Privacy Policy

We are committed to protecting your privacy and ensuring the security of your personal information. This policy explains how we collect, use, and safeguard your data.

1. Introduction and Data Controller Information

Dyadic Solutions Ltd. ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information in compliance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller Details:

2. Legal Basis for Processing (Article 6 GDPR)

We process your personal data based on the following lawful bases under Article 6 of the GDPR:

2.1 Legitimate Interests (Article 6(1)(f))

  • Business development and marketing communications
  • Website analytics and performance optimization
  • Fraud prevention and security monitoring
  • Customer relationship management

Balancing Test: We have conducted assessments to ensure our legitimate interests do not override your fundamental rights and freedoms.

2.2 Consent (Article 6(1)(a))

  • Newsletter subscriptions and marketing emails
  • Optional cookies and tracking technologies
  • Special promotional communications

2.3 Contract Performance (Article 6(1)(b))

  • Processing service requests and project inquiries
  • Delivering contracted services and support
  • Managing client relationships and communications

2.4 Legal Obligation (Article 6(1)(c))

  • Compliance with accounting and tax requirements
  • Responding to legal requests and court orders
  • Meeting regulatory obligations

3. Information We Collect

3.1 Personal Data Collected Directly (Article 13 GDPR)

When you interact with our services, we may collect:

Contact Information:

  • Full name, email address, phone number
  • Company name, job title, business address
  • Professional requirements and project specifications

Communication Data:

  • Messages sent through contact forms
  • Email correspondence and support tickets
  • Meeting notes and consultation records
  • Voice recordings from sales calls (with explicit consent)

Technical Service Data:

  • Project requirements and specifications
  • Technical documentation and preferences
  • Service delivery and performance metrics

3.2 Information Collected Automatically (Article 13 GDPR)

Technical Data:

  • IP address, browser type and version
  • Operating system and device information
  • Screen resolution and display preferences
  • Time zone settings and location data

Usage Analytics:

  • Pages visited and time spent on each page
  • Click patterns and user journey tracking
  • Referral sources and search terms
  • Error logs and performance metrics

Cookies and Tracking:

  • Essential cookies for website functionality
  • Analytics cookies for performance measurement
  • Preference cookies for user settings
  • Marketing cookies for advertising (with consent)

4. Purposes of Processing and Retention Periods

4.1 Service Provision and Customer Management

  • Purpose: Respond to inquiries, deliver services, provide support
  • Retention: 7 years after final service delivery or inquiry resolution
  • Legal Basis: Contract performance, legitimate interests

4.2 Marketing and Business Development

  • Purpose: Send newsletters, promotional content, industry insights
  • Retention: Until consent is withdrawn or 3 years of inactivity
  • Legal Basis: Consent, legitimate interests (existing customers)

4.3 Website Analytics and Optimization

  • Purpose: Improve website performance, user experience, security
  • Retention: 26 months for analytics data, 13 months for performance logs
  • Legal Basis: Legitimate interests

4.4 Legal and Regulatory Compliance

  • Purpose: Tax records, audit requirements, legal proceedings
  • Retention: As required by applicable law (typically 7-10 years)
  • Legal Basis: Legal obligation

5. Information Sharing and Disclosure

5.1 Third-Party Service Providers

We share personal data with carefully vetted processors who assist with:

Technology Services:

  • Website hosting (AWS, CloudFlare)
  • Email delivery services (SendGrid, Mailchimp)
  • Analytics platforms (Google Analytics, Hotjar)
  • Customer relationship management (HubSpot, Salesforce)

Business Operations:

  • Payment processing (Stripe, PayPal)
  • Accounting and tax services
  • Legal and professional advisory services
  • IT security and backup services

All processors are bound by Data Processing Agreements (DPAs) that ensure GDPR compliance.

5.2 Legal Disclosures

We may disclose personal data when required by law or to:

  • Comply with court orders, legal processes, or regulatory investigations
  • Protect our rights, property, or safety, or that of others
  • Investigate potential fraud, security threats, or policy violations
  • Facilitate business transfers (mergers, acquisitions, asset sales)

5.3 International Data Transfers

Transfer Mechanisms:

  • Adequacy Decisions: Transfers to countries with adequate protection levels
  • Standard Contractual Clauses (SCCs): EU-approved contractual safeguards
  • Binding Corporate Rules: For multinational service providers
  • Certification Schemes: Privacy Shield successors and equivalent frameworks

Transfer Impact Assessments: We conduct regular assessments to ensure appropriate safeguards remain effective.

6. Data Security and Protection Measures

6.1 Technical Safeguards

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Multi-factor authentication, role-based permissions
  • Network Security: Firewalls, intrusion detection, DDoS protection
  • Backup and Recovery: Encrypted backups with tested restoration procedures

6.2 Organizational Measures

  • Staff Training: Regular privacy and security awareness programs
  • Access Management: Need-to-know principle, regular access reviews
  • Incident Response: Documented procedures for breach detection and response
  • Vendor Management: Due diligence and ongoing security assessments

6.3 Data Breach Notification

In the event of a personal data breach:

  • Supervisory Authority: Notification within 72 hours (where feasible)
  • Data Subjects: Direct notification when high risk to rights and freedoms
  • Documentation: Comprehensive breach register and impact assessments

7. Your Rights Under GDPR (Articles 15-22)

7.1 Access Rights (Article 15)

  • Request copies of your personal data
  • Receive information about processing purposes and recipients
  • Obtain details about retention periods and your rights

7.2 Rectification Rights (Article 16)

  • Correct inaccurate or incomplete personal data
  • Update outdated information
  • Supplement missing data relevant to processing purposes

7.3 Erasure Rights (Article 17)

  • Request deletion of personal data in specific circumstances
  • Withdraw consent for consent-based processing
  • Object to unlawful processing or retention

7.4 Restriction Rights (Article 18)

  • Limit processing while disputing accuracy or lawfulness
  • Restrict use when data is no longer needed but required for legal claims
  • Object to processing based on legitimate interests

7.5 Portability Rights (Article 20)

  • Receive personal data in structured, machine-readable format
  • Transfer data directly to another controller (where technically feasible)
  • Apply to automated processing based on consent or contract

7.6 Objection Rights (Article 21)

  • Object to processing based on legitimate interests
  • Opt-out of direct marketing at any time
  • Object to profiling and automated decision-making

7.7 Rights Related to Automated Decision-Making (Article 22)

  • Not to be subject to solely automated decisions with legal/significant effects
  • Request human intervention in automated processes
  • Challenge automated decisions and request manual review

Exercising Your Rights:

  • Response Time: Within 1 month (extendable to 3 months for complex requests)
  • Verification: Identity verification required for security
  • Free of Charge: No fees for reasonable requests
  • Contact: privacy@dyadicsolutions.com.tw

8. Cookies and Tracking Technologies

8.1 Cookie Categories

Strictly Necessary Cookies:

  • Session management and security
  • Load balancing and performance
  • Fraud prevention and protection

Analytics Cookies (Consent Required):

  • Google Analytics 4 with IP anonymization
  • Hotjar for user experience analysis
  • Custom analytics for performance monitoring

Marketing Cookies (Consent Required):

  • Advertising platform pixels (Google Ads, LinkedIn)
  • Retargeting and conversion tracking
  • Social media integration

8.2 Cookie Management

  • Consent Banner: Granular consent options for non-essential cookies
  • Preference Center: Manage cookie settings at any time
  • Browser Controls: Instructions for browser-level cookie management
  • Withdrawal: Easy consent withdrawal mechanisms

9. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will:

  • Delete the information immediately
  • Notify the child's parent or guardian (where identifiable)
  • Implement additional verification measures

Parental Rights: Parents may request access to, modification of, or deletion of their child's data.

10. Data Protection Impact Assessments (DPIAs)

We conduct DPIAs for high-risk processing activities including:

  • Large-scale processing of special category data
  • Systematic monitoring of public areas
  • Automated decision-making with legal effects
  • Processing of vulnerable individuals' data

DPIA Documentation: Available upon request for transparency purposes.

11. Privacy by Design and Default

Our data protection approach incorporates:

  • Purpose Limitation: Processing only for specified, legitimate purposes
  • Data Minimization: Collecting only necessary personal data
  • Accuracy: Ensuring data is up-to-date and correct
  • Storage Limitation: Retaining data only as long as necessary
  • Security: Implementing appropriate technical and organizational measures

12. Cross-Border Data Transfers

12.1 Transfer Locations

  • Primary Processing: European Economic Area (EEA)
  • Secondary Processing: United States (adequacy decision pending)
  • Backup Storage: Multiple geographic regions with adequate protection

12.2 Transfer Safeguards

  • Standard Contractual Clauses approved by European Commission
  • Adequacy decisions for specific countries
  • Binding Corporate Rules for multinational processors
  • Certification schemes and codes of conduct

12.3 Transfer Impact Assessments

Regular assessments ensure ongoing protection effectiveness considering:

  • Political and legal environment in destination countries
  • Practical access and surveillance laws
  • Available legal remedies and enforcement mechanisms

13. Supervisory Authority and Complaints

13.1 EU Data Protection Authorities

You have the right to lodge complaints with supervisory authorities, including:

  • Your habitual residence authority
  • Your place of work authority
  • The authority where the alleged infringement occurred

13.2 Contact Information

Lead Supervisory Authority: [To be determined based on main establishment] Local Authorities: Contact details available at https://edpb.europa.eu/

Internal Complaints: privacy@dyadicsolutions.com.tw

14. Policy Updates and Notifications

14.1 Update Procedures

  • Significant Changes: Direct notification via email to registered users
  • Minor Updates: Website notification and version tracking
  • Legal Requirements: Immediate updates for regulatory changes

14.2 Notification Methods

  • Email notifications to active users
  • Website banners and popup notifications
  • Account dashboard alerts (where applicable)
  • Social media announcements for major changes

14.3 Historical Versions

Previous policy versions are maintained and available upon request.

15. Contact Information and Data Protection Officer

15.1 Data Protection Inquiries

Email: privacy@dyadicsolutions.com.tw
Phone: +886-2-2325-3256
Address: 8 F., No. 1, Sec. 4, Nanjing E. Rd., Songshan Dist., Taipei City 105609, Taiwan

15.2 Data Protection Officer

While not legally required for our processing activities, we have designated a privacy contact for data protection matters: Privacy Contact: privacy@dyadicsolutions.com.tw

15.3 Response Commitments

  • Acknowledgment: Within 48 hours of receipt
  • Resolution: Within 30 days for standard requests
  • Complex Matters: Up to 3 months with progress updates
  • Urgent Security Issues: Within 24 hours

16. Governing Law and Jurisdiction

This Privacy Policy is governed by:

  • Primary Law: European Union General Data Protection Regulation (GDPR)
  • National Law: Data protection laws of the country where you are located
  • Contractual Disputes: Taiwan law for service-related matters

Jurisdiction: EU courts for data protection matters, Taiwan courts for commercial disputes.

Document Control:

  • Version: 2.0
  • Author: Legal Department, Dyadic Solutions Ltd.
  • Review Date: January 15, 2026
  • Approval: Data Protection Officer

For questions about this Privacy Policy, please contact privacy@dyadicsolutions.com.tw.