USER GUIDE

Privacy Policy

Haesung DS Co., Ltd. (hereinafter referred to as "the Company") complies with the Personal Information Protection Act and related laws to protect the rights of individuals and safeguard personal information. In accordance with the law, the Company has established and disclosed its privacy policy to ensure that any concerns related to individuals' personal information are addressed promptly and smoothly.

[Indication of Major Personal Information Processing]

General Personal Information Collection

  • Name, Date of Birth, Phone Number, Email, Address, Educational Background, Work Experience, Personal Skills, Family Information, Military Service Status

※ For detailed items, please refer to the main text of the privacy policy.

Sensitive Information Collection

  • Physical Information

※ For detailed items, please refer to the main text of the privacy policy.

Personal Information Retention Period

  • Until the purpose of collection is achieved

※ If there is a legal obligation to retain information, it will be stored for the required duration.

Purposes of Personal Information Processing

  • Company Technical Inquiries
  • Job Applications

※ For detailed items, please refer to the main text of the privacy policy.

Destruction of Personal Information

  • Destruction of personal information upon the expiration of the retention period and upon achieving the purpose of processing.

Personal Information Grievance-Handling Department

  • Personal Information Protection Officer

- Ha Joo-hyung (Executive Director)

- h.ha@haesungds.net

Article 1 (Purpose and Items of Personal Information Processing)

The company collects and processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those stated below. In the event of a change in the purpose of processing, necessary measures such as obtaining separate consent in accordance with relevant laws will be taken.

Post List
Category Mandatory/Optional Processing Purpose Category Retention/Usage Period
Membership registration for the electronic purchasing system and new vendor registration Mandatory Use of the electronic purchasing system, identity verification, and personal identification, prevention of fraudulent use by problematic members and unauthorized use, confirmation of intent to join, checking membership status and frequency, record retention for future dispute resolution, handling complaints and other customer service issues, and delivery of notifications. Name of the representative, date of birth, phone number, email, address Until completion of use of the electronic purchasing system or achievement of processing purposes.
Job Applications Mandatory Conducting the recruitment process, contacting applicants, and managing potential future hiring resources. Photo, name, date of birth, phone number, email, educational background, certification information, language skills, awards, veteran information. Until completion of the recruitment process or achievement of processing purposes.
Process in accordance with the company's hiring confirmation. Mandatory Personnel management, including salary payment, provision of benefits, support for various tasks, and performance evaluations. Photo, name, date of birth, gender, nationality, address, phone number, email, bank account number, residence type, military service and discharge information, veteran information, marital status and marriage date, emergency contact. Until the achievement of processing purposes

Article 2 (Processing and Retention Period of Personal Information)

he company processes personal information within the period of retention and use for which consent has been obtained from the information subject when collecting personal information.

The retention and processing periods for each type of personal information are as specified in Article 1. However, personal information will be retained until the end of the relevant reason in the following cases.

1. If an investigation or inquiry is ongoing due to a violation of relevant laws: Until the conclusion of that investigation or inquiry.
2. If there are outstanding claims and debts remaining from the use of the website: Until the settlement of those claims and debts.

Article 3 (Provision of Personal Information to Third Parties)

The company processes the personal information of data subjects solely within the scope specified in Article 1 regarding the purpose of processing personal information. However, the company may provide personal information to relevant authorities without the consent of the data subject if there are special provisions in the law or when necessary to comply with legal obligations. In such cases, the company will provide only the minimum necessary personal information in accordance with the applicable laws and will not provide it for purposes other than those specified.

Article 4 (Outsourcing of Personal Information Processing)

The company outsources the processing of personal information as follows to facilitate smooth personal information management.

Post List
Outsourcee (Trustee) Consigned task Retention and Use Period
Chaeumsoft Website operation and management Until the end of the website operation contract
KCS Server and database management Until the end of the server management contract.

In accordance with the Personal Information Protection Act, the company includes the following in contracts and other documents: prohibition of personal information processing beyond the purpose of performing outsourced work, implementation of technical and managerial protective measures, restrictions on subcontracting, management and supervision of the trustee, and liability for damages. The company also monitors the trustee to ensure the safe processing of personal information.

In the event of changes to the content of the outsourced work or the trustee, the company will promptly disclose this through the personal information processing policy.

Article 5 (Destruction of Personal Information)

The company shall promptly destroy personal information when it is no longer necessary due to the expiration of the retention period or the achievement of the purpose of processing.

If the retention period for personal information agreed upon by the data subject has expired or the purpose of processing has been achieved, but the company is required to retain the personal information in accordance with other laws, the relevant personal information will be transferred to a separate database (DB) or stored in a different location.

The procedures and methods for the destruction of personal information are as follows:

1. Destruction Procedures
The company selects personal information for destruction when the reasons for destruction arise and destroys the personal information after obtaining approval from the company’s personal information protection manager.

2. Methods of Destruction
The company employs technical methods that render electronic files of personal information irretrievable before destroying them, while personal information recorded and stored in paper documents is destroyed by shredding or incineration.

Article 6 (Rights, Obligations, and Methods of Exercise by the Data Subject)

The data subject may exercise the following rights related to personal information protection against the company at any time:

1. Request for access to personal information
2. Request for correction of personal information in case of errors
3. Request for deletion of personal information
4. Request to withdraw consent for the processing of personal information
5. Request for withdrawal of consent for the processing of personal information.

The exercise of rights as stated in paragraph 1 can be made to the company via written communication, telephone, email, or fax. The company will take the necessary action within 10 days from the date of exercising the rights unless there is a justifiable reason for the delay. If there are grounds for rejection or limitation, the company will inform you of those reasons and how to appeal within 5 days.

The exercise of rights as stated in paragraph 1 can be done through a representative, such as the legal representative of the data subject or a person who has been delegated authority. In such cases, one must submit a power of attorney in accordance with the format specified in Annex 11 of the "Notification on Methods of Handling Personal Information”.

If the data subject requests correction or deletion due to personal information errors, the company will not use or provide such personal information until the correction or deletion is completed.

Requests for access, correction, deletion, cessation of processing, and withdrawal of consent regarding personal data may be restricted in accordance with relevant laws and regulations.

The company verifies whether the request to exercise the rights is made by the data subject themselves or by a legitimate representative.

Article 7 (Measures to Ensure the Security of Personal Information)

The company takes the following measures to ensure the safety of personal information
1. Administrative Measures
  • The company complies with the standards set forth by laws and regulations for the secure storage and transmission of personal information.
  • Regular internal training and external training on personal information protection are provided for employees who handle personal information, and strict management and supervision are implemented to ensure compliance with laws regarding personal information protection.
  • An internal management plan has been established and implemented, and a dedicated organization is operated.

2. Technical Measures
  • The company uses a vaccine programs to take measures to prevent damage caused by computer viruses. Vaccine programs are regularly updated, and in the event of a sudden virus occurrence, vaccines are provided as soon as they become available to prevent the infringement of personal information.
  • To ensure the secure management of personal information, the company employs relevant systems and software to enhance security measures.
  • Access to personal information is restricted to those who are directly engaged in sales and marketing activities with data subjects, those responsible for personal information management, and others whose job duties necessitate the handling of personal information.

3. Physical Measures
  • To ensure the safe storage of personal information and personal information processing systems, protective measures such as locking devices are implemented to prevent physical access.
  • Computer rooms and document storage areas are designated as special protected zones, and access is controlled.

Article 8 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)

The company does not use "cookies" to store and retrieve user usage information.

The company uses "cookies" to store and retrieve usage information to provide users with individualized personalized services.

Cookies are small amounts of information sent from the server (http) that operates the website to the user's computer browser, and they may be stored on the hard disk of the user's PC.

1. Purpose of Using Cookies: Cookies are used to analyze the visiting and usage patterns of each service and website accessed by users, as well as to determine secure access status, in order to provide optimized information to users.
2. Installation, Operation, and Refusal of Cookies: Users can refuse the storage of cookies through the following methods. However, if cookies are refused, it may lead to difficulties in using personalized services.
1)Microsoft Edge
  • Click the ‘…’ icon in the upper right corner, then click on ‘Settings’.
  • After clicking on ‘Privacy, search, and services' on the left side of the ‘Settings’ page, select whether to enable tracking prevention and the level of tracking prevention in the ‘Tracking prevention’ section.
  • ‘Choose whether to always use ‘Strict’ tracking prevention when searching in InPrivate mode.
  • In the section below labeled ‘Privacy’, select whether to enable ‘Send "Do Not Track" requests’.
2)Chrome
  • Click the ‘⋮’ icon (Customize and control Google Chrome) in the upper right corner, and then select 'Settings’.
  • At the bottom of the ‘Settings’ page, click on ‘Advanced' to show advanced settings, and then click on 'Content settings' in the 'Privacy' section.
  • In the Cookies section, check the box for 'Block third-party cookies and site data’.

Article 9 (Collection, Use, and Refusal of Behavioral Information)

The company collects and uses behavioral information for the improvement and development of services, user analysis, and the provision of customized services.

The company collects behavioral information as follows.

Post List
Items of behavioral information collected Methods of collecting behavioral information Purpose of collecting behavioral information Retention and use period, and subsequent information processing methods
Browser type and OS of the user, visit records (IP Address, access time) Automatically collected when users visit the website Improvement and development of services, user analysis, and provision of customized services. Retention and disposal after 3 years from the date of collection.

Behavioral information is automatically collected and stored during the service usage process.

The company collects only the minimum necessary behavioral information and does not collect sensitive behavioral information that may significantly infringe upon individual rights, interests, or privacy. Furthermore, it does not use behavioral information in a form that can identify individuals when combined with personal information.

Users can collectively block or allow the collection of behavioral information by changing cookie settings as outlined in Article 8, Paragraph 2, Item 2.

Article 10 (Personal Information Protection Manager)

The company takes overall responsibility for personal information processing and has appointed a personal information protection manager and department to handle inquiries, complaints, and remedies of data subjects related to personal information processing, as follows.

Personal Information Protection Manager
  • Name: Ha Joo-hyung
  • Position/Title: Center Head
  • Contact Information: jh.ha@haesungds.net / (TEL) +82 070-4761-0220 / (FAX) +82 070-4761-0111

Personal Information Protection Department
  • Person in Charge: Kim Dong-wook, Deputy General Manager
  • Dept. Name: Changwon Support Center
  • Contact Information: uk0712.kim@haesungds.net / (TEL) +82 070-4761-0426 / (FAX) +82 070-74761-0111

Data subjects may contact the personal information protection manager and department regarding any inquiries, complaints, or remedies related to personal information protection arising from their use of the company’s services. The company will respond to and address inquiries from data subjects without delay.

Article 11 (Remedies for Infringement of Data Subject Rights)

Data subjects may apply to the institutions listed below for dispute resolution, consultation, and remedies for damages resulting from personal information infringement. For more detailed assistance, please contact the institutions mentioned below.
  • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
  • Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
  • Supreme Prosecutor's Office: 1301 (www.spo.go.kr)
  • National Police Agency: 182 (ecrm.cyber.go.kr)

Article 12 (Changes to the Privacy Policy)

This Privacy Policy is effective from November 24, 2023.

Previous versions of the Privacy Policy can be viewed by clicking on this link.

TOPkeyboard_capslock
close