Corporate Governance

Taroko

Information and Communication Security Management

Home / Governance / Information Security and Intellectual Property / Information and Communication Security Management

Information and Communication Security Management Framework

The Information Department is the designated unit responsible for information security at our company. It includes one IT supervisor and several professional IT engineers. Their duties include formulating information security policies, planning and implementing information security measures, and executing related operations.

The cybersecurity team regularly reports its progress to the General Manager and Chairman, and annually presents cybersecurity governance matters to the Board of Directors. Internal control mechanisms for information operations are audited to ensure confidentiality, integrity, and availability of information. A proactive monitoring and defense framework is being developed to reduce the risk of internal data breaches or damage. The company also conducts annual IT audits in collaboration with external auditors; any deficiencies identified are immediately addressed and improvement actions are tracked.

Information and Communication Security Policies and Management Plans

To enhance ICT security and protect the confidentiality, integrity, and availability of information from internal and external threats, the company has established six major areas of security infrastructure and management:

(1) Computer Equipment Security Management

  1. All servers and equipment are located in a dedicated server room with access control via card swipes and detailed entry/exit logs. Third-party technicians must be accompanied by IT personnel and logged upon entry.
  2. The server room is equipped with independent air conditioning and fire extinguishers suitable for electrical and general fires.
  3. UPS (uninterruptible power supply) systems and voltage regulators are installed and connected to the building’s generator to prevent downtime from unexpected power outages.
  4. A log server has been implemented to retain critical system logs for over six months, complying with TWSE/TPEx cybersecurity guidance.

(2) Network Security Management

  1. Corporate-grade firewalls are deployed at network entry points to block unauthorized access.
  2. Site-to-site encrypted connections are used between Taichung, Hsinchu server rooms and Taipei offices to protect data transmissions.
  3. Penetration testing and vulnerability scanning are conducted in April and October annually for core systems, and high-risk vulnerabilities are patched promptly.

(3) Anti-Virus Protection and Management

  1. All servers and employee terminals are installed with antivirus software that automatically updates virus definitions and detects potentially malicious executable files.
  2. Infected devices are isolated or cleaned immediately, and risk reports are generated to facilitate incident response.
  3. In 2025, the company plans to introduce endpoint protection and behavioral detection systems to block malicious behavior and prevent ransomware attacks.

(4) System Access Control

  1. System access is granted only after formal application and supervisor approval. The IT department assigns user accounts and roles based on submitted requests.
  2. Passwords must meet complexity standards and include a mix of letters, numbers, and special characters.
  3. Employee account access is revoked upon resignation or leave through coordination with IT.
  4. In 2025, the company plans to introduce a Privileged Access Management (PAM) system, requiring pre-authorization, real-time monitoring, and post-operation audit reporting for critical system operations.

(5) Ensuring Stable System Operations

  1. Data Backup: Backups are performed regularly. In addition to the main backup at the data center, secondary backups are stored both locally and in Hsinchu.
  2. Disaster Recovery Drills: Annual drills are conducted to restore systems from backup media and ensure the accuracy of restored data via user confirmation.
  3. Network Redundancy: Two leased lines from telecom providers operate in parallel with bandwidth management to ensure uninterrupted communication.

(6) Cybersecurity Awareness and Training

  1. Regular Awareness Campaigns: Employees are reminded to regularly update complex passwords and avoid phishing attacks. Social engineering tests are conducted periodically.
  2. Training Seminars: Periodic in-house training sessions are held on information security.
  3. Security Resources Investment:
    • Hardware: Firewalls, email anti-virus, managed switches.
    • Software: Backup management software, VPN authentication.
    • Telecom: Multiple lines, host backup, intrusion prevention services.
    • Personnel: Daily system monitoring, weekly backups with offsite storage, biannual security training, annual disaster recovery drills, internal IT audits, and third-party audits.
    • Cybersecurity Staff: A dedicated cybersecurity officer and team manage architecture design, operations, incident response, and policy revisions. The cybersecurity officer reports to the board at least once annually.

Corporate Governance Contact

Spokesperson
General Counsel / HSU,CHUN-CHI
Email: jerryhsu.trk@gmail.com

Acting Spokesperson
Equity Manager / Kelly Lo

Phone: 04-36118888#6661
Email: kelly.lo@trkmall.com.tw

標題

Reporting and Complaint Mailbox

Email: auditcommittee@trkmall.com.tw

Risk Management Policy

Home / Governance / Information Security and Intellectual Property /Risk Management Policy

To strengthen corporate governance and enhance the company’s risk management framework, this policy is established to reasonably ensure the achievement of the company’s strategic objectives and the sustainable operation and development of the enterprise.

For the complete policy, please refer to the Company’s Risk Management Policy and Procedures.

Risk Management Organizational Structure

Department Key Responsibilities
Board of Directors
The Board of Directors is accountable to shareholders and oversees the company’s governance system, ensuring that all operations are conducted in accordance with laws, the Articles of Incorporation, and shareholder resolutions.
Sustainability Development Committee
This committee leads the following efforts as its primary purpose: promoting corporate governance, fostering a sustainable environment, advancing social welfare, and strengthening the company’s sustainable development framework.
Audit Office
Responsible for evaluating the company's internal control system, providing analyses and improvement suggestions, verifying compliance with legal and internal policies, and enhancing management performance.

Risk Impact Assessment Criteria Table (Impact Level)

Risk Likelihood Assessment Criteria Table (Probability Level)

Risk Evaluation Standards

Corporate Governance Contact

Spokesperson
General Counsel / HSU,CHUN-CHI
Email: jerryhsu.trk@gmail.com

Acting Spokesperson
Equity Manager / Kelly Lo

Phone: 04-36118888#6661
Email: kelly.lo@trkmall.com.tw

標題

Reporting and Complaint Mailbox

Email: auditcommittee@trkmall.com.tw

Risk Management Implementation Status

To promote and implement an effective risk management mechanism, the Company reports the status of its risk management operations to the Board of Directors at least once per year.
The most recent report was presented at the Board meeting on November 8, 2024, and the key activities carried out in 2024 are summarized as follows:

Intellectual Property Management

Home / Governance / Information Security and Intellectual Property / Intellectual Property Management

To expand domestic and international markets and enhance brand value, the Company has established a sound intellectual property (IP) management system, strengthened employee awareness of IP protection, and formulated an IP management plan aligned with operational goals.

Trademark and Patent Management

In accordance with the Company’s internal control regulations titled “Acquisition, Maintenance, and Utilization of Intellectual Property Rights”, relevant departments evaluate and propose the necessity of IP rights. The IP management team collaborates with external law firms to handle application, maintenance, and utilization procedures for trademarks and patents.

Copyright and Trade Secret Management

Based on the “Employment Agreement” and the “Intellectual Property and Confidentiality Undertaking”, the following are agreed with employees:
(1) Copyright Clause: Defines the ownership of works created during the course of employment, which remains effective even after termination of employment.
(2) Confidentiality Clause: Includes obligations for the return of company data upon resignation and ongoing duties to maintain confidentiality.

External Management

All cooperation contracts with external vendors include warranty clauses for non-infringement of rights, requiring business partners to ensure that their performance does not infringe on any third party’s trademark rights, patent rights, copyrights, trade secrets, or other legal rights.

Implementation Status

To continuously promote IP-related measures, the Company reports its implementation status to the Board of Directors annually. The most recent report was presented on November 8, 2024, with the following updates:

As of October 31, 2024:

A total of 25 trademarks have been registered in Taiwan.

A total of 4 trademarks have been registered in China.

One new trademark was registered in Taiwan this year.

In response to business development in the United States, and to ensure operational control by the parent company in Taiwan over its U.S. subsidiary, trademark and patent applications are being filed under the name of Taroko Development Corp. Taiwan, with usage rights authorized to TarokoUS, its U.S. subsidiary.

Two trademark applications are currently in progress in the United States.
One patent application is planned.

Corporate Governance Contact

Spokesperson
General Counsel / HSU,CHUN-CHI
Email: jerryhsu.trk@gmail.com

Acting Spokesperson
Equity Manager / Kelly Lo

Phone: 04-36118888#6661
Email: kelly.lo@trkmall.com.tw

標題

Reporting and Complaint Mailbox

Email: auditcommittee@trkmall.com.tw

Personal Data Protection and Privacy Policy

Home / Governance / Information Security and Intellectual Property / Personal Data Protection and Privacy Policy

TRK Corporation (hereinafter referred to as “the Company”) is committed to providing comprehensive services. The personal data you provide will be collected, processed, and used in accordance with the Personal Data Protection Act and this Policy, in order to protect your privacy.

Please read this Policy carefully. If you do not agree to any of the terms below, you may request the Company to cease the processing and use of your personal data. The Company reserves the right to amend this Policy at any time. Any updates will be announced via the Company’s official website, app, or by other appropriate means such as verbal, written, telephone, email, fax, or electronic communication.

This Policy applies to all platforms and domains operated by the Company.

1. Purpose of Personal Data Collection

The Company may collect, process, store, transmit, use, or internationally transfer your personal data for purposes including but not limited to: consumer protection and transaction management, service improvement, business and technical information, member or customer management, marketing, data and database management, service usage analysis, internet behavior research, or other legitimate business needs under the Company’s registered operations or required by law.

2. Categories of Personal Data

To access services provided through the Company’s official website or app, you may be required to provide the following categories of data, including but not limited to:

  • Basic Information: Name, date of birth, gender, ID number, telephone number, address, email address, etc.

  • Account and Financial Information: Account number or equivalent identifier, credit/debit card number, CVV code, bank account number, transaction account details, loan or financial transaction history, financial status, etc.

  • Participation in Activities: When participating in Company-organized events, you may be required to provide necessary personal information for contact and identity verification. Failure to do so may result in your inability to participate.

3. Period, Region, Recipients, and Method of Use

  • Period: The duration necessary for fulfilling the specific purpose of data collection, as required by law or contractual agreement, or as needed for the Company’s business operations.

  • Region: Principally within the Republic of China (Taiwan). International data transfers will only be conducted under conditions that ensure data security and compliance with legal requirements.

  • Recipients: The Company, its affiliated companies, outsourced service providers, and third-party business partners.

  • Method: Use of automated or non-automated means.

4. Your Rights Regarding Personal Data

You may exercise the following rights regarding your personal data held by the Company:

  • Inquire or request access;

  • Request copies;

  • Request additions or corrections;

  • Request suspension of collection, processing, or use;

  • Request deletion.

To exercise these rights, please submit your request in writing or via electronic means. The Company may charge a reasonable fee to cover necessary costs.

The Company may request identity verification documents for such applications. If a representative applies on your behalf, a letter of authorization and identity documents for both parties are required.

5. Consequences of Not Providing Personal Data

You are free to choose whether to provide your personal data. However, failure to do so may result in your inability to register as a Company member or access certain services and benefits.

6. Information Security

The Company will adopt appropriate security measures to prevent unauthorized access, alteration, disclosure, or destruction of personal data. Measures include internal audits of data collection, storage and processing practices, and implementation of physical security controls.

7. Amendments to this Policy

This Policy may be amended at any time as necessary. Updated terms will be published on the Company’s app and official website. Continued use of the app or website will constitute your agreement to the amended terms.

8. Contact Us

If you have any questions regarding the Company’s Personal Data Protection and Privacy Policy, please contact us at: +886-4-36081188.

  • +886 4-3611-8888

  • +886 4-3611-6688

  • trk04690983@gmail.com

© 2023 Taroko US Corporation (TRK Corporation)。All Rights Reserved

  • +886 4-3611-8888

  • +886 4-3611-6688

  • trk04690983@gmail.com

© 2023 Taroko US Corporation(TRK Corporation) All Rights Reserved

Company Overview
Core Business
Management Team
Corporate History
Organization Structure

Board of Directors
Audit Committee
Remuneration Committee
Regulatory Framework
Internal Audit Policy
Integrity Management
Anti Corruption Policy
Information Security Policy
Corporate Governance Officer

Shareholder
Earnings Call
Financial
Market Observation Post System#1432

Talent
Employee

Stakeholder
Happy Workplace
CSR