Table of Contents
Article 1 (Purpose of Processing Personal Data)
SEM processes personal data for the following business purposes. If the purpose of processing is changed, necessary measures will be implemented, as required under applicable local law, such as obtaining a separate consent under Article 18 of the Personal Information Protection Act. Note that any references to consent are only to the extent, and in the manner, required by applicable local law.
|No.||Name of Personal Data File||Operational Basis||Processing Purpose|
|1||Ethical Management, Security Reporting, Compliance Management Reporting||Consent by data subject as required under the Korean privacy laws||Assign the appropriate contact person for an inquiry. Or, check the facts of a report. Reply to inquiries/reports|
|2||Product Inquiries, Technical Inquiries, Certificates, Recruitment Inquiries, Corporate Data, IR||Service support for inquiries/requests|
|3||Newsletter||Provide SEM’s reports and news|
|4||Component product library||Use the component product library|
Article 2 (Personal Data Processing and Retention Period)
- ① SEM processes and retains personal data within the personal data retention and use period under laws or the personal data retention and use period agreed when collecting personal data from data subjects.
- ② (Ethical Management/Security Reporting/Compliance Management Reporting/Product Inquiries/Technical Inquiries/Certificates/Recruitment Inquiries/Corporate Data/IR) The personal data processing and retention period is one year. However, personal data for which the retention and use period has expired may be preserved without being destroyed where it is required to be preserved under other laws or where a separate consent has been obtained.
- ③ (Newsletter)
Personal data processing and retention period is until the application for newsletter opt-out.
Article 3 (Provision of Personal Data to Third Party)
- ① SEM processes the personal data of the data subjects only within the scope specified in the Purpose of Personal Data Processing, and provides personal data to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act, and otherwise, does not provide the personal data of the data subjects to third parties.
- ② In accordance with the Personal Data Handling and Protection Rules in Emergency Situations jointly announced by the relevant government ministries and agencies, SEM may provide personal data to relevant organizations without the consent of the data subject in response to emergencies such as disasters, infectious diseases, events or accidents that cause imminent danger to life or body, or imminent property loss.
Article 4 (Entrustment of Personal Data Processing)
① SEM entrusts the processing of personal data as shown in [Attachment 1] for the smooth processing of personal data.
SEM entrusts the processing of personal data as shown in [Attachment 1] for the smooth processing of personal data. No. Name of Entrustee Entrusted Work Representative Phone No. 1 The Uber Creative Co., Ltd. Operation and maintenance of website, send newsletters +82-2-517-5133 2 Samsung SDS Co., Ltd. Operate computer system +82-2-6155-3114
- ② When executing an entrustment agreement, in accordance with Article 26 of the Personal Information Protection Act, SEM specifies prohibition on personal data processing for purposes other than the purpose of carrying out the entrusted work, technical and managerial protection measures for personal data, purpose and scope of the entrusted work, restriction on re-entrustment, safety securement measures, management and supervision of the entrustee, matters relating to liability such as compensation for damages, etc. in documents, and supervises whether the entrustee safely processes personal data.
Article 5 (Rights and Obligations of Data Subject, Its Statutory Agent and Method of Exercising Them)
① The data subject (or its statutory agent, in case the data subject is under the age of 14) may exercise the following rights relating to personal data protection against SEM at any time.
- 1. Request for access to personal data
- 2. Request for correction in case there exists any error, etc.
- 3. Request for deletion
- 4. Request for suspension of processing
- ② The exercise of rights pursuant to Paragraph 1 may be executed in writing, or by e-mail, fax, etc. in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and SEM will take action without delay accordingly.
- ③ The exercise of the rights under Paragraph 1 may be carried out through an agent such as the data subject’s statutory agent or delegated person. In this case, the power of attorney in the attached Form No. 11 of the Enforcement Rules of the Personal Information Protection Act shall be submitted.
- ④ In the case of the request for access to personal data or the request for suspension of processing, the data subject’s rights may be restricted under Articles 35 (4) and 37 (2) of the Personal Information Protection Act.
- ⑤ If the personal data is specified as data that SEM is obligated to collect in any other laws and regulations, notwithstanding the foregoing, any correction and/or deletion of personal data cannot be requested.
- ⑥ SEM verifies whether the person who has made the request for access, the request for correction or deletion, or the request for suspension of processing based on the Data Subject’s rights is the Data Subject itself or its legitimate statutory agent.
Article 6 (Personal Data Items Processed)
① SEM is handling the following personal data items.
SEM is handling the following personal data items. No. Name of Personal Data File Personal Data Items Recorded in Personal Data File 1 Ethical Management (reporting) (Optional) Name, Phone Number, E-mail address 2 Security Reporting (reporting) (Optional) First Name, Last Name, Company, Phone Number, E-mail address 3 Compliance Management (reporting) (Optional) First Name, Last Name, Company, Phone Number, E-mail address 4 Recruitment Inquiries Country recruited, Employment area, Type of employment, First Name, Last Name, Phone Number, School/Organization, Major/Department, E-mail address 5 Product, Technology, Certificates, Company Information, IR Country, First Name, Last Name, Company/Organization, Department, Phone Number, E-mail address 6 Newsletter E-mail address 7 Component product library Company ID, password
② The following personal data items can be automatically generated and collected in the process of using the Internet services:
- · IP address, cookie, service usage record, visiting record, defective usage record, etc.
Article 7 (Destruction of Personal Data)
- ① Where personal data becomes unnecessary because of expiration of the personal data retention period, achievement of the purpose of processing, etc., SEM shall immediately destroy the relevant personal data.
- ② In the event that SEM must continue to preserve the personal data in accordance with other laws even when the personal data retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, SEM may move the personal data to a separate database or store it in a different storage location.
- ③ The procedure and method of destroying personal data are as follows.
1. Destruction procedure
SEM selects personal data for which the cause for destruction occurs, and destroys personal data with the approval of SEM’s person in charge of personal data protection.
2. Destruction method
SEM destroys personal data recorded and kept in the form of an electronic file so that records cannot be reproduced, and the personal data recorded and kept in paper documents is shredded by a shredder or incinerated and destroyed.
Article 8 (Measures Concerning Destruction etc. of Personal Data of Dormant Users) * Applicable only to personal data related to component product library
- ① SEM destroys the data of those users who have not used the service for one full year. However, until the retention period stipulated by other laws and regulations has elapsed, a user's data may be stored and managed as separated from other users' personal data.
- ② SEM notifies users of the fact that their personal data will be destroyed, the expiration date of the one-year period, and items of personal data to be destroyed 30 days before the destruction of the personal data in types of notification available to users, as by e-mail or text message.
Article 9 (Personal Data Security Securement Measures)
- ① SEM takes the following measures to help ensure the safety of personal data:
- 1. Establishment and implementation of an internal management plan
SEM establishes and implements an internal management plan for the secure processing of personal data.
- 2. Minimization and training of the persons who handle personal data
SEM manages personal data by designating and minimizing the persons who handle personal data, and conducts regular training for the employees who handle personal data.
- 3. Restriction of access to personal data
SEM takes necessary measures to control access to personal data through granting, changing, and cancelling access to the database system that processes personal data, and controls unauthorized access from the outside using the intrusion prevention system.
- 4. Recordkeeping of access logs and prevention of forgery
Records relating to access to the personal data processing system (web log, summarized data, etc.) are kept and managed in accordance with relevant laws, and security functions are used to prevent forgery, theft, and loss of access records.
- 5. Encryption of personal data
- 6. Technical countermeasures against hacking, etc.
In order to prevent personal data leakage and damage caused by hacking or computer virus, etc., SEM installs security programs, conducts periodical updates and inspections, installs systems in areas where access from the outside is controlled, and performs monitoring and blocking technically and physically. In addition, SEM has implemented tools to not only conduct monitoring of network traffic but also detect attempts to illegally alter data, etc.
- 7. Control of access against unauthorized persons
SEM has a separate physical storage place for the personal data system where personal data is kept, and establishes and operates the access control procedure.
- 1. Establishment and implementation of an internal management plan
Article 10 (Matters Concerning Installation, Operation and Refusal of Automatic Personal Data Collection Device)
- ② Cookies are a small amount of data that the server which is used to run the system sends to the user’s computer browser, and are stored on the hard disk on the user’s computer.
- 1. Purpose of using cookies : to check user errors and prevent illegal use by identifying visiting records and security access
2. Installation, operation and refusal of cookies
- ▶ Internet Explorer web browser : You can refuse to store cookies by setting options at [Tools] on the top > [Internet Options] > [Personal Data] menus.
- ▶ Chrome web browser : You can refuse to store cookies by setting [Setting] in the upper-right corner > [Personal Data and Security] > [Cookies and Site Data].
- 3. If you refuse to accept cookies, certain aspects of the provision of services may be difficult.
Article 11 (Matters concerning the Collection, Use, and Rejection of Behavioral Data)
SEM does not collect, use, or provide behavioral data for customized online advertisements.
Article 12 (Person in Charge of Personal Data Protection)
① The SEM designates the person in charge of personal data protection as follows in order to protect personal data and handle complaints relating to personal data.
The SEM designates the person in charge of personal data protection as follows in order to protect personal data and handle complaints relating to personal data Classification Manager/Department Contact Information Personal Data Protection Officer Legal Team Leader Phone number : +82-31-210-5114
Email : email@example.com
※ It is connected to the personal data protection department.
Personal Data Protection Division Personal Data Protection Secretariat,
Phone number : +82-31-210-5114
Email : firstname.lastname@example.org
- ② The Data Subject may contact the person in charge of personal data protection and the department with respect to all inquiries relating to personal data protection, handling of complaints, remedy, etc. that have occurred while using SEM’s service (or business). SEM will answer and deal with the Data Subject’s inquiries without delay.
Article 13 (Request for Access to Personal Data)
① The data subject may make a request for access to personal data to the following department under Article 35 of the Personal Information Protection Act. SEM will try to promptly handle the data subject’s request for access to personal data.
The Data Subject may make a request for access to personal data to the following department under Article 35 of the Personal Data Protection Act. SEM will try to swiftly handle the Data Subject’s request for access to personal data. Description Name of Department Contact Information Department of receiving and handling request for access to personal data Personal Data Protection Office Phone number : +82-31-210-5114
Email : email@example.com
Article 14 (Remedies for Infringement on Rights and Interests)
The data subject may contact the following institutions to inquire about damage relief, etc. in relation to personal data infringement. The following institutions are independent from SEM, you can contact if you are not satisfied with SEM’s own handling of personal data complaints or damage relief results, or if you need further assistance, please contact them.
For Consumers Residing in California
Article 1 (Collection, Use, and Disclosure of Personal data)
The chart below describes the categories of personal data that SEM collects, as well as the categories of third parties to whom we may disclose each category of personal data for our business purposes (as described below). SEM does not “sell” personal information or “share” personal information for cross-context behavioral advertising (as those terms are defined under applicable law). We do not use your sensitive personal data for purposes other than permitted under applicable local law.
|Categories of personal data||Categories of third parties to whom we may disclose personal data for a business purpose|
|Identifiers, such as name, phone number, email address, telephone number, postal address, date of birth, IP address, or similar identifier.||
|Professional or employment-related information, such as your professional contact information, company/organization, department, team name, company ID, current position, job title, employment status and type, employment area, country recruited, education information, and any other information provided in your resume or CV.||
|Internet and other electronic network activity, such as your browser type and operating system, IP address, browsing history, clickstream data, search history, and information regarding your interaction with an internet website, application, email, or newsletter, including access logs and other activity information related to your use of our site; the length of time you visit the site; and the referring URL, or the website that led you to our site.||
|Inferences, drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, behavior, attitudes, intelligence, abilities, and aptitudes.||
① Categories of Sources of Personal Data: SEM may have collected the categories of personal data described above about you from the following categories of sources:
- • From you, or your device, for example, through your use of our services; and
- • SEM’s affiliated companies which provide services on SEM’s behalf, such as web site operation support.
- • Performing services, including providing customer service, verifying customer information, providing analytics services, or providing similar services;
- • Auditing, auditing compliance, short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business;
- • Helping to ensure the security and integrity of the service;
- • Debugging to identify and repair errors that impair existing intended functionality;
- • Undertaking internal research for technological development and demonstration; and
- • Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
Article 2 (Data Retention)
Article 3 (Consumer Rights)
Subject to certain exceptions, you may have the right to make the following requests with respect to your personal data, at no charge:
① Right to Know: You may have the right to request that SEM disclose personal data that SEM has collected, sold, or shared about you in the past 12 months, including:
- • the categories and specific pieces of personal data SEM has collected about you;
- • the categories of sources from which SEM collected the personal data;
- • the categories of personal data about you that SEM sold or disclosed for a business purpose, and the categories of third parties to whom SEM sold or disclosed that information for a business purpose.
- • the business or commercial purpose for which SEM collected or sold the personal data;
- ② Right to Data Portability: You may have the right to request that personal data that has been collected and maintained about you be transferred to you via a secure method in a commonly used electronic format that allows you to transmit this data to another entity without hinderance.
- ③ Right to Correct: You may have the right to requestion the correction of inaccurate or incomplete personal data that SEM has collected about you.
- ④ Right to Delete: You may have the right to request that SEM delete the personal data SEM has collected about you.
- ⑤ Non-Discrimination: SEM will not discriminate against you for exercising your rights and choices.
⑥ Other California Rights:
- • Do Not Track: Some web browsers transmit “do-not-track” signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. SEM currently does not take action in response to these signals.
To exercise your rights under applicable local law or if you are an authorized agent submitting a request on behalf of an individual under applicable local law, you may contact us at firstname.lastname@example.org click here to submit a request through email@example.com. SEM may require that you or your authorized agent provide us with your e-mail address for verification purposes. When SEM receives your request, SEM will review the information that you or your authorized agent provide and attempt to use it to verify your identity and residency by comparing it against the information SEM has on file. In addition, SEM may request information to demonstrate the agent’s authority to act on your behalf.
Article 4 (Other Topics)
Contact Information: You can contact us by contacting at firstname.lastname@example.org.
Last Updated: [July 01, 2023]