Information Security and Privacy Statement
When you (including natural and legal persons, hereinafter referred to as "the User") use the cloud services (the "Services") provided by Gamania CloudForce Co., Ltd (hereinafter referred to as "Gamania CloudForce" or "the Company"), you entrust valuable data to the Company for safekeeping. The Company is committed to protecting the security and privacy of User data. Accordingly, the Company processes data in accordance with applicable laws and regulations, including the Personal Data Protection Act, and in compliance with its internal procedures and information security policies.
I. Information Security Policy
The Services integrate on-premises data centers with cloud solutions to provide maximum flexibility. To ensure network security, the Company monitors system availability 24/7 to minimize the impact of service interruptions. In the event of an information security incident (including but not limited to system downtime or unauthorized access to account information), the Company will strive to preserve all relevant evidence and logs.
(1) Definition of Customer Data
"Customer Data" refers to the data provided by the User in the course of using the Services, but excludes "Account Information." "Account Information" means information provided by the User to the Company for the purpose of account management, including, but not limited to, account names and email addresses. Account Information is governed by the "Gamania CloudForce Privacy and Security Statement."
Users who are natural persons and wish to exercise their rights relating to personal data are advised to refer to the "Data Subject Rights" webpage.
(2) Information Security Roles and Responsibilities
The Company provides the underlying infrastructure, including virtualization environments (hypervisors), physical host equipment supporting such virtualization environments, related network infrastructure, storage devices, user operation platforms, and the physical security of cloud data centers. The company continuously monitors, identifies, and remediates potential technical vulnerabilities within the components, service platforms, and infrastructure used, and will make announcements through public channels in the event of any material changes to services or security and control measures.
The User shall be solely responsible for ensuring the information security of the virtualized environment generated as a result of the use of the Services, as well as the end-user devices (including but not limited to PCs and handheld devices) used to access the services.
(3) Information Security Measures
The Company's information security practices comply with ISO 27001, ISO 27017, and ISO 27018 standards, and are subject to regular reviews and audits conducted by independent third parties.
All system components and data used to provide the Services are supported by appropriately planned backup environments. The Company conducts continuous, comprehensive monitoring of available resources on a 24/7 basis, without involving any specific user data, in order to maintain service continuity.
In the event of a service interruption, service fees shall be reduced in accordance with the Service Level Agreement (SLA) agreed upon in the applicable contract, except where such interruption is caused by duly announced scheduled maintenance. Where necessary infrastructure changes or maintenance may result in service interruptions, the Company will, to the extent practicable, make announcements through channels accessible to users, describing the scope and duration of the potential impact.
The management backend of the Services is operated and maintained through high secure channels. All operations personnel are authenticated using dedicated accounts and perform management activities exclusively through encrypted connections.
Each user accesses the Services using a unique and non-duplicative User ID, in order to minimize the risks of data misuse or unauthorized access.
The Company employs a delegated management strategy for User IDs used in the cloud services. Through appropriate self-service channels, available resources are authorized to cloud service users, who then manage subsequent system usage and resource administration using their own accounts, including the management of derived accounts and access permissions. Under no circumstances will the Company's operations or administrative personnel view or modify Customer Data without an explicit request from, and authorization by, the User.
The Company's Infrastructure synchronizes time using NTP standards based on internationally recognized time servers; however, minor discrepancies from official national standard time may occur due to Internet transmission latency.
II. Privacy Statement
The Services integrate on-premises data centers with cloud solutions to provide maximum flexibility. To ensure network security, the Company monitors system availability 24/7 to minimize the impact of service interruptions. In the event of an information security incident (including but not limited to system downtime or unauthorized access to account information), the Company will strive to preserve all relevant evidence and logs.
(1) Definition of Customer Data
"Customer Data" refers to the data provided by the User in the course of using the Services, but excludes "Account Information." "Account Information" means information provided by the User to the Company for the purpose of account management, including, but not limited to, account names and email addresses. Account Information is governed by the "Gamania CloudForce Privacy and Security Statement."
Users who are natural persons and wish to exercise their rights relating to personal data are advised to refer to the "Data Subject Rights" webpage.
(2) Information Security Roles and Responsibilities
The Company provides the underlying infrastructure, including virtualization environments (hypervisors), physical host equipment supporting such virtualization environments, related network infrastructure, storage devices, user operation platforms, and the physical security of cloud data centers. The company continuously monitors, identifies, and remediates potential technical vulnerabilities within the components, service platforms, and infrastructure used, and will make announcements through public channels in the event of any material changes to services or security and control measures.
The User shall be solely responsible for ensuring the information security of the virtualized environment generated as a result of the use of the Services, as well as the end-user devices (including but not limited to PCs and handheld devices) used to access the services.
(3) Information Security Measures
The Company's information security practices comply with ISO 27001, ISO 27017, and ISO 27018 standards, and are subject to regular reviews and audits conducted by independent third parties.
All system components and data used to provide the Services are supported by appropriately planned backup environments. The Company conducts continuous, comprehensive monitoring of available resources on a 24/7 basis, without involving any specific user data, in order to maintain service continuity.
In the event of a service interruption, service fees shall be reduced in accordance with the Service Level Agreement (SLA) agreed upon in the applicable contract, except where such interruption is caused by duly announced scheduled maintenance. Where necessary infrastructure changes or maintenance may result in service interruptions, the Company will, to the extent practicable, make announcements through channels accessible to users, describing the scope and duration of the potential impact.
The management backend of the Services is operated and maintained through high secure channels. All operations personnel are authenticated using dedicated accounts and perform management activities exclusively through encrypted connections.
Each user accesses the Services using a unique and non-duplicative User ID, in order to minimize the risks of data misuse or unauthorized access.