Privacy Policy

Small and Medium Enterprise and Startup Administration, Ministry of Economic Affairs (hereinafter “SMESA” or “we”)

regarding visits to and use of the websites of IP² Launchpad or Taiwan Innovation Finder.

SMESA takes great care to ensure that any personal data you entrust to us are handled in a confidential manner. Your data are processed and used in accordance with the provisions laid down in data protection legislation, specifically the General Data Protection Regulation (GDPR) as detailed below:

1. What are personal data?

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data specifically include:

Contractual data: The personal data of a user that are necessary to create, formulate, modify, or terminate a contractual relationship between SMESA and the user concerning the use of telecommunications media or concerning the delivery of and payment for goods.

Utilization data: Personal data collected and used by SMESA, provided this is necessary to enable the use of telecommunications media and to issue invoices for this use.

2. Which personal data do we collect from you and process?

SMESA gathers the personal data that you communicate to us as part of your inquiry and/or order.

In the Inquiry Form, we will collect the following personal data that are mandatory for your inquiry:

- Name (comprising first and last names)

- Address (comprising street, house number, zip code, town and country)

- Telephone number

- Email address

The legal basis for the processing of these personal data is Article 6(1)(b) GDPR, as the processing is necessary for the performance of a contract between SMESA and the data subject or in order to take steps at the request of the data subject prior to entering into a contract. When you place an order in the online shop of any SMESA website, we will collect the following personal data that are mandatory for the registration, processing, delivery and payment of your order:

- Name (comprising title, first name and last name)

- Address (comprising street, house number, zip code, town and country)

- Telephone number

- Email address

- Date of birth and password

In order to process electronic payments of orders, we additionally collect the following necessary personal data:

- For payments by credit card:

o Credit card number

o Card holder

o Card expiration date (month and year)

o Card verification code (CVC)

- For payments by online bank transfer:

o Account holder

o Bank name

o Account number or IBAN

o Sort code or BIC

When any SMESA website is visited, we will collect the IP address of the computer used to access our website. Your IP address will be abbreviated using Google Analytics by removing the final octet (see item 6 below). Session cookies are used throughout the ordering process in our online shop (see item 5 below). Your full IP address and any session cookies will be erased by SMESA when you leave the website.

3. How do we process and use your personal data?

We process and use your contractual data

- to handle inquiries and to contact you, provided either you have requested this or it is necessary within the scope of a contractual relationship; The legal basis for the processing of these personal data is Article 6(1)(b) GDPR, as the processing is necessary for the performance of a contract between SMESA and the data subject or in order to take steps at the request of the data subject prior to entering into a contract.

- to create, formulate, modify or terminate a contract with you concerning goods ordered by you from SMESA, and in order to fulfill our obligations under such contracts, in particular to process your order, deliver goods, and carry out payment procedures; The legal basis for the processing of these personal data is Article 6(1)(b) GDPR, as the processing is necessary for the performance of a contract between SMESA and the data subject or in order to take steps at the request of the data subject prior to entering into a contract.

- to advertise third-party products and services via mail, if you have given your consent for this; The legal basis for the processing of these personal data is your consent, pursuant to Article 6(1)(a) GDPR.

- to advertise similar goods supplied by SMESA via mail or email, provided that SMESA has obtained your postal or email address from you in connection with the sale of goods, and provided that you do not object to the use of your personal data for the purpose of direct marketing. The legal basis for this use is Article 6(1)(f) GDPR, as the processing is necessary for the purposes of the legitimate interests pursued by SMESA. The legitimate interests pursued by SMESA in this case consist in the advertising of products to customers. You may object to this use at any time in accordance with the information given below regarding the right to object pursuant to Article 21 GDPR without incurring any costs other than those of communicating this information at the basic rate.

For processing electronic payments, your personal contractual data as well as your payment Payments of orders made by credit card are processed on behalf of SMESA by ECPay (Green World FinTech Service Co., Ltd).

We process and use your utilization data as follows:

- Collection and processing of personal data during visits to SMESA websites:

For the purpose of visits to SMESA websites, we collect and process solely the information and personal data which are automatically transferred to us by your internet browser, such as:

- Date and time of access to the website

- Your browser type, version and settings

- Name and version of your operating system

- The website from which you are visiting our website

- Your IP address

This information and these personal data are required for the purpose of correctly providing and optimizing the content of the websites, of optimizing advertising for the websites, of guaranteeing network and information security and of protecting the websites from attacks, malfunctions and damage.

The personal data and information collected in accordance with this will be statistically evaluated by SMESA for the purpose of increasing data protection and data security in order to guarantee a level of protection for the personal data processed by us which is commensurate with the level of risk. The personal data collected when SMESA websites are accessed, in particular the user’s IP address, will be erased seven days after collection at the latest, unless an attack or threat by the user has been detected. Insofar as we collect and process personal data belonging to the user, such as in particular the user’s IP address, when SMESA websites are accessed, the legal basis for this is Article 6(1)(f) GDPR, as this processing is necessary for the purposes of the legitimate interests pursued by SMESA. The legitimate interests pursued by SMESA in this case consist in increasing data protection and data security in order to guarantee a level of protection for the personal data processed by SMESA which is commensurate with the level of risk, to guarantee network and information security and to optimize the websites and protect them from attacks, malfunctions and damage.

- We will process and use your IP address in connection with Google Analytics (see item 6 below).

Email newsletter

We offer you the option of receiving an email newsletter from SMESA. We require your name and email address for this purpose. We collect and process these personal data for the purpose of sending the email newsletter, provided that you have given your consent for this. Your consent is recorded and you can access the content of the consent as well as this information at any time. You can withdraw your consent at any time with effect for the future, as described in the declaration of consent below.

The content of the declaration of consent is as follows:

“Yes, I consent to SMESA regularly sending me an email newsletter and, to this end, storing and using the data which I have provided. I can withdraw this consent at any time with effect for the future. Withdrawal of consent can be sent to SMESA , or emailed to louiselu@i2i.com.tw. It is also possible to unsubscribe from the email newsletter by clicking on the link provided at the end of the email.”

The legal basis for the processing of these personal data is your consent, pursuant to Article 6(1)(a) GDPR.

Transfer of data to credit reporting agencies

SMESA obtains information about you from credit reporting agencies and assesses this. In the event that a payment is not settled as specified in the contract, SMEA shall transfer personal data about you concerning any debts to these credit reporting agencies.

The legal basis for this is Article 6(1)(f) GDPR, as this processing is necessary for the purposes of the legitimate interests pursued by SMESA. The legitimate interests pursued by SMESA in this case consist in checking the creditworthiness of customers in order to avoid bad debt losses.

Recipients

SMEA shall not transfer your personal data to third parties unless this is expressly stated in this privacy notice or unless SMEA is legally obliged to do so. SMESA does, however, retain the right to commission third parties to act as processors as defined by Article 28 GDPR within the scope of the processing and use of your personal data by SMESA. In accordance herewith, SMESA nevertheless remains the data controller for any such data processing.

Transfer to third countries

We will not transfer your personal data to a third country beyond the scope of the cases described in item 6.

4. How do we protect your personal data?

All SMESA staff members are bound to uphold data confidentiality.

Your personal data are encrypted during transfer using HTTPS.

SMESA concludes agreements, in accordance with the provisions of Article 28 GDPR, with the processors acting on its behalf.

5. How do we use cookies?

Cookies are used when accessing SMESAA websites and can help to personalize a website for your visit. A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can remember who you are and certain other information about you. A cookie typically contains the name of the domain that the cookie originates from, the “lifespan” of the cookie, and a value, usually a randomly generated unique number. SMESA websites only employ cookies for the use of Google Analytics (see item 6 below) and session cookies. Session cookies are temporary cookies that remain in the cookie file of your browser until you leave the SMESA website and are primarily needed to process orders via SMESA’s online shop. This information is not stored once you have left the SMESA website. The legal basis for the processing of personal data via session cookies is Article 6(1)(b) GDPR, as the processing is necessary for the performance of a contract between SMESA and the data subject or in order to take steps at the request of the data subject prior to entering into a contract, that is, in order to enable SMEA to make the use of the website and the ordering process via the online shop available to you.

If you do not wish to accept cookies from SMESA, you can disable them by changing your browser settings accordingly. The settings within your web browser that permit you to do this vary from browser to browser but can usually be found in the “data protection” or “cookies” section of your browser’s “properties” menu. Should you require assistance with disabling cookies, use the “help” menu within your browser. Information on the management and erasure of cookies and instructions on how to configure this for commonly used browsers can be found online. Please be aware, however, that you may not be able to use all the features of SMESA websites, or to place orders via the online shop, if cookies are disabled.

6. How do we use Google Analytics?

SMESA websites use Google Analytics, a webpage analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer and make it possible to analyze how you use the websites. The information generated by cookies concerning your use of these websites is usually transferred to and stored on a Google server in the USA. IP anonymization is activated on SMESA websites, meaning that your IP address will be shortened by Google before this happens, provided you are in a European Union member state or another state that has entered into the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and shortened there in exceptional cases. On behalf of SMESA, Google will use the information it gathers to evaluate your use of the SMESA websites, compile reports on website activities and provide other services for SMESA relating to website activity and internet usage. The IP address transferred by your browser as part of the Google Analytics process will not be merged with other Google data. You can prevent cookies being stored by selecting the appropriate settings on your browser. However, please note that if you do so, you may not be able to use all the functions of these websites. Furthermore, to prevent Google from capturing and processing the data generated by the cookie relating to your use of the websites (including your IP address), you can download and install the browser plug-in available at the following link:https://tools.google.com/dlpage/gaoptout?hl=en.

Google is certified under the EU-U.S. Privacy Shield framework (see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI) and has thus fulfilled the statutory requirements for an adequate level of data protection for the provision of the service Google Analytics by way of third-party processing. Further information, as well as Google’s current data protection provisions, can be found at https://policies.google.com/privacy?hl=en&gl=en and at https://support.google.com/analytics/answer/6004245?hl=en&ref_topic=2919631.

The legal basis for the use of Google Analytics is Article 6(1)(f) GDPR, as the use of Google Analytics is necessary for the purposes of the legitimate interests pursued by SMESA. The legitimate interests pursued by SMESA in this case consist in the analysis of the use of the website in order to improve the online presence of SMESA, the user-friendliness of the website and the products and services offered by SMESA and to make these more attractive for the user.

7. Name and contact details of the data controller

The controller is

I2i is sponsored and supervised by SMESA , Project office is locating at Room 508-B,BLK A6 5F., #502 Section 2 Ren-Ai Rd., Linkou Dist. New Taipei City Taiwan (Startup Terrace)

Email: louiselu@i2i.com.tw

Please send all comments, questions, objections, and withdrawals of consent to this postal address or email address.

8. Our data protection officer

The data protection officer of i2i is

Ms Louise Lu, i2i , email: louiselu@i2i.com.tw

9. Updates to this privacy notice

It will occasionally be necessary to adapt the content of this privacy notice. SMESA therefore reserves the right to modify it at any time. The modified version of this privacy notice will likewise be published here, and the data subjects will be informed in advance of the modified privacy notice in the event that SMESA intends to continue processing the personal data for a different purpose. We therefore recommend re-reading the privacy notice when you revisit the websites of SMESA.

10. Duration of storage of personal data

We store your personal data only for the period required in order to fulfill the purposes for which they were collected or processed, unless statutory retention periods require us to store the data for longer.

11. Your rights as a data subject

You have the following rights:

- Right of access to the personal data concerned (Article 15 GDPR)

- Right to rectification (Article 16 GDPR)

- Right to erasure (Article 17 GDPR)

- Right to restriction of processing (Article 18 GDPR)

- Right to object to processing, in the case of data processing on the basis of Article 6(1)(e) or (f) GDPR (Article 21 GDPR); in this regard, see also the information below regarding the right to object pursuant to Article 21 GDPR

- Right to data portability (Article 20 GDPR)

- Right to withdraw consent at any time; this shall not affect the lawfulness of processing based on consent before its withdrawal, provided that the data processing took place on the basis of consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR

- Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

12. Your obligation to provide personal data and possible consequences of a failure to provide such data

The provision of personal data is necessary in order to use the websites of SMESA. In the event that you do not provide the relevant data, you will be unable to use the websites of SMESA or will only be able to use a limited range of functions; in particular, you will be unable to use the following website functions:

- Ordering products from SMESA

- Newsletter subscription

13. No automated decision-making / no profiling

We do not use any automated decision-making or any profiling.

Information regarding the right to object pursuant to Article 21 GDPR

1. Right to object on the grounds of the data subject’s particular situation

You have the right to object at any time, for reasons relating to your particular situation, to the processing of personal data relating to you on the basis of Article 6(1)(e) (public security) or Article 6(1)(f) (data processing on the basis of balancing interests) GDPR; this also applies to profiling which is based on these provisions. SMESA will no longer process the personal data, unless SMESA can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of the establishment, exercise or defense of legal claims.

2. Right to object with regard to direct marketing

In the event that we process your personal data for the purposes of direct marketing, you have the right to object at any time to the processing of personal data relating to you for the purposes of such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you make an objection to data processing for the purposes of direct marketing, the personal data will no longer be processed for these purposes.

3. Exercising the right to object

You do not need to fill out a specific form in order to exercise your right to object; you can, for example, email us at louiselu@i2icom.tw