HD Hyundai Construction Equipment will become a sharing company
that pays attention to a small voice of the customer.
01. Personal information items to collect
We collect the personal information of customers, prospective customers, and stakeholders as follows.
Required item: E-mail
Optional items: name, mobile phone number, phone number (home or work), address
Collection method: Contact us > 1:1 inquiry
02. Matters concerning the consignment of personal information processing
The company uses the collected personal information for the following purposes.
Handling grievances and complaints
Marketing or advertisement
Service provision and fee payment
03. Personal information retention and use period
The company will destroy personal information without delay once the purpose of collecting and using personal information is obtained.
However, the following information will be retained for a specified period of time due to the following reasons.
Items to retain: Name, email, mobile phone number, address
Grounds for retention: Company’s internal management regulations
Retention period: 3 years
04. Reading, correcting, and deleting personal information
Users may request for viewing, correction of errors, and deletion of their personal information held by the company at any time, and the company is obligated to take necessary actions.
If a user requests the correction of an error, the company will not use the personal information concerned until the error is corrected. Also, if customer information is deleted due to the customer’s request, it will not be retained anymore.
Customers can request deletion by e-mail, fax, or phone.
05. Personal information destruction procedure and method
As a rule, the company will destroy personal information without delay once the purpose of collecting and using personal information is obtained.
The procedure and method of personal information destruction are as follows.
- *Destruction procedure
The information customers have entered will be transferred to a separate database (separate document folder in case of paper) after the purpose is achieved, and destroyed after saving for a certain period of time according to the internal policy and other relevant laws. (See retention and use period.) The personal information transferred to a separate database will not be used for any purpose other than retention unless otherwise required by law.
- *Destruction method
The personal information stored in the form of electronic files will be deleted using a technical method that the record cannot be restored.
Records, printing materials, documents, or other recording media other than those in the form of electronic files will be destroyed by shredding or incineration.
06. Measures to secure the safety of personal information
When handling the personal information of the information owner, the company takes following actions to secure the safety of user's personal information, so that personal information is not lost, stolen, leaked, altered, or distorted.
- A. Establishment and implementation of an internal management plan
The company establishes and implements an internal management plan in accordance with the “standard for ensuring the safety of personal information”.
- B. Minimization of the person in charge of personal information handling and their training
The company employee related to personal information handling is limited to the person in charge only. For this purpose, a separate password is given and update on a regular basis. Also, compliance with the privacy policy is always emphasized by training the person in charge frequently.
- C. Restriction of access to personal information
The company takes necessary actions to control access to personal information by granting, changing, or canceling access rights to the database system that processes personal information, and the personal information handler uses a VPN (virtual private network) when accessing the personal information processing system from the outside.
- D. Storing access records and preventing forgery and alteration
The company stores and manages records of access to the personal information processing system (web logs, etc.) for at least 6 months and use security functions to prevent the records from forged/altered, stolen, or lost.
- E. Encryption of personal information
The personal information of the information owner is stored and managed after encryption. The company also uses separate security functions such as the encryption of important data during storage and transmission.
- F. Countermeasures against hacking, etc.
- 1) The company is doing its best to prevent the personal information of the member from being leaked or damaged by hacking or computer viruses.
- 2) The company backs up personal information frequently to cope with damage, and prevents the leakage or damage of personal information of the information owner using the latest anti-virus program, and ensures safe personal information transmission on the network using encrypted communications.
- 3) The company also controls unauthorized access from outside using the intrusion prevention system and endeavors to be equipped with all possible technical devices to secure security systematically.
- G. Access control of unauthorized persons
The company prepares a separate physical place for the personal information system that stores personal information, and establishes and operates the access control procedure for the place.
- H. Password encryption
As the password is encrypted for storage and management, only the information owner knows the password. As a result, only the information owner who knows the password can check or modify the personal information.
- I. Operation of the personal information protection organization
The company operates the personal information protection organization in the company to check the implementation of the company privacy policy and compliance status of the person in charge. If any problem is found, the company tries to correct it immediately.
However, the company bears any responsibilities for the problem that occurred due to a personal information leak, such as the ID, password, and resident registration number, which was caused by the carelessness of the information owner or problems with the Internet.
07. Matters concerning the installation, operation, and rejection of automatic personal information collection devices
Currently, the company does not operate devices that collect personal information automatically generated when using services such as the cookie. However, the company may install and operate an automatic collection device, if it is necessary for providing the service in the future. In this case, the information owner may have an option of installing cookies or refuse to store any cookies.
- A. What is a cookie?
The company uses a 'cookie’ to save and retrieve the users information frequently, in order to provide the personalized and customized service. The cookie is a small text file that is sent to the users browser by the server, which is used to run the web site. The cookie is stored in the user’s computer hard disk. When the information owner visits the web site again, the web site server reads the contents of the cookie stored in the information owner’s hard disk and uses it to keep information owner’s environment setting and provide customized service. The cookie does not collect the personally identifiable information automatically or actively, and the information owner can reject the saving of the cookie or delete the saved cookie at any time.
- B. Purpose of using cookies by the company
Currently, the company does not use cookies. However, the company may use the cookies to maintain the environment setting of the information owner in the future and to provide customized services.
- Cookie installation· operation and rejection
The information owner has an option on cookie installation. Therefore, the information owner can allow all cookies, or confirm each time the cookie is saved, or reject the saving of all cookies by setting an option in the web browser.
- 1) Select [Internet Options] from the [Tools] menu.
- 2) Click the [Privacy] tab.
- 3) Change privacy settings .
08. Rights and obligations of the information owner and how to exercise
The information owner may exercise the following rights.
- A. Request to access personal information
The information owner may request access to his/her personal information held by the company at any time in accordance with Article 35 of the Personal Information Protection Act (Access to Personal Information).
However, the company may restrict access in the following cases.- 1) When access is prohibited or restricted by law.
- 2) When there is a risk of harming the life or body of another person, or when there is a risk of unfairly infringing on the property and other interests of another person.
- B. Request to rectify or erase personal information
The information owner may request the rectification or erasure of his/her personal information held by the company in accordance with Article 36 of the Personal Information Protection Act (Rectification or Erasure of Personal Information). However, if other laws stipulates the collection of the personal information concerned, the information owner cannot request to rectify or erase it.
- C. Request to suspend personal information processing
The information owner may request the suspension of processing his/her personal information held by the company in accordance with Article 37 of the Personal Information Protection Act (Suspension of Processing of Personal Information). However, the company may refuse to suspend processing in the following cases.
When there is a special provision in the law or it is inevitable to comply with legal obligations.
When there is a risk of harming the life or body of another person, or when there is a risk of unfairly infringing on the property and other interests of another person.
When it is difficult to fulfill the contract, such as failure to provide the service agreed with the information owner if personal information is not processed, and the information owner does not clearly express the will of terminating the contract. - D. Others
- 1) If the information owner has requested to rectify or erase an error in his/her personal information, the company does not use or provide the personal information in question until rectification or erase is completed. In addition, if wrong personal information has been already provided to a third party, the rectification or erasure result will be notified to the third party immediately so that rectification can be made.
- 2) The company processes the personal information that has been canceled or deleted by the request of the information owner or legal representative as stipulated in the retention and use period clause, and ensure that it cannot be accessed or used for any other purposes.
09. Matters concerning the consignment of personal information processing
When signing an consignment agreement with a third party, the company specifies the prohibition of personal information processing for the purpose other than entrusted business, technical/administrative protection measures, restriction on re-entrusting, management/supervision of the trustee, and responsibility for compensation for damages in a contract document; and checks whether the trustee processes the personal Information safely, in accordance with Article 25, Personal Information Protection Act.
10. Civil petition service for personal information
The company designates the following related team and privacy manager to protect customer personal information and handle complaints related to personal information.
| Item | Privacy Manager | Privacy Department |
|---|---|---|
| Team/Title | People&Culture Team/Team Leader | People&Culture Team / Senior officer |
| Name | Jung, Seungho | Ha, Junwoo |
| Contact Number | +82-2-479-7751 | +82-2-479-7576 |
| E-mail address | seungho.jung@hd.com | junwoo.ha@hd.com |
| Business hours | (Mon~Fri) 08:00 ~ 17:00 / (closed on Saturdays, Sundays and national holidays) | |
Please report any inconvenience relating privacy to privacy manager or the department.
Your report will be answered quickly with the company's full response.
If you want to report or consult about personal information infringement, you can consult the following organizations.- Personal Information Dispute Mediation Committee
(http://www.1336.or.kr, phone 1336) - Online Privacy Association
(http://www.eprivacy.or.kr, phone 02-580-0533) - Department of Cyber Crime of Prosecution Service
(http://www.spo.go.kr, phone 02-3480-3573) - Korean National Police Agency Cyber Bureau
(https://cyberbureau.police.go.kr/, phone 02-392-0330)
- Personal Information Dispute Mediation Committee