This Privacy Statement (hereinafter referred to as “this Statement”) is made by Phison Electronic Corporation (together, “Phison”, “our company”, “we”, “us”), this Statement is applicable to individuals outside our corporation including customers, visitors to our
Website, other users of our products or services, personnel of Corporate customers and vendors, applicants for employment, and visitors to our premises (together, “you”). We respect your privacy rights, this Statement has been made by us thereby to facilitate your understandings about how we collect, use, disclose, protect, store and transfer your Personal Data. This Statement may be amended or updated from time to time to adjust the variations on the practices relating to the processing of your Personal Data or the applicable laws and regulations. Please take a moment to read and understand this Statement, and to check this page regularly for the purpose of reviewing whether there is any revision of this Statement, if you have any questions please let us know ( see Article 14 of this Statement: Contact us)
1、 Types of Personal Data collected by our company:
We will collect the following types of Personal Data under the legitimate and secure purpose.
(1) Personal Data about you:
- Including your name, postal or physical address, telephone number, e-mail address, and other information you have provided or required to carry out a transaction, provide a service or deliver a product.
- Your location, including your real-time location, your device’s Internet Protocol (IP) address or Unique Device Identifier (UDI).
- We may collect and store information that you or others have provided in community discussions, chats, and correspondence through Phison Services or sent to us directly.
- We may record your interactions with our online advertising and content, the advertising and content on pages displayed to you, or any interaction you have had with such content or advertising (e.g., mouse hover, mouse clicks, any forms you complete in whole or in part) and any touchscreen interactions.
(2) Device and application information, and any data in connection with our websites: We process the following data, and may compile and analyze the data, in order to improve products and services and to personalize your experience with us.
- Device’s name, identification code and activation time; hardware model, OS version, application version, software identification code and device and application settings (such as region, language, time zone, and font size).
- Browser types and browser settings.
- The full Uniform Resource Locator (URL) clickstream to, through and from our Websites including date and time, Cookie number, aggregated statistical information.
- Information from thirty party: Under the permission of law, Phison will collect information about you from public and commercial sources, including obtaining certain information from third-party social network services, such as the time when you use your social network account to log into our website.
2、 Sensitive Personal Data:
According to Personal Data Protection Act of R.O.C and General Data Protection Regulation (GDPR) of E.U, processing of data pertaining to a person’s medical records, healthcare, genetics, sex life, physical examination and criminal records, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or biometric data, shall be prohibited unless there is one of the following applies: Processing of the aforementioned data is
- required or permitted by applicable laws.
- to assist the investigations or the prevention of criminal offenses within the necessary scope and purpose ( for instance, preventing, detecting and investigating fraud).
- to establish, exercise or defend legal claims or whenever courts are acting in their judicial capacity.
- on the premise that data are manifestly made public by you (data subject).
- on the premise that you (the data subject) has given explicit consent to the processing of the aforementioned data, in accordance with the relevant laws and regulations.
3、 How Phison process your Personal Data and the Purpose of Processing:
We process your data for the following explicit and legitimate purposes, this Statement is to inform you about the following collection of your Personal Data. We process your Personal Data with adequate, relevant and limited to what is necessary for the purposes. We ensure your Personal Data are only processed for the minimum period necessary for the purpose set out in this Statement. We ensure to keep your Personal Data accurate and we will delete or correct the inaccurate Personal Data. We also ensure that the way we process your Personal Data has technical and organizational security measures for the purpose of maintaining the integrity and confidentiality of your Personal Data.( see Article 8 of this Statement: Security of your Personal Data)
4、 Types of purposes for the processing of your Personal Data:
- Relating to our products and services: To provide a product or a service you have requested or to provide you with product registration, technical and customer support; The legitimate purposes are based on that you have given consent to the processing, or the processing is necessary for the performance of the contract you have entered into with us or to take steps prior to entering into a contract, or the processing is necessary for compliance with a legal obligation or the legitimate interests.
- For business operation: To facilitate the operation and management of our website, products and services; to display adverting and other information to you. To communicate and interact with you through our websites, products or services for the further improvement; to notify you about the updates of our websites, products, or services. This enables us to make better decisions and improvement and help us reflect the performance of our business operation. The legitimate purposes are based on that you have given consent to the processing, or the processing is necessary for the performance of the contract you have entered into with us or to take steps prior to entering into a contract, or the processing is necessary for compliance with a legal obligation or the legitimate interests.
- Promotional communications: We use the collected data to communicate and contact with you, such as sending you information about the products and services you may be interested in, or sending you promotional activities, market surveys, or market information. If you don’t want to receive such information, you can opt out at any time. For instance, if you register your Email in our websites, you will receive the latest news and activities of our company, if you don’t want to receive such information, you can request to unsubscribe at any time; The legitimate purposes are based on that you have given consent to the processing, or the processing is necessary for the performance of the contract you have entered into with us or to take steps prior to entering into a contract, or the processing is necessary for compliance with a legal obligation or the legitimate interests.
- Safety, help secure and troubleshoot: We use data to protect the safety of our products and our customers. Our security functions and products may disrupt the operation of malicious software and notify users if malicious software is found on their devices. We also use data to ensure the physical security of our premises, including records of visitors to our premises, CCTV recording and electronic security (including login records an access details). In addition, we use data to help secure and troubleshoot our products. This includes using data to protect the security and safety of our products and customers, detecting malware and malicious activities, troubleshooting performance and compatibility issues to help customers get the most out of their experiences. The legitimate purposes are based on that the processing is necessary for the protection of your or other people’s vital interests, or the pursuit of legitimate interests.
- Legal compliance、Claim or the execution of legal rights: For the compliance of the obligations in accordance with laws and regulations. For instance, we use your age to ensure we meet the obligation on protecting children’s privacy; or to cooperate with the investigation from judicial authorities. We also process data for claim or executions of legal rights, for instance, collection of documents or evidence in connection with legal proceeding. The legitimate purposes are based on that the processing is necessary for the protection of your or other people’s vital interests, or the pursuit of legitimate interests.
- Protection of rights and property: We use data to detect and prevent fraud, resolve disputes, enforce agreements, and protect our property. For example, we use data to confirm the validity of software licenses to reduce piracy. We may use automated process to detect and prevent activities that violate our rights and the rights of others, such as fraud. The legitimate purposes are based on that the processing is necessary for the protection of your or other people’s vital interests or the pursuit of legitimate interests.
- Recruitment and job applications: We use data for the any relevant activities about recruitment, for instance, advertising of positions, activities about interviews, offer details. The legitimate purposes are based on that the processing is necessary for the protection of your or other people’s vital interests, or the pursuit of legitimate interests.
5、 How we share you Person Data within legitimate Purposes:
Phison will collect, process and use the Personal Data under the minimum necessary scope of the purpose specified in this Statement. Phison will neither use the Personal Data for any purpose not specified herein, nor disclose Person Data to a third party unless one of the following circumstances applies:
- Sharing upon your explicit consent: Phison will share the information that you have authorized with specified third parties after your explicit consent.
- Disclosure pursuant to laws and regulations: Phison may disclose your information to a third party as required by laws and regulations, for resolving legal disputes, or as required by administrative or judiciary authorities pursuant to laws.
- Sharing within Phison Group (including Phison’s subsidiaries, branches and affiliates): Your information may be shared within Phison Group only for specific, explicit, and legitimate Purpose, and sharing is limited only to information required by Services.
- Sharing with Phison’s business partners: Phison may share information relating to your Order, account, device or location to the third party such as our business partners, for the Purpose of ensuring the implementation of our Services to you. However, we only share your Personal Data to them within legal, legitimate, necessary, specific and explicit Purposes. We will ensure that the aforementioned third party has taken relevant confidential method and rigorous method of security to process Personal Data. Our business partners include (a) Third-party sellers and third-party developers: Some products and/or services are provided to you directly by our partners. It is necessary for Phison to share relevant information to the third party in order to satisfy your need from the third party. (b) Supplier of products or technical services: Phison may share your Personal Data with third parties that support our functions, including third parties who supply or provide technical services, logistics services, payment services, or third parties that provide data processing services, etc. The Purpose of this type of sharing is to ensure the functions of products and services, for instance, sharing your Order information with logistics services providers to make the arrangement of your delivery; or sharing your Order number and the price of your Order to ensure the implementation of your payment.
- If there are any mergers, acquisitions, or bankruptcy liquidation, involving the transfer of your Personal Data, we will request the new company or organization holding your Personal Data to continue to be bound by this Statement, or we will request the company or organization to ask for your authorization and consent.
6、 International transfer of your Personal Data:
With respect to the cross-border nature of our business operation, we transfer Personal Data within Phison Group (including Phison’s subsidiaries, branches and affiliates), and to the third parties listed in Article 5 of this Statement. For instance, we may transfer your Personal Data to receivers located in the U.S, countries of U.N. members or others which have different laws and regulations relating to Personal Data protection. However, we take proper security methods before transferring your Personal Data. For instance, we take steps in those countries where the Personal Data is transferred or stored, we have procedures and controlled measures to ensure the protection of Personal Data, and your rights(see Article 9 of this Statement: Your legal rights) and the availability of effective legal remedies. Please notice that, for the Personal Data which came from E.U. or Switzerland transfer to countries outside European Economic Area (“EEA”) or Switzerland, we use a variety of legal mechanisms to protect your Personal Data, such as when Phison Group (including our branches, subsidiaries and affiliates) transfer your Personal Data from E.U. to EEA or outside Switzerland, and when the recipient’s country is not in an Adequate Jurisdiction, we will sign the Standard Contractual Contract with the recipient to protect the transfer of your Personal Data; we may also take secure methods such as Personal Data Pseudonymization to ensure the safety.
7、Accuracy and retention of your Personal Data:
In order to ensure the accuracy of your Personal Data, we will correct or delete your Personal Data immediately when we find that your Personal Data is wrong or you tell us that the information you provided is wrong, in accordance with the Purpose of processing Personal Data listed in Article 5 of this Statement. Regarding the retention of your Personal Data, we only keep it in the shortest period necessary for the Purposes listed in this Statement. For example, in order to fulfill our contractual obligations with you, we need to process your Personal Data in a legitimate interest. When the processing Purpose disappears or the period expires, we will permanently delete or destroy the relevant Personal Data, or process your Personal Data anonymously. In addition, we also comply with the statutes of limitations regarding relevant laws (for example, current Personal Data Protection Act of R.O.C stipulates that Personal Data in one’s representative organization must be retained for a minimum of five years, provided that there are no other legal requirements, excepting that the Personal Data is at certain stage of litigation.
8、Security of your Personal Data:
For the protection of your Personal Data’s security, the process of your Personal Data will be minimizing, which means that your Personal Data will be collected within minimum scope without collecting data irrelevant to the Purpose of this Statement, and retention of your Personal Data will only in the period necessary for the Purpose. Our system protect the confidentiality of data transfer and storage, and there are reliable maintaining mechanisms to protect our servers from malicious attacks. We have appropriate technical and organizational security measures to prevent your Personal Data from being accidentally or intentionally destroyed, lost, tampered with, unauthorized disclosure, unauthorized access, and other illegal or unauthorized processing. We will make the best effort to protect your Personal Data, in case of any unfortunate event relating to security damages to your Personal Data’s protection, we will inform you of the facts about the security damages, the possible impacts on the measures we have taken or are about to take in accordance with the requirements of laws and relevant regulations, advices regarding the autonomous precautionary measures and risk reduction, remedies for you etc. We will inform you by feasible contacts ( such as: Email). However, depending on the actual circumstances, if it is deemed difficult to inform the data subjects one by one, then we will make an announcement on our website. At the same time, we will also report the corresponding countermeasures for dealing with this situation in accordance with the requirements of the regulatory authorities.
9、Your legal rights:
You have right to review our Personal Data and right to update or modify your Personal Data ( including its copies, links or replications), you have right to request us to provide your Personal Data we hold and restrict our continued process, or you can ask us to delete your Personal Data ( including its copies, links or replications). You have right to object about providing your Personal Data. But please note that if you choose not to provide Personal Data, we may not be able to fully provide you with our website features, products or services. For instance, we may not be able to process your needs since the lack of necessary information. With regard to protect your control on your Personal Data, within the scope of applicable law, you have right on your data portability, the right to request that your personal data be transferred to another data controller in an structured, commonly used and machine-readable form. You also have right to withdraw your consent about our use of your Personal Data (but the withdrawal of the consent does not affect the legality and legitimacy of the processing of the information before we receive your notice of withdrawal, nor does it affect our legitimate processing of your Personal Data in accordance with other legal basis.) Regarding the processing of your Personal Data, you have right to appeal to the Data Protection Authority, in particular, the Data Protection Authority of the EU Member State in which you live, you work, or the alleged infringement has occurred. If you want to exercise the aforementioned rights or you have any questions on your rights and questions relating to the terms in this Statement, or you want to ask how we process your Personal Data, please contact us in accordance with the methods provided in Article 14 of this Statement. Pursuant to Personal Data Protection Act of R.O.C, We will charge you reasonable fees for accessing the data (but not exceed the direct cost). In some cases it will be necessary to provide evidence of your identity before we can give effect to these rights.
10、Protection of Minors:
In order to protect privacy and security, Phison treats anyone under 13 (or the age required by local law) as a minor. Phison Services are not directed to minors and are intended for a general audience comprised of adults. If you are a minor in your country of residence, you may use Phison Services only with the involvement of your parent or guardian. We do not knowingly collect Personal Data from children under the age of 13. If we learn that we have collected personal data from a child under the age of 13 accidentally, we will delete the information to the extent required by applicable law.
11、Amendment of this Statement:
This Statement may be amended from time to time. If we decide to change our Privacy Statement, we will post the revised Statement on this page. The revised Privacy Statement will supersede and replace any previous Statement effective as of the date on which the revised Statement is posted.
12、Cookies and other similar technologies:
All use of our website, products or services are subject to our website’s Term of Use. We recommend that you read and understand our website’s Term of Use and check regularly for any updates.
Phison will annually perform risk assessment and risk control to this Statement. In the event that Phison personnel’s breach of the protection of privacy and Personal Data has been discovered after investigations, we will review and improve the said matter immediately, and take subsequent measures corresponded to our internal disciplinary policies and procedures.
You may contact our Company through the following information, to report Phison’s violation, suspected violation or conduct by Phison that could result in a violation regarding the protection of privacy or Personal Data: