Privacy Protection Procedure for UMC Websites

1. Purpose

The purpose of this "Privacy Protection Procedure (hereinafter referred to as "Procedure")" is to protect the personal privacy and personal information obtained by UMC (hereinafter referred to as "Personal Data") from outflows, abuse, theft and other incidents that would result in damages to your Personal Data. In addition, this Procedure also serves to ensure UMC’s compliance of applicable laws and regulations relating to the protection of privacy, which would lead to disputes or litigations.

2. Scope

This Procedure is applicable to individuals, inside and outside UMC, including but not limited to customers, visitors to UMC's website, users of the UMC's products or services, employees of the UMC's customers, vendors or contractors, applicants of UMC, visitors to UMC’s premises.

3. Management

3.1 The purpose (“Purpose”) for collecting, storing, using, processing or any other necessary action made to the Personal Data (collectively referred to as “Processing” or “Process”) are:


(a) For UMC’s personnel administration, including but not limited to employment, resignation, outside or internal training, performance appraisal, reward or punishment, business trip, attendance, compensation matters and taxes withholding, health management and promotion, insurance matters (labor insurance, health insurance and group insurance), employee benefits, legal compliance, requirements ordered by governmental authority or judiciary, application for the ISO certification or any other appraisals, application for intellectual property rights and so forth.


(b) For information security and access control, especially for person identification control at particular restricted area in UMC, including but not limited to clean room, laboratory and other important entrances, which will be announced depending on actual needs.


(c) For work safety control, specifically the Process of Personal Data for safety management at specific working area in UMC


(d) For providing products and services, including but not limited to entering into contract between UMC and other party, negotiating over agreement with other party, or contact others for any matters relating to products and services.


(e) For UMC's business and operations, including but not limited to entering into contract between UMC and other party, negotiating over agreement with other party, contacting others for any matters relating to products and services, or operating and managing UMC's products and services.


(f) For communication and marketing, including but not limited to providing others with MyUMC system and processes, updating other company’s information, delivering UMC’s policy to other party, communicating or interaction with other party, or maintaining and updating contact information of others party.


(g) For the purpose of system management, including but not limited to the management and operation of UMC's communication system, information system and security system, and the audits (including security checks) and monitor thereto.


(h) For the management of UMC’s suppliers, including but not limited to managing supplier management systems, such as MyUMC.


(i) For obtaining feedback to UMC's products or services from other party.


(j) For maintaining the physical security of UMC premises, including but not limited to the visit records, monitor recording, system login records and entry records.


(k) For fulfilling statutory obligations such as investigations, UMC may Process the Personal Data in order to cooperate with the judicial authorities for investigating fraud and any other crimes in accordance with applicable laws and regulations, and to prevent violations of UMC’s policy or criminal offences.


(l) UMC may Process the Personal Data to fulfill legal compliance applicable with laws and regulations.


(m) For improving or developing UMC's products and services.


(n) For the purpose of claiming, enforcing or defending UMC’s rights, UMC may submit, collect, or review documents, provide facts, evidence and testimony of witnesses under formal legal procedures, and Process the Personal Data, but only to the extent that the legitimate interest does not exceed others’ interests, basic rights and freedoms.


3.2 Types of Personal Data


3.2.1 General Personal Data


(a) Personal information, including but not limited to name, alias, photo, ID number, gender, date of birth, age, nationality, company name, job title, title, bank account information, military service status.


(b) Contact information: contact address, telephone number, fax number, e-mail information, etc. If you interact with the company as an employee of another company, it may contain your name, alias, photo, company phone number, and company email address.


(c) Expertise and social information: academic background, research field, language ability, other professional skills, employment record, occupation, qualification or certification, work experience, membership in participating in UMC’s campus campaign, and relationship with others or other company.


(d) The record consent provided in paper or electromagnetic form for Personal Data Processing.


(e) Information related to UMC’s website: record of login to the MyUMC system on UMC’s website and the feedback provided to UMC.


(f) Others: Whether any relatives of you is currently working or had worked in UMC, and the information of such relative, etc.


3.2.2 Special Personal Data


Except for special instance, UMC will not Process the special Personal Data for daily operation purpose. However, if UMC needs to Process certain special Personal Data for legitimate reasons, UMC will Process it in accordance with applicable laws or regulations. The special Personal Data that may be Processed by UMC are, including but not limited to, medical records, family medical history, medical examination records, criminal record, etc.


3.3 Security management of Personal Data


UMC will set the retention period for Personal Data in accordance with the Purposes of Processing. In addition, UMC will adopt appropriate technical and organizational security measures according to applicable law and regulations, as well as the industrial standard, to prevent the potential damages, lost, tampered, or unauthorized disclosed, unauthorized accessed, and unauthorized and illegally processed to Personal Data. In addition, UMC will also implement audits on privacy protection measures on regular basis to ensure that UMC’s internal protection measure are well-executed.

4. Privacy Breach Handling Procedure

4.1 Investigations and contingency procedures


Upon discovery of privacy breach, UMC will conduct relevant investigations. For instance, UMC will check where the Personal Data may be stored or Processed, investigate the affected Personal Data, assess the losses incurred from such breach, document investigation results and review subsequent improvement plans, in order to lower the risk of privacy breach and to prevent similar incident from happening again.

In addition, UMC will evaluate if it is necessary to make notifications to competent supervisory authority on a case-by-case basis.


4.2 Disciplinary measures


UMC may impose disciplinary measures, including but not limited to imposing black marks or demerits, on those who violate the Procedure in accordance with the "The Award and Penalty Measure." If an employee abuses others’ Personal Data, without obtaining approval of his/her supervisor nor within the scope of his/her duties, UMC may terminate the employment with such employee without prior notice in accordance with Article 12, paragraph 4 of the Labor Standards Act.

UMC may also file civil claims and/or criminal charges against employees who violate the Procedure and seek for provisional remedies, such as provisional attachment, provisional injunction or confidentiality preservation orders.

5. Competent authority

5.1 Please contact Global Compliance Division (GC) for consultations related to privacy policy.


5.2 The Process and relevant protection measures of Personal Data shall be handled by the Human Resources Division (HR), Information Technology Division (IT), Operations Support Division (OS), Corporate Security Division (COS) and other divisions.

6. Reference

001-103-030 (Personal Information Protection Management Measure)
001-103-028 (The Award and Penalty Measure)

We value your privacy
Our website uses cookies to enhance user experience and functionality, and to analyze how this site is used in order to make future improvements. Select “Allow All Cookies” to continue, or go to “Manage Cookies” to set your preferences.
Allow All Cookies
Manage Cookies
We value your privacy
For the best user experience, select "Allow All" to consent to the use of all cookies. You can also choose to disable performance & functional cookies below. For more detail about the type of cookies used by UMC and third parties on this website, please refer to our Cookie Policy .
Allow All
Manage Consent Preferences
  • Essential Cookies
    Always Active
    These cookies are essential in order to enable you to move around the website and use its features, such as setting your privacy preferences, logging in or filling in forms. Without these cookies, services requested through usage of our website cannot be properly provided. Essential cookies do not require consent from the user under applicable law. You may configure your web browser to block strictly necessary cookies, but you might then not be able to use the website’s functionalities as intended.
  • Functionality & Performance Cookies
    These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and how visitors move around the site. They help us to improve the user friendliness of a website and therefore enhance the user's experience.