Privacy Policy – UEC-IoT

UEC

Our website address is: https://uec-iot.com.tw , and our related mobile application is UEC plug.
Welcome to the UEC iSure website (hereinafter referred to as “this website”). To ensure that you can use our services and information with peace of mind, we hereby explain our privacy policy. Please read the following carefully to understand your rights and interests.

Scope of Application

This privacy policy explains how this website and related mobile applications (APP) handle personally identifiable information collected when you use our services. This privacy policy does not apply to third-party websites or related mobile applications outside this website, nor does it apply to individuals or organizations that are not commissioned or involved in the management of this website.

Collection, Processing, and Use of Personal Data

• When you visit this website and related mobile applications or use its functional services, we may ask you to provide necessary personal information based on the nature of the service and will process and use it within the specified scope. Without your written consent, we will not use your personal data for other purposes.
• When using the interactive functions of this website and related mobile applications (such as customer service email, surveys, etc.), the system will retain the name, email address, contact information, and usage time you provided.
• During general browsing, the server will automatically record relevant information, including your device’s IP address, usage time, browser type, browsing history, and click data, as a reference to improve website services. This information is for internal use only and will not be disclosed externally.
• To provide more precise services, we may conduct statistical analysis on the collected survey data and publish statistical results and explanations, but these will not involve specific personal data.
• If your personal data contains errors or is incomplete, you may request modifications or deletions at any time.

Data Protection

• This website adopts appropriate security measures, including firewalls, antivirus systems, and other information security technologies, to protect your personal data. Only authorized personnel have access to your personal information, and all individuals handling personal data must sign confidentiality agreements. Those who violate confidentiality obligations will be subject to legal consequences.
• If outsourcing is required for business needs, this website and related mobile applications will strictly require contractors to comply with confidentiality obligations and implement necessary supervision and inspections.

Policy on Sharing Personal Information

This website and related mobile applications will not provide, exchange, rent, or sell your personal data to third parties unless:
• With your written consent.
• It is explicitly required by law.
• It is necessary to protect your life, safety, freedom, or property rights.
• It is required by government agencies or academic research institutions for public interest and statistical analysis, and the data has been processed so that specific individuals cannot be identified.
• Your actions violate website terms of use or affect the rights of other users, and the website management unit must contact you or take legal action based on analysis.
• It is necessary to protect your rights.
• If this website or related mobile applications commission a contractor to assist in collecting, processing, or using personal data, it will supervise and manage the contractor responsibly.

User Comments and Information

• When you leave a comment on this website, the system will collect the data shown in the comment form, as well as your IP address and browser information, to detect spam.
• If you upload images to the website, please avoid including EXIF GPS location data, as other users may extract location information from the images.

Cookies Policy

• When you leave a comment on this website, you can choose to save your name, email address, and website in cookies. These cookies will be stored for one year to facilitate your next visit.
• If you visit the login page, the website will set a temporary cookie to determine whether your browser supports cookies. This cookie will be deleted when you close your browser.
• After logging in, the system will set cookies to store your login information and display settings. Login cookies will be retained for two days, while display setting cookies will be retained for one year. If you select “Keep me logged in,” your login status will be retained for two weeks. Logging out will delete login cookies.
• If you edit or publish an article, an additional cookie will be stored in your browser, which does not include personal data but only records the article ID. This cookie will expire after one day.
• If you do not wish to use cookies, you can configure your browser settings to reject cookies, but some website functions may not work properly.

Embedded Content from Third-Party Websites

Articles on this website may include embedded content (such as videos, images, and articles). The privacy policy of embedded content from third-party websites is the same as if you visited the website directly. These third-party websites may collect your data, use cookies, embed third-party tracking tools, and monitor your interactions.

External Links

This website may contain links to external websites. The privacy policy of this website does not apply to those external websites. Please refer to the privacy policy of the linked websites.

Retention Period of Personal Data

• When you leave a comment, the comment and its metadata will be retained indefinitely to facilitate automatic identification and approval of subsequent comments.
• If you register an account on this website, the website will store the personal information you provide. You can view, edit, or delete your personal data at any time (except for your username). Website administrators can also view and edit this information.

Your Rights

• If you have an account on this website or have left comments, you may request to download a file containing your personal data, including all the information you have provided.
• You may also request the deletion of your personal data. However, this request does not include data that this website must retain for administrative, legal, or security purposes.

Amendments to the Privacy Policy

This website and related mobile applications will update the privacy policy as needed, and revised terms will be published on this website.

Contact Us

If you have any questions regarding this privacy policy, please contact us:
📧 Email: developer@uec-iot.com.tw
📞 Phone: +886-2-27903585
📍 Address: 5F-1, No. 128, Xinhu 2nd Road, Neihu District, Taipei City, Taiwan
Last Updated: Feb 7, 2025

資訊安全政策

1. 目的
確保本公司所屬之資訊資產的機密性、完整性及可用性，並符合相關法規之要求，使其免於遭受內、外部的蓄意或意外之威脅。
2. 範圍
2.1 考量公司之核心資訊系統及相關利害關係者之需求及期望，基於保護資訊資產機密性、完整性、可用性為目標，將資訊系統開發維運、軟體專案服務及機房優先納入資訊安全管理範圍，展現本公司永續發展經營管理理念。
2.2 為避免因人為疏失、蓄意或天然災害等因素，導致資訊資產不當使用、洩漏、竄改、破壞等情事發生，對本公司帶來可能之風險及危害，應採用組織、人員、技術或實體等面向控制措施適切應對風險。資訊安全管理系統之管理事項如下：
2.2.1 資訊安全管理
2.2.2 資訊安全政策管理。
2.2.3 資訊安全組織管理。
2.2.4 人力資源安全管理。
2.2.5 資訊資產管理。
2.2.6 存取控制管理。
2.2.7 密碼管理。
2.2.8 實體與環境安全管理
2.2.9 作業安全管理。
2.2.10 通訊安全管理。
2.2.11 資訊系統獲取、開發及維護管理。
2.2.12 供應商關係管理。
2.2.13 資訊安全事件管理。
2.2.14 業務持續管理。
2.2.15 遵循性（適法性）管理。
2.2.16 資料安全管理。
2.2.17 變更與組態管理。
2.2.18 雲端服務管理。
3. 權責
3.1 資訊安全委員會
3.1.1 本公司資訊發展暨安全管理階層決策組織。
3.1.2 本公司資訊安全管理制度規劃、建立、實施、維護、審查與持續改善。

3.2 公司同仁、資訊系統服務使用者、委外人員
3.2.1 配合資訊安全管理制度作業。
3.2.2 遵守相關資訊安全管理制度規範。
4. 定義
4.1 資訊安全
保護資訊的機密性、完整性及可用性；亦能涉及如鑑別性、可歸責性、不可否認性及可靠性等性質。
5. 作業內容
5.1 原則
5.1.1 應考量相關法律規章及營運要求，進行資訊資產之資訊風險評估，確定資訊作業安全需求，建立「資訊安全管理程序」作業標準，採取適當資訊安全措施，確保資訊資產安全。
5.1.2 依人員角色及職能為基礎，建立評估或考核制度，並視實際需要辦理資訊安全教育訓練及宣導活動。
5.1.3 資訊資產存取權限之賦予，應依業務需求並考量最小權限、權責區隔及獨立性審查。
5.1.4 建立資訊安全事件管理程序，以確保事故妥善回應、控制與處理，訂定業務持續計畫並定期演練，以確保資訊系統或服務持續運作。
5.1.5 依據個人資料保護法與智慧財產法之相關規定，審慎處理及保護個人資訊與智慧財產權。
5.1.6 定期執行資訊安全稽核作業，檢視資訊安全管理制度之落實。
5.1.7 違反本政策與資訊安全相關規範，依相關法規或人事規定辦理。
5.1.8 為確保所有同仁知悉本身在資訊安全上應盡職責，應透過資訊安全持續訓練，強化同仁對資訊安全要求之認知。
5.2 瞭解組織及其全景
5.2.1 依營運目的，鑑別其會影響資訊安全管理系統之結果的內部、外部議題，包含相關法律要求或主管機關政策需求及關注方需求，並依鑑別結果建立「組織全景鑑別表」及「業務流程營運衝擊分析表」以作為鑑別及執行之依據，並據以確認ISMS之範圍符合性。
5.2.2 「組織全景鑑別表」得於每年重大議題變更時進行確認及必要之修訂。
5.3 目標
5.3.1 維護資訊之機密性、完整性與可用性，並保障個人資料隱私。
5.3.2 保護業務服務資訊，避免未經授權的存取、修改，確保其正確完整。
5.3.3 建立資訊營運持續計畫，以確保業務服務之持續運作。
5.3.4 業務服務執行須符合相關法令或法規之要求。
5.3.5 組織每年依上述目標訂定量化量測項目，填寫於「目標管控及量測表」，依實際執行情形管控。
5.4 審查
5.4.1 本政策應於每年檢討乙次，以適時呈現主管機關、法令規範、技術、組織及業務等最新發展現況，以確保資訊安全實務作業之有效性。
5.4.2 本政策必須以書面、電子或其他方式告知所有同仁及提供資訊服務之相關廠商或利害關係者適時取用。
5.5 實施
本政策經資訊安全委員會核定後實施，修訂時亦同。