We at Hyundai Doosan Infracore Co., Ltd. (hereafter: “we,” “us,” “our”) comply with the personal information protection clauses of the relevant laws, including the Personal Information Protection Act and the Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc. We also do everything we can to protect the rights and interests of data subjects including our customers, employees, homepage users, etc. in accordance with the Personal Information Handling Guidelines (“the GUIDELINES”) that we have established under the relevant law.
We make it a rule to inform all data subjects of the items of personal information that we collect from them, the purpose of such collection, and the steps we take to protect their personal information according to the GUIDELINES. In the event of a revision of the GUIDELINES, we will put up a public notice on our website or inform each individual data subject thereof.
We disclose the following guidelines on personal information protection: the GUIDELINES concerning the protection of data subjects’ personal information handled by us, and the Guidelines on the Operation and Management of Video Information Processing Devices concerning the protection of individual video information.
We apply separate guidelines concerning our other websites.
“Personal information” refers to the name, resident registration number, video image etc. included in the information on a living individual, which is used to identify that individual (including information that can only be used to identify an individual in combination with other information). “Data subject” refers to a person who, as the subject of the collected information, can be identified with the processed information. We display the GUIDELINES on the first screen of our homepage (www.develon-ce.com) to allow users to consult them easily at any time.
Purpose of processing personal information
We process personal information for the following purposes.
[Concerning services provided by us]
Membership management; processing of users’ complaints/opinions.
Online market surveys and opinion polls.
Marketing or ads.
Service provision and settlement of fees.
Support for subcontractors.
[Concerning the recruitment of employees]
Screening of recruitment applications, correction of application forms, checking of results of application, contacts with applicants, checking of application requirements.
Salary payment, welfare-related matters, support provided to employees in their execution of business, and personnel management including evaluations.
Period of processing/retention of personal information
We destroy personal information upon attaining the purpose of its collection/use. However, we keep the following personal information for the period stated in the following.
[Concerning services provided by us]
Personal information items kept: name, home address, email, contact number, name of company, name of representative, type of business, bank account information, service use records, connection log, cookies, and connection IP information.
Period of retention: Until the end of the service provided, or what is separately stipulated in the law if that is the case.
Reason for retention: user identification, improvement of service quality, and provision of support for subcontractors’ business.
[Concerning recruitment and maintenance of recruitment status]
Personal information items kept: name, password, DOB, gender, resident registration number, home address, home phone number, cell phone number, interests, special skills, academic background, work experience, foreign language proficiency, military service record, family-related matters.
Period of retention: Until the end of employment or an extended period pursuant to consent by the data subjects.
Reason for retention: Salary payment, welfare-related matters, support provided to employees in their execution of business, and personnel management including evaluations.
Methods of destruction of personal information
We destroy personal information upon attaining the purpose of its collection/use, termination of the service, or end of the relevant business.
Destruction procedure
We destroy personal information and personal information files that we no longer needs according to our internal guidelines and procedure, as follows
Destruction of personal information: Upon expiry of the designated period of retention.
Destruction of personal information files: On the day the file is judged to be no longer needed as the purpose of its collection/use has been attained, or upon termination of the service, etc.
Destruction method
For personal information stored in electronic files – Destruction in a way that renders such information irretrievable.
For printouts containing personal information – Shredded or incinerated.
Provision of personal information to third parties
We do not provide any personal information to any third party without a justifiable reason, such as being required to do so by the law, or without the prior consent of the data subject, etc., unless one of the following is the case:
In cases where the data subject’s separate consent has been obtained;
In cases where a special clause is stipulated in the law;
In cases where it is judged that such provision is clearly required to protect the life or property of the data subject or the third party, and where the data subject or his legal agent is unable to express his opinion or it is impossible to obtain his/her consent due to the lack of an address etc.
In cases where personal information is provided in such a way that specific individuals cannot be identified for the purpose of drawing up statistics or for academic research.
Currently, we provide personal information to third parties as follows:
Parties to which we provide personal information: Multicampus, Korea TOEIC Committee, Korea Chamber of Commerce and Industry.
Personal information items provided: name, DOB, cell phone number.
Purpose of use of personal information: Verification of qualifications for recruitment.
Period of retention/use of personal information provided: Until attainment of the purpose of collection/use.
Parties to which we provide personal information: Ministry of Defense/local offices of the Military Manpower Administration, district offices/community service centers.
Personal information items provided: name, resident registration number, cell phone number, military serial number.
Purpose of use of personal information: Conduct of business related to the Homeland Reserve Forces, such as the organization, mobilization, training or demobilization of HR Forces.
Period of retention/use of personal information provided: Until the end of the employment.
Parties to which we provide personal information: Doosan Corporation.
Personal information items provided: name, photo, password, home address, home phone number, cell phone number, email, academic background, military service record, foreign language proficiency, computer skill, qualifications, familial relations, work experience, social experience, prizes received, experience accumulated overseas, research experience.
Purpose of use of personal information: Management/development of human resources.
Period of retention/use of personal information provided: Until the end of employment.
Entrustment of personal information processing
We do not entrust the processing of personal information to a third party without obtaining the prior consent of the data subject. We entrust personal information as follows and ensure that all entrustment contracts include a clause on the safe management of the information under the law.
Trustee: Hyundai C&R
Content of entrustment: Matters pertaining to salary management, welfare, and general affairs (e.g. management of company vehicles/cell phones, mutual aid, etc.).
Content of entrustment: Matters pertaining to Internet-based lectures for employees, etc.
Trustee: Doosan Digital Innovation
Content of entrustment: Operation and management of the personnel information processing system.
Trustee: International SOS Korea
Content of entrustment: Operation of a positioning system in linkage with employees undertaking overseas business trips.
Trustee: S1
Content of entrustment: Photo-taking; issuance of employee passes.
Trustee : KUMA DATA TECH
Content of entrustment: Issuance of employee IDs.
Trustee : Photomind
Content of entrustment: Taking photos of employees.
Trustee : Oracle Corporation
Content of entrustment: Retention/management of personal information.
Trustee : Salesforce.com Singapore Pte Ltd
Content of entrustment: Retention/management of personal information.
Trustee : Hyundai Genuine
Content of entrustment: Execution of HDI various educational services, provide integrated training service among affilates. Matters pertaining to business support for trading partners, operation and management of the Supplier Portal.
Data subjects’ rights and obligations and how to exercise them
Data subjects may ask us to allow them to access, correct or delete their personal information or request that we cease our handling and processing thereof. However, we may reject or restrict such request in any of the following cases.
Where there is a special clause in the law; in cases where we are required to fulfill our legal obligation.
In cases where it is feared that compliance with such request will cause harm to a person’s life or health or unjustly infringe on a person’s interests, including their property.
In cases where failure not to handle personal information makes it impossible to execute a contract, including the provision of a service stipulated in a contract to a data subject, and where the data subject has failed to clearly express his/her intention to terminate the contract.
Methods and procedure of exercising rights
Data subjects who wish to access their personal information kept by us may submit a request for access to, correction/deletion of, or cessation of our handling of their information to our department in charge of personal information in writing by email or fax, etc. (For information on the department, refer to 08. Service for handling petitions about personal information hereto.)
With regard to the submittal of such request, we will comply with it within 10 days unless there is a justifiable reason for not doing so, or inform the data subject of the reason for our restriction/refusal within 5 days and how the data subject may file an appeal for our reconsideration of the matter.
Where data subjects or their agents request access to the personal information kept by us, we may check their identity by asking for their ID (e.g. resident registration card) or certified electronic signature, etc.
We have appointed a department and a Personal Information Manager as following to handle all business concerning the protection of users’ personal information and associated complaints.
Personal Information Infringement Report Center (http://www.privacy.go.kr Telephone number: 118)
Information Protection Mark Certification Committee (http://www.eprivacy.or.kr Telephone number: 02-580-0533~4)
Internet Crime Investigation Center of the Supreme Prosecutors' Office (http://www.spo.go.kr Telephone number: 02-3480-3600)
National Police Agency Cyber Terror Response Center (http://www.ctrc.go.kr Telephone number: 02-392-0330)
Installation/operation of devices for automatic collection of personal information and customers’ refusal thereof
We use “cookies” to store users’ information and fetch it from time to time. Cookies are very small text files stored in your computer hard disk. They are sent by the server used to operate our website to users’ browser. We use cookies for the following purpose.
Purpose of use of cookies
Cookies are used to analyze the frequency of users’ connection to a website or the time of day of their visits, to determine users’ tastes/interests, to check the level of their participation in special events, etc., which are necessary for our targeted marketing and the provision of customized services to users. You have the right to accept or reject our installation of cookies in your computer hard disk by setting the option in your web browser. You may accept all cookies, check each time cookies are stored, or reject all cookies.
How to reject the installation of cookies
You may accept all cookies, check each time cookies are stored, or reject all cookies by setting the option of your web browser accordingly. How to set the option (in Internet Explore) : Go to “Tool” at the top of your web browser > Internet option > personal information. You may have difficulty in using our services if you refuse to accept cookies.
Overseas transfer of personal information
We transfer data subjects’ personal information to third parties abroad as follows in the process of handling our business through the following system. This allows us to handle the information in a server in an area outside the country in which the data subject resides.
[Access Portal]
Business to which we transfer personal information and contact point Name of business: Oracle Corporation Contact point: https://www.oracle.com/corporate/contact/ (Telephone number: +1.650.506.7000)
Country where the transferee is located, date, method. Country where the transferee is located: Ashburn, Virginia, U.S.A. Date and method: Transmission via the network with the request for issuance of an account through the Access Portal.
Personal information items transferred User’s name, User ID, nationality, email, home phone number, cell phone number, position in workplace.
Purpose of personal information transfer; Period of retention/use of personal information Storage, retention, and management at an overseas data center operated by the transferee during the relevant period.
Data subjects have the right to reject the collection of their personal information, but such refusal may lead to restrictions on their use of our service.
Country where the transferee is located, date, method. Area where the transferee is located: Tokyo, Japan Date and method: Transmission via the network with the registration of customer information with the CRM system for sales opportunity management.
Personal information items transferred: Customer’s name, DOB, email, home phone number, cell phone number, business registration number, address.
Purpose of personal information transfer; Period of retention/use of personal information Storage, retention, and management at an overseas data center operated by the transferee during the relevant period.
Data subjects have the right to reject the collection of their personal information, but such refusal may lead to restrictions on their use of our service.
Steps taken to secure the safety of personal information
We take the following steps to secure safety when handling users’ personal information to prevent the loss, theft, leakage, forgery or damage thereof.
[Technical steps]
We observe the criteria stipulated in the law for the safe storage and transmission of personal information.
We use vaccine programs to protect our users’ personal information against damages caused by computer viruses.
The vaccine programs are updated periodically. We immediately use newly developed vaccine programs to prevent the personal information kept by us from being affected.
[Administrative steps]
We restrict the right to access personal information to the following employees: those responsible for sales/marketing with data subjects first hand; those responsible for the managing personal information; those responsible for handling personal information as a regular part of their duties.
We run periodic in-house education sessions concerning personal information protection for employees who are responsible for handling personal information, including the appointment of outside lecturers. We do all we can to ensure that our employees observe the laws concerning personal information protection both during their employment and after their retirement.
[Physical steps]
We take protective measures such as the use of physical locks to prevent physical access in order to keep personal information and the personal information processing system safe.
We have designated our computer rooms and rooms for storing important information as off-limits areas to ensure the protection of users’ personal information.
General Provisions
“Personal Information” refers to the personally identifiable information of a living person whose identity may be checked easily in combination with the use of other sources such as a name, national identification number and picture, even though it is rarely possible to differentiate the individual in question with only the given information.
Processed Personal Information and Purposes of Processing
Without the legitimate provisions or the consent of the informer, the Company may handle neither the sensitive information that may significantly compromise the privacy of its provider nor the unique identification information assigned to distinguish the interested-party from others.
Processed Information
[Concerning customers]
Name, home address, e-mail, company name, service record, access log, cookies and IP address information
[Concerning employment]
Name, national identity number, picture, password, home address, home telephone number, mobile phone number, e-mail, education, military service, foreign language proficiency, computer skills, qualifications, family relationships, and career
Purposes of Processing
[Concerning customers]
Settlement of the complaints on the membership and points of dissatisfaction
Online market research or survey
Marketing or advertising
Service delivery and the settlement of fees
[Concerning employment]
Test process, modification of the application form, verification of acceptance, contact for applicants, and verification of employment requirements
Personnel management, including payroll, welfare benefits, support for various tasks, and assessment
Processing and the Retention Period of Personal Information
In principle, the collected personal information will be destroyed immediately after the purpose for which it was collected has been achieved. However, the following information will be retained during the designated period for the reasons set forth below:
Retained information: name, home address, e-mail, company name
Retention period: 1 year
Reasons for retention: user inquiries / request management, user identification, etc.
Retained information: service use data, access log, cookies, IP address information
Retention period: 3 years
Reasons for retention: enhancement of service quality through analysis of service use
Retained information: name, password, date of birth, gender, national identity number, home address, home telephone number, mobile phone number, hobbies, skills, education, work experience, foreign language proficiency, military service, and family relationship
Retention period: in principle, until the expiration of employment relationship
Reasons for retention: Personnel management, including payroll, welfare benefits, support for various tasks, and assessment
However, the personal information of an applicant, who was not employed, will be discarded immediately after the completion of the employment process.
Procedures and methods for the destruction of personal information
Destruction procedures
The company destroys the personal information without delay once it has achieved the purpose of its collection or the retention period has finished, except where the retention is required pursuant to the informer’s consent, terms of use, or relevant legislation.
Methods of destruction
Personal information stored in electronic file formats shall be deleted using technical methods that prevent the recovery of its record.
Personal information printed on the paper shall be broken by the shredder, or destroyed through incineration.
Vision of personal information to a third party
The Company currently provides the following personal information
In the case of having received the special consent of the informer
If there are special provisions in other relevant laws
If it is impossible to obtain the prior consent of the informer or its legal representative due to the state in which he cannot express his or her intention or his or her unknown address, so that the stored information is deemed to be necessary evidence for an imminent benefit of life, health, property of the informer or relevant third party
In case of providing the personal information in a form to block the recognition of a particular individual as necessary for the purposes of statistics and research.
The Company currently provides the following personal information
Institutions receiving personal information: Multicampus, Korea TOEIC Committee, Chamber of Commerce, the Department of Defense and Regional Military Manpower Administration, District Office/Dong Residents’ Center
Offered personal information: name, national identity number, phone number, military serial number
Purpose: verification of qualification
Retention and use period: immediately destroyed
Institution receiving personal information: Doosan Corporation
Offered personal information: name, national identity number, picture, password, home address, home telephone number, mobile phone number, e- mail, education, military service, foreign language proficiency, computer skills, qualifications, family relationship, career, social experience, awards, international experience and research experience
Purpose: integrated management and development of human resources
Retention and use period: until the expiration of employment relationship
Outsourcing of personal information processing
The Company does not entrust the personal information processing to an outside agency without the prior consent of the relevant informer. For the outsourcing of personal information processing, the Company has in place the following instructions to safely manage the personal information when it concludes an outsourcing agreement in accordance with the relevant legislation.
Trustee company : Doosan Corporation
Outsourced service : Payroll, benefits and others
Trustee company : Multicampus, Korea Academy, Alpaco, Spicus, Pickupphone, eCampus, KT Innoedu
Outsourced service : Online courses for the staff
Trustee company : Doosan Information Communication BU Inc.
Outsourced service : Operation of the employment system
Rights and Obligations of Informers and Methods to Exercise the Rights
Every informer may demand the access, correction, omission and suspension of his or her personal information that the Company treats. However, the Company may refuse or limit the aforementioned demand under the following conditions.
If there is a special legal provision or it is unavoidable to comply with statutory obligations
If there is a concern to harm the lives or bodies of others, or to damage improperly the property and other interests of other people
If it is difficult to fulfill the contract, including agreed services, without processing the personal information, meanwhile the informer does not reveal clearly the intention to terminate the contract.
Methods and Procedures to Exercise Rights
The informer who wants to read his or her personal information may submit the Request of Reading, Correction, Deletion and Suspension in writing, e-mail, fax, etc., to the department in charge (For this, see the section “09. Complaint Resolution Service for Personal Information“).
The Company takes action to respond to the demand within 10 days unless there is a justifiable reason, and communicates the reasons, if any, for such denial or restriction within five days, as well as the methods to appeal against this refusal or restriction.
The Company may verify the identity of the informer or, his or her representative that demands the reading, etc., of the personal information, checking his o her identity cards such as national identity card, one of certified electronic signatures or other equivalents.
Technical, Administrative, and Physical Protection Measures for Personal Information
The Company takes the following safety measures to prevent personal information from being lost, stolen, leaked, altered, or damaged.
<Technical actions>
The Company complies with the required legal standards for the secure storage and transmission of the personal information.
Using anti-virus software, the company takes steps to prevent the damage caused by computer viruses. The anti-virus program is updated periodically, and protects against the violation of privacy in case of a sudden outbreak of a new virus, providing its new version as soon as possible.
Against external attacks such as hacking, the Company does everything for the security, utilizing an intrusion detection system and a vulnerability assessment system for each server.
<Physical actions>
For the secure storage of the personal information and its handling system, the facilities are equipped with protection measures to prevent a physical access, including physical locking devices.
The computer room and data storage room, designated as special security areas, are under strict access control.
Complaint Resolution Service for Personal Information
The Company designates and operates the following division and officer in charge to protect the personal information and respond to the complaints regarding the sector.
Government Protection Mark Authentication Commission (http://www.eprivacy.or.kr – Phone: 82 2 580 0533~4)
Internet Criminal Investigation Center, Supreme Prosecutor’s Office (http://www.spo.go.kr – Phone: 82 2 3480 3600)
Cyber Terror Response Center, National Police Agency (http://www.ctrc.go.kr – Phone: 82 2 392 0330)
Notification
Additions, deletions and modifications of the current Personal Information Processing Policy will be notified through the website’s notice at least 10 days prior to the revision.
Announcement date: Sept. 30, 2011
Effective Date: Sept. 30, 2011
Basis and Purposes of the Installation of Visual Information Processing Equipment
The Visual Information Processing Equipment Management Policy (“the Policy”) has its purpose to promote the proper execution of work and contribute to the assurance of interests of the informers, establishing the provisions with which Doosan Infracore (‘the Company) shall comply regarding the installation and operation of visual information processing equipment and the protection of personal video information, in accordance with Article 25 of the Personal Information Protection Act.
Principles of the Protection of Personal Visual Information
The Company collects personal visual information within the scope of minimum necessity to meet the purpose of installing visual information processing equipment, so that this intention will be recognized clearly by the informers, and does not use the data for purposes other than this. The Company commits to correctly managing the personal visual information safely, ensuring its accuracy and latest update, disclosing general details on the processing of personal visual information and guaranteeing the rights of any relevant informers.
Designation of the Administrator
The officer, division and personnel responsible for the safe management of the personal visual information are as follows:
Officer: General Affairs Team Manager
Division: General Affairs Team, Finance & Administration Division
Operator in charge: Operator responsible for installation and operation of visual information processing equipment, Emergency Planning Team, Div. of Administrative Support
Installation of Visual Information Processing Equipment
The number, locations, and shooting ranges of the installed visual information processing equipment are shown below.
Number of visual information processing equipment: A total 82 units (71 of fixed types, 11 of rotary types)
Locations of visual information processing equipment: Entrance and aisle of each floor, elevator hall and elevator interior, vehicles entering and exiting from parking facilities and outside square
Shooting range of video information processing equipment: Entrances, walkways, elevator hall and elevator interior
Installation of signs
The Company takes the necessary measures so that the installation and operation of visual information processing equipment can be easily recognized, including installation of information signs that state the following points.
Purpose and place of the installation, shooting range and time, and the administrator’s name, job title and contact details
In case of the outsourcing of the installation and management, the trustee’s name and contact details
Location and size of the sign attached are as follows
Place: Entrance to the building
Size: 40 ⅹ 30cm (However, it can be changed according to the condition of the installed location)
Viewing Request of the Informer
The informer may request the viewing and verification (“the view”) of his or her own personal visual information that the Company handles.
When the Company receives the request for the view, it shall take necessary measures without delay, and may verify the identity of the requestor, or his or her legitimate representative with the submission of documents which can prove the informer’s identity, such as a national identity card, driver’s license or passport.
The Company may refuse the informer’s request for the view, notifying within 10 days the denial reasons and appeal procedures in writing to him or her in the following cases
If the corresponding personal visual information is destroyed, due to the storage period termination
If there are legitimate reasons to reject the informer’s view request
Recording Time of Visual Information Processing Equipment
Recording and storage times and storage areas are as follows.
Recording time: 24 hours
Storage time: 30 days to 3 months, depending on the shooting area
Storage areas: General Control Center
Visual Information Management
Using the personal visual information for any purpose other than the collection or providing it to third parties with informer’s consent or by the provisions of the law requires the following points on the “Personal Visual Information Management Record” to be inscribed.
Name of personal visual information file
Name of the person who will use or receive the information
Purpose of the use or offer
Statutory grounds of the use or offer, if any
Period of the use or offer, if any
Form of the use or offer
In the case of the destruction of the personal visual information, it is required to note down the following points on the “Personal Visual Information Management Record”
Personal visual information item to be destroyed
Date of the destruction of personal visual information (in case of a pre-set period for automatic destruction, its destruction cycle, etc.)
Personnel in charge of the destruction of personal visual information
Storage and Destruction
The Company destroys the collected personal visual information without delay, when the storage period expires, set forth in the Policy. However, this does not apply if there are special provisions in other relevant laws.
For the output (pictures, for example) containing the personal visual information, shredding or incineration
For personal visual information in the form of electromagnetic video files, permanent deletion that incapacitates their restoration by technical means
Administrative, Technical and Physical Measures
The Company administers minimum personnel to access to the personal visual information processed by the equipment, including the administrator and responsible operator in charge.
The zones where the personal visual information transmitted by the processing equipment is viewed and played are designated as restricted access areas to control the entrance of the people other than the authorized to access.
The Company modifies or disqualifies without delay the permission rights of those who change their positions due to retirement and transfer.
The company takes necessary measures to ensure the security of the personal information or video files processed or transmitted, in order to prevent them from being lost, stolen, leaked, damaged or altered, including password setting.
The Company checks regularly the functions of the visual information processing equipment to block an alteration or falsification of the data.
Outsourcing of the Installation and Management of Visual Information Processing Equipment
The Company outsources the management of personal visual information to the following trustee and is responsible for overseeing the processing of the information.
Trustee: DFMS Inc.
Outsourced service: installation and operation of visual information processing equipment
Announcement Date: September 30, 2011 Effective Date: September 30, 2011