Customer Privacy Protection

When customers access services of Chunghwa Telecom, we collect their personal/private data out of the regulatory requirement for identity verification or the needs for service provision.

Types and Content of Data Collected

Personal Information Type Description
Customer-provided Data This includes personal information filled out by customers during service applications or data required to be retained by law (e.g., name, national ID number, date of birth, contact information, etc.).
Account Information This includes communication records, billing records, and payment methods generated from the use of services by customers.
Network Usage Information This includes communication device identifiers, internet addresses and location information, communication time, connection usage and packet counts, domain names, application service types, and protocols generated by the public telecommunications network after access of telecommunications services by customers.
Domain Browse Information This includes information on how customers use our mobile broadband and internet services, such as online time, data volume, and domains.
Location Information This refers to the location data generated by a customer’s use of mobile broadband or the Internet.

Use of The Collected Information

Regarding the use of the personal data of customers, the data are used within the necessary scope specified at the time of collection and pursuant to the laws and regulations. The personal data of customers will not be disclosed to a third party, processed or used in places other than areas Chunghwa Telecom operates, or otherwise beyond the purposes of collection, unless consented by the customers or specified otherwise by the laws or regulations.

If it is necessary to entrust an affiliate or a third party (such as logistics or information service providers) to provide services, we shall enforce supervision as appropriate to assure the security of the personal data of customers.

Possibility for Customers to Decide How Private Data Is Collected, Used, Retained and Processed

To protect the rights of customers, a variety of channels (including websites, apps, stores, and customer hotline) are available at Chunghwa Telecom for customers to access and learn about the types of personal information collected and the methods for collection, processing, use, or disclosure of such to a third party as well as the rights customers may exercise.

Rights at the disposal of customers Description
The opt-out option available with the right to opt-out at any time, unless restricted by the laws or regulations, or that the opt-out by customers will render impact to the contract that is in their favor. We will respond to customer requests within thirty days in accordance with Article 13 of the Personal Data Protection Act. If necessary, we will notify the customer in writing and extend the response time by an additional thirty days.
The opt-in consent required Unless otherwise provided by the laws or regulations, purposes of our collection or processing of the personal data of customers shall be specified and be subject to the consent of the customers.
Requests for access to data held by the company Customers are entitled to inquire or to request to view the personal data thereof we hold, or to request a copy of such from us. We will respond to customer requests within fifteen days in accordance with Article 13 of the Personal Data Protection Act. If necessary, we will notify the customer in writing and extend the response time by an additional fifteen days.
Requests to edit data Customers are entitled to supplement or correct their personal data. We will respond to customer requests within thirty days in accordance with Article 13 of the Personal Data Protection Act. If necessary, we will notify the customer in writing and extend the response time by an additional thirty days.
Requests for deletion Unless otherwise provided by the laws or regulations, upon termination of the contractual relationship with us, customers are entitled to request erasure, or cessation of processing or use, of personal data from us. We will respond to customer requests within thirty days in accordance with Article 13 of the Personal Data Protection Act. If necessary, we will notify the customer in writing and extend the response time by an additional thirty days.
Request data be transferred to other service providers
  • In compliance with the requirements by the competent authority of the telecommunications industry, the operator ought to verify the data of customers with new application for telecommunications business in line with the pertaining laws and regulations as well as help prevent fraud practices accordingly.
  • We do not provide transfer of personal data of customers to other telecom operators, except for the service of number portability available upon customer application.

Data Retention Period

Upon termination of contractual relationship between customers and us, the personal data will be retained for a minimum of one year in compliance with the Telecommunications Management Act and other pertaining laws and regulations, which will be deleted after the defined period of time with (non-personal) data generated in a form that does not identify the customer retained. We will not collect personal data from third parties as well, unless consented by the customers or specified otherwise by laws and regulations.

Data Protection and Privacy enhancing technologies (PETs)

Upholding "Privacy by Design" as our core principle, we reference the Guidelines for the Application of Privacy-Enhancing Technologies by the Ministry of Digital Affairs (MODA) to incorporate the outlined technical implementation processes, risk assessments, and applied principles into the overall considerations of our privacy protection mechanisms. Also, throughout the planning, development, and operational lifecycles of our products and services, data protection requirements are systematically integrated into our architectural and process designs, ensuring that data utility needs, regulatory compliance, as well as safety and security are included from the very inception of the design phase. 

The specific governance and implementation practices are as follows: 

  1. Prior to launching new services, expanding business operations, or deploying AI applications, risk assessments and privacy impact assessments (PIAs) are conducted in accordance with internal procedures to identify data types, potential threats, impact magnitude, and likelihood of occurrence. Process and security controls are then implemented based on the results, ensuring that data protection measures are embedded at the design phase.
  2. All information systems involving personal data, sensitive data, or critical infrastructure services are included in the monitoring scope of the Chunghwa Telecom Security Operations Center (CHT SOC). Through the architecture of diversity and defense-in-depth for security and institutionalized vulnerability management mechanisms, vulnerability scanning, penetration testing, and patching or contingency operations for critical security updates are continuously executed. In addition, these systems maintain third-party certification of ISO 27001 to guarantee data security.
  3. The allocation of data access and use permissions strictly adheres to the principle of least privilege per business necessity, ensuring that data is used solely within the scope of lawful, legitimate, and specific purposes to mitigate the risks of unauthorized access and misuse. 
  4. Complete system logs are retained whenever internal personnel access or utilize personal data of customers during business execution. Also, it is managed through a systematic cross-check and review mechanism to safeguard against any potential misuse. 
  5. We have achieved third-party certifications for personal data and privacy management systems, including ISO/IEC 27701, BS 10012, and CNS 29100. In alignment with pertaining standard requirements, appropriate managerial and technical measures, including access controls, data encryption in transit and at rest, and de-identification technologies, are adopted throughout our data analysis and processing workflows, so as to ensure that data remains protected during all stages of processing and exchange.
  6. De-identification or other data minimization techniques, including privacy-enhancing technologies such as suppression, pseudonymization, generalization, randomization, aggregation and masking, are employed to limit the amount of specific personal data and personal information for collection or processing, which apply to a range of data such as the names, ID numbers, birthdays, addresses, and email accounts of customers. The results of de-identification are presented as statistical data, trends, or other non-identifiable forms as the basis for business decisions (such as consumer age/geographical distribution, regional signal improvement, etc.), in order to fully protect the privacy of our customers.

In addition, the Number Masking Service at Chunghwa Telecom serves as a concrete case of integrating Privacy-Enhancing Technologies (PETs) directly into our products and services. At the system and process design layers, the service masks consumers' actual phone numbers, effectively preventing data breach and telecom fraud risks. The service has been successfully deployed across e-commerce, logistics, and our internal telecom installation and maintenance operations, demonstrating our tangible achievements in ceaselessly strengthening customer data security and privacy trust.

Secondary Use of Customer Data in 2025

Item Percent
Customers consenting to secondary use 75.79%
Customers rejecting secondary use 24.21%

Policy for Disclosure to Third Parties

Personal data and privacy will not be disclosed to a third party by means of exchange, lease, or otherwise at will, unless consented by the customers or specified otherwise by laws and regulations, we may share personal data and privacy with a third party:


  • Prosecutors / Investigation Bureau / Police Department / Other Governmental Agencies :We are liable to protect customer’s secrecy of correspondence and privacy from illegal infringement in accordance with the laws. Only when government agency or law enforcement agency presents Chunghwa Telecom a letter in line with the laws to request access or inquire information of customers to protect public security, fight crimes, or maintain social order can we provide customer information thereto.

Requests for Customer Information Received from Government or Law Enforcement Agencies

We are liable to protect customer’s secrecy of correspondence and privacy from illegal infringement in accordance with the laws. Only when government agency or law enforcement agency presents Chunghwa Telecom a letter in line with the laws to request access or inquire information of customers to protect public security, fight crimes, or maintain social order can we provide customer information thereto.

In compliance with the requirements, dedicated departments and rigorous review procedures for access are in place. Relevant information can only be provided in accordance with the laws upon criteria met, which will not be available otherwise.

In 2025, 1,690,509 requests were made by the government or law enforcement agencies for inquiries of our user information. The ratio of provision was 43.79%(740,190 requests) and that of rejection 56.21%(950,319 requests), most of which were primary due to inconformity to the relevant laws and regulations or source data error. 

Personal Data Provided to Government or Law Enforcement Agencies in 2025

Source of Request Data Provision Total
Provided Lawfully Declined to provide
Prosecutors / Investigation Bureau 61.86%(228,010 cases)61.64%(249,875 cases)

38.14%(140,569 cases)38.36%(155,530 cases)

 100%(368,579 cases)100%(405,405 cases)
Police Department  38.87%(494,155 cases)49.32%(492,729 cases)  61.13%(777,074 cases)50.68%(506,258 cases) 100%(1,271,229 cases)100%(998,987 cases)
Other Governmental Agencies  35.55%(18,025 cases)38.60%(13,834 cases)  64.45%(32,676 cases)61.40%(22,001 cases) 100%(50,701 cases)100%(35,835 cases)
Total  43.79%(740,190 cases)52.52%(756,438 cases)  56%(950,319 cases)47.48%(683,789 cases)  100%(1,690,509 cases)100%(1,440,227 cases)

Personal Data and Privacy Protection Consultation and Grievance Channels

A variety of means are available for customers to exercise their rights with Chunghwa Telecom. In addition, customers with questions or concerns regarding personal data or privacy may send feedbacks or appeals by means of following channels, which will be explained by dedicated staff in a professional manner.

Personal Data and Privacy Protection Complaint/Grievance Channels Description
Application over the counter You may go to any operation site across the country for services by store staff. Locate the Service Center here: https://my.cht.com.tw/ServiceCenter
Customer hotline You are welcome to call at CHT toll-free customer hotline 0800-080-123 (123 for CHT landline users and mobile users) for customer service, and the customer service will be right with you.
Customer service website Service will assist you to update your preferences in receiving “marketing information from CHT.” Click here for application: https://123.cht.com.tw/
Online Self-service

Personal Data and Privacy Protection Grievance Escalation Channels

 
ESG Content Quick Links
Excellence & Innovation
Sustainable Revenues
Interaction
Latest News Surveys Contact Us Newsletter Subscription Chunghwa Telecom CSR Fan Page

BACK TO TOP