Jia Jie Biomedical Co., Ltd. (the “Company”) places great importance on personal data protection. In order to comply with and implement the Personal Data Protection Act and other relevant laws and regulations governing personal data protection, and to ensure the proper management, maintenance, and execution of personal data protection practices, thereby preventing infringement of data subjects’ personality rights and promoting the reasonable use of personal data, the Company has established the Personal Data Protection Policy and related personal data protection management procedures.
The scope of application covers all employees, customers, and cooperating vendors of the Company, and applies to the collection, processing, and use of personal data involved in business execution, projects, and internal administrative operations.

​

I. Policy Purpose

At Jia Jie Biomedical, we regard personal data protection as an integral part of our corporate responsibility. We are committed to handling all personal information in a lawful, transparent, and secure manner. With respect for personal privacy as our core principle, we have established management mechanisms in accordance with the Personal Data Protection Policy to safeguard the rights and interests of all data subjects.

​

II. Scope of Application

​This Policy applies to personal data accessed by the Company in the course of its operations, management, human resources, marketing, and cooperative activities, including but not limited to:

1. Employees and job applicants

2. Customers and potential customers

3. Suppliers and business partners

4. Other individuals who interact with the Company

​

III. Principles of Data Collection

When collecting personal data, we adhere to the following principles:

1. Prior notification of the purpose of collection, data categories, retention period, and methods of use.

2. Collection limited to information necessary for business purposes, with explicit consent obtained from the data subject.

3. Adoption of technologies such as encryption and secure storage to ensure data security during transmission and storage.

​​

IV. Use and Retention of Data

The use and retention of personal data comply with the following requirements:

1. Data shall be used only within the scope of the original purpose of collection and shall not be arbitrarily used for other purposes.

2. Disclosure or sharing is prohibited without the data subject’s written consent or legal authorization.

3. Upon expiration of the retention period or fulfillment of the purpose of collection, data shall be securely deleted or its use discontinued in accordance with internal procedures.

​

V. Information Security Measures

​To prevent unauthorized access to or leakage of personal data, the following measures are implemented:

1. Establishment of tiered access controls, allowing only authorized personnel to access sensitive data.

2. User accounts are unique and are promptly deactivated upon employee resignation or job transfer.

3. Regular system security inspections and risk assessments are conducted to ensure a stable and reliable information environment.

​

VI. Education, Training, and Internal Oversight

​We emphasize employees’ awareness of personal data protection and strengthen management through the following measures:

1. Regular annual training and awareness programs on personal data protection.

2. All departments are required to cooperate with the Management Department in conducting personal data audits and improvement actions to ensure effective implementation of the Policy.

​

VII. Protection of Data Subject Rights

​In accordance with applicable laws and regulations, data subjects are entitled to the following rights:

1. To inquire about or review their personal data.

2. To request copies of their personal data.

3. To request correction or supplementation of their personal data.

4. To request cessation of use or deletion of their personal data.

The Company will respond to and process such requests within a reasonable period.

​

VIII. Incident Reporting Mechanism

​In the event of unauthorized access to, leakage of, or other security incidents involving personal data, the Company will immediately activate its response mechanism and notify the data subjects and the competent authorities via telephone, email, or other appropriate means, explaining the circumstances of the incident and the remedial actions taken.

Contact Point: Information Department, Jia Jie Biomedical Co., Ltd.
Tel: +886-7-976-1598 ext. 379

​

Implementation Status for the Year

​To continuously enhance employees’ professional knowledge and capabilities in personal data protection management, the Company regularly provides education and training for all employees, together with relevant legal awareness programs. Resources are continuously invested to embed personal data protection awareness and concepts into corporate culture and daily operations.

• Total number of employees completing Personal Data Protection Act awareness training in 2025: 63 employees; total training hours: 15.75 hours.

• New employee code of conduct and confidentiality agreement signing rate: 100%.

• Statistics on personal data inquiries and complaints: No personal data inquiries or complaints were received in 2025.