• 자동차·자동차부품
    건설
    철강
    서비스

    PRIVACY POLICY

    • PRIVACY POLICY

    Privacy Policy

    Hyundai Advanced Materials Co., Ltd. (hereinafter referred to as the Company) places the utmost importance on protecting users’ personal information and complies with the Personal Information Protection Act and the Personal Information Protection Guidelines established by the Ministry of Information and Communication. Through this Privacy Policy, the Company informs users about the purposes and methods of collecting and using personal information provided by users, as well as the measures taken to protect such information. The Company’s Privacy Policy may be amended in accordance with changes to government laws, guidelines, and the Company’s terms and internal policies. In such cases, the Company will promptly post the changes on its website.

    1. Personal Information Items Collected and Collection Methods

    The Company collects the following personal information from users when they use the service.

    - Items of personal information collected:

    Category

    Details

    Required items

    ① Required information

    Name, e-mail address, phone number (home and/or mobile)

    In addition, the following information may be generated and collected during the service usage process or business processing:

    - Service usage records, access logs

    Personal information collection methods

    • - Personal information is collected when users fill out forms on the website, customer center, recruitment inquiries, and similar processes. 
    • - Personal information may also be collected through tools that generate usage data. 

    ※ The Company provides users with the option to select "Agree" or "Disagree" for each item in the personal information collection and use consent form.

    2. Purpose of Collecting and Using Personal Information

    The Company uses the collected personal information for the following purposes:

    - Items of personal information collected:

    Category

    Details

    ① Required information

    - Identity verification and personal identification for service use
    - Handling complaints and other affairs, and delivering notifications

    3. Retention and Use Period of Personal Information

    The Company destroys personal information without delay once the purpose of collection and use has been fulfilled. However, if the Company is required to retain certain information by relevant laws, such information shall be retained for the legally prescribed period. In such cases, the Company transfers the personal information to a separate database (DB) or store it separately for retention.

    • - Retention period of personal information
    • - Retained items, retention period, legal basis
    • - Records of consumer complaints or dispute resolution: 3 years under the Consumer Protection Act in Electronic Commerce
    • - Records of advertisements and labeling: 6 months under the Consumer Protection Act in Electronic Commerce
    • - User access logs: 6 months under the Protection of Communications Secrets ACT
    4. Procedure and Method of Personal Information Destruction

    The Company, in principle, destroys personal information without delay once the purpose of collection and use has been fulfilled, using the procedures and methods prescribed below.

    Destruction procedure

    User personal information shall be transferred to a separate database (or stored in a separate filing cabinet for paper records) after the purpose has been achieved, and stored for a certain period according to internal policies and other relevant laws regarding information protection (see retention and use period). Personal information transferred to a separate database shall not be used for purposes other than retention unless required by law

    Destruction method

    Personal information stored in electronic file form shall be deleted using technical methods that make record recovery impossible. Personal information printed on paper shall be destroyed by shredding or incineration.

    5. Outsourcing of Collected Personal Information

    The Company outsources the processing of personal information to external specialized service providers as necessary to fulfill the service. Outsourcing of personal information processing is conducted only when required for the execution of each service. When outsourcing personal information processing, the Company clearly defines requirements to ensure the safety of personal information protection, including compliance with personal information protection instructions, confidentiality of personal information, prohibition of third-party provision, liability in case of incidents, outsourcing period, and the return or destruction of personal information after processing completion. The Company supervises the outsourced service providers to ensure the safe handling of personal information. If there are any changes to the service providers or the scope of outsourced tasks, the Company will notify users via website notices (or individual notifications by written communication, email, phone, or text messages).

    6. Provision of Personal Information to Third Parties

    The Company does not, in principle, provide users’ personal information to external parties. However, exceptions apply in the following cases:

    • - When required by law or upon request by investigative authorities in accordance with legally prescribed procedures and methods for investigation purposes
    • - When necessary for fee settlement related to paid services
    • - When personal information is processed into a form that does not identify specific individuals for statistical, academic research, or market research purposes
    • - When users have given prior consent
    7. Rights of Users and Legal Representatives and How to Exercise Them

    Users and their legal representatives may request access, correction, deletion, suspension of processing, or withdrawal of consent regarding the registered personal information of the user or a minor under the age of 14 at any time. The Company may refuse access, correction, or deletion of all or part of the personal information in the following cases:

    • - When access is prohibited or restricted by law
    • - When there is a risk of harm to another person’s life or body, or an unjust infringement of another person’s property or other rights and interests

    If a user requests correction of personal information errors, the Company does not use or provide the relevant personal information to any third party until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, the Company promptly notifies the third party of the correction results. Personal information deleted or suspended at the request of the user or legal representative shall be handled according to the retention and use periods specified in Section 3, “Retention and Use Period of Personal Information,” and shall not be accessed or used for any other purposes. Users are requested to input their personal information accurately and keep it up to date. Users are responsible for any incidents caused by inaccurate information entered and may lose membership if false information, such as identity theft, is provided.
    Users have the right to protect their personal information, and also have the obligation to protect themselves and not infringe on others’ information. Please take care to prevent leakage of your personal information, including passwords, and avoid damaging others’ personal information, including posts. Failure to fulfill these responsibilities and infringing on others’ information and dignity may result in penalties under the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.

    8. Other Policies to Handle Personal Information

    Technical and administrative measures for personal information protection

    The Company shall implement the following technical and administrative measures to ensure the security of users’ personal information and to prevent loss, theft, leakage, alteration, or damage during its handling.

    Establishment and implementation of an internal control protocol

    • - The Company establishes and implements an internal management plan to ensure the secure processing of personal information.
    • - The Company verifies the implementation of personal information protection measures and compliance by responsible personnel through an in-house personal information protection unit and promptly takes corrective actions upon identifying any issues.

    Installation and operation of access control devices

    • - The Company controls unauthorized external access using intrusion prevention systems and strives to implement all possible technical measures to secure system integrity.

    Measures to prevent forgery and tampering of access logs

    • - The Company stores and manages access records of personal information processing systems and uses security functions to prevent forgery or tampering of these records.

    Encryption of personal information

    • - The Company protects users’ personal information with passwords and encrypts files and transmission data or uses file-locking functions for storage and management. It safeguards important data through additional security features.

    Countermeasures against hacking and other threats

    • - The Company takes measures to prevent damage from computer viruses by using antivirus software that is regularly updated and promptly provided upon the emergence of new viruses to prevent personal information breaches.
    • - The Company adopts security devices (SSL) using encryption algorithms to transmit personal information over networks securely.
    • - The Company strengthens security by using intrusion prevention systems and vulnerability analysis systems on each server to prevent hacking and external intrusions.
    • - The Company stores personal information separately from general data on distinct servers.

    Minimization of handling personnel and training

    • - The Company limits access to personal information to personnel who perform direct marketing to users, personal information managers and officers, and others whose job duties necessarily involve handling personal information.
    • - The Company provides regular internal and external training to personnel handling personal information on new security technologies and privacy protection obligations.
    • - The Company prevents information leaks caused by personnel through security pledges signed by all employees upon hiring and establishes internal procedures to audit compliance with personal information protection policies.
    • - The Company stores personal information separately from general data on distinct servers.
    • - The Company ensures secure and thorough handover of personal information handling duties and clarifies responsibilities for any personal information incidents occurring after hiring or termination.
    • - The Company designates data centers and document storage rooms as special protection areas with controlled access.

    Policy on providing links to external websites

    The Company may provide users with links to websites or materials of other companies. However, the Company has no control over third-party websites, materials, products, or services, and therefore cannot be held responsible for or guarantee their usefulness. When users click on links provided by the Company to navigate to other websites, the privacy policies of those websites are not related to the Company. Users are advised to review the privacy policies of the newly visited websites.

    Posting policy

    The Company values users’ posts and makes every effort to protect them from alteration, damage, or deletion. However, the following posts are excluded:

    • - Spam posts 
    • - Posts that damage others’ reputations by spreading false information for defamation
    • - Posts disclosing personal information of others without consent
    • - Posts infringing on the intellectual property rights or other rights of the Company or third parties
    • - Posts unrelated to the topic of the bulletin board

    To promote a positive bulletin board culture, the Company may delete or modify specific parts of posts that disclose others’ personal information without consent by replacing them with symbols or other means. If the content is more suitable for a different bulletin board topic, the Company will indicate the transfer path to prevent misunderstandings. In other cases, posts may be deleted after explicit or individual warnings. Ultimately, all rights and responsibilities related to the posts rest with the individual author. Additionally, voluntarily disclosed information through posts is difficult to protect; therefore, users are advised to carefully consider before making such information public.

    Email collection refusal

    The Company prohibits the unauthorized collection of posted email addresses using email collection programs or other technical devices. Violations of this policy may be subject to penalties under the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.

    Transmission of promotional information

    The Company does not send commercial promotional information against the user’s explicit refusal to receive such messages. If the user consents to receiving product information, newsletters, or similar emails, the Company shall ensure that the following information is clearly presented in the email subject line and body for easy recognition by the user:

    • - The subject line may omit the word “Advertisement,” but shall display the main content of the email.
    • - The email body shall include the sender’s name, email address, and phone number, allowing the user to easily indicate their refusal to receive further messages.

    When the Company sends commercial promotional information via media other than email, such as fax or mobile text messages, it shall take necessary measures in accordance with relevant laws, including marking the beginning of the message with the word “Advertisement.”

    9. Contact Information for the Person Responsible for Personal Information Management and the Customer Service Department

    The Company designates the relevant department and the person responsible for personal information management as follows to protect users’ personal information and handle complaints related to personal information.

    Personal Information Officer

    • - Department: Management and Administration Team
    • - Name: Jangseon Hwang, General Manager
    • - Phone: 070-7596-9828
    • - Contact: js.hwang@hyundai-am.com

    Personal Information Manager

    • - Department: Management and Administration Team
    • - Name: Seunghyeon Kim, Assistant Manager
    • - Phone: 070-7596-9902
    • - Email: seunghyeon.kim@hyundai-am.com

    Other organizations

    Users may report any complaints related to personal information protection arising from the use of the Company’s services to the personal information manager or the responsible department. The Company will respond promptly and sufficiently to users’ reports. For other reports or consultations regarding personal information infringements, please contact the following organizations: 

    • - Personal Information Infringement Report Center (www.118.or.kr / 118)
    • - Personal Information Dispute Mediation Committee (privacy.kisa.or.kr / 118)
    • - Supreme Prosecutors’ Office Internet Crime Investigation Center (www.spo.go.kr / 02-3480-2000)
    • - National Police Agency Cyber Terror Response Center (www.netan.go.kr / 1566-0112)

    Personal Information Processing Policy Version: 1.0

    Effective date of the Personal Information Processing Policy: September 1, 2016