HOME
ABOUT TAIT
ABOUT TAIT
Important Events
Management Team
Vision & Mission
NEWS
PRODUCTS
Beverage
Dessert
Ice cream
Snack foods
Liquor
Water
BRANDS
Private Brand
Agent Brand
Export Trade
INVESTOR RELATIONS
Tait History
INVESTOR RELATIONS
Financial Business Info
Shareholders' Info
Stock Info
Annual General Meeting
Corporate Governance
Sustainability Development
Stakeholder
CONTACT US
中文
EN
Home
INVESTOR RELATIONS
Corporate Governance
Corporate Governance Evaluation
Personal Data Protection
GOVERNANCE
Corporate Governance
Corporate Governance
Organization
Board of Directors
The Board of Directors Resolution
The Committees
The List of Major Shareholders
Internal Audit
Institutional Norms
Corporate Governance Evaluation
Corporate Governance Structure
Corporate Governance Best-Practice
Sustainable Development Best Practice Principles
Ethical Corporate Management
Risk Management
Information and Communication Security
Intellectual property management
Human Resources
The Actual Operation of Supplier Management
Financial transactions between related parties
Purpose and aspects of AQIs
Assess risks or opportunities in the community
Corporate value enhancement plan
Employee Satisfaction Survey
Personal Data Protection
I.Personal Data Protection Policy
Tait places great importance on the protection of customer privacy and complies with the Personal Data Protection Act. We have established the 'Personal Data Security Management Guidelines' along with rigorous privacy and data security management and protection measures. A data governance framework has been constructed, including the formulation of data standards and classification, enforcement of access control mechanisms, and implementation of data ownership review processes to ensure that data access and sharing are properly governed and protected, and to maintain data availability, integrity, and confidentiality.The scope of application covers all branches, operational sites, subsidiaries, customers, and suppliers. Regarding the collection, processing, use, and protection of personal data involved in the course of business operations, we strictly adhere to relevant governmental laws and regulations. Personal data is only used within the scope permitted by law and will not be provided, rented, or otherwise disclosed to any third party in any disguised form. We are committed to upholding the security and privacy rights of our customers through the faithful implementation of our 'Privacy Protection Policy'.
II.Scope of application of the Personal Data Protection Policy
Except for personal data obtained in accordance with legal requirements or general business operations (e.g., covering all branches, operational sites, subsidiaries, customers, and suppliers—including personnel management of employees, transactional customer information, etc.), if there are any planned activities involving the new collection of personal data (such as website memberships, promotional sweepstakes, consumer feedback, etc.), the responsible party must first complete a 'New Personal Data Collection Application Form' (Appendix 1). The form must clearly state the purpose of collection, the types of personal data involved, the period and method of use, and other relevant details. The application must be reviewed by the department supervisor, co-signed by the personal data management team lead and the information security officer, and approved by the General Manager before the activity may proceed. If operations are outsourced to a third party, the same procedures must be followed.
When collecting personal information from a party, each unit should clearly inform the party of the following matters:
A .Company or organization name
B. Purpose of collection
C.Categories of personal data
D.The period, area, objects and methods of use of personal information.
E.Data subjects may exercise their rights under Article 3 of the Personal Data Protection Act, including the right to request access to, make copies of, supplement or correct, cease the collection, processing, or use of, and delete their personal data.
F.Data subjects have the right to freely choose whether to provide their personal data. However, failure to provide such data may affect their rights and interests.
Except as required within the necessary scope permitted under Article 6 of the Personal Data Protection Act, applications for new personal data collection must not include sensitive personal information such as medical records, healthcare, genetic data, sexual activity, health examinations, or criminal records.
For personal data collected from sources other than the data subject, the source of the data and the required notifications stated in the preceding paragraph must be provided to the data subject before processing or use. If personal data is to be transmitted, appropriate protective measures must be taken to prevent disclosure. Prior to any cross-border transmission, it must be confirmed whether such transfer is subject to restrictions imposed by the central competent authority, and the data subject must be informed of the destination country or region.
The use of collected personal data must strictly adhere to the scope specified in the notification provided to the data subject and must not be repurposed for any other use. If, upon review, any personal data is found to fall outside the necessary scope of the specified purpose, or if the original purpose no longer exists or the retention period has expired and continued retention is unnecessary, such data must be deleted, destroyed, or otherwise subject to cessation of collection, processing, use, or other appropriate actions.
III.Quantitative data on implementation in 2025
Employee Personal Information Protection Training Course
The total number of people who completed the course reached 3, and the total course duration reached 14 hour.
The proportion of trained employees is 75%
The passing rate of the test after training is 100%
Personal information protection training course for all employees
A total of 101 people completed the course, and the total course duration was 1.5 hours.
The proportion of trained employees is 87.8%
The passing rate of the test after training was 100%
Supplier and customer management
100 % of suppliers have privacy policies in place
100% of suppliers have established documented regulations to protect employees’ personal information
Internal management and technical protection
A customer personal data inventory review is conducted once a year, along with a risk assessment. Appropriate mitigation measures are taken for identified high-risk items.
Conduct data access rights inventory 1 times a year
Incident Response and Risk Management
100% of personal information complaints will be responded to and processed within 3 days
As of June 30, 2025, there were zero incidents of violation against the Personal Data Protection Act. Employees found to have engaged in misconduct were subject to disciplinary actions of varying degrees based on the severity of the case, including job reassignment and termination.
TOP