Personal Information Management Policy
Samsung SDI will cherish your information and Samsung SDI`s Personal Information Management Policy contains the following contents.
Date: August 07, 2023 (V11.1)
Samsung SDI Co., Ltd. (hereinafter referred to as ‘The Company`) protects the personal information and interests of customers, visitors, etc. in accordance with the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection.
In addition, we are preparing the following personal information management policy so that we can handle users' complaints related to personal information smoothly.
1) The company collects and uses the following personal information solely for the specified purposes.
- List of information (required and optional) and purposes for collection
| Category | Items for collection | Purpose |
|---|---|---|
| Category Homepage |
Items for collection
|
Purpose Use only for 'Do not see only one day' function in pop-up window |
| Category Business sites |
Items for collection
|
Purpose Operation related to security and safety |
- Collection method
- Homepage : Automatic collection using automatic information collection device(automatic generation information collection tools)
- Business sites : Collect information of customers, visitors, etc. from the Visitor Management System (V-PASS), Collect in such a way that employees who need long-term access, such as partner employees, fill in the company related form directly, Automatic collection of access and meal records through access management system, Automatic Image Information Collection Using CCTV, Inputting personal information of users and SDI personnel directly when using notebook security solution
2) The collected personal information will not be used for any purposes other than the above. If the purpose of use changes, necessary actions will be taken such as collecting a separate agreement from employees according to related laws.
3) The users have the right to refuse the collection and use of their personal information that are not permitted by the law. However, refusal may interrupt the company’s provision of any services.
2. Personal information process and retention period1) The company processes and retains users’ personal information only within the process and retention period, as agreed by employees upon collection of personal information or under relevant laws.
2) The process and retention period of the personal information collected from and agreed by users is as below.
| Classification | Retention | |
|---|---|---|
| Classification Required information | Personal information inevitably collected and used for compliance with a special regulation or fulfilment of a legal obligation. | Retention Until achievement of the goal |
| Classification Required information | Personal information inevitably collected and used for conclusion and implementation of an employment contract. | Retention Until achievement of the goal |
| Classification Optional information | Personal information collected and used with prior consent of an employee. | Retention Until achievement of the goal |
3) The process and retention period of the personal information collected under the law is as below.
| Retained items | Retention period | Legal grounds |
|---|---|---|
| Retained items Consumer complaints or dispute settlement records | Retention period 3 years | Legal grounds Laws related to consumer protection in e-commerce |
| Retained items Display/advertisement records | Retention period 6 months | Legal grounds Laws related to consumer protection in e-commerce |
| Retained items Contract or subscription withdrawal records | Retention period 5 years | Legal grounds Laws related to consumer protection in e-commerce |
| Retained items Supply records including payment and goods | 5 years | Legal grounds Laws related to consumer protection in e-commerce |
| Retained items Electronic financial transaction history | Retention period 5 years | Legal grounds Electronic Financial Transactions Act |
| Retained items Website visit history | Retention period 3 months | Legal grounds Protection of Communications Secrets Act |
- 1) The company does not provide users’ personal information to an external party or a third party without consent of the user.
-
2) In the following cases however, personal information may be provided to a third party without prior consent of the user.
- If provision of the information is inevitable to comply with special regulations or statutory obligations.
- If the owner of the information or its legal representative is unable to make an expression of intention or is unable to express prior content due to unknown address, and if such information is clearly deemed urgent and necessary for the life, body and property of the information owner or a third party.
- If provision of the information is required by law or investigative authorities for investigative purposes under relevant laws.
| Destination | Providing item | Purpose | Providing period |
|---|---|---|---|
| Destination - | Providing item - | Purpose - | Providing period - |
1) The company consigns the following personal information processing tasks to external companies for smooth personal information business processing.
| Category | Trustee | Business contents to entrust |
|---|---|---|
| Direct consignment | Trustee S1, Estec system | Business contents to entrust Access and video information processing of customers, visitors, and partner employees |
| Trustee S1 | Business contents to entrust Operation, improvement, and maintenance of the visitor management system(V-PASS) | |
| Re-consignment | Trustee [S1] Samsung SDS | Business contents to entrust Maintenance of Hardware and Network in Visitor Management System(V-PASS) |
| Trustee [S1] HumanTSS, Estec system | Business contents to entrust Access and video information processing of customers, visitors, and partner employees | |
| Trustee [S1] Nice Information Service | Business contents to entrust Identity authentication using Mobile communication company information and mobile phone number provided to the visitor management system(V-PASS) |
2) The company prohibits strictly defines and manages technical/administrative protection measures, safety assurance measures, re-entrustment restrictions, management and supervision of trustees, confidentiality and liabilities to protect personal information processed through consignments.
3) If any changes in the consigning company or commissioned tasks occur, the company posts such changes on the company bulletin board without delay.
5. Rights, obligations and exercing methods of users and legal representatives-
1) Users who provide personal information may exercise the following rights to the company at any time
- Need to view personal information
- If there is an error, correction request
- Deletetion request
- Processing stop request
- 2) The exercise of rights under paragraph (1) can be done in writing, telephone, e-mail, etc. to the company, and the company will take action without delay.
- 3) If the user requests correction of errors in personal information or deletion of personal information, the company does not use or provide that personal information until the correction or deletion is completed.
- 4) The exercise of rights under paragraph (1) can be done through the agent, such as the legal representative of the user or the person who has been delegated. In this case, you must submit a letter of attorney in accordance with Appendix 11 of the Enforcement Rule of the Personal Information Protection Act.
- 5) The user shall not infringe on the personal information and privacy of the user himself / herself or other person under the management of the company in order to comply with related statutes such as the Personal Information Protection Act.
- 6) The company is seeking the consent of the legal representative in case of the need to collect personal information of children under the age of 14 to provide services.
-
1) The company shall delete the relevant personal information without delay by the following procedures and methods if the period of personal information is elapsed and the purpose of processing is achieved.
- Deletion procedure
Measures for destruction or deletion after being stored for a certain period in accordance with internal policies and other related statutes - Deletion method
Personal information recorded in a paper document is scraped or incinerated by a grinder, and personal information stored in the form of an electronic file is deleted by a method that can not be recorded or restored.
- Deletion procedure
- 2) If the personal information held by the user has expired or the purpose of processing has been achieved, the personal information must be kept in accordance with other statutes.
-
1) The company is securing stability by taking the following administrative technical protection measures so that the personal information it handles is not lost, stolen, leaked, modulated or damaged.
- Administrative measures
Guidelines for information security regulations and internal management plans for personal information, compliance, inspection, education, etc. - Technical measures
Management / authentication of access rights such as personal information processing system, installation / operation of access control system and security program, encryption of personal information, etc. - Physical action
Establishment & operation of access control of computer room and personal information storage room, Protection measures for printing and copy.
- Administrative measures
- 1) The company operates a 'cookie' that stores and finds users' information from time to time. Cookie is a very small text file sent by the server used to run the company ’ s website to the user ’ s web browser, which is stored on the user ’ s computer hard disk.
-
2) The purpose of using cookies and the method of denying setting are as follows.
- Purpose of use such as cookies
Implementation of automatic login function, personal customization service such as “no more pop-up today” - Rejecting method of cookie setting
Users can also use Web browser option settings to allow all cookies, go through confirmation every time cookies are saved, or refuse to save all cookies.
However, if the user refuses to install the cookie, it may be difficult to provide the service.
- Purpose of use such as cookies
1) The company is responsible for the management of personal information and operates a personal information protection management department as follows to deal with the grievances of users related to personal information.
| Chief Privacy Officer(CPO) | Protection Management Department |
|---|---|
| Chief Privacy Officer(CPO) Head of Global Privacy Office |
Protection Management Department
Global Privacy Office (031-8006-3034 / privacy.sdi@samsung.com) |
2) If you ask about the user's personal information protection, complaint handling, damage relief, etc., we will reply and process it without delay.
10. Rights and obligations of users1) Users can request access to personal information protection manager. We will try to handle it quickly when I ask for inspection.
2) Please accurately enter the user's personal information in the latest state to prevent unexpected accidents. The user is responsible for accidents caused by inaccurate information entered by the user, and if incorrect information is entered, some system users may lose their license.
3) Users have the right to protect their personal information, as well as the obligation to protect themselves and not infringe on other people's information. Be careful not to leak users' personal information, including passwords, and be careful not to damage other people's personal information, including posts. If you fail to fulfill your responsibilities and undermine other people's information and dignity, you can be punished under 『the Personal Information Protection Act』 and 『the Act on Promotion of Information and Communication Network Utilization and Information Protection』
11. Method for compensatinng for performing perference of persoanl information and revention for inpension of rights.1) You can contact the following agencies for reports, damage relief, and counseling on user's personal information infringement.
- Personal Information Violation Report Center
(http://privacy.kisa.or.kr, Tel.118) - Personal Information Dispute Mediation Committee
(http://www.privacy.go.kr, 1833-6972) - Supreme Public Prosecutor's Office Cyber Investigation Department
(http://www.spo.go.kr, Tel.1301) - Electronic Cybercrime Report & Management system
(https://ecrm.police.go.kr, Tel.182)
1) This personal information management policy (V11.1) applies from August 7, 2023.
2) The revision of the personal information management policy is as follows.
| Ver | Revision date | Revision details |
|---|---|---|
| Ver V11.1 | Revision date 2023.08.07 | Revision details Update CPO and Personal Information Protection Management Department |
| Ver V11.0 | Revision date 2022.07.25 | Revision details Change the items of collecting personal information, Add rights and obligations of users |
| Ver V10.0 | Revision date 2021.06.01 | Revision details Change the items and methods of collecting personal information |
| Ver V9.0 | Revision date 2020.03.02 | Revision details Change the items and methods of collecting personal information and the service department |
| Ver V8.0 | Revision date 2019.04.25 | Revision details Change the items and methods of collecting personal information and person in charnge of protection |
| Ver V7.0 | Revision date 2018.05.23 | Revision details Change the items and periods of collecting personal information and person in charnge of protection |
| Ver V6.0 | Revision date 2017.03.15 | Revision details Integration of management policy and treatment policy into management policy |
| Ver V5.0 | Revision date 2016.02.12 | Revision details Change the person in charnge of protection |
| Ver V4.0 | Revision date 2015.08.24 | Revision details Separation into management policy and treatment policy |
| Ver V3.0 | Revision date 2013.07.25 | Revision details Modification of management/treatment policy |
| Ver V2.0 | Revision date 2011.09.30 | Revision details Integration into management/treatment policy |
| Ver V1.0 | Revision date 2007.10.22 | Revision details Enactment of personal information treatment policy |
