Candidate Privacy Consent

Job Placement Service Agreement

This Agreement is entered into pursuant to the Employment Services Act of the Republic of China (Taiwan), which mandates that private employment service agencies enter into written contracts with job seekers.

Party A (Job Seeker): [Name]
Party B (Employment Agency): GeValyn Associates Taiwan Limited (License No. Taipei City 0420)

The parties hereby agree as follows with respect to Party A’s engagement of Party B to provide job placement services:

Article 1 – Scope of Services

Party A authorizes Party B to provide job placement services commencing from [YYYY/MM/DD]. The parties agree on the following service details:

• Job Title: [Insert Job Title]
• Work Location: [Insert Location]
• Job Description: [Insert Description]
• Expected Monthly Salary: NT$ [Amount] or above
• Additional Benefits/Employment Terms: [Insert Terms]

Party B shall handle Party A’s personal data with due care, within the scope of the stated purpose, and in compliance with the principles of honesty, good faith, and relevance.

Article 2 – Fees

The parties agree that Party A shall pay:

• Registration and Placement Fee: NT$0 (zero)

Article 3 – Obligations of Party A

1. Party A agrees to provide accurate and complete resume information necessary for job placement.
2. Party A consents to the provision of this information to potential employers for employment consideration.
3. Party A affirms the accuracy of all submitted documents. Any false or misleading statements shall entitle Party B to terminate the contract and cancel placement eligibility.
4. Party A consents to having their resume included in Party B’s talent database and authorizes Party B to share it with appropriate employers based on professional discretion.

Article 4 – Obligations and Responsibilities of Party B

1. Party B shall explain the terms of this contract to Party A prior to execution.
2. Party B shall exercise the duty of care of a prudent administrator in delivering efficient and proper job placement services, and shall faithfully match Party A with positions that      meet the agreed terms.
3. With Party A’s written consent, Party B may retain copies of submitted documents solely for contract-related purposes and in accordance with the Personal Data Protection Act (PDPA).
4. Party B shall not solicit Party A to purchase goods, engage in multi-level marketing, purchase insurance, or participate in similar schemes.
5. If Party A is a minor, Party B must obtain written consent from Party A’s legal guardian and verify Party A’s age. For individuals under 16, Party B shall comply with applicable laws      protecting underage workers.
6. Party B shall not collect employment security deposits or charge any additional fees beyond those permitted by law.

Article 5 – Termination and Liability

1. This Agreement shall remain valid indefinitely unless terminated by either party at any time.
2. Upon termination, Party B shall retain the Agreement unless Party A requests its return or destruction in writing.
3. Either party terminating the Agreement in a manner that causes the other party to suffer damage shall be liable for such damages, except where termination is due to reasons not attributable to the terminating party.

Article 6 – Complaints and Dispute Resolution

1. In the event of a dispute during the performance of this Agreement, Party B shall seek amicable resolution with Party A. Failing resolution, the Taipei District Court shall have      jurisdiction as the court of first instance.
2. Party B’s complaint hotline: (02) 66050804 | Email: support@gevalyn.com

Article 7 – Miscellaneous

1. This Agreement, including any email, fax or electronic copy, shall be deemed an original. Party B agrees not to contest the authenticity or validity of a non-paper version.
2. Any matters not covered herein shall be handled in accordance with applicable laws, customs, and the principles of good faith and mutual benefit.

Article 8 – Copies

This Agreement is executed in two originals. Each party shall retain one copy. Neither party may unilaterally amend its contents, and Party B may not request the return of the signed contract.

Executed by the Parties:

Party A: ___________________________

Party B: GeValyn Associates Taiwan Limited

Personal Data Protection and Privacy Statement

GeValyn Associates (“the Company”) is committed to safeguarding your privacy and managing your personal data in compliance with the Personal Data Protection Act (PDPA). By engaging with our services and submitting personal data, you agree to the following terms:

1. Data Security

Your personal data will not be disclosed to unrelated third parties without your explicit consent.

2. Purpose of Collection, Use, and Processing

In accordance with Article 8 of the PDPA:

• Purpose: Recruitment, placement, market research,      and talent referral for client companies
• Categories of Data: Name, date of birth, ID number, address,      contact info, education, profession, financial data, licenses, work      history, etc.
• Retention Period: Duration of recruitment or contractual      service, as legally required or until no longer necessary
• Geographic Scope: Taiwan (Republic of China)
• Recipients: The Company, contracted partners,      government agencies when required by law
• Methods: Paper, digital, or other legally      acceptable means

3. Your Rights (per Article 3 of the PDPA)

You may request to:

• Access or review your data
• Request copies (fees may apply)
• Supplement or correct data
• Stop data collection, processing, or use
• Delete data

Requests may be submitted to your consultant or by email.

4. Customer Feedback

During job placement or employment, your name, ID, and email may be used for satisfaction surveys.

5. Third-Party Data

You confirm that any third-party data you provide (e.g., emergency contacts or references) has been submitted with that person’s consent.

6. Consequences of Withholding Data

You may decline to provide personal data; however, this may affect our ability to deliver full placement services.

7. Amendments

The Company reserves the right to revise this statement. Updates will take effect upon publication.

This form and statement online serve as a reference only. For formal signing and completion of authorization, please contact our consultants directly.

Personal Data File Security and Management Policy

GeValyn Associates – Data Protection Policy

Effective pursuant to Article 27, Paragraphs 2 and 3 of the Personal Data Protection Act (PDPA) and Article 3 of the Guidelines for Personal Data File Security Management of Employment Service Providers

1. Legal Basis

This policy is enacted in accordance with the Personal Data Protection Act (PDPA), specifically Article 27, Paragraphs 2 and 3, and the applicable regulations governing the security of personal data files maintained by employment agencies.

2. Purpose

To prevent unauthorized access, alteration, damage, loss, or leakage of personal data, all personnel of GeValyn Associates must adhere strictly to the guidelines set forth in this policy for the secure management and maintenance of personal data files.

3. Management Personnel and Resources

(a) Designated Officer:

· Staffing: One (1) designated Data Protection Officer (DPO).

· Responsibilities: Planning, establishing, revising, and executing this policy; overseeing access to personal data files and determining retention/disposal methods post-contract.

(b) Data Protection Commitment:
GeValyn Associates adheres to all PDPA provisions relating to the collection, processing, and use of personal data and maintains appropriate safeguards to prevent unauthorized disclosure, tampering, or loss.

4. Scope of Personal Data

(a) Specific Purposes of Collection:

· Human Resource Management (Code 002)

· Agency and Intermediary Services (Code 020)

· Employment Counseling, Placement, and Workforce Management (Code 117)

(b) Client and Candidate Data:
Includes name, date of birth, national identification number, passport number, educational background, professional history, contact information, and any other data that may directly or indirectly identify a natural person.

(c) Employee Data:
Includes name, date of birth, national identification number, education, work history, contact information, and other personally identifiable data.

5. Risk Assessment and Management Mechanisms

(a) Risk Scenarios:

· Data leaks via internal systems or external cyberattacks.

· Data exposure through access to physical documents.

· Intentional theft or data misuse by internal personnel.

(b) Risk Management Measures:

· Use of user IDs, passwords, and secure document storage.

· Regular cybersecurity maintenance and access control audits.

· Prohibition of personal portable devices (e.g., USB drives, external hard disks, smartphones) for storing company data.

· Reinforced employee access control and equipment oversight.

6. Internal Measures for Collection, Processing, and Use of Personal Data

(a) Notification at Point of Collection:
When collecting personal data directly from data subjects, the following must be disclosed:

1. Company name

2. Purpose of collection

3. Data categories

4. Retention period, usage region, recipients, and method of use

5. Whether the provision of data is voluntary and any consequences of refusal

6. Rights of the data subject (e.g., access, correction, deletion, objection)

7. Verification of data subject identity

8. Applicable fees (if any)

(b) If personal data is collected indirectly (not from the data subject), the source and the above details must be disclosed before processing.

(c) Written consent is required via contract before any collection, processing, or use of personal data. Upon contract termination, personal data must be destroyed unless further retention is legally or contractually justified.

(d) Upon the data subject’s objection to marketing use, all marketing activities using their data must cease immediately.

(e) Requests for data access, correction, or deletion must be processed within 15 days of receipt. Contact:
Email: support@gevalyn.com | Tel: (02)66050804
This contact information must be disclosed on company websites or contracts.

(f) Data custodians must transfer all records during role transitions.

(g) Personnel must authenticate with personal credentials to access or process personal data. Passwords must be kept confidential.

(h) The designated DPO shall regularly review whether stored personal data aligns with the specified purpose and delete unnecessary or expired data accordingly.

(i) Any use of personal data beyond the stated purpose must be reviewed for legal compliance.

(j) In the event of business termination, personal data must be destroyed or transferred in accordance with PDPA requirements.

7. Incident Prevention, Reporting, and Response

(a) Prevention Measures:

· Credential-based access control

· Restricted document access with supervisor approval

· Controlled internal and external data transfers

· Employee awareness and training programs

· Strict prohibition of unauthorized storage devices

(b) Incident Response:

1. Any suspected breach must be reported to the DPO and investigated immediately.

2. Report to the Taipei City Government within 72 hours using the prescribed form.

3. Notify affected data subjects promptly with details of the incident and remedies.

4. Root cause analysis and remedial actions must follow.

8. Data, Personnel, and Equipment Security

(a) Data Security:

· Devices must be password-protected and locked when unattended.

· Antivirus and security protocols must be regularly applied.

· Only authorized personnel may access sensitive data with prior approval.

· Workstations may not be used for public inquiries.

(b) Physical Security (Paper Files):

· Stored in locked filing cabinets with restricted access.

· Fire and theft prevention measures must be in place.

· Disposal via shredding is mandatory.

(c) Personnel Management:

· Role-based access control

· Passwords changed every 90 days

· Immediate account revocation upon termination

· Confidentiality clauses in all contracts

· Non-routine access requires pre-approval

· All staff must sign NDAs

· Data handlers must perform formal file handover during job transitions

(d) Equipment Security:

· Regular maintenance of data systems

· Backups and fireproof/offsite storage for critical data

· Old hardware must be securely wiped prior to disposal

· Repairs must be monitored by authorized personnel

9. Data Security Audits

Annual audits will be conducted to ensure compliance with this policy. Any deficiencies must be addressed with documented corrective and preventive actions. Audit reports require confirmation by company leadership.

10. Logging and Evidence Retention

· All access to personal data systems must be logged and encrypted.

· Physical logbooks must be stored securely and accessed only by authorized personnel.

11. Training and Awareness

New employees must receive mandatory training on data protection laws, responsibilities, and company procedures. Training records must be maintained.

12. Continuous Improvement

This policy shall be reviewed and updated as necessary in response to changes in technology, legal requirements, or audit findings.

13. Data Handling Post-Business Termination

Upon business cessation, personal data shall no longer be used and must be destroyed, transferred, or otherwise handled in accordance with legal requirements. Records of such actions must be retained for a minimum of five (5) years.