Website Security Policy

1. Collection and Use of Personal Information Following the Personal Data Protection Act and relevant laws, personal information collected on this website is used for specific purposes related to the services provided. This information will not be disclosed to third parties without consent. When using this website, the following information is automatically collected: date and time, pages accessed, referring URL, browser type, and actions taken on the website (e.g., downloads). This information may be used to improve the website‘s performance. Actions that place a significant load on the website will be monitored. 2. Information Security Responsibilities and Training Personnel handling sensitive and confidential data are subject to evaluation and assessment systems. Access to all system resources will be immediately revoked for individuals who resign, retire, or are terminated. Security levels are established based on roles and functions to ensure compliance with information security regulations. 3. Information Security Operations and Protection Operational procedures for information security incidents are established as guidelines for handling such incidents. Rules for managing changes to information facilities and systems are in place to prevent security vulnerabilities. In compliance with the Personal Data Protection Act, personal information is handled and protected with care. Backup and recovery procedures are established to ensure normal operations. 4. Network Security Management A firewall is in place to control data transmission and resource access between external and internal networks, and identity verification procedures are conducted. 5. System Access Control Management Password issuance and change procedures are established based on system operations and security management needs, with records maintained. System access rights are set according to the tasks required by personnel at each level, and all actions taken within the system are recorded for audit purposes.