Privacy Policy

Thank you for visiting the website of Twinhead.com.tw (“Twinhead”). We highly respect your privacy rights, and, therefore, this privacy policy is to help you understand how we collect, use and protect your information. This privacy policy provides the following: (1) the types of information we collect from this website, (2) the use of the information we collect from this website, (3) your consent to collect and use the information, (4) how we protect information collected from this website, and (5) how you can access the collected information and have it modified or removed from our records. This privacy policy does not apply to any information that is not collected from this website, and this privacy policy will be changed from time to time to provide better protection of your information. It is your responsibility to check any updates in our privacy policy.

1. Scope of this Policy

This Policy applies to:

• Customers and business partners located in the European Union (“EU”) and European Economic Area (“EEA”).
• Processing of personal data collected through Durabook products (rugged notebooks, tablets), our websites, and support services.
• Processing activities where Twinhead acts as either:

        – Data Controller (e.g., marketing, customer service, account management).
        – Data Processor (e.g., providing services on behalf of business customers).

2. Principles of Data Protection

Twinhead adheres to GDPR principles of lawful processing:

• Lawfulness, fairness, transparency – We process data under lawful bases (consent, contract, legal obligation, legitimate interest) and communicate transparently.
• Purpose limitation – Data is collected for specific, legitimate purposes and not processed in a manner incompatible with those purposes.
• Data minimization – Only data necessary for business operations and product support is collected.
• Accuracy – We keep personal data accurate and up-to-date.
• Storage limitation – Data is retained only as long as necessary.
• Integrity and confidentiality – We implement robust technical and organizational measures to safeguard data.
• Accountability – We maintain records of processing and comply with supervisory authorities.

3. Categories of Personal Data Processed

We may collect and process the following categories:

• Identification data: name, contact details, company affiliation.
• Account data: login credentials, account history.
• Transactional data: purchase details, warranty claims, support inquiries.
• Technical data: device identifiers, IP address, diagnostic logs (for support).
• Marketing preferences: subscription choices, event participation.

We do not intentionally collect special categories of personal data unless strictly required (e.g., for employment).

4. Purposes and Legal Bases for Processing

• Customer relationship & support – Performance of a contract.
• Product warranty & repair services – Legal obligation and contract fulfillment.
• Website services & analytics – Legitimate interest in service improvement (with cookie consent where applicable).
• Marketing communications – Consent or legitimate interest, with opt-out available.
• Compliance with law – Processing required for legal obligations (e.g., tax, regulatory).

5. Data Subject Rights

Under GDPR, individuals have the following rights:

• Access – Obtain a copy of personal data.
• Rectification – Correct inaccurate or incomplete data.
• Erasure (“Right to be Forgotten”) – Request deletion where legally permissible.
• Restriction – Limit processing in certain circumstances.
• Portability – Receive personal data in a structured, machine-readable format.
• Objection – Object to processing, including direct marketing.
• Withdraw consent – At any time, where processing is based on consent.

Requests may be submitted to: Data_Protection(a)twinhead.com.tw

6. Data Processing Agreement (DPA) Commitments

Where Twinhead acts as a Data Processor on behalf of business customers:

• We process personal data solely on the customer’s documented instructions.
• We implement appropriate technical and organizational security measures.
• We ensure confidentiality by binding staff and authorized processors.
• We engage sub-processors only with customer consent and maintain transparency.
• We assist customers with GDPR compliance, including data subject requests.
• We notify customers promptly in the event of a data breach.
• We support audits and provide necessary documentation.

7. International Data Transfers

• Twinhead is headquartered in Taiwan and operates globally.
• Where data is transferred outside the EU/EEA, we use appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions).
• We ensure data subjects’ rights remain protected regardless of transfer location.

8. Data Security

We maintain robust safeguards, including:

• Encryption of data in transit and at rest.
• Access controls and authentication mechanisms.
• Regular vulnerability testing and monitoring.
• Incident response procedures and staff training.

9. Data Retention

We retain personal data only as long as necessary for the purposes collected, including:

• Warranty and product support – duration of contract + statutory limitation period.
• Marketing data – until withdrawal of consent or objection.
• Legal/regulatory obligations – as required by applicable law.

10. Supervisory Authority & Complaints

Individuals in the EU/EEA may lodge complaints with their local Data Protection Authority. We encourage direct contact with us first.

11. Contact Information

Twinhead International Corporation
9F, No.550, Ruiguang Rd., Neihu, Taipei 11492, Taiwan, R.O.C.
Email: Data_Protection(a)twinhead.com.tw
Phone: +886‐2‐5589‐9999

12. Updates to this Policy

We may update this Policy to reflect legal, technical, or business changes. Updates will be posted on our website with the date of revision.