Personal Information Management Policy

Personal Information Management Policy

Samsung SDI will cherish your information and Samsung SDI`s Personal Information Management Policy contains the following contents.

Date: April 1, 2020 (V9.0)

Samsung SDI Co., Ltd. (hereinafter referred to as ‘The Company`) protects the personal information and interests of customers, visitors, etc. in accordance with the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection.
In addition, we are preparing the following personal information management policy so that we can handle users' complaints related to personal information smoothly.

1. Personal information items for collection and purposes of processing

1) The company collects and uses the following personal information solely for the specified purposes.

  • List of information (required and optional) and purposes for collection
Category, Items for collection, Purpose
Category Items for collection Purpose
Category Homepage Items for collection
  • Cookies
Purpose Use only for 'Do not see only one day' function in pop-up window
Category Business sites Items for collection
  • Business visit
    [Required items] Name, Date of birth, Mobile phone number, Smartphone OS, Nationality, ID, Password, Company name, Business registration number, Email address, Cookies, Entrance/exit records
    [Optional items] Departmant name, Job grade
  • Issuance of a pass
    [Required items] Name, Name in English, Date of birth, Gender, Company name, Mobile phone number, Entrance/exit/meal records
    [Optional items] Photo, Job grade, Company address, Company phone number, Business registration number
  • CCTV
    Entry/Moving video information in business sites
Purpose Operation related to security and safety
  • Collection method
    - Homepage : Automatic collection using automatic information collection device(automatic generation information collection tools)
    - Business sites : Collect information of customers, visitors, etc. from the Visitor Management System (V-PASS), Collect in such a way that employees who need long-term access, such as partner employees, fill in the company related form directly, Automatic collection of access and meal records through access management system, Automatic Image Information Collection Using CCTV.

2) The collected personal information will not be used for any purposes other than the above. If the purpose of use changes, necessary actions will be taken such as collecting a separate agreement from employees according to related laws.

3) The users have the right to refuse the collection and use of their personal information that are not permitted by the law. However, refusal may interrupt the company’s provision of any services.

2. Personal information process and retention period

1) The company processes and retains users’ personal information only within the process and retention period, as agreed by employees upon collection of personal information or under relevant laws.

2) The process and retention period of the personal information collected from and agreed by users is as below.

Classification, Retention
Classification Retention
Classification Required information Personal information inevitably collected and used for compliance with a special regulation or fulfilment of a legal obligation. Retention Until achievement of the goal
Classification Required information Personal information inevitably collected and used for conclusion and implementation of an employment contract. Retention Until achievement of the goal
Classification Optional information Personal information collected and used with prior consent of an employee. Retention Until achievement of the goal

3) The process and retention period of the personal information collected under the law is as below.

Retained items, Retention period, Legal grounds
Retained items Retention period Legal grounds
Retained items Consumer complaints or dispute settlement records Retention period 3 years Legal grounds Laws related to consumer protection in e-commerce
Retained items Display/advertisement records Retention period 6 months Legal grounds Laws related to consumer protection in e-commerce
Retained items Contract or subscription withdrawal records Retention period 5 years Legal grounds Laws related to consumer protection in e-commerce
Retained items Supply records including payment and goods 5 years Legal grounds Laws related to consumer protection in e-commerce
Retained items Electronic financial transaction history Retention period 5 years Legal grounds Electronic Financial Transactions Act
Retained items Website visit history Retention period 3 months Legal grounds Protection of Communications Secrets Act
Retained items Collection/process and use of credit information Retention period 3 years Legal grounds Laws related to the use and protection of credit information
3. Provision of personal information to a third party
  • 1) The company does not provide users’ personal information to an external party or a third party without consent of the user.
  • 2) In the following cases however, personal information may be provided to a third party without prior consent of the user.
    • If provision of the information is inevitable to comply with special regulations or statutory obligations.
    • If the owner of the information or its legal representative is unable to make an expression of intention or is unable to express prior content due to unknown address, and if such information is clearly deemed urgent and necessary for the life, body and property of the information owner or a third party.
    • If provision of the information is required by law or investigative authorities for investigative purposes under relevant laws.
Destination, Providing item, Purpose, Providing period
Destination Providing item Purpose Providing period
Destination - Providing item - Purpose - Providing period -
4. Consignment of personal information processing

1) The company consigns the following personal information processing tasks to external companies for smooth personal information business processing.

Category, Trustee, Business contents to entrust
Category Trustee Business contents to entrust
Direct consignment Trustee S1, Estec system Business contents to entrust Access and video information processing of customers, visitors, and partner employees
Trustee S1 Business contents to entrust Operation, improvement, and maintenance of the visitor management system(V-PASS)
Re-consignment Trustee [S1] Samsung SDS Business contents to entrust Maintenance of Hardware and Network in Visitor Management System(V-PASS)
Trustee [S1] HumanTSS, Estec system Business contents to entrust Access and video information processing of customers, visitors, and partner employees
Trustee [S1] Nice Informatin Service Business contents to entrust Identity authentication using Mobile communication company information and mobile phone number provided to the visitor management system(V-PASS)

2) The company prohibits strictly defines and manages technical/administrative protection measures, safety assurance measures, re-entrustment restrictions, management and supervision of trustees, confidentiality and liabilities to protect personal information processed through consignments.

3) If any changes in the consigning company or commissioned tasks occur, the company posts such changes on the company bulletin board without delay.

5. Rights, obligations and exercing methods of users and legal representatives
  • 1) Users who provide personal information may exercise the following rights to the company at any time
    • Need to view personal information
    • If there is an error, correction request
    • Deletetion request
    • Processing stop request
  • 2) The exercise of rights under paragraph (1) can be done in writing, telephone, e-mail, etc. to the company, and the company will take action without delay.
  • 3) If the user requests correction of errors in personal information or deletion of personal information, the company does not use or provide that personal information until the correction or deletion is completed.
  • 4) The exercise of rights under paragraph (1) can be done through the agent, such as the legal representative of the user or the person who has been delegated. In this case, you must submit a letter of attorney in accordance with Appendix 11 of the Enforcement Rule of the Personal Information Protection Act.
  • 5) The user shall not infringe on the personal information and privacy of the user himself / herself or other person under the management of the company in order to comply with related statutes such as the Personal Information Protection Act.
  • 6) The company is seeking the consent of the legal representative in case of the need to collect personal information of children under the age of 14 to provide services.
6. Deletion of personal information
  • 1) The company shall delete the relevant personal information without delay by the following procedures and methods if the period of personal information is elapsed and the purpose of processing is achieved.
    • Deletion procedure
      Measures for destruction or deletion after being stored for a certain period in accordance with internal policies and other related statutes
    • Deletion method
      Personal information recorded in a paper document is scraped or incinerated by a grinder, and personal information stored in the form of an electronic file is deleted by a method that can not be recorded or restored.
  • 2) If the personal information held by the user has expired or the purpose of processing has been achieved, the personal information must be kept in accordance with other statutes.
7. Measures to ensure the safety of personal information
  • 1) The company is securing stability by taking the following administrative technical protection measures so that the personal information it handles is not lost, stolen, leaked, modulated or damaged.
    • Administrative measures
      Guidelines for information security regulations and internal management plans for personal information, compliance, inspection, education, etc.
    • Technical measures
      Management / authentication of access rights such as personal information processing system, installation / operation of access control system and security program, encryption of personal information, etc.
    • Physical action
      Establishment & operation of access control of computer room and personal information storage room, Protection measures for printing and copy.
8. Matters concerning the installation, operation and rejection of an automatic personal information collection device
  • 1) The company operates a 'cookie' that stores and finds users' information from time to time. Cookie is a very small text file sent by the server used to run the company ’ s website to the user ’ s web browser, which is stored on the user ’ s computer hard disk.
  • 2) The purpose of using cookies and the method of denying setting are as follows.
    • Purpose of use such as cookies
      Implementation of automatic login function, personal customization service such as “no more pop-up today”
    • Rejecting method of cookie setting
      Users can also use Web browser option settings to allow all cookies, go through confirmation every time cookies are saved, or refuse to save all cookies.
      However, if the user refuses to install the cookie, it may be difficult to provide the service.
9. Personal Information Protection Management Department

1) The company is responsible for the management of personal information and operates a personal information protection management department as follows to deal with the grievances of users related to personal information.

Protection Officer, Customer service department
Protection Officer Customer service department
Protection Officer SMART IT Team Leader Customer service department Information Security Group
(031-8006-3502 / s-report@samsung.com)

2) If you ask about the user's personal information protection, complaint handling, damage relief, etc., we will reply and process it without delay.

10. Method for compensatinng for performing perference of persoanl information and revention for inpension of rights.

1) Users can request access to personal information protection manager. We will try to handle it quickly when I ask for inspection.

2) You can contact the following agencies for reports, damage relief, and counseling on user's personal information infringement.

  • Personal Information Violation Report Center
    (http://Privacy.kisa.or.kr, Tel.118)
  • Supreme Public Prosecutor's Office Cyber Investigation Department
    (http://www.spo.go.kr, Tel.1301)
  • National Police Agency Cyber Safety Bureau
    (http://www.police.go.kr/www/security/cyber.jsp, Tel.182)
11. History of changes in personal information management policies

1) This personal information management policy (V9.0) applies from April 1, 2020.

2) The revision of the personal information management policy is as follows.

Protection Officer, Customer service department
Ver Revision date Revision details
Ver V9.0 Revision date 2020.03.02 Revision details Change the items and methods of collecting personal information and the service department
Ver V8.0 Revision date 2019.04.25 Revision details Change the items and methods of collecting personal information and person in charnge of protection
Ver V7.0 Revision date 2018.05.23 Revision details Change the items and periods of collecting personal information and person in charnge of protection
Ver V6.0 Revision date 2017.03.15 Revision details Integration of management policy and treatment policy into management policy
Ver V5.0 Revision date 2016.02.12 Revision details Change the person in charnge of protection
Ver V4.0 Revision date 2015.08.24 Revision details Separation into management policy and treatment policy
Ver V3.0 Revision date 2013.07.25 Revision details Modification of management/treatment policy
Ver V2.0 Revision date 2011.09.30 Revision details Integration into management/treatment policy
Ver V1.0 Revision date 2007.10.22 Revision details Enactment of personal information treatment policy