Skip to main content
PRIVACY POLICY ⏤ Wintech Electric

Collect lean,
use openly.

蒐集從簡,使用透明。

This policy explains how Wintech Electric Co., Ltd. ("Wintech", "we") collects, processes, and uses your personal data on wintech-pd.com and our related services, and the rights you may exercise under the Republic of China (Taiwan) Personal Data Protection Act (PDPA).

  • 2026 · 03 · 14
    Last Updated
  • v 2.4
    Policy Revision
  • Jurisdiction
    TW · PDPA Compliant
  • service@wintech-pd.com.tw
    DPO Contact
01
Scope

Scope of this Policy

This Privacy Policy applies to personal data we collect, process, and use through any of the following channels:

  • Our official website wintech-pd.com and all its subdomains.
  • Forms on the site, including contact, product quote, agent recruitment, and media or academic collaboration requests.
  • Our 24/7 online monitoring platform, remote data management, and related technical services.
  • Information you share with our sales or technical staff by email, phone, or in person.

It does not cover third-party websites linked from our site. Please review the privacy notice of any external site you visit.

02
Categories of Personal Data

Categories of Personal Data

Per Article 4 of the Enforcement Rules of the Taiwan PDPA, we may collect the following categories of personal data:

Code Category Example fields
C001 Personal identifiers Name, title, company, email, phone
C002 Financial identifiers Tax ID, invoice header, payment info (only during transaction)
C011 Personal description Department, role, industry (utility / heavy-electric / academic)
C038 Occupation Organization type, scope of business, region
C132 Web usage records IP address, browser & device info, referrer, dwell time, cookie ID
C134 Technical service records Equipment type, measurement data, report ID, on-site photos (with consent)

Apart from "web usage records" generated automatically when you visit, all data is provided by you voluntarily or in the course of business. We do not collect sensitive categories (health, criminal record, religion, etc.) unless you volunteer them.

03
Purposes & Legal Basis

Purposes & Legal Basis

We collect your personal data for the following specific purposes, in accordance with Article 19 §1 of the Taiwan PDPA:

  • 040 Marketing (excluding cross-marketing among financial-holding subsidiaries)
  • 069 Contractual, quasi-contractual, and other legal relationships
  • 090 Consumer / customer management and service
  • 091 Consumer protection
  • 148 Online shopping and other e-commerce services
  • 152 Advertising or commercial-conduct management
  • 157 Surveys, statistics, and research analysis
  • 181 Other lawful business activities permitted by our registration or articles

In practice: when you submit a contact form, we use your data to reply and follow up; when you commission a technical service, we use it to schedule work, deliver the report, and issue an invoice; when you subscribe to our newsletter, we use it to send articles and product news — and nothing else.

04
Use, Retention & Region

Use, Retention & Region

Method of use: stored and processed in digital files, paper records, cloud services, and an internal CRM. Access is granted to authorized staff only, with encryption and role-based controls.

Retention period:

  • Contact-form enquiries ⏤ 3 years from last interaction.
  • Customer and supplier records ⏤ 7 years after the business relationship ends, in line with the Business Accounting Act.
  • Technical service reports ⏤ 10 years from issue, as equipment-history reference.
  • Newsletter subscribers ⏤ until you unsubscribe, or auto-deleted after 2 years of non-engagement.
  • Web usage records and cookies ⏤ up to 13 months, depending on cookie type.

Region of use: our place of business (Taiwan, R.O.C.). Data resides in AWS regions in Taiwan, Tokyo, and Singapore. No further cross-border transfer occurs other than through the processors listed in Chapter 05.

Recipients: Wintech staff, the processors listed in Chapter 05, and any authority required by law or authorized by you.

05
Third-Party Sharing

Third-Party Sharing & Processors

We do not sell or rent your personal data. In the following limited cases, your data may be shared:

Recipient Purpose Scope
Cloud providers Web hosting, CRM, email, file storage AWS (Taiwan / Tokyo / Singapore), Google Workspace
Analytics Site traffic, performance monitoring Google Analytics 4 (IP anonymization enabled)
Payment & invoicing Bank reconciliation, e-invoice issuance Partner banks, MOF e-invoice integration platform
Logistics Sample / equipment shipping T-Cat, DHL, FedEx
Legal & audit Compliance with Company Act / Business Accounting Act Our signed accounting firm and legal counsel
Government Judicial, tax, or sectoral authority orders Police, MOF, MOEA, NCC, etc.

All processors are contractually bound to data-protection standards no lower than this policy, and to destroy your data when the engagement ends.

06
Cookies & Analytics

Cookies & Analytics

This site may set the three cookie categories below when you visit. You can refuse all or some via your browser settings, though certain features (form anti-double-submit, language memory) may stop working.

  • Strictly necessary ⏤ keep the site running: session, CSRF protection, language switch. Cannot be disabled.
  • Preferences ⏤ remember your browsing preferences (dismissed banners, type-size).
  • Analytics ⏤ enabled after consent, to understand site usage, page dwell time, and device distribution. We use Google Analytics 4 with IP anonymization on and ads personalization off.

This site does not use cross-site advertising cookies and is not connected to any ad network.

07
Data Security

Data Security Measures

In accordance with Article 18 of the PDPA and the security-maintenance plan announced by the competent authority, we apply the following measures:

  • Transport encryption: HTTPS site-wide (TLS 1.2+), form fields encrypted in-browser before submission.
  • Storage encryption: CRM and file storage at-rest with AES-256; encrypted off-site backups.
  • Least-privilege access: role-based controls with two-factor authentication (2FA).
  • Audit logging: key systems log access; logs retained 90 days and reviewed periodically by the security lead.
  • Staff training: every person handling personal data completes annual data-protection training and signs a confidentiality agreement.
  • Incident reporting: in case of a personal-data breach we notify the competent authority within 72 hours of becoming aware, and notify affected individuals as required.
08
Your Rights

Your Rights under the PDPA

Under Article 3 of the Taiwan PDPA, you may exercise the following rights regarding the personal data we hold:

  1. RT · 01
    Inquire or request access
    Request the items and content of personal data we hold about you.
  2. RT · 02
    Request a copy
    Request a copy of the data above (electronic or paper).
  3. RT · 03
    Request correction
    Request correction or completion when data is wrong or incomplete.
  4. RT · 04
    Request to stop processing
    Unless required by law, request that we stop a specific processing activity.
  5. RT · 05
    Request deletion
    Request deletion once the original purpose has lapsed or the retention period has ended.
  6. RT · 06
    Opt out of marketing
    Unsubscribe via any newsletter footer link, or by writing to us at any time.

To exercise these rights, contact the DPO listed in Chapter 11 in writing or by email. We respond within 30 days of receiving a complete request with verified identity. Complex or bulk requests may be extended by another 30 days with notice.

09
Children's Privacy

Children's Privacy

Our services are aimed at corporate customers in the power industry, not at minors. If we inadvertently collect personal data of anyone under 18, we will delete it immediately upon becoming aware and stop any further use. If you are a minor, please do not submit personal data through this site.

10
Updates to this Policy

Updates to this Policy

We may revise this policy when laws change, our operations evolve, or practice requires. Revisions will be communicated as follows:

  • The "Last Updated" date and revision number at the top of this page are refreshed.
  • For material changes (e.g. expanded purpose, broader third-party sharing) we notify customers on file by email and post a homepage notice at least 30 days before the change takes effect.
  • Continuing to use the site or services after the change indicates acceptance of the revised version.

Revision history

  1. 2026 · 03 · 14 v 2.4 Added retention rules for the 24/7 monitoring platform; clarified GA4 IP anonymization.
  2. 2025 · 06 · 02 v 2.3 Updated processor list; clarified retention periods.
  3. 2024 · 09 · 18 v 2.2 Re-listed purpose codes per amended PDPA Enforcement Rules.
  4. 2023 · 11 · 30 v 2.1 Added DPO contact and breach-notification process.
  5. 2022 · 04 · 01 v 2.0 Full rewrite to align with the new corporate site.
11
Data Protection Contact

Data Protection Contact

For questions about this policy, to exercise your data rights, or to report a suspected data breach, please contact our Data Protection Officer:

DPO ⏤ DATA PROTECTION OFFICER
Wintech Electric Co., Ltd.
成浩科電股份有限公司

The DPO role is held jointly by our Legal & Information-Security leads. On receiving your request we verify your identity and route the matter through the relevant business unit. Please write "Personal data rights" in the subject line and briefly describe your request.

EMAIL
service@wintech-pd.com.tw
PHONE
+886-2-8911-0833
ADDR
5F, No. 188, Sec. 2, Zhongxing Rd.,
Xindian Dist., New Taipei City 231, Taiwan
HOURS
Mon – Fri 09:00 ⏤ 18:00 (GMT+8)

If you believe we have violated the PDPA, you may also file a complaint with the Personal Data Protection competent authority of Taiwan (National Development Council / the relevant sectoral authority).