Economic Aspect

Privacy Protection

Issue Date:2021/06/03

1.Privacy Protection Management

Chunghwa Telecom Co., Ltd. (“Chunghwa Telecom”) value the privacy of our customers. Pursuant to the "Privacy Policy" as well as "Personal Data Protection Notice" and "The Personal Data Protection Act", Chunghwa Telecom collects, processes, uses and protects personal and privacy data of customers within the laws and regulations. There will be no arbitrary exchange, leasing or disclosure to any third party by any means.
“Cybersecurity and Privacy Protection Steering Committee” has established at Chunghwa Telecom. An SEVP-level officer is appointed by the Chairman as the Chief Information Security Officer (CISO) to convene regularly “privacy protection working meeting”, overseeing and managing operations in cybersecurity and personal data and privacy protection.
In accordance with the common rules and international standards, Chunghwa Telecom has established the personal data protection management system, which includes performing new business risk assessment and building a strict and safety data protection system environment to prevent customer's data from being stolen, altered, or illegally used. In addition, the Company provides comprehensive education and training on data privacy protection to all employees.
Chunghwa Telecom continue to enhance our operating procedures and improve information technology to ensure privacy protection security measures across all elements. All KPIs are reviewed regularly. Chunghwa Telecom has passed the government's administrative security and privacy protection checks and obtained third-party certifications (including ISO 27001 / ISO 27011 / BS10012 / CSA STAR Certification, the certificates continue to be valid) in order to provide consumers with comprehensive security and privacy protection.
Check out our “Privacy Policy” and “Personal Data Protection Notice

 

2.Privacy Protection Risks Management

    The personal data and privacy risks management mechanism of Chunghwa Telecom is based on the identification of risks brought by threats, internally and externally, to the organizational operations and businesses, including changes of the laws and regulations and international standards, requirements of the competent authorities, trends of cybersecurity threats, and audit results. It inventories significant risk issues of the year, followed by the analysis of the impact levels and probability of risks, evaluation of the priority for risk handling, formulation of objectives and measures for risk handling, and regular review and evaluation of indicators attainment.

 

3.Personal Data Collect, Processing and Use

    Data collect category and content

Chunghwa Telecom will collect the following personal information based on the requirements by laws and the necessity of service provided upon our services be used.

Through multiple channels (e.g. websites, apps, sales and business stores, and customer service hotline), customers may access and understand those categories and methods of the data collection, processing, use and the disclosure of such data to a third party by Chunghwa Telecom as well as rights exercised by customers (e.g. the inquiry, cessation of the collection, processing ,use or erase).

 

    Data use and protect

In order to improve customer experience and maintain customer relationships, Chunghwa Telecom will use customer data for analysis and provide more optimized and appropriate services and preferential information that are most suitable for customers. Customers may request to cessate the collection at any time.

For preventing the unauthorized access, disclosure, use and/or altered, and safeguarding the security and privilege to personal information of customers, Chunghwa Telecom exercises full (100%) monitor to the use of customers personal data collected. In 2020, the percentage of customers data used for secondary purpose is 84.4%. The data protection measurements are as follows:
     (1) The right of access is based on the principles of “least privilege” and “need to know”.
     (2) All the column for personal data should be hidden and codified.
     (3) For ensuring the legitimate use of the customer personal data by any of employee of Chunghwa Telecom, any view and visit should be recorded for further systematic check and review.
     (4) System shall exercises cross checks by excluding those accounts are not eligible for these kind of applications prior to the use of such customer personal data.

 

4.Provision of Personal Data

    There will be no arbitrary exchange, lease or disclosure to any third party by any means. However, if required by law, or under the following circumstances, Chunghwa Telecom may share your personal data with a third party.

     Law enforcement requests

       (1) Law enforcement agency application: Where the government or a law enforcement agency requests or inquires access to information of any customer of Chunghwa Telecom for the protection of public safety and against crimes, in compliance with the laws and regulations, Chunghwa Telecom shall provide information accordingly to the government or law enforcement agency after a rigid examination. Chunghwa Telecom may refuse to provide any information should the examination is not meet the procedural requirements. The ratio of data providing as the table below.
     (2) The epidemic prevention needs of the government (COVID-19) : In response to the COVID-19 pandemic and the epidemic prevention needs of the government since January 26, 2020, Chunghwa Telecom acts in compliance with “Communicable Disease Control Act” and “Special Act for Prevention, Relief and Revitalization Measures for Severe Pneumonia with Novel Pathogens.” To advance the public interests, the telecom service providers in Taiwan are liable to provide necessary information in line with the regulations to facilitate enforcement of home isolation policy and prevent disease spread. Chunghwa Telecom strictly controls data security to safeguard customer privacy. The ratio of data providing as the table below.

5.Inquiries and Complaints

There are well trained staffs in personal information laws and regulations to provide with professional consultation with dedicated complain channels.
Tel : 0800-080-090
Mailbox : https://www.cht.com.tw/zh-tw/home/cht/service/emailus

Should the privacy issue not be resolve within 30 days, please contact with us:
To: Chief Information Security Officer (CISO) / Chunghwa Telecom
Add: No. 21-3, Section, 1, Xin Yi Road, Taipei City
Tel: +886-2-2344-6789

Chunghwa Telecom has formulated the report and response mechanism for privacy incidents. Also, we collect information through public opinion analysis, client consultation, and grievance channels. Upon detection of potential privacy incident, it is required to complete the reporting in accordance with the report window list. In the event of major incident, it will be escalated to the Cyber Security Department at the Headquarters and the CISO, while a response team will be formed within 24 hours to enact emergency response mechanism.

Upon the privacy incident verified, Chunghwa Telecom shall conduct incident investigation and analysis to find the root case, define scope of damage, preservation of relevant evidence, while take emergency response measures. We monitor the changes of public opinions and client grievance, learn about the personal data illegally collected, processed, used in the incident, prevent further damage, and notify individuals affected and the competent authorities. Where the incident causes damage to clients’ rights, Chunghwa Telecom will provide compensation or legal support to the individuals involved to assist and protect our clients’ rights to the best of our ability.

There were 8 “alleged information breach cases” filed by clients to Chunghwa Telecom in 2020, of which one was notified by the National Communications Commission (NCC) and seven submitted via the customer service hotline (4 more cases compared with that in 2019, accounting for 0.000018% of the customer hotline service provided of the year). All the cases were investigated and verified that there had not been any fact of personal data and privacy breach.