一心當舖(以下簡稱本網站)為保障您及本網站的資料安全,特別依照「個人資料保護法」之精神,擬定以下 資訊安全政策宣告 以說明本網站在資訊安全方面的作法。
一、 政策適用範圍
- 以下的網站安全政策,適用於您在本網站瀏覽時,所涉及的個人資料蒐集、運用與保護,但不適用於在本網站置設之其他網站之連結,當您點選連結至其他網站時,適用各該網站的網站安全政策。
二、 網站資訊存取控制
- 訂定系統存取政策及授權規定,並以書面、電子或其他方式告知員工及使用者之相關權限及責任。
- 離(休)職人員,應立即取消各項資訊資源之所有權限,並列入離(休)職之必要手續。人員職務調整及調動,應依系統存取授權規定,限期調整其權限。
- 建立系統使用者註冊管理制度,加強使用者通行密碼管理。
- 建立資訊安全稽核制度,定期或不定期進行資訊安全稽核作業。
三、 網站安全措施與規範
任何未經授權而企圖上載或更改本網站所提供的各項服務及相關資訊的行為,都是嚴厲禁止而且可能觸犯法律。為了網站安全的目的和確保這項服務能夠繼續服務所有的網路使用者,本網站提供了以下的安全保護措施:
- 與外界網路連接之網點,設立防火牆控管外界與內部網路之資料傳輸及資源存取。
- 建立系統備援設施,定期執行必要的網站資料及資料庫備份或備援作業,以備發生災害或儲存媒體失效時,可迅速回復正常作業。
- 機密性及敏感性的資料或文件,不存放在對外開放的資訊系統中。
- 自動接收所有來自相關作業系統廠商或應用程式廠商所寄發的安全維護電子信通知,並依照電子信的建議,適當安裝修補程式(Patch)。
- 網際網路資料的傳輸不能保證百分之百的安全,本網站將努力保護本網站及您個人資料的安全,部分情況下會使用通行標準 的 SSL 保全系統,保障資料傳送的安全性。但由於資料傳輸過程牽涉您上網環境保全之良,我們並無法確保您傳送或接收本網站資料的安全,您須注意並承擔網路資料傳輸之風險。請您諒解此部份所造成的後果均非本網站所能控制範圍。
四、 資料備份作業原則
- 重要資料的備份,以維持至少三代為原則。
- 備份資料有適當的實體及環境保護,其安全標準應儘可能與主要作業場所的安全標準相同;主要作業場所對電腦媒體的安控措施,應儘可能適用到備援作業場所。
- 資料以本機備份、雙主機備份、異地備份,形成鐵三角備份架構,因應不可預期之環境風險等情況。
五、 網站資料回復作業原則
- 網站資料回復作業時,先檢查資料之一致性與完整性。
- 網站資料回復,除突發重大事件,主機機房或網路運作無法回復等因素外,網站資料能於工作日 24 小時內回復正常,並盡快使程式及資料庫正常啟用運作。
- 網站資料回復作業完成後,相關單位人員應持續觀察三日,以確保系統運作正常,新增之資料正確無誤。
六、本網站資安政策的修改由於科技發展的迅速,相關法規訂定未臻完備前,以及未來可能難以預見的環境變遷等因素,本網站將會視需要修改網站上所提供的資安政策的說明,以落實保障網路安全的立意。
七、當本網站完成資安政策的修改時,我們會立即將其刊登於本網站上,並以醒目標示提醒您前往點選閱讀。
八、如果您對以上條款有任何疑問或意見,歡迎透過本網站所示之聯絡我們。
To ensure your website’s Information Security Policy looks professional and instills confidence in your international clients, I have translated the text into a formal, industry-standard English format.
Information Security Policy
Yi-Xin Pawnshop (hereinafter referred to as “the Website”) is committed to safeguarding your data and the security of our platform. In accordance with the spirit of the “Personal Data Protection Act,” we have established the following Information Security Policy to outline our practices regarding data protection and system security.
1. Scope of Policy
This policy applies to the collection, use, and protection of personal data involved when you browse this Website. Please note that this policy does not apply to external websites linked via our platform. Once you click a link to another website, the security policy of that specific site shall prevail.
2. Access Control
- Access Rights: We have established system access policies and authorization regulations. Employees and users are notified of their respective permissions and responsibilities via written, electronic, or other formal means.
- Personnel Changes: Upon the resignation or leave of absence of personnel, all access rights to information resources are revoked immediately as part of the mandatory exit procedure. For internal job rotations or adjustments, permissions are updated within a specified timeframe.
- User Management: A formal registration management system for system users has been established to strengthen password security management.
- Security Audits: An information security audit system is in place, with security audits conducted both regularly and on an ad-hoc basis.
3. Security Measures and Regulations
Any unauthorized attempt to upload or modify services and information provided by this Website is strictly prohibited and may violate applicable laws. To ensure the continued availability of our services, we have implemented the following protective measures:
- Firewall Protection: Firewalls are installed at network connection points to control data transmission and resource access between external and internal networks.
- System Redundancy: We have established backup facilities and perform regular backups of website data and databases to ensure rapid recovery in the event of a disaster or media failure.
- Confidentiality: Confidential or sensitive data and documents are not stored in information systems that are open to the public.
- Patch Management: We automatically receive security maintenance notifications from OS and application vendors and install necessary patches promptly as recommended.
- Transmission Security: While no data transmission over the internet can be guaranteed 100% secure, we utilize industry-standard SSL (Secure Sockets Layer) encryption to protect your data. However, as the security of your local internet environment is beyond our control, users must acknowledge and assume the inherent risks of online data transmission.
4. Data Backup Principles
- Retention: Critical data backups follow the “three-generation” principle (keeping at least three versions of historical data).
- Physical Protection: Backup data is provided with appropriate physical and environmental protection, adhering to security standards equivalent to the primary operating site.
- Triangular Architecture: We employ a “Triangular Backup Architecture” consisting of Local Backup, Dual-Host Backup, and Remote (Off-site) Backup to mitigate unpredictable environmental risks.
5. Data Recovery Principles
- Integrity Check: Before performing data recovery, the consistency and integrity of the data are verified.
- Recovery Timeline: Barring major catastrophic events or total network failure, we aim to restore website data to normal operation within 24 hours on business days.
- Monitoring: Following a successful recovery, relevant personnel will monitor the system for three consecutive days to ensure stable operation and data accuracy.
6. Policy Amendments
Due to rapid technological advancements, evolving regulations, and unpredictable environmental changes, we will revise this Information Security Policy as necessary to ensure continued network safety and data protection.
7. Notification of Changes
When this policy is modified, the updated version will be posted immediately on our website with a prominent notice to encourage users to review the changes.
8. Contact Us
If you have any questions or comments regarding the terms above, please feel free to contact us via the contact information provided on this Website.
