본문 바로가기

Hyundai E&C Privacy Policy (Ver.9)

Key Personal Data Processing Disclosure (Labeling)

The Company strives to provide its privacy policy in an easily understandable manner to actively ensure the rights of users. To actively guarantee users’ rights (the right to self-determination of personal data), the Company provides relevant information in an easy-to-understand labeling format.

  • Personal Data Collected

    Personal Data Collected

    ① Online (website, mobile), consultation board, e-mail
    ② Collection through generated data collection tools

    For more information, please refer to the Privacy Policy below.
  • Purpose of Personal Data Processing

    Purpose of Personal Data Processing

    ① Customer inquiries: personal identification and authentication, prevention of fraudulent use by problematic customers, record-keeping for dispute settlement, handling of complaints including grievances, etc.
    ② Newsletter: subscription and cancellation of newsletter, sending newsletters to subscribers

    For more information, please refer to the Privacy Policy below.
  • Outsourcing of Personal Data Processing

    Outsourcing of Personal Data Processing

    The Company outsources part of its personal data processing to outside entity and manages and supervises the compliance of the outsourced company with personal data protection laws and regulations, including restricting the outsourced company from processing personal data for purposes other than those for which it was outsourced, applying technical and administrative protection measures, and restricting sub-outsourcing.

    For more information, please refer to the Privacy Policy below.
  • Provision of Personal Data to Third Parties

    Provision of Personal Data to Third Parties

    In principle, the Company processes the user's personal data within the scope specified in Article 1 (Purpose of Processing Personal Data) and provides personal data to third parties only with consent of the data subject or in accordance with special provisions of the law.

    For more information, please refer to the Privacy Policy below.
  • Exercise of
    Rights

    Exercise of Rights

    The Company guarantees the rights and obligations of data subjects in the processing of personal data. Users may view or modify their personal data, withdraw their consent to its collection, use and provision, or request to cancel their subscription. For more information, please see the Privacy Policy below.

    For more information, please refer to the Privacy Policy below.
  • Handling of Grievances

    Handling of Grievances

    For inquiries, complaints, suggestions, or other matters related to personal information protection, please contact the responsible department and it will review your message and provide a response. Please refer to the Privacy Policy below for the relevant departments and their contact information.

    For more information, please refer to the Privacy Policy below.
  • Article 1 (Purpose of Processing Personal Data)

    The Company processes personal data for the following purposes. The personal data processed shall not be used for purposes other than the following, and in case of a change of the purpose of use, necessary measures such as obtaining a separate consent shall be implemented.

    1. 1. Customer Inquiries: personal identification and authentication, prevention of fraudulent use by problematic customers, record-keeping for dispute resolution, handling complaints including grievances, delivery of notifications, verification of intent to delete written posts
    2. 2. Newsletter: subscription and cancellation of newsletter, sending newsletters to subscribers.
  • Article 2 (Processing and Retention Period of Personal Data)

    The Company processes and retains personal data within the personal data retention and use period agreed upon when collecting personal data from the data subject or within the personal data retention and use period stipulated by laws and regulations.

    1. 1.The Company processes and retains personal data within the personal data retention and use period agreed upon when collecting personal data from the data subject as following:
    1. Customer inquiries
    2. Inquiry registrant: destroyed 3 years after the date of inquiry received
    3. Newsletter
    4. Newsletter cancellation requester: destroyed without delay (within 5 days) upon cancellation request
    1. 2.The Company processes and retains personal data for a certain period in accordance with the relevant laws and regulations in the following cases:
    1. If an investigation or inquiry is ongoing due to a violation of related laws, personal data will be retained until the investigation or inquiry is concluded.
    2. If there are outstanding debts or credits arising from the use of the website, personal data will be retained until the settlement of such debts or credits.
    3. Records related to displays and advertisements: 6 months (under the Act on the Consumer Protection in Electronic Commerce, etc.)
    4. Records related to contracts or withdrawal of subscriptions: 5 years (under the Act on the Consumer Protection in Electronic Commerce, etc.)
    5. Records related to payment and supply of goods: 5 years (under the Act on the Consumer Protection in Electronic Commerce, etc.)
    6. Records related to consumer complaints or dispute resolution: 3 years (under the Act on the Consumer Protection in Electronic Commerce, etc.)
    7. Data contained in commercial books and important documents on business: 10 years (under the Commercial Act)
    8. Data related to transaction history and supporting documents: 5 years (under the Framework Act on National Taxes, Corporate Tax Act)
    9. The date of telecommunications by subscribers, the time that the telecommunications commence and end, the subscriber number of the other party, frequency of use: 1 year (under the Protection of Communications Secrets Act)
    10. Data on computer communications, internet log records, and tracking data: 3 months (under the Protection of Communications Secrets Act)
  • Article 3 (Provision of Personal Data to Third Parties)

    The Company, in principle, processes the personal data of data subjects within the scope specified in Article 1 (Purpose of Processing Personal Data). The Company only provides personal data to third parties in cases that fall under Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the data subject or under special legal provisions. Outside of these cases, the Company shall not provide the personal data of data subjects to third parties.

  • Article 4 (Outsourcing of Personal Data Processing)
    1. 1.The Company outsources personal data processing tasks as follows to ensure smooth handling of personal data operations.
    1. Outsourced Entity Outsourced Operation Items of Personal Information Provided Retention and Usage Period
      Hyundai AutoEver Server/system management Personal data specified in Article 6 Pursuant to the retention period for each item specified in Article 2
      Hyosung ITX Inc. To respond to customer inquiries Name, contact information, e-mail, inquiry contents and attachments 3 Years
    1. 2.When the Company enters into an outsourcing contract, it specifies in the contract or other written documents the prohibition of personal information processing for purposes other than the outsourced tasks, technical, managerial, and physical protection measures, restrictions on sub-outsourcing, management and supervision of the subcontractor, and liability for damages. The Company also supervises the subcontractor to ensure they handle personal information securely.
    2. 3.If the content of the outsourced tasks or the subcontractor changes, the Company shall promptly inform the data subjects and disclose the changes through the privacy policy.
  • Article 5 (Rights and Obligations of Data Subjects and Legal Representatives and Methods of Exercise)
    1. 1.Data subjects have the right to request access, correction, deletion, or suspension of processing of their personal data at any time.
    2. 2.The rights described in paragraph 1 may be exercised in writing, via email, or fax in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company shall respond without delay.
    3. 3.The rights specified in paragraph 1 may also be exercised through a legal representative or a delegated person of the data subject. In this case, a power of attorney using Appendix Form No. 11 of the “Notice on Personal Data Processing Methods (No. 2023-12)” must be submitted.
    4. 4.Requests for access to and suspension of processing of personal data may be restricted under Article 35, Paragraph 4 and Article 37, Paragraph 2
    5. 5.A request for correction or deletion of personal data cannot be made if the personal data is designated for collection under another law.
    6. 6.The Company shall verify whether the person making the request for access, correction, deletion, or suspension of processing in accordance with the rights of the data subject is the person or his/her authorized representative.
  • Article 6 (Items of Personal Data Processed)

    The Company processes the following personal information items.

    1. Customer inquiries
    2. Required information: name, contact information, email, inquiry details and attachments
    3. Newsletters
    4. Required information: name, email, category
  • Article 7 (Methods of Collecting Personal Data)

    The Company collects personal data in the following ways.

    1. Online (website, mobile) consultation boards, emails, Contact(Phone)
  • Article 8 (Destruction of Personal Data)
    1. 1.The Company shall destroy the personal information without delay when the personal data become unnecessary, such as the expiration of the personal data retention period or the achievement of the purpose of processing.
    2. 2.When the retention period for personal data, as consented to by the data subject, has expired, or the processing purpose has been achieved, but the personal data must continue to be retained in accordance with other laws, the Company shall transfer the personal data to a separate database (DB) or store it in a different location.
    3. 3.The procedure and method for the destruction of personal data are as follows:
    1. Destruction Procedure
    2. The Company identifies the personal data that needs to be destroyed and proceeds with its destruction upon approval from the Company’s Chief Privacy Officer.
    3. Destruction Method
    4. For personal data recorded and stored in electronic file format, the Company shall use methods such as Low Level Format to ensure the records are unrecoverable. For personal data recorded and stored in paper documents, the Company shall destroy it by shredding with a shredder or incineration.
  • Article 9 (Measures to Ensure the Security of Personal Data)

    The Company implements the following administrative, technical, and physical measures necessary to ensure the security of personal data, in accordance with Article 29 of the Personal Information Protection Act, to prevent the loss, theft, leakage, alteration, or damage of personal data. However, the Company takes no responsibility for any issues arising from the negligence of customers or data subjects, or from problems on the internet.

    1. 1. Development and Implementation of an Internal Management Plan
    2. The Company’s internal management plan is established and implemented in accordance with the internal guidelines of the Ministry of the Interior and Safety.
    3. 2. Minimization and Training of Personal Data Handlers
    4. The Company designates a minimal number of staff to handle personal data and implements personal data protection education and management measures.
    5. 3. Restriction of Access to Personal Data
    6. The Company takes necessary measures to control access to personal data by granting, modifying, and deleting access rights to the database system processing personal data, and uses intrusion prevention systems to control unauthorized access from outside.
    7. 4. Retention and Prevention of Tampering with Access Records
    8. The Company retains and manages records of access to the personal data processing system (web logs, summary data, etc.) for at least one year, and uses security features to prevent tampering, theft, or loss of access records.
    9. 5. Encryption of Personal Data
    10. Personal data of data subjects, such as passwords, is stored and managed in encrypted form, ensuring that only the data subject knows it. Important data is protected by encrypting files and transmission data or using file locking features.
    11. 6. Technical Measures Against Hacking, etc.
    12. To prevent the leakage and damage of personal data caused by hacking or computer viruses, the Company installs security programs, performs regular updates and inspections, and installs systems in areas with restricted external access, and also monitors and blocks such attempts both technically and physically. Additionally, network traffic monitoring is in place to detect attempts at illegally altering data.
    13. 7. Access Control for Unauthorized Personnel
    14. The Company has a separate physical storage location for personal data systems that store personal data and establishes and operates access control procedures for this location. Furthermore, papers and backup storage media that include personal information are kept in a safe place with locks.
  • Article 10 (Installation, Operation, and Refusal of Automated Personal Data Collection Devices)
    1. 1.The Company does not install or operate any device that automatically collects personal information, including “cookies”.
  • Article 11 (Installation and Operation of Image Data Processing Devices)

    The Company installs and operates image data processing devices as follows:

    1. 1. Purpose of Installing Image Data Processing Devices
    1. Ensuring facility safety and fire prevention
    2. Ensuring customer safety, protecting the workplace, and preventing crimes such as theft
    3. Preventing unauthorized intrusion by non-authorized personnel within the workplace
    1. 2. Number of Installations, Installation Locations, and Imaging Scope
    2. In accordance with relevant laws and regulations, the Company installs and operates image data processing devices after reviewing their suitability in the following locations.
    3. Main entrances where personnel and vehicles enter and exit the premises, lobbies, ground/underground parking lots, and other areas and zones where public safety and the protection of trade secrets require security measures
    1. 3. Responsible Departments and Managers
    2. Category Location Purpose Manager Remarks
      Responsible Entity Contact Info.
      Headquarters Gyedong HQ Crime prevention, security Security Management Center 02-746-3116  
      R&D Center Mabuk R&D Center Crime prevention, security R&D Support Team 02-746-0248  
      Site Nationwide on-site offices Crime prevention, security ※ Site Manager (see onsite bulletin board for contact details)  
    1. 4. Recording Time, Retention Period, Storage Location, and Processing Method of Image Data
    2. Recording Time: continuous recording 24 hours a day
    3. Retention Period: at least 30 days from the date of recording
    4. Storage Location and Processing Method: stored and processed in the control room for image data processing devices
    1. 5. Methods and Locations for Viewing Image Data
    2. 1) After contacting the image data manager in advance, viewing the image data is possible at a designated location.
    1. 6. Actions on Requests by Data Subjects to View Image Data, etc.
    2. 1) A request to access personal image data or confirm its existence must be submitted using a request form. Access is granted only if the data subject is the person filmed or if it is clearly necessary to protect the data subject’s life, body, or property.
    3. 2) Hyundai E&C will take immediate action in accordance with the legitimate rights of the data subject when they request to view, store, or delete personal image data. However, requests for processing may be denied in the following cases:
    1. If the storage period of the personal image data has expired and the data has been deleted
    2. If there is a concern about infringing on the privacy of others due to viewing and disclosure of the image data
    3. If it would seriously hinder a criminal investigation, the continuation of a public prosecution, or the proceedings of a trial
    4. If there is any other justifiable reason for the Company to refuse the data subject’s request to access or verify the data
    1. 7. Technical, Administrative, and Physical Measures to Protect Image Data
    2. The Company protects image data through the following measures: establishing an internal management plan, implementing access control and restricting access rights, applying secure storage and transmission technologies for image data, maintaining processing records and preventing tampering or forgery, and installing locking devices and preparing secure storage facilities.
  • Article 12 (Chief Privacy Officer)
    1. 1. The Company has appointed the following Chief Privacy Officer and Privacy Manager to oversee and take responsibility for personal data processing tasks, handle customer complaints, and provide remedies related to personal data processing.
    2. Chief Privacy Officer
    1. Name: Kim Ki-hong
    2. Title: Vice President
    3. Contact: 1577-7755, privacy@hdec.co.kr
    1. Privacy Manager
    1. Organization: Public Relations Group
    2. Name: kim sang-wook
    3. Contact: 1577-7755, sangwook.kim@hdec.co.kr
    1. 2. Customers and data subjects can request any matters related to personal data protection, such as inquiries, complaint handling, damage relief, and requests for access to personal data, arising from the use of the Company’s services (or business). The Company shall respond and handle inquiries from customers and data subjects without delay.
    2. However, emails sent for purposes other than inquiries, complaints, or issues related to personal data protection may not receive a response or be processed. Additionally, unsolicited commercial emails sent without the consent of the responsible officer may be reported to relevant authorities and handled in accordance with Articles 50 to 50-8 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
  • Article 13 (Request for Access to Personal Data)

    The Company operates a department responsible for promptly processing data subjects' requests for access to, modification, deletion, or suspension of processing of personal data.

    1. Department for Receiving and Processing Requests for Access to Personal Data
    1. Department: Public Relations Group
    2. Manager: kim sang-wook
    3. Contact: 1577-7755, sangwook.kim@hdec.co.kr
    4. Working Hours: Weekdays 09:00-17:00
    5. Closed: Saturdays, Sundays, and public holidays
  • Article 14 (Remedies for Infringement of Rights)

    Data subjects may seek dispute resolution or counseling by applying to the Personal Information Infringement Report Center of the Korea Internet & Security Agency, the Personal Information Dispute Mediation Committee, or other relevant organizations to obtain remedies for infringements of personal data. For further reporting or counseling on personal data infringements, please contact the following organizations:

    To seek remedies for personal data breaches, data subjects may apply for dispute resolution or consultation with the Korea Internet & Security Agency's Personal Information Infringement Report Center, the Personal Information Dispute Mediation Committee, or other relevant organizations. For further reporting or consultation on personal data breaches, please contact the organizations listed below.

    1. 1. Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
    1. Scope of Work: Reporting personal data infringement, requesting consultation
    2. Website: privacy.kisa.or.kr
    3. Phone: 118 (no area code required)
    1. 2. Personal Information Dispute Mediation Committee
    1. Scope of Work: Applying for personal data dispute mediation, applying for collective dispute mediation (civil resolution)
    2. Website: www.kopico.go.kr
    3. Phone: 1833-6972 (no area code required)
    1. 3. Supreme Prosecutors’ Office: 1301 (no area code required) www.spo.go.kr
    2. 4. National Police Agency: 182 (no area code required) ecrm.cyber.go.kr
  • Article 15 (Revisions to the Privacy Policy)

    Any additions, deletions, or revisions to the current Privacy Policy will be notified at least 7 days in advance through the “top banner” on the website.

    1. Announcement Date of the Privacy Policy: August 5, 2024
    2. Effective Date of the Privacy Policy: August 12, 2024