Sysfeather Technology Corporation
Products

Privacy Policy

Sysfeather Technology Co., Ltd., aims to provide our customers (hereinafter referred to as "you" or "the merchant") with a one-stop solution for website setup, traffic generation, payment processing, logistics, and other e-commerce services.

Effective Date: July 1, 2024 (Year 113 of the Republic of China calendar)

Sysfeather Technology Co., Ltd. (hereinafter referred to as "the Company") will collect, process, and use users' personal data in order to facilitate your application to become a member of the Company and to use our payment system services. To ensure the protection of your personal data, the Company has established this "Privacy Policy" (hereinafter referred to as "the Policy") in accordance with the Personal Data Protection Act, the Enforcement Rules of the Personal Data Protection Act, the Company's relevant regulations on personal data protection, and the Personal Data File Security Maintenance Management Measures set by the competent authorities. Before using the Company's products or services, please be sure to carefully read and fully understand this Policy. By using the relevant products and/or services, you confirm that you have read and agreed to this Policy. If you do not agree with any part of this Policy, please immediately stop using the products and/or services provided by the Company.

The following are key points from our Company that we kindly ask you to pay special attention to:

  1. In accordance with Article 5 of the Personal Data Protection Act, our Company collects, processes, and uses personal data while respecting the rights of the individuals concerned. We adhere to principles of honesty and integrity, ensuring that data usage does not exceed the necessary scope for the specified purposes and is legitimately and reasonably related to the purposes for which the data is collected.
  2. Our Company's collection, processing, and use of personal data must comply with the necessary scope of the specified purposes only. In accordance with Article 8 of the Personal Data Protection Act, we are required to inform you of the purposes of collection and the types of data being collected (refer to Article 1 and Article 2 of this Policy).
  3. Our Company fully understands the importance of personal data to both you and your end-users (collectively referred to as the "data subjects") and is committed to maintaining the information security of this platform. Unless otherwise required by law, our Company will only use personal data with your authorization. Please ensure that you have obtained explicit consent and authorization from your consumers, and you must guarantee that you have informed them that you are authorizing our Company to collect, process, and use their personal data on your behalf.
  4. Minors (natural persons aged seven but under eighteen with ROC nationality) must obtain written consent from their legal guardians to apply for and use this service. The legal guardian must adhere to the provisions of these terms and agree to the data usage described in Article 17. Before using the Company's products and/or services, please ensure that you meet the age requirements and additional regulations and that you have carefully read and understood the detailed information in this Policy.
  5. For your convenience and to ensure a full understanding of this Policy, please refer to the definitions of key terms provided in Article 10 of this Policy.

Article 1: Purpose of Collection

Our Company adheres to the principle of minimal collection of all personal data, meaning that non-essential personal data will not be collected. Personal data refers to the information collected, processed, and used by our Company to serve customers and consumers. The Company will only collect, process, and use personal data in compliance with relevant national personal data protection laws and regulations set by the competent authorities. All company operations and activities are guided by the highest standard of protecting and respecting the privacy rights of customers and consumers.

Article 2: Categories of Collected Data

The categories of personal data that our company may collect from data subjects may include, but are not limited to, the following:

  1. Identification Category
    1. Copies of identification documents (e.g., driver's license, health insurance card, etc.)
    2. Financial Identifiers (such as proof of financial resources, credit card-related information, bank account details, and copies thereof)
    3. Government Identifiers (such as national identification number, uniform ID number, tax identification number, passport number, etc.)
  2. Personal Characteristics Category:
    1. Personal Identifiers (such as name, age, gender, nationality, date of birth, address, phone number, email, membership registration time, IP address, browser type, web browsing history, cookies, etc.)
  3. Financial Details:
    1. Goods or Services Obtained (such as details related to goods or services, etc.)
    2. Goods or Services Provided (such as details related to goods or services, etc.)
    3. Financial Transactions (such as payment amounts, credit limits, guarantors, payment methods, transaction records, deposits, or other collateral, etc.)
    4. Compensation (such as details of claims, amounts, etc.)
    5. Foreign Exchange Transaction Records
  4. Business Information:
    1. Business Activities (such as types of business, goods or services provided or used, business contracts, etc.)
    2. Agreements or Contracts (such as those related to transactions, business, legal matters, or other contracts, agency agreements, etc.)
    3. Business-Related Licenses (such as the existence of licenses, licenses for specific business activities, etc.).
  5. Education, Examinations, Technical or Other Professional Qualifications:
    1. Membership in Professional Organizations (such as types of membership, etc.)
    2. Committee Membership (such as committee qualifications and corresponding professional expertise, etc.)
  6. Family Situation:
    1. Family Situation (such as marital status, spouse's name, etc.)
    2. Social Situation: Other social relationships (such as friends, colleagues, and other non-family relationships, etc.)
  7. Social Situation:
    1. Residence and Facilities (such as home address, etc.)
    2. Property (such as movable assets owned or with other rights, etc.)
    3. Property (such as movable assets owned or with other rights, etc.)
    4. Lifestyle (such as types of consumer goods used and details of services, etc.
    5. Membership in Charitable or Other Organizations (such as records of participation in nonprofit organizations, clubs, or other volunteer groups, etc.
    6. Occupation (such as an employee of a specific company, etc.)

Article 3: Duration, Territory, Recipients, and Methods of Personal Data Usage

  1. Duration: From the date you sign the service contract provided by our company until the date you or the company terminates the service. However, for data that is required by law or regulation to be retained, the applicable legal provisions shall prevail.
  2. Territory: The regions where the following "recipients" are located.
  3. Recipients: Our company or organizations and institutions with which our company has contractual or business relationships due to business needs (including organizations or institutions entrusted by our company to provide outsourced services); financial supervisory authorities or other legally authorized entities or financial regulatory agencies, as well as judicial authorities or other government agencies with legal jurisdiction over the aforementioned companies, organizations, or institutions.
  4. Methods
    1. Methods: Unless involving international business or activities, personal data will be provided to the regions where the aforementioned "recipients" are located and will be used within the necessary and reasonable scope of the collection purposes (as outlined in Article 1 of this Policy). The data will be utilized through automated systems or other non-automated methods in accordance with legal regulations until the aforementioned collection purposes are fulfilled.
    2. Personal data obtained through indirect collection must be carefully verified for the legality of its source. Our company will not process or use personal data for which the legality of the source has not been confirmed.
    3. During the processing and use of personal data, if it is found that the data was obtained in a manner that does not comply with the collection requirements of the Personal Data Protection Act or is being processed in a way that does not align with the specified purposes, the processing and use of that data must be immediately stopped, and the data must be deleted.

Article 4: Rights Regarding Personal Data

You may exercise the following rights in accordance with Article 3 of the Personal Data Protection Act:

  1. The right to inquire or request access to your personal data.
  2. The right to request a copy of your personal data.
  3. The right to request the supplementation or correction of your personal data.
  4. The right to request the cessation of collection, processing, or use of your personal data.
  5. The right to request the deletion of your personal data.

If you wish to exercise the aforementioned rights, please contact our online customer service or customer service hotline.

Article 5: Impact of Not Providing Personal Data

You may choose whether or not to provide your information and determine its completeness. However, certain website features, services, or activities require the information you provide or the permissions you grant to function properly. If you choose not to provide or fail to provide accurate personal information or request to stop the collection, processing, use, or deletion of your personal data, some website functionalities, services, or activities may be inaccessible. In such cases, we will be unable to process your user account or handle applications related to payment services. We apologize for any inconvenience.

Article 6: How Our Company Stores and Protects Personal Data

1. Retention Period

During the time you are using our Company's products and/or services, we will continue to retain your and your end-users personal data. Our Company is committed to storing personal data only for the minimum duration necessary to achieve the purposes for which you and your consumers have authorized its use unless required by law or by other legal orders or unless otherwise authorized by the data subjects.

If you cancel your account, actively delete the aforementioned information, or if our Company ceases operations for any reason, we will stop collecting your personal data in accordance with legal regulations and delete or anonymize the collected personal data.

2. Protection of Personal Data

Our Company places great importance on the security of your personal data. As of January 2024, we have obtained PCI-DSS certification, and we have implemented security mechanisms and industry-standard security testing measures to the fullest extent possible to protect your personal data. Specific measures include:

2.1 Data Security Technical Measures

To ensure information security, our Company strives to implement various reasonable technical security measures to protect personal data. This is to prevent the leakage, damage, or loss of your and your end-users' personal data. We also use appropriate protection mechanisms to safeguard against malicious attacks, such as unauthorized access, public disclosure, use, modification, accidental or intentional damage, or loss.

2.2 Organizational and Management Measure

In compliance with legal orders, our Company has established internal control management processes for personal data. Following the principle of minimal necessity, we assign information access permissions to personnel who may come into contact with your and your end-users personal data, and we control the scope of knowledge regarding personal data.

2.3 Data Security Contractual Assurance

Before indirectly collecting your personal data from third parties, our Company typically requires in writing that the third party has obtained your explicit consent before collecting and processing your and your consumers' personal data. We also require third parties to provide written assurances regarding the legality and compliance of the personal data sources. In case of any violations by the third party, our Company will clearly require the party to bear the corresponding legal responsibilities.

2.4 Handling of Security Incidents

In the unfortunate event of a personal data security incident, our Company will immediately activate an emergency response plan. We will take remedial measures, record the details of the incident, and report the situation promptly in accordance with the Personal Data Protection Act, relevant regulations, and our Company's personal data protection policies.

If the incident may cause significant harm to your and/or your consumers' legal rights, such as the leakage of personal data, we will inform you of the basic circumstances of the security incident and its potential impact. We will also provide information on the actions we have taken or will take to address the issue, offer recommendations on how you can mitigate risks, provide the remedial measures we will offer, and share our contact information. We will notify you of this information in a timely manner via email, phone, or push notification. If individual notification is not feasible, we will issue a reasonable and effective public announcement.

3. Personal Data Security Reminder

Please be aware and understand that the internet is not an absolutely secure environment. We strongly recommend that you use secure methods, choose complex passwords, and properly manage sensitive information to help us ensure the security of your account.

If you discover that your personal data has been compromised, especially if your account or password has been leaked, please immediately contact us using the contact information provided in this policy so that we can take the necessary steps to protect your information.

Article 7: Updates and Notifications of This Policy

To ensure the continued appropriateness, relevance, and effectiveness of this privacy policy, our Company will amend its terms as necessary. If any such amendments result in changes to your rights under this policy, or if there are any modifications, additions, or deletions to the terms, a notice will be posted prominently on the service website. If a user does not raise an objection within seven days, it will be assumed that they have accepted the modifications or additions.

If you have objections to the modifications or updates to this policy, or if you disagree with it, you may choose to stop using the Company's products and/or services or cancel your account. However, please be aware that your actions and activities before account cancellation or ceasing use of the platform are still subject to this policy.

In cases of significant and substantial changes, the Company may notify you in a more prominent manner, depending on the situation. Significant and substantial changes include, but are not limited to, the following circumstances:

  1. Major changes in the Company's service model, such as changes in the purpose of processing personal data, the types of personal data processed, or how personal data is used.
  2. Significant changes in your rights to participate in the processing of personal data and how you can exercise those rights.
  3. Significant changes in the Company's ownership structure or organizational structure.
  4. Changes in the main recipients of shared, transferred, or publicly disclosed personal data.
  5. Changes in the department responsible for personal data security, contact information, or complaint channels.
  6. When a personal data security impact assessment report indicates high risks.
  7. Other matters as stipulated by the competent authorities.

Article 8: Governing Law and Jurisdiction

  1. This policy shall be governed by and interpreted in accordance with the laws of the Republic of China (Taiwan)
  2. Any disputes arising under this policy shall first be resolved through good-faith negotiation between you and the company. If the dispute cannot be resolved within 14 days and legal action is required, both parties agree that the Taipei District Court in Taiwan shall be the court of first instance.

Article 9: How to Contact Us

If you have any questions, comments, or suggestions regarding this policy, you may contact us via [email protected].

Article 10: Definitions of Key Terms

  1. You: Refers to the company's customers, including our seller users, their employees, and/or any other personnel authorized to operate on this platform.
  2. Personal Data: Refers to all types of information, recorded in paper, electronic, or other forms, that can identify a specific individual, either alone or in combination with other information, or reflect the activities of a specific individual. Personal data in this policy may include name, date of birth, identification number, personal biometric information, address, email, communication and contact details, communication records and content, passwords, property information, transaction information, etc. (refer to Article 2 of this policy).
  3. Special Personal Data: In principle, the company does not collect special personal data. However, under certain circumstances, the company may collect and process information related to your criminal record.
  4. De-identification: Refers to the technical processing of personal data to render it unidentifiable, either directly or indirectly, to a specific individual.
  5. Deletion: Refers to the removal of data from the system used in routine business operations, making it unretrievable or inaccessible.