• I. Policy purpose
    This policy aims to standardize the disposal process of company data, ensure data security, compliance, and integrity, prevent data leakage, abuse, or misuse, and comply with relevant laws and regulations.

    II. Scope of application
    This policy applies to the code of conduct for all departments, employees, and business partners of the company when handling company data.

    III. Data Classification
    Sensitive data: including but not limited to customer information, employee information, financial information, trade secrets, etc.
    General data: refers to non-sensitive data, such as internal company documents, reports, meeting minutes, etc.

    IV. Data Disposal Principles
    Principle of Minimization: Process and store data only when necessary, avoiding unnecessary data collection and storage.
    Security principle: Ensure that data is not accessed, leaked, tampered with, or destroyed without authorization during the disposal process.
    Compliance principle: Comply with relevant laws and regulations and industry standards to ensure data compliance.
    Integrity principle: Ensure that data is not destroyed or lost during the disposal process, and maintain the integrity of the data.

    V. Data Disposal Process
    Evaluation and Decision-making:
    Evaluate the data that needs to be disposed of to determine its sensitivity and importance.
    According to the evaluation results, the disposal methods of decision-making data such as deletion, archiving, encryption, etc.
    Approval and authorization:
    Submit the data disposal plan to the relevant departments for approval.
    After approval, designated personnel are responsible for implementing the data disposal plan to ensure clear authorization and accountability.
    Perform the disposal:
    For sensitive data, use secure data erasing tools to completely delete or encrypt it.
    For general data, choose to delete or archive according to actual needs.
    During the data handling process, ensure the integrity and security of the data to prevent data leakage.
    Records and Reports:
    Detailed records of the data handling process, including time, location, personnel, methods, etc.
    Submit data disposal reports to relevant departments on a regular basis to ensure information transparency and traceability.

    VI. Data Backup and Recovery
    For important data, regular backups should be made to ensure data security and recoverability.
    Backup data should be stored in a secure and reliable location, and regularly verified and tested for recovery.

    VII. Responsibility and Supervision
    Each department should designate a person responsible for data disposal and establish a sound data disposal management system.
    The company should regularly inspect and audit the disposal of data to ensure compliance and effectiveness of data disposal work.
    Employees should consciously abide by the requirements of this policy, actively participate in data disposal work, and report any violations discovered.

    VIII. Handling of Violations
    The company will take appropriate measures against any violation of this policy, including but not limited to verbal warnings, written warnings, fines, termination of labor contracts, etc., depending on the severity of the situation. At the same time, the company reserves the right to pursue legal liability against the relevant responsible person.

    VIIII. Supplementary Provisions
    This policy shall come into effect on the date of its issuance and shall be interpreted and revised by the company's management.
    Any matters not covered in this policy shall be implemented in accordance with relevant laws and regulations and other relevant provisions of the company.