<LOTTE Data Communication>
The personal information protection policy of the Internet service on the LDCC website contains the following items.
- 01. Purpose of the Collection and Use of Personal Information
- 02. Collection Items and Method of Collecting Personal Information
- 03. Personal Information Handling and Retention Period
- 04. Matters Concerning the Provision of Personal Information
- 05. Matters Concerning the Consignment of Personal Information
- 06. Rights, Obligations and Exercise Method of the Information Subject and Legal Representative
- 07. Destruction Procedures and Method for Personal Information
- 08. Measures Taken to Secure Safety for Personal Information
- 09. Affiliation / Name and Contact Information of Those Responsible for the Personal Information Management of the Service and Person in Charge
- 10. Obligation of Notice
1. Purpose of the Collection and Use of Personal Information
The company processes personal information for the following purposes. Personal information is only used for the following purposes, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent under Article 18 of the Personal Information Protection Act.
a. Handling of Civil Affairs
- - The Company handles personal information for the purposes of verifying civil complaints, notification of handling results, and IR meeting.
2. Collection Items and Method of Collecting Personal Information
The Company collects the following personal information to facilitate the handling of business and the provision of various services.
a. Required Collection Items
- - Name, email address, contact information(visitor for IR meeting), company name(object of report, visitor for IR meeting), department(object of report), id(reporting center), password(reporting center)
b. Selected Collection Items
- - Contact information, company name, department, and position.
c. The following information may be automatically generated and collected in the process.
- - Service usage records, Access Log, IP information
d. Collection Method
- The Company collects personal information in the following manner.
- · Website
- - The Company collects personal information in the following manner.
e. Matters concerning the installation and operation of an automatic personal information collection device and its refusal.
- - In order to provide individually customized services to users, the company stores usage information and uses “cookie” that is frequently retrieved.
- Cookies are a small amount of information sent by the server (http) used to run the website to the user’s computer browser and are also stored on the user’s computer hard disk.
- · Installation, operation, and rejection of cookie: Tools at the top of the web browser>Internet Options>Setting options in the Personal Information menu allows you to refuse to save cookies.
- · Refusing to save cookies can make it difficult to use customized services.
3. Personal Information Handling and Retention Period
The Company handles and retains personal information within the period of retention and the period of use of personal information in accordance with the laws and regulations or within the period of retention and the period of use of personal information for which consent is secured when collecting personal information from the information subject.
(1) Retention of information in accordance with the Company's policies:
- - Retention period: 3 months (consent is secured when collecting information)
(2) Retention of information as required under applicable laws and regulations
- - Retention period: 3 years (ENFORCEMENT DECREE OF THE ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC., Article 6)
4. Matters Concerning the Provision of Personal Information
The Company shall use the personal information of the users within the scope provided under "1. Purpose of the Collection and Use of Personal Information" and shall not use the user's personal information beyond the scope without the prior consent of the users, nor disclose the users’ personal information to the outside as a matter of principle.
5. Matters Concerning the Consignment of Personal Information
The company shall provide no personal information to any third party without user's prior consent; provided, however, that the company provides the foregoing personal information to the third parties within a scope required to provide affiliated services to users, only upon user's prior consent.
수탁업체 및 위탁업무 내용으로 구성된 개인정보 위탁에 관한 사항 표 Consignment company Purpose of consignment work Lotte Data Communication Company Limited Vietnam Service Development and Operation of Personal Information Processing System
6. Rights, Obligations and Exercise Method of the Information Subject and Legal Representative
a. The information subject may, at any time, exercise the personal information protection-related rights as provided under each of the following with regard to the Company.
- - Demand for a review of personal information
- - Demand for corrections in the event of errors
- - Demand for deletion
- - Demand for the suspension of handling
b. The exercise of rights under the provisions of Paragraph a. may be performed in writing, or via phone, email, or facsimile (FAX) to those responsible for personal information protection and management as well as the department in charge or the Company, to which the Company will respond and take actions accordingly without delay.
c. If the information subject demands the correction or deletion of any errors in personal information, the Company will not use or provide the personal information until the correction or deletion is made and completed.
d. The exercise of rights under the provisions of Paragraph a. may be performed by the legal representative of the information subject or agent authorized for the delegation of the rights, etc. In this event, a power of attorney shall be submitted in line with Form 11 annexed under the Enforcement Rules of the Personal Information Protection Act.
7. Destruction Procedures and Method for Personal Information
The Company shall immediately destroy personal information when it becomes unnecessary, such as the elapse of the retention period of personal information and the achievement of the purposes of handling it.
a. Destruction Procedures
- - The information entered by the users will be destroyed after the retention period of personal information. However, if storage of it is required according to other laws and regulations, it will be separated and stored in a separate DB (or separate documents in the case of paper) for storage for a certain period of time, and will not be used for any other purposes whatsoever (referring to '3. Personal Information Handling and Retention Period').
b. Destruction Method
- - The personal information printed on paper will be destroyed by shredding or incineration.
- - The personal information stored in the form of electronic files will be deleted by using a technical method which cannot reproduce the records.
8. Measures Taken to Secure Safety for Personal Information
The Company takes the following actions to ensure the safety of personal information.
a. Administrative Action
- Training of the employees who handle personal information
- · The Company designates the employees who handle personal information, limits handling to the person in charge for minimization purposes, and frequently trains the person in charge, thereby stressing compliance with the personal information handling policy at all times.
- - Training of the employees who handle personal information
b. Technical measures
- - The Company installs security programs, periodically updates, tests, and installs system in areas where access from the outside is controlled, and technically/physically monitors and blocks to prevent any leakage of or damages against personal information by hacking or computer viruses.
c. Physical Measures
- - Unauthorized access control. The Company operates a separate physical storage location for personal information and also has access control procedures in place.
9. Matters Concerning Those Responsible for the Personal Information Protection of the Service
The Company is responsible for the handling of personal information, and designates the
following persons in charge of personal information protection to handle complaints and
damages of the information subject in connection with the handling of personal
Personal Information Protection Supervisor
- · Name: Choi Seung-sik
- · Affiliation / Position: Information Security Management / General Manager
- · E-mail : firstname.lastname@example.org
Personal Information Protection Manager
- · Name: Kim Joong-ho
- · Affiliation / Position: ESG Office / Senior Assistant
- · E-mail : email@example.com
- · Phone : +82-2-2626-3715
Users may file a report with the personal information management supervisor or the department in charge regarding any personal information-related complaints that arise while using the Company's services. The Company will promptly and adequately respond to the users’ reports.
For filing a report or consultation concerning other infringements of personal information, please contact the following agencies.
- - Personal Information Infringement Report Center: www.privacy.kisa.or.kr (dial 118 without area code)
- - Supreme Prosecutors' Office Cyber Investigation Division: www.spo.go.kr (dial 1301 without area code)
- - National Police Agency Cyber Safety Bureau: cyberbureau.police.go.kr (dial 182 without area code)
10. Obligation of Notice
In the event of any additions, deletions, or modifications to the current personal information handling policy, the Company will notify them via the “Notice” section on its website from at least 7 days before the revision. However, if there is a significant change in the users’ rights, such as in regard to the collection and use of personal information and provision to a third party, the Company will so notify at least 30 days in advance.
- - Date of public announcement: July 25th, 2022
- - Date of enforcement: August 1st, 2022
- - Version number: V3.9