Samsung Electro-Mechanics’ Personal Data Processing Policy
Samsung Electro-Mechanics Co., Ltd. (hereinafter, the "Company") deeply values your personal data and strictly complies with the Personal Data Protection Act. The Company’s Personal Data Processing Policy informs you of the purpose and manner in which your personal data is being and will be used and type measures that are being taken to protect your personal data.
Article 1 (Purpose of Processing Personal Data)
The Company processes personal data for the following purposes. The processed personal data will not be used for any purpose other than the following purposes, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining a separate consent under Article 18 of the Personal Data Protection Act.
|No.||Name of Personal Data File||Operational Basis||Processing Purpose|
|1||Ethical Management, Security Reporting, Compliance Management Reporting||Consent by the owner of the personal data ("Data Subject")||Reply to inquiries/reports,
Management of consultation handling details
|2||Product Inquiries, Technical Inquiries, Certificates, Recruitment Inquiries, Corporate Data, IR, Partnership Inquiries||Service support for inquiries/requests|
|4||Samsung Electro-Mechanics’ YouTube Content Contest||Identification, Receipt of and response to inquiries for operation of YouTube contest|
Article 2 (Personal Data Processing and Retention Period)
- ① The Company processes and retains personal data within the personal data retention and use period under laws or the personal data retention and use period agreed when collecting personal data from Data Subjects.
- ② (Ethical Management/Security Reporting/Compliance Management Reporting/Product Inquiries/Technical Inquiries/Certificates/Recruitment Inquiries/Corporate Data/IR/Partnership Inquiries)
The personal data processing and retention period is one year. However, personal data for which the retention and use period has expired may be preserved without being destroyed, "where it is required to be preserved under other laws” or “where a separate consent has been obtained."
- ③ (Samsung Electro-Mechanics’ YouTube content contest)
The personal data processing and retention period is three months from the day when results are announced. However, personal data for which the retention and use period has expired may be preserved without being destroyed, "where it is required to be preserved under other laws” or “where a separate consent has been obtained."
Article 3 (Provision of Personal Data to Third Party)
- ① The Company shall provide personal data to a third party only in the cases which fall under Articles 17 and 18 of the Personal Data Protection Act, such as where a consent is obtained from the Data Subject or where special provisions in laws so require.
Article 4 (Entrustment of Personal Data Processing)
① The Company entrusts the processing of personal data as shown in [Attachment 1] for the smooth processing of personal data.
Article 4 (Entrustment of Personal Data Processing) No. Name of Entrustee Entrusted Work Representative Phone No. 1 The Uber Creative Co., Ltd. Operation and maintenance of website +82-2-517-5133 2 Samsung SDS Co., Ltd. Operation of computerized system +82-2-6155-3114 3 NHR Communications Co., Ltd. Operation of Samsung Electro-Mechanics’ YouTube content contest and receipt management +82-2-735-9536
- ② When executing an entrustment agreement, in accordance with Article 26 of the Personal Data Protection Act, the Company specifies prohibition on personal data processing for purposes other than the purpose of carrying out the entrusted work, technical and managerial protection measures for personal data, purpose and scope of the entrusted work, restriction on re-entrustment, safety securement measures, management and supervision of the entrustee, matters relating to liability such as compensation for damages, etc. in documents, and supervises whether the entrustee safely processes personal data.
- ③ If the content of the entrusted work or the entrustee is changed, the Company will immediately notify such change through this Personal Data Processing Policy.
Article 5 (Rights and Obligations of Data Subject and Its Statutory Agent and Method of Exercising Them)
① The Data Subject (refers to the statutory agent, in case the Data Subject is under the age of 14 may exercise the following rights relating to personal data protection against the Company at any time.
- 1. Request for access to personal data
- 2. Request for correction in case there exists any error, etc.
- 3. Request for deletion
- 4. Request for suspension of processing
- ② The exercise of the rights under Paragraph 1 may be carried out in writing or through e-mail, facsimile, etc., using the attached Form No. 8 of the Enforcement Rules of the Personal Data Protection Act, and the Company will immediately take a measure for this.
- ③ The exercise of the rights under Paragraph 1 may be carried out through an agent such as the Data Subject’s statutory agent or delegated person. In this case, the power of attorney in the attached Form No. 11 of the Enforcement Rules of the Personal Data Protection Act shall be submitted.
- ④ In the case of the request for access to personal data or the request for suspension of processing, the Data Subject’s rights may be restricted under Articles 35 (4) and 37 (2) of the Personal Data Protection Act.
- ⑤ The Company verifies whether the person who has made the request for access, the request for correction or deletion, or the request for suspension of processing based on the Data Subject’s rights is the Data Subject itself or its legitimate agent.
Article 6 (Personal Data Items Subject to Processing)
① The Company is handling the following personal data items.
Article 6 (Personal Data Items Subject to Processing) No. Name of Personal Data File Personal Data Items Recorded in Personal Data File 1 Compliance Management (reporting) Name (Optional), Company (Optional), Phone Number (Optional), Email (Optional) 2 Security Reporting (reporting) Name (Optional), Company (Optional), Phone Number (Optional), Email (Optional) 3 Ethical Management (reporting) Name (Optional), Phone Number (Optional), Email (Optional) 4 Recruitment Inquiries Nationality, Name, Email, School/Organization, Major/Department, Phone Number 5 Product Inquiries, Technical Inquiries, Certificates, Corporate Data, IR, Partnership Inquiries Nationality, Name, Email, Company/Organization, Department, Phone Number 6 Newsletter 7 Samsung Electro-Mechanics’ YouTube content contest Team Leader (Required) Team Name, Password, Name, Date of Birth, Email, Phone Number
(Optional) Affiliation, Matter of interest relating to Samsung Electro-Mechanics Co., Ltd., Questions about Samsung Electro-Mechanics Co., Ltd.
Team Member Name, Email, Phone Number, Date of Birth
② The following personal data items can be automatically generated and collected in the process of using the Internet services.
- · IP address, cookie, MAC address, service usage record, visiting record, defective usage record, etc.
Article 7 (Destruction of Personal Data)
- ① Where personal data becomes unnecessary because of expiration of the personal data retention period, achievement of the purpose of processing, etc., the Company shall immediately destroy the relevant personal data.
- ② This is not the case where personal data must be continuously preserved under other laws, even if the personal data retention period agreed to by the Data Subject has expired or the purpose of processing has been achieved.
- ③ The procedure and method of destroying personal data are as follows.
1. Destruction procedure
The Company selects personal data for which the cause for destruction occurs, and destroys personal data with the approval of the Company’s person in charge of personal data protection.
2. Destruction method
The Company destroys personal data recorded and kept in the form of an electronic file so that records cannot be reproduced, and the personal data recorded and kept in paper documents is shredded by a shredder or incinerated and destroyed.
Article 8 (Personal Data Security Securement Measures)
① The Company is taking the following measures to ensure the safety of personal data.
1. Establishment and implementation of an internal management plan
The Company establishes and implements an internal management plan for the safe processing of personal data.
2. Minimization and training of the persons who handle personal data
The Company manages personal data by designating and minimizing the persons who handle personal data, and conducts regular training for the employees who handle personal data.
3. Restriction on access to personal data
The Company takes necessary measures to control access to personal data through granting, changing, and cancelling access to the database system that processes personal data, and controls unauthorized access from the outside using the intrusion prevention system.
4. Keeping of access records and prevention of forgery
Records relating to access to the personal data processing system (web log, summarized data, etc.) are kept and managed in accordance with relevant laws, and security functions are used to prevent forgery, theft, and loss of access records.
5. Encryption of personal data
The user’s personal data is encrypted and kept and managed. Also, in the case of important data, separate security functions, such as encrypting and using such data when keeping and transmitting it, are used.
6. Technical countermeasures against hacking, etc.
In order to prevent personal data leakage and damage caused by hacking or computer virus, etc., the Company installs security programs, conducts periodical updates and inspections, installs systems in areas where access from the outside is controlled, and performs monitoring and blocking technically and physically. In addition, the Company not only conducts monitoring of network traffic but also detects attempts to illegally alter data, etc.
7. Control of access against unauthorized persons
The Company has a separate physical keeping place for the personal data system where personal data is kept, and establishes and operates the access control procedure.
Article 9 (Matters Concerning Installation and Operation and Refusal of Automatic Personal Data Collection Device)
- ① The Company uses "cookies" that store and find usage data time to time.
- ② Cookies are a small amount of data that the server which is used to run the system sends to the user’s computer browser, and are stored on the user’s PC computer’s hard disk.
- 1. Purpose of using cookies : to check user errors and prevent illegal use by identifying visiting records and security access
2. Installation and operation and refusal of cookies
- ▶ Internet Explorer web browser : You can refuse to store cookies by setting options at [Tools] on the top > [Internet Options] > [Personal Data] menus.
- ▶ Chrome web browser : You can refuse to store cookies by setting [Setting] in the upper-right corner > [Personal Data and Security] > [Cookies and Site Data].
- 3. If you refuse to install cookies, provision of services may be difficult.
Article 10 (Person in Charge of Personal Data Protection)
① The Company designates the person in charge of personal data protection as follows in order to protect personal data and handle complaints relating to personal data.
Article 10 (Person in Charge of Personal Data Protection) Name of Department Person in Charge Contact Information Legal Team Legal Team Leader Phone number : 031-210-5114
Email : firstname.lastname@example.org
※ You are connected to the department in charge of personal data protection.
- ② The Data Subject may contact the person in charge of personal data protection and the department in charge with respect to all inquiries relating to personal data protection, complaint handling, damage remedy, etc. that have occurred while using the Company’s service (or business). The Company will answer and deal with the Data Subject’s inquiries without delay.
Article 11 (Request for Access to Personal Data)
① The Data Subject may make a request for access to personal data to the following department under Article 35 of the Personal Data Protection Act. The Company will try to swiftly handle the Data Subject’s request for access to personal data.
Article 11 (Request for Access to Personal Data) Distinction Name of Department Contact Information Department of receiving and handling request for access to personal data Personal Data Protection Office Phone number : 031-210-5114
Email : email@example.com
Article 12 (Remedies for Infringement on Rights and Interests)
The Data Subject may contact the following institutions to inquire about damage relief, counseling, etc. in relation to personal data infringement. The following institutions are those which are separate from the Company, and if you are not satisfied with the Company’s own handling of personal data complaints or damage relief results, or if you need further assistance, please contact them.
Article 13 (Change of Personal Data Processing Policy)
- ① This Policy takes effect from June 21, 2021. Where the content of this Policy is added, deleted or modified in accordance with the change of laws/policies or security technology, the modified Personal Data Processing Policy will be disclosed on the website, etc.