Hanwha System (hereinafter referred to as the "Company") processes and safely manages personal information in compliance with the Personal Information Protection Act and related laws to protect the freedom and rights of information subjects. Accordingly, in accordance with Article 30 of the Personal Information Protection Act, the following personal information processing policies are established and disclosed to inform the data subject of procedures and standards for personal information processing and to handle complaints quickly and smoothly.

1. 1. Purpose of processing personal information
2. 2. Processing and retention period of personal information
3. 3. Matters concerning the processing of personal information of children under the age of 14
4. 4. Matters concerning the provision of personal information to third parties
5. 5. Matters concerning the entrustment of personal information processing
6. 6. Matters concerning procedures and methods for destroying personal information
7. 7. Matters concerning the rights, obligations, and methods of exercise of the information subject and legal representative
8. 8. Matters concerning measures to ensure the stability of personal information
9. 9. Matters concerning the installation and operation of a device that automatically collects personal information and its refusal
10. 10. Matters concerning the person in charge of personal information protection
11. 11. Relief methods for infringement of rights and interests of information subjects
12. 12. Matters concerning changes to the personal information processing policy

• 1 Purpose of processing personal information

  The company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent under Article 18 of the Personal Information Protection Act.

  Type	Basis for operation	Purpose of processing
  Newsletter	Information subject consent	Introduce Hanwha System's products to customers
  Contact Customer Center	Information subject consent	Receiving customer inquiries and suggestions

• 2Processing and retention period of personal information

  ①The company processes and retains personal information within the period of personal information retention and use under the Act or within the period of personal information retention and use agreed upon by the data subject.

  ②The processing and retention period of each personal information is as follows.

  Type	Basis for operation	Purpose of processing	Use and retention period
  Newsletter	Information subject consent	(Required) Email	When withdrawing a customer
  Contact Customer Center	Information subject consent	(Required) Name, mobile phone number, email	1 year after customer center inquiry

• 3Matters concerning the processing of personal information of children under the age of 14

  The company does not collect personal information for children under the age of 14.

• 4Matters concerning the provision of personal information to third parties

  The company does not provide the personal information to third parties.

• 5Matters concerning the entrustment of personal information processing

  ①The company entrusts the processing of personal information as follows for smooth processing of personal information.

  A consigned company	Commissioned work	Period of retention and use
  Company Name: Nice Evaluation Information Co., Ltd Address: 17, Eunhaeng-ro, Yeongdeungpo-gu, Seoul (Yeouido-dong) Phone number: 02-2122-4000	Identification of yourself	by the end of the consignment contract
  Company name: HUBEZ Co., Ltd Address: Deciangflex B101-B103, 1749 Achasan-ro, Seongdong-gu, Seoul, Republic of Korea Phone number: 02-3409-2664	Newsletter a shipping agent	by the end of the consignment contract
  Company name: Human Power Co., Ltd Address: 5th floor, Toegye-ro 286, Jung-gu, Seoul (Ssangrim-dong, Ssangrim Building) Phone number: 02-2038-2720	Service Maintenance	by the end of the consignment contract

  ②According to Article 26 of the Personal Information Protection Act, the company stipulates the prohibition of personal information processing, technical and management protection measures, restrictions on re-entrustment, management and supervision of the trustee, and supervises the safe handling of personal information.

  ③If the contents of the entrusted work or the trustee changes, we will disclose it through this personal information processing policy without delay.

• 6Matters concerning procedures and methods for destroying personal information

  ①When personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing, the company destroys the personal information without delay.

  ②If personal information must be preserved in accordance with other laws and regulations even though the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or stored differently.

  ③After the purpose of using the collected personal information is achieved, the company destroys the information without delay according to the storage period and use period. The procedure, method, and time of destruction are as follows.

  • The personal information recorded by the customer for service use shall be deleted or destroyed after the retention period according to the internal policy and other relevant laws and regulations (see retention and use period of the personal information above) has been achieved. In general, personal information collected by the company and managed in the form of an electronic file is deleted immediately when the purpose is achieved.
  • The personal information printed on the paper is destroyed by crushing or incinerating it with a shredder or dissolving it by chemical treatment, and the personal information stored in the form of an electronic file is deleted using a technical method that cannot be reproduced.

• 7Matters concerning the rights and obligations of the data subject and the method of exercise thereof

  ①The information subject may exercise the right of the company to view, correct, delete, and stop processing personal information at any time.

  ②The exercise of rights may be conducted in writing, e-mail, fax, etc. in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.

  ③You can also exercise your rights through a legal representative of the information subject or an agent such as a delegated person. In this case, "Notification of the method of processing personal information (No. 2020-7)" You have to submit a power of attorney according to attached Form 11.

  ④Requests for suspension of personal information access and processing may restrict the rights of data subjects pursuant to Articles 35 (4) and 37 (2) of the Personal Information Protection Act.

  ⑤Requests for correction and deletion of personal information cannot be requested if other laws specify that the personal information is subject to collection.

  ⑥The company checks whether it is a party or a legitimate agent who made a request for perusal, correction and deletion, or suspension of processing according to the rights of the information subject.

• 8Matters concerning measures to ensure the stability of personal information

  ①The company takes the following technical, administrative, and physical measures necessary to ensure safety so that personal information is not lost, stolen, leaked, tampered with, or damaged.

  Type	Main contents
  Establishment and implementation of internal management plan	Establish an internal management plan and implement it for personal information protection.
  Minimize the number of personal information handlers and implement education	We are implementing measures to manage personal information by designating and minimizing the person in charge of handling personal information.
  Restriction of access to personal information	We take necessary measures to control access to personal information by granting, changing, and canceling access to the database system that processes personal information, and use the intrusion prevention system to control unauthorized access from outside.

  Type	Main contents
  Storage of access records and prevention of forgery and alteration	Records of access to the personal information processing system (web logs, summary information, etc.) are kept and managed for at least two years, and security functions are used to prevent forgery, alteration, theft, and loss of access records.
  Technical countermeasures against hacking, etc	In order to prevent personal information leakage and damage caused by hacking or computer viruses, security programs are installed, periodically updated, and checked, systems are installed in areas with controlled access from the outside, technically and physically monitored and blocked. It also detects attempts to monitor network traffic, as well as illegally changing information.
  Access control for unauthorized persons	Access control procedures are operated by providing a separate physical storage location for the personal information processing system that stores personal information.

  ②In order to ensure the safety of personal information, the company conducts the following activities in addition to those prescribed by laws and regulations.

  ③Privacy activities: including privacy within ESG activities

  ④Acquisition of domestic and foreign information protection certification: ISO/IEC 27001, ISMS, etc

• 9Matters concerning the installation and operation of devices that automatically collect personal information and the refusal thereof

  ①In order to provide individual customized services to executives and employees, the company may use "cookies" that store and recall usage information from time to time.

  ②Cookies are a small amount of information sent by the server (http) used to run the website to the user's computer browser and are also stored on the user's PC computer's hard disk.

  Type	Main contents
  Purpose of Use of Cookies	Users have the option to install cookies. Therefore, users can allow all cookies by setting options in their web browser, go through confirmation whenever cookies are saved, or refuse to save all cookies
  How to reject cookie settings	As a way to refuse to set up cookies, you can allow all cookies, go through confirmation every time you save them, or refuse to save all cookies by selecting the options in your web browser. However, if the user refuses to install cookies, there may be difficulties in providing the service. Example of how to set up (Chrome): Tools at the top of your web browser > Settings > Privacy and Security > Cookies and other site data Example of how to set up (Microsoft Edge): Tools > Settings > Cookies and Site Privileges at the top of the web browser Refusing to save cookies may cause difficulties in using customized services.

• 10Matters concerning the person in charge of personal information protection

  ①The company is in charge of personal information processing, and the person in charge of personal information protection is designated as follows for handling complaints, damage relief, request for perusal, report/consultation, etc. of the data subject related to personal information processing.

  Type	Name (Premium)	Contact	Email
  Chief Privacy Officer	Kwansoon Park	02-6313-3114	privacy@hanwha.com
  The department responsible for personal information	an information security office

  ②The information subject may contact the chief privacy officer and the department in charge of all personal information protection inquiries, complaints, damage relief, etc. arising from the use of the company's services (or business). The company will respond and handle inquiries from the information subject without delay.

• 11Methods of remedy for infringement of rights and interests of data subjects

  ①In order to receive relief for personal information infringement, the information subject may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, etc. In addition, please contact the institution below for reports and counseling on other personal information infringement.

  Agency	Contact	Home Page
  Personal Information Dispute Mediation Committee	(without country number) 1833-6972	www.kopico.go.kr
  Personal Information Infringement Reporting Center	(without country number) 118	privacy.kisa.or.kr
  Supreme Prosecutors' Office	(without national number) 1301	www.spo.go.kr
  National Police Agency Cyber Investigation Bureau	(without country code) 182	cyberbureau.police.go.kr

  ②A person who has been infringed on his/her rights or interests due to a disposition or omission made by the head of a public institution for requests under Articles 35 (access of personal information), 36 (correction and deletion of personal information), and 37 (stopping processing of personal information, etc.) may request an administrative trial as prescribed by the Administrative Appeals Act.

  Agency	Contact	Home Page
  Central Administrative Appeals Board	(without country code) 110	www.simpan.go.kr

• 12Matters concerning the modification of the personal information processing policy

  ①If there is an addition, deletion, or modification of the contents of this personal information processing policy, we will notify you on the website seven days before the change is implemented.

  ②This personal information processing policy will be applied from 2023.4.23.