Samsung C&T Corporation (“Company”) establishes and discloses the Personal Information Management Policy (also referred to as “Privacy Policy”) as below to protect the personal information of data subjects and resolve any relevant inquiries or complaints in a swift and smooth manner pursuant to Article 30 of the Personal Information Protection Act.
The Company collects and processes minimal information for the following purposes. The personal information that is processed is only used for purposes that are specified below, and the Company is to take necessary measures if the purposes of use are revised, such as obtaining additional consent as per Article 18 of the Personal Information Protection Act.
①Processing of customer inquiries : Personal information is processed to identify the inquiring customer, check the information in the inquiry, contact/notify the customer for fact finding, notify the customer of the result, etc.
②Handling a report on violation of a law : Personal information is processed to handle a complaint about violation of a law and notify the complainant of the result.
①The Company processes and retains personal information for the period of retention/use of personal information as specified in the Company’s policy or agreed upon by the data subjects when collecting the personal information.
②The periods of processing and retention for each purpose are as below.
Customer inquiry: retained until one (1) year after the customer inquiry is processed or immediately upon the customer’s request
Report on violation of a law: retained until one (1) year after the complaint about violation of a law has been handled or immediately upon the customer’s request
For the period of time specified below for the following purpose
· Retention of the communication confirmation data pursuant to the Protection of Communications Secrets Act
- Computer communications, Internet log records and data on tracing a location of connectors: three (3) months
The Company processes the personal information of data subjects only for the purposes stipulated in Article 1 (Purposes of Processing of Personal Information), and provides personal information to a third party only when applicable to Article 17 and 18 of the Personal Information Protection Act, such as where the consent is obtained from the data subjects, where special provisions exist, etc.
①The Company outsources the processing of personal information as below for smooth job performance.
Outsourced company | Outsourced task |
---|---|
DOES interactive | Website maintenance and management |
Samsung SDS | Database maintenance and management |
Google LLC | Website user activity analysis |
②Pursuant to Article 26 of the Personal Information Protection Act, the Company states the following responsibilities in documents, such as contracts, and monitors if the outsourced company processes personal information in a safe manner: prevention of personal information processing for other purposes than the outsourced purpose; technical and managerial safeguards; limitation to secondary outsourcing; management and supervision for the outsourced company; compensation of damage, etc.
③To provide the website’s services and enhance user convenience, some personal information may be transferred to and retained by an overseas company.
Company name/contact information: Google LLC (https://analytics.google.com/)
Country: United States of America
Timing and method of transfer: Transmitted via electronic network upon visitors’ use of the website’s services
Information transferred: Cookies, device/browser-related data, IP address, site/app activity information (personally identifiable information not included)
Purpose, period of retention/use: Collected information is used to generate statistics on user interactions within the website (IP addresses are transferred in secure manner, and used to identify country of access). Such user/event information is retained for 38 months
④Changes in the outsourced task or outsourced company will be immediately disclosed through the Personal Protection Management Policy.
①Data subjects may exercise their rights, such as access to, revision or deletion of personal information and request for suspension of processing, against the Company at any time.
②Data subjects may exercise their rights stipulated in Paragraph 1 by submitting a writing, e-mail, etc. to the Company pursuant to Article 41-1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action immediately.
③The rights stipulated in Paragraph 1 may also be exercised by the legal representatives of data subjects, those delegated by the data subjects, or other representatives. In such case, a power of attorney shall be submitted in the form of Attachment No. 11 of the Public Notice on Processing of Personal Information (No. 2020-7).
④The rights of data subjects to have access to the personal information or request the suspension of processing may be restricted pursuant to Article 35-4 and Article 37-2 of the Personal Information Protection Act.
⑤As for the edit or deletion of personal information, deletion cannot be performed if the piece of personal information is stated as an item to be collected in other laws.
⑥In case of a request to have access to, edit, delete, or suspend the processing of personal information based on the rights of data subjects, the Company identifies if the requester is a data subject or a legitimate representative.
①The Company processes the following personal information.
Category | Required information | Optional |
---|---|---|
Processing of customer inquiries | Name, Contact, Company Name | |
Handling reports on violation of a law | N/A | Name, e-mail and contact number |
Information that is generated and collected while using the service | IP address, cookies, service use log |
②Method of collecting personal information
Accessing and using the website via (http://trading.samsungcnt.com)
①The Company destroys personal information without delay when the personal information becomes unnecessary owing to the expiry of the retention period, attainment of the purpose of processing, etc.
②The procedure and method of destroying personal information are as below.
Procedure for destroying : Personal information that has become unnecessary is sorted, and the personal information is destroyed under the responsibility of the personal information protection manager as per the procedure in the internal policy.
Method of destroying : The Company destroys electronically recorded or retained personal information in a way that the information is irretrievable. In case the personal information is recorded and retained as a paper document, the Company destroys the document by shredding it with a shredder or burning it.
The Company takes the following measures to ensure the safety of personal information.
①Managerial measures : establishment and implementation of internal management plans, regular employee training, etc.
②Technical measures : control on the access to the personal information processing system, etc., installation of an access prohibition system, encryption of personally identifiable information and installation of antivirus software
③Physical measures : prohibition on the access to the computer room, data storage room, etc.
①The Company uses cookies that store and constantly bring usage information to provide tailored services to the users.
②Cookies are small text files that are sent from the server (http) used in operating the website to the users’ browsers, and can be stored on the hard disk drive of the users’ computers.
The purpose of using cookies is to provide optimized information to users by identifying the patterns of how users visit websites and use services, most searched keywords, whether users are on secure connection, etc.
Users may reject enabling cookies by clicking on Tools > Internet Option > Privacy Option, located on the top of the browser.
Users who reject enabling cookies may have difficulties using tailored services.
③The Company utilizes Google Analytics, a service provided by Google LLC (“Google”), to analyze visitors’ use of the website. Information generated via Google Analytics is subject to the privacy policy of Google, and is transferred to and retained in Google’s servers located in the US. Google, on behalf of the Company, processes the information to evaluate user activity within the website. It generates reports on such activity and provides other services in relation to use of the Internet. While users may reject the collection of cookies for the aforementioned purpose by changing their browser settings, in such a case, they may not be able to fully utilize the functions provided by the website. Users may opt-out of having information on their site activity (such as IP addresses) collected and processed by installing the following browser add-on from tools.google.com/dlpage/gaoptout. For more information on Google’s privacy policy, please visit www.google.com/analytics/learn/privacy.html.
The purpose of using cookies is to provide optimized information to users by identifying patterns in relation to their use of the website and its services, use of secure connections, etc.
Users may reject enabling cookies by clicking on Tools > Internet Option > Privacy Option, located on the top of the browser.
Users who reject enabling cookies may have difficulties using tailored services.
①The Company has a designated personal information protection manager as below to undertake tasks related to processing personal information, address complaints related to personal information of data subjects, provide damage remedies, etc.
Personal information protection manager
· Name: Chang Won Lee, Executive Vice President
· Position: Head of HR Team
· Contact : 02-2145-2233
· E-mail : iscenter.cnt@samsung.com
Personal information protection department (customer inquiries)
· Department : Communication Group, HR Team
· Responsible person: Yunjeong Lee, Professional
· Contact number: 02-2145-2137
· E-mail : scntwebmaster@samsung.com
Personal information protection department (Information Security Center)
· Department name: Information Security Center
· Responsible person: Dongho Kim, Professional
· Contact number : 02-2145-2228
· E-mail : iscenter.cnt@samsung.com
②Data subjects may ask any question regarding the protection of personal information or inquire about complaint handling, damage remedies, etc. that have occurred while using the Company’s services (or businesses) to the personal information protection manager or the personal information protection departments. The Company will respond and handle the inquiries of data subjects without delay.
Pursuant to Article 35 of the Personal Information Protection Act, data subjects may request to have an access to personal information to the appropriate designated department depending on the category of the inquiry as stated in Article 10. The Company will put in every effort to swiftly respond to the request for an access to personal information.
Data subjects may inquire the following institutions about damage remedies, consultation, etc. for the breach of personal information. Data subjects may contact the institutions below, which are separate from the Company, if they are not satisfied with the result of the Company’s processing of complaints regarding personal information or damage remedies, or need further support.
Personal information infringement call center (operated by the Korea Internet & Security Agency)
- Contact for: report on the breach of personal information and request for consultation
- Website: privacy.kisa.or.kr
- Contact number: 118
- Address: (58324) 3F, 9 Jinheung-gil, Naju-si, Jeollanam-do
Personal Information Dispute Mediation Committee
Contact for: application for dispute mediation and collective dispute mediation (civil mediation)
Website: www.kopico.go.kr
Contact number: 1833-6972
Address: (03171) 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul
Cybercrime investigation department of the Supreme Prosecutors’ Office
02-3480-3573 (www.spo.go.kr)
Cyber safety department of the Korean National Police Agency
182 (https://cyberbureau.police.go.kr)
This revision of the Personal Information Management Policy takes effect starting Dec 10, 2023
Samsung C&T Corporation (“Company”) establishes and discloses the Personal Information Management Policy (also referred to as “Privacy Policy”) as below to protect the personal information of data subjects and resolve any relevant inquiries or complaints in a swift and smooth manner pursuant to Article 30 of the Personal Information Protection Act.
The Company collects and processes minimal information for the following purposes. The personal information that is processed is only used for purposes that are specified below, and the Company is to take necessary measures if the purposes of use are revised, such as obtaining additional consent as per Article 18 of the Personal Information Protection Act.
①Processing of customer inquiries : Personal information is processed to identify the inquiring customer, check the information in the inquiry, contact/notify the customer for fact finding, notify the customer of the result, etc.
②Handling a report on violation of a law : Personal information is processed to handle a complaint about violation of a law and notify the complainant of the result.
①The Company processes and retains personal information for the period of retention/use of personal information as specified in the Company’s policy or agreed upon by the data subjects when collecting the personal information.
②The periods of processing and retention for each purpose are as below.
Customer inquiry: retained until one (1) year after the customer inquiry is processed or immediately upon the customer’s request
Report on violation of a law: retained until one (1) year after the complaint about violation of a law has been handled or immediately upon the customer’s request
For the period of time specified below for the following purpose
· Retention of the communication confirmation data pursuant to the Protection of Communications Secrets Act
- Computer communications, Internet log records and data on tracing a location of connectors: three (3) months
The Company processes the personal information of data subjects only for the purposes stipulated in Article 1 (Purposes of Processing of Personal Information), and provides personal information to a third party only when applicable to Article 17 and 18 of the Personal Information Protection Act, such as where the consent is obtained from the data subjects, where special provisions exist, etc.
①The Company outsources the processing of personal information as below for smooth job performance.
Outsourced company | Outsourced task |
---|---|
Penta Systems Technology Inc. | Website maintenance and management |
Samsung SDS | Database maintenance and management |
Google LLC | Website user activity analysis |
②Pursuant to Article 26 of the Personal Information Protection Act, the Company states the following responsibilities in documents, such as contracts, and monitors if the outsourced company processes personal information in a safe manner: prevention of personal information processing for other purposes than the outsourced purpose; technical and managerial safeguards; limitation to secondary outsourcing; management and supervision for the outsourced company; compensation of damage, etc.
③To provide the website’s services and enhance user convenience, some personal information may be transferred to and retained by an overseas company.
Company name/contact information: Google LLC (https://analytics.google.com/)
Country: United States of America
Timing and method of transfer: Transmitted via electronic network upon visitors’ use of the website’s services
Information transferred: Cookies, device/browser-related data, IP address, site/app activity information (personally identifiable information not included)
Purpose, period of retention/use: Collected information is used to generate statistics on user interactions within the website (IP addresses are transferred in secure manner, and used to identify country of access). Such user/event information is retained for 38 months
④Changes in the outsourced task or outsourced company will be immediately disclosed through the Personal Protection Management Policy.
①Data subjects may exercise their rights, such as access to, revision or deletion of personal information and request for suspension of processing, against the Company at any time.
②Data subjects may exercise their rights stipulated in Paragraph 1 by submitting a writing, e-mail, etc. to the Company pursuant to Article 41-1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action immediately.
③The rights stipulated in Paragraph 1 may also be exercised by the legal representatives of data subjects, those delegated by the data subjects, or other representatives. In such case, a power of attorney shall be submitted in the form of Attachment No. 11 of the Public Notice on Processing of Personal Information (No. 2020-7).
④The rights of data subjects to have access to the personal information or request the suspension of processing may be restricted pursuant to Article 35-4 and Article 37-2 of the Personal Information Protection Act.
⑤As for the edit or deletion of personal information, deletion cannot be performed if the piece of personal information is stated as an item to be collected in other laws.
⑥In case of a request to have access to, edit, delete, or suspend the processing of personal information based on the rights of data subjects, the Company identifies if the requester is a data subject or a legitimate representative.
①The Company processes the following personal information.
Category | Required information | Optional |
---|---|---|
Processing of customer inquiries | N/A | |
Handling reports on violation of a law | N/A | Name, e-mail and contact number |
Information that is generated and collected while using the service | IP address, cookies, service use log |
②Method of collecting personal information
Accessing and using the website via (http://trading.samsungcnt.com)
①The Company destroys personal information without delay when the personal information becomes unnecessary owing to the expiry of the retention period, attainment of the purpose of processing, etc.
②The procedure and method of destroying personal information are as below.
Procedure for destroying : Personal information that has become unnecessary is sorted, and the personal information is destroyed under the responsibility of the personal information protection manager as per the procedure in the internal policy.
Method of destroying : The Company destroys electronically recorded or retained personal information in a way that the information is irretrievable. In case the personal information is recorded and retained as a paper document, the Company destroys the document by shredding it with a shredder or burning it.
The Company takes the following measures to ensure the safety of personal information.
①Managerial measures : establishment and implementation of internal management plans, regular employee training, etc.
②Technical measures : control on the access to the personal information processing system, etc., installation of an access prohibition system, encryption of personally identifiable information and installation of antivirus software
③Physical measures : prohibition on the access to the computer room, data storage room, etc.
①The Company uses cookies that store and constantly bring usage information to provide tailored services to the users.
②Cookies are small text files that are sent from the server (http) used in operating the website to the users’ browsers, and can be stored on the hard disk drive of the users’ computers.
The purpose of using cookies is to provide optimized information to users by identifying the patterns of how users visit websites and use services, most searched keywords, whether users are on secure connection, etc.
Users may reject enabling cookies by clicking on Tools > Internet Option > Privacy Option, located on the top of the browser.
Users who reject enabling cookies may have difficulties using tailored services.
③The Company utilizes Google Analytics, a service provided by Google LLC (“Google”), to analyze visitors’ use of the website. Information generated via Google Analytics is subject to the privacy policy of Google, and is transferred to and retained in Google’s servers located in the US. Google, on behalf of the Company, processes the information to evaluate user activity within the website. It generates reports on such activity and provides other services in relation to use of the Internet. While users may reject the collection of cookies for the aforementioned purpose by changing their browser settings, in such a case, they may not be able to fully utilize the functions provided by the website. Users may opt-out of having information on their site activity (such as IP addresses) collected and processed by installing the following browser add-on from tools.google.com/dlpage/gaoptout. For more information on Google’s privacy policy, please visit www.google.com/analytics/learn/privacy.html.
The purpose of using cookies is to provide optimized information to users by identifying patterns in relation to their use of the website and its services, use of secure connections, etc.
Users may reject enabling cookies by clicking on Tools > Internet Option > Privacy Option, located on the top of the browser.
Users who reject enabling cookies may have difficulties using tailored services.
①The Company has a designated personal information protection manager as below to undertake tasks related to processing personal information, address complaints related to personal information of data subjects, provide damage remedies, etc.
Personal information protection manager
· Name: Cheol Ung Lee, Executive VP
· Position: Head of HR Team (CPO)
· Contact : 02-2145-2233
· E-mail : iscenter.cnt@samsung.com
Personal information protection department (customer inquiries)
· Department : Communication Group, HR Team
· Responsible person: Yunjeong Lee, Professional
· Contact number: 02-2145-2137
· E-mail : scntwebmaster@samsung.com
Personal information protection department (Information Security Center)
· Department name: Information Security Center
· Responsible person: Dongho Kim, Professional
· Contact number : 02-2145-2228
· E-mail : iscenter.cnt@samsung.com
②Data subjects may ask any question regarding the protection of personal information or inquire about complaint handling, damage remedies, etc. that have occurred while using the Company’s services (or businesses) to the personal information protection manager or the personal information protection departments. The Company will respond and handle the inquiries of data subjects without delay.
Pursuant to Article 35 of the Personal Information Protection Act, data subjects may request to have an access to personal information to the appropriate designated department depending on the category of the inquiry as stated in Article 10. The Company will put in every effort to swiftly respond to the request for an access to personal information.
Data subjects may inquire the following institutions about damage remedies, consultation, etc. for the breach of personal information. Data subjects may contact the institutions below, which are separate from the Company, if they are not satisfied with the result of the Company’s processing of complaints regarding personal information or damage remedies, or need further support.
Personal information infringement call center (operated by the Korea Internet & Security Agency)
- Contact for: report on the breach of personal information and request for consultation
- Website: privacy.kisa.or.kr
- Contact number: 118
- Address: (58324) 3F, 9 Jinheung-gil, Naju-si, Jeollanam-do
Personal Information Dispute Mediation Committee
- Contact for: application for dispute mediation and collective dispute mediation (civil mediation)
- Website: www.kopico.go.kr
- Contact number: 1833-6972
- Address: (03171) 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul
Cybercrime investigation department of the Supreme Prosecutors’ Office
- 02-3480-3573 (www.spo.go.kr)
Cyber safety department of the Korean National Police Agency
- 182 (https://cyberbureau.police.go.kr)
This revision of the Personal Information Management Policy takes effect starting June 20, 2022
Samsung C&T Corporation (“Company”) establishes and discloses the Personal Information Management Policy (also referred to as “Privacy Policy”) as below to protect the personal information of data subjects and resolve any relevant inquiries or complaints in a swift and smooth manner pursuant to Article 30 of the Personal Information Protection Act.
The Company collects and processes minimal information for the following purposes. The personal information that is processed is only used for purposes that are specified below, and the Company is to take necessary measures if the purposes of use are revised, such as obtaining additional consent as per Article 18 of the Personal Information Protection Act.
①Processing of customer inquiries : Personal information is processed to identify the inquiring customer, check the information in the inquiry, contact/notify the customer for fact finding, notify the customer of the result, etc.
②Handling a report on violation of a law : Personal information is processed to handle a complaint about violation of a law and notify the complainant of the result.
①The Company processes and retains personal information for the period of retention/use of personal information as specified in the Company’s policy or agreed upon by the data subjects when collecting the personal information.
②The periods of processing and retention for each purpose are as below.
Customer inquiry: retained until one (1) year after the customer inquiry is processed or immediately upon the customer’s request
Report on violation of a law: retained until one (1) year after the complaint about violation of a law has been handled or immediately upon the customer’s request
For the period of time specified below for the following purpose
· Retention of the communication confirmation data pursuant to the Protection of Communications Secrets Act
- Computer communications, Internet log records and data on tracing a location of connectors: three (3) months
The Company processes the personal information of data subjects only for the purposes stipulated in Article 1 (Purposes of Processing of Personal Information), and provides personal information to a third party only when applicable to Article 17 and 18 of the Personal Information Protection Act, such as where the consent is obtained from the data subjects, where special provisions exist, etc.
①The Company outsources the processing of personal information as below for smooth job performance.
Outsourced company | Outsourced task |
---|---|
Penta Systems Technology Inc. | Website maintenance and management |
Samsung SDS | Database maintenance and management |
Google LLC | Website user activity analysis |
②Pursuant to Article 26 of the Personal Information Protection Act, the Company states the following responsibilities in documents, such as contracts, and monitors if the outsourced company processes personal information in a safe manner: prevention of personal information processing for other purposes than the outsourced purpose; technical and managerial safeguards; limitation to secondary outsourcing; management and supervision for the outsourced company; compensation of damage, etc.
③To provide the website’s services and enhance user convenience, some personal information may be transferred to and retained by an overseas company.
Company name/contact information: Google LLC (https://analytics.google.com/)
Country: United States of America
Timing and method of transfer: Transmitted via electronic network upon visitors’ use of the website’s services
Information transferred: Cookies, device/browser-related data, IP address, site/app activity information (personally identifiable information not included)
Purpose, period of retention/use: Collected information is used to generate statistics on user interactions within the website (IP addresses are transferred in secure manner, and used to identify country of access). Such user/event information is retained for 38 months
④Changes in the outsourced task or outsourced company will be immediately disclosed through the Personal Protection Management Policy.
①Data subjects may exercise their rights, such as access to, revision or deletion of personal information and request for suspension of processing, against the Company at any time.
②Data subjects may exercise their rights stipulated in Paragraph 1 by submitting a writing, e-mail, etc. to the Company pursuant to Article 41-1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action immediately.
③The rights stipulated in Paragraph 1 may also be exercised by the legal representatives of data subjects, those delegated by the data subjects, or other representatives. In such case, a power of attorney shall be submitted in the form of Attachment No. 11 of the Public Notice on Processing of Personal Information (No. 2020-7).
④The rights of data subjects to have access to the personal information or request the suspension of processing may be restricted pursuant to Article 35-4 and Article 37-2 of the Personal Information Protection Act.
⑤As for the edit or deletion of personal information, deletion cannot be performed if the piece of personal information is stated as an item to be collected in other laws.
⑥In case of a request to have access to, edit, delete, or suspend the processing of personal information based on the rights of data subjects, the Company identifies if the requester is a data subject or a legitimate representative.
①The Company processes the following personal information.
Category | Required information | Optional |
---|---|---|
Processing of customer inquiries | N/A | |
Handling reports on violation of a law | N/A | Name, e-mail and contact number |
Information that is generated and collected while using the service | IP address, cookies, service use log |
②Method of collecting personal information
Accessing and using the website via (http://trading.samsungcnt.com)
①The Company destroys personal information without delay when the personal information becomes unnecessary owing to the expiry of the retention period, attainment of the purpose of processing, etc.
②The procedure and method of destroying personal information are as below.
Procedure for destroying : Personal information that has become unnecessary is sorted, and the personal information is destroyed under the responsibility of the personal information protection manager as per the procedure in the internal policy.
Method of destroying : The Company destroys electronically recorded or retained personal information in a way that the information is irretrievable. In case the personal information is recorded and retained as a paper document, the Company destroys the document by shredding it with a shredder or burning it.
The Company takes the following measures to ensure the safety of personal information.
①Managerial measures : establishment and implementation of internal management plans, regular employee training, etc.
②Technical measures : control on the access to the personal information processing system, etc., installation of an access prohibition system, encryption of personally identifiable information and installation of antivirus software
③Physical measures : prohibition on the access to the computer room, data storage room, etc.
①The Company uses cookies that store and constantly bring usage information to provide tailored services to the users.
②Cookies are small text files that are sent from the server (http) used in operating the website to the users’ browsers, and can be stored on the hard disk drive of the users’ computers.
The purpose of using cookies is to provide optimized information to users by identifying the patterns of how users visit websites and use services, most searched keywords, whether users are on secure connection, etc.
Users may reject enabling cookies by clicking on Tools > Internet Option > Privacy Option, located on the top of the browser.
Users who reject enabling cookies may have difficulties using tailored services.
③The Company utilizes Google Analytics, a service provided by Google LLC (“Google”), to analyze visitors’ use of the website. Information generated via Google Analytics is subject to the privacy policy of Google, and is transferred to and retained in Google’s servers located in the US. Google, on behalf of the Company, processes the information to evaluate user activity within the website. It generates reports on such activity and provides other services in relation to use of the Internet. While users may reject the collection of cookies for the aforementioned purpose by changing their browser settings, in such a case, they may not be able to fully utilize the functions provided by the website. Users may opt-out of having information on their site activity (such as IP addresses) collected and processed by installing the following browser add-on from tools.google.com/dlpage/gaoptout. For more information on Google’s privacy policy, please visit www.google.com/analytics/learn/privacy.html.
The purpose of using cookies is to provide optimized information to users by identifying patterns in relation to their use of the website and its services, use of secure connections, etc.
Users may reject enabling cookies by clicking on Tools > Internet Option > Privacy Option, located on the top of the browser.
Users who reject enabling cookies may have difficulties using tailored services.
①The Company has a designated personal information protection manager as below to undertake tasks related to processing personal information, address complaints related to personal information of data subjects, provide damage remedies, etc.
Personal information protection manager
· Name: Chang Won Lee, Vice President
· Position: Head of HR Team (CSO)
· Contact : 02-2145-2330
· E-mail : cw92.lee@samsung.com
Personal information protection department (customer inquiries)
· Department : Communication Group, HR Team
· Responsible person: Yunjeong Lee, Professional
· Contact number: 02-2145-2137
· E-mail : scntwebmaster@samsung.com
Personal information protection department (Information Security Center)
· Department name: Information Security Center
· Responsible person: Dongho Kim, Professional
· Contact number : 02-2145-2228
· E-mail : iscenter.cnt@samsung.com
②Data subjects may ask any question regarding the protection of personal information or inquire about complaint handling, damage remedies, etc. that have occurred while using the Company’s services (or businesses) to the personal information protection manager or the personal information protection departments. The Company will respond and handle the inquiries of data subjects without delay.
Pursuant to Article 35 of the Personal Information Protection Act, data subjects may request to have an access to personal information to the appropriate designated department depending on the category of the inquiry as stated in Article 10. The Company will put in every effort to swiftly respond to the request for an access to personal information.
Data subjects may inquire the following institutions about damage remedies, consultation, etc. for the breach of personal information. Data subjects may contact the institutions below, which are separate from the Company, if they are not satisfied with the result of the Company’s processing of complaints regarding personal information or damage remedies, or need further support.
Personal information infringement call center (operated by the Korea Internet & Security Agency)
- Contact for: report on the breach of personal information and request for consultation
- Website: privacy.kisa.or.kr
- Contact number: 118
- Address: (58324) 3F, 9 Jinheung-gil, Naju-si, Jeollanam-do
Personal Information Dispute Mediation Committee
Contact for: application for dispute mediation and collective dispute mediation (civil mediation)
Website: www.kopico.go.kr
Contact number: 1833-6972
Address: (03171) 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul
Cybercrime investigation department of the Supreme Prosecutors’ Office
02-3480-3573 (www.spo.go.kr)
Cyber safety department of the Korean National Police Agency
182 (https://cyberbureau.police.go.kr)
This revision of the Personal Information Management Policy takes effect starting Feb 01, 2023
Samsung C&T Corporation, Trading & Investment Group (hereinafter referred to as “Company”) establishes and discloses the Personal Information Management Policy (also referred to as “Privacy Policy”) as below to protect the personal information of data subjects and resolve any relevant inquiries or complaints in a swift and smooth manner pursuant to Article 30 of the Personal Information Protection Act.
The Company collects and processes minimal information for the following purposes. The personal information that is processed is only used for purposes that are specified below, and the Company is to take necessary measures if the purposes of use are revised, such as obtaining additional consent as per Article 18 of the Personal Information Protection Act.
①Processing of customer inquiries : Personal information is processed to identify the inquiring customer, check the information in the inquiry, contact/notify the customer for fact finding, notify the customer of the result, etc.
②Handling a report on violation of a law : Personal information is processed to handle a complaint about violation of a law and notify the complainant of the result.
①The Company processes and retains personal information for the period of retention/use of personal information as specified in the Company’s policy or agreed upon by the data subjects when collecting the personal information.
②The periods of processing and retention for each purpose are as below.
Customer inquiry: retained until one (1) year after the customer inquiry is processed or immediately upon the customer’s request
Report on violation of a law: retained until one (1) year after the complaint about violation of a law has been handled or immediately upon the customer’s request
For the period of time specified below for the following purpose
· Retention of the communication confirmation data pursuant to the Protection of Communications Secrets Act
- Computer communications, Internet log records and data on tracing a location of connectors: three (3) months
The Company processes the personal information of data subjects only for the purposes stipulated in Article 1 (Purposes of Processing of Personal Information), and provides personal information to a third party only when applicable to Article 17 and 18 of the Personal Information Protection Act, such as where the consent is obtained from the data subjects, where special provisions exist, etc.
①The Company outsources the processing of personal information as below for smooth job performance.
Outsourced company | Outsourced task |
---|---|
Samsung SDS, Penta Systems Technology Inc. | Website maintenance and management |
②Pursuant to Article 26 of the Personal Information Protection Act, the Company states the following responsibilities in documents, such as contracts, and monitors if the outsourced company processes personal information in a safe manner: prevention of personal information processing for other purposes than the outsourced purpose; technical and managerial safeguards; limitation to secondary outsourcing; management and supervision for the outsourced company; compensation of damage, etc.
③Changes in the outsourced task or outsourced company will be immediately disclosed through the Personal Protection Management Policy.
①Data subjects may exercise their rights, such as access to, revision or deletion of personal information and request for suspension of processing, against the Company at any time.
②Data subjects may exercise their rights stipulated in Paragraph 1 by submitting a writing, e-mail, etc. to the Company pursuant to Article 41-1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action immediately.
③The rights stipulated in Paragraph 1 may also be exercised by the legal representatives of data subjects, those delegated by the data subjects, or other representatives. In such case, a power of attorney shall be submitted in the form of Attachment No. 11 of the Public Notice on Processing of Personal Information (No. 2020-7).
④The rights of data subjects to have access to the personal information or request the suspension of processing may be restricted pursuant to Article 35-4 and Article 37-2 of the Personal Information Protection Act.
⑤As for the edit or deletion of personal information, deletion cannot be performed if the piece of personal information is stated as an item to be collected in other laws.
⑥In case of a request to have access to, edit, delete, or suspend the processing of personal information based on the rights of data subjects, the Company identifies if the requester is a data subject or a legitimate representative.
①The Company processes the following personal information.
Category | Required information | Optional |
---|---|---|
Processing of customer inquiries | N/A | |
Handling reports on violation of a law | N/A | Name, e-mail and contact number |
Information that is generated and collected while using the service | IP address, cookies, service use log |
②Method of collecting personal information
Accessing and using the website via (http://trading.samsungcnt.com)
①The Company destroys personal information without delay when the personal information becomes unnecessary owing to the expiry of the retention period, attainment of the purpose of processing, etc.
②The procedure and method of destroying personal information are as below.
Procedure for destroying : Personal information that has become unnecessary is sorted, and the personal information is destroyed under the responsibility of the personal information protection manager as per the procedure in the internal policy.
Method of destroying : The Company destroys electronically recorded or retained personal information in a way that the information is irretrievable. In case the personal information is recorded and retained as a paper document, the Company destroys the document by shredding it with a shredder or burning it.
The Company takes the following measures to ensure the safety of personal information.
①Managerial measures : establishment and implementation of internal management plans, regular employee training, etc.
②Technical measures : control on the access to the personal information processing system, etc., installation of an access prohibition system, encryption of personally identifiable information and installation of antivirus software
③Physical measures : prohibition on the access to the computer room, data storage room, etc.
①The Company uses cookies that store and constantly bring usage information to provide tailored services to the users.
②Cookies are small text files that are sent from the server (http) used in operating the website to the users’ browsers, and can be stored on the hard disk drive of the users’ computers.
The purpose of using cookies is to provide optimized information to users by identifying the patterns of how users visit websites and use services, most searched keywords, whether users are on secure connection, etc.
Users may reject enabling cookies by clicking on Tools > Internet Option > Privacy Option, located on the top of the browser.
Users who reject enabling cookies may have difficulties using tailored services.
①The Company has a designated personal information protection manager as below to undertake tasks related to processing personal information, address complaints related to personal information of data subjects, provide damage remedies, etc.
Personal information protection manager
· Name: Cheol Ung Lee, Executive VP
· Position: Head of HR Team (CPO)
· Contact : 02-2145-2233
· E-mail : iscenter.cnt@samsung.com
Personal information protection department (customer inquiries)
· Department : Communication Group, HR Team
· Responsible person: Yunjeong Lee, Professional
· Contact number: 02-2145-2137
· E-mail : scntwebmaster@samsung.com
Personal information protection department (Information Security Center)
· Department name: Information Security Center
· Responsible person: Dongho Kim, Professional
· Contact number : 02-2145-2228
· E-mail : iscenter.cnt@samsung.com
②Data subjects may ask any question regarding the protection of personal information or inquire about complaint handling, damage remedies, etc. that have occurred while using the Company’s services (or businesses) to the personal information protection manager or the personal information protection departments. The Company will respond and handle the inquiries of data subjects without delay.
Pursuant to Article 35 of the Personal Information Protection Act, data subjects may request to have an access to personal information to the appropriate designated department depending on the category of the inquiry as stated in Article 10. The Company will put in every effort to swiftly respond to the request for an access to personal information.
Data subjects may inquire the following institutions about damage remedies, consultation, etc. for the breach of personal information. Data subjects may contact the institutions below, which are separate from the Company, if they are not satisfied with the result of the Company’s processing of complaints regarding personal information or damage remedies, or need further support.
Personal information infringement call center (operated by the Korea Internet & Security Agency)
- Contact for: report on the breach of personal information and request for consultation
- Website: privacy.kisa.or.kr
- Contact number: 118
- Address: (58324) 3F, 9 Jinheung-gil, Naju-si, Jeollanam-do
Personal Information Dispute Mediation Committee
- Contact for: application for dispute mediation and collective dispute mediation (civil mediation)
- Website: www.kopico.go.kr
- Contact number: 1833-6972
- Address: (03171) 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul
Cybercrime investigation department of the Supreme Prosecutors’ Office
- 02-3480-3573 (www.spo.go.kr)
Cyber safety department of the Korean National Police Agency
- 182 (https://cyberbureau.police.go.kr)
This revision of the Personal Information Management Policy takes effect starting April 8, 2022
Samsung C&T's Trading & Investment Group (“the company”) strives to protect the personal information of its customers by observing all regulations related to personal information protection under the relevant laws, including the Personal Information Protection Act and Act on Promotion of Information and Communications Network Utilization and Information Protection.
The company informs all the relevant parties of policies related to the handling and management of personal information provided by customers, such as items and purpose of handling and managing personal information collected, period for handling, management and retention, rights and obligations of customers and methods of exercising rights, measures to secure safety of personal information through the Personal Information Handling and Management Policy of Samsung C&T Corporation (“this policy”). The company shall publicly announce any changes in this policy by posting a public notice on its website (http://trading.samsungcnt.com/EN/trading/index.do).
①The company collects the following types of personal information.
Type | Collected items |
---|---|
Handling of customer inquiries | |
Information created and collected in the process of using services | Cookies, service usage records, access logs, access IP information |
Security notification (Report) |
②The methods of collection are as follows.
Customer inquiries posted on the website and reports to the security report center
Data gathering tool
The company handles and manages personal information for the following purposes. The handled and managed personal information shall not be used for any purpose other than the following purposes, and if there is any change in the purpose of using personal information, necessary measures such as obtaining a separate consent shall be taken in accordance with the Personal Information Protection Act.
①Handling of customer inquiries: Personal information is handled and managed for the purpose of making contact and replying to the customer for confirmation and fact finding in the event of customer inquiries.
②Security notification (Report): Personal information is handled and managed to reply to complaints, and provide security notifications (Report).
①The company uses the personal information of its users within the scope specified under "2. Purpose of Collection and Use of Personal Information." The company shall not go beyond the purpose of use and make such information public without the prior consent of the user, except in the following circumstances:
If the user gives consent in advance
If the company is faced with an inevitable situation of abiding by the regulation or the law and/or conforming to the request of a public organization so as to perform its duty pursuant to the law
②The company currently does not provide the personal information of users to third parties.
The company entrusts the handling and management of personal information as follows to improve service quality, and regulates matters required to safely manage personal information when signing an entrustment contract in accordance with the relevant laws.
①The company entrusts the handling and management of personal information as follows.
Entrusted company | Entrusted tasks |
---|---|
Samsung SDS, Penta Systems Technology Inc. | Maintenance and management of website |
②The company shall specify matters related to the following in official documents such as the contract in accordance with Article 26 of the Personal Information Protection Act and Article 25 of Act on Promotion of Information and Communications Network Utilization and Information Protection: prohibition of handling personal information for purposes other than conducting entrusted tasks, technical and managerial protection measures, restriction of re-entrustment, management and supervision over the entrusted company and compensation for damages,. The company supervises the entrusted company to ensure the safe handling of personal information.
③If any change is made in the contents of entrusted tasks or the entrusted company, such information shall be reported through this policy.
Period for the handling, management and retention of personal information is as follows.
Type | Period for handling, management and retention |
---|---|
Personal information collected and used when inevitable according to special regulations of laws or legal obligations | For the retention period required by the relevant laws |
Personal information collected and used according to individual consent (via email) | Until the purpose of its collection and use is fulfilled |
The company destroys personal information without delay once the period for handling, management and retention of personal information has passed or the purpose of its collection and use has been fulfilled.
However, the company may retain personal information for which the period of retention and use has elapsed if the information must be “retained according to other laws” or when “individual consent from the customer has been received.”
①Viewing of personal information
The customer may request to view his or her personal information handled and managed by the company through the personal information manager under Article 10 of this policy, and the company shall allow the customer to view his or her personal information within 10 days from the date of receiving such request. However, if there is a justifiable reason for the access to not be permitted within the above period, the handling of the request can be delayed by notifying the customer of the reason, and when the corresponding reason is no longer valid, the information can be viewed by the customer without delay.
If the company intends to delay, restrict or refuse access to the information, the company shall notify the customer of the reason for such delay, restriction or refusal and of a method through which the customer can make an objection through writing, email or facsimile within 5 days from the date the request for inquiry has been received. The company may restrict or refuse customers’ request to view his or her personal information after notifying the subject of the information in any of the following circumstances: the request is prohibited or restricted subject to relevant laws; the request may be threatening to other peoples' lives or health; or the request may unfairly infringe on properties and benefits of other people.
②Modification and deletion of personal information
The customer who makes a request to view his or her personal information according to the preceding paragraph may request the company's personal information manager to modify or delete the information. However, if the information is stated in other laws as the subject of collection, the customer cannot request deletion.
When the request for modification and deletion of personal information is made, the company must immediately investigate the personal information and take necessary measures such as modification and deletion of information upon the request of the customer, and notify the result to the customer except when there are special procedures related to modification or deletion of personal information specified in other laws.
If a customer requests that an error in personal information be corrected, the personal information concerned will not be used or provided before such correction is completed. If the incorrect personal information has already been provided to a third party, the company will immediately notify the correction to the third party to request a consequent correction.
When the company deletes personal information, it must be deleted in a manner that will prevent its restoration or reproduction, and if the personal information the customer has requested to be modified or deleted cannot be deleted because the corresponding information is defined as a subject of collection under other laws, the customer must immediately be notified.
When investigating information following a customer’s request for modification and deletion of personal information, the company may ask the customer to submit relevant data confirming the request for modification and deletion.
The detailed methods and procedures for modification and deletion of personal information are subject to those of viewing personal information.
③Suspension of handling and management of personal information
Customers may request the company to suspend the handling and management of their personal information through the personal information manager.
The company shall immediately suspend the handling and management of personal information in whole or in part at the request of the customer. However, the company may reject such request in any of the following circumstances:
· If there are special regulations under laws that inevitably require the company to collect and handle such information;
· If a risk is posed to the life and health of other people, or the properties and benefits of other people may be unfairly infringed upon; and,
· If it is difficult to fulfill a contract with the customer if personal information is not handled and managed, and the customer has not clearly indicated intent to cancel the contract.
If the company rejects the customer’s request to suspend its handling and management of personal information, the company shall immediately notify the reason to the customer..
When the handling and management of personal information has been suspended according to the request of the customer, the company shall immediately take necessary measures, such as destruction of the corresponding information.
The detailed methods and procedures for suspension of handling and management of personal information are subject to those of viewing personal information.
④Methods and procedures of exercising rights
Customers may request a representative to view, modify, delete, and obtain information regarding the handling and management of his or her personal information (“requests such as viewing”) based on the methods and procedures specified in Article 45 of the Personal Information Protection Act.
The company may demand the payment of commission and postage fee (only when a mailed copy is requested) from a person who makes a request such as a request to view personal information in accordance with the Personal Information Protection Act.
Customers may make a request such as a request to view personal information through the personal information manager, and contact the personal information manager if there are any additional inquiries.
The company immediately destroys personal information once the personal information of customers is no longer necessary, for reasons such as the lapse of the personal information retention period and/or the achievement of the purpose of handling and management of personal information. However, if personal information must be stored in accordance with another law (Protection of Communications Secrets Act), the corresponding personal information is transferred to a separate database (DB) or stored in a different storage place. Detailed destruction procedures and methods are as follows:
①Destruction procedure
The company selects personal information to be destroyed, and destroys such information upon the approval of the personal information supervisor of the company.
②Destruction method
Personal information saved in the form of an electronic file shall be permanently deleted through a technical method that prevents its reproduction, while printed and/or written documents that record personal information are shredded or incinerated.
①What are cookies?
The company uses cookies to store and load user information, thereby providing personalized and customized service.
Cookies are small text files that are sent from the company web server to the user’s browser, and are stored on the user’s hard drive. When users visit the website in the future, the website server will read the cookies in the hard drive to maintain the user’s settings and provide customized service.
②Purpose of using cookies
Cookies are used to identify the user’s website usage pattern, whether the user accesses through secure connection, and the number of the users in order to provide optimal customized service.
③Installation, operation, and denial of cookies
Users have the right to opt in or out of installation of cookies. Users may choose to allow all cookies, to confirm every time cookies are enabled, or to block all cookies by making adjustments in the web browser settings.
Denying installation of cookies may limit the usage of the services provided.
How to enable cookies (Internet Explorer):
(Top right side of the browser) Tools 〉Internet Options 〉Privacy 〉Advanced 〉Advanced Privacy Settings
①Administrative measures
Establish and implement internal administrative plans for the safe handling and management of personal information
Establish and implement training plans for employees or other staffs entrusted to directly handle and process personal information
Conduct regular internal inspection according to internal administrative plans
②Technical measures
Restriction and management of rights to access personal information
Identification and verification to confirm rights to access personal information
System installation or other measures to block unauthorized access to personal information
Encryption of personal information for safe storage and transfer
Measures for storage of access records and prevention of forging and falsification of such records
Installation of security program and its regular renewal and inspection
③Physical measures
Access control and locking device for safe storage of personal information
The company designates a department in charge of personal information management, personal information supervisor and personal information manager as follows to protect the personal information of customers, process and address complaints, and remedy issues related to handling and processing of personal information.
Department: Human Resources Team
Supervisor: Senior Vice President Cheolwoong Lee
Manager: Professional Dongho Kim
Tel: 82-2-2145-2233
Customers may report any complaint and/or request relief to the personal information protection supervisor or manager for damages related to the handling and management of personal information. The company will promptly respond and address customer reports.
To report or receive counselling concerning violation of personal privacy, please contact the following agencies:
Privacy Information Violation Report Center (https://privacy.kisa.or.kr / +82-118)
Personal Information Dispute Mediation Committee (https://www.kopico.go.kr / +82-1833-6972)
Supreme Public Prosecutor's Office - Cybercrime Unit (https://cybercid.spo.go.kr / +82-1301)
Korean National Police Agency - Cyber Bureau (https://cyberbureau.police.go.kr / +82-182)
This policy takes effect on March 8, 2019.
Samsung C&T's Trading & Investment Group (“the company”) strives to protect the personal information of its customers by observing all regulations related to personal information protection under the relevant laws, including the Personal Information Protection Act and Act on Promotion of Information and Communications Network Utilization and Information Protection.
The company informs all the relevant parties of policies related to the handling and management of personal information provided by customers, such as items and purpose of handling and managing personal information collected, period for handling, management and retention, rights and obligations of customers and methods of exercising rights, measures to secure safety of personal information through the Personal Information Handling and Management Policy of Samsung C&T Corporation (“this policy”). The company shall publicly announce any changes in this policy by posting a public notice on its website (http://trading.samsungcnt.com/EN/trading/index.do).
①The company collects the following types of personal information.
Type | Collected items |
---|---|
Handling of customer inquiries | |
Information created and collected in the process of using services | Cookies, service usage records, access logs, access IP information |
Security notification (Report) |
②The methods of collection are as follows.
Customer inquiries posted on the website and reports to the security report center
Data gathering tool
The company handles and manages personal information for the following purposes. The handled and managed personal information shall not be used for any purpose other than the following purposes, and if there is any change in the purpose of using personal information, necessary measures such as obtaining a separate consent shall be taken in accordance with the Personal Information Protection Act.
①Handling of customer inquiries : Personal information is handled and managed for the purpose of making contact and replying to the customer for confirmation and fact finding in the event of customer inquiries.
②Security notification (Report): Personal information is handled and managed to reply to complaints, and provide security notifications (Report).
①The company uses the personal information of its users within the scope specified under "2. Purpose of Collection and Use of Personal Information." The company shall not go beyond the purpose of use and make such information public without the prior consent of the user, except in the following circumstances:
If the user gives consent in advance
If it does so pursuant to the regulations of the laws, or if there is a request by an investigative authority according to the procedures and methods established by laws for investigation purposes
②The company currently does not provide the personal information of users to third parties.
The company entrusts the handling and management of personal information as follows to improve service quality, and regulates matters required to safely manage personal information when signing an entrustment contract in accordance with the relevant laws.
①The company entrusts the handling and management of personal information as follows.
Entrusted company | Entrusted tasks |
---|---|
Samsung SDS | Maintenance and management of website |
②The company shall specify matters related to the following in official documents such as the contract in accordance with Article 26 of the Personal Information Protection Act and Article 25 of Act on Promotion of Information and Communications Network Utilization and Information Protection: prohibition of handling personal information for purposes other than conducting entrusted tasks, technical and managerial protection measures, restriction of re-entrustment, management and supervision over the entrusted company and compensation for damages,. The company supervises the entrusted company to ensure the safe handling of personal information.
③If any change is made in the contents of entrusted tasks or the entrusted company, such information shall be reported through this policy.
Period for the handling, management and retention of personal information is as follows.
Type | Period for handling, management and retention |
---|---|
Personal information collected and used when inevitable according to special regulations of laws or legal obligations | For the retention period required by the relevant laws |
Personal information collected and used according to individual consent (via email) | Until the purpose of its collection and use is fulfilled |
The company destroys personal information without delay once the period for handling, management and retention of personal information has passed or the purpose of its collection and use has been fulfilled.
However, the company may retain personal information for which the period of retention and use has elapsed if the information must be “retained according to other laws” or when “individual consent from the customer has been received.”
①Viewing of personal information
The customer may request to view his or her personal information handled and managed by the company through the personal information manager under Article 10 of this policy, and the company shall allow the customer to view his or her personal information within 10 days from the date of receiving such request. However, if there is a justifiable reason for the access to not be permitted within the above period, the handling of the request can be delayed by notifying the customer of the reason, and when the corresponding reason is no longer valid, the information can be viewed by the customer without delay.
If the company intends to delay, restrict or refuse access to the information, the company shall notify the customer of the reason for such delay, restriction or refusal and of a method through which the customer can make an objection through writing, email or facsimile within 5 days from the date the request for inquiry has been received. The company may restrict or refuse customers’ request to view his or her personal information after notifying the subject of the information in any of the following circumstances: the request is prohibited or restricted subject to relevant laws; the request may be threatening to other peoples' lives or health; or the request may unfairly infringe on properties and benefits of other people.
②Modification and deletion of personal information
The customer who makes a request to view his or her personal information according to the preceding paragraph may request the company's personal information manager to modify or delete the information. However, if the information is stated in other laws as the subject of collection, the customer cannot request deletion.
When the request for modification and deletion of personal information is made, the company must immediately investigate the personal information and take necessary measures such as modification and deletion of information upon the request of the customer, and notify the result to the customer except when there are special procedures related to modification or deletion of personal information specified in other laws.
If a customer requests that an error in personal information be corrected, the personal information concerned will not be used or provided before such correction is completed. If the incorrect personal information has already been provided to a third party, the company will immediately notify the correction to the third party to request a consequent correction.
When the company deletes personal information, it must be deleted in a manner that will prevent its restoration or reproduction, and if the personal information the customer has requested to be modified or deleted cannot be deleted because the corresponding information is defined as a subject of collection under other laws, the customer must immediately be notified.
When investigating information following a customer’s request for modification and deletion of personal information, the company may ask the customer to submit relevant data confirming the request for modification and deletion.
The detailed methods and procedures for modification and deletion of personal information are subject to those of viewing personal information.
③Suspension of handling and management of personal information
Customers may request the company to suspend the handling and management of their personal information through the personal information manager.
The company shall immediately suspend the handling and management of personal information in whole or in part at the request of the customer. However, the company may reject such request in any of the following circumstances:
· If there are special regulations under laws that inevitably require the company to collect and handle such information;
· If a risk is posed to the life and health of other people, or the properties and benefits of other people may be unfairly infringed upon; and,
· If it is difficult to fulfill a contract with the customer if personal information is not handled and managed, and the customer has not clearly indicated intent to cancel the contract.
If the company rejects the customer’s request to suspend its handling and management of personal information, the company shall immediately notify the reason to the customer..
When the handling and management of personal information has been suspended according to the request of the customer, the company shall immediately take necessary measures, such as destruction of the corresponding information.
The detailed methods and procedures for suspension of handling and management of personal information are subject to those of viewing personal information.
④Methods and procedures of exercising rights
Customers may request a representative to view, modify, delete, and obtain information regarding the handling and management of his or her personal information (“requests such as viewing”) based on the methods and procedures specified in Article 45 of the Personal Information Protection Act.
The company may demand the payment of commission and postage fee (only when a mailed copy is requested) from a person who makes a request such as a request to view personal information in accordance with the Personal Information Protection Act.
Customers may make a request such as a request to view personal information through the personal information manager, and contact the personal information manager if there are any additional inquiries.
The company immediately destroys personal information once the personal information of customers is no longer necessary, for reasons such as the lapse of the personal information retention period and/or the achievement of the purpose of handling and management of personal information. However, if personal information must be stored in accordance with another law (Protection of Communications Secrets Act), the corresponding personal information is transferred to a separate database (DB) or stored in a different storage place. Detailed destruction procedures and methods are as follows:
①Destruction procedure
- The company selects personal information to be destroyed, and destroys such information upon the approval of the personal information supervisor of the company.
②Destruction method
Personal information saved in the form of an electronic file shall be permanently deleted through a technical method that prevents its reproduction, while printed and/or written documents that record personal information are shredded or incinerated.
①What are cookies?
The company uses cookies to store and load user information, thereby providing personalized and customized service.
Cookies are small text files that are sent from the company web server to the user’s browser, and are stored on the user’s hard drive. When users visit the website in the future, the website server will read the cookies in the hard drive to maintain the user’s settings and provide customized service.
②Purpose of using cookies
Cookies are used to identify the user’s website usage pattern, whether the user accesses through secure connection, and the number of the users in order to provide optimal customized service.
③Installation, operation, and denial of cookies
Users have the right to opt in or out of installation of cookies. Users may choose to allow all cookies, to confirm every time cookies are enabled, or to block all cookies by making adjustments in the web browser settings.
Denying installation of cookies may limit the usage of the services provided.
How to enable cookies (Internet Explorer):
(Top right side of the browser)
Tools 〉Internet Options 〉Privacy 〉Advanced Privacy Settings
①Administrative measures
Establish and implement internal administrative plans for the safe handling and management of personal information
Establish and implement training plans for employees or other staffs entrusted to directly handle and process personal information
Conduct regular internal inspection according to internal administrative plans
②Technical measures
Restriction and management of rights to access personal information
Identification and verification to confirm rights to access personal information
System installation or other measures to block unauthorized access to personal information
Encryption of personal information for safe storage and transfer
Measures for storage of access records and prevention of forging and falsification of such records
Installation of security program and its regular renewal and inspection
③Physical measures
Access control and locking device for safe storage of personal information
The company designates a department in charge of personal information management, personal information supervisor and personal information manager as follows to protect the personal information of customers, process and address complaints, and remedy issues related to handling and processing of personal information.
Department: Human Resources Team
Supervisor: Vice President Cheolwoong Lee
Manager: Senior Manager Chansu Jun
Tel: 82-2-2145-2114
Customers may report any complaint and/or request relief to the personal information protection supervisor or manager for damages related to the handling and management of personal information. The company will promptly respond and address customer reports.
To report or receive counselling concerning violation of personal privacy, please contact the following agencies:
Privacy Information Violation Report Center (http://privacy.kisa.or.kr / +82-118)
Information Protection Mark Certification Committee (http://www.eprivacy.or.kr / +82-2-580-0533~4)
Supreme Public Prosecutor's Office - Cybercrime Unit (http://www.spo.go.kr / +82-2-3480-2000)
National Police Agency - Cyber Bureau (http://www.ctrc.go.kr / +82-2-392-0330)
This policy takes effect on September 1, 2015.