1.INTRODUCTION

1.1Who We Are. PERSOLKELLY Taiwan (Intelligence Taiwan Co., Ltd.) (the “Company”, “we”, “us”, “our”) respects your privacy and we acknowledge that you have certain rights related to any personal data we collect from you and we have certain obligations in respect of the same. The Company supports the various international and local privacy laws, and has procedures in place to meet the requirements of those laws.
1.2Content of this Privacy Policy. This privacy policy (“Privacy Policy”) discloses our privacy principles and/or our practices for gathering, collecting, storing, using and/or disclosing your personal data. We encourage you to review this Privacy Policy so that you may understand how we may collect, use, disclose, process and share your personal data.
1.3Definition of Personal Data. For the avoidance of doubt, “personal data” means data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.

2.INFORMATION WE COLLECT, USE OR DISCLOSE

2.1 Our Services. In order for us to provide our services and for the operation of our business, provide services of recruiting and placing individuals for potential work assignments (and related services) with our customers and/or directly at the Company, act as employer or hirer of record for individuals employed or engaged by the Company, or provide human resources related services to our customers, we must collect certain personal data from and about individuals who are candidates, employees, contractors, and former employees.
2.2Types of Personal Data Collected. The types of personal data collected, used, processed, disclosed and stored by us depends on the circumstances and/or the purposes for which we may need to process your personal data. Hence, subject to the aforesaid, such personal data may include:

• Name;
• Contact information (address, phone number, e-mail address);
• Passport or identification details;
• Employee identification number;
• Date of birth;
• Contents of any other identification provided to the Company for application or employment purposes;
• Education and employment history;
• Work-related skills and experience;
• Professional credentials or licenses;
• Membership in professional organizations;
• Any other information contained on an individual’s Curriculum Vitae (CV);
• Citizenship and work authorization status;
• Disability and health-related information;
• Next-of-kin or emergency contact information;
• Information from and related to publicly published profiles you’ve created on job-related social media platforms and job boards (such as LinkedIn, Monster, or Indeed);
• Information provided by references; and
• Information regarding your career interests, preferences, and qualifications.

2.3 Sensitive Personal Data. In addition, under certain circumstances and consistent with prevailing laws, we may request types of personal data that are viewed by some regions as “sensitive”:

• National identification, tax identification, passport number or social security number(s);
• Financial or bank account information;
• Results of drug, criminal, and/or background screenings;
• Benefits selections, potentially including health insurance and retirement planning information;
• Biometric data;
• Information contained within your personnel file with the Company, such as performance reviews, disciplinary action, and other payroll related information; and
• Health information, including that related to a work-related claim (e.g. workers’ compensation claim).

2.4 Information Provided for Equal Employment Opportunities Requirements. In some jurisdictions, in order to comply with statutes, rules, and regulations pertaining to equal employment opportunities or to assist the Company or its related corporations in compiling data for its equal opportunities practices and reporting, we may also ask you to provide gender, race/ethnicity or disability information. The provision of this type of information will be voluntary, unless it is required by law, and failure to provide this information will not hinder your employment or project opportunities.

2.5 Other Information. Your interactions with our websites and mobile applications may also result in the collection, processing, and storage of the following types of information from you:

• Geolocation data; and/or
• Other information you may provide to us, such as through surveys, interactions with our Social Media, or other mediums used to contact the Company.

2.6 Third-Party Authentication Tools. Some of our websites require you to provide your personal data, such as when you create a profile and log-in credentials. Instead of having to type in your personal data, some of these functionalities may allow you to use third-party authentication tools such as Facebook, X, and Google to populate certain fields. By authenticating through one of the social media options, you allow us to receive your personal data and other information that is accessible through these tools. This information may be incorporated into your profile. For any such tool you choose to use, we encourage you to also review the tool provider’s privacy policy and any terms and conditions.

2.7 Use for Social Media Feeds. We may use your personal data to permit you to participate in live social media feeds. If you choose to participate, your public username may be displayed on the sites along with your post, including, but not limited to, comments, images, and video.
2.8Third-Party Social Media Functionality. We may provide you with access to third-party functionality that allows you to post content to your social media account(s). Any information that you provide to your social media account(s) through use of such third-party functionality is governed by the applicable third party's privacy policy, and not by this Privacy Policy. For the avoidance of doubt, we are not responsible for any personal data that you provide to such third party.

2.9 Limitation on Required Personal Data for Service Requests. The amount of personal data you are required to supply when requesting our services will be limited to that which is relevant to and reasonable for the supply of such services or for the applicable Purposes (as specified below) for which such personal data is being collected.

3.THE PURPOSES FOR WHICH WE COLLECT, USE AND DISCLOSE YOUR PERSONAL DATA

3.1 Purposes of Collection, Processing and Use. We will/may collect, process, and/or use your personal data for one or more of the following purposes:
(a)administering, processing and/or dealing with any transactions between you and the Company and/or any of its related corporations including but not limited to any application by you for employment or work with the Company;
(b)recruiting, assessing and/or matching you with/for potential positions or assignments with third party organisations (or our customers), and/or dealing with matters related thereto such as offering you a placement of work or job with such third party organisations (or our customers) or referring you for employment to a third party organisation (or our customer);
(c)administering, managing and/or dealing with the provision of work or job placement services to you. This includes us sharing your personal data with our customers or third party organisations for your potential placement or employment opportunities with those customers/third party organisations who are seeking employees or workers, or to the organisation to which you have been assigned to work;
(d)carrying out your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf;
(e)administering, facilitating, processing and/or dealing in any matters relating to your use of any of the Company’s or its related corporations’ websites, any functionalities on the websites or any transactions or activities carried out by you on or through any of the Company’s or its related corporations’ websites, such as but not limited to live social media feeds;
(f)monitoring, processing and/or tracking your use of any of the Company’s or its related corporations’ websites in order to provide you with a seamless experience, facilitating or administering your use of any of the Company’s or its related corporations’ websites, and/or to assist us in improving your experience in using any of the Company’s or its related corporations’ websites;
(g)contacting you or communicating with you via phone/voice call, text message and/or fax message, email and/or postal mail for the purposes of administering your use of any of the Company’s or its related corporations’ website or any transactions you have with us, or for the provision of our services to you. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages;
(h)carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations applicable to us (whether Taiwan or non-Taiwan), the requirements or guidelines of governmental authorities which we determine are applicable to us (whether Taiwan or non-Taiwan), and/or our risk management procedures that may be required by law (whether Taiwan or non-Taiwan) or that may have been put in place by us;
(i)to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with conflict of interests; or dealing with and/or investigating complaints;
(j)creating reports with respect to our transactions with you, and/or producing statistics and research of such transactions for internal and/or statutory reporting and/or record-keeping requirements for us or our related corporation(s);
(k)complying with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to us or our related corporations, including meeting the requirements to make disclosure under the requirements of any law binding on us or our related corporations, and/or for the purposes of any guidelines issued by regulatory or other authorities (whether of Taiwan or a non-Taiwan region), with which we or our related corporations are expected to comply;
(l)complying with or as required by any request or direction of any governmental authority (whether Taiwan or non-Taiwan) which we are expected to comply with; or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that we may/will disclose your personal data to the aforementioned parties upon their legitimate request or direction;
(m)storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Taiwan;
(n)facilitating, dealing with and/or administering external audit(s) or internal audit(s) of the business of the Company and/or its related corporations;
(o)for marketing, if you have separately indicated that you consent to such purpose. If so, we may/will send you by email, postal mail or other modes of communication marketing and promotional information and materials relating to products and/or services (including products and/or services of third party organisations whom the Company may collaborate or tie up with) that the Company or its related corporations may be selling, marketing or promoting, whether such products or services exist now or are created in the future. In the case of the sending of marketing and promotional information and materials to you by voice call, SMS/MMS or fax to your Taiwan telephone number, we will not do so unless we have complied with the requirements of Taiwan Personal Data Protection Act (“PDPA”) in relation to use of those modes of communication to send you such marketing information or materials or where you have expressly consented to such mode of communication. Each notification will provide you with instructions on how to opt out of receiving marketing or promotional information. Upon receipt your opt-out for certain marketing communications, we will cease using your contact information for such marketing communications;
(p)dealing with and/or facilitating a business asset transaction or a potential business asset transaction, where such transaction involves the Company as a participant, and there may be other third party organisations who are participants in such transaction. The term “business asset transaction” means the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation,

(the purposes set out above shall be collectively referred to as the “Purposes”).

3.2 Sources of Personal Data. Your personal data may be collected directly from you, through information voluntarily disclosed by you in public domain, from legal and open sources, or from third parties by references provided by you or through third-party authentication tools such as Facebook, and Google.

3.3 Data Sharing with Third Parties. The Company may/will need to disclose your personal data to third parties, whether located within or outside Taiwan, for one or more of the above Purposes applicable, as such third parties, would be processing and/or using your personal data for one or more of the above Purposes. In this regard, you hereby acknowledge, agree and consent that we may/are permitted to disclose your personal data to such third parties (whether located within or outside Taiwan) for one or more of the above Purposes and for the said third parties to subsequently collect, use, disclose and/or process your personal data for one or more of the above Purposes. Without limiting the generality of the foregoing or of the immediately preceding paragraph setting out the Purposes, such third parties include:
(a)our associated or affiliated organisations or related corporations
(b)any of our agents, contractors or third party service providers that process or will be processing and/or using your personal data on our behalf including but not limited to those which provide administrative or other services to us such as mailing houses, telecommunication companies, information technology companies and data centres;
(c)our customers or third party organisations, who may be your potential employers or hirers or organisations which engage you for your services; and
(d)third parties to whom disclosure by the Company is for one or more of the Purposes and such third parties would in turn be collecting, processing and/or using your personal data for one or more of the Purposes.

3.4 Individual Consent. Your consent pursuant to this Privacy Policy is additional to and does not supersede any other consents that you had provided to the Company with regard to processing of your personal data.

3.5 Anonymized Data. To the extent consistent with applicable laws, data that has been anonymized does not personally identify you and is not covered by this Privacy Policy.

3.6 Restricted Access and Non-Disclosure. We hold our employees, agents, and suppliers accountable for maintaining the trust that you place in us with your personal data and grant access on a need-to-know basis. Your personal data will not be used, disclosed or shared except as in accordance with this Privacy Policy or applicable laws relating to personal data.

3.7 Region of Use of Personal Data. The region of use includes places within or outside of Taiwan (excluding those prohibited by the competent authority for cross border transfer of personal data). Consistent with paragraph 3.3 above, as a result of the scope of the Company’s operations, the sharing of your personal data with our other group entities, service providers, and customers may result in your personal data being sent to regions outside of your region of residence, which may have data protection laws that differ from those in your region of residence. Regardless of the source or destination location of your information, we will at all times protect your personal data as described in this Privacy Policy, and in accordance with applicable data protection laws when transferring your personal data.

4.COOKIES AND WEB BEACONS

4.1 Use of Cookies and Opt-out. The Company’s websites use “cookies” to help personalize the online experience. A cookie is a piece of data stored on the user’s computer or mobile device tied to information about that user. They also allow us to identify those devices when they return to a website. You can set your browser to notify you before you receive a cookie, giving you the option of whether to accept it. You can also set your browser to turn off cookies. If you do so, some areas of our websites may not function properly. We use both session ID and persistent cookies. A session ID cookie simply expires once the user closes the browser. A persistent cookie is a small text file stored on the user’s hard drive for an extended period of time. These can be removed by following the instructions in your Internet browser’s help file.

4.2 Use of Web Beacons and Opt out. To help us provide better service, we sometimes collect anonymous information from visits to our websites through the use of “web beacons.” These do not access your personal data, but rather allow us to log users who have visited our websites. This anonymous information is sometimes known as “clickstream data.” We or our vendors may use this data to analyze trends and statistics to help us provide better customer service. If you do not want your clickstream data collected and used in this manner, see the paragraph above on cookies.

4.3 Personalized Advertising Using Cookies or Web Beacons. We allow third-party companies, including AddThis, to collect certain anonymous information when you visit our websites. These companies may use non-personally identifiable information during your visits to our websites in order to provide advertisements about goods and services likely to be of greater interest to you. These companies typically use a cookie or a third party web beacon to collect this information. If you do not want your information used in this manner, see the paragraph above on cookies.

4.4 Links to Third-Party Websites. For links to organizations not affiliated to us, we are not responsible for the privacy practices or the content of such websites. We recommend you review the terms and conditions of use and privacy policies in place on such websites.

5.YOUR RIGHTS AND CHOICES

5.1 Opt-Out for Notification Relating to Services or Marketing Information. Where you have asked us to provide our services, interacted with us, or have otherwise given us your separate consent to receive marketing or promotional information, we may periodically use your contact information to send you updates via e-mail or other modes of communication you consented to, in order to alert you to promotional opportunities or services relevant to your interactions with us, such as jobs in our database that match your selected criteria. Each notification will provide instructions on how to opt out of receiving similar e-mails from the registered service or resource. At the point where we request personal data about you, our site also gives you the opportunity to decide which communications you wish to receive. The database is automatically updated with your preferences when you opt out. When your interactions with the Company have resulted in your registration for multiple services or resources it may be necessary to opt out from each service separately.

5.2 Rights of a Data Subject. Pursuant to the PDPA, you may exercise the following rights over your personal data held by us:
(1) the right to inquire, request to review or request to obtain copies of personal data, for which the Company is permitted to charge necessary fees or deny your request in exceptional cases as specified in Article 10 of the PDPA;
(2) the right to request supplementation or correction of inaccuracies of personal data in our possession or control, where we will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request;
(3) the right to demand the cessation of the collection, processing or use pursuant to Article 11 of the PDPA; and
(4) the right to request deletion pursuant to Article 11 of the PDPA.

5.3 Procedure for Receiving a Request to Access. For a request to access personal data, once we have sufficient information from you to deal with the request, we will inform you of our decision to accept or reject your request within 15 days, which may be extended for another 15 days if necessary, and we will inform you of the reason for such extension. We will seek to provide you with the relevant personal data within 30 days after deciding to accept your request. Where we are unable to provide the information requested within the said 30 days, we will notify you of the soonest possible time within which we can provide you with the information requested.

5.4 Procedure for Receiving a Request Other Than Right to Access. For a request to supplement or correct personal data, to demand the cessation of the collection, processing or use, or to delete personal data, once we have sufficient information from you to deal with the request, we will inform you of our decision to accept or reject your request within 30 days, which may be extended for another 30 days if necessary, and we will inform you of the reason for such extension. We will cease the collection, processing or use of your information promptly after the decision to accept your request. We will supplement, correct, or delete your personal data within 30 days after the decision to accept your request. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make such supplementation, correction or deletion.

5.5 Consequences of Not Providing Information. Please note that your refusal to provide necessary personal information, and your request to demand the cessation of the collection, processing or use, or to delete personal data, could result in certain consequences or impact. In this regard, depending on the extent of your refusal or request, we will not be able to conduct necessary operations, processing, and continue providing our services such as recruitment, placement, or employment, as the case may be.

6.ADMINISTRATION, MANAGEMENT, PROTECTING AND RETAINING YOUR INFORMATION

6.1 Method of Use of Personal Data. Data is to be used through both automated and non-automated means that comply with relevant laws and regulations for personal data protection.

6.2 Duration of Use of Personal Data. We will store and use your personal data for the entire duration needed to serve one or more of the above Purposes applicable, or as required by applicable laws, specified in contracts or as deemed necessary to perform our services to you (whichever is longer). We will also put in place measures such that your personal data in our possession or under our control is destroyed as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.
6.3 Inaccurate or Incomplete Personal Data. We will take reasonable efforts to ensure that your personal data is accurate and complete, if your personal data is likely to be used by the Company to make a decision that affects you, or disclosed to another organisation. However, this means that you must also update us of any changes in your personal data that you had initially provided us with. We will not be responsible for relying on inaccurate or incomplete personal data arising from your failure to update us on any changes to the personal data you initially provided.

6.4 Security Measures. We will also put in place reasonable and appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption, use of privacy filters, access control, password protection and disclosing personal data both internally and to our authorised third-party service providers and agents only on a need-to-know basis to prevent any unauthorized access, collection, use, disclosure, copying, modification, disposal, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

6.5 Cross Border Data Transfer. Where your personal data is to be transferred out of Taiwan, we will comply with the PDPA in doing so. In this regard, this includes us taking appropriate steps to ascertain that the foreign recipient organisation of the personal data is bound by legally enforceable obligations to provide to the transferred personal data a standard of protection that is at least comparable to the protection under the Act. This may include us entering into an appropriate contract with the foreign recipient organisation dealing with the personal data transfer or permitting the personal data transfer without such a contract if the PDPA or law permits us to.

7.DATA BREACH NOTIFICATION

7.1 Reporting to Competent Authorities. In the event a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, we shall promptly assess the impact and once assessed that it is a notifiable data breach, we shall report this breach to the relevant competent authority(ies) or regulatory agencies based on the applicable data breach reporting requirements.

7.2 Notification to Affected Data Subjects. We will notify you in a proper manner if you are one of the affected data subjects when a data breach is verified, including information regarding the facts pertaining to the data breach and the responsive measures that have been adopted.

7.3 Informing the Data Controller. If we are a data processor engaged by a data controller to collect, process, or use of personal data on its behalf, we shall inform such data controller (e.g., our customers) immediately of any data breach so they can promptly assess the impact and comply with their data breach notification obligation.

8.UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. If we change our Privacy Policy, we will post the revised version here, with an updated revision date.

9.HOW TO CONTACT US

If you have any questions, grievances or complaints, or would like to exercise your data subject rights or provide comments about this Privacy Policy and/or the handling of your personal data by us, please contact our Data Protection Officer at:
Intelligence Taiwan Co., Ltd.
Address: 7F., No. 167, Dunhua N. Rd., Songshan Dist., Taipei City 105406, Taiwan

Email: freddie_yang@persoltw.com

Please note that for any resumes or job applications sent to this mailbox will NOT be attended as this mailbox is solely for purposes of personal data protection related feedback.

For submission of resumes or job applications, please visit our website at www.persolkelly.com.tw for more details.