HS HYOSUNG does its best to
protect personal information.

Privacy & Information Processing Policy

HS HYOSUNG (hereinafter called the "Company") values the personal information of its information principals,
and establishes and discloses the <Privacy Policy> to comply with relevant laws, including Personal Information Protection Act.

HS HYOSUNG (hereinafter referred to as the “Company”) values your personal information and establishes and discloses this privacy policy to guide the procedures and standards for the processing of personal information in accordance with Article 30 of the Personal Information Protection Act. To promptly and smoothly handle related complaints,

the Company is taking measures to make it easy for customers to check the privacy policy at any time by disclosing it on the first page of the website.

The Company collects and uses your personal information within the minimum necessary scope for providing services.

  1. Collection Items
    1. When registering in the whistleblowing center (real name):

      Required Information: Name, Email Address, Phone Number

    2. Automatically generated and collected items during website use:

      Connection IP information, service usage records, connection logs, cookies, MAC addresses

  2. Purpose of processing
    1. Registering in the whistleblowing center (real name):

      User Identification, Reporting Irregularities, Complaints Handling

    2. Automatically generated and collected items during website use:

      Understanding connection frequency and collecting service usage statistics

The Company retains and uses the collected personal information within the agreed retention and usage period or the personal information retention and usage period according to the law.

  1. Retention period of personal information items collected through customer consent
    1. Registering in the whistleblowing center (real name):

      Retention period: 1 year

    2. Automatically generated and collected items during website use:

      Retention period: 1 year

  2. If there is a need to retain customer’s personal information under other laws, such as the Commercial Act, the Company will retain the personal information for the period specified by the relevant law.
    1. Records related to contracts or withdrawal of subscriptions: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
    2. Records related to payment of fees and supply of goods, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
    3. Records related to consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
    4. Personal information included in important documents related to commercial books and business operations: 10 years (Commercial Act)
    5. Personal information included in vouchers or similar documents: 5 years (Commercial Act)

The company promptly destroys the relevant personal information when it becomes unnecessary, such as when the retention period of personal information agreed upon with the user has elapsed or when the purpose of processing has been achieved.

If it is necessary to continue to retain personal information under other laws despite the expiration of the agreed-upon retention period or the achievement of the processing purpose, the company transfers the relevant personal information to a separate database or stores it in a different location.

The method of personal information disposal is as follows:

  1. Personal information recorded or stored in electronic file form is deleted using technical methods that prevent the recovery of records.
  2. Personal information recorded or stored on paper documents is shredded or incinerated for disposal.

The company entrusts the processing of personal information to ensure smooth personal information business processing as follows:

  1. Website operations
    • Entity entrusted (delegate): Hyosung TNS
    • Content of the entrusted business: Website maintenance and system management

When entering into an outsourcing contract, the company specifies matters related to the prohibition of processing personal information for purposes other than the performance of the outsourcing task, technical and managerial protection measures, restrictions on re-outsourcing, supervision and management of the delegate and responsibility for damage compensation, in accordance with Article 26 of the Personal Information Protection Act.

The company supervises whether or not the delegate handles personal information securely.

The company generally does not provide customers’ personal information to third parties. In the future, if it is deemed necessary to provide personal information to a third party, the company will obtain separate consent from customers and inform them of the details of the provision through the privacy policy.

However, in the following cases, personal information may be provided within the scope of the purpose for which it was collected without the customer’s consent, in accordance with Article 17 of the Personal Information Protection Act.

  1. When there is a special provision in the law or when it is necessary to comply with legal obligations
  2. When it is deemed necessary for the urgent benefit of the life, body, property of the information subject or a third party
  3. When it is necessary to achieve the legitimate interests of the personal information processor, provided that it is clearly prioritized over the rights of the information subject (limited to cases where there is a clear and reasonable relationship with the legitimate interests of the personal information processor and does not exceed a reasonable range)
  4. In cases of urgent necessity for public safety and well-being, including public hygiene

Customers have the right to access, correct, delete, and request the suspension of the processing of their personal information from the company at any time.

The exercise of rights related to personal information protection can be done in writing, via email, fax, etc., according to Article 41 of the Enforcement Decree of the Personal Information Protection Act and the company will promptly take appropriate measures.
[Download form - Form 1]

The exercise of rights can be done through the customer’s legal representative (in the case of children under 14) or a delegated person. In this case, a power of attorney must be submitted.
[Download form - Form 2]

Requests for correction and deletion of personal information cannot be made if the personal information is specified as a target of collection under other laws.

When exercising the rights of customers, such as inspection, correction, deletion and requests for processing suspension, the company verifies whether or not the one who requests it is the person in question or a legitimate representative.

If a customer requests the correction or deletion of personal information due to errors, the company will not use or provide such personal information until the correction or deletion is completed.

The company takes the following measures to ensure the security of personal information:

  1. Administrative measures :Establishment and implementation of internal control plans, education on personal information protection for personnel handling personal information and checks on compliance with security measures standards
  2. Technical measures :Installation of access control systems, encryption of personal information, prevention of computer virus damage using antivirus programs, security devices for personal information transmission on networks using encryption algorithms (SSL), operations of intrusion prevention systems, etc.
  3. Physical measures :Access control in places such as computer rooms and document storage rooms

The company uses “cookies” that store and retrieve customer information as needed in the operations of the website. Cookies are very small text files sent by the server operating the company’s website to your browser and stored on your computer’s hard drive.

The company uses cookies for the following purposes:

  1. Analysis of connection frequency and visit times, understanding user preferences and interests and tracking user activities
  2. Targeted marketing and provision of personalized services based on event participation levels and visit counts

Customers have the option to choose whether or not to install cookies. Therefore, customers can allow all cookies, confirm each time cookies are stored, or refuse to store all cookies by configuring the options in the web browser.

To reject cookie settings, you can choose the options in the web browser you are using. You have the option to either allow all cookies, confirm each time a cookie is saved or reject the storage of all cookies.

  • How to configure:
    • Microsoft Edge :Settings > Cookies and site permissions > Choose setting method
    • Google Chrome :Settings > Privacy and security > Cookies and other site data > Choose setting method

However, if you refuse to install cookies, there may be difficulties in receiving service benefits.

The company has designated a personal information protection manager and a department in charge of protecting personal information and handling complaints related to personal information processing.

  1. Personal Information Protection Manager & Handling Department
    • Name : Lee Ju Han Director
    • Department : Communication Part
    • Call : 02-707-7083
    • Email : cloverkoo@hyosung.com

While using the company’s services, if you have any inquiries, complaints, requests for damage relief or requests for access to personal information related to personal information protection, you can contact the Personal Information Protection Manager or the designated department. We will promptly respond to and handle your inquiries.

If you experience personal information infringement, you can contact the following organizations for damage relief, counseling, etc.:

  • Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
  • Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
  • Supreme Prosecutors’ Office (www.spo.go.kr / 1301)
  • National Police Agency (ecrm.cyber.go.kr / 182)

This privacy policy is effective from July 1, 2024. (First notice)