Private Policy

Wistron Privacy Policy

In order to implement the protection and management of personal data, Wistron Corporation (hereinafter referred to as "Wistron" or "the Company") refers to the requirements of local laws and regulations of the place where it operates and the EU General Data Protection Regulation (GDPR) to make the privacy policy (hereinafter referred to as this policy) as the highest principle of privacy protection, and to ensure the rights of personal data owner in order to reduce the possible impact of personal data incidents.

This policy may be adjusted or revised due to changes of relevant regulations from time to time. It is recommended that you read it regularly. This policy may have been updated when you visit us next time.

 

Article 1     Scope

  1. This policy covers all personnel of the Company, its subsidiaries, and joint ventures which the Company has significant influence on, as well as third parties such as suppliers, contractors, and external consultants.
  2. The personal data of any users (including but not limited to visitors of the Company's website, users of products or services, employees of customers and contractors, job applicants, visitors to the Company, investors, contracting and litigation parties, etc., hereinafter referred to as “you”), is applicable to the scope of personal data protection. 

 

Article 2     Definition of Personal Data

Personal data includes but not limited to the following:

Such as name, gender, birthday, address, phone number, email, employer, job title, ID card number / passport or other ID number, face photo, information collected by the Company's website Cookie, job applicant's education, work experience, and certificates, etc., and other information that can directly or indirectly identify the individual. The scope of personal data will be different due to different purposes of collection and use.

 

Article 3     Collection and Retention of Personal Data

  1. For the collection / retention / use of personal data with distinctive categories / purposes, the Company will provide adequate instructions and information, and the rights to choose for specific items. After receiving your consent with separate opt-in for each purpose, then we conduct the data collection / retention / use accordingly.
  2. The collection, processing and use of personal data shall be based on the principle of not overstepping specific purposes. It will not be used for secondary purposes. At the same time, we will monitor and manage the status of it continuously.
  3. When you contact the Company or visit the Company's website, we may process your personal data, including the personal data acquired from the website, products, or services possibly, and the data acquired from different devices, and record and use it.
  4. The duration of personal data retention shall be five years unless otherwise agreed, or based on the disappearance of the specific purpose of the collection or the expiration of the agreed duration.

 

Article 4     Entity of Using Personal Data

  1. Based on legitimate business activities, we may provide personal data to the following entities:
  2. Legally empowered authorities, including legal authorities, as well as the authorities conducting necessary investigation, detection or prevention of crime with the purpose of litigation or other legal procedure.
  3. Institutions entitled to use of personal data in compliance with the law (such as Wistron or its affiliates, etc.).
  4. Wistron's subsidiaries and other business-related institutions.
  5. Entities agreed by you (including but not limited to the following entities, such as companies that market or interactively use customer data jointly with Wistron, and companies that cooperate with Wistron to promote business, etc.).
  6. Accountant, auditors and lawyers who have signed confidentiality agreements with the Company, and other advisers providing professional services to the Company.
  7. If the Company entrusts a supplier to process personal data, we will sign a contract with the supplier, and request for compliance with the following regulations:
  8. Processing personal data in accordance with the purposes and scope specified in prior written instructions.
  9. Establish mechanisms to protected personal data security and confidentiality subject to legal regulations and requirements.

 

Article 5     Use of Personal Data

The Company may collect and use your personal data based on the following purposes and in compliance with relevant laws:

  1. Based on the purpose of providing products and services - including but not limited to related matters such as the need to sign and execute contracts, and contact regarding products and services.
  2. Based on the purpose of communication and marketing - including but not limited to the update of the Company's systems, procedure and related information, communication and interaction, maintenance and update of contact information and other related matters.
  3. Based on the purpose of management - including but not limited to requirement for supplier management and personnel management and other related matters
  4. Based on the purpose of physical security - including but not limited to factory entry and exit records, surveillance video records, and system login and entry and exit records.

 

Article 6     Security Control Mechanism

The company will take all reasonable and appropriate actions (including but not limited to equipment security management and data security auditing mechanisms, such as encryption mechanisms, firewalls, etc.) to protect personal data to prevent from illegal intrusion and access.

 

Article 7     Rights

With regard to personal data, on the legal premise, you have the right to claim / request:

  1. Refuse to provide personal data. However, if you choose not to provide personal data, we may not be able to provide the relevant website functions or services in full.
  2. Delete or stop the collection, processing and use of personal data.
  3. Queries or requests for access of personal data.
  4. Provide a duplicate copy of personal data.
  5. Request for supplementation or correction of personal data.
  6. If you are the residents of European Economic Area within EU, according to GDPR requirements, you have the right to claim / request limited process of personal data, and within the extent possible, to request transfer of personal data in the form of organized, generally usable and interpretable by machine.

 

Article 8     International Transfer of Personal Data

Because the Company is a multinational company, there may be cases of cross-border transmission and use of personal data between subsidiaries in different countries without overstepping the original and specific purpose of collecting, processing and using personal data and within the scope of this policy. The Company will follow this policy, and applicable laws and regulations of privacy and personal data protection in the transmission area.

 

Article 9     Personal Data Management Mechanism

  1. The Company incorporates privacy and personal information protection into the scope of enterprise-level risk management, and operates in accordance with "Risk Management Policy and Procedure" to reduce potential impacts.
  2. In order to ensure the implementation of the privacy protection system, the Company established “Personal Information Protection and Management Task Force” to take in charge of the formulation of related systems, and to review the implementation of related mechanisms annually.
  3. The Company adopts regular and irregular internal and external audits to check whether the personal data protection measures and related procedures comply with relevant laws, regulations and management systems, so as to continuously improve the effectiveness of the personal data management mechanism.

 

Article 10     Implementation of Personal Data and Privacy Protection

  1. The Company will regularly conduct privacy protection training for all personnel and evaluate the effectiveness of these training programs.
  2. The Company adopts a zero-tolerance policy for privacy protection. Any personnel who violates it will be punished in accordance with the Company's code of conduct, and be brought to justice in accordance with the seriousness of the case.

 

Article 11    Cookie

The Company will collect your personal data in several ways. Most of the personal data received comes from voluntary providers of users who want to acquire the Company's product information and services, or collected by information technology. When you browse our website, our information technology (IT) system may collect relevant passive information, including your Internet Protocol (IP) address, type of browser, and operating system.

We use Cookies to collect the date and time of your visit. Temporary Cookies are deleted when you close your browser. Persistent or permanent Cookies continue to exist in the palm of your device until you manually delete them, or it will be deleted by your browser according to the settings of survival duration.

 

Article 12    Whistleblowing

If there is an event or situation that may cause damage to your rights and interests, as well as a possible violation of this policy, employees of the Company, external institutes or natural persons can use the privacy protection hotline +886 2 6616-9999 # 25740, or e-mail web_master@wistron.com, to appeal or report. We will seriously protect the information of the whistleblower in order to save the rights of the whistleblower.

 

Article 13    Case Handling

When a personal data incident infringes your rights and interests, the Company will immediately involve in the investigation, and notify you in an appropriate manner after investigation. If you have any question or suggestion about this policy, please send an email to web_master@wistron.com.

 

Article 14    Implementation and Revision

This policy is implemented after being approved by the chairman, and the same procedure applies for revision.

This policy was formulated and announced on March 21st, 2022.