Cyber Audit | HYUNDAI STEEL

Privacy Policy

View revision history

Hyundai Steel Co., Ltd. Cyber Audit Office Service (hereinafter referred to as Hyundai Steel) complies with the provisions of the "Personal Information Protection Act" and related laws to protect the rights and freedoms of the information subjects, and processes personal information lawfully and manages it safely. In accordance with Article 30 of the "Personal Information Protection Act," we establish and disclose the following privacy policy to provide information subjects with guidance on the procedures and standards for processing personal information, and to ensure that any related grievances are handled promptly and smoothly.

Purpose of processing personal information

Hyundai Steel processes personal information for the following purposes. The processed personal information will not be used for purposes other than those stated below, and in the event that the purpose of use is changed, necessary measures will be taken, including obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

개인정보의 처리 목적
No.	Name of personal information file	Basis for operation	Purpose of processing
1	Personal information	Consent of the information subject	Handling of reports and notification of outcome

Processing and retention period of personal information

Hyundai Steel processes and retains personal information within the period for which consent was obtained from the
information subject, or according to the retention and usage periods of personal information as stipulated by law.

개인정보의 처리 및 보유기간
No.	Name of personal information file	Basis for operation	Retention period
1	Personal information	Consent of the information subject	3 years

Hyundai Steel does not, in principle, collect personal information from users under the age of 14.
If it is necessary to collect personal information from users under 14 for service use, prior consent will be obtained from their legal guardian. The collected information will be
promptly discarded upon completion of the relevant task, and during the process, strict measures will be taken to ensure the protection of personal information.

Personal Information Processing Item

Hyundai Steel processes the following personal information items.

처리하는 개인정보의 항목
No.	Name of personal information file	Report classification	Personal information items
1	Personal information	Real name report	Name, date of birth, e-mail address, contact (phone number)
1	Personal information	Anonymous report	Email address, contact (phone number)

Entrusting the processing of personal information

Hyundai Steel entrusts the processing of personal information as follows to ensure smooth management of personal information tasks.

개인정보의 위탁에 관한 사항
No.	Name of the trustee company	Address	Phone	Working hours	Entrusted tasks
1	Hyundai AutoEver	510 Teheran-ro, Gangnam-gu, Seoul	+82-31-6296-6000	9AM -6PM (UTS +09:00, Korea Standard Time)	Operation of Cyber Audit Office System
2	Saerom System	A528, 5th floor, 11 Tojeong-ro 35-gil, Mapo-gu, Seoul	+82-31-4458-8643	9AM -6PM (UTS +09:00, Korea Standard Time)	Operation of Cyber Audit Office System

Destruction procedures and methods for personal information

1. Hyundai Steel will promptly destroy the personal information once the purpose of processing has been achieved. However, this does not apply in cases where retention is required by other laws. The procedures, timelines, and methods for destruction are as follows.

A. Destruction Procedure: Personal information that has exceeded the retention period will be destroyed without delay from the expiration date.
B. Destruction method:
- 1) The electronic form of information uses a technical method that cannot reproduce the record.
- 2) Personal information printed on paper is destroyed by shredding or incineration.

Rights and obligations of the information subject and legal representatives, and how to exercise them

1. The information subject (referring to legal representatives in the case of those under 14 years of age) may exercise rights such as requesting access, correction, deletion, or suspension of processing of their personal information held by Hyundai Steel at any time.
2. Rights under Paragraph 1 can be exercised by contacting the personal information manager via the email provided below with a request for “access, correction, deletion, or suspension of processing of personal information,” and action will be taken without delay.
3. Exercise of rights under Paragraph 11 can be carried out through a representative, such as a legal representative of the information subject or an authorized person.
4. Requests for access to personal information and suspension of processing may be limited under Article 35, Paragraph 44 and Article 37, Paragraph 22 of the Personal Information Protection Act.
5. Requests for correction and deletion of personal information cannot be made if the information is explicitly stated as being subject to collection under other laws.
6. When requests for access, correction, deletion, or suspension of processing are made, we will verify whether the person making the request is the information subject or a legitimate representative.

Measures for ensuring the security of personal information

Hyundai Steel implements the necessary technical, managerial, and physical measures to ensure security in accordance with Article 29 of the "Personal Information Protection Act" as follows.

1. Establishment and implementation of internal management plans: The establishment and implementation of Hyundai Steel’s internal management plans are carried out in accordance with Hyundai Steel’s internal management guidelines.
2. Minimization and training of personal information handlers: Individuals responsible for handling personal information are designated and minimized, and measures are implemented to manage personal information accordingly.
3. Access restrictions to personal information: Necessary measures are taken to control access to personal information by granting, modifying, or revoking access rights to the database systems that process personal information, and unauthorized access from external sources is restricted using intrusion prevention systems.
4. Storage of access records and prevention of tampering: Records of access to the personal information processing system (such as web logs and summary information) are retained and managed for at least one year, and security features are implemented to prevent tampering, theft, or loss of access records.
5. Encryption of personal information: Users’ personal information is encrypted and stored securely. In addition, important data is subjected to encryption during storage and transmission, and other security features are utilized.
6. Technical measures against hacking: Hyundai Steel installs security programs and performs regular updates and inspections to prevent personal information leakage and damage caused by hacking or computer viruses. Systems are installed in areas where access is restricted from external sources, and technical and physical monitoring and blocking measures are in place. In addition, monitoring of network traffic is conducted, as well as detection of attempts to illegally alter information.
7. Access control for unauthorized persons: A separate physical storage location for the personal information systems is established, and access control procedures are implemented and managed accordingly.

Installation, operation, and refusal of devices for automatic collection of personal information

1. Hyundai Steel uses cookies to store user information and retrieve it periodically.
2. Cookies are small amounts of information sent from the server (http) operating the website to the user’s computer browser, which may be stored on the hard disk of the user’s PC.
- A. Purpose of using cookies: Cookies are used to determine the frequency of user access and visit times, thereby providing users with more convenient services.
- B. Installation, operation, and refusal of cookies: You can configure cookie acceptance or blocking settings through your browser’s options.
  - 1) Internet Explorer: Tools menu in the upper right corner of the web browser > Internet Options > Privacy > Settings > Advanced
  - 2) Edge: Settings menu in the upper right corner of the web browser > Cookies and site permissions > Manage and delete cookies and site data
  - 3) Chrome: Settings menu in the upper right corner of the web browser > Privacy and security > Cookies and other site data
- C. If you refuse or block the storage of cookies, you may encounter difficulties in using the services.

Information on the Personal Information Protection Officer

To protect personal information and address complaints related to personal information, we have designated the following Personal Information Protection Officer and staff members.

개인정보 보호책임자에 관한 사항
Classification	Department name	Name	Contact information
Personal Information Management Officer	Business Reengineering & Audit Group	Park Jeong-hun
A person in charge of personal information management	Business Reengineering & Audit Team 1	Kim Tae-nam	P : +82-31-510-3046 E : xoska@hyundai-steel.com
A person in charge of personal information management	Business Reengineering & Audit Team 1	Kim Jae-woo	P : +82-31-510-3043 E : sincere@hyundai-steel.com
Privacy Officer	Information Security Group	Kim Seung-hoi
Personal Information Protection Officer	Information Security Planning Team	Lee Seung-yeop	P : +82-31-510-2376 E : sy21@hyundai-steel.com

Department responsible for receiving and processing requests for access to personal information

1. Information subjects may request access to personal information in accordance with Article 35 of the Personal Information Protection Act through the department listed below.

개인정보의 열람 청구를 접수·처리하는 부서
Classification	Department name	Name	Contact information
Personal Information Management Officer	Business Reengineering & Audit Group	Park Jeong-hun
A person in charge of personal information management	Business Reengineering & Audit Team 1	Kim Tae-nam	P : +82-31-510-3046 E : xoska@hyundai-steel.com
A person in charge of personal information management	Business Reengineering & Audit Team 1	Kim Jae-woo	P : +82-31-510-304 E : sincere@hyundai-steel.com

2. Hyundai Steel will strive to ensure that requests for access to personal information by the information subjects are processed promptly.

Remedies for infringement of the rights of information subjects

1. Information subjects may inquire about remedies and consultations regarding personal information infringement with the following organizations.

1. Information subjects may inquire about remedies and consultations regarding personal information infringement with the following organizations.
Organization name	Responsible duties	Website	Phone
Personal Information Infringement Reporting Center	Report of personal information infringement, consultation application	privacy.kisa.or.kr	118 (without area code)
Personal Information Dispute Mediation Committee	Dispute mediation application, collective dispute mediation (civil resolution)	www.kopico.go.kr	+82-1833-6972
Cyber Investigation Division of the Supreme Prosecutors’ Office	Report of personal information infringement	www.spo.go.kr	1301 (without area code)
Cyber Investigation Bureau of the National Police Agency	Report of personal information infringement	ecrm.cyber.go.kr	182 (without area code)

2. In addition, if an information subject’s requests for access, correction, deletion, or suspension of
processing of personal information lead to infringement of their rights or interests due to actions or omissions of the head of a public institution,
they may file an administrative appeal in accordance with the provisions of the Administrative Appeal Act.

2. In addition, if an information subject’s requests for access, correction, deletion, or suspension of processing of personal information lead to infringement of their rights or interests due to actions or omissions of the head of a public institution, they may file an administrative appeal in accordance with the provisions of the Administrative Appeal Act.
Organization name	Responsible duties	Website	Phone
Central Administrative Appeals Commission	Administrative appeals	www.simpan.go.kr	110 (without area code)

Matters relating to changes in the privacy policy

1. This policy will take effect from January 1, 2024.
2. The previous privacy policy can be reviewed at the top of the Cyber Audit Office website under “View revision history.”