본문 바로가기

Personal Data Processing Policy Legal Disclaimer

  • Purpose of Collection and Use of Personal Data

    The Company collects personal data to the minimum extent necessary for the following non-exhaustive list of purposes:

    1. -Responding to client inquiries and provide general information
    2. -Accepting job applications, screening job applicants, verifying qualifications, aptitude tests, health examinations, etc.;
    3. -Managing our relationship with clients and investors;
    4. -Providing education and training services;
    5. - Providing education and training services;
    6. - Developing our businesses and services;
    7. - Recruiting appropriate personnel;
    8. - Promoting our goods and services;
    9. - Maintaining our own accounts and records;
    10. - Tax management and other tax-related purposes;
    11. - Maintaining and using IT systems;
    12. - Hosting or facilitating the hosting of events; and
    13. - Administering and managing our website and systems and applications
  • Personal Data Items Collected

    The Company collects the following non-exhaustive categories of personal data:

    1. News Letter
    Full name, email, classification, country
    2. Client inquiries
    Full name, contact information, affiliation, position, email, PIN number (for confirming and correcting the personal data provided by clients), inquiries and attachments
    3. Recruitment
    Full name, date of birth, picture, email, contact information (phone number, mobile), address, military information, academic information, qualification information, veterans records, work experience, award winning experience, major courses taken, language training/internship experience, language abilities, club activities, volunteering experience Sensitive information: Disability type and disability class
    4. Local Recruitment
    Position applied for, desired location, picture, full name (Korean/ English), date of birth, sex, phone number, mobile phone number, email address, current address, physical information, hobby, specialty, physical challenge, military or veteran experience, academic/qualification information and work experience.
    5. Technology Fair
    Full name, contact information, affiliation, position, email, PIN number (for confirming and correcting the personal data provided by clients)

    ※ Our English website only collects personal data items in connection with the News Letter.
  • Period of Retention and Use of Personal Data

    The Company will not keep your personal data for longer than is necessary after the purpose of personal data collection has been achieved, unless it believes that the law or other regulation requires it to keep it or if it requires it to enforce its agreements. In general, the Company will retain your personal data for as long as it provides services to you and, following that period, it will only retain your personal data for as long as is reasonably necessary in the circumstances. Exceptionally, the following information shall be retained for the specified periods:

    1. 1. News Letter
      1. - Information to be retained: Client identification
      2. - Retention period: until requesting cancellation of newsletter
        (to be destroyed within 5 business days after requesting cancellation)
      3. - Reason for retention: Client information collected in order to send newsletter to clients who subscribe a newsletter
    2. 2. Client inquiries
      1. - Information to be retained: Client information collected in order to reply to clients' inquiries or to provide general information
      2. - Retention period: 3 years
      3. - Reason for retention: Client identification, prevention of wrongful and unauthorised access by dysfunctional customers, record retention for dispute mediation, customer service such as dealing with complaints, forwarding announcements and confirming deletion of previously written posts
    3. 3. Recruitment
      1. - Information to be retained: Information collected from applicants participating in contests
      2. - Retention period: 3 years
      3. - Reason for retention: To provide special benefits (extra points in case of vendor registration or job application) for technology fair winners.
    4. 4. Technology Fair
      1. - Information to be retained: Information collected from applicants participating in contests
      2. - Retention period: 3 years
      3. - Reason for retention: To provide special benefits (extra points in case of vendor registration or job application) for technology fair winners.
    5. Our English website only collects personal data items in connection with the News Letter, subject to the retention period mentioned above.

    6. Please note that the following information needs to be retained for the required period pursuant to applicable laws:
      1. - Information contained in commercial ledgers and essential documents relating to sales: 10 years (Commercial Act)
      2. - Information relating to business transactions and supporting documents: 5 years (the Framework Act on National Taxes and the Corporate Tax Act)
      3. - Records relating to marks/advertisements: 6 months (the Act on the Consumer Protection in Electronic Commerce, Etc.)
      4. - Records relating to contracts or order cancellation: 5 years (the Act on the Consumer Protection in Electronic Commerce, Etc.)
      5. - Records relating to payments and provision of goods: 5 years (the Act on the Consumer Protection in Electronic Commerce, Etc.)
      6. - Records relating to consumer complaints or dispute resolutions: 3 years (the Act on the Consumer Protection in Electronic Commerce, Etc.)
      7. - All other cases in which users individually consented: for the consented period
    7. Whilst the Company will endeavour to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within the Company's systems, for example if it is waiting to be overwritten. For the Company's purposes, this data has been put beyond use, meaning that while it still exists in the electronic ether, the Company's employees will not have any access to it or use it again.
  • Procedures and Methods of Personal Data Destruction
    1. In principle, the Company destroys all applicable information without delay after the purpose of personal data collection has been achieved. The destruction procedures and methods are as follows:
    - Destruction procedure
    Depending on the retention period of the respective purposes to collect information, destruction of personal data will be commissioned to an outsourcing company.
    - Destruction method
    Personal data printed on paper: To be shredded with a paper shredder or burnt. Personal data stored in an electronic file format: To be deleted by a technological method by which no records can be recovered.
  • Provision of Personal Data
    1. In principle, the Company does not provide any personal data to third parties, subject to the limited exceptions listed below.
    Exceptions are that the Company may share your personal data with the following categories of recipients:
    - Related entities: Your personal data may be disclosed to other members of the Company's group.
    - Service providers: The Company may disclose your personal data to third party service providers (including IT service providers) who require access to such information for the purpose of providing specific services to the Company. These third parties will generally only be able to access your data in order to provide the Company with their services and will not be able to use it for their own purposes.
    - Regulatory bodies: The Company may disclose your personal data: (i) to regulators and law enforcement agencies (including those responsible for enforcing anti-money laundering legislations); (ii) in response to an enquiry from a government agency; (iii) to data protection regulatory authorities); and (iv) to any other regulatory authorities with jurisdiction over our activities
    -Professional advisors and auditors: The Company may disclose your personal data to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to the Company.
    - Replacement providers: In the event that the Company sells or buys any business assets, it may disclose your personal data to the prospective seller or buyer of such business or assets. If the Company or substantially all of its assets are acquired by a third party, personal data held by it will be one of the transferred assets.
  • Personal Data Processed by Specific Third Parties
    1. In particular, the personal data collected by the Company is outsourced to the third parties below:
    - Vendor: Hyundai AutoEver Corp.
    - Commissioned operation: Server and system management
    - Vendor: Hankook Corporation Co., Ltd.
    - Commissioned operation: Customer service operation and dealing with complaints
    - Should any of the above vendors be replaced, the name of the new vendor shall be posted.
  • International Transfers of Personal Data (EEU)

    The Company principally collects and stores your personal data within its head office, branch offices, site offices and other offices. The Company does not normally transfer any personal data from within the EEA to third countries located outside the EEA. However, in some limited circumstances, the sharing of personal information with third parties or other group companies may involve the storage or processing of personal information outside the EEA. We will take appropriate reasonable steps to ensure that any international transfer of personal data is carried out in accordance with applicable privacy laws. The protection of such personal data will be subject to the legal requirements of the jurisdictions where the information is transferred, including lawful requirements to disclose information to government authorities in those countries.

  • Rights of Users and Their Legal Representatives and How to Execute

    Applicable privacy laws in the European Union grant you the following rights in relation to your personal information:

    1. -you can object to us processing your personal information in certain circumstances
    2. -you can withdraw consent at any time;
    3. -you can ask what information we hold about you and be provided with a copy;
    4. -you can ask us to send you, or another organisation, certain types of information about you in a format that can be read by computer;
    5. -you may in some cases restrict our use of information about you (for example, if you tell us that the information is inaccurate we can only use it for limited purposes while we check its accuracy); if information is incorrect you can ask us to correct it;
    6. -you may have the right to ask us to assist you in transferring your personal data to a third party; and
    7. -you can complain to your local regulatory authority. The privacy regulatory authorities for each EU Member State are listed (along with contact details) on the following website:
      http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
  • Matters Regarding Installation and Operation of Automatic Personal Data Collection Tools and Refusal Thereof

    The Company does not use any tools to collect personal data, such as cookies, which are automatically generated when users use internet services.

  • Technical, Administrative and Physical Measures Regarding Personal Data

    The Company takes all reasonable technical, administrative and physical measures necessary to secure your personal data from misuse, interference and loss, and unauthorised access, modification or disclosure, including as follows:

    1. Establishment and enforcement of internal management plans
    The internal management plans of the Company are carried out in compliance with the guidelines on internal management provided by the Ministry of Public Administration and Security in the Republic of Korea.
    2. Minimized Number of Personal Data Processing Personnel and Training
    The number of personnel dealing with personal data will be kept to a minimum level and the Company is carrying out measures to provide training for personal data protection and to manage personal data.
    3. Limited access to personal data
    Necessary measures are in place to limit and control access to personal data by authorizing, modifying and terminating the access to the personal data processing system. The Company also controls unauthorized access from outside by using an Intrusion Prevention System.
    4. Local Recruitment
    Position applied for, desired location, picture, full name (Korean/ English), date of birth, sex, phone number, mobile phone number, email address, current address, physical information, hobby, specialty, physical challenge, military or veteran experience, academic/qualification information and work experience.
    5. Retention of access log and prevention of forgery and modification
    Pursuant to Article 29 (Duty of Safeguards) of the Personal Information Protection Act of the Republic of Korea, the standard guideline and Clause 1 of Notification No. 8 'Retention of Access Log and Prevention of Forgery and Modification', all logs accessing the personal data processing system (web log, summary information, etc.) are retained and managed for 6 months or longer. Security features are applied to prevent access logs from being modified, forged, stolen or lost.
    6. Encrypted personal data
    Personal data of data subjects are encrypted for storage and management. In addition, additional security features are applied so that important data are encrypted before use when being stored or transmitted.
    7. Technical countermeasures for protection against hacking
    The Company installs, regularly updates and inspects security programs in order to prevent personal data from being leaked or damaged, which can be caused by hacking or computer viruses. A system has been installed in an area inaccessible from outside and the Company is technically and physically monitoring and blocking access. Also, the Company monitors attempts to illegally change information as well as the network traffic.
    8. Limited access for unauthorized users
    The Company has established and currently operates access control procedures, setting a separate physical storage of the system retaining personal data. In addition, it has physical measures in place including installation of a locking device to safely store documents containing personal data

    Unfortunately, there is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk. Although the Company will do its best to protect your personal data, it cannot guarantee the security of your data transmitted over the internet and the Company does not warrant the security of any information, including personal data, which you transmit to it over the internet.

  • Customer Service Regarding Personal Data

    In order to get in touch with the Company about the personal data it holds about you or make any complaints relating to personal data, the following departments and personal data protection personnel can be contacted:

    Privacy Officer in charge of personal data protection:
    Kim, Ki Hong / Vice President
    Management & Administration Division
    Phone Number: 1577-7755
    privacy@hdec.co.kr
    Department for personal data protection related service:
    Kim, Su Jung / Senior Manager
    Public Relations Group
    Phone Number: 02-746-3422
    ksj12@hdec.co.kr

    You may report any matters relating to personal data protection arising out of using the Company's services to the Privacy officer or the relevant department. The Company will seek to respond to the complaints brought by users without undue delay, and in any event within one month (subject to any extensions to which it is lawfully entitled), and sufficiently. Please note that the Company may keep a record of your communications to help resolve any issues which you raise. Please contact the institutions below if you have further inquiries or wish to report other infringement of personal data.

    1. 1. Personal Dispute Mediation Committee http://www.1336.or.kr TEL : 1336
    2. 2. E-Privacy i-Safe Committee http://www.eprivacy.or.kr TEL : 02-580-0533~4
    3. 3. Cyber Crime Investigation Division of the Supreme Prosecutors' Office http://www.spo.go.kr TEL : 02-3480-2000
    4. 4. Cyber Terror Response Centre of the National Police Agencyhttp://www.ctrc.go.kr TEL : 02-392-0330
  • Matters Relating to Changes in Personal Data Processing Policy

    This personal data processing policy was last updated on 19 June 2019. In case of further additions, deletions or amendments in accordance with establishment/amendment of applicable laws, changes in government policies, the Company will post reasons for changes and its details on the website at least 7 days prior to the amendment.

  • Legal Conditions for using your Personal Data

    Under applicable Europe data protection law, there are a number of different ways that the Company is lawfully able to process your personal data. These have been set out below.

    1. Where using your data is in the Company's legitimate interests
    The Company is allowed to use your personal data where it is in its interests to do so, and those interests aren't outweighed by any potential prejudice to you. The Company believes that its use of your personal data is within a number of its legitimate interests, including but not limited to:
    1. -to help the Company satisfy its legal obligations (for example, in relation to prevention of money laundering and anti-terrorism);
    2. -to help the Company understand its customers better and provide better, more relevant services to them;
    3. -to enable the Company to recruit and retain appropriate personnel; and
    4. -to help the Company keep its systems and physical premises secure and prevent unauthorized access or cyber-attacks.
    The Company believes that none of the activities set out in this privacy policy will prejudice you in any way.
    2. Where you give the Company your consent to use your personal data
    The Company is allowed to use your data where you have specifically consented. In order for your consent to be valid:
    1. -it has to be given freely, without the Company putting you under any type of pressure;
    2. -you have to know what you are consenting to – so the Company will make sure it gives you enough information;
    3. -you should only be asked to consent to one thing at a time – the Company will therefore avoid "bundling" consents together so that you don't know exactly what you're agreeing to; and
    4. -you need to take positive and affirmative action in giving the Company your consent – it is likely that you will be provides with a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
    As part of the Company's relationship with you, it may ask you for specific consents to allow it to use your data in certain ways. If the Company requires your consent, it will provide you with sufficient information so that you can decide whether or not you wish to consent. You have the right to withdraw your consent at any time.
    3. Where using your personal data is necessary for the Company to carry out its obligations under its contract with you
    The Company is allowed to use your personal data when it is necessary to do so for the performance of its contract with you. For example, it needs to collect your contact details in order to be able to provide you with any newsletters or updates you might request.
    4. Where processing is necessary for the Company to carry out its legal obligations
    As well as its obligations to you under any contract, the Company also has other legal obligations that it must comply with and it is allowed to use your personal data when required to in order to comply with those other legal obligations.
  • Operation and Management Policy for Visual Information Processing Devices

    The Company hereby informs its clients and employees of the purpose and method used for processing visual information by the Company in line with the Operation and Management Policy for Visual Information Processing Devices.

    1.Grounds and the purpose for installing visual information processing devices
    Pursuant to Article 25, Clause 1 of the Personal Information Protection Act of the Republic of Korea, the Company installs and operates visual information processing devices for the following purposes:
    1. -Facility safety and fire prevention
    2. -Safety of clients, business protection and crime prevention including theft
    3. -Preventing outsiders from unauthorized access
    2. Number of devices, location of installation and scope of videotaping
    Pursuant to the relevant laws, the Company will review validity of the following locations and install/operate after suitably determining the number of visual information processing devices.
    1. -Any location and zone which requires security for public safety and trade secret protection including entrances with incoming and outgoing personnel and vehicle traffic in the place of business, lobbies, ground/underground parking lots, etc.
    2. -Any location and zone which requires crime prevention including the outskirt fences around the place of business
    3. -Any other locations and zones in which vulnerability of security, crime prevention and safety could be a concern
    3.Personnel in charge of management and operation
    In order to protect your visual information and to deal with complaints relating to personal visual information, the below personnel has been appointed in charge of personal visual information protection.
    Classification Name of Business Purpose Personnel in charge of operation and management Remarks
    Division Contact
    HQ Gye-dong Company Bldg. Crime prevention, security purposes Security Operation Team 02-746-2545  
    Research Lab Mabuk Crime prevention, security purposes R&D Support Team 02-746-2415  
    Field/Site National Field Office Crime prevention, security purposes ※ Nationwide Field Operation Manager  

    In order to protect your visual information and to deal with complaints relating to personal visual information, the below personnel has been appointed in charge of personal visual information protection.

    4.Recording time, retention period, retention location and processing method of visual information
    The visual information collected and stored by the Company is meticulously managed by the security system with a PIN number and a locking device at a separate and controlled location with a 24-hour security guard. Furthermore, the collected and stored visual information is considered strictly confidential and it is prohibited to access, reproduce and transfer it out of the Company without authorization.
    In order to protect your visual information and to deal with complaints relating to personal visual information, the below personnel has been appointed in charge of personal visual information protection.
    Recording Time Retention Period
    24 hours 90 days from videotaping(The retention period may be shorter onsite depending on the storage capacity.)

    Processing method: All matters relating to usage other than the intended purpose of personal visual information, provision to a third party, requests for destruction, access, etc. are recorded and managed. Upon expiry of the retention period, all information will be permanently and irrevocably deleted (shredded or burned in case of printed materials).

    5.Matters relating to outsourcing installation and management of visual information processing devices
    As described below, the Company outsources installation and management of visual information processing devices in the main building and parking lots (the entire car parks including over ground and underground parking lots of main and annex buildings) except the annex of the HQ office building. In order to have personal data safely managed, required matters are regulated by the applicable laws upon entering into contracts.
    In order to protect your visual information and to deal with complaints relating to personal visual information, the below personnel has been appointed in charge of personal visual information protection.
    Consignee Personnel in charge Contact Info
    HDS Security Hyungki Moon 02-746-7243

    Processing method: All matters relating to usage other than the intended purpose of personal visual information, provision to a third party, requests for destruction, access, etc. are recorded and managed. Upon expiry of the retention period, all information will be permanently and irrevocably deleted (shredded or burned in case of printed materials).

    6.Confirmation method of personal visual information and matters relating to location
    You may contact the manager who is in charge of visual information management in advance and visit the Company to confirm the information.Location for confirmation: Administrative departments for the respective places of business (HQ, research lab and each site fields)
    7.Measures dealing with data subjects requesting the access to visual information
    You may request the manager in charge of visual information processing devices, if necessary, to view, confirm the existence of or delete the personal visual information videotaped and stored by the Company. However, this is provided only if you are videotaped or for personal visual information that is clearly necessary for imminent life and body threatening events or for property interests of the data subject.
    Upon request for access to, or confirming the existence of, or deletion of any personal visual information, the Company will take necessary measures immediately, except:
    1. -In cases where information has been deleted as the retained period of personal visual information lapsed;
    2. -In cases where invasion of privacy could be a concern for others as a result of allowing access and disclosure of visual information;
    3. -In cases where serious encumbrance is caused for crime investigation, maintenance of a public prosecution, legal proceedings, etc.;
    4. -In cases where the Company has rightful reasons to refuse the request made by the data subject to access and confirm visual information.
    8.Measures to secure safety of visual information
    The Company safely manages processed visual information via security measures which include encryption. In addition, the Company grants discriminatory access to personal data as an administrative measure to protect personal visual information, and data such as date and time of personal visual information, purpose of access, visitors, access date and time, etc. is logged and managed to prevent any forgery or falsification. Moreover, a locking device has been installed to safely and physically store personal visual information.