Skip to menu Skip to content
HOME > Personal Information Handling and Management Policy

Personal Information Handling and Management Policy

Samsung C&T's Trading & Investment Group (“the company”) strives to protect the personal information of its customers by observing all regulations related to personal information protection under the relevant laws, including the Personal Information Protection Act and Act on Promotion of Information and Communications Network Utilization and Information Protection.

The company informs all the relevant parties of policies related to the handling and management of personal information provided by customers, such as items and purpose of handling and managing personal information collected, period for handling, management and retention, rights and obligations of customers and methods of exercising rights, measures to secure safety of personal information through the Personal Information Handling and Management Policy of Samsung C&T Corporation (“this policy”). The company shall publicly announce any changes in this policy by posting a public notice on its website (http://trading.samsungcnt.com/EN/trading/index.do).

  1. Items of Personal Information Collected, and Methods of Collection
    • (1) The company collects the following types of personal information.
    • Type Collected items
      Handling of customer inquiries Email
      Information created and collected in the process of using services Cookies, service usage records, access logs, access IP information
      Security notification (Report) Email
    • (2) The methods of collection are as follows.
      • - Customer inquiries posted on the website and reports to the security report center
      • - Data gathering tool
  2. Purpose of Collection and Use of Personal Information
    The company handles and manages personal information for the following purposes. The handled and managed personal information shall not be used for any purpose other than the following purposes, and if there is any change in the purpose of using personal information, necessary measures such as obtaining a separate consent shall be taken in accordance with the Personal Information Protection Act. (1) Handling of customer inquiries Personal information is handled and managed for the purpose of making contact and replying to the customer for confirmation and fact finding in the event of customer inquiries. (2) Security notification (Report) Personal information is handled and managed to reply to complaints, and provide security notifications (Report).
  3. Provision of Personal Information to a Third Party
    (1) The company uses the personal information of its users within the scope specified under "2. Purpose of Collection and Use of Personal Information." The company shall not go beyond the purpose of use and make such information public without the prior consent of the user, except in the following circumstances: - If the user gives consent in advance - If it does so pursuant to the regulations of the laws, or if there is a request by an investigative authority according to the procedures and methods established by laws for investigation purposes (2) The company currently does not provide the personal information of users to third parties.
  4. Entrustment of Handling and Management of Personal Information
    The company entrusts the handling and management of personal information as follows to improve service quality, and regulates matters required to safely manage personal information when signing an entrustment contract in accordance with the relevant laws. (1) The company entrusts the handling and management of personal information as follows.
    Entrusted company Entrusted tasks
    Samsung SDS Maintenance and management of website
    (2) The company shall specify matters related to the following in official documents such as the contract in accordance with Article 26 of the Personal Information Protection Act and Article 25 of Act on Promotion of Information and Communications Network Utilization and Information Protection: prohibition of handling personal information for purposes other than conducting entrusted tasks, technical and managerial protection measures, restriction of re-entrustment, management and supervision over the entrusted company and compensation for damages,. The company supervises the entrusted company to ensure the safe handling of personal information. (3) If any change is made in the contents of entrusted tasks or the entrusted company, such information shall be reported through this policy.
  5. Period for Handling, Management and Retention of Personal Information
    Period for the handling, management and retention of personal information is as follows.
    Type Period for handling, management and retention
    Personal information collected and used when inevitable according to special regulations of laws or legal obligations For the retention period required by the relevant laws
    Personal information collected and used according to individual consent (via email) Until the purpose of its collection and use is fulfilled
    The company destroys personal information without delay once the period for handling, management and retention of personal information has passed or the purpose of its collection and use has been fulfilled. However, the company may retain personal information for which the period of retention and use has elapsed if the information must be “retained according to other laws” or when “individual consent from the customer has been received.”
  6. Rights of User and Legal Representative, and Method of Exercising Rights
    (1) Viewing of personal information - The customer may request to view his or her personal information handled and managed by the company through the personal information manager under Article 10 of this policy, and the company shall allow the customer to view his or her personal information within 10 days from the date of receiving such request. However, if there is a justifiable reason for the access to not be permitted within the above period, the handling of the request can be delayed by notifying the customer of the reason, and when the corresponding reason is no longer valid, the information can be viewed by the customer without delay. - If the company intends to delay, restrict or refuse access to the information, the company shall notify the customer of the reason for such delay, restriction or refusal and of a method through which the customer can make an objection through writing, email or facsimile within 5 days from the date the request for inquiry has been received. The company may restrict or refuse customers’ request to view his or her personal information after notifying the subject of the information in any of the following circumstances: the request is prohibited or restricted subject to relevant laws; the request may be threatening to other peoples' lives or health; or the request may unfairly infringe on properties and benefits of other people. (2) Modification and deletion of personal information - The customer who makes a request to view his or her personal information according to the preceding paragraph may request the company's personal information manager to modify or delete the information. However, if the information is stated in other laws as the subject of collection, the customer cannot request deletion. - When the request for modification and deletion of personal information is made, the company must immediately investigate the personal information and take necessary measures such as modification and deletion of information upon the request of the customer, and notify the result to the customer except when there are special procedures related to modification or deletion of personal information specified in other laws. - If a customer requests that an error in personal information be corrected, the personal information concerned will not be used or provided before such correction is completed. If the incorrect personal information has already been provided to a third party, the company will immediately notify the correction to the third party to request a consequent correction. - When the company deletes personal information, it must be deleted in a manner that will prevent its restoration or reproduction, and if the personal information the customer has requested to be modified or deleted cannot be deleted because the corresponding information is defined as a subject of collection under other laws, the customer must immediately be notified. - When investigating information following a customer’s request for modification and deletion of personal information, the company may ask the customer to submit relevant data confirming the request for modification and deletion. - The detailed methods and procedures for modification and deletion of personal information are subject to those of viewing personal information. (3) Suspension of handling and management of personal information - Customers may request the company to suspend the handling and management of their personal information through the personal information manager. - The company shall immediately suspend the handling and management of personal information in whole or in part at the request of the customer. However, the company may reject such request in any of the following circumstances: ∙If there are special regulations under laws that inevitably require the company to collect and handle such information; ∙If a risk is posed to the life and health of other people, or the properties and benefits of other people may be unfairly infringed upon; and, ∙If it is difficult to fulfill a contract with the customer if personal information is not handled and managed, and the customer has not clearly indicated intent to cancel the contract. - If the company rejects the customer’s request to suspend its handling and management of personal information, the company shall immediately notify the reason to the customer.. - When the handling and management of personal information has been suspended according to the request of the customer, the company shall immediately take necessary measures, such as destruction of the corresponding information. - The detailed methods and procedures for suspension of handling and management of personal information are subject to those of viewing personal information. (4) Methods and procedures of exercising rights - Customers may request a representative to view, modify, delete, and obtain information regarding the handling and management of his or her personal information (“requests such as viewing”) based on the methods and procedures specified in Article 45 of the Personal Information Protection Act. - The company may demand the payment of commission and postage fee (only when a mailed copy is requested) from a person who makes a request such as a request to view personal information in accordance with the Personal Information Protection Act. - Customers may make a request such as a request to view personal information through the personal information manager, and contact the personal information manager if there are any additional inquiries.
  7. Destruction of Personal Information and Its Procedures and Methods
    The company immediately destroys personal information once the personal information of customers is no longer necessary, for reasons such as the lapse of the personal information retention period and/or the achievement of the purpose of handling and management of personal information. However, if personal information must be stored in accordance with another law (Protection of Communications Secrets Act), the corresponding personal information is transferred to a separate database (DB) or stored in a different storage place. Detailed destruction procedures and methods are as follows: (1) Destruction procedure The company selects personal information to be destroyed, and destroys such information upon the approval of the personal information supervisor of the company. (2) Destruction method Personal information saved in the form of an electronic file shall be permanently deleted through a technical method that prevents its reproduction, while printed and/or written documents that record personal information are shredded or incinerated.
  8. Installation, Operation, and Denial of Device for Automatic Collection of Personal Information
    (1) What are cookies? - The company uses cookies to store and load user information, thereby providing personalized and customized service. - Cookies are small text files that are sent from the company web server to the user’s browser, and are stored on the user’s hard drive. When users visit the website in the future, the website server will read the cookies in the hard drive to maintain the user’s settings and provide customized service. (2) Purpose of using cookies Cookies are used to identify the user’s website usage pattern, whether the user accesses through secure connection, and the number of the users in order to provide optimal customized service. (3) Installation, operation, and denial of cookies - Users have the right to opt in or out of installation of cookies. Users may choose to allow all cookies, to confirm every time cookies are enabled, or to block all cookies by making adjustments in the web browser settings. - Denying installation of cookies may limit the usage of the services provided. - How to enable cookies (Internet Explorer): (Top right side of the browser) Tools 〉Internet Options 〉Privacy 〉Advanced Privacy Settings
  9. Securing the Safety of Personal Information
    The company takes administrative, technical and physical measures to secure the safety of personal information. (1) Administrative measures - Establish and implement internal administrative plans for the safe handling and management of personal information - Establish and implement training plans for employees or other staffs entrusted to directly handle and process personal information - Conduct regular internal inspection according to internal administrative plans (2) Technical measures - Restriction and management of rights to access personal information - Identification and verification to confirm rights to access personal information - System installation or other measures to block unauthorized access to personal information - Encryption of personal information for safe storage and transfer - Measures for storage of access records and prevention of forging and falsification of such records - Installation of security program and its regular renewal and inspection (3) Physical measures - Access control and locking device for safe storage of personal information
  10. Contact Information of Personal Information Protection Supervisor and Manager
    The company designates a department in charge of personal information management, personal information supervisor and personal information manager as follows to protect the personal information of customers, process and address complaints, and remedy issues related to handling and processing of personal information. - Department: Human Resources Team - Supervisor: Vice President Cheolwoong Lee - Manager: Senior Manager Sungho Kim - Tel: 82-2-2145-2114 Customers may report any complaint and/or request relief to the personal information protection supervisor or manager for damages related to the handling and management of personal information. The company will promptly respond and address customer reports. To report or receive counselling concerning violation of personal privacy, please contact the following agencies: - Privacy Information Violation Report Center (http://privacy.kisa.or.kr / +82-118) - Information Protection Mark Certification Committee (http://www.eprivacy.or.kr / +82-2-580-0533~4) - Supreme Public Prosecutor's Office - Cybercrime Unit (http://www.spo.go.kr / +82-2-3480-2000) - National Police Agency - Cyber Bureau (http://www.ctrc.go.kr / +82-2-392-0330)
  11. Changes in Personal Information Handling and Management Policy
    (1) This policy takes effect on September 1, 2015. (2) Previous policy was effective from September 30, 2011 to August 31, 2015.