Excellent Service

Personal Data and Privacy Protection Policy

FET follows the domestic laws and regulations, including the Personal Data Protection Act, the Enforcement Rules of the Personal Data Protection Act, and the NCC's regulations on non-public agencies' personal data file security maintenance. Additionally, the company referred to the General Data Protection Regulation (GDPR) of the European Union to ensure the protection of privacy information. FET adheres to fundamental principles such as Privacy by Design and Data Protection by Design to safeguard privacy information.

FET's Privacy Policy applies to the entire operational process of FET, including suppliers and partners. All employees of FET are required to comply with the "Management Regulations for Personal Data and Privacy Information Collection, Processing, and Utilization" set by the company. When collecting personal data and privacy information, it must adhere to the approved collection purposes and scope, and inform the data subjects about the collection. If any employee is found to violate the relevant policies and regulations, FET will take necessary disciplinary actions according to the code of conduct and may implement relevant legal measures as appropriate. For details, please refer to FET's Privacy Policy on official website 

Information Security and Privacy Management Organization

To demonstrate FET’s commitment to information security and customer privacy, the company has established a corporate security organization, consisting of the President and representatives from all business units, totaling over 30 members. Besides, FET has set up a dedicated security department - Corporate Information Security Office and the Chief Information Security Officer (CISO). The CISO is assigned and directly report to the President. Through various committees within the corporate security organization, FET promote and advocate for information security and personal data privacy affairs within each business unit. FET also coordinate responsibilities and tasks related to security maintenance across business units to ensure the comprehensive implementation and operation of information security throughout the entire company.

Information Security and Risk Management Mechanisms

FET’s overall enterprise risk management system includes the risk management of information security and personal data privacy protection. In response to the digital transformation driven by emerging network technology generation (including 5G, big data, AI, IoT, cloud/virtual/containerization technology), the integration of services, architectures, technologies, and existing networks, and cross-domain/cross-industry innovative applications in collaboration with the third parties in various modes will bring new challenges to information security and personal data privacy protection. Building upon the existing security management foundation, FET continues to strengthen technical, managerial, and personnel protection mechanisms in network construction, operation, and management. Resource allocation is adjusted as needed to ensure the implementation and enforcement of information security, personal data protection, business continuity, and other security-related management practices.

To provide secure and optimal experience, FET has developed its own intelligent monitoring platform with built-in multi-dimensional visualization dashboards and customized threat detection rules. This platform accurately identifies security risks and assists cybersecurity personnel in actively defending against potential threats before hackers can initiate any malicious actions. FET has also established a dedicated cybersecurity defense team and operates a 24*7 Security Operations Center (SOC) staffed with professionals holding cybersecurity professional certifications like CEH with more than 10 years of experience in the field. Various security assessments are conducted regularly, including vulnerability scanning, code review, and penetration testing. Any identified weaknesses must be promptly remedied within specified timeframes and retested for validation.

FET's information security monitoring system encompasses four major control domains: Information and Technology Security, Personnel Security, Physical and Environmental Security, and Customer Personal Data Protection. The key aspects of each control domain are outlined as follows:

Information Security and Risk Management Mechanisms

To ensure the appropriateness and effectiveness of information security management and personal data protection mechanisms at all stages, FET continuously oversees and audits its operations through the Internal Audit. Additionally, we remain vigilant of international trends and standards, conducting annual external third-party verifications to meet international standards, and actively reviewing and refining our practices. Incorporate the PDCA cycle into our corporate culture and daily operations to ensure the goal of zero cybersecurity incidents. Additionally, a system is chosen each year for regular third-party vulnerability analysis and penetration testing. This includes simulated hacker attacks to identify potential risks and enhance the overall security protection mechanism continuously. Furthermore, the awareness of personnel regarding information security protection is consistently strengthened through social engineering simulation exercises. The objective is to minimize human errors and improve proactive defense capabilities.

In 2023, the Internal Audit conducted audits of information security and personal data protection management mechanisms in the first and third quarters, and independent third-party verification agencies completed ISO 27001 certifications related to information security management and BS 10012 personal data protection in the second quarter (certificates remain valid), with ISO 27001 covering all information infrastructure. In addition, FET continues to review and optimize processes, striving to deliver better services and enhanced security and protection for consumers.