About PCG

Privacy and Personal Data Protection Policy

Pou Chen Corporation (the “Company”) and its subsidiaries (collectively, “Pou Chen Group”, “the Group”, “we”, “our”, or “us”) are committed to respecting and protecting your privacy and personal data. In order to comply with applicable laws and regulations, we have established this Privacy and Personal Data Protection Policy (the “Policy”). This Policy is intended to explain how we collect, process, use, and protect personal data. We hereby represent and warrant that we will comply with this Policy to safeguard your rights and interest.

Please read the following provisions carefully to further understand this Policy. By submitting your personal data to us, you are deemed to accept this Policy.

1. Scope of Application

This Policy applies to Pou Chen Group, its customers, suppliers, contractors, external consultants, investors, job applicants, visitors to the Group’s websites, and any other individuals who have business relationships with the Group. The Group’s overseas subsidiaries may, in accordance with applicable local laws and regulations of their respective jurisdictions, establish local privacy and personal data protection rules (the “Overseas Rules”). Such Overseas Rules shall form an integral part of this Policy and shall be applied in conjunction herewith. However, where the applicable local laws and regulations of the relevant jurisdiction provide otherwise, such local laws and regulations shall prevail.

2. Responsible Department

The Legal Department at the headquarters of the Pou Chen Group shall serve as the contact window in relation to this Policy. It shall be responsible for establishing a cross-departmental communication platform for personal data protection laws, coordinating the support required from various departments for the implementation of personal data protection measures, and assisting and supervising each department in complying with this Policy.

3. Categories of Personal Data We May Collect, Process and Use

The categories of personal data that we may collect, process and use include, but are not limited to, an individual’s name, gender, date of birth, national identification card number, passport number, physical characteristics, fingerprints, education background, occupation, data collected through cookies on the Pou Chen Group’s website, job applicants’ education and work experience, professional qualifications and certificates, and other general personal data that may directly or indirectly identify a natural person. The definition and scope of general personal data shall be subject to any amendments made in response to changes in applicable laws or regulations or competent authority requirements. For other definitions of terms used herein, please refer to the Personal Data Protection Act and other related regulations of the Republic of China (Taiwan).

We do not proactively collect, process, or use an individual’s sensitive personal data (including medical records, healthcare data, genetic data, sex life, records of health examination, and criminal records). However, we may collect, process, and use such sensitive personal data for legitimate purposes under the following circumstances:

  • Where it is expressly required by applicable laws or regulations;
  • Where it is necessary for the performance of legal obligations and proper security and maintenance measures are in place;
  • Where it is necessary to assist government agency in the investigation of unlawful acts, prevention of crimes, or criminal investigations in accordance with the law; or
  • With the written consent of the data subject.

4. Collection of Personal Data

The data subject has the right to choose whether to consent to or refuse our collection, processing and use of the personal data that we request or recommend. We will not collect any personal data from the data subject prior to obtaining such consent. However, if the data subject refuses to provide personal data, or provides inaccurate or incomplete personal data, we may be unable to provide certain or complete information, feedback, or specific services to the data subject.

When visiting our website or using our services, we may request the data subject to provide personal data from time to time. We may also share and use the data subject’s personal data with other third parties in accordance with this Policy. In addition, we may combine the data subject’s personal data with other information to improve our products, services, content and advertising.

When the data subject uses our services or visits this website, our servers may automatically collect information regarding the data subject’s use of our services or website, including but not limited to the data subject’s operating system, Internet Protocol (IP) address, access time, browser type and language, and the website visited by the data subject prior to browsing this website. In addition, in order to help us provide more useful information to the data subject, better understand the data subject’s usage behavior, and improve our products, services, content and advertising, we may use web beacons, cookies and other related technologies to access and record the data subject’s information.

If the data subject chooses to remove or refuse cookies, certain functions of this website may be affected and the data subject may not be able to experience the full functionality of our services.

5. Purposes of Personal Data Use

We may use personal data for the following purposes: providing websites, products and services to the data subject; compliance review; corporate operations; communicating with the data subject; handling and verifying external or internal feedback (including complaints and whistleblowing reports); management of the Group’s information systems; supplier management; health and safety management; financial management; conducting surveys; business marketing; maintaining visitor access records to ensure the security of the Group’s premises and systems; judicial investigations; compliance with applicable laws and regulations; improving our websites, products and services; prevention of fraud; where necessary to assert, exercise, protect or enforce legal rights; human resources activities, including recruitment, interviews and other personnel management activities; and other purposes necessary for the Group’s operational management.

If the collection, processing or use of the data subject’s personal data exceeds the scope of the specific purposes originally notified, the Group will obtain the data subject’s consent in accordance with applicable laws and regulations, and will ensure that such consent is given freely and with sufficient information, allowing us to process or use their personal data within the scope of the new specific purposes.

6. Disclosure to Third Parties

We may disclose the data subject’s personal data to third parties under the following circumstances:

  • To third parties who have executed a confidentiality agreement and who require access to the data subject’s personal data, or those acting on our behalf, providing services to us, or cooperating with us in conducting business;
  • To respond to subpoenas, court orders, or legal process, or to obtain or exercise legal rights, or to defend against legal claims;
  • Where disclosure of the data subject’s personal data is necessary to investigate or prevent illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or to take action regarding such situations, or to comply with applicable laws and regulations; or
  • For the purpose of any commercial transaction (or negotiation of such transaction) involving the sale or transfer of all or part of our business or assets, including any merger, financing, acquisition, or bankruptcy transaction or proceeding.

Unless otherwise provided by applicable laws, our disclosure of the data subject’s personal data to third parties shall comply with the following requirements:

  • Verifying the identity of the third party;
  • Notifying the data subject, unless notification may be exempted under applicable laws or regulations (for example, where such notification may hinder a government authority from performing its statutory duties);
  • Obtaining the consent of the data subject, unless consent is not required under applicable laws or within the scope of authorization based on a contractual relationship; and
  • Disclosing only the minimum amount of personal data necessary, and requiring the third party to use and protect the personal data in accordance with applicable laws and regulations, and not to process or use the personal data for purposes beyond the specific purpose of the entrusted matter, nor to copy, retain, sell, lease, use, or otherwise disclose such Personal Data in any form.

Our website or Services may provide links to third party applications, products, services, or websites for the convenience of the data subject or to provide relevant information. If the data subject accesses those links, the data subject will be deemed to have left our website. We do not control those third party websites. If the data subject provides their personal data to any third party, or if such third party collects the data subject’s personal data, please note that such activities are no longer covered by this Policy. It is advisable for the data subject to review the relevant privacy and personal data terms of such third parties before providing personal data or allowing third party to collect or use personal data.

7. Accuracy of Personal Data

We will establish and maintain personal data files and take reasonable and necessary measures to ensure the accuracy of personal data. We may supplement or correct personal data from time to time or upon the request of the data subject, and may periodically confirm with the data subject the accuracy, completeness, and timeliness of the personal data.

The data subject is responsible for providing us with accurate, complete and latest personal data through their account. We reserve the right to refuse the data subject’s requests to modify their personal data if such request is unreasonably repetitive, require disproportionate technical effort, or would adversely affect the personal data privacy of others.

8. Retention Period of Personal Data

We will retain personal data only for a reasonable period necessary to fulfill the specific purpose, and not beyond what is required for that purpose. When the necessity for collecting, processing, or using personal data no longer exists, or the personal data no longer has a legitimate and reasonable connection with the specific purposes, or the retention period has expired, or the laws or regulations forming the basis of retaining the personal data are no longer applicable, we will proactively or upon the request of the data subject cease the collection, processing, and use of the personal data, or delete or destroy the personal data. Where otherwise required by applicable laws or regulations, where it is necessary for the performance of our duties or business, or with the consent of the data subject, we may continue to retain personal data.

9. Security of Personal Data

We will adopt appropriate security measures and implement comprehensive controls over the access, processing, transmission, retention, and access controls for personal data, as well as the information security of relevant transmission and storage equipment, in order to prevent the damage, loss, theft, or unauthorized disclosure of personal data, or any unauthorized access, copying, use, or alteration, and to ensure the security of personal data.

10. Cross-Border Transfer

As the Group is a multinational enterprise, we may transfer the data subject’s personal data across different legal entities within the Group, within the scope of the purposes specified in this Policy and in compliance with applicable laws and regulations. In addition, we may transfer the data subject’s personal data to the Group’s operational locations both domestically and overseas. These overseas jurisdictions may have different levels of personal data protection laws and regulatory requirements. We will manage the cross-border transfer and use of personal data in accordance with this Policy and the applicable privacy and personal data protection laws in the destination jurisdictions where the personal data is transferred. Such transfers will be carried out only to the extent necessary for the specific purposes for which the personal data was originally collected, processed, and used. We will also endeavor to ensure the security of personal data during cross-border transfer.

11. Rights of the Data Subject

With respect to the personal data collected, processed, and used by the Pou Chen Group, the data subject is entitled to exercise the following rights in accordance with applicable laws:

  • To make an inquiry of or to review his or her personal data;
  • To request a copy of the personal data. In accordance with applicable laws, an derivative fee may be charged for providing such copies;
  • To request the supplementation or correction of the personal data;
  • To request the cessation of the collection, processing, and use of personal data. Unless otherwise provided by applicable laws, upon receipt of such request, we will cease collecting, processing, and using the personal data. (However, with respect to employees’ personal data, we may retain the personal data necessary for daily operations, management, and service provision in accordance with our internal policies, and such retained personal data shall remain subject to the relevant provisions of this Policy);
  • To request the deletion or destruction of personal data, including personal data displayed or stored on internal or external public websites, files, or other storage media within the Group.

12. Amendments to this Policy

We reserve the right to modify this Policy at any time. Any changes to this Policy will become effective upon publication on this website. If the data subject continues to maintain a relationship with the Pou Chen Group or continues to use the Group’s services after such changes, it shall be deemed that the data subject has agreed to such modifications.

13. Zero Tolerance Policy

We adopt a zero tolerance policy toward any violation of this Policy. If any violation of this Policy or infringement of personal data is verified, we will immediately review the matter and take appropriate corrective measures.

If any employee of the Group violates this Policy or infringes upon personal data, the Group will impose disciplinary actions in accordance with the Work Rules depending on the severity of the violation, which may include dismissal in the most serious cases. The Group may also take any legal action.

If the party violating this Policy or infringing upon personal data is our business partner, such party shall be subject to the penalties stipulated under applicable laws, business contracts, and the Group’s internal policies (including but not limited to termination of the business relationship), and the Group may also take legal action.

If any violation, suspected violation, or potential violation of this Policy or other infringement of personal data is discovered, relevant information may be submitted for complaint or reporting through the channels announced on the Group’s website.

14. Contact Us

If you have any questions regarding this Policy or other matters relating to privacy and personal data, you may contact us through the “Contact Us” function on our website or via the following contact information:

Legal Department, Pou Chen Group Headquarters, Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Upon receipt of your inquiry or complaint, the Legal Department of the Pou Chen Group Headquarters will review the matter based on the nature and content of the case, and will proactively coordinate with relevant departments to discuss and address the issue to ensure that the matter is properly handled.

 

Implementation of the Personal Data Protection Policy

The Company continues to implement personal data protection training to strengthen employees’ awareness of and compliance with personal data protection laws and internal policies.

In 2025, the training program primarily targeted employees of the Company at Grade 7 and above. The implementation results are as follows:

  • Number of employees required to attend the training: 963
  • Number of employees who completed the training: 886
  • Completion rate: 92%