- Privacy Policy V 1.0
-
Hanwha System (hereinafter referred to as the "Company") processes and safely manages personal information in compliance with the Personal Information Protection Act and related laws to protect the freedom and rights of information subjects. Accordingly, in accordance with Article 30 of the Personal Information Protection Act, the following personal information processing policies are established and disclosed to inform the data subject of procedures and standards for personal information processing and to handle complaints quickly and smoothly.
- 1. Purpose of processing personal information
- 2. Processing and retention period of personal information
- 3. Matters concerning the processing of personal information of children under the age of 14
- 4. Matters concerning the provision of personal information to third parties
- 5. Matters concerning the entrustment of personal information processing
- 6. Matters concerning procedures and methods for destroying personal information
- 7. Matters concerning the rights, obligations, and methods of exercise of the information subject and legal representative
- 8. Matters concerning measures to ensure the stability of personal information
- 9. Matters concerning the installation and operation of a device that automatically collects personal information and its refusal
- 10. Matters concerning the person in charge of personal information protection
- 11. Relief methods for infringement of rights and interests of information subjects
- 12. Matters concerning changes to the personal information processing policy
-
- 1 Purpose of processing personal information
-
The company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent under Article 18 of the Personal Information Protection Act.
Type Basis for operation Purpose of processing Newsletter Information subject consent Introduce Hanwha System's products to customers Contact Customer Center Information subject consent Receiving customer inquiries and suggestions
-
- 2Processing and retention period of personal information
- ①The company processes and retains personal information within the period of personal information retention and use under the Act or within the period of personal information retention and use agreed upon by the data subject.
-
②The processing and retention period of each personal information is as follows.
Type Basis for operation Purpose of processing Use and retention period Newsletter Information subject consent (Required) Email When withdrawing a customer Contact Customer Center Information subject consent (Required) Name, mobile phone number, email 1 year after customer center inquiry
-
- 3Matters concerning the processing of personal information of children under the age of 14
- The company does not collect personal information for children under the age of 14.
-
- 4Matters concerning the provision of personal information to third parties
- The company does not provide the personal information to third parties.
-
- 5Matters concerning the entrustment of personal information processing
-
①The company entrusts the processing of personal information as follows for smooth processing of personal information.
A consigned company Commissioned work Period of retention and use - Company Name: Nice Evaluation Information Co., Ltd
- Address: 17, Eunhaeng-ro, Yeongdeungpo-gu, Seoul (Yeouido-dong)
- Phone number: 02-2122-4000
Identification of yourself by the end of the consignment contract - Company name: HUBEZ Co., Ltd
- Address: Deciangflex B101-B103, 1749 Achasan-ro, Seongdong-gu, Seoul, Republic of Korea
- Phone number: 02-3409-2664
Newsletter a shipping agent by the end of the consignment contract - Company name: Human Power Co., Ltd
- Address: 5th floor, Toegye-ro 286, Jung-gu, Seoul (Ssangrim-dong, Ssangrim Building)
- Phone number: 02-2038-2720
Service Maintenance by the end of the consignment contract - ②According to Article 26 of the Personal Information Protection Act, the company stipulates the prohibition of personal information processing, technical and management protection measures, restrictions on re-entrustment, management and supervision of the trustee, and supervises the safe handling of personal information.
- ③If the contents of the entrusted work or the trustee changes, we will disclose it through this personal information processing policy without delay.
-
- 6Matters concerning procedures and methods for destroying personal information
- ①When personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing, the company destroys the personal information without delay.
- ②If personal information must be preserved in accordance with other laws and regulations even though the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or stored differently.
-
③After the purpose of using the collected personal information is achieved, the company destroys the information without delay according to the storage period and use period. The procedure, method, and time of destruction are as follows.
- The personal information recorded by the customer for service use shall be deleted or destroyed after the retention period according to the internal policy and other relevant laws and regulations (see retention and use period of the personal information above) has been achieved. In general, personal information collected by the company and managed in the form of an electronic file is deleted immediately when the purpose is achieved.
- The personal information printed on the paper is destroyed by crushing or incinerating it with a shredder or dissolving it by chemical treatment, and the personal information stored in the form of an electronic file is deleted using a technical method that cannot be reproduced.
-
- 7Matters concerning the rights and obligations of the data subject and the method of exercise thereof
- ①The information subject may exercise the right of the company to view, correct, delete, and stop processing personal information at any time.
- ②The exercise of rights may be conducted in writing, e-mail, fax, etc. in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
- ③You can also exercise your rights through a legal representative of the information subject or an agent such as a delegated person. In this case, "Notification of the method of processing personal information (No. 2020-7)" You have to submit a power of attorney according to attached Form 11.
- ④Requests for suspension of personal information access and processing may restrict the rights of data subjects pursuant to Articles 35 (4) and 37 (2) of the Personal Information Protection Act.
- ⑤Requests for correction and deletion of personal information cannot be requested if other laws specify that the personal information is subject to collection.
- ⑥The company checks whether it is a party or a legitimate agent who made a request for perusal, correction and deletion, or suspension of processing according to the rights of the information subject.
-
- 8Matters concerning measures to ensure the stability of personal information
-
①The company takes the following technical, administrative, and physical measures necessary to ensure safety so that personal information is not lost, stolen, leaked, tampered with, or damaged.
Type Main contents Establishment and implementation of internal management plan Establish an internal management plan and implement it for personal information protection. Minimize the number of personal information handlers and implement education We are implementing measures to manage personal information by designating and minimizing the person in charge of handling personal information. Restriction of access to personal information We take necessary measures to control access to personal information by granting, changing, and canceling access to the database system that processes personal information, and use the intrusion prevention system to control unauthorized access from outside. Type Main contents Storage of access records and prevention of forgery and alteration Records of access to the personal information processing system (web logs, summary information, etc.) are kept and managed for at least two years, and security functions are used to prevent forgery, alteration, theft, and loss of access records. Technical countermeasures against hacking, etc In order to prevent personal information leakage and damage caused by hacking or computer viruses, security programs are installed, periodically updated, and checked, systems are installed in areas with controlled access from the outside, technically and physically monitored and blocked. It also detects attempts to monitor network traffic, as well as illegally changing information. Access control for unauthorized persons Access control procedures are operated by providing a separate physical storage location for the personal information processing system that stores personal information. - ②In order to ensure the safety of personal information, the company conducts the following activities in addition to those prescribed by laws and regulations.
- ③Privacy activities: including privacy within ESG activities
- ④Acquisition of domestic and foreign information protection certification: ISO/IEC 27001, ISMS, etc
- 8Matters concerning measures to ensure the stability of personal information
-
- 9Matters concerning the installation and operation of devices that automatically collect personal information and the refusal thereof
- ①In order to provide individual customized services to executives and employees, the company may use "cookies" that store and recall usage information from time to time.
-
②Cookies are a small amount of information sent by the server (http) used to run the website to the user's computer browser and are also stored on the user's PC computer's hard disk.
Type Main contents Purpose of Use of Cookies - Users have the option to install cookies. Therefore, users can allow all cookies by setting options in their web browser, go through confirmation whenever cookies are saved, or refuse to save all cookies
How to reject cookie settings - As a way to refuse to set up cookies, you can allow all cookies, go through confirmation every time you save them, or refuse to save all cookies by selecting the options in your web browser.
- However, if the user refuses to install cookies, there may be difficulties in providing the service.
- Example of how to set up (Chrome): Tools at the top of your web browser > Settings > Privacy and Security > Cookies and other site data
- Example of how to set up (Microsoft Edge): Tools > Settings > Cookies and Site Privileges at the top of the web browser
- Refusing to save cookies may cause difficulties in using customized services.
- 9Matters concerning the installation and operation of devices that automatically collect personal information and the refusal thereof
-
- 10Matters concerning the person in charge of personal information protection
-
①The company is in charge of personal information processing, and the person in charge of personal information protection is designated as follows for handling complaints, damage relief, request for perusal, report/consultation, etc. of the data subject related to personal information processing.
Type Name (Premium) Contact Email Chief Privacy Officer Kwansoon Park 02-6313-3114 privacy@hanwha.com The department responsible for personal information an information security office - ②The information subject may contact the chief privacy officer and the department in charge of all personal information protection inquiries, complaints, damage relief, etc. arising from the use of the company's services (or business). The company will respond and handle inquiries from the information subject without delay.
- 10Matters concerning the person in charge of personal information protection
-
- 11Methods of remedy for infringement of rights and interests of data subjects
-
①In order to receive relief for personal information infringement, the information subject may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, etc. In addition, please contact the institution below for reports and counseling on other personal information infringement.
Agency Contact Home Page Personal Information Dispute Mediation Committee (without country number) 1833-6972 www.kopico.go.kr Personal Information Infringement Reporting Center (without country number) 118 privacy.kisa.or.kr Supreme Prosecutors' Office (without national number) 1301 www.spo.go.kr National Police Agency Cyber Investigation Bureau (without country code) 182 cyberbureau.police.go.kr -
②A person who has been infringed on his/her rights or interests due to a disposition or omission made by the head of a public institution for requests under Articles 35 (access of personal information), 36 (correction and deletion of personal information), and 37 (stopping processing of personal information, etc.) may request an administrative trial as prescribed by the Administrative Appeals Act.
Agency Contact Home Page Central Administrative Appeals Board (without country code) 110 www.simpan.go.kr
- 11Methods of remedy for infringement of rights and interests of data subjects
-
- 12Matters concerning the modification of the personal information processing policy
- ①If there is an addition, deletion, or modification of the contents of this personal information processing policy, we will notify you on the website seven days before the change is implemented.
- ②This personal information processing policy will be applied from 2023.4.23.
- 12Matters concerning the modification of the personal information processing policy