01. General Provisions

“Personal information” refers to the name, resident registration number, video image etc. included in the information on a living individual, which is used to identify that individual (including information that can only be used to identify an individual in combination with other information).
“Data subject” refers to a person who, as the subject of the collected information, can be identified with the processed information. We display the GUIDELINES on the first screen of our homepage (www.hd-infracore.com) to allow users to consult them easily at any time.

02. Purpose of processing personal information

We process personal information for the following purposes.

[Concerning services provided by us]

• Membership management; processing of users’ complaints/opinions.
• Online market surveys and opinion polls.
• Marketing or ads.
• Service provision and settlement of fees.
• Support for subcontractors.

[Concerning the recruitment of employees]

• Screening of recruitment applications, correction of application forms, checking of results of application, contacts with applicants, checking of application requirements.
• Salary payment, welfare-related matters, support provided to employees in their execution of business, and personnel management including evaluations.

03. Period of processing/retention of personal information

We destroy personal information upon attaining the purpose of its collection/use. However, we keep the following personal information for the period stated in the following.

[Concerning services provided by us]

• Personal information items kept: name, home address, email, contact number, name of company, name of representative, type of business, bank account information, service use records, connection log, cookies, and connection IP information.
• Period of retention: Until the end of the service provided, or what is separately stipulated in the law if that is the case.
• Reason for retention: user identification, improvement of service quality, and provision of support for subcontractors’ business.

[Concerning recruitment and maintenance of recruitment status]

• Personal information items kept: name, password, DOB, gender, resident registration number, home address, home phone number, cell phone number, interests, special skills, academic background, work experience, foreign language proficiency, military service record, family-related matters.
• Period of retention: Until the end of employment or an extended period pursuant to consent by the data subjects.
• Reason for retention: Salary payment, welfare-related matters, support provided to employees in their execution of business, and personnel management including evaluations.

04. Methods of destruction of personal information

We destroy personal information upon attaining the purpose of its collection/use, termination of the service, or end of the relevant business.

1. Destruction procedure

We destroy personal information and personal information files that we no longer needs according to our internal guidelines and procedure, as follows

• Destruction of personal information: Upon expiry of the designated period of retention.
• Destruction of personal information files: On the day the file is judged to be no longer needed as the purpose of its collection/use has been attained, or upon termination of the service, etc.

2. Destruction method

• For personal information stored in electronic files – Destruction in a way that renders such information irretrievable.
• For printouts containing personal information – Shredded or incinerated.

05. Provision of personal information to third parties

We do not provide any personal information to any third party without a justifiable reason, such as being required to do so by the law, or without the prior consent of the data subject, etc., unless one of the following is the case:

• In cases where the data subject’s separate consent has been obtained;
• In cases where a special clause is stipulated in the law;
• In cases where it is judged that such provision is clearly required to protect the life or property of the data subject or the third party, and where the data subject or his legal agent is unable to express his opinion or it is impossible to obtain his/her consent due to the lack of an address etc.
• In cases where personal information is provided in such a way that specific individuals cannot be identified for the purpose of drawing up statistics or for academic research.

Currently, we provide personal information to third parties as follows:

• Parties to which we provide personal information: Multicampus, Korea TOEIC Committee, Korea Chamber of Commerce and Industry.
• Personal information items provided: name, DOB, cell phone number.
• Purpose of use of personal information: Verification of qualifications for recruitment.
• Period of retention/use of personal information provided: Until attainment of the purpose of collection/use.

• Parties to which we provide personal information: Ministry of Defense/local offices of the Military Manpower Administration, district offices/community service centers.
• Personal information items provided: name, resident registration number, cell phone number, military serial number.
• Purpose of use of personal information: Conduct of business related to the Homeland Reserve Forces, such as the organization, mobilization, training or demobilization of HR Forces.
• Period of retention/use of personal information provided: Until the end of the employment.

• Parties to which we provide personal information: Doosan Corporation.
• Personal information items provided: name, photo, password, home address, home phone number, cell phone number, email, academic background, military service record, foreign language proficiency, computer skill, qualifications, familial relations, work experience, social experience, prizes received, experience accumulated overseas, research experience.
• Purpose of use of personal information: Management/development of human resources.
• Period of retention/use of personal information provided: Until the end of employment.

06.　Entrustment of personal information processing

We do not entrust the processing of personal information to a third party without obtaining the prior consent of the data subject. We entrust personal information as follows and ensure that all entrustment contracts include a clause on the safe management of the information under the law.

• Trustee: Hyundai C&R
• Content of entrustment: Matters pertaining to salary management, welfare, and general affairs (e.g. management of company vehicles/cell phones, mutual aid, etc.).

• Trustees: Multicampus, KACNET, ALPACO, SPICUS, PICKUPPHONE, eCAMPUS, fn Innoedu, YBM
• Content of entrustment: Matters pertaining to Internet-based lectures for employees, etc.

• Trustee: Doosan Digital Innovation
• Content of entrustment: Operation and management of the personnel information processing system.

• Trustee: International SOS Korea
• Content of entrustment: Operation of a positioning system in linkage with employees undertaking overseas business trips.

• Trustee: S1
• Content of entrustment: Photo-taking; issuance of employee passes.

• Trustee : KUMA DATA TECH
• Content of entrustment: Issuance of employee IDs.

• Trustee : Photomind
• Content of entrustment: Taking photos of employees.

• Trustee : Oracle Corporation
• Content of entrustment: Retention/management of personal information.

• Trustee : Salesforce.com Singapore Pte Ltd
• Content of entrustment: Retention/management of personal information.

• Trustee : Hyundai Genuine
• Content of entrustment: Execution of HDI various educational services, provide integrated training service among affilates. Matters pertaining to business support for trading partners, operation and management of the Supplier Portal.

07. Data subjects’ rights and obligations and how to exercise them

Data subjects may ask us to allow them to access, correct or delete their personal information or request that we cease our handling and processing thereof. However, we may reject or restrict such request in any of the following cases.

• Where there is a special clause in the law; in cases where we are required to fulfill our legal obligation.
• In cases where it is feared that compliance with such request will cause harm to a person’s life or health or unjustly infringe on a person’s interests, including their property.
• In cases where failure not to handle personal information makes it impossible to execute a contract, including the provision of a service stipulated in a contract to a data subject, and where the data subject has failed to clearly express his/her intention to terminate the contract.

Methods and procedure of exercising rights

• Data subjects who wish to access their personal information kept by us may submit a request for access to, correction/deletion of, or cessation of our handling of their information to our department in charge of personal information in writing by email or fax, etc. (For information on the department, refer to 08. Service for handling petitions about personal information hereto.)
• With regard to the submittal of such request, we will comply with it within 10 days unless there is a justifiable reason for not doing so, or inform the data subject of the reason for our restriction/refusal within 5 days and how the data subject may file an appeal for our reconsideration of the matter.
• Where data subjects or their agents request access to the personal information kept by us, we may check their identity by asking for their ID (e.g. resident registration card) or certified electronic signature, etc.

08. Our personal information service

We have appointed a department and a Personal Information Manager as following to handle all business concerning the protection of users’ personal information and associated complaints.

1. Department in charge of personal information

• Name of department: Security Audit Team
• Telephone number: 02-479-8754
• email: hdi.security@hyundai-di.com

2. Personal Information Manager

• Name: Mr. Kim Byungkwan
• Telephone number: 02-479-7062
• Email: hdi.security@hyundai-di.com

If you need to report a case of personal information infringement or wish to receive consulting, please contact one of the following:

• Personal Information Dispute Mediation Committee (http://privacy.kisa.or.kr Telephone number: 118)
• Personal Information Infringement Report Center (http://www.privacy.go.kr Telephone number: 118)
• Information Protection Mark Certification Committee (http://www.eprivacy.or.kr Telephone number: 02-580-0533~4)
• Internet Crime Investigation Center of the Supreme Prosecutors' Office (http://www.spo.go.kr Telephone number: 02-3480-3600)
• National Police Agency Cyber Terror Response Center (http://www.ctrc.go.kr Telephone number: 02-392-0330)

09. Installation/operation of devices for automatic collection of personal information and customers’ refusal thereof

We use “cookies” to store users’ information and fetch it from time to time. Cookies are very small text files stored in your computer hard disk. They are sent by the server used to operate our website to users’ browser. We use cookies for the following purpose.

1. Purpose of use of cookies

• Cookies are used to analyze the frequency of users’ connection to a website or the time of day of their visits, to determine users’ tastes/interests, to check the level of their participation in special events, etc., which are necessary for our targeted marketing and the provision of customized services to users. You have the right to accept or reject our installation of cookies in your computer hard disk by setting the option in your web browser. You may accept all cookies, check each time cookies are stored, or reject all cookies.

2. How to reject the installation of cookies

• You may accept all cookies, check each time cookies are stored, or reject all cookies by setting the option of your web browser accordingly. How to set the option (in Internet Explore) : Go to “Tool” at the top of your web browser > Internet option > personal information. You may have difficulty in using our services if you refuse to accept cookies.

10. Overseas transfer of personal information

We transfer data subjects’ personal information to third parties abroad as follows in the process of handling our business through the following system. This allows us to handle the information in a server in an area outside the country in which the data subject resides.

[Access Portal]

• Business to which we transfer personal information and contact point
  Name of business: Oracle Corporation
  Contact point: https://www.oracle.com/corporate/contact/ (Telephone number: +1.650.506.7000)
• Country where the transferee is located, date, method.
  Country where the transferee is located: Ashburn, Virginia, U.S.A.
  Date and method: Transmission via the network with the request for issuance of an account through the Access Portal.
• Personal information items transferred
  User’s name, User ID, nationality, email, home phone number, cell phone number, position in workplace.
• Purpose of personal information transfer; Period of retention/use of personal information
  Storage, retention, and management at an overseas data center operated by the transferee during the relevant period.
• Data subjects have the right to reject the collection of their personal information, but such refusal may lead to restrictions on their use of our service.
  

[CRM]

• Business to which we transfer personal information and contact point
  Name of business: Salesforce.com Singapore Pte. Ltd.
  Contact point : https://www.salesforce.com/form/other/privacy-request
• Country where the transferee is located, date, method.
  Area where the transferee is located: Tokyo, Japan
  Date and method: Transmission via the network with the registration of customer information with the CRM system for sales opportunity management.
• Personal information items transferred:
  Customer’s name, DOB, email, home phone number, cell phone number, business registration number, address.
• Purpose of personal information transfer; Period of retention/use of personal information
  Storage, retention, and management at an overseas data center operated by the transferee during the relevant period.
• Data subjects have the right to reject the collection of their personal information, but such refusal may lead to restrictions on their use of our service.
  

11. Steps taken to secure the safety of personal information

We take the following steps to secure safety when handling users’ personal information to prevent the loss, theft, leakage, forgery or damage thereof.

[Technical steps]

• We observe the criteria stipulated in the law for the safe storage and transmission of personal information.
• We use vaccine programs to protect our users’ personal information against damages caused by computer viruses.
• The vaccine programs are updated periodically. We immediately use newly developed vaccine programs to prevent the personal information kept by us from being affected.

[Administrative steps]

• We restrict the right to access personal information to the following employees: those responsible for sales/marketing with data subjects first hand; those responsible for the managing personal information; those responsible for handling personal information as a regular part of their duties.
• We run periodic in-house education sessions concerning personal information protection for employees who are responsible for handling personal information, including the appointment of outside lecturers. We do all we can to ensure that our employees observe the laws concerning personal information protection both during their employment and after their retirement.

[Physical steps]

• We take protective measures such as the use of physical locks to prevent physical access in order to keep personal information and the personal information processing system safe.
• We have designated our computer rooms and rooms for storing important information as off-limits areas to ensure the protection of users’ personal information.

01. General provisions

‘Personal Information’ refers to information about a living individual, including information that can identify an individual using the name, social security number, and video (including information that can be easily identified if combined with other information, even if such information alone does not identify a particular individual). An ‘Information Subject’ is a person who can be identified by the information processed and is the subject of such information. The Company publishes the personal information handling policy on the website (www.hd-infracore.com) so that it can be easily checked at all times. The Company will announce any revision of the personal information handling policy on the website using Notice (or via individual notice)

02. Personal information processing items and purposes

The Company will not process sensitive information that may seriously violate the privacy of the data subject or the unique identification information given to identify an individual uniquely if not allowed by the provisions of laws or without the informed consent of the data subject.

1. Processing Items

[Items related to services provided by the Company]

Name, resident registration number, home address, e-mail, contact, company name, CEO name, industry type, account information, service use record, access log, cookies, and access IP information

[Items related to employment]

Name, social security number, photo, password, home address, home phone number, mobile phone number, e-mail, academic background, military service, language skills, computer skills, qualifications, family relationship, career

2. Processing purposes

[Items related to services provided by the Company]

• Member management and complaint handling
• Online market research or opinion poll
• Marketing or advertising
• Service provision and fee settlement
• Partner support service

[Items related to employment]

• Employment screening, revision of the application form, success or failure check, contact with the applicant, employment requirement check
• Human resources management including salary payment, welfare benefits, support for performance of various tasks, and evaluation

03. Processing and retention period of personal Information

In principle, personal information will be destroyed without delay after the purpose of collecting and using them is achieved. Note, however, that the following information will be retained for the specified period for the following reasons:

[Items related to services provided by the Company]

• Items for retention: Name, resident registration number, home address, e-mail, contact, company name, CEO name, industry type, account information, service use record, access log, cookies, and access IP information
• Retention period: Retained until the support service expires. If there are special regulations in laws and ordinances, however, they are kept in accordance with the relevant laws and regulations.
• Reason for retention: User identification, service quality improvement, and partner business support

[Items related to employment]

• Items for retention: Name, password, date of birth, gender, social security number, home address, home phone number, mobile phone number, hobby, specialty, academic background, career, language, military service, family background
• Retention period: Retained until the end of the labor relationship.
• Note, however, that the retention period can be extended if content is obtained.
• Reason for retention: Human resources management including salary payment, welfare benefits, support for performance of various tasks, and evaluation

04. Personal information destruction method

1. Destruction procedure

Currently, the Company provides personal information as follows:

2. Destruction method

• The personal information stored in the form of electronic files will be deleted using a technical method that makes restoring the record impossible.
• The personal data printed on paper will be shredded by a shredder or incinerated.

05. Providing personal information to a third party

The Company will use the personal information within the scope of the purpose stated in the and will neither use nor provide the personal information to a third party beyond such scope. The following can be exceptions, however:

• If separate consent is received from the information subject
• If there are special provisions in other laws
• If the information subject or his/her legal representative cannot express his/her will, or prior consent cannot be obtained because the address is unknown, and it is deemed necessary for the clear benefit of life, body, or property of the information subject or third party.
• If the personal information is needed for statistics composition or academic research, and the information is provided in a form that cannot identify an individual.

Currently, the Company provides personal information as follows:

• Personal information receiver: Multicampus Co., Ltd., Korea TOEIC Commission, Korea Chamber of Commerce and Industry, Ministry of National Defense/Regional Military Manpower Administration, Gu office/Community service center
• Personal information items provided: Name, resident registration number, mobile phone number, military service number
• Purpose of using the provided information: Qualification
• Retention and use period of the provided information: Immediate destruction

• Personal information receiver: Doosan Corporation
• Personal information items provided: Name, social security number, photo, password, home address, home phone number, mobile phone number, e-mail, academic background, military service, language skills, computer skills, qualifications, family relationship, career, social experience, award experience, overseas experience, and research experience
• Purpose of using the provided information: Integrated management and development of human resources
• Retention and use period of the provided information: Until the labor relationship is terminated

• Personal information receiver: Korean Standards Association
• Personal information items provided: Name, mobile phone number, residential area
• Purpose of using the provided information: Doosan service quality survey
• Retention and use period of the provided information: Immediate destruction after achieving the purpose of providing information (September 22 - December 5, 2014)

06. Consignment of personal information processing

The Company does not entrust personal information processing to an external company without the consent of the information subject. The Company entrusts personal information processing as follows and stipulates the necessary provisions so that the personal information can be safely managed when signing a consignment contract according to the relevant laws:

• Trustee: Doosan Corporation
• Consigned service details: Salary management, welfare benefits, general affairs (business vehicle and mobile phone management, mutual aid, etc.)

• Trustee: Multicampus Co., Ltd., Korea Academy, Alphaco, Spicus, Pickupphone, eCampus, KT Innoedu
• Consigned work contents: Internet lectures for employees, etc.

• Trustee: Doosan Corporation (information and communication BU)
• Consigned service details: Management (maintenance) and operation of the HR information processing system

• Trustee: International SOS Korea Co., Ltd.
• Consigned service details: Operation of the location system by linking with the employees’ overseas business trip information

• Trustee: S1 Co., Ltd.
• Consigned service details: Photographing, overall control over access card production/issuance

• Trustee: Kuma Data Tech Co., Ltd.
• Consigned service details: Employee card production/issuance

• Trustee: Photomind
• Consigned service details: Taking photographs of the employees

07. Rights and obligations of the information subject and exercise methods

All information subjects can request the viewing, correction, deletion, and suspension of processing of their personal information processed by the Company. If the following conditions apply, however, the Company may refuse or restrict such request:

• If there is a special provision, or if it is inevitable to comply with legal obligations
• If there is concern of harming another person's life or body or unjustly infringing another person's property or other interests
• If the contract cannot be fulfilled (e.g., unable to provide the service agreed upon with the information subject) when personal information is not processed, and the information subject does not clearly express any intention of terminating the contract

Methods and procedures for exercising rights

• An information subject who wants to retrieve his/her personal information can submit the retrieval, correction, deletion, and processing suspension request document to the department in charge of personal information in writing or via e-mail or fax. (See ‘09. Complaint handling service related to personal information’ for the department in charge.)
• The Company will take appropriate measures within 10 days unless there is no valid reason and will inform you of the reason for restriction or rejection as well as how to file a complaint within 5 days, if there is reason for rejection or restriction.
• When the information subject or his/her representative requests the retrieval of personal information, the Company may check the identity of the information subject or the representative by checking the identity card such as resident registration card or certified electronic signature.

08. Technical/Administrative/Physical protection measures of personal information

The Company takes the following safety measures to prevent personal information from being lost, stolen, tampered with, or damaged when handling the personal information:

• The Company complies with the standards stipulated by laws and regulations to save and transmit personal information safely.
• The Company takes measures to prevent damage caused by computer viruses using vaccine programs.
• The vaccine programs are updated on a regular basis; if a new virus suddenly appears, a vaccine program is provided immediately to prevent personal information from being breached.

• The Company restricts access to personal information to those who directly conduct sales and marketing tasks for the information subject, those who perform personal information management tasks, and those who should handle personal information inevitably for their duties.
• The Company regularly implements internal training and external outsourcing training regarding personal information protection for the employees who handle personal information. The Company also manages and controls the employees to make them observe the laws on personal information protection after entering and leaving the company.

• The Company takes protective measures to prevent physical access to a locker to keep the personal information and personal information handling system safely.
• The Company sets the computer room and data storage room as special protected areas and controls access to them.

09. Complaint handling service related to personal information

The Company appoints the following department and privacy manager to protect personal information and handle complaints related to personal information:

1. Department in charge of personal information

• Department: Internal control/Information security part/Compliance team
• Phone number : +82-2-3398-2436, 8066
• Fax number : +82-2-3398-8337
• E-mail : di_security@hyundai-di.com
• Business hours: (Mon ~ Fri) 09:00 - 18:00, (closed on holidays, Saturdays, and Sundays)

2. Privacy manager

• Name: Park, Dong Beom
• Phone number : +82-2-3398-2436
• E-mail : di_security@hyundai-di.com

Please contact the following government agencies if you need to report or consult about personal information infringement:

• Personal Information Dispute Meditation Committee (http://privacy.kisa.or.kr Phone number: 118)
• Personal Information Violation Report Center (http://www.privacy.go.kr Phone number: 118)
• Korea Online Privacy Association (http://www.eprivacy.or.kr Phone number: 02-580-0533~4)
• Internet Crime Investigation Center, Supreme Prosecutor's Office (http://www.spo.go.kr Phone number: 02-3480-3600)
• Cyber Terror Response Center, National Police Agency (http://www.ctrc.go.kr Phone number: 02-392-0330)

10. Notice obligation

If more provisions are added to this privacy policy, or if any provision is deleted or modified, it will be announced on ‘Notice’ of the website at least 10 days before such changes take effect.

• Notice date: 2011.09.30
• Effective date: 2018.01.01

01. General provisions

‘Personal Information’ refers to information about a living individual, including information that can identify an individual using the name, social security number, and video (including information that can be easily identified if combined with other information, even if such information alone does not identify a particular individual). An ‘Information Subject’ is a person who can be identified by the information processed and is the subject of such information. The Company publishes the personal information handling policy on the website (www.hd-infracore.com) so that it can be easily checked at all times. The Company will announce any revision of the personal information handling policy on the website using Notice (or via individual notice)

02. Personal information processing items and purposes

The Company will not process sensitive information that may seriously violate the privacy of the data subject or the unique identification information given to identify an individual uniquely if not allowed by the provisions of laws or without the informed consent of the data subject.

1. Processing items

[Items related to the customer]

Name, home address, e-mail, company name, service use record, access log, cookies, and access IP information

[Items related to employment]

Name, social security number, photo, password, home address, home phone number, mobile phone number, e-mail, academic background, military service, language skills, computer skills, qualifications, family relationship, career

2. Processing purposes

[Items related to the customer]

• Member management and complaint handling
• Online market research or opinion poll
• Marketing or advertising
• Service provision and fee settlement

[Items related to employment]

• Employment screening, revision of the application form, success or failure check, contact with the applicant, employment requirement check
• Human resources management including salary payment, welfare benefits, support for various task performance and evaluation

03. Processing and retention period of personal Information

In principle, personal information will be destroyed without delay after the purpose of collecting and using them is achieved. Note, however, that the following information will be retained for the specified period for the following reasons:

• Items for retention: Name, home address, e-mail, company name
• Retention period: 1 year
• Reason for retention: User inquiry/request management, user identification, etc.

• Items for retention: Service use record, access log, cookies, access IP information
• Retention period: 3 years
• Reason for retention: Service quality improvement by analyzing users' service use

• Items for retention: Name, password, date of birth, gender, social security number, home address, home phone number, mobile phone number, hobby, specialty, academic background, career, language, military service, family background
• Retention period: In principle, until the end of the labor relationship
• Reason for retention: Human resources management including salary payment, welfare benefits, support for various task performance and evaluation
• However, the personal information of the unsuccessful applicant will be destroyed without delay after the recruitment process is completed.

04. Personal information destruction method

1. Destruction procedure

The Company will destroy the collected personal information without delay once its processing purpose is achieved or the retention period is terminated, except when it is necessary to keep it according to the consent of the information subject, terms of use, and related laws.

2. Destruction method

• The personal information stored in the form of electronic files will be deleted using a technical method that the record cannot be restored.
• The personal data printed on paper will be shredded by a shredder or incinerated.

05. Providing personal information to a third party

The Company will use the personal information within the scope of the purpose stated in the and will neither use nor provide the personal information to a third party beyond such scope. The following can be exceptions, however:

• If a separate consent is received from the information subject
• If there are special provisions in other laws
• If the information subject or his/her legal representative cannot express his/her will or prior consent cannot be obtained due to an unknown address, and it is deemed necessary for the clear benefit of life, body, or property of the information subject or third party.
• If personal information is needed for statistics composition or academic research, and the information is provided in a form that cannot identify an individual.

Currently, the Company provides personal information as follows.

• Personal information receiver: Multicampus Co., Ltd., Korea TOEIC Commission, Korea Chamber of Commerce and Industry, Ministry of National Defense/Regional Military Manpower Administration, Gu office/Community service center
• Provided personal information items: Name, resident registration number, mobile phone number, military service number
• Purpose of using the provided information: Qualification
• Retention and use period of the provided information: Immediate destruction

• Personal information receiver: Doosan Corporation
• Provided personal information items: Name, social security number, photo, password, home address, home phone number, mobile phone number, e-mail, academic background, military service, language skills, computer skills, qualifications, family relationship, career, social experience, award experience, overseas experience, and research experience
• Purpose of using the provided information: Integrated management and development of human resources
• Retention and use period of the provided information: Until the labor relation is terminated.

• Personal information receiver: Korean Standards Association
• Provided personal information items: Name, mobile phone number, residential area
• Purpose of using the provided information: Doosan service quality survey
• Retention and use period of the provided information: Immediate destruction after achieving the purpose of providing information (September 22 - December 5, 2014)

06. Consignment of personal information processing

The Company does not entrust personal information processing to an external company without the consent of the information subject. The Company entrusts personal information processing as follows and stipulates the necessary provisions so that the personal information can be safely managed when signing a consignment contract according to the relevant laws:

• Trustee: Doosan Corporation
• Consigned service details: Salary management, welfare benefits, general affairs (business vehicle and mobile phone management, mutual aid, etc.)

• Trustee: Multicampus Co., Ltd., Korea Academy, Alphaco, Spicus, Pickupphone, eCampus, KT Innoedu
• Consigned work contents: Internet lectures for employees, etc.

• Trustee: Doosan Corporation (information and communication BU)
• Consigned service details: Management (maintenance) and operation of the HR information processing system

• Trustee: International SOS Korea Co., Ltd.
• Consigned service details: Operation of the location system by linking with the employees’ overseas business trip information

• Trustee: S1 Co., Ltd.
• Consigned service details: Photographing, overall control over access card production/issuance

• Trustee: Kuma Data Tech Co., Ltd.
• Consigned service details: Employee card production/issuance

07. Rights and obligations of the information subject and its exercise methods

All information subjects can request the viewing, correction, deletion, and suspension of processing of their personal information processed by the Company. If the following conditions apply, however, the Company may refuse or restrict such request:

• If there is a special provision or if it is inevitable to comply with legislation obligations.
• If there is concern of harming another person's life or body or unjustly infringing another person's property or other interests.
• If the contract cannot be fulfilled (e.g., unable to provide the service agreed upon with the information subject) when personal information is not processed, and the information subject does not clearly express any intention of terminating the contract

Methods and procedures of exercising rights

• An information subject who wants to retrieve his/her personal information can submit the retrieval, correction, deletion, and processing suspension request document to the department in charge of personal information in writing or via e-mail or fax. (See ‘09. Complaint handling service related to personal information’ for the department in charge.)
• The Company will take appropriate measures within 10 days unless there is no valid reason and will inform you of the reason for restriction or rejection as well as how to file a complaint within 5 days, if there is reason for rejection or restriction.
• When the information subject or his/her representative requests the retrieval of personal information, the Company may check the identity of the information subject or the representative by checking the identity card such as resident registration card or certified electronic signature.

08. Technical/Administrative/Physical protection measures of personal information

The Company takes the following safety measures to prevent personal information from being lost, stolen, tampered with, or damaged when handling the personal information:

• The Company complies with the standards stipulated by laws and regulations to save and transmit personal information safely.
• The Company takes measures to prevent damage caused by computer viruses using vaccine programs.
• The vaccine programs are updated on a regular basis; if a new virus suddenly appears, a vaccine program is provided immediately to prevent personal information from being breached.

• The Company restricts access to personal information to those who directly conduct sales and marketing tasks for the information subject, those who perform personal information management tasks, and those who should handle personal information inevitably for their duties.
• The Company regularly implements internal training and external outsourcing training regarding personal information protection for the employees who handle personal information. The Company also manages and controls the employees to make them observe the laws on personal information protection after entering and leaving the company.

• The Company takes protective measures to prevent physical access to a locker to keep the personal information and personal information handling system safely.
• The Company sets the computer room and data storage room as special protected areas and controls access to them.

09. Complaint handling service on personal information

The Company appoints the following department and privacy manager to protect personal information and handle complaints related to personal information:

1. Department in charge of personal information

• Department: Information Security Team
• Phone number: +82-2-3398-2436
• Fax number: +82-2-3398-8337
• E-mail : di_security@hyundai-di.com
• Business hours: (Mon ~ Fri) 09:00 - 18:00, (closed on holidays, Saturday and Sunday)

2. Privacy manager

• Name : Dongbeom Park
• Phone number : 02-3398-2436
• E-mail : di_security@hyundai-di.com

Please contact the following government agencies if you need to report or consult about personal information infringement:

• Personal Information Dispute Mediation Committee (http://privacy.kisa.or.kr Phone number: 118)
• Privacy Complaint Center (http://www.privacy.go.kr Phone number: 118)
• Korea Online Privacy Association (http://www.eprivacy.or.kr Phone number: 02-580-0533~4)
• Internet Crime Investigation Center, Supreme Prosecutor's Office (http://www.spo.go.kr Phone number: 02-3480-3600)
• Cyber Terror Response Center, National Police Agency (http://www.ctrc.go.kr Phone number: 02-392-0330)

10. Notice obligation

If more provisions are added to this privacy policy, or if any provision is deleted or modified, it will be announced on ‘Notice’ of the website at least 10 days before such changes take effect.

• Notice date: 2011.09.30
• Effective date: 2018.01.01