"WE ARE WHERE YOU ARE" ASIA-CENTRIC, ON GLOBAL FRONTIERS
- 1. Introduction
- Hanon Systems (hereinafter referred to as the ‘Company’) will regard protection of users’ personal information as important, and comply with the provisions on protection of personal information pursuant to the “Personal Information Protection Act,” and handle the personal information, collected, retained and processed according to the provisions in related laws, lawfully and appropriately to conduct business properly and protect the rights of the data subject.
- 2. Collected personal information items
- The Company collects the following personal information of users to update IR emails, request data and support recruiting. The Company will not disclose personal information without the prior consent of the user, and use the collected information as follows:
Financial Calendar List Services Personal Information Purpose Collecting Method Possession Basis Compulsory Optional Customer Service Name, email, address Phone number Fluent response for the customer’s requirement Online User’s agreement Cyber Sinmungo (no compulsory information) Name, telephone, mobile phone, email, classification information (employee, cooperative, other) Gathering reports and opinions from stakeholders Online User’s agreement IR Information Requirement Name, investor type, nation, email address Title, division, zip code, detailed address, phone number, fax. Quick update of IR information for investors and regular customers, etc. Online User’s agreement Recruit Name, phone number, email, photo, address, military service, academic background, career, and other information needed for recruit - Identification, offering basic information for recruit, announcing rejection/acceptance, emergency contact, etc. Online User’s agreement Managing Visitors Company name, name License plate number Identifying and managing reservation of visito Online or offline User’s agreement
- 3. Personal information retention and use period
- In principle, the Company will immediately destroy personal information if the purpose of personal information collection and use is accomplished. Users may request the Company at any time to view and delete the personal information the Company has, and correct errors. The deleted customer data will not be kept any longer. Users can request data deletion by e-mail, fax and phone.
- 4. Matters concerning provision and consignment of personal information to a third party
- The Company will use users’ personal information within the scope described in “purposes of personal information collection and use,” and does not provide or consign personal information to a third party without the prior consent of users. However, exceptions will be made in the following cases:
- According to the provisions of laws, or at the request of an investigative agency according to the procedure and method stipulated in laws for the purpose of investigation
- 5. User’s Rights and Duty
- User can exercise following rights as owner of the personal information.
1. User can exercise following personal information protection rights whenever user wants.
- request for reading the personal information
- request for corrections of error
- request for deletion
- request for suspension of the information
2. User can exercise the rights stated in the clause no.1 by written form, email, and fax after the form in attach no. 8 of ‘Personal Information Protection Law Enforcement Regulations’. Company will take action instantly.
3. When user requests for correction of error or deletion, company will not use or offer the personal information until correction or deletion is completed.
4. Exercising the right stated in the clause no.11 can be done by a legal representative or a delegating person. In this case powers of attorney should be submitted in the form of attach 11 in ‘Personal Information Protection Law Enforcement Regulations’
- 6. The procedure for and method of destroying personal information
- The procedure for and method of destroying inputted personal information are as follows:
- Destruction procedure
The information provided to request IR data will be moved to a separate DB after the purpose is accomplished, and destroyed after a certain amount of time for the purpose of personal information protection according to internal policies and other related laws.
The personal information, moved to a separate DB, will not be used for purposes other than stipulated by laws and the purpose of retention.
- Destruction method
Personal information saved as electronic files must be deleted using a technical method that makes it impossible to reproduce the records.
Other recording media than records in the form of electronic files, printed matters, and documents will be shredded
- Destruction procedure
- 7. Matters concerning the stability of personal information
- Company take technical, administrated, physical actions to secure the stability according to the ‘Personal Information Protection Act’ article no. 29.
1. Minimizing and education employees handling personal information
Company appoints and limit the employee who handles the personal information to manage personal information.
2. Periodical internal audit
Company runs internal audit periodically to secure stability of handling personal information
3. Establishing and enforcing internal management plan
Company establishes and enforces internal management plan for safe use of personal information
4. Encryption of personal information
User’s password is stored and managed encrypted so that only user can know the password, and security functions such as encrypting files and transfer
data of important information or file locking functions are used.
5. Technical measures to prepare hacking
Company has installed security programs and refresh and examine it periodically to prevent leakage and damage of personal information from hacking or
computer virus. And system is installed in access controlled area and it is observed and blocked technically and physically.
6. Limit access to personal information
Access to personal information is controlled by giving, changing, and erasing the authority to
access personal information database. And unauthorized access is controlled by a firewall.
7. Storage of access record and prevention of forging and tampering
Access record to personal information system is stored and managed for at least 6 months, and security function is used to prevent the information to be
forged, tampered, stole, and lost.
8. Use of lock to secure documents
Documents and storage devices containing personal information are stored in a safe place with a lock.
9. Admission control for unauthorized person
Personal information is stored in a physically separated place and admission control procedure is established and operated.
- 8. Persons in charge of managing personal information, their affiliation, names and contact info
- To protect personal information and handle complaints related to personal information, the Company assigns the following departments and persons in charge of managing personal information.
Privacy protection officer
Person in charge: Seo Eun Kang, Communications Team
Phone number: 02-3498-5465
- 9. Remedies and Procedures to infringement on rights and interests
- If you have any other questions or report about violation of personal information, please call or inquiry to the below organizations for better help.
- KISA Privacy Center (privacy.kisa.or.kr / +82-118)
- Korea Internet & Security Angency (www.spo.go.kr / +8202-3480-3573)
- The Cyber Terror Response Center (www.ctrc.go.kr / +821566-0112)
- Central administrative judgment commission (www.simpan.go.kr/ +82-100)
- 10. Changing the personal information processing policy
- This personal information processing policy will go into effect in December 2014.
You can view previous personal information processing policies below.
- View details contents of the text below