1.Personal Information Collection and Use
Personal information will be used only for specific purpose related to the service
we provide and will not be disclosed to any third party in accordance with the Computer-Processed
Personal Information Law and other related regulations.
When you use our website, we automatically collect the following information: date
and time, the webpage you request, URL you are on, browser type, any action (such
as downloads, etc) whether that action was successful or not. The information may
help improve the efficiency of our website.
We monitor any action which may cause a heavy load to our website.
2.Confidentiality Security and Training
For employees who deal with sensitive and confidential information, and those who
are entitled to manage systems because of job requirement, clear division of job
in order to disperse rights and duties should be arranged; and evaluation and examination
systems should be established; as well as mutual support systems.
For employees who resign (ask for leave, suspended from duties), all related matters
must follow concerned procedures and the authorization for all systems must be cancelled
immediately.
Based on the position and occupational ability of different levels of employees,
education and training for information security should be conducted depending on
the actual situation in order to make employees understand the importance and all
possible risks, and enhance awareness to conform to the relative regulations accordingly.
3.Information Security Procedure and Protection
We have operating procedures for information security issues, and impose necessary
responsibility to employees concerned in order to tackle with these matters rapidly
and efficiently.
We have informing system for change management of information facilities and systems
to avoid loophole in security.
We process and protect personal information cautiously in accordance with related
provisions of Computer-Process Personal Information Law.
We carry system backup facilities, and update/backup necessary data and software
periodically in order to be able to restore all data swiftly in case of damage or
failure of saving media.
4.Management of Internet Security
We establish firewalls to monitor data transmission and resource access between
the external and the internal network at our link, and strictly conduct identity
recognition operation.
Any confidential and sensitive information or document is neither stored in open
system nor delivered by e-mail.
We periodically examine and inspect internal network for information security, latest
virus code and other security measures.
5.System Access Control Management
We set up password issuance and change procedures depending on operation system
and security management requirement, and record it.
The information center management staff should assign authorization account and
password for employees to log in each system according to necessary authorization
of each staff level, and update them regularly.