In order to safeguard personal data and privacy rights, the Company has established a personal data protection system in accordance with the Personal Data Protection Act. This system ensures that all personal data is collected, processed, and utilized in a manner that complies with legal requirements and is managed responsibly.

The Company has established the "Personal Data Protection Management Regulations," "Personal Data Control Guidelines," and "Privacy Policy," which specify the purpose of personal data collection, the scope of its use, methods of storage, and the associated management responsibilities. These policies serve as the guiding principles for all units involved in the handling of personal data, ensuring that data access control and management mechanisms are effectively in place. The policy applies to all customers and suppliers.

• The Company integrates personal data protection requirements into daily operations through document management systems and employee training programs. This ensures continuous promotion and implementation of personal data protection practices, reinforcing employee awareness of data protection and legal compliance.
• As the customer demographics and usage of personal data differ between the company’s official website and its sales platform, distinct privacy policies have been created for each to ensure that personal data collection, processing, and utilization comply with relevant legal regulations. 

      For further details on the privacy policies for each platform, please refer to the links below：

1. Company Website：https://www.jiaweils.com/StaticPage/PrivacyPolicy
2. Online Shopping Website：https://prepara.com.tw/pages/privacy-policy 

    For questions regarding our Privacy Policy, please use the “Contact Us” function on the respective website or email us at：

1. Company Email：services@jiaweils.com
2. Online Shopping Email：service@prepara.com.tw

The Company focused on three key aspects of personal data protection: "Employee Personal Data Protection Training," "Internal Management and Technical Safeguards," and "Incident Response and Risk Management." The following actions were taken to reinforce the personal data protection policy：

1. Employee Personal Data Protection Training：A training session titled "Introduction to the Personal Data Protection Act and Practical Guidelines" was conducted, with a total of 104 training hours and 52 participants. This training aimed to enhance employees' understanding of relevant regulations and practical applications, ensuring that personal data protection requirements are effectively implemented in daily operations. 
2. Internal Management and Technical Safeguards：At least one data access rights review is conducted annually to ensure proper access control and safeguard personal data.
3. Incident Response and Risk Management：In 2025, there were no incidents involving violations of the Personal Data Protection Act, and no employees were found to have engaged in any misconduct regarding data protection.