PRIVACY POLICY

1. General Provisions

  1. ThroughTek Co., Ltd. (“TUTK”, “we”, “our”, or “us”) values your privacy and the protection of your personal data. This Privacy Policy (“Policy”) explains how we collect, process, use, store, protect, and share your personal data, as well as your rights as a data subject.
  2. This Policy applies to personal data collected through your interactions with us, including but not limited to our websites, mobile applications, Kalay platform, APIs, customer support channels, physical exhibitions, and other communication interfaces.
  3. We comply with applicable data protection laws and regulations, including the Personal Data Protection Act of Taiwan, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and align with ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018 standards.
  4. If you are under the legal age of consent in your jurisdiction, you must obtain consent from your legal guardian before using our Services.

 

2. Data Controller and Contact Information

  1. Data Controller:
    ThroughTek Co., Ltd.
    Address: 9F., No. 364, Sec. 1, Nangang Rd., Nangang Dist., Taipei City, Taiwan
    Company Registration No.: 29045478
  2. Contact:
    Email: privacy@tutk.com

For users in the EU/UK, a representative pursuant to Article 27 GDPR may be designated and published on our official website.

3. Categories of Personal Data Collected

1. Data You Provide
Includes name, email, phone number, company name, job title, business card information, inquiries, survey responses, and contractual data.

2. Automatically Collected Data
Includes:

  • IP address
  • Device identifiers and UID
  • Browser and HTTP information
  • Log records and usage activity
  • Device and app configurations
  • Diagnostic and error reports
  • Interaction data (clicks, session duration, login records)

3. Data from Third Parties
We may obtain data from partners, distributors, device manufacturers, developers, public sources, or identity verification providers, in compliance with applicable laws.

4. Cookies and Tracking Technologies
We use cookies and similar technologies for:

  • Authentication
  • Preference storage
  • Traffic analysis
  • Service improvement

You may manage cookies via browser settings.

5. Sensitive Data
We do not intentionally collect sensitive personal data unless necessary and with explicit consent.

 

4. Children’s Data Protection

Our Services are not directed to children under 13 (COPPA) or under 16 (GDPR).
If we become aware of unauthorized data collection, we will take appropriate action.

5. Purposes and Legal Bases of Processing

1. Purposes:

  • Service provision and contract performance
  • Platform operation and maintenance
  • Security and fraud prevention
  • Legal compliance
  • Marketing (with consent)
  • Analytics (in anonymized form)

2. Legal Bases:

  • Contract performance
  • Legal obligation
  • Consent
  • Legitimate interest
  • Protection of vital/public interests

 

6. Data Sharing and Disclosure

We may share personal data:

  • With your consent
  • With service providers and affiliates
  • As required by law or authorities
  • In corporate transactions (e.g., mergers)

We do not sell personal data.

7. Cross-Border Data Transfers

Your data may be transferred globally.
We implement safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Encryption and access controls

 

8. Data Retention and Deletion

We retain data only as necessary for:

  • Service provision
  • Legal compliance
  • Security and audit purposes

Data will be deleted, anonymized, or returned upon request where applicable.

9. Automated Decision-Making

We do not make decisions solely based on automated processing that produce legal effects, unless explicitly disclosed and permitted by law.

10. Your Rights

You may have the right to:

  • Access your data
  • Request correction or deletion
  • Restrict or object to processing
  • Data portability
  • Withdraw consent

Requests can be made via privacy@tutk.com.

11. Security Measures

We implement:

  • Encryption (TLS/HTTPS)
  • Access control and authentication
  • Monitoring and intrusion detection
  • Security audits and testing
  • Data minimization and pseudonymization

Kalay platform is ISO/IEC 27001 certified and aligned with ISO/IEC 27017 and 27018.

12. Data Breach Notification

In case of a data breach, we will:

  • Notify authorities within 72 hours (where required)
  • Inform affected users when necessary

 

13. Data Minimization

We only collect data necessary for specified purposes and do not use it beyond those purposes without consent.

14. Policy Updates

We may update this Policy.
Material changes will be notified via email, app notification, or website announcement.

15. Governing Law

This Policy shall be governed by the laws of Taiwan.
However, mandatory local protections (e.g., GDPR, CCPA) shall prevail where applicable.

Version Date: May 15, 2026 (Revised)