Privacy Policy

Wistron Corporation Privacy Policy

In order to implement the protection and management of personal data, Wistron Corporation (hereinafter referred to as "Wistron" or "the Company") refers to the requirements of local laws and regulations of the place where it operates and the EU General Data Protection Regulation (GDPR) to make the privacy policy (hereinafter referred to as this policy) as the highest principle of privacy protection, and to ensure the rights of personal data owner in order to reduce the possible impact of personal data incidents.
This policy may be adjusted or revised due to changes of relevant regulations from time to time. It is recommended that you read it regularly. This policy may have been updated when you visit us next time.

 

Article 1     Scope

  1. This policy covers all personnel of the Company, its subsidiaries, and joint ventures which the Company has significant influence on, as well as third parties such as suppliers, contractors, and external consultants.
  2. The personal data of any users (including but not limited to visitors of the Company’s website, users of products or services, employees of        customers and contractors, job applicants, visitors to the Company, investors, contracting and litigation parties, etc., hereinafter  referred to as “you”), is applicable to the scope of personal data protection.

 

Article 2     Definition of Personal Data

Personal data includes but not limited to the following:
Such as name, gender, birthday, address, phone number, email, employer, job title, ID card number / passport or other ID number, face photo, information collected by the Company's website Cookie, job applicant's education, work experience, and certificates, etc., and other information that can directly or indirectly identify the individual. The scope of personal data will be different due to different purposes of collection and use.

 

Article 3     Collection and Retention of Personal Data

  1. For the collection / retention / use of personal data with distinctive categories / purposes, the Company will provide adequate                              instructions and information, and the rights to choose for specific items. After receiving your consent with separate opt-in for each purpose, then we conduct the data collection / retention / use accordingly.
  2. The collection, processing and use of personal data shall be based on the principle of not overstepping specific purposes. It will not be used for secondary purposes. At the same time, we will monitor and manage the status of it continuously.
  3. When you contact the Company or visit the Company’s website, we may process your personal data, including the personal data acquired from the website, products, or services possibly, and the data acquired from different devices, and record and use it.
  4. The duration of personal data retention shall be five years unless otherwise agreed, or based on the disappearance of the specific purpose of the collection or the expiration of the agreed duration.

    

 

Article 4     Entity of Using Personal Data

  1. Based on legitimate business activities, we may provide personal data to the following entities:
    • Legally empowered authorities, including legal authorities, as well as the authorities conducting necessary investigation, detection or prevention of crime with the purpose of litigation or other legal procedure.
    • Institutions entitled to use of personal data in compliance with the law (such as Wistron or its affiliates, etc.).
    • Wistron’s subsidiaries and other business-related institutions.
    • Entities agreed by you (including but not limited to the following entities, such as companies that market or interactively use customer data jointly with Wistron, and companies that cooperate with Wistron to promote business, etc.).
    • Accountant, auditors and lawyers who have signed confidentiality agreements with the Company, and other advisers providing professional services to the Company.
  2. If the Company entrusts a supplier to process personal data, we will sign a contract with the supplier, and request for compliance with the following regulations:
    • Processing personal data in accordance with the purposes and scope specified in prior written instructions.
    • Establish mechanisms to protected personal data security and confidentiality subject to legal regulations and requirements.

    

 

Article 5     Use of Personal Data

The Company may collect and use your personal data based on the following purposes and in compliance with relevant laws:

  1. Based on the purpose of providing products and services - including but not limited to related matters such as the need to sign and execute contracts, and contact regarding products and services.
  2. Based on the purpose of communication and marketing - including but not limited to the update of the Company's systems, procedure and related information, communication and interaction, maintenance and update of contact information and other related matters.
  3. Based on the purpose of management - including but not limited to requirement for supplier management and personnel management and other related matters.
  4. Based on the purpose of physical security - including but not limited to factory entry and exit records, surveillance video records, and system login and entry and exit records.

 

Article 6     Security Control Mechanism

The company will take all reasonable and appropriate actions (including but not limited to equipment security management and data security auditing mechanisms, such as encryption mechanisms, firewalls, etc.) to protect personal data to prevent from illegal intrusion and access.

 

Article 7     Rights

With regard to personal data, on the legal premise, you have the right to claim / request:

  1. Refuse to provide your personal data (opt-in). However, if you choose not to provide your personal data, we may not be able to provide the relevant website functions or services in full.
  2. For the personal data used for different purposes as described in Article 5 of this policy, you may separately withdraw your previous consent to the Company's collection, processing and use (opt-out). After you exercise your rights, the Company will stop collecting, processing and using your personal data.
  3. You may exercise your rights to request deletion of your personal data in accordance with the law (opt-out), and the Company will delete your personal data after receiving the notice, except to the extent necessary for the Company to fulfill its legal obligations or as otherwise provided by law.
  4. Queries or requests for access of your personal data.
  5. Provide a duplicate copy of your personal data.
  6. Request for supplementation or correction of your personal data.
  7. If you are the residents of European Economic Area within EU, according to GDPR requirements, you have the right to claim / request limited process of your personal data, and within the extent possible, to request transfer of your personal data in the form of organized, generally usable and interpretable by machine.

 

Article 8     International Transfer of Personal Data

Because the Company is a multinational company, there may be cases of cross-border transmission and use of personal data between subsidiaries in different countries without overstepping the original and specific purpose of collecting, processing and using personal data and within the scope of this policy. The Company will follow this policy, and applicable laws and regulations of privacy and personal data protection in the transmission area.

 

Article 9     Personal Data Management Mechanism

  1. The Company incorporates privacy and personal information protection into the scope of enterprise-level risk management, and operates in accordance with "Risk Management Policy and Procedure" to reduce potential impacts.
  2. In order to ensure the implementation of the privacy protection system, the Company established “Personal Information Protection  and Management Task Force” to take in charge of the formulation of related systems, and to review the implementation of related mechanisms annually.
  3. The Company adopts regular and irregular internal and external audits to check whether the personal data protection measures and related procedures comply with relevant laws, regulations and management systems, so as to continuously improve the effectiveness of the personal data management mechanism.

    
Article 10    Implementation of personal data and privacy protection

  1. The Company will regularly conduct privacy protection training for all  personnel and evaluate the effectiveness of these training programs.
  2. The Company adopts a zero-tolerance policy for privacy protection. Any personnel who violates it will be punished in accordance with the  Company's code of conduct, and be brought to justice in accordance  with the seriousness of the case.

    

Article 11    Cookie

The Company will collect your personal data in several ways. Most of the personal data received comes from voluntary providers of users who want to acquire the Company's product information and services, or collected by information technology. When you browse our website, our information technology (IT) system may collect relevant passive information, including your Internet Protocol (IP) address, type of browser, and operating system.
We use Cookies to collect the date and time of your visit. Temporary Cookies are deleted when you close your browser. Persistent or permanent Cookies continue to exist in the palm of your device until you manually delete them, or it will be deleted by your browser according to the settings of survival duration.

 

Article 12    Whistleblowing

If there is an event or situation that may cause damage to your rights and interests, as well as a possible violation of this policy, employees of the Company, external institutes or natural persons can use the privacy protection hotline +886 2 6616-9999 # 25740, or e-mail ethic@wistron.com, to appeal or report. We will seriously protect the information of the whistleblower in order to save the rights of the whistleblower.

 

Article 13    Case Handling

When a personal data incident that may cause damage to your rights and interests, the Company will immediately initiate an investigation, and notify you in an appropriate manner after investigation. If you have any question or suggestion about this policy, please send an email to ethic@wistron.com.

 

Article 14    Implementation and Revision

This policy is implemented after being approved by the chairman, and the same procedure applies for revision.
This policy was formulated and announced on March 21st, 2022.
The 1st amendment was made on June 1st, 2024.