Pursuant to the General Data Protection Regulation (“GDPR”) of European Union, we are committed to protect your data and put you in control. We have updated and will periodically update our Privacy Notice in line with GDPR. See our latest version of the Privacy Notice.
This site uses cookies to offer you a better browsing experience. Find out more on how we use cookies here.
Continue

 
Future in Motion  

Leading Sustainable Change

Home>Sustainability>

4. 誠信經營-1

Ethical Management

The Company has established a comprehensive ethical management system and policy framework to implement integrity-based corporate governance through clear regulations, including:

Code of Ethical Conduct: Established in accordance with the template provided by competent authorities and approved by the Board of Directors, the Code applies to directors, managers, and all employees. It requires compliance with applicable laws and regulations and prohibits any unethical conduct, including bribery, offering improper benefits, unfair competition, illegal political contributions, and inappropriate donations or sponsorships, while also emphasizing intellectual property protection. For counterparties involved in unethical conduct, the Company will take appropriate actions in accordance with established procedures. A whistleblower protection mechanism is also in place to ensure confidentiality of reporting channels.
To address integrity-related risks, the Company has established corresponding internal control mechanisms as well as preventive and corrective measures. Based on risk assessments, the Internal Audit unit develops audit plans and regularly reviews the effectiveness of system implementation to ensure the effective execution of ethical management practices. The Company has also established conflict of interest management, internal control, and accounting systems to strengthen risk prevention mechanisms. The Company discloses its integrity policy to suppliers, customers, and other business partners, and takes appropriate actions when unethical conduct is identified. In addition, a whistleblower protection mechanism has been established, and the Internal Audit unit regularly reviews the implementation of the relevant systems.

Anti-Corruption and Anti-Money Laundering Policy:  Signed and publicly endorsed by the Chairman, the policy follows the United Nations Convention against Corruption (UNCAC) and applicable laws and regulations in operating locations, adopting a zero-tolerance approach toward corruption and money laundering. The policy is integrated into the internal control system and linked with the Code of Ethical Conduct and related codes of conduct to prevent risks related to corruption, money laundering, and violations of international sanctions, thereby fostering a culture of integrity and ethical business conduct.

Related Party Transaction Procedures: The Company has established the Related Party Transaction Procedures as an important basis for managing related party transactions. In addition to complying with the internal control system, transactions involving the acquisition or disposal of assets must also follow the Procedures for Acquisition or Disposal of Assets to ensure that transaction processes, review mechanisms, and information disclosures comply with applicable regulations and Company policies. Through systematic management, the Company strengthens the compliance, reasonableness, and transparency of related party transactions while protecting corporate and shareholder interests.

Code of Conduct for Directors and Employees: The Company requires directors and all employees to uphold high standards of professional ethics. Directors are required to follow the Code of Ethical Conduct and lead by example in ethical management practices. Employee labor contracts include provisions related to integrity, conflict of interest avoidance, and professional conduct. The Employee Code of Conduct also clearly prohibits corruption, abuse of authority, bribery, and other improper behavior. Violations are handled in accordance with the Employee Reward and Disciplinary Measures. Serious violations may result in dismissal and legal action, and may be referred to judicial authorities when necessary. Employees in sensitive positions are also required to sign confidentiality agreements to strengthen risk control.
Overall, the Company has established an integrity governance framework extending from the Board of Directors to frontline employees and throughout the supply chain, embedding integrity values into its corporate culture and daily operations.



Risk Assessment and Response Mechanisms

The Company has established a systematic anti-corruption risk assessment mechanism. Each year, the Internal Audit unit conducts risk identification and assessment for the Company and its subsidiaries, and implements appropriate response measures, internal controls, and audit mechanisms to continuously reduce corruption risks. In 2025, all companies included in this Report (the parent company and 10 subsidiaries) completed the assessment, achieving 100% coverage. The assessment covered 11 major risk areas, including unethical conduct, conflicts of interest, procurement and payment, sales and collection, engineering bidding, and acceptance procedures. In accordance with the Company’s risk management procedures, risks are evaluated based on likelihood and impact (Risk Value R = Likelihood L × Impact I), with results presented in a risk matrix. The likelihood assessment is classified based on the number of substantiated corruption cases identified over the past two years. Based on the assessment results, medium- and high-risk issues are included in key management areas, and the Company implements measures such as strengthening internal controls and revising relevant procedures to reduce risk levels.



Identification and Countermeasures for Anti-Corruption Risks

In the 2025 risk assessment results, among the 11 issues evaluated, 10 were classified as low risk and 1 as medium risk. No material potential corruption risks were identified, indicating that the current anti-corruption system is operating effectively and overall risks remain within a controllable range. Details of the medium-risk item and the corresponding response measures are presented in the table below.


2025 Anti-Corruption Risk Assessment Results

Function/Role Anti-corruption Issue Affected Parties Risk Level

Employees

Dishonest conduct

Employees, Suppliers, Customers

Medium

Directors

Conflict of Interest

Company

Low

Finance

Financial Matters – Collection Operations

Company, Customers

Low

Finance

Financial Matters – Payment Operations

Company, Suppliers

Low

Sales/Business

Sales and Collection Operations

Company, Customers

Low

Procurement

Procurement and Payment Operations

Company

Low

R&D

Procurement and Payment for R&D Materials / Equipment

Company

Low

Warehouse Management

Warehouse Management

Company

Low

Quality Assurance

Incoming Material Quality Inspection

Company, Customers

Low

Personnel with Conflicts Duties

Duty Conflict

Company & Employees

Low

Construction

Engineering Tendering and Acceptance

    Company & Employees

Low


Remedial Measures
Risk Description: During business operations, directly or indirectly offering, promising, requesting, or accepting improper benefits, or engaging in conduct that violates integrity and professional standards. 

Main Response Actions: 
  1. Establish codes of professional ethics and related regulations.
  2. Implement whistleblowing and whistleblower protection mechanisms.
  3. Establish stakeholder feedback channels.
  4. Conduct regular anti-corruption and anti-money laundering awareness programs.
  5. Establish a Supplier Code of Conduct and require integrity commitments.
  6. Define principles for the acceptance and handling of gifts.
  7. Conduct regular internal audits to review compliance with integrity management policies and preventive programs.
 

Whistleblowing and Whistleblower Protection Mechanisms

The Company has established a comprehensive whistleblowing and whistleblower protection system to encourage employees and stakeholders to report violations of professional ethics. Multiple reporting channels and protection measures are provided to ensure the effective operation of the reporting mechanism. Reporting email addresses and contact information are disclosed through the Company’s website, corporate governance section, and procurement contracts. Internal and external parties—including employees, customers, suppliers, and other business partners—may submit reports or raise concerns, including anonymously, and all cases are handled with due care.

In accordance with the Procedures for Reporting Corruption and Misconduct, the Company adopts strict confidentiality and protection measures for whistleblowers, including confidentiality of identity information, separate storage and restricted access to case-related information, and prohibition of any form of retaliation. Any unauthorized disclosure, threats, or intimidation will be subject to disciplinary action in accordance with Company regulations. During the investigation process, confidentiality agreements and case-closing feedback mechanisms (satisfaction surveys) are also implemented to safeguard whistleblower rights and support continuous improvement of the system.

All reported cases are investigated by the Internal Audit unit or a designated independent investigation committee in accordance with internal procedures and applicable regulations. Cases are classified as major or general based on the estimated loss amount involved in the report. If the allegations are substantiated through investigation, the Company will impose appropriate disciplinary actions depending on the severity of the case, including warnings, demotions, or termination of employment. Remedial Actions actions will also be taken for improper business relationships involved, such as terminating cooperation with implicated suppliers, to uphold the principles of ethical management.

To encourage reporting, the Company has also established a reward mechanism for verified cases. Major cases are eligible for a fixed reward of NT$200,000, while general cases receive rewards equivalent to 5% of the estimated loss amount. Through these measures, the Company promotes a culture of integrity and transparency, encourages proactive reporting of misconduct, and safeguards the integrity of overall operations.

Business Ethics Reporting Mailbox
Head of Auditing Department
gthaudit@getac.com.tw


Internal Control Audit and Oversight

The Company incorporates anti-corruption risk assessment results into its internal audit plan. Based on the assessment results of unethical conduct risks, the Internal Audit unit establishes annual audit priorities to review compliance with preventive measures and conducts at least one dedicated audit each year to verify the effectiveness of anti-corruption and anti-money laundering awareness programs and control measures.

When necessary, external auditors or professional third parties may also be engaged to assist with audits to ensure the independence and professionalism of the assessment and control processes. Audit results are reported to senior management and the dedicated ethical management unit, and submitted to the Board for review to strengthen senior-level oversight and continuous improvement mechanisms. The Board also supervises the Company’s efforts to prevent unethical conduct and reviews implementation effectiveness as appropriate to ensure the effective execution of integrity policies.


Education and Training

To strengthen integrity awareness and practical compliance capabilities, the Company continuously promotes anti-corruption and anti-money laundering training, incorporating related courses as mandatory training for directors, managers, and employees. Management and all employees of the Company and its subsidiaries are required to complete at least one online training session annually. Participants must achieve a full score on the post-training assessment to complete the course; otherwise, retraining is required until passing.

Training topics include anti-corruption and anti-money laundering policies, workplace anti-corruption practices, and insider trading prevention. Course design is continuously improved based on participant feedback to enhance overall coverage and effectiveness. In addition, the Company regularly reminds directors and managers via email to comply with insider trading regulations and uses calendar notification mechanisms to alert relevant personnel of blackout periods prior to statutory financial report announcements, thereby strengthening compliance awareness.


2025 Integrity Governance Performance
  1. Risk Assessment: Anti-corruption risk assessments covered the Company and 10 subsidiaries, achieving 100% coverage. Among the 11 assessment categories, only one was classified as medium risk, while the remaining were low risk, with no significant potential corruption risks identified. Based on the assessment results, the Internal Audit unit conducted related audits and reported the results to the Board in November to further strengthen oversight and continuous improvement.
  2. Supplier Anti-Corruption Management: To strengthen supply chain integrity and anti-corruption management, the Company has incorporated integrity commitments into its supplier management system. Suppliers with transaction amounts of NT$80,000 (inclusive) or above are required to sign the Anti-corruption Undertaking or related integrity commitment documents as a prerequisite for cooperation. Suppliers that fail to complete the signing process are automatically blocked from payment processing to ensure compliance with integrity and legal requirements. In 2025, the Company had a total of 1,102 production raw material suppliers, primarily located in Taiwan, China, and Vietnam, accounting for over 95% of all suppliers. Under the Company’s supplier classification and qualification management requirements, all Tier 1 and Tier 2 production raw material suppliers completed the signing of integrity clauses, achieving a 100% signing coverage rate.
  3. Internal Control Audit: Based on the risk assessment results, the Internal Audit unit incorporated relevant items into its audit reviews. The 2025 ethical management implementation results were reported to the Board on November 12. Senior management and the Board continue to oversee implementation progress and provide improvement recommendations to ensure ongoing enhancement and effective execution of integrity policies.
  4. Education and Training: During the year, a total of 7,767 participants completed anti-corruption and anti-money laundering training courses, achieving an overall completion rate of 90.46%, exceeding the original target of 85%. Among them, direct personnel achieved a completion rate of 95.11%, while managers and indirect personnel also maintained high participation rates. Directors also continued participating in anti-corruption training programs, including insider trading prevention, corporate governance, and securities regulations. Two directors participated in external training programs, accumulating 9 training hours.
  5. Violation Handling: No major corruption or fraud incidents occurred in 2025. Only one employee misconduct case was identified, involving false attendance records and fraudulent overtime claims. The employee was disciplined in accordance with Company regulations and required to return improper gains. The Company also reviewed and strengthened internal control measures, including: (1)Planning the introduce a facial recognition attendance system; (2)Conducting management training for new and existing supervisors to strengthen awareness of management responsibilities, Company regulations, and workplace supervision duties; (3)Publicizing disciplinary cases internally to enhance awareness and strengthen workplace discipline.
Overall, through its comprehensive integrity governance framework, internal control audits, education and training programs, and whistleblowing mechanisms, the Company effectively manages corruption risks, maintains operational integrity and transparency, and continues to strengthen its culture of ethical conduct, thereby laying a solid foundation for sustainable development.
Personal Data Protection Policy and Customer Privacy
Personal Data Protection Policy
The Company has established and implemented a Personal Data Protection Policy and website privacy statement to clearly define the purposes, processing methods, and legal basis for the collection of personal data. The scope of application covers information relating to customers, suppliers, and business partners. All new employees are required to sign employment agreements containing confidentiality obligations, and confidential information is managed in accordance with the “Need-to-Know Principle” to control the scope of disclosure. Any violations of relevant regulations will be handled in accordance with the Company’s internal management procedures in order to safeguard corporate integrity and customer trust.

Customer Privacy
To protect customer confidentiality and privacy, the Company implements various management systems and control measures to ensure information security and confidentiality, including:
  1. Employee Confidentiality Obligations: The Employee Code of Conduct and employment agreements require employees to strictly comply with customer confidentiality and privacy protection requirements and safeguard trade secrets. Confidential information obtained from customers through business interactions is managed in strict accordance with the “Need-to-Know Principle,” and disclosure is limited only to personnel who must access such information , and confidentiality agreements are executed where necessary before such information is disclosed.
  2. External Party Confidentiality Responsibilities: Confidentiality agreements are executed with external parties to regulate and enforce their confidentiality obligations.
  3. Workplace Security: The Company strictly implements its “Production Site Confidentiality Management Regulations,” which establish clear restrictions for external visitors entering production areas, including prohibitions on photography, video recording, and audio recording, thereby preventing information leakage risks at the source. At the physical security level, infrared perimeter protection is deployed around manufacturing sites, and access control systems are implemented in core confidential areas to ensure that only authorized personnel are granted access. Confidential assets in transit are stored and transported using dedicated secure transport containers to ensure the protection of core business secrets.
  4. Information Security Management: The Company has obtained both ISO 27001:2022 and TISAX information security certifications and conducts quarterly social engineering exercises.
  5. The Company strictly maintains the security of network systems and electronic platform environments to prevent leakage or unauthorized dissemination of customer confidential information and to protect customer rights and interests.
  6. Regular training programs and awareness campaigns regarding personal data protection regulations and information security are conducted to strengthen employees’ compliance awareness relating to business confidentiality and customer privacy protection.
  7. The Company has established an AI Tool Usage Management Policy that prohibits employees from uploading confidential information to external AI tools and encourages the use of internally hosted closed AI platforms to protect trade secrets.
GDPR – EU General Data Protection Regulation
Subsidiary Getac Technology complies with the EU General Data Protection Regulation (GDPR) and has established a comprehensive personal data protection governance framework and management mechanism for products and services involving EU data subjects. The Company has implemented a Personal Data Protection Policy and procedures for handling data subject rights requests in accordance with GDPR requirements, and regularly reviews the privacy statement on its official website to ensure that data collection and usage comply with the principles of lawfulness and transparency. For third-party management, data protection clauses are incorporated into cooperation agreements to reduce personal data risks associated with outsourced processing activities. For cross-border data transfers, the Company has adopted and fully implemented the latest Standard Contractual Clauses (SCCs) issued by the European Commission as the compliance basis for personal data transfers between Getac Technology Corporation and its subsidiaries, ensuring compliance with the latest EU regulatory requirements.

The Company has also appointed a Data Protection Manager to oversee related matters and respond to data subject rights requests. In addition, regular training and internal awareness programs are conducted to strengthen employees’ understanding of personal data protection regulations and practices. In 2025, the Company held the “Getac Technology Personal Data Protection Training Program,” with 442 employees completing the training and a completion rate of 93.6%. Participants were required to achieve a test score of at least 80 to complete the course. No GDPR-related complaints were received in 2025.

Annual Implementation Status of Customer Privacy and Personal Data Protection
1. The completion rate for signing employment contracts containing confidentiality clauses with new employees reached 100%.
2. In 2025, there were no substantiated incidents involving information leakage, theft, or loss of customer data.
  • Total number of substantiated complaints concerning breaches of customer privacy received from regulatory authorities: 0 cases
  • Total number of substantiated complaints concerning breaches of customer privacy received from external parties and verified by the Company: 0 cases
Contact Point for Personal Data Protection Complaints and Inquiries
The Company has established a personal data protection contact window to provide employees and external stakeholders with channels for complaints, reporting, and consultation regarding personal data protection matters. If an incident occurs that may affect the rights and interests of data subjects, the Company will conduct reporting, investigation, and handling procedures in accordance with internal protocols.
For rights that data subjects may exercise under applicable laws—such as inquiry, access, supplementation, correction, suspension of collection, processing or use, and deletion—the Company will carry out identity verification and response procedures in accordance with relevant regulations, and retain related records for audit purposes.

Personal Data Protection Complaints
Personal Data Protection Manager
dpm.LAC@getac.com.tw
 
  • CEO Messages

  • Sustainability Communication

  • Ethical Management

  • Sustainable Supply Chain

  • Prohibiting Procurement Of Conflict Minerals

  • Environmental Protection

  • Green Product

  • Friendly Workplace

  • Social participation

  • CSR Questionnaire

  • We sincerely welcome any suggestions regarding this Report.

    Irene Sun
    Corporation Relations Office
    Email: Getac.csr@getac.com.tw

  • Irregular Business Conduct Reporting

    Lisa Kung
    Director of Auditing Office
    Email: gtcaudit@getac.com.tw