新加坡商宜睿智慧股份有限公司台灣分公司個人資料保護管理政策

新加坡商宜睿智慧股份有限公司台灣分公司
個人資料保護管理政策
Personal Data Protection Policy

  • Purpose目標
    • In order to regulate the collection, processing and utilization of personal information and to advance the rational use of personal information and to prevent being stolen, falsified, corrupted, destroyed or leaked personal information, Edenred Pte. Ltd., Taiwan Branch (Singapore)(hereinafter referred to as Edenred)established personal information protection policy and requested all members of the organization to comply with the policy.新加坡商宜睿智慧股份有限公司台灣分公司(以下簡稱本公司)為規範個人資料之蒐集、處理、利用,並促進個人資料之合理使用,防止個人資料被竊取、竄改、毀損、滅失或洩漏,依據本公司資訊安全及個人資料保護政策管理程序,訂定本個人資料保護政策,以為遵循。
  • Scope範圍
    • Edenred covers business processes and information systems for the collection, processing and utilization of personal information.本公司所涉及個人資料蒐集、處理、利用之業務流程與資訊系統為範圍。
  • Basis依據
    • Personal Information Protection Act.中華民國個人資料保護法。
    • Personal Information Protection Act Enforcement Rules.中華民國個人資料保護法施行細則。
    • British national standard personal information management system.英國國家標準個人資訊管理系統(BS10012:2017)。
  • IV. Policy content政策內容
    • Edenred will comply with the relevant laws and regulations of Personal Information Protection Act and the requirements of the company.
      Note:Principle 1:processing personal information only where this is strictly necessary for legal and regulatory purpose, or for legitimate organizational purposes.
      本公司將遵守個人資料保護法相關法令法規及本公司所訂定之個人資料保護相關辦法要求。
      註解:第一原則:基於合法組織目的下,進行必要之個人資訊處理。
    • Aside from legal and business operation purposes to collect, process, and utilize of personal information, it is prohibit all illegal or non- administrative operation behavior.對於個人資料的蒐集、處理、利用,除合法及合於業務作業目的之外,嚴禁一切非法或非行政業務作業之行為。
    • Collecting personal information is only for the specific purpose of administrative operations. Shall not be carried out to collect, process and utilize personal data for different purposes.
      Note:Principle 2:processing only the minimum personal information required for these purpose.
      僅於業務執行行政作業過程中之特定目的內蒐集個人資料,不應進行不合特定目的之蒐集、處理、利用。
      註解:第二原則:僅針對特定目的蒐集最少的個人資訊,且不處理過多的個人資訊。
    • Edenred only collects, processes and utilize the personal information provided by the data subject with in the scope of the statutory and regulatory requirements and business practices. We will take appropriate protective and safeguard measures to process and utilize personal information based on the reasonable necessary.本公司僅於法令法規規範及業務所須範圍內,蒐集、處理及利用當事人所提供之個人資料,並僅於適當且合理之必要範圍內為處理、利用個人資料,亦將採取適切之保護措施。
    • A clear method shall be provide to notify the data subject (including children) of the information on how their personal information will be used and who will used.
      Note:Principle 3:providing clear information to natural persons (including children) about how their personal information can be used and by whom.
      應提供明確之管道讓當事人(包含兒童)知悉其個人資料將如何被使用及被誰使用的清楚資訊。
      註解:第三原則:明確提供自然人其個人資訊使用方式與對象的資訊。
    • Where personal information related to children (under the age of 11, or equivalent minimum age in the relevant jurisdiction) is being collected, it shall include a mechanism for obtaining the consent of the holder of parental responsibility. When establishing a personal information inventory, it shall identify as high-risk personal information and shall maintain the related content.
      Note:Principle 4:ensuring special safeguards when collecting information directly from children.
      對於所取得之兒童(11歲以下或各司法管轄地規定的等同最低年齡)個人資料,應取得監護人同意,於建立個人資料檔案清冊時明確標示為高風險個人資訊並適當維護相關內容。
      註解:第四原則:確保處理直接由兒童蒐集的資訊受到保護。
    • Processing personal data is only for the specific purpose of administrative operations.
      Note:Principle 5:only processing relevant and adequate personal information.
      僅處理與業務行政相關且適當的個人資料。
      註解:第五原則:僅處理相關且適當的個人資訊。
    • In accordance with the principles of lawful, fair, justice, public and reasonable disposal to collect, process, and utilize of the necessary personal information, it shall establish a management system to handle personal information reasonably and appropriately.
      Note:Principle 6:processing personal information fairly and lawfully.
      本著合法、公平、公正、公開的合理處置原則,進行蒐集、處理、利用必要之個人資料,並建立管理制度,以合理且適切的處理所取得之個人資料。
      註解:第六原則:公平與合法地處理個人資料。
    • It shall create a personal information inventory, based on the importance of the information contact to be classified and properly, maintain the relevant content for the obtained personal information.
      Note:Principle 7:maintaining a documented inventory of the categories of personal information processed by the organization..
      對於所取得之個人資料,依資料內容之重要程度予以分類,並建立相關管理清冊,且適時維護及維持相關內容。
      註解:第七原則:維護組織處理的個人資訊分類清冊。
    • In order to maintain the accuracy of personal information, the personal information shall keep up to date according to the nature of the operation and the request of data subject.
      Note:Principle 8:keeping personal information accurate and, where necessary, up-to -date.
      為保持個人資料精確性,依作業性質及當事人之請求,予以保持最新。
      註解:第八原則:保持個人資訊的正確性,並依需要保持最新。
    • During the personal information protection period, it can collect, process, and utilize personal information only in accordance with the law, the regulation or a specific purpose.
      Note:Principle 9:retaining personal information only by for as long as is necessary for legal or regulatory reasons or for legitimate organizational purposes and ensuring timely and appropriate disposals.
      個人資料保存期限,僅在合乎法律或規定或特定目的內進行。
      註解:第九原則:僅依法律法規或合法組織目的的要求下,保存個人資訊。
    • In order to respect natural persons’ right, Edenred shall promptly and appropriately to process the cases when the data subject make applications for the inspection, copying, correction, deletion personal data, and shall concerned within a reasonable and lawful time.
      Note:Principle 10:respecting natural persons’ right in relation to their personal information.
      為尊重當事人權利,本公司於當事人提出個人資料之查閱、複製、更正、刪除等之申請時,將在合理、合法的時間內,迅速地做出適當的對應處理。
      註解:第十原則:尊重自然人之個人資訊行使權利,包含資料調閱權。
    • It shall regulate the collection, processing and utilization of personal data in conformity with the regulation of Personal Data Protection Act, and shall ensure the Personality Right and privacy of data subject to improve the reasonable use of personal data. It shall establish and perform personal data protection management system and shall continue to maintain and improve.
      Note:Principle 11:keeping all personal information secure.
      規範個人資料之蒐集、處理及利用以符合個人資料保護法之規定,並確保當事人之人格權、隱私及促進個人資料之合理使用,制定和實施相關個人資料保護管理制度,並不斷進行維持和改善。
      註解:第十一原則:確保所有個人資訊的安全。
    • Only if it has lawful and properly protection, it can transfer personal information to other countries or region.
      Note:Principle 12:only transferring personal information outside the UK in circumstances where it can be adequately protected.
      僅於合法及有適當保護的狀況下傳送個人資料至其他國家或地區。
      註解:第十二原則:僅在被適當保護之下,才能將個人資訊傳輸至國境之外。
    • If necessary, it should provide the organize strategies on how to deal with EU regulators to natural persons in other EU countries. And, it shall timely consult relevant stakeholders and participate in the operation of personal data protection management organizations.
      Note:Principle 13:where appropriate, the strategy for dealing with regulators across the EU, where goods and/or services are offered to natural persons who are resident in other EU countries.
      必要時提供歐盟其他國家的自然人,關於組織應對歐盟監管機構的策略,並適時諮詢相關利害關係人及參與個人資料保護管理組織之運作。
      註解:第十三原則:對歐盟其他國家的自然人提供貨物和/或服務,應在適當時,提出處理應對歐盟監管機構的策略。
    • All member of group shall observe strict the regulation of personal data protection, including exemptions from other laws.
      Note:Principle 14:the application of the various exemptions allowable by data protection legislation.
      嚴格遵守個人資料保護相關法規,包含其他法規豁免例外應用。
      註解:第十四原則:個人資訊保護法律所允許之例外情形的應用。
    • It shall continue to develop and implement personal data protection and management to ensure the implementation of policy.
      Note:Principle 15:developing and implementing a PIMS to enable the PIMS policy to be implemented.
      持續發展及實施個人資料保護管理工作,以確保政策得以落實。
      註解:第十五原則:發展與實施PIMS,使政策得以實施。
    • It shall appropriate to identify and to consult with the interest parties to increase the degree of participation with them.
      Note:Principle 16:where appropriate, identifying internal and external interested parties and the degree to which they are involved in the governance of the organization’s PIMS.
      適當鑑別並諮詢利害關係人,以增加利害關係人的參與程度。
      註解:第十六原則:適當時,識別內部與外部利害相關團體,以及其對組織PIMS治理參與的程度。
    • It shall confirm the duty and the responsibility of the relevant members within personal data protection management system. It shall assign relevant management people and establish a personal data protection management organization. And it shall perform personal data protection education and training program for related people in order to implement the personal data protection management system.
      Note:Principle 17:the identification of workers with specific responsibility and accountability for the PIMS.
      確認相關人員在個人資料管理制度內之職掌及責任。指派相關管理人員,並且建立個人資料保護管理組織及對相關人員實施個資保護教育訓練,以落實個人資料保護管理制度。
      註解:第十七原則:明確界定工作人員在PIMS中之責任與歸責性。
    • It shall established a personal information protection management system and personal information protection management objectives to implement personal data safeguard. Through regular inspections and internal audits to ensure that policies and systems are implemented and continuously improved.
      Note:Principle 18:maintain records of processing of personal information.
      應訂定個人資料保護管理制度及個人資料管理目標,落實執行個人資料保護管理作業,透過定期檢查、內部稽核等方式,確保政策與制度得以落實並持續改善之。
      註解:第十八原則:維護個人資訊處理紀錄。
  • Policy Evaluation政策評估:
    This policy shall be reviewed and evaluated annually to reflect the latest situation of international standards, government decrees, technologies and business, and to ensure the timeliness of personal data management practices.本政策應每年進行審查評估,以反映國際標準要求、政府法令、技術、及業務等最新情況,確保個人資料管理實務作業之時效性。
  • Publication and Implementation公布與實行:
    • This policy shall be through the announcement process, so that personnel understand the relevant provisions of personal data protection and management policies, and so as to facilitate their compliance.本政策應經由公告程序,使人員了解個人資料保護管理政策相關規定,俾利其遵循。
    • This policy shall be implemented after modified by personal data protection management team, reviewed by management representative and approval by the organization representative or the senior management team. The same procedure for correction.本政策經個人資料保護工作小組修訂及管理代表審查後,送交組織代表或高階管理小組核可後實施,修正亦同。
  • 2018/10/10