Q1:Why am I reading this?
A: Nanya Technology Corporation or its subsidiaries (hereinafter "NTC", "we" or "us") is the controller responsible for the processing of your personal data provided for business purpose.
We are sensitive to privacy issues and we are strongly committed to protect the privacy of our customers, suppliers, employees, candidates and other business contacts, take privacy protection as an important issue for risk management and legal compliance, and prevent dissemination or misuse for secondary purpose. In addition, the privacy risk is regularly followed and assessed by Risk Management Committee which is under the board. In the following we would like to inform you about the processing of your personal data in relation to our business relationship.
You may contact us and our data protection officer at any time if you have any queries regarding the processing of your personal data. Please find our contact details in the section "contact us".
Q2: What personal data do you hold about me?
A. We process the following personal data or categories of personal data within the context of our business relationship:
a) Data provided directly by you
We process the following personal data or categories of personal data provided by you (e.g. at trade fairs or by submission in one of our IT-Systems):
Master data (e.g. name, birth name, date of birth, address, place and country of birth, nationality, sex, marital status, email address, phone number)
Communication data: data about the content of communication and other data occurring in the course of business communication
Data protection declarations:
Consent to the collecting and processing of personal data (right to opt-in or opt-out);
Declarations to withdraw any prior consent, declarations to object to the collecting and processing of personal data;
Statements asserting your rights of access, to rectification, erasure, restriction of processing, and data portability, including the information you provide us by asserting your rights.
b) Data provided by third parties
We process the following data or categories of personal data that we receive from third parties
Data about sanction lists (e.g. names of persons listed in sanctions lists)
Q3: How and why do you process my personal data?
A: We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR)、 the Federal Data Protection Act (BDSG) and other applicable laws for various purposes. In principle, we may process your personal data in the following cases: Processing that is necessary for the performance of a contract or in order to take steps prior to entering into a contract (Art. 6 (1) lit. b GDPR), processing is necessary for the purposes of our legitimate interests (Art. 6 (1) lit. f GDPR), based on your consent (Art. 6 (1) lit. a GDPR). In detail, we process your personal data for the following purposes and based on the following legal bases:
|Purpose / legitimate interest
|Data processed or category of data
|Administration of business relationships, including communication with you for the initiation, execution and settlement of contracts
|Master data, communications data,
|Consent management (administration of data protection consent and revocation statements)
|Affected rights management (processing of data subject’s requests for access, rectification, erasure, restriction and/or data portability in order to comply with the data subjects’ rights
|Any data or categories of data that are subject of the respective request.
|Comparison with sanction lists
|Master data, data about sanction lists
Q4: Will you share my personal data with anyone else?
A: At NTC, only those responsible persons (including public and private entities) will gain access to your personal data who are charged with the initiation and maintenance of the business relationship.
We may also share your personal data with the following recipients:
NTC that need access to the personal data for one of the other purposes listed above in the section "How and why do you process my personal data?".
our professional advisers, such as our accounting, legal advisers where they require that information in order to provide advice to us;
our service providers who support us in our business processes, e.g. IT service providers.
In addition, we can share personal data to others if we are required to do so due to statutory regulations or enforceable orders given by authorities or courts.
We will not sell your personal data to any third party. If you are a resident of California, your personal data also will be protected by California Consumer Privacy Act (“CCPA”). Under which, any sale of your personal data shall be approved by you in advance. You may ask us what Personal Data of yours is collected, used, and disclosed by us, and/or request us to delete your Personal Data. (Contact us: firstname.lastname@example.org). You will not be discriminated against because of your exercise of your privacy rights under CCPA.
Q5: Where is my personal data stored?
A: Your personal data will be stored locally in NTC but may also be stored and backed up on servers located in other counties We ensure that your data is protected in these countries by requiring the recipients of your data to enter in standard contractual clauses. If you would like to see a copy of these clauses, you can contact us using the details set out at the end of this Data Protection Notice.
Q6: How long will you keep my personal data?
A: We process personal data only as long as it is necessary for the purposes listed above in the section "How and why do you process my personal data?".
Additionally, we are subject to various filing and documentation obligations, including applicable laws. The deadlines for storage and documentation specified there are up to ten years.
Furthermore, the storage period is also determined by statutory limitation periods.
Please contact us using the details at the end of this Data Protection Notice, for more information.
Q7: What rights do I have over my personal data?
A: You have the following rights regarding your personal data:
To exercise any of these rights, at any time, you can contact us using the details set out at the end of this Data Protection Notice.
Q8: Am I obliged to provide my personal data?
A: You are not obliged to provide us with personal data.
Q9: Do you use automated decision-making and profiling?
A: We do not use your personal data in any kind of automated decision-making pursuant to Art. 22 GDPR. Your data will not be used for profiling. Profiling is any kind of automated processing of personal data which consists in using such data to analyze or predict certain personal traits.
Q10: Do you have management mechanism for personal data protection?
A: We have established Committee of Personal Data Protection, comprising Personal Data Protection Officer undertaken by HR Director and other related officers, to assess personal data risk and to plan and execute related personal data mechanisms. Such mechanisms will be yearly audited to ensure their reasonableness and effectiveness.
Q.11: How do you ensure the security of personal data?
A: We ensure effectiveness of our personal data protection mechanism by regularly audit (at least once a year) and use authority management, encryption, history retention to ensure the security of personal data access, process and changes. Violating of personal data protection policy will be subjected to our disciplinary punishment and may take legal responsibility.
Changes to this Data Protection Notice
From time to time we may make changes to this Data Protection Notice to ensure that it is accurate and up to date and to reflect any changes in the law. This Data Protection Notice was last updated in May 2022.
Nanya Technology Corporation, No. 98, Nanlin Rd., Taishan District, New Taipei City, Taiwan R.O.C., +886-2-29045858#1171. You may contact our data protection officer under the address provided above or via email: email@example.com.