Privacy Policy
Privacy Policy
Privacy Policy
Date: July 25, 2022 (V11.0)
Learn how Samsung SDI handles your information in the below.
Samsung SDI Co., Ltd. (hereinafter referred to as ‘The Company`) protects the personal information and interests of customers, visitors, etc. in accordance with the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection. In addition, we are preparing the following personal information management policy so that we can handle users' complaints related to personal information smoothly.
1. Personal information items for collection and purposes of processing
1) The company collects and uses the following personal information solely for the specified purposes.
* List of information (required and optional) and purposes for collection| Category | Items for collection | Purpose |
|---|---|---|
| Homepage | Cookies | Use only for 'Do not see only one day' function in pop-up window |
| Business sites |
Business visit
[Required items] Name, Date of birth, Mobile phone number, Smartphone OS, Nationality, ID, Password, Company name, Business registration number, Email address, Cookies, Entrance/exit records
Issuance of a pass
[Required items] Name, Name in English, Date of birth, Gender, Company name, Mobile phone number, Entrance/exit/meal records
Security solutions of NotePC Security
[Required items] Name, Email address, Mobile phone number, Company name, (SDI staff) Name, (SDI staff) Department name
CCTV
Entry/Moving video information in business sites |
Operation related to security and safety |
* Collection method
- - Homepage : Automatic collection using automatic information collection device(automatic generation information collection tools)
- - Business sites : Collect information of customers, visitors, etc. from the Visitor Management System (V-PASS), Collect in such a way that employees who need long-term access, such as partner employees, fill in the company related form directly, Automatic collection of access and meal records through access management system, Automatic Image Information Collection Using CCTV, Inputting personal information of users and SDI personnel directly when using notebook security solution
2) The collected personal information will not be used for any purposes other than the above. If the purpose of use changes, necessary actions will be taken such as collecting a separate agreement from employees according to related laws.
The users have the right to refuse the collection and use of their personal information that are not permitted by the law. However, refusal may interrupt the company’s provision of any services.
2. Personal information process and retention period
1) The company processes and retains users’ personal information only within the process and retention period, as agreed by employees upon collection of personal information or under relevant laws.
2) The process and retention period of the personal information collected from and agreed by users is as below.
| Classification | Retention | |
|---|---|---|
| Required information |
Personal information inevitably collected and used for compliance with a special regulation or fulfilment of a legal obligation. | Until achievement of the goal |
| Personal information inevitably collected and used for conclusion and implementation of an employment contract. | ||
| Optional information |
Personal information collected and used with prior consent of an employee. |
3) The process and retention period of the personal information collected under the law is as below.
| Retained items | Retention period | Legal grounds |
|---|---|---|
| Consumer complaints or dispute settlement records | 3 years | Laws related to consumer protection in e-commerce |
| Display/advertisement records | 6 months | |
| Contract or subscription withdrawal records | 5 years | |
| Supply records including payment and goods | 5 years | |
| Electronic financial transaction history | 5 years | Electronic Financial Transactions Act |
| Website visit history | 3 months | Protection of Communications Secrets Act |
| Collection/process and use of credit information | 3 years | Laws related to the use and protection of credit information |
3. Provision of personal information to a third party
1) The company does not provide users’ personal information to an external party or a third party without consent of the user.
2) In the following cases however, personal information may be provided to a third party without prior consent of the user.
- If provision of the information is inevitable to comply with special regulations or statutory obligations.
- If the owner of the information or its legal representative is unable to make an expression of intention or is unable to express prior content due to unknown address, and if such information is clearly deemed urgent and necessary for the life, body and property of the information owner or a third party.
- If provision of the information is required by law or investigative authorities for investigative purposes under relevant laws.
| Destination | Providing item | Purpose | Providing period |
|---|---|---|---|
| - | - | - | - |
4. Consignment of personal information processing
1) The company consigns the following personal information processing tasks to external companies for smooth personal information business processing.
| Category | Trustee | Business contents to entrust |
|---|---|---|
| Direct consignment | S1, Estec system | Access and video information processing of customers, visitors, and partner employees |
| S1 | Operation, improvement, and maintenance of the visitor management system(V-PASS) |
|
| Re-consignment | [S1] Samsung SDS | Maintenance of Hardware and Network in Visitor Management System(V-PASS) |
| [S1] HumanTSS, Estec system | Access and video information processing of customers, visitors, and partner employees |
|
| [S1] Nice Information Service | Identity authentication using Mobile communication company information and mobile phone number provided to the visitor management system(V-PASS) |
2) The company prohibits strictly defines and manages technical/administrative protection measures, safety assurance measures, re-entrustment restrictions, management and supervision of trustees, confidentiality and liabilities to protect personal information processed through consignments.
3) If any changes in the consigning company or commissioned tasks occur, the company posts such changes on the company bulletin board without delay.
5. Rights, obligations and exercing methods of users and legal representatives
1) Users who provide personal information may exercise the following rights to the company at any time
- Need to view personal information
- If there is an error, correction request
- Deletetion request
- Processing stop request
2) The exercise of rights under paragraph (1) can be done in writing, telephone, e-mail, etc. to the company, and the company will take action without delay.
3) If the user requests correction of errors in personal information or deletion of personal information, the company does not use or provide that personal information until the correction or deletion is completed.
4) The exercise of rights under paragraph (1) can be done through the agent, such as the legal representative of the user or the person who has been delegated. In this case, you must submit a letter of attorney in accordance with Appendix 11 of the Enforcement Rule of the Personal Information Protection Act.
5) The user shall not infringe on the personal information and privacy of the user himself / herself or other person under the management of the company in order to comply with related statutes such as the Personal Information Protection Act.
6) The company is seeking the consent of the legal representative in case of the need to collect personal information of children under the age of 14 to provide services.
6. Deletion of personal information
1) The company shall delete the relevant personal information without delay by the following procedures and methods if the period of personal information is elapsed and the purpose of processing is achieved.
-
Deletion procedure
Measures for destruction or deletion after being stored for a certain period in accordance with internal policies and other related statutes -
Deletion method
Personal information recorded in a paper document is scraped or incinerated by a grinder, and personal information stored in the form of an electronic file is deleted by a method that can not be recorded or restored.
2) If the personal information held by the user has expired or the purpose of processing has been achieved, the personal information must be kept in accordance with other statutes.
7. Measures to ensure the safety of personal information
1) The company is securing stability by taking the following administrative technical protection measures so that the personal information it handles is not lost, stolen, leaked, modulated or damaged.
-
Administrative measures
Guidelines for information security regulations and internal management plans for personal information, compliance, inspection, education, etc. -
Technical measures
Management / authentication of access rights such as personal information processing system, installation / operation of access control system and security program, encryption of personal information, etc. -
Physical action
Establishment & operation of access control of computer room and personal information storage room, Protection measures for printing and copy.
8. Matters concerning the installation, operation and rejection of an automatic personal information collection device
1) The company operates a 'cookie' that stores and finds users' information from time to time. Cookie is a very small text file sent by the server used to run the company ’ s website to the user ’ s web browser, which is stored on the user ’ s computer hard disk.
2) The purpose of using cookies and the method of denying setting are as follows.
-
Purpose of use such as cookies
Implementation of automatic login function, personal customization service such as “no more pop-up today” -
Rejecting method of cookie setting
Users can also use Web browser option settings to allow all cookies, go through confirmation every time cookies are saved, or refuse to save all cookies.
However, if the user refuses to install the cookie, it may be difficult to provide the service.
9. Personal Information Protection Management Department
1) The company is responsible for the management of personal information and operates a personal information protection management department as follows to deal with the grievances of users related to personal information.
| Protection Officer | Customer service department |
|---|---|
| SMART IT Team Leader |
- Information Security Group (031-8006-3502 / s-report@samsung.com) |
2) If you ask about the user's personal information protection, complaint handling, damage relief, etc., we will reply and process it without delay.
10. Rights and obligations of users
1) Users can request access to personal information protection manager. We will try to handle it quickly when I ask for inspection.
2) Please accurately enter the user's personal information in the latest state to prevent unexpected accidents. The user is responsible for accidents caused by inaccurate information entered by the user, and if incorrect information is entered, some system users may lose their license.
Users have the right to protect their personal information, as well as the obligation to protect themselves and not infringe on other people's information. Be careful not to leak users' personal information, including passwords, and be careful not to damage other people's personal information, including posts. If you fail to fulfill your responsibilities and undermine other people's information and dignity, you can be punished under 『the Personal Information Protection Act』 and 『the Act on Promotion of Information and Communication Network Utilization and Information Protection』
11. Method for compensating for performing preference of personal information and revention for inpension of rights.
1) You can contact the following agencies for reports, damage relief, and counseling on user's personal information infringement.
- Personal Information Violation Report Center (http://Privacy.kisa.or.kr, Tel.118)
- Personal Information Dispute Mediation Committee (http://www.kopico.go.kr, 1833-6972)
- Supreme Public Prosecutor's Office Cyber Investigation Department (http://www.spo.go.kr, Tel.1301)
- Electronic Cybercrime Report & Management system (https://ecrm.police.go.kr, Tel.182)
12. History of changes in personal information management policies
1) This personal information management policy (V11.0) applies from July 25, 2022.
2) The revision of the personal information management policy is as follows.
Revision details
- 1. Enactment of personal information treatment policy Revision date : 2007.10.22 [Ver : V 1.0]
- 2. Integration into management/treatment policy Revision date : 2011.09.30 [Ver : V 2.0]
- 3. Modification of management/treatment policy Revision date : 2013.07.25 [Ver : V 3.0]
- 4. Separation into management policy and treatment policy Revision date : 2015.08.24 [Ver : V 4.0]
- 5. Change the person in charge of protection : 2016.02.12 [Ver : V 5.0]
- 6. Integration of management policy and treatment policy into management policy Revision date : 2017.03.15 [Ver : V 6.0]
- 7. Change the items and periods of collecting personal information and person in charnge of protection Revision date : 2018.05.23 [Ver : V7.0]
- 8. Change the items and methods of collecting personal information and person in charnge of protection Revision date : 2019.04.25 [Ver : V8.0]
- 9. Change the items and methods of collecting personal information and the service department Revision date : 2020.03.02 [Ver : V9.0]
- 10. Change the items and methods of collecting personal information Revision date :2021.06.01 [Ver : V10.0]
- 11. Change the items of collecting personal information, Add rights and obligations of users Revision date : 2022.07.25 [Ver : V11.0]