Who we are

[AGENCY NAME] (“we”, “us”) operates a business-to-business outreach service. We are the data controller for the personal data described in this notice. You are receiving or reading this notice because we hold limited professional contact data about you, or you have followed a link from a message we sent.

What data we use, and where it comes from

We process professional, business-context data only: name, job title, employer, business email address, and publicly available professional information (for example, company websites, professional networking profiles, public company filings, and public professional publications). We do not seek or use special categories of data (health, biometric, political, religious, sexual, union, or criminal-record data).

Sources include data we receive from commercial data providers and enrichment vendors, publicly accessible web pages, and information you or your organisation have made public.

Lawful basis

In the EU/EEA and UK we rely on our legitimate interests (GDPR Article 6(1)(f)) in conducting relevant business-to-business outreach. We have carried out a Legitimate Interest Assessment balancing that interest against your rights and freedoms. In other regions we rely on the applicable lawful basis under local law, including Taiwan’s PDPA and applicable anti-spam rules.

Retention

We keep contact and enrichment data only as long as needed for outreach and to honour your choices, after which it is deleted or anonymised. Where you opt out or object, the record of that decision (a suppression / opt-out record) is retained for as long as required to keep honouring it, as permitted under GDPR Article 17(3)(b).

Your rights

Subject to applicable law you have the right to access, rectify, erase, restrict, and port your data, and to object to processing based on legitimate interests. You can object at any time, including through our non-email objection channel at /privacy/object. You may also lodge a complaint with your supervisory authority.

Sub-processors

The third parties that process data on our behalf are listed at /privacy/subprocessors.

Contact / Data Protection Officer

For any privacy request or to reach our Data Protection Officer, contact [DPO EMAIL].

我們是誰

[AGENCY NAME]（以下稱「我們」）提供企業對企業（B2B）的行銷聯繫服務，並為本告知所述個人資料的資料控管者。您之所以收到或閱讀本告知，係因我們持有您有限的專業聯絡資料，或您是透過我們所發送訊息中的連結前來。

我們使用哪些資料，以及來源為何

我們僅處理屬於專業／商務範疇的資料：姓名、職稱、任職機構、商務電子郵件地址，以及可公開取得的專業資訊（例如公司網站、專業社群檔案、公開的公司登記資料及公開的專業出版品）。我們不會蒐集或使用特種個人資料（健康、生物特徵、政治、宗教、性生活、工會或犯罪紀錄等資料）。

資料來源包括我們自商業資料供應商及資料補實廠商所取得的資料、可公開存取的網頁，以及您或您的機構已公開的資訊。

合法處理依據

在歐盟／歐洲經濟區及英國，我們係基於進行相關 B2B 行銷聯繫之正當利益（GDPR 第 6(1)(f) 條）。我們已完成正當利益評估，於該利益與您的權利與自由之間取得衡平。於其他地區，我們則依當地法律（包括臺灣個人資料保護法及適用之反垃圾郵件規範）之適用合法依據處理資料。

保存期間

聯絡與補實資料僅於行銷聯繫及實現您之選擇所需期間內保存，期滿後即予刪除或匿名化。當您退出或表示反對時，該決定之紀錄（即抑制／退出紀錄）將於持續履行該決定所需之期間內保存，此符合 GDPR 第 17(3)(b) 條之容許範圍。

您的權利

在適用法律範圍內，您有權存取、更正、刪除、限制處理及攜帶您的資料，並就基於正當利益所為之處理表示反對。您可隨時表示反對，包括透過我們的非電子郵件反對管道： /privacy/object。您亦得向主管機關提出申訴。

受託處理機構（次處理者）

代表我們處理資料之第三方清單，請見： /privacy/subprocessors。

聯絡方式／資料保護長

如有任何隱私權相關請求，或欲聯繫我們的資料保護長（DPO），請來信： [DPO EMAIL]。