Win Win Precision Technology Co., Ltd. (hereinafter as the “Company” or “We”) places great importance on the protection of personal data and privacy of our stakeholders (hereinafter “You” or “Your”). The Company is committed to collecting, processing, and using your personal data with the utmost care. In accordance with the Personal Data Protection Act of Taiwan(“PDPA”) and the European Union’s General Data Protection Regulation (“GDPR”), the Company has established this Privacy Policy (the “Policy”) to deliberate on how your personal data is collected, processed, used, and protected, as well as other rights under applicable laws.

If this Policy is amended due to changes in laws, business operations, or other reasons, the updated Policy will be published on the Company’s official website.

Policy Scope

This Policy applies to the Company’s customers, suppliers, business partners, and other natural person who visits the Company’s website or use the Company’s products or services.

Data Controller under the GDPR

Company Name: Win Win Precision Technology Co., Ltd
Address: 4F., No. 180, Sec. 2, Gongdao 5th Rd., Hsinchu City, Taiwan
Tel: +886 (03) 568-8699
Email: info@w-win.com.tw

Whenever the Company acts as a data processor processing personal data on behalf of a third party, such processing shall be governed by the relevant Data Protection Agreement.

Collection of Personal Data

The Company may collect your personal data through the following channels and methods:

  1. Information voluntarily provided by You, such as contacting customer service or submitting inquiries.
  2. Information you have publicly disclosed, such as on social media platforms.
  3. Information obtained through interactions with the Company, including from purchases of our products, surveys, or after-sales services.
  4. Information generated through interactions with third-party content or advertisements on the Company’s website.
  5. Information lawfully obtained from third parties, such as from government authorities, logistics providers, or payment platforms.

Categories of Collected Personal Data

The Company may collect and process the following categories of personal data:

  1. Identification data (e.g., name, gender, photograph, age, nationality)
  2. Contact information (e.g., email address, telephone number, mailing address)
  3. Account and login data (e.g., account name, login credentials, OTP records)
  4. Transaction data (e.g., transaction records, payment amounts, invoices)
  5. Technical data (e.g., IP address, device or operating system type, cookies)

However, We will not proactively collect, process, or use your special categories of personal data (as defined under Article 6 of PDPA, namely personal data relating to medical records, medical treatment, genetic data, sexual life, health examinations, or criminal records). When the Company is required, on a lawful basis, to collect, process, or use such special categories of personal data, We will do so in accordance with applicable laws and regulations, including the PDPA and the General Data Protection Regulation (GDPR), and shall implement appropriate protective measures.

Furthermore, the Company currently does not engage in fully automated processing, including profiling, that produces legal effects concerning data subjects or similarly significantly affects them. Should such processing be involved in the future, the Company will provide separate notice in accordance with applicable laws.

Purpose and Legal Basis

The Company may process personal data for the following purposes including to provide you with the Company’s product and warranty services, marketing, user experience analysis, security maintenance, legal compliance, and market research, based on lawful grounds such as contractual necessity, legal obligations, legitimate interests, public interest, or with Your consent.

Disclosure of Personal Data

We may disclose personal data provided with complete legal competence to the following third parties:

  1. Governing authorities,
  2. External advisors,
  3. The Company’s Service providers,
  4. Advertising partners in connection with Company’s websites or plugin developers,
  5. Or other parties as required by law.

Whenever the Company engages information service providers to collect, process, or use your personal data on its behalf, the Company shall enter into appropriate contractual arrangements with such providers, requiring them to collect, process, or use personal data solely in accordance with the Company’s prior written instructions. Such providers shall also be required to comply with applicable laws and regulations and to implement adequate security and confidentiality measures to protect your personal data.

Cross-Border Transfers

As the Company operates on a cross-border basis, it may transfer your personal data to recipients located in other countries. The Company shall comply with applicable local data protection laws and regulations in connection with such transfers.

Where your personal data is subject to the protection requirements of the GDPR and the recipient is located outside the European Economic Area (EEA), the Company shall, in accordance with the GDPR, conduct an adequacy assessment and implement appropriate safeguards, including but not limited to:

  1. The adoption of the European Commission’s Standard Contractual Clauses (Standard Contractual Clauses, Regulation (EU) 2021/914); and
  2. The performance of a Transfer Impact Assessment (TIA), together with the implementation of supplementary protective measures where necessary.

Data Security

The Company has implemented appropriate technical and organizational security measures, in accordance with applicable laws and regulations, to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, access, or other unlawful or unauthorized processing, whether intentional or accidental. However, due to the open nature of the Internet, notwithstanding the reasonable measures adopted by the Company to safeguard your data, the Company cannot guarantee the absolute security of data transmitted over the Internet. You acknowledge and agree that you bear the inherent risks associated with such transmission. Accordingly, you are advised to ensure that there are no security concerns when transmitting your personal data to the Company.

In the event that a personal data breach is confirmed, the Company shall notify the competent supervisory authority within the statutory time limits and, where required by law, notify the affected data subjects accordingly.

Accuracy and Timeliness

To ensure the accuracy and timeliness of Your personal data, the Company may periodically verify such data with you and request that you provide true, complete, and up-to-date information. Where there are any changes to your personal data, you are requested to notify the Company promptly so that the Company may update such data accordingly. The Company shall correct or delete inaccurate or incomplete personal data without undue delay.

Principle of Necessity

The Company shall collect, process, and use Your personal data solely to the extent necessary for the purposes set forth in this Policy. The Company shall take reasonable measures to ensure that the personal data collected is relevant and reasonably related to such purposes, and shall periodically review the personal data in its possession to ensure that it remains necessary and appropriate for the stated purposes of collection. The Company further undertakes not to request any personal data that is unrelated to its lawful purposes.

Duration

The Company shall retain Your personal data only for the period necessary to achieve the purposes set forth in this Policy. Upon the expiration of the statutory retention period or when the purposes of processing no longer exist, the Company shall delete or anonymize Your personal data in accordance with applicable laws and its internal procedures.

Notwithstanding the foregoing, the Company may continue to retain or otherwise process Your personal data, to the extent necessary, under the following circumstances:

  1. Where required to comply with instructions from competent authorities or other applicable legal or regulatory requirements; or
  2. Where the personal data is relevant to unresolved disputes, legal proceedings, or lawful requests made by third parties.

Your Rights

You may exercise the following rights with respect to your personal data: the right to refuse to provide personal data; the right to request access to Your personal data; the right to request correction of inaccurate personal data; the right to request deletion of personal data; the right to request cessation of the collection, processing, or use of personal data; the right to withdraw your prior consent; the right to request the transfer of Your personal data to another party under their control (data portability); and the right to lodge a complaint with the competent supervisory authority.

The Company shall respond to Your written request or request submitted by email (info@w-win.com.tw) within no later than thirty (30) business days from receipt thereof. Please note, however, that:

  1. If You choose to refuse to provide personal data, the Company may be unable to provide you with full access to certain website functionalities, products, or services; and
  2. You have the right to withdraw Your consent at any time. Such withdrawal shall not affect the lawfulness or necessity of the collection, processing, or use of your personal data carried out prior to the Company’s receipt of your withdrawal notice.

Cookie Use and Management

The Company’s website may use necessary, analytical, or functional cookies to enhance website operation and user experience. Users may manage or refuse cookies through their browser settings; however, certain website functions may be limited as a result.

Policy Amendment

We reserve the right to amend this Policy at any time. Any revisions shall be published on the Company’s website or otherwise communicated by appropriate means.