rights
    • At the request of the data subject
  2. The third party is a private legal entity (including Company’s affiliates), private institution or organization, or individual:
    • Where it is necessary to fulfill statutory obligation
    • Where it is necessary to assert, exercise or protect ProLogium’s legal rights
    • For the use to the extent not exceeding the necessary scope of the Specific Purpose
    • At the request of the data subject

II. ProLogium shall manage third party disclosures in compliance with the following requirements:

  1. Verifying the identity of the third party
  2. Notifying data subject and obtaining his/her consent unless applicable laws and regulations provided otherwise
  3. Disclosing minimal extent and only necessary personal data, and requiring third parties to comply with applicable laws and regulations on personal data protection

D. Accuracy of Personal Data

ProLogium shall take measures that are reasonable and necessary to maintain the accuracy of personal data and, proactively or at the request of the data subject, supplement or correct personal data.

E. Retention and Security of Personal Data

I. ProLogium shall retain personal data for a reasonable period of time not exceeding the necessary scope of Specific Purpose, which in principle does not exceed five (5) years. Unless continuous retention of personal data is expressly required by applicable laws and regulations or is necessary for ProLogium to perform specific duties or business, or has the consent of the data subject, ProLogium shall, proactively or at the request of the data subject, cease the collection, processing and use of personal data, or delete/destruct personal data if collection, processing and use is no longer necessary, the legitimate and reasonable connection with Specific Purpose no longer exists, or the laws and regulations on retention become not applicable.

II. ProLogium shall establish appropriate and secure measures to manage the storage, processing, transmission, retention, access privileges of personal data and data storage/transfer tools. ProLogium shall commit to safeguarding personal data to prevent damage, loss, theft, leakage, unauthorized access, copies, use or alteration.

F. Cross-Border Transfer

Personal data may be transferred among and used by ProLogium’s affiliates located in different countries to the extent not exceeding the original scope of the Specific Purpose. ProLogium shall manage the transfer and use of personal data in accordance with the Policy and applicable privacy and personal data laws and regulations in the countries where the personal data is transferred and used.

G. Website Cookies

To improve and enhance the Company’s website services, ProLogium uses cookies to collect, process and use certain persona data, such as the user’s internet protocol address. To know more about our use of cookies, please refer to ProLogium’s Cookies Policy.

H. Legal Rights

  1. The right to request an inquiry or review
  2. The right to request a copy
  3. The right to supplement or correct the incomplete or incorrect personal data
  4. The right to request the cessation of collection, processing and use
  5. The right to request the deletion/destruction of personal data that is displayed or stored internally at ProLogium, or publicly available on public websites, files or other forms of storage
  6. Where necessary and technically feasible, the right to request the transfer of personal data, in electronic and machine readable format, to designated third party data controller
  7. The right to report any personal data violation to public authorities in the area where the data subject is a resident or where the personal data is used

I. Others

I. ProLogium adopts a zero-tolerance policy to any violation of privacy and personal data protection. Should a violation be identified after thorough investigations, ProLogium shall immediately review and improve management measures, and take disciplinary actions against errant personnel and where necessary, seek indemnity or prosecution in accordance with applicable laws and regulations.

II. ProLogium’s employees, external parties or natural persons may file a report or complaint on suspected violations via whistleblowing mailbox (integrity@prologium.com) by ProLogium.

III. For matters concerning the Policy or any other issues related to privacy and personal data, ProLogium’s employees, external parties or natural persons may contact the following responsible department of ProLogium:

ProLogium Technology Co., Ltd.
PR Team
+886 3 4521991 #18803
media@prologium.com

This Policy may be updated from time to time. Please refer to Company’s website for the latest version. (This version was last updated on June 01st, 2022)