3. Management
3.1 The purpose (“Purpose”) for collecting, storing, using, processing or any other necessary action made to the Personal Data (collectively referred to as “Processing” or “Process”) are:
(a) For UMC’s personnel administration, including but not limited to employment, resignation, outside or internal training, performance appraisal, reward or punishment, business trip, attendance, compensation matters and taxes withholding, health management and promotion, insurance matters (labor insurance, health insurance and group insurance), employee benefits, legal compliance, requirements ordered by governmental authority or judiciary, application for the ISO certification or any other appraisals, application for intellectual property rights and so forth.
(b) For information security and access control, especially for person identification control at particular restricted area in UMC, including but not limited to clean room, laboratory and other important entrances, which will be announced depending on actual needs.
(c) For work safety control, specifically the Process of Personal Data for safety management at specific working area in UMC
(d) For providing products and services, including but not limited to entering into contract between UMC and other party, negotiating over agreement with other party, or contact others for any matters relating to products and services.
(e) For UMC's business and operations, including but not limited to entering into contract between UMC and other party, negotiating over agreement with other party, contacting others for any matters relating to products and services, or operating and managing UMC's products and services.
(f) For communication and marketing, including but not limited to providing others with MyUMC system and processes, updating other company’s information, delivering UMC’s policy to other party, communicating or interaction with other party, or maintaining and updating contact information of others party.
(g) For the purpose of system management, including but not limited to the management and operation of UMC's communication system, information system and security system, and the audits (including security checks) and monitor thereto.
(h) For the management of UMC’s suppliers, including but not limited to managing supplier management systems, such as MyUMC.
(i) For obtaining feedback to UMC's products or services from other party.
(j) For maintaining the physical security of UMC premises, including but not limited to the visit records, monitor recording, system login records and entry records.
(k) For fulfilling statutory obligations such as investigations, UMC may Process the Personal Data in order to cooperate with the judicial authorities for investigating fraud and any other crimes in accordance with applicable laws and regulations, and to prevent violations of UMC’s policy or criminal offences.
(l) UMC may Process the Personal Data to fulfill legal compliance applicable with laws and regulations.
(m) For improving or developing UMC's products and services.
(n) For the purpose of claiming, enforcing or defending UMC’s rights, UMC may submit, collect, or review documents, provide facts, evidence and testimony of witnesses under formal legal procedures, and Process the Personal Data, but only to the extent that the legitimate interest does not exceed others’ interests, basic rights and freedoms.
3.2 Types of Personal Data
3.2.1 General Personal Data
(a) Personal information, including but not limited to name, alias, photo, ID number, gender, date of birth, age, nationality, company name, job title, title, bank account information, military service status.
(b) Contact information: contact address, telephone number, fax number, e-mail information, etc. If you interact with the company as an employee of another company, it may contain your name, alias, photo, company phone number, and company email address.
(c) Expertise and social information: academic background, research field, language ability, other professional skills, employment record, occupation, qualification or certification, work experience, membership in participating in UMC’s campus campaign, and relationship with others or other company.
(d) The record consent provided in paper or electromagnetic form for Personal Data Processing.
(e) Information related to UMC’s website: record of login to the MyUMC system on UMC’s website and the feedback provided to UMC.
(f) Others: Whether any relatives of you is currently working or had worked in UMC, and the information of such relative, etc.
3.2.2 Special Personal Data
Except for special instance, UMC will not Process the special Personal Data for daily operation purpose. However, if UMC needs to Process certain special Personal Data for legitimate reasons, UMC will Process it in accordance with applicable laws or regulations. The special Personal Data that may be Processed by UMC are, including but not limited to, medical records, family medical history, medical examination records, criminal record, etc.
3.3 Security management of Personal Data
UMC will set the retention period for Personal Data in accordance with the Purposes of Processing. In addition, UMC will adopt appropriate technical and organizational security measures according to applicable law and regulations, as well as the industrial standard, to prevent the potential damages, lost, tampered, or unauthorized disclosed, unauthorized accessed, and unauthorized and illegally processed to Personal Data. In addition, UMC will also implement audits on privacy protection measures on regular basis to ensure that UMC’s internal protection measure are well-executed.
|