Protecting the personal privacy of every customer and vendor is a crucial part of gaining and keeping the trust of our stakeholders. AUO Corporation (hereinafter referred to as the “Company” or “we”) hopes that the privacy statement outlined below serves as an indication of our commitment to protecting the security and privacy of your personal data.

 

This privacy statement (hereinafter referred to as the “Statement”) serves as our commitment to you to protect the security and privacy of your personal data, and covers the following areas of privacy concerns:

 

  • The types of data we collect from you
  • When we collect your data
  • How we use and process your data
  • Our legal basis for processing your data
  • When and to whom we share your data
  • For how long we retain your data
  • When and to whom we transfer your data across country borders
  • Whether and how we carry out profiling using your data
  • The security measures we take to protect your data
  • Your rights over your data
  • The choices you have over how your data is collected and used by us
  • Who to contact and what to do if you wish to discuss with us about your data and your rights

 

This Statement does not apply to third-party applications, products, services, websites or social media features that may be accessed through links that we provide on our websites and interfaces. Accessing those links may result in the collection of information about you by a third party. We do not control or endorse those third-party websites or their privacy practices. We encourage you to review the privacy policies of such third parties before interacting with them.

 

Your privacy is of utmost importance to us in servicing you. Our products and services are rendered to you on the basis of your understanding of your data privacy rights.

 

Please read this Statement carefully. When visiting our website and using our services that link to or reference this Statement, you consent to the terms and conditions of this Statement.

 

 

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the data alone or in conjunction with any other data in the one’s possession or likely to come into such possession. The processing of your personal data is governed by applicable privacy laws.

 

 

What roles do we play in processing your data?

We are the data controller with respect to processing your data (contact details below). This means that we decide how your personal data is processed and for what purposes. We know that you care how data about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly.

 

 

When are your personal data collected?

Some of your personal data may, in particular, be collected by us:

 

  • whenever you become our customer;
  • whenever you register to use our online services (each time you log in or each time you use them);
  • whenever you fill in forms and contracts that we send to you;
  • whenever you use our services and products;
  • whenever you opt-in to our online or offline marketing measures and activities, including but not limited to: newsletters, online and live event registrations, and other promotional information and materials;
  • whenever you contact us via the various channels we offer you

 

 

Our collection of personal data

The personal data we collect include any and all data you provide to us when you enter into contract with us, register an account with us, enter on our website, provide us information on a web form, update or add information to your account, or give us in any other way. You can choose not to provide data to us, but we may then not be able to service you where such services require processing such data. We use the data that you provide for the purposes of administering your use of our services, such as communicating with you, responding to your requests, managing your account, customizing your service experience with us, and improving our products and services. We may communicate with you by email or telephone, in accordance with your wishes. We will send you strictly service-related announcements or information on rare occasions when it is necessary to do so.

 

Examples of the personal data we collect and store include: your e-mail address, name, address, phone number, transaction data and any information you provide during a transaction, logistics and billing data (such as customs ID and tracking number), your chat and service history with us, and any other information you may provide us such as your age, gender, interests and preferences.

 

We also receive and store certain types of data whenever you interact with us. For example, we use “cookies,” which are unique identifiers that we transfer to your device to enable our systems to provide features of our services on other websites, provide remote access for you, allow you to visit our website without re-entering your username and/or password, verify that you have the authorization needed for the services to process your requests, personalize and improve your experience, record your preferences, customize functionalities for your devices, and to improve the functionality and user-friendliness of our services. It also helps us to better understand how you interact with our online services and to monitor aggregate usage and web traffic routing on our website. Cookies do not cause any damage on your computer. Most browsers automatically accept cookies as the default setting. You can modify your browser setting by editing your browser options to reject our cookies or to prompt you before accepting a cookie. However, if a browser does not accept cookies or if you reject a cookie, some portions of our services may not function properly.

 

We obtain certain types of data when your web browser accesses us, such as the Internet protocol (IP) address used to connect your computer to the internet, device ID or token, unique identifier, device type, computer and connection data such as the type of operating system you use, your device information, your software information, browser type and version, your browsing history on our website, and your web log information on our website.

 

All the data we collect from you may be stored as log files in our server or as augmented information associated with you or your devices. These log files are used for analysis, research, auditing, and other purposes. Your data is stored in log files until the data is transferred to backup databases. We routinely back-up a copy your data to prevent loss of your data in case of a server breakdown or human error. However, all such copies of your data in our backup database will be retained only for as long as our data retention policy permits (see “How long do we keep your personal data?” below) and will be deleted immediately upon your request unless otherwise provided by applicable law.

 

 

Use of Cookies

Our website uses analytics tools such as cookies to analyze how you use our website, and to monitor and analyze the use of our services. The information generated by cookies about your use of the website will be transmitted to and stored by various cookies providers (“Cookies Providers”). Cookies Providers will use such information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity, and providing us other services relating to website activity and internet usage.

 

We use both first-party and third-party cookies on our website. First-party cookies are cookies issued from our domain that are generally used to identify language and location preferences or render basic site functionality. Third-party cookies belong to and are managed by other parties. These cookies may be required to render certain forms, or to allow for some advertising outside of our website.

 

 

Use of Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help the website analyze how users use the site, to monitor and analyze use of our services. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In case IP-anonymization is activated on this website, your IP-address will be truncated within the area of the member states of the European Union. Only in exceptional cases the whole IP-address will be first transferred to a Google server in the USA and truncated there. The IP-anonymization is active on this website. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity, and providing us other services relating to website activity and internet usage. The IP-address that your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing: http://tools.google.com/dlpage/gaoptout?hl=en

 

 

Use of Opt-In/Subscribe Personal Data

You have a choice of whether and how you receive a variety of marketing measures and activities from us related to product solutions, services and helpful business content.

 

You can manage your preferences by:

 

Opting-in to newsletter subscription on a web form; or

Unsubscribing to newsletter or opting-out of marketing measures and activities, via a button in the bottom right on the front page of our website or other methods as required by the applicable laws.

 

 

How do we process your personal data?

 

We comply with our obligations under applicable privacy laws by keeping personal data up to date; by storing and destroying it securely; by collecting and retaining only the necessary personal data that we need to service you; by protecting personal data from loss, misuse, unauthorised access or disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

 

The processing operations we perform on your personal data cover automated and non-automated means of collecting, recording, organizing, structuring, storing, altering, retrieving, using, transmitting, disseminating or otherwise making available, aligning or combining, restricting, and/or erasing your personal data.

 

We use your personal data for the following purposes:

  • To design and deliver our services and activities to you.
  • To operate our website to provide you access to and use of our services.
  • To customize, measure, and improve our services based on your preferences.
  • To provide services and products requested by you as described when we
  • collect the personal data.
  • To contact you to conduct research about your opinions of current services and
  • products or of potential new services and products that may be offered by us.
  • To send you newsletters informing you of our news, events, new products, and activities.
  • To share your contact details with our affiliate offices around the world within our group companies, for the purposes of internal administration and back-office support, to ensure our network security, and to prevent fraud.
  • To maintain the integrity and safety of our data technology systems and facilities which store and process your personal data.
  • To provide anonymous reporting for internal and external customers.
  • To share your contact details with our logistics partners, distributors, and integrators so that they can assist us to deliver our services and products to you.
  • To enforce or defend our policies or contracts with you.
  • To detect and investigate actual and suspected data breaches, illegal activities, and fraud.

 

 

What is our lawful basis for processing your personal data?

In general, the lawful bases for us to process your personal data for the various types of processing performed on your data (please refer to “How do we process your personal data?” section of this Statement) are, as applicable, processing based on your consent, as necessary for us to enter into and to perform our contract with you, or as necessary to pursue the legitimate interest of our Company or of third parties.

 

We will collect, process and use the personal data supplied by you only for the purposes communicated to you and will not disclose your personal data to third parties except under the circumstances described in the “Sharing your personal data” section below.

 

Where we talk about our legitimate interest or that of third parties, such legitimate interest can include:

  • Implementation and operation of a group-wide organizational structure and group-wide information sharing;
  • Right to freedom of expression or information, including in the media and the arts;
  • Prevention and detection of fraud, misuse of company IT systems, or money laundering;
  • Physical security, IT and network security;
  • Internal investigations; and
  • Proposed or actual mergers and acquisitions

 

 

Necessity to provide us personal data

You are not under any obligation to provide us any personal data. As noted below, the choice is yours. However, please note that without certain data from you, we may not be able to undertake some or all of our obligations to you under our contract with you, or adequately provide you with our full range of services. If you would like to obtain more details about this, please contact us following the instructions in the “Whom should I contact?” section below.

 

 

Sharing your personal data

Your personal data will be treated as confidential, and will be shared only with the categories of data recipients listed below. Unless otherwise stated in this Statement, we will only share your data with third parties outside of the Company with your consent, and you will have an opportunity to choose for us not to share your personal data.

 

We may disclose your personal data to:

  • our affiliated entities within our global group of companies worldwide to provide you services such as facilitating order processing and shipping, for internal administration purposes, to detect and deal with data breaches, illegal activities, and fraud, and to maintain the integrity of our information technology systems.
  • third party service providers whom we sub-contract to work on our behalf or for us and therefore may have access to your personal data only for purposes of performing these tasks on our behalf and under obligations similar to those described in this Statement, who perform functions such as data processing, auditing, order fulfillment, managing and enhancing customer data, providing customer service, conducting customer research or satisfaction surveys, logistics support, marketing support , informational systems technical support, to help us provide, analyze, and improve our services such as data storage, maintenance services, database management, web analytics, improvement of our service features, and to assist us in detecting and dealing with data breaches, illegal activities, and fraud.
  • governments and/or government-affiliated institutions, courts, or law enforcement agencies, to comply with our obligations under relevant laws and regulations, enforce or defend our policies or contracts with you, respond to claims, or in response to a verified request relating to a government or criminal investigation or suspected fraud or illegal activity that may expose us, you, or any other of our customers to legal liability; provided that, if any law enforcement agency requests your personal data, we will attempt to redirect the law enforcement agency to request that personal data directly from you, and in such event, we may provide your basic contact information to the law enforcement agency.
  • third parties involved in a legal proceeding, if they provide us with a court order or substantially similar legal procedure requiring us to do so.

 

 

How long do we keep your personal data?

We keep your personal data for no longer than reasonably necessary for the given purpose for which your data is processed. If you will provide us, or have provided us, consent for us to process your personal data, we will process your personal data as long as your consent is effective. Notwithstanding the above, we may retain your personal data as permitted by applicable laws and regulations, as necessary to assist with any government and judicial investigations, to initiate or defend legal claims or for the purpose of civil, criminal or administrative proceedings. If none of the above grounds for us to keep your personal data apply, we will delete and dispose of your personal data in a secure manner according to our data protection policy.

 

 

How do we destroy your personal data?

The procedures and methods of destroying personal data are as follows:

 

  • Destruction procedures: Once the grounds for us to keep your personal data cease to exist, we will destroy such data voluntarily or upon your request; nonetheless, to the extent permitted by applicable privacy laws, your data may remain on backups for a certain period until the backup data is overwritten if removing a single record from backups is unreasonably costly or not technically feasible. We will put such backup data beyond use unless we need to retrieve backups for system restoration in case of system damage or other exceptional circumstances.
  • Destruction methods: Personal data recorded and stored in electronic files will be irreversibly destroyed to prevent their recovery, and personal data recorded and stored in hard copy format will be shredded or incinerated.

 

 

Privacy of data subjects under the age of 16

Our products and services are not targeted to persons under the age of 16. We do not knowingly collect or process personal data from persons under the age of 16.

 

 

Your rights and your personal data

Unless subject to an exemption under applicable privacy laws, you have the following rights with respect to your personal data:

 

  • The right to request a copy of your personal data which we hold about you;
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • The right to request to erase your personal data where it is no longer necessary for us to retain such data;
  • The right to withdraw your consent to the processing at any time, if and where we rely on your consent to process your data. This includes cases where you wish to opt out from marketing communications that you receive from us;
  • The right to request that we provide you with your data and where possible, to transmit that data directly to another data controller, where the processing is based on your consent or is necessary for the performance of a contract with you, and in either case we process the data by automated means;
  • The right to restrict our processing of your personal data where you believe such data to be inaccurate, our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it;
  • The right to object to us using your personal data, where the legal justification for our processing of your personal data is our legitimate interest. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defense of legal claims; and
  • The right to lodge a complaint regarding our processing of your data, with the competent authority where you reside or in which your data is processed. 

 

If you would like to exercise any of the above rights, please do so by e-mail to privacy@jmxhhc.com.

 

If you are a resident of the U.S. State of California, please see our U.S. State Privacy Rights Notice for details about your privacy rights and how to exercise them.

 

After receiving your request, we will evaluate your request and inform you how we intend to proceed on your request. Under certain circumstances in accordance with applicable privacy laws and regulations, we may withhold access to your data, or decline to modify, erase, port, or restrict the processing of your data.

 

Please be advised that if you exercise the rights to erase personal data, restrict or object to our processing, or to withdraw your consent, we may not be able to continue our services to you if the necessary data is missing for processing.

 

 

International Transfer

As a globally operating company, we must be able to transmit your data to other countries or jurisdictions within which our global group of companies operate for the reasons set forth above, including, but not limited to, Bulgaria, mainland China, Finland, Germany, India, Japan, South Korea, Mexico, the Netherlands, Singapore, Slovakia, Taiwan, USA, and Vietnam. In making such data transfers, we make sure to protect your personal data by applying the level of security required by applicable privacy laws. Where we transfer your data to a country that cannot guarantee the required level of protection, we have enhanced our IT security measures and have entered into standard data protection clauses with the transferee to require security obligations on the transferee, both of which are intended to increase the protection of your personal data. Subject to applicable privacy laws, you may refuse international transfers of your personal data by using the channels set forth in the “Whom should I contact?” section of this Statement; however, please note that if you do this, we may not be able to provide you with certain services without the data necessary for such services purposes.

 

 

Profiling

We currently do not carry out profiling, which is an automated processing of personal data consisting of using your personal data to build a profile on you and evaluate certain personal aspects concerning you, or to analyse or predict aspects concerning you. Nor do we currently use your data to perform any fully automated decision-making that involves making decisions by solely technological means without human involvement. If and when we decide to undertake any profiling or fully automated decision-making using your personal data, we will provide you with a prior explanation about what we intend to do with your personal data and obtain your written consent for us to do so as required by applicable law, and we will, prior to such processing, implement appropriate measures to safeguard your rights, freedoms and legitimate interests.

 

 

Further processing

Unless there is a legal basis or we have obtained your prior consent, we will not use your personal data for a secondary purpose not covered by this Statement. If we wish to use your personal data for a new purpose not covered by this Statement, then we will provide you with a new notice explaining this new use prior to commencing such further processing for a new purpose, setting out the relevant new purpose and processing conditions as required by applicable law. In such case, we will, whenever necessary, find a lawful basis for further processing, and seek your prior written consent to such further processing.

 

 

Security

In case of network incidents (e.g., cyberattacks that lead to data breaches), your data privacy may be compromised, thus damaging your reputation and incurring financial losses. Therefore, we protect your data using technical measures to minimize the risks of misuse, unauthorized access, unauthorized disclosure, loss or theft, and loss of access.

 

Some of the safeguards we use are data pseudonymization, data encryption, firewalls, and data access authorization controls. We take our data security very seriously. Therefore the security mechanisms used to protect your data are checked and updated regularly to provide effective protection against abuse.

 

The website through which we collect your information is usually encoded using the encryption module of your browser such as Hypertext Transfer Protocol Secure.

 

These sites are certified for international encryption technique. Moreover, we have put in place additional and comprehensive state-of-the-art security measures when your data are accessed via the internet. Firewalls prevent unauthorized access. Diverse encryption and identification layers protect your data from intrusion or disclosure to third parties during data transfer. Additionally, a session ID is generated during data transfer to safeguard your information.

 

Despite our best efforts, however, security cannot be absolutely guaranteed against all threats. If you believe that the security of your data has been compromised, or if you like more information on the measures we use to protect your data, please contact us following the instructions in the “Whom should I contact?” section below.

 

 

What are your choices?

Unless otherwise provided by applicable privacy laws, you have the choice to allow us to collect and process your data. The collection and processing of your personal data is neither a statutory nor a contractual requirement, although as noted above, we will be unable to provide you with certain services without the data necessary for such services purposes.

 

If you are dealing with us online, note that most browsers will inform you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, and how to disable cookies. Additionally, you can disable or delete data used by browser add-ons, such as Flash cookies, on your browser or on the website of its manufacturer.

 

You can always choose not to provide your data to us, although we may need such data to process your requests, in which case we will inform you of our constraints.

To the extent that you have consented to our processing of your data, you can choose to discontinue our processing at any time.

 

You can choose to request from us a copy of the personal data we store and process regarding you.

 

You can choose to add or update data that you have provided to us.

 

You can choose to erase your data, or you may choose to restrict our processing of your data instead.

 

You can choose to port your data to a third party under conditions stated above.

 

You can choose to object to our processing of your data.

 

You can choose to not allow us to engage in building a personalized marketing profile based on such profile.

 

Your choice or request on any aspects of data processing listed above can be communicated to us using the channels set forth in the “Whom should I contact?” section of this Statement. You may also authorize an agent to make any of the above requests using the same channels on your behalf.

 

In summary, what we are allowed to do with your data is, with limited exceptions under applicable privacy laws, up to you. However, in the event that you choose for us not to further process your data, such choice may affect the delivery of our obligations or services to you; in this situation, we will inform you of our constraints.

 

 

Whom should I contact?

If you have any question about this Statement, or if you would like to exercise any of your rights, or if you have any complaints that you would like to discuss with us, please contact us using the following methods:

 

AUO Corporation

Data Protection Officer: JC Yang

Telephone: +886-03-500-8800

E-mail: privacy@jmxhhc.com

Address: No. 1 Li-Hsin Rd. 2, Hsinchu Science Park, Hsinchu 30078, Taiwan

 

In case of disagreements relating to our processing of your personal data, you can submit a request for mediation or other administrative action to the data protection supervisory authority with the competent authority where you reside or in which your data is processed. Please click here for a list of local data protection authorities in EEA countries: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

 

 

Notification of modifications

We reserve the right, in our sole discretion, to modify or otherwise update this Statement at any time. We will notify you of material changes to this Statement by sending an email to you, posting the revised statement on this page and/or as otherwise required by applicable privacy laws.

 

 

Iurisdiction-specific provisions

The following jurisdiction-specific provisions set out supplemental terms applicable to our processing of your personal data if you use our products or services in specific jurisdictions:

 

 

Mainland China

This section applies if you provide your personal data to us via our subsidiaries in mainland China:

 

Storage Location and International Transfer

Your personal data will primarily be stored and processed in mainland China, and pursuant to sections of “Sharing your personal data” and “International transfers”, we may share your personal data to outside of mainland China.

 

In case your personal data may be shared outside of mainland China to the extent required by the applicable laws, we will notify you of the following information before transferring your personal data to an overseas recipient and/or obtain your consent for such transfer:

  • The name and contact information of the overseas recipient;
  • The purpose and method of the processing;
  • The categories of personal data to be transferred; and
  • How to exercise you rights against the overseas recipient.

 

 

India

Sensitive Personal Data

Sensitive personal data and information shall be considered as a subset of the personal data set out under this Statement and shall include (i) password; (ii) financial information (such as bank account or credit card or debit card or other payment instrument details); (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) biometric information; (vii) any detail relating to the aforesaid classes of information as provided to us for providing service; and (viii) any of the information received under each of the aforesaid classes of information by us for processing, to be stored or processed under a lawful contract.

 

Grievance Officer

We have designated the Data Protection Officer for redressing your grievances at the earliest, but within one month from the date of receipt of the grievance.

 

Transfers

We may transfer your personal data under this Statement to any third party within or outside India that ensures the same level of data protection as adhered to by us, provided that it is either necessary for the performance of a lawful contract between you and us, or where we have obtained your express consent.

 

 

Mexico

If you use our products or services within or from Mexico, the following sections should be applicable and supersede any conflicting sections in the Statement. This Statement complies with the Ley Federal de Datos Personales en Posesión de los Particulares, and its regulation (the “Mexican Law”).

 

Your rights and your personal data

In addition to the rights listed in the “Your rights and your personal data” section of this Statement, you have additional rights as stated as follows:

  • ARCO rights - access, rectification, cancellation and opposition - in accordance with the Mexican Law:
    • Access: the right that all users have to access their own personal data.
    • Rectify: the right that all users have to request a change in their personal data that might be wrong or incomplete.
    • Cancel: the right that all users have to request the cancelation (elimination) of their personal data when they consider that such data is not being treated in accordance with this Statement and Mexican Law.
    • Oppose: the right that all users have to oppose to the treatment of their personal data for purposes that are not required for the fulfillment of their relation with the Company, as explained in this Statement.
  • The right to limit the use or disclosure of your personal data for the purpose by using the channels set forth in the “Whom should I contact?” section of this Statement.

 

Privacy of data subjects under the age of 18

Our products and services are not targeted to persons under the age of 18. We do not knowingly collect or process personal data from persons under the age of 18.

 

Whom should I contact?

In case of disagreements relating to our processing of your personal data, you can submit a request for mediation or other administrative action to the Instituto Nacional de Transparencia Acceso a la Información y Protección de Datos Personales (INAI) (www.inai.org.mx).

 

 

Singapore

If you use our products or services within or from Singapore:

 

  • In addition to the rights listed in the “Your rights and your personal data” section of this Statement, you have the right to bring a private action in Singapore courts.
  • Your personal data will be shared with third parties only with your consent or if the Company is legally permitted or required to do so. You will only have the opportunity to choose for us not to share your data if the legal basis on which your data is shared is consent.
  • You may have the choice to allow us to collect and process your data, where such collection and processing of your personal data is done pursuant to your consent as opposed to requirement or based on some other lawful basis, for instance, legitimate interests or contractual necessity. We may be unable to provide you with certain services without the data necessary for such services or purposes.

 

 

South Korea

Please see our Privacy Policy for Korean Residents, which is made pursuant to the Personal Information Protection Act of Korea and other laws and/or regulations regarding data privacy. The Privacy Policy for Korean Residents constitutes part of the above Privacy Statement and should be read in conjunction with it. If there is any inconsistency between the Privacy Policy for Korean Residents and the above Privacy Statement, the Privacy Policy for Korean Residents shall prevail.

 

 

USA

Please see our U.S. State Privacy Rights Notice, which describes certain privacy rights available under U.S. state privacy laws and how to exercise those privacy rights. The U.S. State Privacy Rights Notice serves as our Notice at Collection under the California Consumer Privacy Act.

 

 

Vietnam

If you use our products or services within or from Vietnam, in addition to the rights listed in the “Your rights and your personal data” section of this Statement, you have the following rights with respect to your personal data:

 

  • The right to be informed;
  • The right to give consent;
  • The right to claim damages; and
  • The right to self-protection.

 

In accordance with applicable Vietnamese laws, you also have obligations as a data subject, notably the obligation to protect your personal data and the personal data of others; the obligation to help disseminate personal data protection skills; the obligation to comply with the personal data protection regulations; and the obligation to provide accurate data when you consent to provide your personal data.

 

We will process your personal data from the moment it is collected, in accordance with the “When are your personal data collected?” section of this Statement and will continue to process your personal data until it is deleted, as described in the “How long do we keep your personal data?” and “How do we destroy your personal data?” sections of this Statement.