Personal Data Protection Policy
Policy Statement
Cameo Communications, Inc. (hereinafter referred to as the “Company”) places great importance on the protection of personal data and privacy of all stakeholders. In accordance with the Personal Data Protection Act and relevant laws and regulations, the Company has established the Personal Data Protection Management Procedures to build a comprehensive personal data governance framework。
The Company collects, processes, and uses personal data based on the principle of data minimization, and adopts appropriate managerial and technical safeguards to ensure the availability, integrity, and confidentiality of personal data, thereby mitigating data protection risks and safeguarding the rights and interests of data subjects。
I、Scope of Application and Allocation of Responsibilities
This Personal Data Protection Policy applies to personal data relating to customers, suppliers, business partners, job applicants, and employees that may be involved in the Company’s business operations。
As the Company is primarily engaged in B2B research, development, and manufacturing of network communication products, most business interactions with customers and suppliers are conducted on a legal-entity-to-legal-entity basis. Accordingly, the involvement of personal data of natural persons is relatively limited and does not constitute a core business activity. Nevertheless, based on regulatory compliance and risk prevention principles, the Company incorporates all personal data that may be involved in its operations into the scope of this Policy and adopts appropriate management and protection measures according to the frequency of access and risk level。
Personal data protection matters are handled by designated responsible units in accordance with their respective functions, including Human Resources, Information Technology, Legal Affairs, and relevant business units. These units are responsible for policy compliance, system implementation, risk control, education and training, as well as the reporting and handling of personal data security incidents, in accordance with internal regulations, to ensure that the personal data protection framework complies with legal requirements and is effectively implemented。
II、Personal Data Management and Security Measures
The Company collects, processes, and uses personal data within a lawful, legitimate, and specific purpose. Based on the personal data lifecycle, the following management and security measures are implemented:
- Classification and tiered management of personal data, with access authorization controls
- Controlled storage environments for physical records (access-controlled document rooms and filing cabinets)
- Encryption, access logging, and authorization management for electronic personal data
- Maintenance of data accuracy and correction where necessary
- Deletion or cessation of use upon expiration of retention periods or when the purpose of collection no longer exists, in accordance with laws and regulations
- Reporting, investigation, and follow-up improvement mechanisms for personal data security incidents
III、Implementation Status of Personal Data Protection in 2025
The Company has implemented corresponding control measures throughout the personal data lifecycle, including recruitment and hiring, training, document management, complaints and whistleblowing, and employee separation procedures. The implementation status for 2025 is summarized below:
Summary of Personal Data Protection Measures for 2025
| Operational Category | Item | Implementation Measures |
| Recruitment and Hiring | Personal data protection and usage policy for applicants and new hires | 1. Periodic reviews of access permissions for the 104 Recruitment System, with access disabled for units without recruitment needs。 2. Personal data is used only after obtaining applicants’ consent。 3. New hires sign employment contracts that include personal data protection provisions。 |
| Training | Personal data protection awareness for new employees | As of July 31, 2025, a total of 67 employees completed training, with 16.75 training hours accumulated (average 0.25 hours per person)。 |
| Document Management | Storage and destruction of employee data | 1. Document rooms and storage cabinets are access-controlled; keys are centrally managed by HR supervisors, and CCTV is installed at access points。 2. Both paper-based and electronic personal data are subject to encryption and access control。 3. Documents exceeding retention periods are regularly destroyed in accordance with Company procedures。 |
| Complaints and Whistleblowing | Whistleblower protection measures | 1. Anonymous reporting channels are established, in compliance with confidentiality requirements under the Personal Data Protection Act。 2. As of July 31, 2025, no complaints related to personal data issues were reported。 |
| Employee Separation | Confidentiality policy for departing employees | Departing employees are required to sign a Confidentiality Undertaking upon Separation, explicitly prohibiting the disclosure of any employee-related information。 |
IV、Exercise of Data Subject Rights
Data subjects may exercise their rights under the Personal Data Protection Act, including the right to request access, review, copies, correction, deletion, or cessation of collection, processing, or use of their personal data. The Company will process such requests within the statutory time limits and provide necessary assistance in accordance with applicable laws。
V、Education, Training, and Continuous Improvement
The Company conducts periodic awareness programs and education on personal data protection. In response to regulatory amendments and business needs, the Company continuously reviews and adjusts its internal management systems and operational procedures to maintain a robust and continuously improving personal data protection framework。
VI、Contact Information
If you have any questions regarding the Company’s Personal Data Protection Policy or the exercise of data subject rights, please contact:
Cameo Communications, Inc.|Personal Data Protection Contact Window
Email:esg@cameo.com.tw
Address:2F., No. 275, Xinhu 3rd Rd., Neihu Dist., Taipei City, Taiwan
Tel:+886-2-7736-3000