SAMSUNG SDI

Sitemap

Close

SAMSUNG SDI

BUSINESS

IR

CAREER

ESG

PR Center

Contact Us

Privacy Policy

Privacy Policy

Privacy Policy

Date: October 27, 2023 (V12.0)

Learn how SAMSUNG SDI handles your personal information below.

Samsung SDI Co., Ltd.(hereinafter referred to as ‘Company’) processes and manages personal information in accordance with the Personal Information Protection Act and relevant laws and regulations to protect the rights of data subjects. The Company establishes and discloses its Privacy Policy as follows to inform data subjects of the procedures and standards for processing personal information and to handle any complaint in relation thereto.

Key categories of personal information processing

  • General personal information collection

    Name, Date of birth,
    Mobile phone number,
    Smartphone OS, Nationality,
    ID, Password,
    Company name,
    mail address, Cookies,
    Entrance/exit records

  • Personal information provision

    Everone Soft co.,ltd
    (business partner)

  • Grievance handling department

    Global Privacy Office
    +82-31-8006-3034
    privacy.sdi@samsung.com

Table of Contents

  1. 1. Personal information items for collection, purposes of processing and retention period
  2. 2. Provision of personal
    information to a third party
  3. 3. Entrusting personal information processing
  4. 4. The rights and obligations of data subjects and
    legal representatives, and how to exercise such rights
  5. 5. Destruction of personal information
  6. 6. Measures to ensure the safety of personal information
  7. 7. Installation and operation of an automatic
    collection tool for personal information
    and the denial thereof
  8. 8. Privacy officer
  9. 9. Request for access to personal information
  10. 10. Remedy for infringement of rights
  11. 11. Scope of the Privacy Policy
  12. 12. Previous Privacy Policies

1. Personal information items for collection, purposes of processing and retention period

1) The Company collects and uses the following personal information solely for the specified purposes.

Personal information processing purpose table with classification (home page, workplace), collection items, and processing purpose items
Category Items for collection Purpose Retention
Homepage Optional
items		 Cookies Use only for 'Do not see
only one day' function
in pop-up window		 1 day
(auto delete after 1 day)
Access to the office Required
items		 Name, Date of birth, Mobile phone number,
Smartphone OS, Nationality, ID, Password, Company name, Email address, Cookies, Entrance/exit records, Visual data(CCTV)		 Operation related to
security and safety		 1 year after last visit to business site
Optional
items		 Department name, Position,
License plate number, Vehicle type
Issuance of a pass Required
items		 Name, Name in English, Date of birth,
Gender, Company name, Mobile phone
number, Entrance/exit/meal records		 Until achievement of
the purpose
Optional
items		 Photo, Position, Company address,
Company phone number
Security solutions
for laptops		 Required
items		 Name, Email address,
Mobile phone number, Company name		 Until achievement of
the purpose
Vendor registration Required
items		 Name, Mobile phone number, address,
account number, bank name,
unique identification information (resident registration number, alien registration number(residence card no.),
passport number)		 Income tax
withholding and tax
processing under the
Income Tax Act		 Until 5 years after tax
filing
(Unless otherwise
required by law)
Mobile security Required
items		 Phone carrier name, firmware version,
firmware rooting status, Wi-fi MAC address, device’s model name, Android OS version,
External Secure Digital card ID, device’s time
zone, IMEI/IMSI, SIM status, network type,
roaming status		 EMM installation for
mobile (camera)
security within the
business site		 Until EMM application
deletion

2) Collection method

  1. Homepage : Automatic collection using automatic information collection device(automatic information collection tool)
  2. Access to the office : Collect information of customers, visitors, etc. from the Visitor Management System (V-PASS), collect in such a way that employees who need long-term access, such as partner employees, fill in the Company related form directly, automatic visual data collection using CCTV
  3. Issuance of a pass : Automatic collection of access and meal records through access management system
  4. Security solution for laptops : Collect personal information from laptop users when registering in the security solution
  5. Vendor registration : Collect personal information from data subjects through the Compfany's form and register it in the ERP system by SDI personnel
  6. Mobile (camera) security : Collect personal information from data subjects upon application for the EMM system, or additionally during its installation

3) The collected personal information will not be used for any purposes other than the above. If the purpose of use changes, necessary actions will be taken such as collecting a separate agreement from employees according to related laws.

4) The Company processes and retains personal information only for the relevant purposes within the retention period and use under the laws and regulations for which consent was received when collecting personal information from the data subject.

5) The process and retention period of the personal information collected under the law is as below.

Retained
items		 Retention
period		 Legal
grounds
Website visit history 3 months Protection of Communications
Secrets
Act

2. Provision of personal
information to a third party

1) The Company provides the following personal information to a third party.

Receiving Third Party Purpose Providing items Providing Period
Everone Soft Providing attendance
records for the convenience
of Everone Soft employees		 Serial number, access card
number, entry/exit time		 Until achievement of the
goal
Receiving Third Party Everone Soft
Purpose Providing attendance
records for the
convenience of Everone
Soft employees
Providing items Serial number, access card number, entry/exit time
Providing Period Until achievement of
the goal

2) The Company processes the personal information of the data subjects only within the scope specified in the Purpose of Personal Information Processing, and provides personal information to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act, and otherwise, does not provide the personal information of the data subjects to third parties.

3. Entrusting personal
information processing

1) The Company entrusts the following personal information processing tasks to external companies for personal information business processing.

Category Person Entrusted Entrusted Work
Direct consignment S1, Estec system Access and visual data processing
of customers, visitors,
and partner employees
S1 Operation, improvement,
and maintenance of the visitor management system(V-PASS)
Re-consignment [S1]
HumanTSS, Estec system		 Access and visual data
processing of customers, visitors,
and partner employees
[S1]
Nice Information Service		 Identity authentication using
mobile communication company
information and mobile phone number registered in the Visitor
Management System(V-PASS)

2) When entering into an entrustment agreement, the Company specifies the following: prohibition of personal information processing for other purposes than performing the entrusted task; technical and managerial safeguards; restriction on re-entrustment;
management and supervision of the person entrusted; and liabilities, such as compensation of damages. The Company supervises whether the person entrusted processes the personal information in a safe manner.

3) Any changes in the person entrusted or entrusted work will be posted on the Company bulletin board without delay by the Company.

4. The rights and obligations of data subjects and legal representatives, and how to exercise such rights

1) A data subject may, at any time, make requests to the Company their right to access, correction, erasure, or suspension of processing.

* Any request for access to the personal information of a child under 14 years shall be filed directly by their legal representative. A data subject who is 14 years or older may exercise a right to their personal information or through their legal representative.

2) The exercise of rights under paragraph 1) can be requested in writing, via telephone, e-mail, etc. to the Company, and the Company shall take action without delay.

3) If the data subject requests correction of errors in their personal information or erasure of personal information, the Company does not use or provide that personal information until the correction or erasure is completed.

4) The exercise of rights under paragraph 1) can be done through an agent, such as a legal representative of the data subject or the person who has been delegated. In this case, you must submit a letter of attorney in accordance with attached form 11 in the Method of Processing Personal Information (No. 2025-5).

5) A request for the correction and erasure of personal information may not be accepted in cases where other laws and regulations mandate the collection of personal information.

6) The Company must check whether a data subject or their legitimate agent filed the request for access, correction and erasure, or suspension of access.

5. Destruction of personal information

1) The Company shall destroy the relevant personal information without delay by the following procedures and methods if the retention period of the personal information has elapsed and/or the purpose of processing has been achieved.

  1. Destruction procedure
    Personal information shall be destructed or deleted after being stored for a certain retention period in accordance with internal policies and other related statutes.
  2. Destruction method
    Personal information recorded in hard copy format shall be scraped or incinerated by a grinder, and personal information stored in the form of electronic file shall be destructed by a method that cannot be recorded or restored.

2) When other regulations or statues require the storage of personal information even after the expiration of the retention period or the
purpose of processing has been achieved, the personal information must be kept in a separate storage.

6. Measures to ensure the
safety of personal information

The Company secures personal information it processes by taking the following administrative and technical protection measures so that the personal information is not lost, stolen, divulged, altered or damaged.

  1. Establishment and implementation of an internal management plan
    The Company establishes and implements an internal management plan for the secure processing of personal information.
  2. Minimization and training of the persons who handle personal information
    The Company manages personal information by designating and minimizing the persons who handle personal information, and conducts regular training for the employees who handle personal information.
  3. Restriction of access to personal information
    The Company takes necessary measures to control access to personal information through granting, changing, and cancelling access to the database system that processes personal information, and controls unauthorized access from the outside using the intrusion prevention system.
  4. Recordkeeping of access logs and prevention of forgery
    Records related to access to the personal information processing system (web log, summarized data, etc.) are kept and managed in accordance with relevant laws, and security functions are used to prevent forgery, theft, and loss of access records.
  5. Technical countermeasures against hacking, etc.
    In order to prevent personal information leakage and damage caused by hacking or computer virus, etc., the Company installs security programs, conducts periodical updates and inspections, installs systems in areas where access from the outside is controlled, and performs monitoring and technical/physical blocking. In addition, the Company has implemented tools to not only conduct monitoring of network traffic but also detect attempts to illegally alter data.
  6. Control of access against unauthorized persons
    The Company has a separate physical storage place for the personal information system where personal information is stored, and establishes and operates an access control procedure.

7. Installation and operation of an automatic collection tool for personal information and the denial thereof

1) The Company operates a 'cookie' that stores and finds the information of data subjects from time to time. Cookie is a very small text file sent by the server used to run the Company’s website to the user’s web browser, which is stored on the user’s computer hard disk.

2) The purpose of using cookies and the method of refusing cookie settings are as follows.

  1. Purpose of utilizing cookies
    Implementation of automatic login function, personal customization service such as “no more pop-up today”
  2. Method of refusing cookie settings
    Data subjects can use web browser option settings to allow all cookies, go through confirmation every time cookies are saved, or refuse to save all cookies.
  3. However, if the data subject refuses to install the cookie, it may be difficult to provide the service.
    • - Chrome web browser : You can refuse to store cookies by setting [Setting] in the upper-right corner > [Personal Data and Security] > [Cookies and Site Data].
    • - Microsoft Edge web browser : You can refuse to store cookies by setting [Settings and more] in the upper-right corner > [Setting] > [Cookies and Site Permissions].

8. Privacy officer

1) The Company is responsible for the management of personal information and operates a personal information protection management department as follows to deal with the grievances of data subjects related to personal information.

Classification Manager/
Department		 Contact
Information
Personal Information Protection Officer Head of Global
Privacy Office		 Phone number :
031-8006-3034

Email :
privacy.sdi
@samsung.com
Personal Information Protection Division Global
Privacy Office

2) If you have any questions, complaints or request for remedies regarding personal information protection, feel free to contact us at anytime and we will reply and process it as soon as possible.

9. Request for access to
personal information

A data subject may, under Article 35 of the Personal Information Protection Act, request access to their personal information to the department stated below. The Company will do its best to handle, without delay, the data subject’s request to access the personal information.

Department Contact Information
Global
Privacy Office		 Phone number :
031-8006-3034

Email :
privacy.sdi
@samsung.com

10. Remedy for infringement of rights

You can contact the following agencies to report, request remedy or seek counseling regarding a data subject's personal information infringement.

  1. Personal Information Violation Report Center
    • (http://Privacy.kisa.or.kr, Tel.118)
  2. Personal Information Dispute Mediation Committee
    • (https://www.privacy.go.kr, 1833-6972)
  3. Supreme Prosecutor's Office
    • (http://www.spo.go.kr, Tel.1301)
  4. Electronic Cybercrime Report & Management system
    • (https://ecrm.police.go.kr, Tel.182)

11. Scope of the Privacy Policy

This Privacy Policy applies to the use of the SAMSUNG SDI website(www.samsungsdi.co.kr) and may not apply to other websites operated by the Company.

12. Previous Privacy Policies

1) This version of the Privacy Policy (V12.0) applies from October 27, 2023.

2) The revision of the Privacy Policy is as follows.

Revision details
  • 1. Enactment of personal information treatment policy Revision date : 2007.10.22 [Ver : V 1.0]
  • 2. Integration into management/treatment policy Revision date : 2011.09.30 [Ver : V 2.0]
  • 3. Modification of management/treatment policy Revision date : 2013.07.25 [Ver : V 3.0]
  • 4. Separation into management policy and treatment policy Revision date : 2015.08.24 [Ver : V 4.0]
  • 5. Change the person in charge of protection : 2016.02.12 [Ver : V 5.0]
  • 6. Integration of management policy and treatment policy into management policy Revision date : 2017.03.15 [Ver : V 6.0]
  • 7. Change the items and periods of collecting personal information and person in charge of protection Revision date : 2018.05.23 [Ver : V7.0]
  • 8. Change the items and methods of collecting personal information and person in charge of protection Revision date : 2019.04.25 [Ver : V8.0]
  • 9. Change the items and methods of collecting personal information and the service department Revision date : 2020.03.02 [Ver : V9.0]
  • 10. Change the items and methods of collecting personal information Revision date :2021.06.01 [Ver : V10.0]
  • 11. Change the items of collecting personal information, Add rights and obligations of users Revision date : 2022.07.25 [Ver : V11.0]
  • 12. Change the items and purposes of collecting personal information, Add measures to ensure the safety of personal information Revision date : 2023.10.27 [Ver : V12.0]