Patisco (貿商道) Privacy Policy

Last Updated: January 8, 2026

Patisco 貿商道 (the “Platform”) is operated by Xinosys Co., Ltd. (the “Company,” “we,” “us,” or “our”). We place great importance on users’ personal privacy and the security of corporate data. This Privacy Policy explains how we collect, process, use, and protect information you provide when using the Platform.

1. Legal Compliance

The Platform strictly complies with the Personal Data Protection Act of the Republic of China (Taiwan) and related laws and regulations. For users of cross-border services, we also follow the spirit of the EU General Data Protection Regulation (GDPR) and adopt high standards of information protection.

2. Categories and Purposes of Information Collection

When you register for or use Patisco, we may collect the following information:

• Identity and Contact Information: name, job title, company name, email address, phone number, and company mailing address.

• Transaction and Document Data: product specifications, quotations, purchase orders (PO), proforma invoices (PI), and change records created through collaboration between parties.

• Technical Data: IP address, browser type, device information, cookies, and system operation logs.

Purposes of collection: to provide trade collaboration services, identity verification, transaction recordkeeping, customer support, system optimization, and the delivery of necessary business-related notifications.

3. Principles of Data Use: Trust Network and Audit Trail

• Internal Use: All data is used only to the extent necessary for providing the Platform’s services.

• Non-Repudiation Records: To maintain the trust foundation of B2B trade, the system automatically records each document’s “send” time, the operator, and modification history. These audit trails will be properly retained for the duration of the trading relationship and for any legally required retention period as evidence preservation, and cannot be deleted at the unilateral request of one party.

• Anonymized Analytics: On the premise of de-identification (not involving specific company names or personal identities), the Company may use aggregated Platform data (e.g., trade hotspots, currency distribution) for big-data analysis and service improvement.

4. Data Sharing and Third-Party Services

The Company does not sell or rent your data to third parties. However, we may share data as necessary under the following circumstances:

• Trading Counterparties: When you send invitations or submit trade documents on the Platform, the invited party may access the relevant business information you share.

• API Integrations / Third-Party Services: If you enable third-party services (e.g., payment services such as PayPal, PayUni, or integrations with ERP/CRM systems), we will transmit necessary data to the third-party service provider in accordance with your authorization.

• Legal Requirements: Where required by legal procedures, judicial investigations, or requests from law enforcement or competent authorities.

5. Information Security Measures

• Encryption: The Platform uses SSL (Secure Sockets Layer) site-wide to enforce encrypted transmission, ensuring that your data is not intercepted or tampered with during transmission.

• Access Control: The system provides multi-level role-based access control (RBAC). Users should configure internal accounts with the principle of least privilege.

• User Self-Protection: Please safeguard your account and password and do not provide them to others. Any privacy leakage caused by improper account management shall be borne by the user.

6. Use of Cookies

To provide a better user experience, the Platform uses cookies to record your login status and operational preferences. You may refuse cookies through your browser settings, but doing so may cause certain Platform features (such as auto-login or collaboration tools) to function improperly.

7. Data Subject Rights and Corrections

You have the right to log into the Platform to inquire about, review, obtain a copy of, or correct your personal data. If you wish to delete your account (terminate your subscription), we will handle deletion or cessation of use of data in accordance with the Subscription Agreement and applicable laws; however, transaction audit trails that have already been generated are not subject to deletion under this provision.

8. Amendments to This Policy

The Company reserves the right to amend this Policy at any time. If there are material changes, we will announce them on the official website or notify users by email. If you continue to use the Services after the amendments take effect, you will be deemed to have agreed to the updated Policy.