PRIVACY STATEMENT

The FarEasTone Telecommunications Co., Ltd. and New Century InfoCom Tech Co., Ltd. (collectively “the Company”) completely respect the privacy rights of users. The following statements will disclose how your data and/or information is collected, used, and protected by the Company. Please carefully read the following statements regarding the Privacy Policy (“the Policy”).

I. Scope

The applicable scope of the Policy:

1. Personal data and other information collected, processed, and utilized for the purpose of the Company's general operation when you use the Company’s services, participate in activities, or apply for membership via the FETnet, or the Company's application (the "APP").
    
2. Affiliates and the business partners or suppliers of the Company (including but not limited to commercial organizations and governmental institutes, etc.) commissioned by the Company or collaborate with the Company. When collecting, processing, and utilizing personal information are engaged, the Privacy Policy shall prevail.
    

II. Data Collection

When you apply for, or use the telecommunication services of the Company (including but not limited to mobile network, FET APP, FETnet, telecommunication services, value-added telecommunication business, voice message system, text message system, value-added services, other bonus campaigns, marketing, latest news, market survey, bill treatment, arrears payment, other related services, or new services in the future, collectively “the Service"), the purposes for the Company to collect and use the information are listed as below, which include but are not limited to assuring the user identity established in our website/APP, retail stores, or customer services, and providing you relevant services. Information collected includes but is not limited to necessary information of the customers (or their representative), legal representative, or the institutions.  See below for a more detailed description:

■ Notification of Personal Data Collection

The Company respects the privacy rights of personal data.  As a basis for respecting user rights and interests and keeping good faith, the Company adopts the following principles when collecting, processing or using personal data for operating telecommunications and value-added network businesses.

■ The purposes of collecting your personal data:

040 Marketing	063 Non-government agency collect or process personal information under legal obligations
067 Credit cards, cash cards, debit cards, or electronic stored-value card business	069 Contracts, quasi-contracts, or other legal relations matters
072 Policy propaganda	081 Legal transaction business of personal data
085 Emergency services to Republic of China citizens who are abroad	090 Consumers, customer management and services
091 Consumer protection	104 Accounting management and debt trading business
127 Fundraising (including charity fundraising)	129 Accounting and related services
133 Operating telecommunication and value-added telecom network business	135 Information (communication) services
136 Information  (communication) and database management	137 Information and communication security management
148 Internet shopping and other e-commerce services	152 Advertisement or commercial behavior management
153  Movie, television, music, and media management	154 Credit investigations
157 Investigations, statistics, and research analyses	181 Other business operation in accordance with the business registration project or organization prospectus
182 Other advisory and consultation services

■ Collection Methods of Customer Data

The Company will only collect necessary personal data limited to the categories announced by the government authority in accordance with the purpose of carrying out telecommunications or value-added network businesses, including value-added services, various incentives deals, marketing, information on events, market research, bill processing, arrears reminders or other related telecommunication operation businesses. The personal information collected shall include but is not limited to the customer’s name, or the name of customer’s  legal representative as it is recorded in various application forms, personal identification numbers, and/or other certified documentation that can sufficiently identify the customer’s identity, address, telephone number, e-mail address, date of birth, other related necessary information, and other information generated by using the services (including but not limited to location, web browsing history, and device information.)

The time period, region, target, and methods of processing and using your personal data:

■ Time period: The period of the purpose for which the personal data was collected, the period of retention required by the Company for the execution of its business, or the retention period in accordance with laws and regulations (including but not limited to Civil Code, Telecommunications Management Act, and regulations for the administration of relevant telecommunications businesses).

■ Region: The area within and outside the Republic of China (excluding the areas not permitted by the competent authority).

■ Target: The Company, affiliates and cooperative companies entrusted by the Company or have cooperative and business relationships with the Company.

■ Methods of using personal data: Your personal data is used whenever it is necessary, such as:

• Creating customer/member files for you so that accounts can be managed.


• Contacting you to provide customer service (including sending goods, notifying you on information about the service you applied for, or replying to your questions and appeals).


• Sending bill information to your address or e-mail address and notify you by phone call or SMS.


• Providing you with marketing information, such as discounts, promotions, other services of the Company, and other products/services that may be more suitable for you by using your various contact methods.


• Analyzing your personal data to maintain, protect, develop and enhance the Company's services, and recommendations on other products/services that you may be interested in or suitable for you based on the analysis results.


• Analyzing your personal data and producing results in the form of statistical data, trends, or other formats that cannot identify you. Providing these anonymous data to the Company’s enterprise customers. For example, to let the enterprise customers understand their store hotspots, consumer age or gender distribution, consumer dwelling time, etc.


• Providing your personal data to a third party such as corporates specialized in marketing, analyses, surveys, advertising, public relations, logistics, payment flow, or information service, etc. entrusted by the Company to assist the Company in achieving the purpose of personal data collection within the scope of such entrustment. The Company will perform all the necessary supervision on the entrusted third party to ensure the security of your personal data.


• The prevention, investigation, and use of rights for breach of contract.

■ Rights of using personal data:

Under the custodian status by the Company, you can exercise the following rights pursuant to the Personal Data Protection Act:

1. Inquiring and reviewing your personal data.
   
2. Requesting duplications and supplements of, or making corrections to your personal data
   
3. Requesting to cease the collection (opt-out), processing, or use of your personal data
   
4. Requesting to delete your personal data
   

When exercising the above rights, you are required to make an application with our customer service contact window (or the store designated by the Company) by presenting your ID documents and the application form in person in order to protect the security of your personal information. The way of provision, processing time and inquiry fee of application documents are governed by laws, the Company's business regulations, and the service contract. According to Articles 10 and 11 of the Personal Data Protection Act, the Company may determine whether to accept your application or not by considering its necessity for the performance of business and the statutory retention period.

The Company will collect, process and use personal data only if you choose to agree to provide your personal data, and you are free to decide whether you would like to provide your personal data or not. However, if you decide not to provide personal data, the Company may not be able to approve the application or to provide the user with complete service.

III. Utilization of the personal data

■ Principles for Sharing Data with Third Parties

The Company will only use your personal data for the specific purposes stated at the time of collection and within the limits of relevant laws and regulations. The Company will not provide any personal data to a third party without your consent. However, the Company may share your personal data with a third party under the following circumstances that are in compliance with the principles of this Policy:

• In order to provide other services or preferential rights, if the Company needs to share your personal information with a third party who provides the service or preferential rights, a full explanation must be provided during the event. You have the right to choose whether to accept the service or promotion.


• When a judicial authority or government agency requires the Company to provide specific personal information due to public safety concerns, the Company will follow the legal and formal procedures under all users’ safety considerations.

IV. Data Protection

■ Data Risk Management and Liability

To ensure the security of the user information collected, processed, or used by the Company, strict control measures have been adopted on the network, systems, and operating procedures. In addition, the Company incorporates information security risks into its risk management system, holds regular management meetings, and implements risk identification, analysis, management and reporting through the operation of different levels of organizations and responsibilities, and takes necessary countermeasures. The internal staff has undergone complete training on personal data protection. The third-party suppliers are required to conduct stringent protection mechanisms to comply with the obligations and regulations set by the competent authority.

■ Third-Party Audit

The Company also conducts regular internal and external audits. Through the international standard certifications of ISO 27001 information security management and BS 10012 personal information management which is verified by third-party institute, the Company constantly review and strengthen the protection mechanism.

V. Security Mechanism of Information Protection

■ Channel of Customer Complaints

The Company has setup a toll-free customer service hotline (0800-058-885) to accept customers' needs for processing personal data, complaints and consultations.

■ Incident Investigation and Handling

The Company always adopts the principle of "zero tolerance" for personal data incidents. In the event of personal data breach, the responsible units, including information security, legal affairs, and customer service departments, will investigate and handle the case in accordance with the Personal Data Protection Act and the Company's incident reporting and procedures and relevant regulations. Any violator will be subject to the relevant laws and internal regulations of the Company (including but not limited to termination of cooperation).

VI. Security Instructions for Using Website

■ Verification of User Identity and Security Control

The Company’s website adopts the SSO (Single Sign On) mechanism for members to sign in. The members will be verified and authenticated by the Company’s database and systems. Non-members cannot use and log in to any services. To join as a member, it is required to provide and fill in relevant information and to authorize the activation via SMS.

All webpages related to customers or transactions are encrypted by using https to prevent any data theft or hacking. The Company’s network has several layers of firewalls protection to ensure the security of the systems.

■ Notes to Users

When you select [keep me logged in] on the login page in a computer or device and successfully login, the system will encrypt the login information and store it in your computer. Whenever you enter the website and the log-in information is required, the system will automatically send the user’s log-in information back to the Company’s host computer for authentication, allowing the user to remain logged in automatically. This, however, will only occur as long as the cookie is not cleared and you do not actively log out. Staying logged in can allow the user to easily access various services.

Please keep your password and personal information in custody properly and do not provide any personal information, specifically password to any other people. Please remember to logout of the account after shopping, and reading e-mails, etc. If you are sharing a computer for public use or using a public computer, remember to close the browser window to prevent other people from reading your personal information or mails.

Therefore, do not select [keep me logged in] while you are using a public or shared computer, and remember to log out every time you leave the computer to protect the security of your information.

VII. Use of Cookies

In order for the system to recognize the user’s data, the Company’s website or system may use cookies to record the user's behavior. The Company's server will write the required information into the user’s hard-disk through the browser.  The next time the browser requests the server to return to a webpage, it will automatically send the cookies information to the server. The server can determine the user according to the information and could then execute different activities or submit specific information according to the user's individual preferences back to the user's computer or device.

Under the following circumstances, the Company will write or read cookies information on your computer:

• To provide the users with personalized services for their convenience.
• To improve the Company's services by collecting statistics and analyzing the user's browsing mode.

VIII. Amendment of the Policy

The Company may implement any appropriate updates and amendments in response to factors such as technology development trends, amendments to relevant laws or regulations or other environmental changes in order to carry out the protection of the user's privacy. Any amendment or modification of the Policy made will be approved by the President and immediately published on the Company's website. If you continue to use the Company's services after the amendment or modification, you shall be deemed to have read, understood and agreed to accept the modified content of the Policy.