Excellent Service
Customer Service
Customer Privacy Protection
About Far EasTone

Excellent Service

Customer Privacy Protection

Personal Data and Privacy Protection Policy

FET follows the domestic laws and regulations, including the Personal Data Protection Act, the Enforcement Rules of the Personal Data Protection Act, and the NCC's regulations on non-public agencies' personal data file security maintenance. Additionally, the company referred to the General Data Protection Regulation (GDPR) of the European Union to ensure the protection of privacy information. FET adheres to fundamental principles such as Privacy by Design and Data Protection by Design to safeguard privacy information.

FET's Privacy Policy applies to the entire operational process of FET, including suppliers and partners. All employees of FET are required to comply with the "Management Regulations for Personal Data and Privacy Information Collection, Processing, and Utilization" set by the company. When collecting personal data and privacy information, it must adhere to the approved collection purposes and scope, and inform the data subjects about the collection. If any employee is found to violate the relevant policies and regulations, FET will take necessary disciplinary actions according to the code of conduct and may implement relevant legal measures as appropriate. For details, please refer to FET's Privacy Policy on official website 

Information Security and Privacy Management Organization

To demonstrate FET’s commitment to information security and customer privacy, the company has established a corporate security organization, consisting of the President and representatives from all business units, totaling over 30 members. Besides, FET has set up a dedicated security department - Corporate Information Security Office and the Chief Information Security Officer (CISO). The CISO is assigned and directly report to the President. Through various committees within the corporate security organization, FET promote and advocate for information security and personal data privacy affairs within each business unit. FET also coordinate responsibilities and tasks related to security maintenance across business units to ensure the comprehensive implementation and operation of information security throughout the entire company.

Information Security and Risk Management Mechanisms

FET’s overall enterprise risk management system includes the risk management of information security and personal data privacy protection. In response to the digital transformation driven by emerging network technology generation (including 5G, big data, AI, IoT, cloud/virtual/containerization technology), the integration of services, architectures, technologies, and existing networks, and cross-domain/cross-industry innovative applications in collaboration with the third parties in various modes will bring new challenges to information security and personal data privacy protection. Building upon the existing security management foundation, FET continues to strengthen technical, managerial, and personnel protection mechanisms in network construction, operation, and management. Resource allocation is adjusted as needed to ensure the implementation and enforcement of information security, personal data protection, business continuity, and other security-related management practices.

To provide secure and optimal experience, FET has developed its own intelligent monitoring platform with built-in multi-dimensional visualization dashboards and customized threat detection rules. This platform accurately identifies security risks and assists cybersecurity personnel in actively defending against potential threats before hackers can initiate any malicious actions. FET has also established a dedicated cybersecurity defense team and operates a 24*7 Security Operations Center (SOC) staffed with professionals holding cybersecurity professional certifications like CEH with more than 10 years of experience in the field. Various security assessments are conducted regularly, including vulnerability scanning, code review, and penetration testing. Any identified weaknesses must be promptly remedied within specified timeframes and retested for validation.

FET's information security monitoring system encompasses four major control domains: Information and Technology Security, Personnel Security, Physical and Environmental Security, and Customer Personal Data Protection. The key aspects of each control domain are outlined as follows:

Information and
Technology Security

Personnel Security

Physical and
Environmental Security

Customer Personal
Data Protection
  • Regularly review and
    assess operational
    cybersecurity risks.
  • Foster a company-wide
    information security
    culture and capabilities.
  • Documented policies
    and compliance measures
    for confirmation and
    validation.
  • Declare employee security
    responsibilities.
  • Implement and manage
    the signing of "Non-Disclosure
    Agreement" or legally binding
    documents.
  • Establish a security zoning
    system and personnel
    identification system.
  • Enhance the protection systems,
    services, and procedures
    for physical assets and
    environmental security.
  • Establish regulations for the
    collection, processing,utilization,
    and secure maintenance of
    customer personal data.
  • Plan awareness campaigns,
    education and training programs,
    audit procedures, and
    improvement processes.
FET's Information Security and Personal Data Management Certifications by 2022


BS 10012

CSR STAR
BS 10012

 

ISO 27001

 

ISO 27001

ISO 27017

ISO 27018
FetnetLogo
Privacy PolicyContact Us

Copyright © Far EasTone Telecommunications Co., Ltd. All Rights Reserved.