1. The Collection and Use of Personal Information

(1) In accordance with the provisions of the Personal Data Protection Act and related laws and regulations, we will only use the services provided by the contractor for the specific purpose and will not arbitrarily disclose them to other third parties.
(2) The web server will record the user's IP address, time spent on the Internet, and the pages visited on the website. This information is used for the internal analysis of website traffic and network behavior survey for the purpose of improving the service quality of this website. Only the aggregate of all user behavior, and not individual users, will be analyzed.
(3) Monitor the behavior on site addresses that cause a significant load on our website.

2. Information Safety Operation and Protection

(1) Establish operational procedures for handling information security incidents and assign the necessary responsibilities to relevant personnel in order to handle information security incidents promptly and effectively.
(2) Personal information is handled and safeguarded carefully in accordance with the relevant provisions of the Computer-Processed Personal Data Protection Act.
(3) Regularly perform necessary data and software backup and redundancy operations so that normal operations can be quickly restored in the event of a disaster or storage media failure.

3. Network Security Management

(1) Firewalls are set up at network points connected to the external network to control data transmission and resource access between the external and internal networks, and to perform rigorous identification operations.
(2) Confidential and sensitive information or documents are not stored in information systems that are open to the public, and confidential documents are not sent by e-mail.
(3) Regularly audit the internal network information security facilities and anti-virus system, and update the virus code of the anti-virus system and various security measures.

4. System Access Control Management

(1) The procedure for issuing and changing passwords is established and recorded depending on the operating system and security management needs.
(2) When logging in to the respective operating systems, the information room system administrator will set the system access rights necessary for each level of personnel to perform their tasks, and update the accounts and passwords with the respective rights regularly.
(3) The relevant laws and regulations are not yet comprehensive enough to catch up with the rapid development of technology as well as unforeseen future changes in the environment. This website will revise the security policy statement as necessary to safeguard network security. Please feel free to contact us if you have any questions or comments about the security policy of this site.