Roundday Group Personal Data Protection Policy Statement

Roundday Group (hereinafter referred to as “the Group”) attaches great importance to corporate social responsibility and complies with the relevant provisions of the Personal Data Protection Act. The Group has established comprehensive personal data protection and management measures.

To demonstrate the Group’s commitment to personal data protection and to provide the public with transparency regarding how personal data is collected, processed, used, and protected, the Group hereby issues this Personal Data Protection Policy Statement as follows:

1. The Group collects, processes, and uses personal data only for specified and legitimate purposes, and only within the necessary scope.
2. The Group adheres to the principle of data minimization by collecting only the personal data necessary for specified and legitimate purposes and avoiding excessive processing.
3. The Group clearly informs data subjects how their personal data will be used and by whom.
4. The Group ensures that collected personal data is processed and used appropriately and only for relevant purposes.
5. The Group collects, processes, and uses personal data in a fair and lawful manner.
6. The Group maintains a list of the categories of personal data it collects, processes, and uses.
7. The Group maintains the accuracy of personal data and updates it when necessary.
8. Personal data is retained only for the period required by law, regulations, or specific legitimate purposes.
9. The Group respects data subjects’ rights regarding their personal data, including the right to inquire about, request access to, request copies of, supplement or correct, request the cessation of collection, processing, or use of, and request the deletion of their personal data.
10. The Group uses appropriate technology and management systems to protect personal data and maintain the security of the personal data it holds.
11. Cross-border transfers of personal data are conducted only when adequate protection measures are in place.
12. When personal data is used under exceptional circumstances permitted by the Personal Data Protection Act, the Group ensures the legality and appropriateness of such use.
13. The Group establishes and implements a personal data management system to ensure the effective execution of its personal data protection and management policies.
14. The Group identifies internal and external stakeholders and defines the extent of their participation in the governance and operation of the personal data management system.
15. The Group clearly defines the responsibilities of personnel involved in the personal data management system.

The issuance of this statement demonstrates the Group’s commitment to personal data security and management. All employees are expected to fully understand the contents of this statement and implement the Group’s established personal data protection and management measures in their daily operations.
 

Roundday Group