Samsung C&T Corporation (hereinafter referred to as “Company”) establishes and discloses the Personal Information Management Policy(also referred to as “Privacy Policy”) as below to protect the personal information of data subjects and resolve any relevant inquiries or complaints in a swift and smooth manner pursuant to Article 30 of the Personal Information Protection Act.(Revision date : June 20, 2022)
Article 1. Purposes of Processing of Personal Information
The Company collects and processes minimal information for the following purposes. The personal information that is processed is only used for purposes that are specified below, and the Company is to take necessary measures if the purposes of use are revised, such as obtaining additional consent as per Article 18 of the Personal Information Protection Act.
①Processing of customer inquiries : Personal information is processed to identify the inquiring customer, check the information in the inquiry, contact/notify the customer for fact finding, notify the customer of the result, etc.
②Handling a report on violation of a law : Personal information is processed to handle a complaint about violation of a law and notify the complainant of the result.
Article 2. Processing of Personal Information and Period of Retention
①The Company processes and retains personal information for the period of retention/use of personal information as specified in the Company’s policy or agreed upon by the data subjects when collecting the personal information.
②The periods of processing and retention for each purpose are as below.
1.Customer inquiry: retained until one (1) year after the customer inquiry is processed or immediately upon the customer’s request
2.Report on violation of a law: retained until one (1) year after the complaint about violation of a law has been handled or immediately upon the customer’s request
3.For the period of time specified below for the following purpose
1)Retention of the communication confirmation data pursuant to the Protection of Communications Secrets Act
– Computer communications, Internet log records and data on tracing a location of connectors: three (3) months
Article 3. Provision of Personal Information to Third Party
The Company processes the personal information of data subjects only for the purposes stipulated in Article 1 (Purposes of Processing of Personal Information), and provides personal information to a third party only when applicable to Article 17 and 18 of the Personal Information Protection Act, such as where the consent is obtained from the data subjects, where special provisions exist, etc.
Article 4. Outsourcing and Overseas Transfer of Personal Information Processing
①The Company outsources the processing of personal information as below for smooth job performance.
Outsourced company | Outsourced task |
|---|---|
Does Interactive | Website maintenance and management |
Samsung SDS | Database maintenance and management |
Google LLC | Website user activity analysis |
②Pursuant to Article 26 of the Personal Information Protection Act, the Company states the following responsibilities in documents, such as contracts, and monitors if the outsourced company processes personal information in a safe manner: prevention of personal information processing for other purposes than the outsourced purpose; technical and managerial safeguards; limitation to secondary outsourcing; management and supervision for the outsourced company; compensation of damage, etc.
③To provide the website’s services and enhance user convenience, some personal information may be transferred to and retained by an overseas company.
- • Company name/contact information: Google LLC(https://analytics.google.com/)
– Country: United States of America
– Timing and method of transfer: Transmitted via electronic network upon visitors’ use of the website’s services
– Information transferred: Cookies, device/browser-related data, IP address, site/app activity information (personally identifiable information not included)
– Purpose, period of retention/use: Collected information is used to generate statistics on user interactions within the website (IP addresses are transferred in secure manner, and used to identify country of access). Such user/event information is retained for 38 months
④Changes in the outsourced task or outsourced company will be immediately disclosed through the Personal Protection Management Policy.
Article 5. Rights and Obligations of Data Subjects and Legal Representatives and Exercising thereof
①Data subjects may exercise their rights, such as access to, revision or deletion of personal information and request for suspension of processing, against the Company at any time.
②Data subjects may exercise their rights stipulated in Paragraph 1 by submitting a writing, e-mail, etc. to the Company pursuant to Article 41-1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action immediately.
③The rights stipulated in Paragraph 1 may also be exercised by the legal representatives of data subjects, those delegated by the data subjects, or other representatives. In such case, a power of attorney shall be submitted in the form of Attachment No. 11 of the Public Notice on Processing of Personal Information (No. 2020-7).
④The rights of data subjects to have access to the personal information or request the suspension of processing may be restricted pursuant to Article 35-4 and Article 37-2 of the Personal Information Protection Act.
⑤As for the edit or deletion of personal information, deletion cannot be performed if the piece of personal information is stated as an item to be collected in other laws.
⑥In case of a request to have access to, edit, delete, or suspend the processing of personal information based on the rights of data subjects, the Company identifies if the requester is a data subject or a legitimate representative.
Article 6. Processed Personal Information and Processing Method
The Company processes the following personal information..
1.Processed personal information
Category | Required information | Optional |
|---|---|---|
Processing of customer inquiries | E-mail | N/A |
Handling reports on violation of a law | N/A | Name, e-mail and contact number |
Information that is generated and collected while using the service | IP address, cookies, service use log | |
2.Method of collecting personal information
– Accessing and using the website via news.samsungcnt.com
Article 7. Destruction of Personal Information
①The Company destroys personal information without delay when the personal information becomes unnecessary owing to the expiry of the retention period, attainment of the purpose of processing, etc.
②The procedure and method of destroying personal information are as below.
1.Procedure for destroying : Personal information that has become unnecessary is sorted, and the personal information is destroyed under the responsibility of the personal information protection manager as per the procedure in the internal policy.
2.Method of destroying : The Company destroys electronically recorded or retained personal information in a way that the information is irretrievable. In case the personal information is recorded and retained as a paper document, the Company destroys the document by shredding it with a shredder or burning it.
Article 8.Measures to Ensure Safety of Personal Information
The Company takes the following measures to ensure the safety of personal information.
1.Managerial measures : establishment and implementation of internal management plans, regular employee training, etc.
2.Technical measures : control on the access to the personal information processing system, etc., installation of an access prohibition system, encryption of personally identifiable information and installation of antivirus software
3.Physical measures : prohibition on the access to the computer room, data storage room, etc.
Article 9. Installation and Operation of Automatic Personal Information Collection Tool and Rejection thereof
①The Company uses cookies that store and constantly bring usage information to provide tailored services to the users.
②Cookies are small text files that are sent from the server (http) used in operating the website to the users’ browsers, and can be stored on the hard disk drive of the users’ computers.
③The Company utilizes Google Analytics, a service provided by Google LLC (“Google”), to analyze visitors’ use of the website.
Information generated via Google Analytics is subject to the privacy policy of Google, and is transferred to and retained in Google’s servers located in the US. Google, on behalf of the Company, processes the information to evaluate user activity within the website.
It generates reports on such activity and provides other services in relation to use of the Internet.
While users may reject the collection of cookies for the aforementioned purpose by changing their browser settings, in such a case, they may not be able to fully utilize the functions provided by the website.
Users may opt-out of having information on their site activity (such as IP addresses) collected and processed by installing the following browser add-on from tools.google.com/dlpage/gaoptout.
For more information on Google’s privacy policy, please visit www.google.com/analytics/learn/privacy.html.1.The purpose of using cookies is to provide optimized information to users by identifying patterns in relation to their use of the website and its services, use of secure connections, etc.
2.Users may reject enabling cookies by clicking on Tools > Internet Option > Privacy Option, located on the top of the browser.
3.Users who reject enabling cookies may have difficulties using tailored services.
Article 10. Personal Information Protection Manager
①The Company has a designated personal information protection manager as below to undertake tasks related to processing personal information, address complaints related to personal information of data subjects, provide damage remedies, etc.
- · Personal information protection manager
– Name: Cheol Ung Lee, Executive VP
– Position: Head of HR Team (CPO)
– Contact: 02-3458-3070
-E-mail : cnt.security@samsung.com
- · Personal information protection department (customer inquiries)
– Department name: Communication T/F, Corporate Strategy Office
– Responsible person: Joosik Kim, Professional
– Contact number: 02-3458-3082
– E-mail : scntwebmaster@samsung.com
- · Personal information protection department (compliance hotline)
– Department name: Compliance Team
– Responsible person: Geum Chae Lee, Professional
– Contact number : 02-3669-0007
– E-mail : compliance.h@samsung.com <compliance.h@samsung.com>;</compliance.h@samsung.com>
②Data subjects may ask any question regarding the protection of personal information or inquire about complaint handling, damage remedies, etc. that have occurred while using the Company’s services (or businesses) to the personal information protection manager or the personal information protection departments. The Company will respond and handle the inquiries of data subjects without delay.
Article 11. Request for Access to Personal Information
Pursuant to Article 35 of the Personal Information Protection Act, data subjects may request to have an access to personal information to the appropriate designated department depending on the category of the inquiry as stated in Article 10. The Company will put in every effort to swiftly respond to the request for an access to personal information.
Article 12. Remedial Procedure for Infringement of Rights
Data subjects may inquire the following institutions about damage remedies, consultation, etc. for the breach of personal information. Data subjects may contact the institutions below, which are separate from the Company, if they are not satisfied with the result of the Company’s processing of complaints regarding personal information or damage remedies, or need further support.
- · Personal information infringement call center (operated by the Korea Internet & Security Agency)
– Contact for: report on the breach of personal information and request for consultation
– Website: privacy.kisa.or.kr
– Contact number: 118
– Address: (58324) 3F, 9 Jinheung-gil, Naju-si, Jeollanam-do
- ·Personal Information Dispute Mediation Committee
– Contact for: application for dispute mediation and collective dispute mediation (civil mediation)
– Website: www.kopico.go.kr
– Contact number: 1833-6972
– Address: (03171) 12F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul
- ·Cybercrime investigation department of the Supreme Prosecutors’ Office
02-3480-3573 (www.spo.go.kr)
- ·Cyber safety department of the Korean National Police Agency
182 (https://cyberbureau.police.go.kr)
Article 13. Revision of Personal Information Management Policy
This revision of the Personal Information Management Policy takes effect starting June 20, 2022