Samsung Engineering Co. Ltd (hereinafter the "Company") recognizes the importance of protecting users' personal information and makes the utmost efforts to ensure information security by complying with the "Act on Information and Communications Network Use Promotion and Information Protection" and Personal Information Protection Act" and "EU General Data Protection Regulation" and developing this Personal Information Protection policy.
Here in this policy, the Company notifies its personal information protection policy including the following: the type of personal information to be acquired, purpose of personal information collection, handling of personal information and its duration, and rights of users and how to exercise them.
If any change, deletion, or addition is made to this policy in accordance with revisions in relevant laws and regulations or the Company's internal policy, the Company will notify its users via our website (www.samsungengineering.co.kr).
The contents of this policy are as follows:
1. Purpose of acquisition and use of personal information
The Company acquires and uses personal information for the following purposes. The acquired personal information is not used for any other purposes than the following, and the Company will take legally-required actions such as acquiring prior consents from users when there is any change to the purposes.
1) Customer Opinions
- Receive customers' inquiries, contact to check facts, and reply to inquiring customers
2) Security Report Center
- Take actions on security reports and notify on corrective actions
2. The type of personal information to be collected and how to collect
1) Collected items
- The following information can be created and collected while users access and use our services.
· Access logs, cookies, IP addresses, service use records
2) How to collect
- Collect from "Customer Opinions" and "Security Report Center" section on the company website
- Live data collection tool (for access logs or cookies)
3. How long personal information is retained and used
1) The Company retains and uses personal information for the following period:
- Personal information is inevitably collected and used to comply with separate legal requirements or legal obligations
: During the period the Company needs to retain the information based on the relevant laws and regulations
- Personal information is inevitably collected and used in order to sign and execute contracts
: Until the Company fulfills the purposes of collecting and using the information
- Personal information is collected and used by acquiring consent from individual users
: During the period the users consented for
2) The Company deletes personal information in its database immediately after the retainment and usage period is over or the purpose of information collection is achieved. However, if the Company needs to retain the information longer in accordance with the relevant laws and regulations or was granted the users' prior consents, it can retain the information exceeding the retainment and usage period.
3) For the users who have not accessed for a long period of time (over a year), the Company deletes or separately stores and manages their personal information immediately after 1 year has passed with no access. The period of no access is counted with access records, and users will be notified with e-mails one month before the point of 1 year with no access.
4. Provision of personal information to third parties
1) The Company does not disclose users' personal information to outside, except for the following cases where:
- The user granted prior consent
- The law states to disclose certain information or it is inevitable for the Company to release the information in order to fulfill its legal obligation because it is required to disclose the information in order to meet the urgent need of protecting life, physical security, or assets of the user or a third party while it is impossible to gain the user's prior consent because the user in question or his/her legal representative is in a state unable to express one's will or cannot be reached because of unknown address (with a scope limited to the purpose of personal information collection.)
2) Users have a right not to allow their personal information to be shared with a third party, while, if they exercise the right, the users may face limits in services available to them.
5. Outsourcing of personal information management
1) The Company outsources personal information management to specialized vendors as follows in order to provide better services and promote user convenience. The Company ensures safe management of personal information by mandating necessary requirements in accordance with the relevant laws and regulations when signing outsourcing contracts with outside vendors.
2) The Company includes, in its contract with the outsourcing vendors, the requirement to ban handling of personal information except for the purpose of performing the commissioned tasks, ensure technical and managerial protection measures, limit re-commissioning to other vendors and hold the vendors accountable for damages, in accordance with the Article 26 of Personal Information Protection Act and Act on Promotion of Information and Communications Network Utilization and Information Protection, and supervises the outsourcing vendors to ensure they handle personal information safely.
3) If the outsourcing vendors or their outsourced tasks are added or changed, the Company releases the information in this policy.
6. Procedure and methods of personal information disposal
After achieving the purpose of collecting and retaining personal information or reaching the end of the retainment period, the Company disposes of the personal information in the following procedures:
1) Disposal process
- Dispose of the information immediately after achieving the purpose of reaching the end of the retainment period
- Select the information to be disposed of, execute the disposal, report the disposal and gain approval from the personal information manager (before or after the disposal)
2) How to dispose of:
- Information in electronic format: Delete permanently in an irreparable manner
- Printed materials, papers, and other information in the non-electronic format: Destroy by shredding, burning, or dissolving
7. Rights of users and their legal representatives and how to exercise the rights
1) Users and their representatives can always withdraw their consent on the collection, use, and provision of personal information. They can also demand the Company disclose, provide, revise, delete or limit, oppose or stop handling of the following information in accordance with the relevant laws and regulations. When requested by users or their legal representatives, the Company will take necessary measures immediately (unless there are reasonable grounds not to do so).
- User's personal information
- The log of using or providing a third party with the user's personal information
- The status of the user's consent to the collection, use, and provision of their personal information
2) Users and their representatives can request the Company to transfer their personal information so that it can be re-used for other services. Upon request, the Company can provide the personal information in a format that can be mechanically deciphered in a systematic and universal manner or, if technologically possible, send the personal information directly to another entity that handles personal information.
3) The Company may limit or reject requests to view, provide, revise, delete or limit, oppose or stop handling or transfer of personal information in the following cases after informing users or their legal representatives of the reasons:
- When the Company needs to do so in order to comply with particular legal requirements or fulfill legal obligations
- When there is a risk of harming others physically and/or financially or infringing upon other's interests in an unfair manner
4) When the Company rejects requests of users or their legal representatives to view, provide, revise, delete or limit, oppose or stop handling or transfer of personal information, it will notify the users or their legal representatives of its decision to reject, the reasons why and how to raise objections.
8. Installation and operation of automatic collection system of personal information and how to reject its use
The Company manages "cookies" to store and find users' information. "Cookies" are small text files the Company's server sends to its users' browsers, and they are stored in the users' hard disk.
1) Purpose of using cookies
2) Setting for cookies: How to set, check and decline
- How to set up (for Internet Explorer 8.0) :
Go to Tools and click Internet Options. Click the Personal Information tab and Setting to set the allowance level of cookies.
- How to check the cookies stored on your computer (for Internet Explorer 8.0) :
Go to Tools and click Internet Options. Click the General tab to go to Search Results - Setting - View Files.
- How to disable cookies (for Internet Explorer 8.0):
Go to Tools and click Internet Options. Click the Personal Information tab and Setting to set the allowance level of cookies to "Disable all cookies".
9. Location (Country) of handling personal information
The Company conducts the overall personal information handling in the Republic of Korea. Please be advised that any personal information provided from any other country will be transferred to the Republic of Korea via its dedicated network.
10. Measures to protect personal information
The Company is taking technical and managerial measures as follows in order to protect personal information to prevent loss, theft, leakage, distortion, or damage of information.
1) Development and implementation of the internal management plan
- The Company has developed and implemented an internal management plan to ensure the safe handling of personal information.
- With its dedicated team for the protection of personal information, the Company makes sure proper protection measures are implemented, its personnel complies with protection policies, and when problems are identified, corrective measures are taken.
2) Control and limits on access to personal information
- Installation and operation of access control tools
·The Company uses a breach blocking system to block any unauthorized access and is doing its best to secure all possible technical equipment to ensure security on its system.
- Minimized designation and training of personal information managers
·The Company minimizes the designation of personnel in charge of handling personal information and provides regular training with in-house and outside trainers.
·Handover of personal information management tasks is carried out in full security and the Company clearly identifies accountability for security breaches after its employees join the Company or resign.
- Control access to personal information
·The Company controls the access to personal information by granting, changing, or terminating access authority to database handling personal information. The Company also records the details of granting, changing or terminating access authority and retains the records for 3 years at a minimum.
3) Encoding personal information
- Users' personal information is protected by passwords, and files and transmitted data are encoded or locked when stored and managed. Important data is protected with additional security functions.
- The Company is using a security system that utilizes encoded algorithms to transmit personal information on the network (SSL).
4) Storage of access records and measures to prevent record falsification
- The Company retains and manages the record of access to a personal information management system for at 6 months at minimum and uses security functions to ensure access records are not falsified.
5) Installation and renewal of security programs
- In order to prevent leakage or damage of personal information data caused by hackers or computer viruses, the Company runs security programs that regularly to update them and monitor their operation.
- The Company also runs a hacker blocking system and weakness analysis system in each server to prevent any hacker intrusion and ensure online security.
6) Physical actions including securing storage facilities with locks
- The Company secured separate physical storage of the database that retains personal information and controls access to the storage.
11. Personnel in charge of personal information management and response to user complaints
The Company designated a responsible personnel and a dedicated staff for personal information management as follows in order to protect the users' personal information and respond to users' complaints regarding personal information. If you have any questions about personal information protection and management, please contact the following personnel.
1) Person in charge of personal information management (protection)
- Name :Vice President Yang, Ki Young
- Department :Human Resource Management Department
- Position :Head of HR Department
2) Dedicated personnel for personal information management (protection)
- Name :Manager Seo Ji Hoon
- Department :Human Resource Management Department
- Contact :+82-2-2053-3260
- E-mail :email@example.com
12. How to seek help for security breach
Users can make inquiries to the below entities for damage relief and consulting related to personal information violation.
□ Personal Information Breach Report Center (run by Korean Internet & Security Agency)
- Related work : Application for consulting for notification of personal information violation
- Website : privacy.kisa.or.kr
- Contact : (+82) 118
- Address: Korea Internet & Security Agency (KISA) 9 Jinheung-gil, Naju, Jeollanam-do, Republic of Korea
□ Personal Information Dispute Mediation Committee
- Related work : Application for personal information conflict mediation, collective dispute mediation (civil resolution)
- Website : www.kopico.go.kr
- Contact : 1833-6972
- Address: 4th Floor, Central Government Complex 209 Sejong-daero, Jongno-gu, Seoul, Republic of Korea
□ National Police Agency Cyber Bureau : (+82)182 (Cyberbureau.police.go.kr)
13. Revisions to the Personal Information Protection Policy
When revisions are made to this Personal Information Protection Policy, the Company will notify the details on the notice board and a pop-up window of this website.
□ Personal Information Protection Policy (Ver. 1.0) Enforcement: Dec. 30, 2011
□ Personal Information Protection Policy (Ver. 2.0) Revision: Dec. 31, 2015
□ Personal Information Protection Policy (Ver. 6.0) Revision: Feb. 21, 2018
□ Personal Information Protection Policy (Ver. 7.0) Revision: May. 25, 2018
□ Personal Information Protection Policy (Ver. 8.0) Revision: Dec. 24, 2020