Q:Why am I reading this?

A: Nanya Technology Corporation or its subsidiaries (hereinafter "NTC", "we" or "us") is the controller responsible for the processing of your personal data as a business contact.

We are sensitive to privacy issues and we are strongly committed to protecting the privacy of our business contacts. In the following we would like to inform you about the processing of your personal data in relation to our business relationship.

You may contact us and our data protection officer at any time if you have any queries regarding the processing of your personal data. Please find our contact details in the section "contact us".

 

Q: What personal data do you hold about me?

A. We process the following personal data or categories of personal data within the context of our business relationship:

a) Data provided directly by you

We process the following personal data or categories of personal data provided by you (e.g. at trade fairs or by submission in one of our IT-Systems):

  • Master data (e.g. name, birth name, date of birth, address, place and country of birth, nationality, sex, marital status, email address, phone number)
  • Communication data: data about the content of communication and other data occurring in the course of business communication
  • Data protection declarations:
    • Consent to the processing of personal data;
    • Declarations to withdraw any prior consent, declarations to object to the processing of personal data;
    • Statements asserting your rights of access, to rectification, erasure, restriction of processing, and data portability, including the information you provide us by asserting your rights.

b) Data provided by third parties

We process the following data or categories of personal data that we receive from third parties

  • Data about sanction lists (e.g. names of persons listed in sanctions lists)

 

Q: How and why do you process my personal data?

A: We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR)、 the Federal Data Protection Act (BDSG) and other applicable laws for various purposes. In principle, we may process your personal data in the following cases: Processing that is necessary for the performance of a contract or in order to take steps prior to entering into a contract (Art. 6 (1) lit. b GDPR), processing is necessary for the purposes of our legitimate interests (Art. 6 (1) lit. f GDPR), based on your consent (Art. 6 (1) lit. a GDPR). In detail, we process your personal data for the following purposes and based on the following legal bases:

 

Purpose / legitimate interest Data processed or category of data
Administration of business relationships, including communication with you for the initiation, execution and settlement of contracts Master data, communications data,
Consent management (administration of data protection consent and revocation statements) Master data; data protection declarations.
Affected rights management (processing of data subject’s requests for access, rectification, erasure, restriction and/or data portability in order to comply with the data subjects’ rights Any data or categories of data that are subject of the respective request.
Comparison with sanction lists Master data (name, birth name, date of birth, place and country of birth, nationality, sex), data about sanction lists

 

Q: Will you share my personal data with anyone else?

A: At NTC, only those responsible persons will gain access to your personal data who are charged with the initiation and maintenance of the business relationship.

We may also share your personal data with the following recipients:

  • NTC that need access to the personal data forone of the other purposes listed above in the section "How and why do you process my personal data?".
  • our professional advisers, such as our accounting, legal advisers where they require that information in order to provide advice to us;
  • our service providers who support us in our business processes, e.g. IT service providers.

In addition, we can share personal data to others if we are required to do so due to statutory regulations or enforceable orders given by authorities or courts.

 

Q: Where is my personal data stored?

A: Your personal data will be stored locally in NTC but may also be stored and backed up on servers located in other counties We ensure that your data is protected in these countries by requiring the recipients of your data to enter in standard contractual clauses. If you would like to see a copy of these clauses, you can contact us using the details set out at the end of this Data Protection Notice.

 

Q: How long will you keep my personal data?

A: We process personal data only as long as it is necessary for the purposes listed above in the section "How and why do you process my personal data?".

Additionally, we are subject to various filing and documentation obligations, including applicable laws. The deadlines for storage and documentation specified there are up to ten years.

Furthermore, the storage period is also determined by statutory limitation periods.

Please contact us using the details at the end of this Data Protection Notice, for more information.

 

Q: What rights do I have over my personal data?

A: You have the following rights regarding your personal data:

  1. Right to be informed, Article 13, 14 GDPR
    You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we’re providing you with the information in this Data Protection Notice.
  2. Right of access, Article 15 GDPR
    You have the right to obtain access to your personal data (if we’re processing it) and certain other information (similar to that provided in this Data Protection Notice).
  3. Right to rectification, Article 16 GDPR
    You are entitled to have your personal data corrected if it’s inaccurate or incomplete.
  4. Right to erasure, Article 17 GDPR
    This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep it. This is not a general right to erasure; there are exceptions.
  5. Right to restrict processing, Article 18 GDPR
    You have rights to ‘block’ or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further.
  6. Right to data portability, Article 20 GDPR
    You have the right to obtain your personal data in a structured, commonly used and machine readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
  7. Right to object to processing, Article 21 GDPR
    You have the right to object to certain types of processing, in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests grounds.
  8. Right to withdraw consent, Article 9 GDPR
    If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).
  9. Right to lodge a complaint with a supervisory authority, Article 77 GDPR
    You have the right to lodge a complaint with a supervisory authority, if you are of the opinion that the processing of your personal data is unlawful. This right to complain is without any prejudice to any other administrative or judicial remedy.

To exercise any of these rights, at any time, you can contact us using the details set out at the end of this Data Protection Notice.

 

Q: Am I obliged to provide my personal data?

A: You are not obliged to provide us with personal data.

 

Q: Do you use automated decision-making and profiling?

A: We do not use your personal data in any kind of automated decision-making pursuant to Art. 22 GDPR. Your data will not be used for profiling. Profiling is any kind of automated processing of personal data which consists in using such data to analyze or predict certain personal traits.

 

Changes to this Data Protection Notice

From time to time we may make changes to this Data Protection Notice to ensure that it is accurate and up to date and to reflect any changes in the law. This Data Protection Notice was last updated in July 2019.

 

Contact us

Please do contact us if you have any questions or complaints about this Privacy Policy or about how we handle your personal data using the details below.

Nanya Technology Corporation, No. 98, Nanlin Rd., Taishan District, New Taipei City, Taiwan R.O.C., +886-2-29045858#1171. You may contact our data protection officer under the address provided above or via email: cathychang0903@ntc.com.tw.