Personal Information Handling Policy

1. General provisions

• (1) "Personal Information " refers to information relating to living individuals, including information on signs, letters, voices, sounds, and videos that allow specific individuals to be identified (where even if a specific individual cannot be identified only with certain information, the individual can be identified if the information is easily coupled with other information, the other information shall be included).
• (2) Through the Personal Information Handling Policy, the Company informs members for what purposes and in what methods the Company uses customers’ personal information, and what measures the Company takes to protect the personal information.
• (3) The Company may amend the Personal Information Handling Policy as a result to a change(s) in relevant laws or internal operational regulations. If the Company amends the Personal Information Handling Policy, it allows customers to easily observe relevant amendment(s) by giving version numbers, etc.
• (4) Where the Company collects customers’ personal information, it shall give a prior notice of the scope of collection and the purpose of collection and use through applications for subscription or the General Terms and Conditions for Use pursuant to relevant laws.
• (5) The Company collects and uses unique identification information as described in each of the following subparagraphs:
  - Purpose of collection and use of unique identification information: providing mobile self-verification services, verifying and authenticating identities, authenticating real names
  - Items of unique identification information to be collected: resident registration numbers, password numbers, drivers’ license numbers, foreigner registration numbers (including images an content for verifying identities of principals and agents)
  ※ Resident registration numbers may be collected and used by key telecommunications service providers pursuant to Article 65-2 of the Enforcement Decree of the Telecommunications Business Act.
  - Retention and use period for unique identification information: to be used for a relevant service subscription period (three (3) months’ retention period)
• (6) The Company collects each of the following personal information for the following purposes:
  - Name (company name), unique identification information, agent (name, unique identification information, contact information, address, its relationship with its principal)
  - Name (company name), address (installed place, etc.), mobile phone, wire phone number, e-mail
  - Providing and giving information on goods, shipping articles, conveying notifications, verifying principals’ intentions, and securing smooth communication channels
  - Name, date of birth, mobile phone number, mobile carrier information, connection information, duplication information (for verifying redundant subscriptions)

2. Collection method of personal information

• (1) The Company collects personal information in cases where a customer executes various kinds of written documents including an application for subscription, an application for title change; where a customer subscribes to membership at the Company’s wire or wireless services; where a customer gives a consent on the specific service screen; where a customer subscribes to membership online by telephone (including SMS, MMS) or with a smart phone application, etc.; or where a customer gives consent by mail, e-mail, fax, or any other media.
• (2) The Company also may collect personal information through its mobile phones, wire or wiles internet generating information collection tools, etc.

3. Installation, Operation, and Rejection Methods of Automatic Collection Instruments of Personal Information

• 1) What is a cookie? It is small amount of information that the services send to a customer’s online services. If a customer has access to the services, the Company may provide the services without additionally entering names for access, etc. by reading the content of the cookie in the online services and finding out the customer’s additional information from the customer’s online services.
  Also customers have option for cookies; provided, however, that if a customer refuses to install a cookie, he or she may experience inconvenience in using the services or the Company may have difficulty in providing the services.
• 2) What is statistical data? They are the following information that is saved on a terminal’s specific areas when online services are used and periodically conveyed to the Company’s server:

  ① Service use statistics (network environments upon call connection, call disconnection, or call failure, download execution failures, wireless internet access failures, access hours, etc.)

  ② Use pattern information (customers’ menu moving paths, mainly used services, number of service uses, usage, etc.)

  ③ Customers may refuse the Company’s collecting or using statistical data through a relevant terminal’s statistical data blocking option except for the case where it is necessary for a customer to carry out the agreement with the Company regarding provision of the series; where it is necessary to calculate fees, or where it is specified under the laws.

• 3) The Company’s cookie, statistical data operating company shall operate cookies and statistical data for users’ convenience. The Company’s purposes of using statistical data shall be as follows:

  ① Providing differentiated information according to individuals’ interested fields;

  ② Figuring out users’ preferences and interested fields by analyzing access frequencies or stay hours, etc., and utilizing the results for targeted marketing;

  ③ Following users’ traces for the content seen browsed with interest and providing personalized services when users have access next time;

  ④ Providing information on use hours when customers use paid services;

  ⑤ Analyzing members’ habits and using them as criteria when the services are changed; and

  ⑥ Registering writings on the bulletin board.

• 4) Cookies expires when a relevant browser ends or upon log-out.

4. Use and Provision to Third Parties of Personal Information

• (1) The Company uses and provides customers’ personal information to the extent publicly announced for purposes of collecting and using personal information in the Subscription Application, the General Terms and Conditions for Use, and the Personal Information Handling Policy. In particular, the Company uses and provides personal information by taking care in each of the following cases:

  1) Affiliation Relationships
  The Company may provide to or share with its affiliates the personal information of customers in order to provide better services. In this case, the Company passes through the procedures to obtain customers’ consent by giving notices individually by electronic methods of e-mail, etc. or telephone, writing, fax, mail, etc. as to who the affiliate is, what personal information items are provided or shared, why such personal information is provided or shared, and until when and how such personal information is to be protected and controlled. If a customer does not consent thereto, the Company does not provide to or share with its affiliate such personal information.

  2) Mergers and Acquisitions, etc.
  In the event the Company’s rights and obligations as a service provider are to be entirely succeeded to or transferred, the Company will give a prior notice of the intended transfer of personal information, name (for a corporation, its company name), address, telephone number, and any other contact information of a relevant person to receive personal information (hereinafter referred to as “Business Assignee, etc.”), and methods and procedures for withdrawing consents where customers do not desire the transfer of personal information, and the Company gives customers an option to withdraw their consents to the transfer of personal information.

• 
  (2) Where it is necessary to calculate fees even if a customer does or does not consent thereto, or where there is a special provision in relevant laws including the National Tax Basic Act, the Local Tax Act, the Communications Secret Protection Act, the Act on Real Name Financial Transactions and Confidentiality, the Act Relating to Use and Protection of Credit Information, the Telecommunications Basic Act, the Telecommunications Business Act, the Consumer Basic Act, the Bank of Korea Act, and the Criminal Procedures, notwithstanding the provision of Section 1, when the Company collects customers’ personal information, it may use or provide personal information to a third party beyond the scope publicly announced to customers or beyond the scope specified in the General Terms and Conditions for Use; provided, however, that even where the Company uses or provides personal information to a third party pursuant to relevant laws, it does not unconditionally provide customers’ personal information but provides personal information according to the procedures and methods prescribed in the laws.
• 
  (3) The Company may collect and use customers’ personal information without their consents where the personal information is required to carry out a relevant agreement for provision of the services, but it is difficult to obtain ordinary consents due to economic or technical reasons.
• 
  (4) In the event the Company provides customers’ personal information to a third party, the purposes of provision thereof, items of personal information to be provided, a person(s) to be provided with personal information, and the retention and use period shall be as described in the following table:

5. Entrustment for Handling of Personal Information

• (1) The Company may entrust external professional companies to collect, retain, handle, use, provide, control, or destroy (hereinafter referred to as “handle”) customers’ personal information in order to smoothly carry out works by providing better services and providing customers with convenience, etc.
• (2) In the event the Company entrusts external professional companies to handle customers’ personal information, the content of entrusted duties and the entrusted party shall be as described in the following table:
• (3) In the event the Company entrusts external professional companies to handle customers’ personal information, the Company, through agreements, etc., clearly provides for compliance with relevant laws for personal information protection, confidentiality for personal information, prohibition of provision of personal information to third parties, liability arising upon the occurrence of accidents, the entrustment period, and how to return or destroy personal information, and retain relevant provisions of the agreement in writing or electronically.
• (4) The Company in principle does not entrust external professional companies to handle customers’ personal information for purposes other than the purpose of providing the services without customers’ consents, but if necessary, the Company notifies customers of the content of entrusted duties and the entrusted party, and obtain their consents.

6. Use and Retention Period for Personal Information

• (1) In principle, the Company uses and retains customers’ personal information during the period of subscription to the services.
• (2) In each of the following cases, the Company may retain customers’ personal information to the necessary extent until the duration elapses or relevant conditions are accomplished:

  1) Where it is necessary to retain personal information for a certain period of time pursuant to the provisions of relevant laws including the Commercial Act, the Company retain personal information for the period. Relevant examples are as follows:
  ① Personal information included in commercial books and business related important documents: 10 years (Commercial Act)
  ② Personal information included in sales statements or similar documents: 5 years (Commercial Act)
  ③ Customers’ names, resident registration numbers, telephone numbers, addresses, fee payment statements (amounts invoiced, amounts received, date and time of receipts, fee payment methods, etc.), and any other transactions related books: 5 years from the date when the deadline of legal filing of relevant national taxes has elapsed (National Tax Basic Act)
  ④ Records on agreements or withdrawals of offers, etc.: 5 years from the date when an agreement is made or an offer is withdrawn (Act Relating to Information Protection for Information Communication Network Use Promotion)
  ⑤ Records on complaints of consumers or dispute resolutions: 3 years from the time when a complaint or dispute is disposed of (Act Relating to Information Protection for Information Communication Network Use Promotion)
  ⑥ Records on labeling and advertising: 6 months (Act Relating to Information Protection for Information Communication Network Use Promotion)
  ⑦ Records on collection, processing, and use of credit information: 3 years (Act Relating to Use and Protection of Credit Information)
  ⑧ When the Company provides communications confirmation data, names, resident registration numbers, telephone numbers, etc.: 12 months (Communications Secret Protection Act)
  ⑨ The date of telecommunications, the time that the telecommunications commence and end, the subscriber number of the other party including the communications number of outgoing and incoming call, the frequency of use, the data on tracing a location of information communications apparatus connecting to the information communications networks: 12 months (Communications Secret Protection Act): 12 months (Communications Secret Protection Act)
  ⑩ The computer communications or Internet log records relating to facts that the users of computer communications or the Internet have used the telecommunications services, the data on tracing a location of connectors capable of confirming the location of information communications apparatus to be used by the users of computer communications or Internet for connecting with the information communications networks: 3 months (Communications Secret Protection Act)

  2) Where the Company obtains consent from customers individually:
  the consented period

  3) Where there is a dispute of civil petitions, lawsuits, etc. between the Company and a customer, but the dispute is not resolved within the retention period:
  until the time when the dispute is resolved

7. Destruction of Personal Information

• (1) Where the Company accomplishes the purpose of collecting or using the personal information it has collected or upon completion of the retention and use period, it destroys relevant information except for the cases where it is necessary to retain such personal information according to a customer’s consent, the General Terms and Conditions for Use, or relevant laws.
• (2) The Company shreds with a paper shredder or incinerates personal information specified in writing, and deletes personal information saved electronically by using a technical method with which the records cannot be regenerated.

8. Customers ‘ Rights and Exercise Methods

• (1) Customers may at any time peruse or correct the personal information the Company retains, the details of use and provision of personal information, or the details of consent to collection, use, and provision of personal information. Where the Company finds it necessary to correct or delete relevant personal information because there is an error(s) in the personal information or the retention period turns out to have elapsed, it modifies the personal information.
• (2) Where a customer desires to peruse or correct his or her online subscription information, he or she may directly peruse or correct it by clicking on the Change of Member Information within the services. Also where a customer contacts a relevant webmaster by e-mail, the Company takes necessary measures.
• (3) Where a customer’s agent requests the Company to allow, him or her to peruse, or certify the customer’s personal information, the Company verifies the authenticity of the agent by receiving a power of attorney, the customer’s seal certificate, and the agent’s identification card.
• (4) Where a customer has requested the Company to correct errors in his or her personal information, the Company does not use or provide the personal information until a relevant correction(s) has been completed.
• (5) Where a customer has previously provided incorrect personal information to a third party, the Company notifies the third party of the results of its correction(s) so that the third party can take a corrective measure(s).
• (6) Customers should accurately enter his or her latest personal information, and where there is a change in their personal information, customers should notify the Company thereof. Where a customer has entered inaccurate information for himself or herself, or the Company could not know there is a change in his or her personal information because he or she does notify the Company thereof, the customer should be responsible therefor.
• (7) Where a customer appropriates or infringes upon a third party’s information or enters false information, the Company may terminate the services or cancel his or her membership, and he o she may be subject to punishment under relevant laws.
• (8) Where a customer repetitively makes a request for perusal or provision of his or her personal information, and as a result, it is likely to cause a difficulty to the Company’s business or the quantity of personal information to be provided are substantial and thus incurs expenses, the Company may postpone or reject the customer’s request, or charge the customer for actual expenses (copy expenses, etc.) incurred to handle the request.

9. Withdrawals of Consent to Collection, Use, or Provision of Personal Information

• (1) Customers may at all times withdraw his or her consented content on the collection, use, or provision of personal information. Customers may withdraw his or her consent if he or she clicks on the Withdrawal from Membership on the member information or member information change screen within the services, or contacts a relevant personal information protection manager or administrator in writing, or by telephone or e-mail. The Company takes necessary measures by deleting relevant personal information, etc.

  Address : 107, Yeoidaebang-ro, Yeongdeungpo-gu, Seoul
  Telephone : +82 02-2240-9119
  E-mail : hcahn@hyundaiht.co.kr

• (2) Where the Company has taken measures to destroy personal information as a result of a customer’s withdrawal from his or her consent, it shall notify the customer thereof following the customer’s request.

10. Link Sites of Services

• (1) The Company may provide customers with links to other services or materials. In this case, since the Company does not have the right to control such external services or materials, it should not guarantee or be held responsible for usefulness of the services or materials the customers have received therefrom.
• (2) Where a customer is to click on a link and move to another service, he or she should verify relevant policies of the services he or she newly visits because the service’s personal information handling policy is not related to the Company.

11. Posted Materials in Services

• (1) In each of the following cases, the Company may delete, block, change, make a request for deletion or change, give a warning to, discontinue use of the services, or take other appropriate measures with respect to the posted materials:

  1) Spam posted materials (e.g., chain letters, 800 million mails, advertisements of specific sites, etc.);

  2) Writings undermining a third party’s reputations by distributing facts or false facts for the purpose of slandering the their party;

  3) Content infringing upon a third party’s rights without consent, such as disclosure of identity, portrait rights, or copyrights; or

  4) Other posted materials running counter to the laws, hindering public morals, or different from the subject in a bulletin board.

• (2) In order to facilitate a good bulletin board culture, when the Company discloses a third party’s identity without consent, it may post such identity by deleting a specific part(s) or changing it with a sign, etc.
• (3) Where certain content may be moved to another bulletin board of another subject, a relevant customer should clarify a moving path to a relevant bulletin board so as to prevent any misunderstandings.
• (4) In any other cases, the Company may delete posted materials after giving a warning.
• (5) In principle, a relevant drafter of posted materials should have relevant rights and responsibilities regarding the posted materials. Also since it is difficult to protect relevant information voluntarily disclosed through the posted materials, customers should be advised to take careful consideration before posting materials.

12. Collecting Opinions and Handling Complaints

• (1) The Company considers customers’ opinions worthily. Should customers ask questions to the customer center or an agency, the Company will provide prompt and accurate answers.
• (2) The Company operates the customer service center to ensure amicable communications with customers, and its contract information is as follows:

  1) E-mail : hcahn@hyundaiht.co.kr
  2) Telephone number : 02-2240-9119
  3) Address : 107, Yeoidaebang-ro, Yeongdeungpo-gu, Seoul

• (3) Where a customer makes a request for consulting services by e-mail, fax, or mail, the Company will sincerely give answers after receiving the request; provided, however, that after business hours or on weekends or holidays, in principle, the Company handles such requests on the next day.
• (4) Where customers otherwise need to be provided with consulting services regarding personal information, they may ask questions to
  If you need reports or consultations related to personal information infringements, please ask questions to the following institutions: the Personal Information Infringement Reporting Center, the Information Protection Mark Certification Commission, the Internet Crime Investigation Center of Supreme Prosecutors’ Office, or the Korean National Police Agency Cyber Bureau.

  1) Personal Information Infringement Reporting Center:

  Tel. : 118

  E-mail : privacy@kisa.or.kr

  Service : http://privacy.kisa.or.kr

  2) Korea Online Privacy Association:

  Tel. : 02-550-9531~2

  Service : http://www.eprivacy.or.kr

  3) Internet Crime Investigation Center of Supreme Prosecutors’ Office:

  Tel. : 02-3480-3571

  E-mail : cybercid@spo.go.kr

  Service : http://www.spo.go.kr

  4) Korean National Police Agency Cyber Bureau:

  Tel. : 182

  Service : http://cyberbureau.police.go.kr

13. Personal Information Protection Manager

• Personal Information Grievance Settlement Manager

• o Name : Team Head Hyo Cheol Ahn

  o Affiliation : Technology Research Center IOT Team

  o Tel.: 02-2240-9119

  o E-mail: hcahn@hyundaiht.co.kr

• Personal Information Protection Manager

• o Name : Team Head Hyo Cheol Ahn

  o Affiliation : Technology Research Center IOT Team

  o Tel.: 02-2240-9119

  o E-mail: hcahn@hyundaiht.co.kr

14. Duty to Notify

15. Cross Boarder Transfer of Personal Information

• (1) Pursuant to Article 17 Section 3 of the Personal Information Protection Act, where the Company is to provide personal information to a third party in a foreign country, it will give customers a prior notice of the following matters and obtain their consents:

  1) Items of personal information sought to be provided to a third party in a foreign country;

  2) Country(ies) to which personal information is provided, date and time, methods; and

  3) Name(s) to be provided with personal information (as for a corporation, the company name, and contact information of a relevant information protection manager)

  • Version number of Personal Information Handling Policy: v1

  • Date of change of Personal Information Handling Policy: 2017-08-17

  • Date of implementation of Personal Information Handling Policy: 2017-08-17