BCC Ventures Co., Ltd.

BCC Ventures Co., Ltd. (“BCC Ventures”) respects the privacy of customers, vendors, shareholders, BCC Ventures’s employees, and persons relevant to BCC Ventures. The Board of Directors of BCC Ventures has thus resolved to issue the BCC Ventures Privacy Policy so that BCC Ventures can have clear and proper guidelines, mechanisms, governance measures, and management for personal data.

1. Scope of Application

This Privacy Policy is applied to BCC Ventures’s employees and any person relating to personal data processing as instructed by or on behalf of BCC Ventures.

2. Definitions

2.1 Personal Data means information that relates to an individual and thus makes it possible to identify the individual, either directly or indirectly, such as name, surname, e-mail, phone number, IP Address, image, nationality, religion, political opinions, genetic data, and biometric data.

2.2 Data Subject means any natural person who can be directly or indirectly identified by personal data.

2.3 Processing means any operation performed on personal data such as collecting, recording, organizing, structuring, storing, editing, retrieving, disclosing, forwarding, disseminating, transferring, combining, erasing, and destroying.

2.4 Data Controller means a natural person or a juristic person that is authorized to make decisions concerning personal data processing.

2.5 Data Processor means a natural person or a juristic person which carries out operations concerning personal data processing as instructed by or on behalf of the Data Controller.

2.6 Company means BCC Ventures Co., Ltd.

3. Privacy Policy : Personal Data Protection Governance and Compliance Management

3.1 Appointing Data Protection Officer (DPO) with roles and duties as specified:

1. Regularly report data protection status to the Privacy Committee and provide feedbacks so as to keep BCC Ventures’s personal data protection up-to-date and compliant with the law.
2. Give advice to BCC Ventures’s employees regarding compliance with laws and BCC Ventures Privacy Policy.
3. Supervise the operations of divisions in BCC Ventures to comply with laws and BCC Ventures Privacy Policy.

3.2 BCC Ventures shall issue policies, standards, procedures and other documents relating to personal data protection in alignment with the law and Privacy Policy.

3.3 BCC Ventures shall regularly carry out training for BCC Ventures’s employees so that the employees will recognize the importance of the Privacy Policy, and to ensure that all of BCC Ventures’s relevant employees are well-trained, understand personal data protection, and adhere to BCC Ventures Privacy Policy.

3.4 BCC Ventures shall issue Policy Management Process to oversee that BCC Ventures Privacy Policy is being constantly adhered to.

4. Privacy Policy : Personal Data Processing

4.1 BCC Ventures, as a data controller and data processor, shall conduct personal data processing in a fair and transparent manner in compliance with laws while taking into account the accuracy of such personal data. The determination of scopes and objectives of personal data processing as well as the period of time personal data shall be stored, shall be carried out as necessary under lawful objectives and BCC Ventures’s business practices.

4.2 BCC Ventures shall sufficiently maintain confidentiality, integrity, and security of personal data.

4.3 BCC Ventures shall issue a process and oversee to manage personal data at every step to comply with laws and BCC Ventures Privacy Policy.

4.4 BCC Ventures shall issue and retain Records of Processing (RoP) for recording transactions and any activity relating to personal data processing in compliance with laws. In addition, Records of Processing shall be revised should there be any change of transactions or relevant activities.

4.5 BCC Ventures shall issue clear processes to ensure that notice of objectives, and accumulation and details of personal data processing (Privacy Notices), as well as seeking consent from the data subjects are in compliance with laws. Governance measures for and validation of the said issues shall also be implemented.

4.6 BCC Ventures shall establish mechanisms for personal data validation and personal data correction.

4.7 In the case where BCC Ventures send, transfer, or allow any other person to use personal data, BCC Ventures shall have an agreement with data receivers or users to define rights and duties in compliance with laws and BCC Ventures Privacy Policy.

4.8 In the case BCC Ventures send or transfer personal data abroad, BCC Ventures shall proceed in accordance with laws.

4.9 BCC Ventures shall assess risks and set measures to prevent risks and reduce effects which may occur with personal data processing.

5. Privacy Policy : Data Subject’s Rights

BCC Ventures shall provide measures, channels, and means so that the data subjects are able to exercise their rights as stipulated by laws and shall record and assess the response to data subject’s rights of access.

6. Privacy Policy : Personal Data Security

6.1 BCC Ventures shall sufficiently set forth personal data security measures, and prevent the personal data leaks and the use of personal data without permission.

6.2 BCC Ventures shall provide notification process for data subjects, government officers, data controllers (in case BCC Ventures is the data processor or joint data controller), and other persons in compliance with laws.

7. Punishment for Non-Compliance with BCC Ventures’s Privacy Policy

Non-compliance with BCC Ventures Privacy Policy might be guilty of misconduct and lead to disciplinary actions, including punishments as specified by laws.

This policy shall be effective from January 1, 2025.