Personal Data Policy Declaration

Personal Data Management Policy Declaration

Purpose

To enhance the Company' s personal data protection and management capabilities, reducing operational risk and creating a reliable environment for personal data protection and privacy. Relevant personnel must implement the personal data protection requirements into their daily work.

Policy Declaration

The Company processes personal data only to the extent necessary for legitimate purposes.

The Company only collects the minimum amount of personal data for legitimate purposes and does not process excess personal data.

An individual must be informed about the collection and use of their personal data.

The Company only processes relevant and appropriate data.

The Company shall process personal data in a fair manner that is in compliance with the law governing personal data protection.

The Company shall keep a list of the types of personal data processed by the organization.

The Company shall ensure the accuracy of personal data, which must be updated as necessary.

The Company shall retain personal data only as required by relevant personal data laws and regulations or regulatory requirements of the competent authorities, or for legitimate organizational purposes.

The Company shall respect the rights of the individual granted by the Personal Data Protection Act and provide the individual with channels to exercise their rights.

The Company shall protect the security of all personal data.

The Company may, only under the condition of appropriate protection, transfer personal data to a place outside of the country (territory).

The Company must ensure the applicability and legality of personal data to the exceptions permitted by the Personal Data Protection Act.

The Company shall establish and implement a personal data management system and fulfill the requirements of the Policy.

The Company shall identify internal and external stakeholders and the extent to which they are involved in the governance of the personal data management system.

The Company shall establish the roles and responsibilities of personnel in the personal data management system.

Applicability

The Policy applies to the collection, processing, and use of documents and files covering matters associated with personal data by all employees, outsourcing vendors, customers and external third parties.

Responsibility

All employees are responsible for immediate recording and reporting in the event of a security incident.

Those violating the Policy, depending on the severity of the case, will be subject to disciplinary action or legal proceedings in accordance with the Company' s Procedures for Worker Incentives and Punishment as well as applicable contract agreements and laws and regulations.

Implementation

The Policy is enacted from the date of announcement.