Article 1. (Purpose of Processing)
① Duksanhighchem Co., Ltd. (hereinafter referred to as the ‘Company’) legally processes and manages personal information in accordance with the Personal Information Protection Act and related laws and regulations to protect the freedom and rights of data subjects.
② In accordance with Article 30 of the Government's Personal Information Protection Act, the company establishes and discloses a personal information processing policy as follows in order to guide the data subject on procedures and standards for personal information processing and to promptly and smoothly handle the related grievances.
③ The processed personal information is not used for any purpose other than the following purposes, and when the purpose of use is changed, necessary measures are being taken, such as obtaining separate consent under Article 18 of the Government Personal Information Protection Act.
Article 2 (Period of Processing and Retention of Personal Information)
① The company processes personal information within the period of possession and use of personal information according to laws or the period of possession and use of personal information agreed upon when collecting personal information from the data subject.
② The retention period of personal information processed by the company can be inquired in Article 3 of 'The Items of Personal Information processed'.
Article 3 (The items of personal information to be processed and the status of
registration of personal information files)
① The purpose of processing, retention period, and personal information items of personal information files handled by the company are the same as Article 15, and are registered and disclosed using Article 32 of the Government's Personal Information Protection Act. Protect the environment before printing.- 6 Duksanhighchem Personal Information Processing Guidelines No 90 2024.
② The contents of the company's personal information file may be requested to the company in accordance with Article 6, "Matters concerning the rights and obligations of the data subject and legal representatives and how to exercise them."
Article 4 (Matters concerning the provision of personal information to third parties)
① In principle, the company processes the personal information of the data subject within the scope specified for the purpose of processing the personal information, and does not process or provide it to a third party without the prior consent of the data subject, except in the following cases.
1. In the case of obtaining separate consent from the data subject
2. If there are special provisions in the law
3. The data subject or legal representative is unable to express his or her intention, or due to an unknown address, etc
When prior consent cannot be obtained, it is clearly the urgent life, body of the data subject or third party,
Where it is deemed necessary for the benefit of property.
4. Deliberation and resolution by the Protection Committee as a case where it is impossible to perform the duties under the jurisdiction prescribed by other Acts unless personal information is used for purposes other than its purpose or provided to a third party, If you hit it.
5. To provide foreign information or international organizations for the implementation of treaties and other international agreements, if necessary
6. Where it is necessary for the investigation of a crime and the filing and maintenance of a prosecution
7. Where it is necessary for the performance of the court's judicial affairs
8. Where it is necessary for the execution of punishment, supervision, and protection measures
Article 5 (Consignment of Personal Information Processing)
① When the company entrusts the processing of personal information in accordance with Article 26 of the Government's Personal Information Protection Act when signing a consignment contract, it concludes and processes the personal information processing consignment contract, and supervises whether the trustee handles personal information safely. Protect the environment before printing.
1. Purpose and scope of consignment work
2. Restrictions on re-consignment
3. Measures to ensure the safety of personal information
4. Restrictions on the processing of personal information
5. Management and supervision of trustees
6. compensation for damages
② If the contents of the consignment work or the trustee changes, we will disclose it without delay through this personal information processing policy and the company's website.
Article 6 (Matters concerning the rights and obligations of the data subject and egal representatives and the method of exercising them)
① The data subject (referring to a legal representative for those under the age of 14) may exercise the following rights.
1. a request for personal information access
2. Request for correction and deletion of personal information.
A. Personal information files held by the company may be requested to be corrected or deleted in accordance with Article 36 of the Government's Personal Information Protection Act (correction and deletion of personal information).
B. However, if the personal information is specified as a collection target in other laws and regulations, it cannot be requested to delete it.
3. Request to stop processing personal information.
The personal information file held by the company is Article 37 of the Personal Information Protection Act (Processing Personal Information) Stop, etc.) may require processing to stop.
4. However, the request for access to personal information may be restricted as follows under Article 35 (5) of the Act.
1) If access is prohibited or restricted by law
2) Where there is a risk of harming the life or body of another person or unreasonably infringing on the property and other interests of another person
3) In cases where a public institution causes a serious obstacle when performing any of the following duties, the affairs concerning the imposition, collection, or refund of taxes
A) Work related to the ongoing evaluation or judgment on the calculation of compensation and benefits, etc
B) Work related to audit and investigation in progress under other laws.
4) Failure to process personal information fails to provide services contracted with the data subject, etc
Where it is difficult to implement a drug, and the data subject does not clearly state his/her intention to terminate the contract
② The exercise of rights under paragraph (1) may be requested in writing, telephone, e-mail, fax, etc. after preparation in accordance with the attached form, and the company will take measures within 30 days from the date of receipt and notify the relevant data subject of such fact.
③ When requesting correction, deletion, or suspension of processing of personal
information, the form of "Request for Access to Personal Information" shall be applied mutatis mutandis. (Notice on the Government's Personal Information
Processing Method, [Attachment No. 8], Request for Access to Personal
Information)
④ If you refuse to read or fail to comply with the request for deletion or suspension of processing, we will notify the relevant data subject within 30 days from the date of receipt of the request for the fact, reason, and method of filing an objection.
⑤ Restrictions on the processing of requests for reading, correction, deletion, and suspension of processing by data subjects When exercising the rights of the data subject, it is confirmed that the person who made the request is the data subject himself or a legitimate agent (a legal representative or a person who has been delegated), so the representative of the data subject must submit a power of attorney in the form below. (Notice on how to process personal information by the government,
[Attachment No. 11], Power of attorney)
⑥ Methods and procedures for exercising rights.
1. The data subject may have an agent (the legal representative of the data subject, the person entrusted by the data subject) request the reading, correction, deletion, and suspension of processing of personal information. In
this case, the agent shall submit the power of attorney of the data subject to the Corporation.
2. The exercise of the rights of the data subject can be done by writing, e-mail, fax, etc. to the processing department (the processing department for requesting access to personal information) after completing the "Personal Information (access, correction, deletion, suspension of processing) request".
3. If the data subject is dissatisfied with or has an objection to the action for reading/correction/stop/deletion of personal information, he/she may file an objection (disclaimer) with the contact information and method listed in the
processing department of the request for access to personal information.
4. The attached form shall be used for the request for access to personal information and the power of attorney.
5. The procedure for requesting reading, correction, deletion, and suspension of personal information is as follows.
Article 7 (Procedures and Methods for Destruction of Personal Information)
① When personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the processing purpose, the company will destroy the personal information without delay under the judgment of the information manager.
② If the personal information must be preserved in accordance with other laws and regulations despite the expiration of the personal information retention period agreed by the data subject or the purpose of processing has been achieved, the personal information (or personal information file) shall be moved to a separate database (DB) or stored differently.
③ The procedures and methods for destroying personal information are as follows.
1. Procedure for the destruction
A. The company establishes and destroys a personal information destruction plan for personal information (or personal information files) to be destroyed.
B. The company selects the personal information (or personal information file) in which the reason for destruction occurred, and destroys the personal information (or personal information file) with the approval of the person in
charge of personal information protection.
2. Method of destruction.
A. The company shall destroy personal information recorded and stored in the form of electronic files so that the records cannot be reproduced, and the personal information recorded and stored in the paper documents shall be
destroyed by grinding or incineration.
Article 8 (Matters concerning measures to ensure the safety of personal information)
① In accordance with Article 29 of the Personal Information Protection Act, the Company takes the following technical/administrative and physical measures necessary to ensure safety.
1. Minimization and training of personnel handling personal information
Personal information is managed by designating employees who handle personal nformation and minimizing them only to those in charge. We are implementing measures to do so.
2. Establishment and implementation of internal management plan.
For the safe processing of personal information, internal information protection regulations have been enacted, and a detailed personal information protection plan has been established and implemented every year.
3. Encryption of personal information
Personal information is safely stored and managed through encryption, etc. In addition, it uses separate security functions such as encryption and use of important data when storing and transmitting it.
4. Technical countermeasures against hacking, etc
In order to prevent leakage and damage of personal information by hacking or computer viruses, the company installs security programs, conducts periodic updates and inspections, installs systems in areas where access is controlled from outside, and monitors and blocks them technically and physically.
5. Restrictions on Access to Personal Information
We take necessary measures to control access to personal information by granting, changing, and canceling access to database systems that process personal information.
6. Storage of access records and prevention of forgery
We keep and manage records of accessing the personal information processing system (web logs, summary information, etc.) for at least a year, and use security functions to prevent forgery, theft, or loss of access records.
7. Access control for unauthorized persons
There is a separate physical storage place for personal information, and access
control procedures are established and operated.
Article 9 (Rights and obligations of data subjects and legal representatives and methods and procedures for exercising them)
① The data subject (referring to a legal representative for those under the age of 14) may exercise the following rights.
1. a request for personal information access
2. Request for correction and deletion of personal information
3. Request for suspension of personal information processing
② The exercise of rights under paragraph (1) may be requested in writing, telephone, e-mail, fax, etc. after preparation in accordance with the attached form, and the company will take measures within 30 days from the date of receipt and notify the relevant data subject of such fact.
③ When requesting correction, deletion, or suspension of processing of personal information, the form of "Request for Access to Personal Information" shall be applied mutatis mutandis. (Notice on the Government's Personal Information
Processing Method, [Attachment No. 8], Request for Access to Personal Information).
Article 10 (Measures to ensure the safety of personal information)
① The company is taking the following measures to ensure the safety of personal information.
1. Minimization and training of personnel handling personal information.
A. Employees who handle personal information are designated and managed only for those who are absolutely necessary We provide training for safe management for handling staff.
2. Restrictions on access to personal information.
A. Granting, changing, or cancelling access rights to database systems that process personal information Therefore, we are taking necessary measures to control access to personal information.
B. In addition, unauthorized access from outside is controlled using an intrusion prevention system, We set and operate standards such as how to generate passwords and how to change them.
3. storage of access records.
A. Keep records of accessing the personal information processing system (web logs, summary information, etc.) for at least one year,
4. In the case of processing personal information, the date and time of access, processing details, etc. are stored and checked and supervised I keep the connection record as a backup to a separate storage device.
Article 11 (Matters concerning the installation and operation of automatic personal information collection devices and their refusal)
① The company stores usage information to provide individual customized services to users, and frequently. Use 'cookie' to import.
② Cookies are used to run a website (https) to provide a user's computer browser
It is a small amount of information that is sent and is sometimes stored on a hard disk in the user's PC computer.
1. Purpose of use of cookies: Visiting and using each service and website visited by the user To provide optimized information to users by identifying Tae, popular search terms, and security access It's used in the year.
2. Installation, operation, and rejection of cookies: Tools at the top of the Web browser > Internet Options > Privacy menu Option settings allow you to deny saving cookies.
3. Refusing to save cookies can cause difficulties in using customized services.
Article 12 (Criteria for additional use and provision of personal information)
① In accordance with Article 15 (3) and Article 17 (4) of the Personal Information Protection Act, the company is the Personal Information Protection Act
In consideration of the matters under Article 14-2 of the Enforcement Decree, additional personal information is added without the consent of the data subject It can be used and provided by the company without the consent of the data subject
·In order to provide it, we considered the following.
1. Whether the purpose of additional use and provision of personal information is related to the original purpose of collection
2. In light of the circumstances or processing practices of collecting personal information, additional use and provision of Whether it is predictable or not
3. Whether the additional use and provision of personal information unreasonably infringes on the interests of the data subject
4. Whether measures necessary for securing safety, such as processing pseudonyms or encryption, have been taken
Article 13 (Matters concerning the processing of pseudonym information)
① In the case of pseudonymizing personal information, related information is posted on the company bulletin board to guide the data subject to confirm.
Article 14 (Personal Information Protection Officer)
① The company is in charge of handling personal information and designates a person in charge of personal information protection as follows for the handling of complaints and damage relief of information subjects related to personal information processing.
| classification | Department | name | Contact |
|---|---|---|---|
| Personal Information Protection Officer | Management Support Department | Hwang Mi Ree | Call. 02-858-2570 Fax. 02-6292-2577 ds@dshighchem.co,kr |
Article 16 (Remedies for infringement of rights and interests of information subjects)
①The information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Personal Information Infringement Reporting Center of the Korea Internet & Security Agency in order to remedy the damage caused by personal information infringement. In addition, please contact the following organizations to report or consult about other personal information infringement.
1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
4. National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)
② If the Company's personal information is transferred to a government agency, a person whose rights or interests have been infringed upon by an action or omission taken by the head of a public institution in response to a request pursuant to the provisions of Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.
③ The online Central Administrative Appeals Commission is (without area code) 110 (www.simpan.go.kr))
Article 17 (Results of Personal Information Impact Assessment)
① In order to investigate, analyze, and evaluate the impact of the personal information processing system operated by the Company on the personal information files of the information subjects, the Company shall conduct a "personal information impact assessment" once a year in accordance with Article 33 of the Government Personal Information Protection Act.
② The Company conducts an impact assessment on the following personal information files.
| Personal information file name | Personal Information Items Recorded in Personal Information Files | Year of impact assessment |
|---|---|---|
| List of accounts | Name. Gender. Cell phone number. Date of birth. Email address, home address. Work address. Resident registration number. Foreign registration number. Person photo | 2023 |
Article 18 (Installation and operation of video information processing equipment)
① The company establishes and operates the operation and management policy of video information processing devices in the company's information security business regulations as follows. (Company information security business regulations)
② The video information processing devices installed and operated in public places by the company are as follows. Status of installation and operation of video information processing equipment.
| Equipment | Installation location and contents | Year of impact assessment |
|---|---|---|
| Stationary CCTV | Cheonan Plant, 1 Central Entrance Hall. For outer fence boundary work. 5 units | 2023 |