BSOS Privacy and Information Security Policy
Last Updated: May 7, 2026 BSOS ("we", "us", or "our") is dedicated to safeguarding your personal information and ensuring the highest level of data security. This Privacy and Information Security Policy describes how we collect, process, and protect your personal identifiable information (PII) when you access or use our website (bsos.co) and related services. To demonstrate our commitment to your privacy and security, our data protection practices are strictly governed by Taiwan's Personal Data Protection Act (PDPA) , as well as the international standards of ISO/IEC 27701 for Privacy Information Management Systems (PIMS) and ISO/IEC 27001:2022 for Information Security Management Systems (ISMS).
1.
Information We Collect
We collect information you provide directly to us, as well as information generated automatically through your interaction with our Site:
•
Information You Provide Directly: Such as your name, email address, postal address, phone number, and any other details you choose to submit when contacting us or using our services.
•
Automated Server Logs & Device Information: When you access our Site, our servers automatically record standard log data. This includes your IP address, browser type and version, operating system, the date and time of your visit, and the pages you request. This data is strictly used for ensuring system stability, cybersecurity monitoring, and basic analytics.
2.
Purpose of Data Processing & The CIA Triad We process your information to provide, maintain, and improve our services, respond to inquiries, and communicate with you. As an ISO 27001 compliant organization, all data processing strictly adheres to the CIA Triad of information security
•
Confidentiality: Ensuring that your information is accessible only to authorized and authenticated personnel.
•
Integrity: Safeguarding the accuracy and completeness of your data by preventing unauthorized modifications.
•
Availability: Ensuring that our systems and your information remain accessible to you when needed, supported by comprehensive ICT readiness for business continuity.
3.
Advanced Data Security & ISO Controls
While no digital environment is completely invulnerable, we have implemented rigorous technical and organizational measures in accordance with ISO/IEC 27001:2022 to protect your data:
•
Data Masking & Secure Deletion: We protect sensitive PII using encryption, randomization, and data masking. When your data is no longer required for its intended purpose, it is permanently destroyed using secure methods such as electronic overwriting or cryptographic erasure.
•
Cloud Security & Activity Monitoring: We enforce strict access controls on our cloud infrastructure. We continuously monitor server activities and network traffic to detect anomalies, prevent data leakage, and mitigate cyber threats based on the latest threat intelligence.
•
Secure Coding: Our platforms and websites are developed adhering to secure coding principles to minimize potential security vulnerabilities from the ground up.
4.
Information Sharing & Legal Disclosures
We may share your information with trusted service providers who assist us in operating our infrastructure, or when required to respond to legal requests (such as a subpoena, court order, or government demand) and to protect our rights, property, or safety. We will not sell, exchange, or rent your personal information to other organizations or individuals without your prior consent.
5.
Your Privacy Rights (Global Compliance & Standards)
In alignment with international privacy standards (including ISO 27701 PIMS) and applicable data protection regulations, we ensure you maintain full control over your personal information. Except as otherwise provided by law, you have the right to exercise the following regarding your data:
•
Inquiry or Request for Review: You may inquire about or request to review the personal data we hold about you.
•
Request for Copies: You may request a copy of your personal data.
•
Supplement or Correct: You may request to supplement or correct any inaccurate information.
•
Cessation of Collection, Processing, or Use: You may request that we stop collecting, processing, or using your data in certain circumstances.
•
Request for Erasure: You may request the deletion of your personal data when it is no longer needed for the purposes for which it was collected.
•
Request for Duplications: You may request a copy of your personal data.
•
Request to Supplement or Correct: You may request to supplement or correct your personal data.
•
Request to Discontinue Processing: You may request us to discontinue the collection, processing, or use of your personal data.
•
Request to Delete: You may request the deletion of your personal data when the specific purpose of collection no longer exists or the retention period expires.
•
Communication Preferences: You may opt out of receiving marketing communications from us at any time by following the instructions provided in those emails.
6.
Policy Updates
We may update this Privacy and Information Security Policy periodically to reflect changes in legal requirements or our operational practices. We will revise the "Last Updated" date at the top of this policy when such changes occur.
7.
Contact Us
If you have any questions, wish to exercise your data privacy rights, or need to report a security concern, please contact us at: Email: contact@bsos.co United States Office: 1013 Centre Rd. Suite 403-A, Wilmington, New Castle 19805 United States Taiwan Office: 17F.-7, No. 267, Sec. 2, Dunhua S. Rd., Da’an Dist., Taipei City 106, Taiwan (R.O.C.)