Sunnet Technology Privacy and Information Security Policy

Personal Data Protection Statement

Welcome to the official website of Sunnet Technology Co., Ltd. (hereinafter referred to as “this website”). To ensure that you can safely use the services and information provided by this website, we hereby explain our personal data protection policy to safeguard your rights. Please read the following carefully:

1. Scope of Application

This personal data protection statement applies to the collection, processing, and use of personal identifiable information when you use the services of this website. It does not apply to linked websites outside of this website, nor to personnel not commissioned or involved in the management of this website.

2. Collection, Processing, and Use of Personal Data

When you visit this website or use its functional services, we may request that you provide basic personal and contact information based on the nature of the service. When participating in activities held by the company, the information you provide is used to confirm your eligibility to participate or use the service.
By providing your personal information to this website or its affiliated websites, you agree that Sunnet may collect, process, use, and transfer such information internationally for the following purposes:

  1. To provide services through the website;
  2. For marketing of Sunnet’s products and services;
  3. For related online behavior analysis, market research, or statistical purposes;
  4. If activities are jointly organized with partners, both Sunnet and the partners may use your data for the event or subsequent marketing purposes;
  5. The company may send marketing or event-related information to you via email. If you do not wish to receive such messages, you can unsubscribe by notifying us.

3. Rights to Modify or Delete Personal Data

  1. To ensure the accuracy of your personal data, you may modify or update your information on the website at any time. You may also choose whether to subscribe to newsletters or make your personal profile public.
  2. If you cease using our services and believe there is no need for us to retain your personal data, you may request in writing to delete your account or other personal information.

4. Exceptions

Apart from information you voluntarily provide, you may also disclose personal data (e.g., email, name) when using certain site features. Please be aware that malicious actors may collect such publicly disclosed information. This type of voluntary disclosure is not considered collected or used by Sunnet and is not covered by this privacy policy.

5. Sharing of Personal Data with Third Parties

We will not share your personal data with third parties without your consent, except in the following circumstances:

  1. Sending marketing information from our partners;
  2. Activities you participate in that are jointly organized with our partners;
  3. When providing products, gifts, or services related to your participation or use of our services, we may share necessary personal data with contractors to fulfill the service.

6. Exceptions to Disclosure Restrictions

We will not disclose your legally protected personal data to third parties without your consent, except under the following conditions:

  1. When required by law;
  2. When requested by judicial or other authorities through legal procedures;
  3. To protect the rights and property of the company;
  4. In emergencies, to protect the personal safety of other members or third parties.

7. Use of Cookies

When you log in to this website and its affiliated sites, we may place cookies (small data files stored on your computer via your browser) to record your IP address and usage behavior. You may configure your browser settings to manage cookies. Disabling cookies may prevent the use of certain services.

8. Changes to the Privacy Policy

This privacy policy may be revised from time to time due to technological developments, legal changes, or other factors. Please check the website for the most updated version.
For any questions, feel free to contact us at: sales@mail.elearn.com.tw

Information Security Policy

Our company’s information security objective is to ensure the confidentiality, integrity, and availability of our critical and core systems. We define and measure security performance indicators based on organizational roles and responsibilities to evaluate the effectiveness of our information security management system (ISMS).
To fulfill our mission and meet top management’s expectations for information security, we establish the following policies to protect our information assets:

  1. Ensure the confidentiality of business information to prevent data leaks or loss, including personal data.
  2. Ensure the integrity and availability of business information for accurate operation and service delivery.

To effectively implement our ISMS, we have established an Information Security Committee responsible for planning and promoting security initiatives. Its structure is detailed in our Information Security Manual and Procedures for Information Security Organization and Management Review.

Key Security Controls

  • Human Resources Security:
     To mitigate human-related risks, we conduct appropriate information security education, training, and awareness programs.
  • Asset Management:
     We maintain an asset inventory, and implement classification, grading, and control measures to safeguard our information assets.
  • Access Control:
    • User account and password policies (creation, change, deletion, regular review), along with clean desk and screen measures.
    • Network segmentation and controls for remote work and mobile device usage to ensure network security.
  • Password Management:
     Strong and effective password policies are implemented to ensure confidentiality, authentication, and data integrity.
  • Physical and Environmental Security:
     We enforce access control to data centers, conduct equipment inspections, and manage the use and disposal of office IT equipment.
  • Operations and Communications Security:
    • Define proper information usage standards to prevent data leaks and protect against malicious or portable code.
    • Backup policies for processing facilities and controls on external service providers to ensure data availability and integrity.
    • Implement network security controls and monitoring of system usage.
  • System Acquisition, Development, and Maintenance:
     We establish standardized procedures to manage application development, testing, acceptance, deployment, maintenance, and outsourcing.
  • Supplier Relationships:
     Controls are in place to ensure supplier compliance when accessing or managing company data and processing facilities.
  • Information Security Incident Management:
     We have established procedures for reporting, handling, and documenting security incidents to minimize impact.
  • Business Continuity Management:
     We maintain information security controls for business continuity, establish workflows, and create and implement operational continuity plans.
  • Compliance:
     We ensure that our ISMS complies with laws, security policies, and the latest technology trends through defined compliance confirmation measures.

Violations of information security policies by employees are subject to disciplinary actions in accordance with internal procedures.
This policy is reviewed at least annually by the head of the Information Security Organization to ensure its relevance and effectiveness in line with legal, technical, and business developments.
Matters not covered in this policy shall be handled in accordance with applicable laws and the company’s internal regulations.
This policy becomes effective upon approval by the Chief Information Security Officer and will follow the same procedure for revisions.

Scroll to Top
Scroll to Top