Scope of this Policy
This Privacy Policy applies to personal data we collect, process, and use through any of the following channels:
- Our official website wintech-pd.com and all its subdomains.
- Forms on the site, including contact, product quote, agent recruitment, and media or academic collaboration requests.
- Our 24/7 online monitoring platform, remote data management, and related technical services.
- Information you share with our sales or technical staff by email, phone, or in person.
It does not cover third-party websites linked from our site. Please review the privacy notice of any external site you visit.
Categories of Personal Data
Per Article 4 of the Enforcement Rules of the Taiwan PDPA, we may collect the following categories of personal data:
| Code | Category | Example fields |
|---|---|---|
| C001 | Personal identifiers | Name, title, company, email, phone |
| C002 | Financial identifiers | Tax ID, invoice header, payment info (only during transaction) |
| C011 | Personal description | Department, role, industry (utility / heavy-electric / academic) |
| C038 | Occupation | Organization type, scope of business, region |
| C132 | Web usage records | IP address, browser & device info, referrer, dwell time, cookie ID |
| C134 | Technical service records | Equipment type, measurement data, report ID, on-site photos (with consent) |
Apart from "web usage records" generated automatically when you visit, all data is provided by you voluntarily or in the course of business. We do not collect sensitive categories (health, criminal record, religion, etc.) unless you volunteer them.
Purposes & Legal Basis
We collect your personal data for the following specific purposes, in accordance with Article 19 §1 of the Taiwan PDPA:
- 040 Marketing (excluding cross-marketing among financial-holding subsidiaries)
- 069 Contractual, quasi-contractual, and other legal relationships
- 090 Consumer / customer management and service
- 091 Consumer protection
- 148 Online shopping and other e-commerce services
- 152 Advertising or commercial-conduct management
- 157 Surveys, statistics, and research analysis
- 181 Other lawful business activities permitted by our registration or articles
In practice: when you submit a contact form, we use your data to reply and follow up; when you commission a technical service, we use it to schedule work, deliver the report, and issue an invoice; when you subscribe to our newsletter, we use it to send articles and product news — and nothing else.
Use, Retention & Region
Method of use: stored and processed in digital files, paper records, cloud services, and an internal CRM. Access is granted to authorized staff only, with encryption and role-based controls.
Retention period:
- Contact-form enquiries ⏤ 3 years from last interaction.
- Customer and supplier records ⏤ 7 years after the business relationship ends, in line with the Business Accounting Act.
- Technical service reports ⏤ 10 years from issue, as equipment-history reference.
- Newsletter subscribers ⏤ until you unsubscribe, or auto-deleted after 2 years of non-engagement.
- Web usage records and cookies ⏤ up to 13 months, depending on cookie type.
Region of use: our place of business (Taiwan, R.O.C.). Data resides in AWS regions in Taiwan, Tokyo, and Singapore. No further cross-border transfer occurs other than through the processors listed in Chapter 05.
Recipients: Wintech staff, the processors listed in Chapter 05, and any authority required by law or authorized by you.
Third-Party Sharing & Processors
We do not sell or rent your personal data. In the following limited cases, your data may be shared:
| Recipient | Purpose | Scope |
|---|---|---|
| Cloud providers | Web hosting, CRM, email, file storage | AWS (Taiwan / Tokyo / Singapore), Google Workspace |
| Analytics | Site traffic, performance monitoring | Google Analytics 4 (IP anonymization enabled) |
| Payment & invoicing | Bank reconciliation, e-invoice issuance | Partner banks, MOF e-invoice integration platform |
| Logistics | Sample / equipment shipping | T-Cat, DHL, FedEx |
| Legal & audit | Compliance with Company Act / Business Accounting Act | Our signed accounting firm and legal counsel |
| Government | Judicial, tax, or sectoral authority orders | Police, MOF, MOEA, NCC, etc. |
All processors are contractually bound to data-protection standards no lower than this policy, and to destroy your data when the engagement ends.
Cookies & Analytics
This site may set the three cookie categories below when you visit. You can refuse all or some via your browser settings, though certain features (form anti-double-submit, language memory) may stop working.
- Strictly necessary ⏤ keep the site running: session, CSRF protection, language switch. Cannot be disabled.
- Preferences ⏤ remember your browsing preferences (dismissed banners, type-size).
- Analytics ⏤ enabled after consent, to understand site usage, page dwell time, and device distribution. We use Google Analytics 4 with IP anonymization on and ads personalization off.
This site does not use cross-site advertising cookies and is not connected to any ad network.
Data Security Measures
In accordance with Article 18 of the PDPA and the security-maintenance plan announced by the competent authority, we apply the following measures:
- Transport encryption: HTTPS site-wide (TLS 1.2+), form fields encrypted in-browser before submission.
- Storage encryption: CRM and file storage at-rest with AES-256; encrypted off-site backups.
- Least-privilege access: role-based controls with two-factor authentication (2FA).
- Audit logging: key systems log access; logs retained 90 days and reviewed periodically by the security lead.
- Staff training: every person handling personal data completes annual data-protection training and signs a confidentiality agreement.
- Incident reporting: in case of a personal-data breach we notify the competent authority within 72 hours of becoming aware, and notify affected individuals as required.
Your Rights under the PDPA
Under Article 3 of the Taiwan PDPA, you may exercise the following rights regarding the personal data we hold:
- RT · 01 Inquire or request accessRequest the items and content of personal data we hold about you.
- RT · 02 Request a copyRequest a copy of the data above (electronic or paper).
- RT · 03 Request correctionRequest correction or completion when data is wrong or incomplete.
- RT · 04 Request to stop processingUnless required by law, request that we stop a specific processing activity.
- RT · 05 Request deletionRequest deletion once the original purpose has lapsed or the retention period has ended.
- RT · 06 Opt out of marketingUnsubscribe via any newsletter footer link, or by writing to us at any time.
To exercise these rights, contact the DPO listed in Chapter 11 in writing or by email. We respond within 30 days of receiving a complete request with verified identity. Complex or bulk requests may be extended by another 30 days with notice.
Children's Privacy
Our services are aimed at corporate customers in the power industry, not at minors. If we inadvertently collect personal data of anyone under 18, we will delete it immediately upon becoming aware and stop any further use. If you are a minor, please do not submit personal data through this site.
Updates to this Policy
We may revise this policy when laws change, our operations evolve, or practice requires. Revisions will be communicated as follows:
- The "Last Updated" date and revision number at the top of this page are refreshed.
- For material changes (e.g. expanded purpose, broader third-party sharing) we notify customers on file by email and post a homepage notice at least 30 days before the change takes effect.
- Continuing to use the site or services after the change indicates acceptance of the revised version.
Revision history
- 2026 · 03 · 14 v 2.4 Added retention rules for the 24/7 monitoring platform; clarified GA4 IP anonymization.
- 2025 · 06 · 02 v 2.3 Updated processor list; clarified retention periods.
- 2024 · 09 · 18 v 2.2 Re-listed purpose codes per amended PDPA Enforcement Rules.
- 2023 · 11 · 30 v 2.1 Added DPO contact and breach-notification process.
- 2022 · 04 · 01 v 2.0 Full rewrite to align with the new corporate site.
Data Protection Contact
For questions about this policy, to exercise your data rights, or to report a suspected data breach, please contact our Data Protection Officer:
The DPO role is held jointly by our Legal & Information-Security leads. On receiving your request we verify your identity and route the matter through the relevant business unit. Please write "Personal data rights" in the subject line and briefly describe your request.
- service@wintech-pd.com.tw
- PHONE
- +886-2-8911-0833
- ADDR
- 5F, No. 188, Sec. 2, Zhongxing Rd.,
Xindian Dist., New Taipei City 231, Taiwan - HOURS
- Mon – Fri 09:00 ⏤ 18:00 (GMT+8)
If you believe we have violated the PDPA, you may also file a complaint with the Personal Data Protection competent authority of Taiwan (National Development Council / the relevant sectoral authority).