We use cookies to improve your experience. By your continued use of this site you accept such use. To change your settings please see our Privacy Policy .
I Understand
Privacy Protection Procedure for UMC Websites

1. Purpose

The purpose of this "Privacy Protection Procedure (hereinafter referred to as "Procedure")" is to protect the personal privacy and personal information obtained by UMC (hereinafter referred to as "Personal Data") from outflows, abuse, theft and other incidents that would result in damages to your Personal Data. In addition, this Procedure also serves to ensure UMC’s compliance of applicable laws and regulations relating to the protection of privacy, which would lead to disputes or litigations.

2. Scope

This Procedure is applicable to individuals, inside and outside UMC, including but not limited to customers, visitors to UMC's website, users of the UMC's products or services, employees of the UMC's customers, vendors or contractors, applicants of UMC, visitors to UMC’s premises.

3. Management

3.1 The purpose (“Purpose”) for collecting, storing, using, processing or any other necessary action made to the Personal Data (collectively referred to as “Processing” or “Process”) are:


(a) For UMC’s personnel administration, including but not limited to employment, resignation, outside or internal training, performance appraisal, reward or punishment, business trip, attendance, compensation matters and taxes withholding, health management and promotion, insurance matters (labor insurance, health insurance and group insurance), employee benefits, legal compliance, requirements ordered by governmental authority or judiciary, application for the ISO certification or any other appraisals, application for intellectual property rights and so forth.


(b) For information security and access control, especially for person identification control at particular restricted area in UMC, including but not limited to clean room, laboratory and other important entrances, which will be announced depending on actual needs.


(c) For work safety control, specifically the Process of Personal Data for safety management at specific working area in UMC


(d) For providing products and services, including but not limited to entering into contract between UMC and other party, negotiating over agreement with other party, or contact others for any matters relating to products and services.


(e) For UMC's business and operations, including but not limited to entering into contract between UMC and other party, negotiating over agreement with other party, contacting others for any matters relating to products and services, or operating and managing UMC's products and services.


(f) For communication and marketing, including but not limited to providing others with MyUMC system and processes, updating other company’s information, delivering UMC’s policy to other party, communicating or interaction with other party, or maintaining and updating contact information of others party.


(g) For the purpose of system management, including but not limited to the management and operation of UMC's communication system, information system and security system, and the audits (including security checks) and monitor thereto.


(h) For the management of UMC’s suppliers, including but not limited to managing supplier management systems, such as MyUMC.


(i) For obtaining feedback to UMC's products or services from other party.


(j) For maintaining the physical security of UMC premises, including but not limited to the visit records, monitor recording, system login records and entry records.


(k) For fulfilling statutory obligations such as investigations, UMC may Process the Personal Data in order to cooperate with the judicial authorities for investigating fraud and any other crimes in accordance with applicable laws and regulations, and to prevent violations of UMC’s policy or criminal offences.


(l) UMC may Process the Personal Data to fulfill legal compliance applicable with laws and regulations.


(m) For improving or developing UMC's products and services.


(n) For the purpose of claiming, enforcing or defending UMC’s rights, UMC may submit, collect, or review documents, provide facts, evidence and testimony of witnesses under formal legal procedures, and Process the Personal Data, but only to the extent that the legitimate interest does not exceed others’ interests, basic rights and freedoms.


3.2 Types of Personal Data


3.2.1 General Personal Data


(a) Personal information, including but not limited to name, alias, photo, ID number, gender, date of birth, age, nationality, company name, job title, title, bank account information, military service status.


(b) Contact information: contact address, telephone number, fax number, e-mail information, etc. If you interact with the company as an employee of another company, it may contain your name, alias, photo, company phone number, and company email address.


(c) Expertise and social information: academic background, research field, language ability, other professional skills, employment record, occupation, qualification or certification, work experience, membership in participating in UMC’s campus campaign, and relationship with others or other company.


(d) The record consent provided in paper or electromagnetic form for Personal Data Processing.


(e) Information related to UMC’s website: record of login to the MyUMC system on UMC’s website and the feedback provided to UMC.


(f) Others: Whether any relatives of you is currently working or had worked in UMC, and the information of such relative, etc.


3.2.2 Special Personal Data


Except for special instance, UMC will not Process the special Personal Data for daily operation purpose. However, if UMC needs to Process certain special Personal Data for legitimate reasons, UMC will Process it in accordance with applicable laws or regulations. The special Personal Data that may be Processed by UMC are, including but not limited to, medical records, family medical history, medical examination records, criminal record, etc.


3.3 Security management of Personal Data


UMC will set the retention period for Personal Data in accordance with the Purposes of Processing. In addition, UMC will adopt appropriate technical and organizational security measures according to applicable law and regulations, as well as the industrial standard, to prevent the potential damages, lost, tampered, or unauthorized disclosed, unauthorized accessed, and unauthorized and illegally processed to Personal Data. In addition, UMC will also implement audits on privacy protection measures on regular basis to ensure that UMC’s internal protection measure are well-executed.

4. Privacy Breach Handling Procedure

4.1 Investigations and contingency procedures


Upon discovery of privacy breach, UMC will conduct relevant investigations. For instance, UMC will check where the Personal Data may be stored or Processed, investigate the affected Personal Data, assess the losses incurred from such breach, document investigation results and review subsequent improvement plans, in order to lower the risk of privacy breach and to prevent similar incident from happening again.

In addition, UMC will evaluate if it is necessary to make notifications to competent supervisory authority on a case-by-case basis.


4.2 Disciplinary measures


UMC may impose disciplinary measures, including but not limited to imposing black marks or demerits, on those who violate the Procedure in accordance with the "The Award and Penalty Measure." If an employee abuses others’ Personal Data, without obtaining approval of his/her supervisor nor within the scope of his/her duties, UMC may terminate the employment with such employee without prior notice in accordance with Article 12, paragraph 4 of the Labor Standards Act.

UMC may also file civil claims and/or criminal charges against employees who violate the Procedure and seek for provisional remedies, such as provisional attachment, provisional injunction or confidentiality preservation orders.

5. Competent authority

5.1 Please contact Global Compliance Division (GC) for consultations related to privacy policy.


5.2 The Process and relevant protection measures of Personal Data shall be handled by the Human Resources Division (HR), Information Technology Division (IT), Operations Support Division (OS), Corporate Security Division (COS) and other divisions.

6. Reference

001-103-030 (Personal Information Protection Management Measure)
001-103-028 (The Award and Penalty Measure)