Go to the main text

Language

Go

Home Privacy and information Processing Policy, etc.
open Privacy and information Processing Policy, etc.
Enlarge text Reduce text

Privacy and Information Processing Policy, etc.

Doosan Infracore Co. Ltd (the "Company") complies with the relevant statutory provisions regarding the protection of personal information, including the Personal Information Protection Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection. The Company further commits to safeguarding the rights and interests of the owners and holders of personal information, such as its customers, staff and website users, and has established its own Privacy and Information Processing Policy, in accordance with the relevant legislation.

The Company, through its Privacy and Information Processing Policy, etc., notifies the purposes and procedures of the collection of personal information, as well as the relevant protection measures. In case of any update or revision to the Policy, the Company will announce the change either on its website’s notice or by means of individual communication.

The Company’s Privacy and Information Processing Policy is composed of three parts pertaining to: the “Personal Information Processing Policy” for the protection of the personal information of all information holders with whom the Company deals; the “Personal Information Handling Policy” regarding the information of website users; and the “Visual Information Processing Equipment Management Policy” which manages the personal information used in visual processing.

However, other affiliated websites of the Company may have different policies.

  • 1. Personal Information Processing Policy
  • 2. Personal Information Handling Policy
  • 3. Visual Information Processing Equipment Management Policy

1. Personal Information Processing Policy

01. General Provisions

- "Personal Information" refers to the personally identifiable information of a living person
  whose identity may be checked easily in combination with the use of other sources such as
  a name, national identification number and picture, even though it is rarely possible to
  differentiate the individual in question with only the given information.
- "Informer" means the owner of any information which enables the recognition of a
  person’s identity.
- The Company discloses the Personal Information Processing Policy on the first screen of
  the website (www.doosaninfracore.com) to facilitate the verification of the policy in question,
  and will always announce any changes or revisions to this policy via a notice posted on its
  website or through individual communication.

02. Processed Personal Information and Purposes of Processing

Without the legitimate provisions or the consent of the informer, the Company may handle neither the sensitive information that may significantly compromise the privacy of its provider nor the unique identification information assigned to distinguish the interested-party from others. 

A. Processed Information

[Concerning customers]
Name, home address, e-mail, company name, service record, access log, cookies and IP address information

[Concerning employment]
Name, national identity number, picture, password, home address, home telephone number, mobile phone number, e-mail, education, military service, foreign language proficiency, computer skills, qualifications, family relationships, and career

B. Purposes of Processing

[Concerning customers]
- Settlement of the complaints on the membership and points of dissatisfaction
- Online market research or survey
- Marketing or advertising
- Service delivery and the settlement of fees

[Concerning employment]
- Test process, modification of the application form, verification of acceptance,
  contact for applicants, and verification of employment requirements
- Personnel management, including payroll, welfare benefits, support for various tasks,
  and assessment

03. Processing and the Retention Period of Personal Information

In principle, the collected personal information will be destroyed immediately after the purpose for which it was collected has been achieved. However, the following information will be retained during the designated period for the reasons set forth below:

- Retained information: name, home address, e-mail, company name
- Retention period: 1 year
- Reasons for retention: user inquiries / request management, user identification, etc.

- Retained information: service use data, access log, cookies, IP address information
- Retention period: 3 years
- Reasons for retention: enhancement of service quality through analysis of service use

- Retained information: name, password, date of birth, gender, national identity number,
  home address, home telephone number, mobile phone number, hobbies, skills, education,
  work experience, foreign language proficiency, military service, and family relationship
- Retention period: in principle, until the expiration of employment relationship
- Reasons for retention: Personnel management, including payroll, welfare benefits,
  support for various tasks, and assessment
- However, the personal information of an applicant, who was not employed,
  will be discarded immediately after the completion of the employment process.

04. Procedures and methods for the destruction of personal information

A. Destruction procedures

The company destroys the personal information without delay once it has achieved the purpose of its collection or the retention period has finished, except where the retention is required pursuant to the informer's consent, terms of use, or relevant legislation.

B. Methods of destruction
- Personal information stored in electronic file formats shall be deleted using technical methods
  that prevent the recovery of its record.
- Personal information printed on the paper shall be broken by the shredder, or destroyed
  through incineration.

05. Vision of personal information to a third party

The Company uses the personal information only within the scope laid out in "02. Processed Personal Information and Purposes of Processing”, and does not abuse it in excess of the established range nor discloses it to a third party. However, the following cases are exceptions:

  1. - In the case of having received the special consent of the informer
  2. - If there are special provisions in other relevant laws
  3. - If it is impossible to obtain the prior consent of the informer or its legal representative due
      to the state in which he cannot express his or her intention or his or her unknown address,
      so that the stored information is deemed to be necessary evidence for an imminent benefit of
      life, health, property of the informer or relevant third party
  4. - In case of providing the personal information in a form to block the recognition of a particular
      individual as necessary for the purposes of statistics and research.

The Company currently provides the following personal information

  1. - Institutions receiving personal information: Multicampus, Korea TOEIC Committee, Chamber of
      Commerce, the Department of Defense and Regional Military Manpower Administration,
      District Office/Dong Residents’ Center
  2. - Offered personal information: name, national identity number, phone number, military serial
      number
  3. - Purpose: verification of qualification
  4. - Retention and use period: immediately destroyed
  1. - Institution receiving personal information: Doosan Corporation
  2. - Offered personal information: name, national identity number, picture, password,
      home address, home telephone number, mobile phone number, e- mail, education,
      military service, foreign language proficiency, computer skills, qualifications,
      family relationship, career, social experience, awards, international experience and
      research experience
  3. - Purpose: integrated management and development of human resources
  4. - Retention and use period: until the expiration of employment relationship

06. Outsourcing of personal information processing

The Company does not entrust the personal information processing to an outside agency without the prior consent of the relevant informer.
For the outsourcing of personal information processing, the Company has in place the following instructions to safely manage the personal information when it concludes an outsourcing agreement in accordance with the relevant legislation.

  1. - Trustee company : Doosan Corporation
  2. - Outsourced service : Payroll, benefits and others
  1. - Trustee company : Multicampus, Korea Academy, Alpaco, Spicus, Pickupphone, eCampus, KT Innoedu
  2. - Outsourced service : Online courses for the staff
  1. - Trustee company : Doosan Information Communication BU Inc.
  2. - Outsourced service : Operation of the employment system

07. Rights and Obligations of Informers and Methods to Exercise the Rights

Every informer may demand the access, correction, omission and suspension of his or her personal information that the Company treats. However, the Company may refuse or limit the aforementioned demand under the following conditions.

  1. - If there is a special legal provision or it is unavoidable to comply with statutory obligations
  2. - If there is a concern to harm the lives or bodies of others, or to damage improperly the
      property and other interests of other people
  3. - If it is difficult to fulfill the contract, including agreed services, without processing the personal
      information, meanwhile the informer does not reveal clearly the intention to terminate
      the contract.

Methods and Procedures to Exercise Rights

  1. The informer who wants to read his or her personal information may submit the Request of Reading, Correction, Deletion and Suspension in writing, e-mail, fax, etc., to the department in charge (For this, see the section "09. Complaint Resolution Service for Personal Information“).
  2. - The Company takes action to respond to the demand within 10 days unless
      there is a justifiable reason, and communicates the reasons, if any, for such denial or
      restriction within five days, as well as the methods to appeal against this refusal or restriction.
  3. - The Company may verify the identity of the informer or, his or her representative that
      demands the reading, etc., of the personal information, checking his o her identity cards
      such as national identity card, one of certified electronic signatures or other equivalents.

Request Form

08. Technical, Administrative, and Physical Protection Measures for Personal Information

The Company takes the following safety measures to prevent personal information from being lost, stolen, leaked, altered, or damaged.

<Technical actions>

  1. - The Company complies with the required legal standards for the secure storage and
      transmission of the personal information.
  2. - Using anti-virus software, the company takes steps to
      prevent the damage caused by computer viruses. The anti-virus program is updated
  3.   periodically, and protects against the violation of privacy in case of a sudden outbreak of
      a new virus, providing its new version as soon as possible.
  4. - Against external attacks such as hacking, the Company does everything for the security,
      utilizing an intrusion detection system and a vulnerability assessment system for each server.

<Administrative actions>

  1. - The company gives the exclusive access to personal information to those who deal
      with sales and marketing directly with the informers, to those in charge of the management
      of personal information, and those who inevitably handle the personal data
      through carrying out other tasks.
  2. - The employees who treat the personal information take a regular in-house training and
      outsourcing education on the protection of personal information, being properly
      supervised to strictly comply with laws and regulations to the same purpose after both
      starting work and after taking retirement.

<Physical actions>

  1. - For the secure storage of the personal information and its handling system, the facilities
      are equipped with protection measures to prevent a physical access,
      including physical locking devices.
  2. - The computer room and data storage room, designated as special security areas,
      are under strict access control.

09. Complaint Resolution Service for Personal Information

The Company designates and operates the following division and officer in charge to protect the personal information and respond to the complaints regarding the sector.

A. Personal Information Division

  1. - Division: Information Security Team
  2. - Phone : 02-3398-2436
  3. - Fax : 02-3398-8337
  4. - E-mail : di_security@doosan.com
  5. - Business Hours: (Mon-Fri) 09:00 – 18:00, (closed on Sat-Sun, national holidays)

B. Chief Privacy Officer

  1. - Name: Park Dong-bum
  2. - Phone : 02-3398-2436
  3. - E-mail : di_security@doosan.com

If you want to report or need an advice on the invasion of the privacy, please contact the following organizations.

  1. - Personal Information Dispute Mediation Committee
      (http://privacy.kisa.or.kr - Phone: 118)
  2. - Privacy Complaint Center
      (http://www.privacy.go.kr - Phone: 118)
  3. - Government Protection Mark Authentication Commission
      (http://www.eprivacy.or.kr - Phone: 82 2 580 0533~4)
  4. - Internet Criminal Investigation Center, Supreme Prosecutor's Office
      (http://www.spo.go.kr - Phone: 82 2 3480 3600)
  5. - Cyber Terror Response Center, National Police Agency
      (http://www.ctrc.go.kr - Phone: 82 2 392 0330)

10. Notification

Additions, deletions and modifications of the current Personal Information Processing Policy will be notified through the website’s notice at least 10 days prior to the revision.

- Announcement date: Sept. 30, 2011
- Effective Date: Sept. 30, 2011

2. Personal Information Handling Policy

Doosan Infracore (“the Company”) appreciates the importance of your personal information and conforms to the Act on Promotion of Information and Communications Network Utilization and Information Protection. The Company hereby informs you of the purposes and methods by which we may use your personal information and of the actions taken to protect your privacy. If the privacy policy is modified or updated, the Company will inform you of the details by providing a notice on our website or through individual notification.

The following personal information handling policy is applied to this website (www.doosaninfracore.com, “this Site”).

This policy will take effect on September 30, 2011

01. Matters on Installation, Operation and Rejection of Automated Data (Personal Information) Collection System

The Company operates cookies which frequently store and access your personal information. A cookie is a small piece of text sent by a web server to your web browser, which is used to run the website. It is also stored on the hard disk of your computer. The Company uses cookies for the purposes outlined in the following items.

02. Uses of Cookies, etc.

Cookies may be used to analyze the frequency of access or visiting hours of users, store the information about user preferences, track users’ web browsing habits, and provide target marketing and customized service through analysis of user participation in events and number of visits.  You have a choice of whether to install cookies. You may accept all cookies, confirm whenever cookies are stored, or reject the storage of all cookies by setting an option in your web browser.

03. How to Reject the Storage of Cookies

You may accept all cookies, or confirm whenever cookies are stored, or reject the storage of all cookies by selecting an option in your web browser.

Example of settings (for Internet Explorer) : Tools > Internet Option > Privacy

But, if you refuse to install cookies, you may have a difficulty using certain services.

04. Purposes of Collection

The Company may collect your personal information for the following purposes.

  1. - To provide customer services such as membership management and complaints resolution
  2. - To provide you with better services and improve the level of this Site by conducting online
      market research or public opinion polls through which your ideas can be received
  3. - For marketing or advertising with your prior consent
  4. - To implement the provisions of service contracts and to provide billing content for
      services provided

05. Gathered Personal Information

The Company collects the following personal information to manage membership, counseling, or application for service.

  1. - Items collected: name, home address, e-mail, company name, service use, access log,
      cookies, IP information, mobile phone number, home phone number, employee number,
      and password
  2. - How to collect personal information: Home page (Contact Us, Readers’ Opinion)

06. Provision of Personal Information

The company, in principle, does not provide its users' personal information to outside persons, bodies or organizations. However, the exceptions possible are listed below.

  1. - If users agree in advance
  2. - If the provision of personal information complies with provisions of the law or by the request
      of the investigation agencies according to the procedures and methods set forth for the
      purpose of investigation

07. Disclosure of Personal Information

Personal information collected through this Site is not disclosed to third parties, excepting where you give prior consent, or where your personal information is required by law to be disclosed to third parties such as investigative agencies, judicial authorities or other branches of government. 

Exceptions are made in the following cases

  1. - Where you have agreed to disclose your personal information in advance
  2. - Under the provision of laws or upon the request of investigative agency in accordance with
      the procedures and methods stipulated by law for investigation.

The Company does not provide your personal information to outside companies without your prior consent. If it is necessary to disclose your personal information to an outside company to provide the service you have requested, the Company will inform you of the identity of the company as well as the details of requested service and obtain your prior consent.

If you do not agree to disclose your personal information for purposes other than responding to your request for information / service, you may indicate as such by marking on the applicable column in your personal information page.

08. Rights of Users and Their Legal Representatives and How to Exercise Them

You and your respective legal representatives, at any time, may check or modify your registered personal information as well as request to cancel your prior consent. You may also contact our personal information manager in writing or by telephone or email, and the manager will help you promptly.

If you request to correct errors in your personal information, the information is neither used nor provided before the correction is completed. If your incorrect personal information has been provided to a third party, they will be promptly notified of the result of the correction.

The Company handles the personal information which has been withdrawn or deleted at the request of you or your legal representative in the manner provided in the ‘Retention and Duration of Use’ and does not access or use it for other purposes.

09. Retention and Destruction of Personal Information

Any information provided by you will be banned from use, other than for the purpose of record keeping in our archives or for the purpose of complying with relevant laws and regulations.  Such information is promptly destroyed upon achievement of the purpose of its use. However, if you wish to remove your personal information from our records, the information in its entirety will be destroyed immediately upon your request, and no information shall be retained in our archives unless relevant laws and regulations require such information to be stored for a longer period of time. The procedures and methods are listed as below.

A. Retention and Duration of Use

  1. - Retained information: name, home phone number, home address, mobile phone number, e-mail
  2. - Statutory grounds for storage: prevention of confusion arising regarding service use, and
      cooperation with relevant investigation agencies in connection with any instances of
      service abuse
  3. - Retention period: 1 year
  4. - Reasons for retention: user inquiries/requests management, user identification, etc.
  1. - Retained information: service usage data, access log, cookies, IP information
  2. - Statutory grounds for storage: Communications Secrets Act
  3. - Retention period: 3 years
  4. - Reason for retention: collection of service use statistics

B. Destruction Procedures

The information that you enter is transferred to a separate database (a separate file folder in case of paper) after the achievement of its purpose, to be saved for internal policies and other information protection reasons adhering to the relevant regulations (see “Retention and Duration of Use”) during a limited time and will be destroyed ultimately. The data separately transferred into the database, unless the law permits the exception, shall not be used for purposes other than its original objective.

C. Destruction Methods

Personal information stored in electronic file formats shall be deleted using technical methods that prevent the recovery of its record.

10. Links to Third Party Websites

This Site may contain links to third party websites, and the Company shall not be liable for the use of the linked websites or their contents. You agree that the use of the linked websites is subject to the Personal Information Handling Policy of those websites.

11. Personal Information Security

The Company maintains strict safety devices to prevent unauthorized or inappropriate access to personal information by limiting the access or use by its employees to the information.

12. Outsourcing of Collected Personal Information Management

The Company outsources the implementation and operation of this service to the following external specialist:

  1. -Trustee: Doosan Information Communication Inc.
  2. -Outsourced service: website and system management

13. Customer Support Service for Personal Information Management

The Company designates and operates the following division and officer in charge to protect the personal information and respond to the complaints regarding the sector.

  1. - Division: Information Security Team
  2. - Phone : 02-3398-2436
  3. - E-mail : di_security@doosan.com
  4. - Business Hours: (Mon-Fri) 09:00 – 18:00, (closed on Sat-Sun, national holidays)

To report violation of the privacy policy or inquire about the privacy policy, please contact the following organizations.

  1. - Individual Dispute Mediation Committee
      (http://www.1336.or.kr - Phone: 1336)
  2. - Information Protection Mark Certification Committee
      (http://www.eprivacy.or.kr - Phone: 82 2 580 0533~4)
  3. - Supreme Prosecutors’ Office Cyber Crime Investigation Center
      (http://www.spo.go.kr - Phone: 82 2 3480 3600)
  4. - National Police Cyber Terrorism Countermeasure Center
      (http://www.ctrc.go.kr - Phone: 82 2 392 0330)

Announcement Date: September 30, 2011
Effective Date: September 30, 2011

3. Visual Information Processing Equipment Management Policy

01. Basis and Purposes of the Installation of Visual Information Processing Equipment

The Visual Information Processing Equipment Management Policy ("the Policy") has its purpose to promote the proper execution of work and contribute to the assurance of interests of the informers, establishing the provisions with which Doosan Infracore (‘the Company) shall comply regarding the installation and operation of visual information processing equipment and the protection of personal video information, in accordance with Article 25 of the Personal Information Protection Act.

02. Principles of the Protection of Personal Visual Information

The Company collects personal visual information within the scope of minimum necessity to meet the purpose of installing visual information processing equipment, so that this intention will be recognized clearly by the informers, and does not use the data for purposes other than this. The Company commits to correctly managing the personal visual information safely, ensuring its accuracy and latest update, disclosing general details on the processing of personal visual information and guaranteeing the rights of any relevant informers.

03. Designation of the Administrator

The officer, division and personnel responsible for the safe management of the personal visual information are as follows:

  1. - Officer: General Affairs Team Manager
  2. - Division: General Affairs Team, Finance & Administration Division
  3. - Operator in charge: Operator responsible for installation and operation of
      visual information processing equipment,
      Emergency Planning Team, Div. of Administrative Support

04. Installation of Visual Information Processing Equipment

The number, locations, and shooting ranges of the installed visual information processing equipment are shown below.

  1. - Number of visual information processing equipment: A total 82 units
      (71 of fixed types, 11 of rotary types)
  2. - Locations of visual information processing equipment: Entrance and aisle of each floor,
      elevator hall and elevator interior, vehicles entering and exiting from parking facilities and
      outside square
  3. - Shooting range of video information processing equipment: Entrances, walkways,
      elevator hall and elevator interior

05. Installation of signs

The Company takes the necessary measures so that the installation and operation of visual information processing equipment can be easily recognized, including installation of information signs that state the following points.

  1. - Purpose and place of the installation, shooting range and time, and the administrator's name,
      job title and contact details
  2. - In case of the outsourcing of the installation and management, the trustee's name and
      contact details

Location and size of the sign attached are as follows

  1. - Place: Entrance to the building
  2. - Size: 40 ⅹ 30cm (However, it can be changed according to the condition of the installed location)

06. Viewing Request of the Informer

The informer may request the viewing and verification ("the view") of his or her own personal visual information that the Company handles.

Request Form (Personal Visual Information)

When the Company receives the request for the view, it shall take necessary measures without delay, and may verify the identity of the requestor, or his or her legitimate representative with the submission of documents which can prove the informer’s identity, such as a national identity card, driver’s license or passport.

The Company may refuse the informer's request for the view, notifying within 10 days the denial reasons and appeal procedures in writing to him or her in the following cases

  1. - If the corresponding personal visual information is destroyed, due to the storage period
      termination
  2. - If there are legitimate reasons to reject the informer's view request

07. Recording Time of Visual Information Processing Equipment

Recording and storage times and storage areas are as follows.

  1. - Recording time: 24 hours
  2. - Storage time: 30 days to 3 months, depending on the shooting area
  3. - Storage areas: General Control Center

08. Visual Information Management

Using the personal visual information for any purpose other than the collection or providing it to third parties with informer's consent or by the provisions of the law requires the following points on the "Personal Visual Information Management Record" to be inscribed.

  1. - Name of personal visual information file
  2. - Name of the person who will use or receive the information
  3. - Purpose of the use or offer
  4. - Statutory grounds of the use or offer, if any
  5. - Period of the use or offer, if any
  6. - Form of the use or offer

In the case of the destruction of the personal visual information, it is required to note down the following points on the "Personal Visual Information Management Record”

  1. - Personal visual information item to be destroyed
  2. - Date of the destruction of personal visual information (in case of a pre-set period for
      automatic destruction, its destruction cycle, etc.)
  3. - Personnel in charge of the destruction of personal visual information

09. Storage and Destruction

The Company destroys the collected personal visual information without delay, when the storage period expires, set forth in the Policy. However, this does not apply if there are special provisions in other relevant laws.

  1. - For the output (pictures, for example) containing the personal visual information,
      shredding or incineration
  2. - For personal visual information in the form of electromagnetic video files,
      permanent deletion that incapacitates their restoration by technical means

10. Administrative, Technical and Physical Measures

  1. - The Company administers minimum personnel to access to the personal visual information
      processed by the equipment, including the administrator and responsible operator in charge.
  2. - The zones where the personal visual information transmitted by the processing equipment is
      viewed and played are designated as restricted access areas to control the entrance
      of the people other than the authorized to access.
  3. - The Company modifies or disqualifies without delay the permission rights of those
      who change their positions due to retirement and transfer.
  4. - The company takes necessary measures to ensure the security of the personal information
      or video files processed or transmitted, in order to prevent them from being lost,
      stolen, leaked, damaged or altered, including password setting.
  5. - The Company checks regularly the functions of the visual information processing equipment
      to block an alteration or falsification of the data.

11. Outsourcing of the Installation and Management of Visual Information Processing Equipment

The Company outsources the management of personal visual information to the following trustee and is responsible for overseeing the processing of the information.

  1. - Trustee: DFMS Inc.
  2. - Outsourced service: installation and operation of visual information processing equipment

Announcement Date: September 30, 2011
Effective Date: September 30, 2011


Up