YC Holdings Inc.
YC Holdings Inc.
  • Home
  • About YC
  • Solutions
  • Success Cases
  • Partners
  • KYC
  • Climate Change Classroom
  • News & Events
  • ESG
  • Contact Us
  • Privacy Policy
  • More
    • Home
    • About YC
    • Solutions
    • Success Cases
    • Partners
    • KYC
    • Climate Change Classroom
    • News & Events
    • ESG
    • Contact Us
    • Privacy Policy
  • Home
  • About YC
  • Solutions
  • Success Cases
  • Partners
  • KYC
  • Climate Change Classroom
  • News & Events
  • ESG
  • Contact Us
  • Privacy Policy

Privacy Policy

 Website Privacy Policy

YC Holdings Inc.

Effective Date: February 23, 2026

Last Updated: February 23, 2026

  

1. Introduction

YC Holdings Inc. (hereinafter referred to as "YC Holdings," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Website Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website at www.yourcarbon.com.tw and use our online services, in accordance with the Taiwan Personal Data Protection Act (PDPA) and applicable data protection regulations[1].

This Privacy Policy applies to:

• Website visitors and users

• Platform users (www.yourcarbon.com.tw and related online services)

• Prospective clients and business partners

• Newsletter subscribers

• Contact form users

• Online account holders

By accessing or using our website, you acknowledge that you have read, understood, and agreed to this Privacy Policy. If you do not agree with our practices, please do not use our website.

2. Data Controller Information

Company Name: YC Holdings Inc. (永智顧問股份有限公司)

Business Registration:[Company Registration Number]

Address: Taichung, Taiwan

Contact Email: service@yourcarbon.com.tw

Data Protection Officer (DPO): [DPO Name and Contact Information]

For any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact our Data Protection Officer at the above email address.

3. Types of Personal Data We Collect

We collect and process various categories of personal data depending on the nature of our relationship with you and the services you use[1]:

3.1 Identification Information

• Full name

• National identification number or passport number

• Date of birth

• Gender

• Photographs or identification documents

• Digital signatures

3.2 Contact Information

• Email address

• Telephone number (mobile and landline)

• Physical address (residential or business)

• Mailing address

3.3 Financial and Transaction Information

• Bank account details

• Payment card information

• Transaction history and records

• Carbon credit trading information

• Invoice and billing information

• Payment method preferences

3.4 Business and Professional Information

• Company name and registration details

• Business license information

• Professional qualifications and certifications

• Employment information

• Business relationship history

• ESG and sustainability data

• Carbon inventory and emissions data

• Internal control documentation

3.5 Technical and Usage Information

• IP address and device identifiers

• Browser type and version

• Operating system and device information

• Referring/exit pages and URLs

• Date and time stamps of website visits

• Clickstream data and page views

• Log files and access records

• Cookies and similar tracking technologies

• Platform usage patterns and analytics

• Login credentials and authentication data

• Geolocation data (with your consent)

3.6 Communication Records

• Email correspondence

• Customer service inquiries and responses

• Meeting records and notes

• Recorded calls (with consent)

• Chat and messaging records

3.7 Compliance and Due Diligence Information

• Know Your Customer (KYC) documentation

• Anti-Money Laundering (AML) verification records

• Compliance screening results

• Audit and verification documents

• Legal and regulatory filings

4. How We Collect Personal Data

We collect personal data through various methods:

4.1 Direct Collection from Website Users

• Online registration and account creation forms

• Contact forms and inquiry submissions

• Newsletter subscription forms

• Platform account registration

• Service request forms

• Customer service chat and interactions

• Email communications

• Online surveys and feedback forms

• Download forms (e.g., whitepapers, reports)

• Event registration and webinar sign-ups

4.2 Automated Collection from Website Activity

• Cookies and similar tracking technologies (web beacons, pixels, tags)

• Server logs and web analytics tools (e.g., Google Analytics)

• Session recording and heatmap tools (with anonymization)

• Website usage monitoring and behavior tracking

• Search queries on our website

• Form interaction data

• Security and fraud detection systems

• Error reports and diagnostic data

4.3 Third-Party Sources

• Business partners and service providers

• Public registers and databases

• Credit reference agencies

• Compliance and verification service providers

• Carbon registry platforms (e.g., Verra, Gold Standard)

• Government agencies and regulatory authorities

5. Legal Basis and Purposes for Processing Personal Data

Under the Taiwan PDPA, we process personal data based on the following legal grounds and for the following purposes[2]:

5.1 Contract Performance

To perform our contractual obligations with you, including:

• Providing ESG consulting and advisory services

• Operating the ASPNex Platform 

• Delivering internal control and governance solutions

• Managing sustainability and carbon inventory systems

• Processing transactions and payments

• Fulfilling service agreements

5.2 Legal Obligations

To comply with legal and regulatory requirements:

• Taiwan PDPA compliance and data protection obligations

• Financial services regulations and reporting

• Anti-money laundering (AML) and counter-terrorism financing requirements

• Tax laws and accounting standards

• Securities and exchange regulations

• Environmental regulations and carbon reporting

• Corporate governance and internal control requirements

• Court orders and law enforcement requests

5.3 Legitimate Interests

To pursue our legitimate business interests while respecting your rights:

• Business development and relationship management

• Marketing and promotional activities (subject to opt-out rights)

• Platform security and fraud prevention

• System maintenance and improvement

• Business analytics and performance monitoring

• Risk management and compliance

• Protecting our legal rights and interests

5.4 Consent

Where required by law, we obtain your explicit consent for:

• Processing sensitive personal data

• Marketing communications

• Sharing data with third parties for non-essential purposes

• Cookies and tracking technologies (where legally required)

• Recording phone calls

You have the right to withdraw your consent at any time by contacting our Data Protection Officer.

6. How We Use Personal Data

We use personal data for the following specific purposes:

6.1 Website and Service Delivery

• Providing access to our website and online services

• Account creation and management

• Identity verification and authentication

• Responding to inquiries and service requests

• Delivering requested information and resources

• Providing ESG consulting and sustainability services

• Delivering internal control and governance solutions

• Managing carbon inventory and emissions tracking

• Generating reports and analytics

• Customer support and service improvements

• Personalizing website content and user experience

6.2 Business Operations

• Payment processing and financial management

• Contract management and administration

• Vendor and supplier management

• Business relationship development

• Performance evaluation and quality assurance

• Internal auditing and compliance monitoring

6.3 Communication and Marketing

• Responding to inquiries and contact form submissions

• Sending service-related notifications and updates

• Providing updates on platform features and services

• Distributing newsletters, industry insights, and educational content (with consent)

• Sending promotional materials about our services (with opt-out option)

• Notifying you about events, webinars, and workshops

• Conducting customer satisfaction surveys

• Sharing relevant ESG and sustainability news

6.4 Compliance and Legal

• Conducting due diligence and KYC verification

• Meeting AML and regulatory obligations

• Maintaining records for audit and inspection

• Responding to legal requests and court orders

• Protecting against fraud, security threats, and illegal activities

• Defending legal claims and enforcing our rights

6.5 Website Analytics and Improvement

• Analyzing website traffic and user behavior (anonymized where possible)

• Understanding how visitors interact with our website

• Testing and optimizing website performance

• Improving user interface and experience

• Developing new features and services

• Conducting A/B testing and user research

• Identifying and fixing technical issues

• Conducting market research

• Developing ESG and sustainability methodologies

7. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

7.1 Service Providers and Business Partners

• Web hosting providers and cloud infrastructure services

• Content delivery networks (CDNs)

• Email service providers and marketing automation platforms

• Web analytics providers (e.g., Google Analytics)

• Payment processors and financial institutions

• Carbon registry platforms and verification bodies

• Compliance and due diligence service providers

• Legal, accounting, and professional advisors

• Customer relationship management (CRM) platforms

• Live chat and customer support software providers

• Cybersecurity and fraud prevention services

All third-party service providers are contractually obligated to protect your personal data and use it only for specified purposes.

7.2 Business Transactions

In the event of a merger, acquisition, reorganization, sale of assets, or similar corporate transaction, personal data may be transferred to the acquiring entity, subject to the same privacy protections.

7.3 Legal and Regulatory Authorities

• Government agencies and regulatory bodies

• Law enforcement authorities

• Courts and legal tribunals

• Tax authorities

• Personal Data Protection Commission (PDPC)

• Securities and exchange authorities

We disclose personal data to these entities when required by law or necessary to protect our legal rights.

7.4 Carbon Trading and Registry Partners

For users of the ASPNex Platform, we may share relevant information with:

• Carbon credit registries (e.g., Verra, Gold Standard, Taiwan GHG Registry)

• Verification and certification bodies

• Carbon project developers

• Trading counterparties (with your consent and as necessary for transaction completion)

7.5 Affiliated Companies

We may share personal data with companies within the YC Holdings group for internal administrative purposes, service delivery, and business operations, always in accordance with this Privacy Policy.

8. International Data Transfers

Some of our service providers and business partners may be located outside Taiwan. When we transfer personal data internationally, we ensure appropriate safeguards are in place, including[3]:

• Standard contractual clauses approved by data protection authorities

• Adequacy decisions recognizing equivalent data protection standards

• Binding corporate rules for intra-group transfers

• Your explicit consent where legally required

We take all reasonable measures to ensure that personal data transferred internationally receives adequate protection equivalent to that provided under Taiwan's PDPA.

9. Data Security Measures

We implement comprehensive technical, physical, and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction[4]:

9.1 Technical Security Measures

• Encryption of data in transit and at rest (SSL/TLS protocols)

• Secure authentication mechanisms and access controls

• Firewalls and intrusion detection systems

• Regular security vulnerability assessments

• Secure software development practices

• Data backup and disaster recovery procedures

• Network segmentation and monitoring

9.2 Physical Security Measures

• Restricted access to physical facilities

• Surveillance and monitoring systems

• Secure document storage and disposal procedures

9.3 Organizational Security Measures

• Employee training on data protection and security

• Confidentiality agreements with staff and contractors

• Access control policies and least privilege principles

• Incident response and data breach procedures

• Regular security audits and compliance reviews

• Vendor security assessments

9.4 Data Breach Response

In the event of a data breach that poses a risk to your rights and interests, we will:

1. Notify the Personal Data Protection Commission (PDPC) within the required timeframe

2. Notify affected individuals without undue delay

3. Take immediate remedial action to contain the breach

4. Investigate the cause and implement preventive measures

5. Maintain detailed records of the incident and response

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law:

10.1 General Retention Periods

   

Data Category


Retention Period

 

Customer account information


Duration of relationship + 5 years

 

Transaction records


5-7 years (per accounting and tax laws)

 

Carbon credit trading records


10 years (per environmental regulations)

 

Compliance and audit records


7-10 years

 

Marketing communications


Until consent withdrawn or 2 years of inactivity

 

Employee records


Duration of employment + 5 years

 

Website logs and analytics


12-24 months

 

Video surveillance footage


30-90 days (unless incident recorded)

Table 1: Standard data retention periods by category

10.2 Retention Criteria

We determine retention periods based on:

• Legal and regulatory requirements

• Contract duration and warranty periods

• Statute of limitations for legal claims

• Business operational needs

• Industry best practices

10.3 Secure Disposal

When personal data is no longer needed, we securely delete or anonymize it using appropriate methods, including:

• Secure data wiping and overwriting

• Physical destruction of storage media

• Anonymization or pseudonymization

• Documented disposal procedures

11. Your Rights as a Data Subject

Under Taiwan's PDPA, you have the following rights regarding your personal data[5]:

11.1 Right to Access

You may request access to the personal data we hold about you and receive information about how it is processed.

11.2 Right to Rectification

You may request correction of inaccurate, incomplete, or outdated personal data.

11.3 Right to Deletion

You may request deletion of your personal data when:

• It is no longer necessary for the purposes for which it was collected

• You withdraw consent (where consent is the legal basis)

• The data was unlawfully processed

• Legal obligations require deletion

11.4 Right to Restrict Processing

You may request restriction of processing in certain circumstances, such as when you contest the accuracy of the data or object to processing.

11.5 Right to Data Portability

You may request transfer of your personal data to another service provider in a structured, commonly used, and machine-readable format (where technically feasible).

11.6 Right to Object

You may object to processing based on legitimate interests, including direct marketing activities.

11.7 Right to Withdraw Consent

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

11.8 Right to Complain

You have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) if you believe your data protection rights have been violated.

PDPC Contact Information:

· Website: www.pdpc.gov.tw

· Telephone: [PDPC contact number]

· Email: [PDPC email address]

11.9 Exercising Your Rights

To exercise any of these rights, please contact our Data Protection Officer at privacy@ycholdings.comwith:

• Your full name and contact information

• Description of your request

• Proof of identity (to prevent unauthorized access)

• Specific data or processing activities concerned (if applicable)

We will respond to your request within 15 business days as required by the PDPA. In complex cases, we may extend this period by an additional 15 days with notification.

11.10 Identity Verification

To protect your privacy and security, we may request additional information to verify your identity before processing requests that involve access to or delete personal data.

12. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience, analyze website usage, and deliver personalized content.

12.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us recognize your device and remember information about your visit.

12.2 Types of Cookies We Use

   

Cookie Type


Purpose


Duration

 

Strictly Necessary


Enable basic website functionality, security features, and   authentication


Session/1 year

 

Performance


Collect anonymous information about how visitors use our website   to improve performance


1-2 years

 

Functionality


Remember your preferences and settings to provide personalized   experience


1 year

 

Analytics


Help us understand user behavior and website usage patterns (e.g.,   Google Analytics)


2 years

 

Marketing


Track your browsing activity to deliver relevant advertising and   measure campaign effectiveness


1-2 years

Table 2: Cookie types, purposes, and retention periods

12.3 Third-Party Cookies and Services

We use the following third-party services that may place cookies on your device:

• Google Analytics: Website traffic analysis and user behavior tracking

• Google Ads / Facebook Pixel: Advertising and remarketing campaigns

• LinkedIn Insight Tag: Professional audience analytics

• YouTube: Embedded video content

• Vimeo: Video hosting and streaming

These third-party services have their own privacy policies and cookie practices. We recommend reviewing their policies:

• Google Privacy Policy: https://policies.google.com/privacy

• Facebook Cookie Policy: https://www.facebook.com/policies/cookies

• LinkedIn Cookie Policy: https://www.linkedin.com/legal/cookie-policy

12.4 Managing Your Cookie Preferences

You have several options to manage cookies:

Cookie Consent Banner:When you first visit our website, you can accept or reject non-essential cookies through our cookie consent banner.

Cookie Settings: You can change your cookie preferences at any time by clicking the "Cookie Settings" link in our website footer.

Browser Settings: Most web browsers allow you to:

• Block all cookies

• Block third-party cookies only

• Delete cookies after closing the browser

• Receive notifications when cookies are set

Please refer to your browser's help documentation:

• Chrome: chrome://settings/cookies

• Firefox: about:preferences#privacy

• Safari: Preferences > Privacy

• Edge: edge://settings/privacy

Important: Blocking strictly necessary cookies may prevent you from using certain features of our website, such as account login and secure transactions.

12.5 Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Currently, there is no industry standard for responding to DNT signals. Our website does not respond to DNT signals, but you can manage cookies through the methods described above.

12.6 Web Beacons and Pixels

In addition to cookies, we may use web beacons (also called "pixels" or "clear GIFs") in our website and emails. These are small graphic images that help us:

• Understand which pages are visited most frequently

• Measure the effectiveness of email campaigns

• Track conversion events

• Detect fraudulent activity

13. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such information promptly.

14. Third-Party Links and Services

Our website may contain links to third-party websites, services, or applications, including:

• Social media platforms (LinkedIn, Facebook, Twitter)

• Partner websites and carbon registries

• Industry resources and publications

• News articles and external content

• Third-party tools and calculators

Important: We are not responsible for the privacy practices or content of these third-party websites. These external sites have their own privacy policies and terms of use. We strongly encourage you to review their privacy policies before providing any personal information.

When you click on third-party links, you leave our website and this Privacy Policy no longer applies. We do not endorse or make any representations about third-party websites.

15. Automated Decision-Making and Profiling

We may use automated decision-making and profiling for:

• Credit risk assessment for carbon credit transactions

• Fraud detection and prevention

• Service personalization and recommendations

• Compliance screening and due diligence

You have the right to request human intervention, express your opinion, and contest automated decisions that significantly affect you.

16. Special Categories of Personal Data

We generally do not collect sensitive personal data (such as health information, political opinions, religious beliefs, or biometric data) unless:

• Required by law

• Necessary for legal claims or proceedings

• You have provided explicit consent

When we process sensitive personal data, we apply additional security measures and restrictions.

17. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in our data processing practices

• New legal or regulatory requirements

• Technological developments

• Business expansion or service improvements

When we make material changes, we will:

1. Update the "Last Updated" date at the top of this policy

2. Notify you via email or prominent platform notice

3. Obtain your consent if required by law

4. Provide a summary of key changes

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your personal data.

18. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact:

Data Protection Officer

YC Holdings Inc.

Email: service@yourcarbon.com.tw

Telephone: +886 424939999

Address:10F-7 No.3 Keji Rd. Dali District Taichung Taiwan 412

Response Time: We aim to respond to all inquiries within 5 business days.

19. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of Taiwan, including the Personal Data Protection Act (PDPA). Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the Taiwan courts.

20. Acknowledgment and Consent

By accessing or using our website, you acknowledge that:

• You have read and understood this Website Privacy Policy

• You consent to the collection, processing, and use of your personal data as described herein

• You understand your rights as a data subject under Taiwan's PDPA

• You accept our use of cookies and tracking technologies (subject to your cookie preferences)

• You may withdraw your consent at any time by contacting our Data Protection Officer

• You are at least 18 years of age (or have parental consent if under 18)

For website visitors:Continued use of our website constitutes acceptance of this Privacy Policy. If you do not agree, please discontinue use of our website immediately. 


  • Home
  • Contact Us

YC Holdings Inc.

Taichung Software Park, 10F-7 No.3 Keji Rd. Dali District, Taichung Taiwan 412

+886 4 24939999

Copyright © 2026 YC Holdings Inc. All Right Reserved.

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept