Wistron Corporation Privacy Policy

To ensure the protection and management of personal data, Wistron Corporation (hereinafter referred to as "Wistron" or "the Company") has established this Privacy Policy (hereinafter referred to as this Policy) in accordance with local laws and regulations in its locations of operation and the relevant requirements of the EU General Data Protection Regulation (GDPR). This Policy serves as the highest principle of privacy protection, ensures the rights of personal data subjects, and mitigates the potential impact of personal data incidents.

This Policy may be amended from time to time due to changes in relevant regulations, and you are advised to read it regularly and may have been updated the next time you visit us.

 

Article 1     Scope

1. This Policy covers all personnel of the Company, its subsidiaries and the Company's influential joint ventures, as well as suppliers, contractors, external consultants and other third parties.
2. The personal information of any user (including but not limited to visitors to the Company's website, users of products or services, employees of corporate customers and contractors, applicants, visitors to the Company, investors, contractors and litigation targets, etc., hereinafter referred to as “you”) shall be subject to the scope of personal data protection.

 

Article 2     Definition of personal data

Personal data includes but not limited to the following:
Such as name, gender, date of birth, address, telephone number, e-mail address, service organization, job title, ID number/passport or other ID number, face photo, information collected by cookies on the Company's website, job applicant's education, experience and qualifications, etc., and other information that can directly or indirectly identify the individual. Each personal data may vary depending on the purpose for which it is collected and used.

 

Article 3     Collection and retention of personal information

1. For the collection/retention/use of personal information for different categories/purposes, we will provide sufficient explanations and information and provide the right to make independent choices for specific items, and only after obtaining consent will the data collection/retention/use. 
2. The collection, processing and use of personal information will not exceed the specific purpose and will not be used for a second time, and we will continue to monitor and manage the status of relevant data.
3. When you contact the Company or visit the Company's website, we may process personal data about you, including personal information obtained from the website, products or services, as well as information obtained from different devices, and record and use it.
4. Unless otherwise agreed, the retention period of personal data shall be based on the principle of five years or based on the disappearance of the specific purpose of collection or the expiration of the agreed period.

 

Article 4     Who will use your personal information?

1. Personal data is based on legitimate business activities, and we may provide personal data to the following parties:

            1.1 Authorities with legal authority, including competent legal authorities, as well as those necessary for the conduct of litigation or other

                  legal proceedings and for the investigation, investigation or prevention of criminal acts.

            1.2 Institutions that are required by law to use (e.g., Wistron's parent company or affiliated companies, etc.).

            1.3 Wistron's subsidiaries and other business-related organizations. 

            1.4 Objects of your consent (including but not limited to the following objects, such as companies that Wistron jointly markets or

                  interactively uses customer information, companies that cooperate with Wistron to promote business, etc.).

            1.5 Accountants, auditors, lawyers and other professionals who have signed confidentiality agreements with the Company and 

                  provide consulting services to the Company. 

 

 2. If the Company entrusts a supplier to process personal information, we will enter into an agreement with the supplier to meet the following   

     requirements:

           2.1 The processing of personal data is within the scope of the purposes for which the personal data is subject to prior written instructions.

           2.2 Comply with legal requirements and establish a mechanism to protect the security and confidentiality of personal data.

 

Article 5     Use of personal data

The Company may collect and use your personal data for the following purposes of use, subject to applicable laws:

1. To provide products and services, including but not limited to matters related to the signing of agreements, the conclusion of contracts, and the communication of products and services. 
2. To communication and marketing, including but not limited to updating the Company's systems, processes and related information; Communication, maintenance, and updating of contact information. 
3. For management purposes, including but not limited to supplier management and personnel management.
4. To physical preservation - including but not limited to factory entry and exit records, monitor video records, and system login, entry and exit records.

 

Article 6     Security management and control mechanism

The Company will take all reasonable and appropriate actions (including but not limited to equipment security management and data security audit 
mechanisms, such as encryption mechanisms, firewalls, etc.) to protect personal data to prevent unlawful intrusion and avoid illegal access to data.

 

Article 7     Rights

In the case of personal data, you have the right to claim / request, subject to lawfulness:

1. Refuse to provide your personal data, but if you choose not to provide your personal data, we may not be able to provide the relevant website features or services in their entirety.
2. For the personal data used for different purposes mentioned in Article 5 of this Policy, you may withdraw your previous consent to the collection, processing and use of your personal data by the Company, and the Company will stop collecting, processing and using your personal information after exercising it.
3. You may exercise your right to request the deletion of your personal information in accordance with the law, and the Company will delete your personal information after receiving the notice, unless the Company is necessary to fulfill its legal obligations or otherwise required by law.
4. Query or request to review your personal information.
5. Provide a copy of your personal data.
6. Request supplementation or correction of your personal data.
7. If you are a European Economic Area resident within the EU, you have the right to assert/request restriction of the processing of your personal data and, to the extent possible, request the transfer of your personal data in an organized, commonly used and machine-readable format, in accordance with the GDPR.

 

Article 8     Cross-border transfer of data

As the Company is a multinational enterprise, there may be cross-border transfer and use of personal data between subsidiaries in different countries within the scope of the specific purpose of collection, processing and use of personal information and in accordance with this Policy, and the Company will comply with the applicable privacy and personal data protection laws and regulations applicable to the policy and the transfer region.

 

Article 9     Personal Data management mechanism

1. The Company incorporates privacy and personal data protection into the scope of enterprise-level risk management and conducts relevant operations in accordance with Risk Management Policy and Procedure to reduce potential impacts. 
2. To ensure the implementation of the privacy protection system, the Company has established a personal information protection management team to be responsible for the formulation of the relevant system and reviews the implementation status of the relevant mechanism every year. 
3. The Company will initiate an external audit plan as appropriate to verify whether the measures and related procedures for the protection of personal data comply with laws and regulations and management systems, to continuously improve the effectiveness of the personal information management mechanism. 
4. The Company's internal control department conducts audits every six months, covering the collection, processing, and transmission of personal data to ensure that related operations comply with local laws and this Policy.

    
Article 10    Education and training

The Company will conduct regular training on privacy protection for all personnel and evaluate the effectiveness of the training.

   

Article 11    Cookie

The Company collects your personal information in a variety of ways. Most of the personal information we receive is voluntarily provided by users seeking information about our products and services, or collected through technology. When you browse our website, our information technology (IT) systems may collect passive information, including your Internet Protocol (IP) address, browser type, and operating system.
 

We use cookies to collect the date and time of your visit. Session cookies are temporary records that are deleted when you close your browser. Persistent or permanent cookies remain on your device until you manually delete them or your browser deletes them according to the expiration time you set for permanent cookies.

 

Article 12    Report

In the event of an event or circumstance that may cause damage to your rights and interests, or a possible violation of this Privacy Policy, the Company's employees, external units or natural persons can appeal or report through the Privacy Protection Hotline at +886 2 6616-9999 # 25740, or email ethic@wistron.com. Wistron is committed to maintaining the confidentiality of the whistleblower and the content of the report and accepting anonymous reports to protect the whistleblower from being wrongly disposed of because of the report.

 

Article 13    Responsible authority

Wistron's Global Human Resources and Administration department is the primary authority responsible for handling reported incidents. When a personal information incident occurs that harms your rights and interests, the Company will promptly handle and investigate the matter and notify you appropriately upon investigation. If you have any questions or suggestions regarding this Policy, please email ethic@wistron.com.

 

Article 14    Discipline for violations

Wistron has a zero-tolerance policy for any violations of this Policy. Upon receiving a report, all violations will be thoroughly investigated and promptly addressed. Upon confirmation of violations of this Policy, Wistron will, within the scope of laws and internal regulations, impose penalties such as warnings, demerits, or bonus partial reductions, depending on the severity of the violation. Serious violations will result in dismissal, and the perpetrator may be reported to judicial authorities for legal prosecution.

 

Article 15    Implementation and revision

This policy shall be implemented upon approval by the Chairman of the Board, and the same shall apply to any amendments
This Policy was formulated on March 21st, 2022.
The first revision was made on June 1st, 2024.
The second revision was made on August 15th, 2025.