1. Personal Information Collection
- A. Type of Personal Information to Collect
-
1) The company may collect the following personal information in order to process your requests and consult on ethical issues in accordance with Privacy Policy and relative business ethics Policy HHI and its affiliates may share this personal information with each other
-
① Required Items
- Name, Telephone or Mobile Phone Number, E-Mail Address
-
② Optional Items
-
2) HHI may gather some information automatically through visiting our websites or processing other business purpose. The details are as follows
- ① IP address, date and time of visit, service use records, or any relative records, etc.
- B. How to collect personal information
-
HHI may collect personal information through following methods.
- 1) Website and E-mail
- 2) Telephone or Mobile Phone Number and Fax
- 3) Post and Visit
When you visit our websites or connect to our services, contact us, we may collect a variety of information including your name and other personal information.
2. Purpose of Processing Personal Information
We process personal information for the following purposes. Personal information will not be used for any other purposes. If the purpose of use is changed, we will take all necessary actions required by law including seeking new consent from you.
- A. How we handle your requests
- We process personal information for the purpose of Identification of requests confirming the details, contacting for factual inquiries, and notifying the result of processing or compliance with a legal obligation to which HHI is subject.
3. Personal information to a third party
We will not use the personal information other than the purposes mentioned in the above. However, the following exceptions may be applied.
- A. If we receive your renewed consent for the data subject
- B. If we have a good-faith belief that disclosure information is reasonably necessary to meet any applicable law, regulation, legal process, or enforceable governmental requests
- C. If there is no other way to obtain consent due to unforeseeable reasons or we have a good-faith belief that there is a reasonable reason to protect third party rights in property or any other interests
-
D. In any of the following cases, except for when there is a possibility of unfairly infringing the interests of the data subject or a third party, the personal information of the data subject may be shared to third parties
- 1) For a certain course of academic research, it is necessary to provide personal information in a non-personally identifiable form
- 2) If the Company is unable to comply with any applicable law or regulation however the governmental agency such as Protection committee reviewed and approved to provide such information to a third party
- 3) If company is necessary to meet any international treaty requirements
- 4) When necessary for investigating and prosecuting criminal offenses
- 5) If necessary for court proceedings
- 6) If necessary for the execution of penalty and custody, enforcement of protective measures
- E. If we share those information to a third party, we will notify the purpose of sharing to a third party or a third party which is shared personal information, and the retention period by a third party
4. Commitment of handling personal information
When it is necessary to have a contractual relationship with a third party, we will cause to make our best efforts to indicate relevant clauses about the purpose of contract, the party information who will proceed such information, technical and administrative protection methods, and compensations for damages in accordance with Article 25 of Personal Information Protection Act. Additionally we will monitor from time to time the opposite party whether they are complying with subject agreement and any other applicable regulations.
- A. Name of external service provider: HNINC, Website operation and maintenance
5. Period of Retention and Use of Personal Information
In some cases, we retain data for limited periods when it needs to be kept for legitimate business or legal purposes. In principle, we will delete personal information immediately after the purpose of its use has been achieved. However, the following information may be retained for the limited period for the following reasons.
- A. If there is reasonable reason to meet any applicable internal policy
-
The company will keep personal information with the consent.
- - The period of misuse records for preventing illegal use: For 1 year
- - The period of Information for requests management: Until the purpose of personal information is achieved.
- B. If the company is compelled to comply with any applicable law or regulations, reason for holding information by relevant laws.
- If it is necessary to comply with the provisions of applicable laws such as commercial law, Act on The Consumer Protection in Electronic Commerce, Etc., the company will keep personal information for a certain period of time in accordance with applicable laws and regulations.
6. Procedures and methods of personal information deletion
The Company will delete personal information without delay right after the purpose of its use has been achieved or we determine retaining such information is no longer necessary. The deletion procedure and methods are as follows.
- A. Destruction procedure
- The Company will select the personal information which is reasonably necessary to delete in accordance with applicable internal policies and laws and such information will be deleted with the prior approval by Chief Privacy Officer.
- B. Deletion methods
- 1) Personal information stored in electronic file is deleted by technical method disabling regeneration of records.
- 2) Personal information stored in other devices other than electronic file or is printed, will be destroyed by a shredder or incinerated.
7. The rights, duties and methods of the data subject
① You may exercise its rights to request to review, correct, delete, or suspend processing personal information at any time.
② The exercise of rights indicated in above may be made in writing, e-mail, fax, etc., pursuant to Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act.
- A. Personal information request for review
- You may ask the company to view the personal information retained by the company in accordance with Article 35 of the Personal Information Protection Act (Inspection of Personal Information).
-
However, the company may not be allowed to such requests If:
- 1) If we are obligated not to do so by law or requirements of any relevant regulatory agency.
- 2) If there is a reasonable reason to protect against harm to the rights, property, or safety of users or a third party.
-
3) If it is possible to disrupt against governmental agency for processing for following tasks:
- - Taxation, Collection or Refund
- - Regarding grading or student selection at higher education institutions established in accordance with the Elementary and Secondary Education Act and the Higher Education Act, schools established under the Lifelong Education Act and other laws
- - Assessment of qualifications, skills and employment, qualification examination
- - Assessment or judgment in progress on compensation or allowance estimation
- - Audit and investigation matters in progress under other applicable laws
- B. Personal information correction and deletion request
- You may request correction or deletion of personal information retained by the company in accordance with Article 36 (Correction or Deletion of Personal Information) of Personal Information Protection Act. However, if personal information is indicated in other applicable laws and regulations which the company is required to comply, you will not be able to request such deletion.
- C. Request to stop personal information processing
-
You may request for correction of personal information retained by the company according to Article 37 (Suspension, etc. from Managing Personal Information) [Personal Information Protection Act.] However, in the following cases, the company is allowed not to respond your request the request to stop processing can be rejected.
- - If the company is compelled to comply with statutory obligations by applicable laws
- - If there is a reasonable reason to protect against harm to the rights, property, or safety of users or a third party
- - If it is possibly to disrupt against governmental agency for processing for its own duties under the laws or regulations
- - If there is difficulty to comply with any other agreements that we are obligated to and you are not clearly expressing objections to do
8. Measures to ensure the safety of personal information
In order to secure the security for the personal information not to be lost, stolen or damaged, we are making its best efforts to taking all of feasible methods in accordance with Article 29 of the Personal Information Protection Act. The details are as follows,
- A. Establishment and enforcement of internal management plan
- The Company has developed and enforced an internal policy based on the criteria for ensuring the safety of personal information.
- B. Minimization and training of personal information handlers
- The company's personal information handling staff is limited to the person in charge, and a separate password is assigned to it so that it is regularly updated. We constantly emphasize compliance with the company's personal information processing policy through on-the-job training.
- C. Restrict access to personal information
- We take all necessary measures for making limited access environments for personal information through the granting, modification and deletion of access rights to the personal information database systems. When one of our employees charging the personal information accesses the personal information processing system from the outside, the virtual private network will be used.
- D. Secure connection history and prevent forgery/tampering
- We are securing all of connection records (web logs, etc.) about the personal information processing system for at least 1 year and making all of best efforts for using the security function to prevent forgery, alteration and loss of connection records.
- E. Encryption of personal information
- Encryption is important, valuable to protect the personal information stored on. Such personal information is stored in encrypted manners and additional security devices for processing are to be used.
- F. Measures to prevent hacking
- 1) The company is making its best efforts to protect your personal information against hacker and other privacy invasion
- 2) In order to protect personal information, we regularly back up the data. We use the latest vaccine program to prevent personal invasions or data from being leaked or damaged. We allow to transmit personal information in a strictly manners on the network through encrypted communication
- 3) And we are utilizing invasion prevention system to restrict unauthorized access from outside and try to have all necessary technical devices to make the best security system
- G. Protection measures against unauthorized access
- The physical storage of the personal information system is separately being operated, and access control procedures are effective and activated accordingly.
- H. Password encryption
- The password is encrypted and stored. Only you or data principal knowing password is able to access system for changing or confirmation of such data. Change of personal information is possible only by the data subject who knows the password.
- I. Operation of personal information protection organization
- Through the in-house personal information protection organization, we review whether it is complied with the company's Privacy Policy and any other applicable regulations, and make all of its efforts to correct any problems in the event that it is found. However the Company shall have no circumstance be liable for any loss, damage, expense arising from negligence act on you or any internet accessing issue.
9. Privacy Officer and Personal Information Manager
In order to protect personal information and to deal with complaints related to personal information, the Company has designated the Privacy Officer and Personal Information Manager as follows.
Contact Methods
|
Chief Privacy Director |
Privacy Officer |
Personal Information Manager |
Department |
General Affairs |
Legal Security Support Team |
Legal Security Support Team |
Name |
Kim, Kyu-doek Senior Managing Director |
Kwon, Do-Hyung Senior Officer |
Choi, Woo-sun Officer |
Telephone |
2-52-202-0118 |
2-52-202-3187 |
2-52-202-2746 |
E-mail |
118@hhi.co.kr |
tony.kwon@hhi.co.kr |
firstchoi@hhi.co.kr |
You can contact us if you have any questions or concerns or if you would like to make a compliant about privacy issues
10. Contact department of Personal Information collection and view
You may ask the company to view the personal information in accordance with Article 35 of the Personal Information Protection Act. Therefore, you can contact us if you have any questions or concerns
- Department : Business Ethics Planning Team
- Name : Lee, Yoon Hyuk (officer)
- Telephone : 02-746-7551
- E-mail : yoonhyuk.lee@ksoe.co.kr
11. Change of personal information processing policy
This Privacy Policy may be updated from time to time. In the event there is a material change to comply with applicable laws and regulations, we will post on our websites along with the updated policy no later than 7 days of any addition, deletion or correction of any changes in accordance with the laws and regulations, we will endeavor to notify you through the notice 7 days before the possible change.
12. Matters concerning the installation / operation of the automatic collection device of personal information and its rejection
Our website(ethics.hhigroup.kr) does not use cookies which are able to store and retrieve information.
13. Relief for privacy right infringement
If you have any questions or concerns about data processing, or if you would like to have a consultation for resolving any disputes about a possible breach of applicable regulations, you can always contact to relevant regulators or governmental agency such as the Personal Information Dispute Resolution Committee or the Personal Information Infringement Notification Center of the Korea Internet & Security Agency.
The following organizations are separate entity from the company, and if you are unsatisfied with the reply received or need more specification information, you may contact us and we will endeavor to provide you with information about your concerns.
- ▶ Personal Information Infringement Notification Center (operated by Korea Internet & Security Agency
- Service : Personal information infringement report and consultation application
- Website : privacy.kisa.or.kr
- Telephone : +82 118
- Address : 3rd Fl., Korea Internet & Security Agency (KISA) 9 Jinheung-gil, Naju, Jeollanam-do, Republic of Korea (58324)
- ▶ Personal Information Dispute Mediation Committee
- Service : Personal information dispute settlement application, collective dispute settlement (civil settlement)
- Website : www.kopico.go.kr
- Telephone : +82 1833-6972
- Address: 4th Fl., 209, Sejong-daero, Jongno-gu, Seoul, Republic of Korea (03171)
- ▶ Supreme Prosecutors' Office Cyber Crime Division
- Telephone : +82-2-3480-3573
- Website : www.spo.go.kr
- ▶ Korean National Police Agency Cyber Safety Bureau
- Telephone : +82 182
- Website : cyberbureau.police.go.kr