This Policy (the "Policy") explains the way of treatment of the information which is provided or collected in the websites on which this Policy is posted.
Through
this Policy, the Company regards personal information of the users as important
and inform them of the purpose and method of Company's using the personal
information provided by the users and the measures taken by the Company for
protection of those personal information.
This
Policy will be effective on the 31th day of January, 2024 and the Company will
make public notice of it through posting it on the bulletin board of Company's
website or e-mails.
1. Information to be collected and method of collection
(1) Personal information items to be collected
Personal
information items to be collected by the Company are as follows:
• Information
provided by the users
The
Company may collect the information directly provided by the users.
Title of
service |
Items to
be collected |
Internet
membership service |
-
Name, email address, national
information, encoded identification information (CI) |
(2) Method
of collection
The
Company collects the information of users in a way of the followings:
• webpage,
written form, fax, telephone calling, e-mailing, tools for collection of
created information
2. Use of
collected information
The
Company uses the collected information of users for the following purposes:
• Member
management and identification
• To detect and
deter unauthorized or fraudulent use of or abuse of the Service
• Improvement of
existing services and development of new services
• Making notice
of function of company sites or matters on policy change
• To make
statistics on member’s service usage, to provide services and place advertisements
based on statistical characteristics
• To provide
information on promotional events as well as opportunity to participate
• To comply with
applicable laws or legal obligation
• Use of
information with prior consent of the users (for example, utilization of
marketing advertisement)
The
Company agrees that it will obtain a consent from the users, if the Company
desires to use the information other than those expressly stated in this
Policy.
3.
Disclosure of collected information
Except for
the following cases, the Company will not disclose personal information with a
3rd party:
• when the users
consent to disclose in advance;
- The
cases where the user gives prior consent for sharing his or her personal
information
• when
disclosure is required by the laws:
- if
required to be disclosed by the laws and regulations; or
- if
required to be disclosed by the investigative agencies for detecting crimes in
accordance with the procedure and method as prescribed in the laws and
regulations
4. Cookies
and Similar Technologies
The
Company may collect collective and impersonal information through 'cookies'.
Cookies
are very small text files to be sent to the browser of the users by the server
used for operation of the websites of the Company and will be stored in
hard-disks of the users' computer.
The items
of cookies to be collected by the Company and the purpose of such collection
are as follows:
Category |
Reasons
for using cookies and additional information |
strictly
necessary cookies |
This
cookie is a kind of indispensible cookie for the users to use the functions
of website of the Company. Unless the users allow this cookie, the services
such as shopping cart or electronic bill payment cannot be provided. This
cookie does not collect any information which may be used for marketing or
memorizing the sites visited by the users ∘
Check whether login is made on website ∘
Check whether the users are connected with correct services of the website of
the Company while the Company changes the way of operating its website |
5.
Security
The
Company regard the security of personal information of uses as very important.
The company constructs the following security measures to protect the users'
personal information from any unauthorized access, release, use or modification
• Encryption of
personal information
- Transmit
users' personal information by using encrypted communication zone
- Store
important information such as passwords after encrypting it
• Establish and
execute internal management plan
6. Protection
of personal information of children
In
principle, the Company does not collect any information from the children under
18 or equivalent minimum age as prescribed in the laws in relevant
jurisdiction. The website, products and services of the Company are the ones to
be provided to ordinary people, in principle. The website or application of the
Company has function to do age limit so that children cannot use it and the
Company does not intentionally collect any personal information from children
through that function.
7.
Modification of Privacy Protection Policy
The
Company has the right to amend or modify this Policy from time to time and, in
such case, the Company will make a public notice of it through bulletin board
of its website or e-mail and obtain consent from the users if required by
relevant laws.
8. Contact
information of Company
Please use
one of the following methods to contact the Company should you have any queries
in respect to this policy or wish to update your information:
•Company name :
HYUNDAI BIOLAND
Address : 162,
Gwahaksaneop 3-ro, Ochang-eup, Cheongwon-gu, Cheongju-si, Chungcheongbuk-do,
28125, Republic of Korea
Tel.: 043-240-8633
E-mail: biosp@hyundaibioland.co.kr
DPO
of the Company:
Address: 162, Gwahaksaneop 3-ro, Ochang-eup, Cheongwon-gu, Cheongju-si, Chungcheongbuk-do, 28125, Republic of KoreaTel.:
E-mail:
Appendix
of Privacy Protection Policy
<1>
Lawful processing of personal information under GDPR
Processing
personal information by the Company shall be lawful only if and to the extent
that at least one of the following applies:
• A user has
given consent to the processing of his or her personal information.
• Processing is
necessary for compliance with a legal obligation to which the Company is
subject
-
Compliance with relevant law, regulations, legal proceedings, requests by the
government
• Processing is
necessary in order to protect the vital interests of users, or other natural
persons
-
Detection of, prevention of, and response to fraud, abuse, security risks, and
technical issues that may harm users or other natural persons
• Processing is
necessary for the performance of a task carried out in the public interest or
in the excise of official authority vested in the Company
• Processing is
necessary for the purposes of the legitimate interests pursued by the Company
or by a third party (except where such interests are overridden by the
interests or fundamental rights and freedoms of the data subject which require
protection of personal data, in particular where the data subject is a child).
<2>
User’s right when applying GDPR
The users
or their legal representatives, as main agents of the information, may exercise
the following rights regarding the collection, use and sharing of personal
information by the Company:
• The right to
access to personal information;
The users
or their legal representatives may access the information and check the records
of the collection, use and sharing of the information under the applicable law.
• The right to rectification;
- The
users or their legal representatives may request to correct inaccurate or
incomplete information.
• The right to
erasure;
- The
users or their legal representatives may request the deletion of the
information after the achievement of their purpose and the withdrawal of their
consent.
• The right to
restriction of processing;
- The users
or their legal representatives may make temporary suspension of treatment of
personal information in case of the disputes over the accuracy of information
and the legality of information treatment, or if necessary to retain the
information.
• The right to
data portability
- The
users or their legal representatives may request to provide or transfer the
information.
• The right to
object
- The
users or their legal representatives may suspend the treatment of personal
information if the information is used for the purpose of direct marketing,
reasonable interests, the exercise of official duties and authority, and
research and statistics.
• The right to
automated individual decision-making, including profiling- The users or their
legal representatives may request to cease the automated treatment of personal
information, including profiling, which has critical impact or cause legal
effect on them.
If, in
order to exercise the above rights, you, as an user, use the menu of 'amendment
of member information of webpage or contact the Company by sending a document
or e-mails, or using telephone to the Company (person in charge of management
of personal information or a deputy), the Company will take measures without
delay: Provided that the Company may reject the request of you only to the
extent that there exists either proper cause as prescribed in the laws or
equivalent cause.
<3>
3rd party's sites and services
The
website, product or service of the Company may include the links to the ones of
a 3rd party and the privacy protection policy of the site of 3rd party may be
different. Thus, it is required for the users to check additionally that policy
of a 3rd party site linked to the site of the Company.
<4>
Guide for users residing in California
If the
user resides in California, certain rights may be given. The Company prepare
preventive measures necessary for protecting personal information of members so
that the Company can comply with online privacy protection laws of California.
In case of
leakage of personal information, an user may request the Company to check the
leakage. In addition, all the users in the website of the Company, can modify
their information at any time by using the menu for changing information by
connecting their personal account.
Moreover, the
Company does not trace the visitors of its website nor use any signals for
'tracing prevent'. The Company will not collect and provide any personal
identification information through ad services without consent of users.
<6>
Guide for users residing in Korea
The
Company guides several additional matters to be disclosed as required by the
information network laws and personal information protection laws in the
Republic of Korea as follows:
(1)
Information collected
The items
collected by the Company are as follows:
• Examples of
required information
Title of
service |
Items to
be collected |
Internet
membership service |
-
Name, email address, ID,
national information, encoded identification information (CI), identification
information of overlapped membership |
In the
course of using services, the information as described below may be created
and collected: -
Information of devices
(equipment/device identifier, operation system, hardware version, equipment
set-up and telephone number -
Log information (Log data, use
time, search word input by users, internet protocol address, cookie and web
beacon) -
Other created information |
•
(2) Period for retention and use of personal
information
In
principle, the Company destructs personal information of users without delay when:
the purpose of its collection and use has been achieved; the legal or
management needs are satisfied; or users request: Provided that, if it is
required to retain the information by relevant laws and
regulations,
the Company will retain member information for certain period as designated by
relevant laws and regulations. The information to be retained as required by
relevant laws and regulations are as follows:
- Record
regarding contract or withdrawal of subion: 5 years (The Act on
Consumer Protection in Electronic Commerce ) - Record
on payment and supply of goods:5 years (The Act on Consumer Protection in
Electronic Commerce ) - Record
on consumer complaint or dispute treatment: 3 years (The Act on Consumer
Protection in Electronic Commerce ) - Record
on collection/process, and use of credit information: 3 years (The Act on Use
and Protection of Credit Information ) - Record
on sign/advertisement: 6 months(The Act on Consumer Protection in Electronic
Commerce ) - Log
record of users such as internet/data detecting the place of user connection:
3 months(The Protection of Communications Secrets Act ) - Other
data for checking communication facts: 12 months (The Protection of
Communications Secrets Act ) |
(3) Procedure and method of
destruction of personal information
In
principle, the Company destructs the information immediately after the purposes
of its collection and use have been achieved without delay: Provided that, if
any information is to be retained as required by relevant laws and regulations,
the Company retain it for the period as required by those laws and regulations
before destruction and, in such event, the personal information which is stored
and managed separately will never be used for other purposes. The Company
destructs: hard copies of personal information by shredding with a pulverizer
or incinerating it; and delete personal information stored in the form of
electric file by using technological method making that information not
restored.
(6)
Technical, managerial and physical measures for protection of personal
information
In order
to prevent the loss, theft, leakage, alteration or damage of personal
information of the users, the Company takes technical, managerial and physical
measures for securing safety as follows:
Items |
Examples |
Technical
measures |
∘
Take measures of encryption for confidential information ∘
Establish and execute internal management plan |
Managerial
measures |
∘
Appoint a staff responsible for protecting personal information ∘ ∘
Establish and execute internal management plan ∘ ∘
Ensure safe storage of record of access to personal information processing
system ∘
Classify the level of authority to access to personal information processing
system |
(7) Staff
responsible for managing personal information
The staff
of the Company responsible for managing personal information is as follows:
• Name of staff
responsible for managing personal information:
Dept. :
Hee-Joon Lee
Tel. :
043-240-8600
Contact :
biosp@hyundaibioland.co.kr
The latest update date: 4, March, 2024.