icon-mobile-nav
deco-left

Website Security Policy

deco-right
Last updated: 2024 Year 03 Month 28 Day
The "FunTainan" Cultural Tourism Digital Stamp Collection Platform (hereinafter referred to as "the Platform") has formulated the following website security policy in accordance with the spirit of the Personal Data Protection Act to safeguard your data security and that of the Platform, and to elucidate the relevant safeguards provided by the Platform in terms of information and communications security.

I. Scope of the Policy

The following platform security policy applies to the collection, utilization, and protection of personal data involved when you browse the Platform. However, it does not apply to links to other websites created on the Platform. When you click on links to other websites, the website security policy of each respective website applies.

II. Information Access Control

  1. Establishing system access policies and authorization regulations, and informing employees and users of their respective rights and responsibilities through written, electronic, or other means.
  2. Upon resignation (retirement) of personnel, their access permissions to all information resources must be immediately revoked, and such revocation must be included as a necessary procedure for resignation (retirement). In the event of personnel job adjustments or transfers, their permissions must be adjusted within the specified period in accordance with the system access authorization regulations.
  3. Establishing a system user registration management system, strengthening user password management, and, in principle, setting a password update period of no more than six months.
  4. For system service vendors performing system maintenance remotely, stronger security controls must be implemented, and a personnel roster must be established, assigning them relevant security and confidentiality responsibilities.
  5. Implementing an information security audit system, and conducting regular or ad hoc information security audit operations.

III. Platform Security Measures and Regulations

Any unauthorized attempt to upload or modify the services and related information provided by the Platform is strictly prohibited and may constitute a violation of law. For the purpose of website security and to ensure the continued provision of this service to all internet users, the Platform provides the following security measures:
  1. Establishing firewalls at nodes connecting to external networks to control data transmission and resource access between external and internal networks, and implementing rigorous identity verification procedures.
  2. Using network intrusion detection systems and monitoring network traffic to identify unauthorized attempts to upload or modify webpage information or intentional acts of sabotage.
  3. Installing antivirus software and regularly running virus scans to provide users with a safer web browsing environment.
  4. Establishing system backup facilities and regularly making backups and remote backups for necessary data and software to quickly restore normal operations in the event of disasters or storage media failures.
  5. Irregularly simulating hacker attacks to practice system recovery procedures in the event of a security incident and provide appropriate levels of security defense.
  6. Confidential and sensitive data or documents are not stored in publicly accessible information systems, and confidential documents are not transmitted via email.
  7. Automatically receiving security maintenance electronic notifications from relevant operating system vendors or application vendors, and installing appropriate patches according to the recommendations in the electronic notifications.
  8. The transmission of internet data cannot be guaranteed to be 100% secure. The Platform will make efforts to protect the security of the Platform and your personal data. In some cases, the standard security technology SSL is used to ensure the security of data transmission. However, since data transmission involves the security of your online environment, which can vary, we cannot guarantee the security of data you transmit to or receive from the Platform. You must be aware of and assume the risks associated with data transmission over the internet. Please understand that the consequences of this aspect are beyond the control of this website.

IV. Security Management of Firewall

The firewall includes a network service forwarding server (such as a proxy server) to provide forwarding and control of network services such as Telnet, FTP, and WWW. The firewall serves as the hub of the entire network, and a backup set for the firewall host and software must be reserved for occasional needs. The firewall system of the Platform routinely records the activities and events of the entire network. The data in the log files must include at least the date, time, start and end IP addresses, communication protocols, etc., for routine management and future audit operations. The log files of the firewall of the Platform are reviewed and analyzed by firewall administrators for any abnormalities, and the log files must be retained for more than one year. Access to the firewall host of the Platform is restricted to system terminal login only, and no other login methods are allowed to ensure the security of the firewall host. The security management settings of the firewall of the Platform must be regularly reviewed and adjusted as necessary to ensure the intended security management objectives are achieved. Regular data backups of the firewall system of the Platform must be performed, and only local backups are allowed, without using other methods such as network backups. The software of the firewall system of the Platform must be regularly updated to address various network attacks.

V. Data Backup Operation Principles

The backup of important data must, in principle, preserve at least three copies. Backup data must be subject to appropriate physical and environmental protections, and the security standards for backup data must be as consistent as possible with the security standards of the primary operating facility; security control measures for computer media at the primary operating facility must be applied to the remote backup operating facility to the greatest extent possible. Regular testing of backup data must be conducted to ensure its availability.

VI. Data Recovery Operation Principles

  1. During data recovery operations, the consistency and integrity of the data must be checked first.
  2. For platform data recovery, except in the case of unforeseen major events or factors such as the inability to restore the data center or network operations, data shall be restored to normal within 24 hours. Backup data shall be ensured to retain the most recent and complete data within two days.Following data recovery, both programs and databases shall be immediately operational.
  3. Regular testing of backup data must be conducted to ensure its availability.
  4. After completion of data recovery operations, personnel from relevant units must continue to monitor the system for three days to ensure normal operation and the accuracy of newly added data.

VII. Due to the rapid development of technology, incomplete formulation of relevant regulations, and unforeseeable environmental changes in the future, the Platform may need to modify the explanation of the information security policy provided on the website to fulfill the commitment to safeguarding cybersecurity. Upon completion of any modification to the information security policy, we will promptly publish it on the Platform, along with conspicuous reminders prompting you to click and read.

VIII. If you have any questions or opinions regarding the above terms, please contact us through the contact information provided on the Platform.