前言
台船環海風電工程股份有限公司(以下簡稱「CDWE」或「本公司」)為落實個人資料保護管理,並遵循「個人資料保護法」之規定,就與本公司有業務往來之客戶、承包商(及次承包商)、顧問、其所屬員工、廠商及服務供應商等個人資料使用,特訂定本個人資料保護規範(以下簡稱「本規範」)。
Preamble
To protect and manage personal data and to comply with Personal Data Protection Act (hereinafter, the "PDPA"), “CSBC-DEME Wind Engineering Co. Ltd.” (CDWE) (hereinafter referred to as “CDWE”, “we”, “us” or “our”) adopted CDWE Personal Data Protection Policy (hereinafter referred to this “Policy”) to govern the use of personal data of individuals or legal entities who have established business relationships with us, including our clients, contractors, subcontractors, consultants, suppliers, service providers and all personnel in their groups.
目的
2.1 確保本公司各項業務之執行符合個人資料保護法相關法規或法令之要求。
2.2 闡明所有人員應遵循之個人資料保護目標,且本公司於合理之範圍內得蒐集、處理及利用個人資料,建立本公司執行業務或管理內部人員,對於本公司有業務往來之客戶、承包商(及次承包商)、顧問、其所屬員工、廠商及服務供應商等個人資料使用之依據,以保障本公司及客戶相關權益。
Objectives
2.1 The Policy ensures that we comply with the requirements set forth in the PDPA and applicable personal data protection laws and regulations while conducting our various business operations.
2.2 For the purpose of protecting both our own rights as well as our clients’ rights, the Policy sets out personal data protection objectives for CDWE and everyone who has established business relationships with us and all personnel in their groups. The Policy clarifies that we may collect, process and use personal data when reasonably necessary and provides guidelines for persons responsible for the operation and management of CDWE when dealing with personal data of individuals or legal entities who have business relationships with us, including our clients, contractors, subcontractors, consultants, suppliers, service providers and all personnel in their groups.
對象與範圍
3.1 適用對象
與本公司有業務往來之客戶、承包商(及次承包商)、顧問、其所屬員工(包含其臨時雇員)、廠商及服務供應商等,均屬本規範涵蓋之對象。
3.2 保護範圍
本規範之保護對象為個人資料保護法所保護之個人資料。針對蒐集、處理、利用及國際傳輸個人資料訂定相關規範,確保個人資料之安全。
Scope of the Policy
3.1 Applicable persons
The Policy covers individuals or legal entities who have established business relationships with us, including our clients, contractors, subcontractors, consultants, suppliers, service providers and all personnel in their groups, including temporarily hired companies or individuals.
3.2 Applicable data
The Policy applies to all personal data protected under the PDPA. It regulates the collection, processing, use, and global
個人資料蒐集
4.1 本公司僅會依個人資料保護法相關法規或法令要求,蒐集、處理、利用及國際傳輸本規範適用對象之個人資料。
4.2 與本公司有業務往來之客戶、承包商(及次承包商)、顧問、其所屬員工、廠商及服務供應商,基於業務往來,同意本公司蒐集、利用、處理及傳輸個人資料;如有涉及第三人(包含但不限於供應商、代理商等)之個人資料,亦應由與本公司有業務往來之客戶、承包商(及次承包商)、顧問等將本規範揭露並提供予該第三人,且取得該第三人同意本公司蒐集、處理、利用及國際傳輸其個人資料。
4.3 本規範所指個人資料包括但不限於法人或自然人之姓名、出生年月日、國民身分證統一編號、護照號碼、性別、特徵、指紋、婚姻、家庭、教育、職業、病歷、醫療、基因、性生活、健康檢查、犯罪前科、聯絡方式、財務情況(包含但不限於銀行帳戶、信用卡或金融卡號碼)、社會活動、視聽影音紀錄(包含但不限於照片、監視錄影等)、員工資訊及其他得以直接或間接方式識別該個人之資料。個人資料之定義及範圍如
The Collection of Personal Data
4.1 CDWE will not collect, process, use or transmit globally applicable personal data unless it complies with the requirements of PDPA and other applicable laws and regulations.
4.2 By establishing business relationships with us, our clients, contractors, subcontractors, consultants, suppliers, service providers and all personnel in their groups consent to our collection, use, processing, and transmission of their personal data. If the data involves third parties (including but not restricted to suppliers or agents), they should also disclose and provide the Policy to the third parties and, where such may be necessary, acquire their consent to our collection, processing, use, and global transmission of their personal data.
4.3 “Personal data” referred to in the Policy includes, but is not limited to: the individual’s or the legal entity’s name, date of birth, ID card number, passport number, gender, features, fingerprints, marital status, family information, education background, occupation, medical records, healthcare data, genetic data, data concerning a person's sex life, records of physical examination, criminal records, contact information, financial conditions (including, but not limited to, bank account, credit card and debit card number), data concerning a person's social activities, video and audio records (including, but not limited to, photos and surveillance videos), employee information, and other information which can be used to identify the individual’s or the entity’s identity directly or indirectly. The definition and scope as provided here may change if the Policy is amended from time to time for any reason including according to any order made by the competent authority or amendment of applicable laws and regulations.
資料之正確性
5.1 與本公司有業務往來之客戶、承包商(及次承包商)、顧問、其所屬員工、廠商及服務供應商,依本規範第4.2條所提供之個人資料(含第三人所提供者),應擔保其內容之正確性,不得有偽造、變造、虛構、增刪內容或資料等不實或不誠信情事。
5.2 本公司將採取合理措施,以確保所取得之個人資料之正確性。
Data Accuracy
5.1 Individuals or legal entities who have established business relationships with us, including our clients, contractors subcontractors, consultants, suppliers, service providers and all personnel in their groups should guarantee the accuracy of the personal data they provide under clause 4.2 of this Policy and that there is no such fraud or dishonesty as forgery, alteration, fabrication, addition or deletion is involved.
5.2 We will take reasonable measures to ensure the accuracy of personal data we have collected.
利用、處理及傳輸個人資料目的
本公司為提供產品與服務、企業營運、與客戶進行溝通、管理本公司相關資訊系統、供應商管理、意見調查、確保本公司廠區與系統之安全、相關法令之遵循、相關政府或主管機關要求、改善本公司產品與服務、詐欺之預防、行使或保護法律上權利之必要,以及人力招募與管理或其他商務等目的,而得利用、處理及傳輸所取得之個人資料。
The Purposes of the Use, Processing, and Transmission of Personal Data We may use, process, and transmit collected personal data for the purposes of:
(1) providing products and services;
(2) operating business;
(3) communicating with clients and customers;
(4) managing relevant information systems;
(5) managing suppliers;
(6) conducting surveys;
(7) ensuring the safety of our plants and systems;
(8) complying with applicable laws and regulations;
(9) meeting the requirements laid down by the concerned or competent authorities;
(10) improving our products and services;
(11) preventing fraud;
(12) taking any necessary step to exercise or protect any right under applicable laws and regulations;
(13) recruiting and managing employees; or
(14) achieving other business purposes.
資料之安全性
本公司已採取適當之技術上及組織上之安全措施,以保護所取得個人資料之安全性,與本公司有業務往來之客戶、承包商(及次承包商)、顧問、其所屬員工、廠商及服務供應商務必確認提供或傳送個人資料給本公司之過程之安全性。
Data Security
We have taken proper technical and organizational security measures to protect the security of personal data we collect. Individuals or legal entities who have established business relationships with us, including our clients, contractors subcontractors, consultants, suppliers, service providers and all personnel in their groups must confirm that the process of providing or transmitting their personal data to us is secure.
個人資料之保留期間
本公司就所取得之個人資料,得於商業或合法目的必要期間內保留,縱使與本公司間之業務往來關係終止或屆期,本公司仍得繼續保留之。
Data Retention Period
CDWE may retain personal data even though any business relationship for which the personal data may have initially been received has ended or been terminated, as long as it is within the period necessary for serving our business or legal purposes.
撤回同意
9.1 與本公司有業務往來之客戶、承包商(及次承包商)、顧問及其所屬員工或第三人,有撤回本規範第4.2條同意之權利,但應以書面方式向本公司之資訊保護部門申請(聯繫資訊如下)。本公司亦得要求其事先提供身分證明文件,以確認身分:
聯絡電郵:
[email protected]
聯絡地址:臺北市松山區八德路3段20號6樓
連絡電話:+886-2-6604-0888
9.2 本公司將盡力於收到本規範第9.1條撤回同意書面申請之翌日起10個工作日內,處理該項申請事宜。
9.3 縱使撤回本規範第4.2條同意之權利,但本公司仍得依法行使相關權利。
Withdrawing Consent
9.1 Individuals or legal entities who have established business relationships with us, including our clients, contractors (and subcontractors), consultants, and all personnel in their groups, or third parties, have the right to withdraw their consent under clause 4.2 of this Policy, given that they apply to our Data Protection Department in writing (contact information as below). CDWE may request them to provide personal verification documents for verifying their identities.
Contact email address:
[email protected]
Contact address: 6F., No. 20, Sec. 3, Bade Rd., Songshan Dist., Taipei City, Taiwan (R.O.C.)
Telephone number: +886-2-6604-0888.
9.2 We will make every effort to process the application under clause 9.1 of this Policy within ten (10) business days starting from the day after we receive the withdrawal application in writing.
9.3 We reserve our rights under applicable laws and regulations even if consent under clause 4.2 of this Policy has been withdrawn.
查閱個人資料
10.1 提供個人資料者,得以書面向本規範第9.1條之資訊保護官(部門),申請查閱其個人資料,本公司亦得要求事先提供身分證明文件,以確認身分。但不得查閱涉及其他人之資料。
10.2 本公司就查閱或因此提供個人資料,得收取合理費用。
10.3 本公司將盡力於收到本規範第10.1條書面申請之翌日起30個日曆天內,處理該項申請事宜。
Access to Personal Data
10.1 Persons who provide their personal data may apply to our Data Protection Officer (department)under clause 9.1 of this Policy in writing for access to their personal data, but only for those unrelated to others’ information. When processing their applications, we may request them to provide personal verification documents for verifying their identities.
10.2 We may charge reasonable fees for the access to or the provision of personal data.
10.3 We will make every effort to process the application under clause 10.1 of this Policy within thirty (30) calendar days starting from the day after we receive the withdrawal application in writing.
權責單位
11.1 本公司所有人員及部門,均瞭解並確實遵守本規範,並應落實保護所取得個人資料之措施。
11.2 本公司已採取適當之技術上及組織上之安全管理措施,於合理必要範圍內保管所蒐集、利用或處理之個人資料。
Responsible Department
11.1 All of our departments and employees understand and will comply with the Policy, and should implement every required measure to protect the personal data we collect.
11.2 CDWE has taken proper technical and organizational security measures to secure the personal data collected, used, or processed by us to the extent it is reasonable and necessary.
實施與修訂
12.1 本規範未盡事宜,悉依本公司相關管理規範及主管機關法令規定辦理。
12.2 本公司得依相關法令或隱私政策,修改或更新本規範內容,並將更新規範列於公司網站,詳請參閱以下連結之資訊:https://www.cdwe.com.tw/
12.3 本規範經提報本公司執行長核定公告後實施,修訂時亦同。
Implementation and Amendment
12.1 Issues not covered by the Policy will be governed by our relevant management regulations and applicable laws and regulations made by the competent authority.
12.2 This Policy may be updated from time to time to reflect new or different privacy practices according to applicable laws and regulations. A copy of any updated Policy and latest information on our privacy practices may be found at: https://www.cdwe.com.tw/
12.3 The Policy becomes effective only after being approved and announced by the Chief Executive Officer. The same procedure applies when the Policy is amended.