個人資料暨隱私權保護政策

In order to protect the personal data safety and privacy of the users who access the “Cupola360” website (at "cupola360.com", hereinafter referred to as the “Website”) set up and managed by Cupola360 Inc. (hereinafter referred to as the “Company”), register or login Cupola360 Account and access APP (as defined in the Website service terms and conditions, namely Cupola360 Service Terms and Conditions), the Company drafts the “Personal Data and Privacy Protection Policy” (hereinafter referred to as the “Policy”) in accordance with the Personal Data Protection Act, etc. (hereinafter referred to as the “Personal Data Protection Act”), which may help the users understand how the Company collects, processes, utilizes and protects personal data. Please read the following contents carefully.

In order to ensure the user’s personal privacy and personal data safety, the Company makes the following disclosure statement before collection of the personal data in accordance with the Personal Data Protection Act.

1. Scope of Applicability

The Policy is applicable to the collection, processing, utilization, cross-border transfer and protection of personal data involving when the users are accessing the Service provided by the Company (as defined in Cupola360 Service Terms and Conditions), but not applicable to any website or webpage operated by a third party linked via the Website or APP. The Website or APP page might provide links to a website or page operated by a third party. Where the users log into the link, they will leave the Website or APP, and the personal provided by the users to the third party website or the third party website’s collection, processing, utilization and cross-border transfer of the user’s personal data will be beyond the scope covered by the Policy.

Specifically, the Website or APP provides no protection of the users’ personal data on the third party website accessible via the link. The users are suggested to review the privacy policy on the third party website before providing their personal data.

2. Purpose and Method of Collection

(1) The Company collects the data in order to perform the Website membership management and service, provide and improve the Service, market the Company’s products and services, conduct internal statistic survey and research & analysis, and satisfy the needs for other business operations in accordance with the Company’s registered business lines or articles of incorporation (see the "specific purpose and the classification of personal information of the Personal Information Protection Act" of Ministry of Justice: 040 Marketing, 052 Member Management, 157 Investigation, Statistics and Research Analysis, and 181 Other business operation in accordance with the registered business lines or articles of incorporation).

(2) The Company will collect the data, including the application for a membership login name, completion of the member personal data online, and completion of various service forms via the Website. The users may choose to provide their personal data at their sole discretion. Notwithstanding, where certain services and features are available only based on the data provided by members, but the users fail to provide complete and correct personal data. It might be impossible for the users to access such features.

(3) Within the scope of routine business, the Company will not voluntarily collect or process special personal data, namely those related to medical records, healthcare, gene, sex life, physical examination and criminal record. Notwithstanding, if the user’s profile or special personal data are required by laws or a court or government order, search warrant or subpoena or the police investigation, or in order to protect the interests and rights of Cupola360 Inc. and its affiliates, or upon express approval from the users, Cupola360 Inc. will provide the related data pursuant to laws.

3. Categories of Collected Personal Data

The Company uses the best effort to take various reasonable measures to ensure the reasonable connection between the scope of the user’s personal data processed by the Company and purposes referred to herein. Meanwhile, the data will be processed only in reasonable manners.

The personal data collected by the Company on the Website include:

(1) C001 Type for identifying individuals: e.g. name and email, online platform accounts, log-in password, IP addresses, Cookies, etc.

(2) C132 Data unclassified: e.g. files and reports, etc.

(3) The Company will use cookies to manage the Website and APPs, and record members’ activities.

(4) The Company’s Website and APP management system will record the trajectory data, such as the users’ login and logout time, and keep the related trajectory data in accordance with the Personal Data Protection Act.

4. Time Period, Territory and Recipients for Utilization of Personal Data

(1) Time Period for Utilization
The Company will keep the users’ personal data when providing the Service. Unless otherwise provided by laws, the Company will keep the data until the users terminate the Service or apply for suspending the use of personal data.

(2) Recipients for Utilization
Unless otherwise provided by laws, the Company will use the data for said purposes and within the scope associated with the purposes only. The Company will not transfer the personal data provided by the users to any third party or for any other purposes. Notwithstanding, the Company will provide necessary data to its suppliers to help provide the Service successfully.

(3) Territories for Utilization
The territories where the Company and its suppliers are situated, and those required for achievement of said purposes.

5. Rights Exercised for Personal Data, and Method of Exercise

(1) Users’ rights
The user who delivers his/her personal data to the Company may exercise the following rights in accordance with the Personal Data Protection Act: 1. the right to make an inquiry of and to review his/her personal data; 2. the right to request a copy of his/her personal data; 3. the right to supplement or correct his/her personal data; 4. the right to demand the cessation of the collection, processing or use of his/her personal data; and 5. the right to erase his/her personal data.

(2) Limitation on Exercise of Rights
Where the users fail to satisfy the Company’s application procedures or related laws and regulations, the exercise of rights referred to in the preceding paragraph will be limited

(3) Collection of Charges
Where the users exercise the rights referred to in the subparagraphs 1~3 of Paragraph 1 herein, the Company will collect necessary costs and expenses.

(4) Method for Exercise of Rights
The users may send mails to the customer service mailbox of the Website or APP, or send emails to the Company, in order to apply for the exercise of the rights herein. In order to exercise said rights, please complete the application documents. The Company may also ask the users to submit the related documents sufficient to identify themselves. Where the user appoints an agent to file the application on behalf of him/her, he/she shall also issue a power of attorney and provide the ID cards of him/her and his/her agent.

6. Disclosure of Effect Posed to Interest and Right

(1) The users shall complete the sections related to personal data truly. Where it is impossible for them to provide complete and correct personal data, the communication, provision of the Service, identity verification or processing between the Company and users will be affected accordingly. The users shall keep their personal data updated from time to time lest their interests and rights should be affected.

(2) The Company uses the best effort to take reasonable actions to ensure that: the users’ personal data processed by the Company are correct and timely, and the Company will immediately correct or delete any errors in the users’ personal data processed for processing. The Company may check with you to make sure the accuracy of your personal data from time to time.

(3) Where the users fail to provide complete and correct personal data and thereby cause damages to the Company or a third party, they shall bear the damages or compensation.

7. Maintenance of Personal Data Safety

(1) The Company will maintain the personal data safety pursuant to related laws and regulations, and take appropriate safety measures to prevent members’ personal data from being stolen, tampered, damaged, lost or disclosed, or prevent any other impairment on the members’ interests and rights, with reasonable technologies.

(2) In consideration of the Internet being open to the public, the safety of data transmission via the Internet cannot be guaranteed completely. Even though the Company has taken reasonable actions to protect the users’ personal data, it is still impossible for the Company to guarantee that your transmission of data via the Internet is completely safe. The users shall bear the potential risk over the transmission. Please do confirm that the transmission of data to us is free from any safety issues.

8. Amendments to the Privacy Policy

The Company may amend the Policy from time to time, post the amended Policy on the Website and APP, and notify the same to the whole members of the Service via email. The users’ continued access to the Service after the Policy is amended or changed shall constitute the users’ confirmation that they have read, acknowledged and accepted the amended or changed Policy. Where the users disagree with the Policy, please stop accessing the Service immediately.

9. Advice on Personal Data and Privacy Protection

Should the users have any questions about the Company’s Personal Data and Privacy Protection Policy or collection, processing, utilization and update of the personal data, please contact the customer service mailbox, community@cupola360.com, of the Website or APP.

10. A Third Party Platform’s Personal Data and Privacy Protection Policy

The users may share content to a third party platform supported by the Service via the Website and APP services (hereinafter referred to as the “Service”). The Service will keep the necessary login information acquired via the third party’s API service with the users’ authorization to help the users log into and share contents on the third party platform.

The user’s access to the Service shall constitute their acknowledgment of the access to the Service, including but not limited to the following third party platform services:

YouTube API Service

Facebook API Service

PayPal Payment Service

ECPay Payment Service

At the same time, when the users use the third party platform services, the users also acknowledge and agree to comply with the third party platform service terms and conditions.

For the regulations, please refer to the links:

For Google, please refer to https://policies.google.com/privacy?hl=zh-TW

For Facebook, please refer to https://www.facebook.com/privacy/explanation

For PayPal, please refer to https://www.paypal.com/webapps/mpp/ua/privacy-full

For ECPay, please refer to https://www.ecpay.com.tw/CreditCard/Privacy

11. Revocation of License to Personal Data on Third Party Platform

For the regulations, please refer to the links:

For Google, please refer to https://policies.google.com/privacy?hl=zh-TW#infodelete

For Facebook, please refer to https://www.facebook.com/settings?tab=applications

For PayPal, please refer to https://www.paypal.com/webapps/mpp/ua/privacy-full

For ECPay, please refer to https://www.facebook.com/settings?tab=applications