Doosan Infracore Engine Business Group(the “Company”) complies with the relevant statutory provisions regarding the protection of personal information, including the Personal Information Protection Act, and the Act on Promotion of Information and Communications Network Utilization and Information Protection. The Company further commits to safeguarding the rights and interests of the owners and holders of personal information, such as its customers, staff and website users, and has established its own Privacy and Information Processing Policy, in accordance with the relevant legislation.
The Company, through its Privacy and Information Processing Policy, etc., notifies the purposes and procedures of the collection of personal information, as well as the relevant protection measures. In case of any update or revision to the Policy, the Company will announce the change either on its website’s notice or by means of individual communication.
The Company’s Privacy and Information Processing Policy is composed of three parts pertaining to: the “Personal Information Processing Policy” for the protection of the personal information of all information holders with whom the Company deals; the “Personal Information Handling Policy” regarding the information of website users; and the “Visual Information Processing Equipment Management Policy” which manages the personal information used in visual processing.
However, other affiliated websites of the Company may have different policies.
1. Personal Information Processing Policy
01. General Provisions
- "Personal Information" refers to the personally identifiable information of a living person whose identity may be checked easily in combination with the use of other sources such as a name, national identification number and picture, even though it is rarely possible to differentiate the individual in question with only the given information.
- "Informer" means the owner of any information which enables the recognition of a person’s identity.
- The Company discloses the Personal Information Processing Policy on the first screen of the website (www.doosaninfracore.com/engine) to facilitate the verification of the policy in question, and will always announce any changes or revisions to this policy via a notice posted on its website or through individual communication.
02. Processed Personal Information and Purposes of Processing
Without the legitimate provisions or the consent of the informer, the Company may handle neither the sensitive information that may significantly compromise the privacy of its provider nor the unique identification information assigned to distinguish the interested-party from others.
A. Processed Information
Name, home address, e-mail, company name, service record, access log, cookies and IP address information
Name, national identity number, picture, password, home address, home telephone number, mobile phone number, e-mail, education, military service, foreign language proficiency, computer skills, qualifications, family relationships, and career
B. Purposes of Processing
- Settlement of the complaints on the membership and points of dissatisfaction
- Online market research or survey
- Marketing or advertising
- Service delivery and the settlement of fees
- Test process, modification of the application form, verification of acceptance, contact for applicants, and verification of employment requirements
- Personnel management, including payroll, welfare benefits, support for various tasks, and assessment
03. Processing and the Retention Period of Personal Information
In principle, the collected personal information will be destroyed immediately after the purpose for which it was collected has been achieved. However, the following information will be retained during the designated period for the reasons set forth below :
- Retained information: name, home address, e-mail, company name
- Retention period: 1 year
- Reasons for retention: user inquiries / request management, user identification, etc.
- Retained information: service use data, access log, cookies, IP address information
- Retention period: 3 years
- Reasons for retention: enhancement of service quality through analysis of service use
- Retained information: name, password, date of birth, gender, national identity number, home address, home telephone number, mobile phone number, hobbies, skills, education, work experience, foreign language proficiency, military service, and family relationship
- Retention period: in principle, until the expiration of employment relationship
- Reasons for retention: Personnel management, including payroll, welfare benefits, support for various tasks, and assessment
- However, the personal information of an applicant, who was not employed, will be discarded immediately after the completion of the employment process.
04. Procedures and methods for the destruction of personal information
A. Destruction procedures
B. Methods of destruction
- Personal information stored in electronic file formats shall be deleted using technical methods that prevent the recovery of its record.
- Personal information printed on the paper shall be broken by the shredder, or destroyed through incineration.
05. Vision of personal information to a third party
The Company uses the personal information only within the scope laid out in “02. Processed Personal Information and Purposes of Processing”, and does not abuse it in excess of the established range nor discloses it to a third party. However, the following cases are exceptions :
- - In the case of having received the special consent of the informer
- - If there are special provisions in other relevant laws
- - If it is impossible to obtain the prior consent of the informer or its legal representative due to the state in which he cannot express his or her intention or his or her unknown address, so that the stored information is deemed to be necessary evidence for an imminent benefit of life, health, property of the informer or relevant third party
- - In case of providing the personal information in a form to block the recognition of a particular individual as necessary for the purposes of statistics and research.
The Company currently provides the following personal information
- - Institutions receiving personal information: Multicampus, Korea TOEIC Committee, Chamber of Commerce, the Department of Defense and Regional Military Manpower Administration, District Office/Dong Residents’ Center
- - Offered personal information: name, national identity number, phone number, military serial number
- - Purpose: verification of qualification
- - Retention and use period: immediately destroyed
- - Institution receiving personal information: Doosan Corporation
- - Offered personal information: name, national identity number, picture, password, home address, home telephone number, mobile phone number, e- mail, education, military service, foreign language proficiency, computer skills, qualifications, family relationship, career, social experience, awards, international experience and research experience
- - Purpose: integrated management and development of human resources
- - Retention and use period: until the expiration of employment relationship
06. Outsourcing of personal information processing
The Company does not entrust the personal information processing to an outside agency without the prior consent of the relevant informer.
For the outsourcing of personal information processing, the Company has in place the following instructions to safely manage the personal information when it concludes an outsourcing agreement in accordance with the relevant legislation.
- - Trustee company : Doosan Corporation
- - Outsourced service : Payroll, benefits and others
- - Trustee company : Multicampus, Korea Academy, Alpaco, Spicus, Pickupphone, eCampus, KT Innoedu
- - Outsourced service : Online courses for the staff
- - Trustee company : Doosan Information Communication BU Inc.
- - Outsourced service : Operation of the employment system
07. Rights and Obligations of Informers and Methods to Exercise the Rights
Every informer may demand the access, correction, omission and suspension of his or her personal information that the Company treats. However, the Company may refuse or limit the aforementioned demand under the following conditions.
- - If there is a special legal provision or it is unavoidable to comply with statutory obligations
- - If there is a concern to harm the lives or bodies of others, or to damage improperly the property and other interests of other people
- - If it is difficult to fulfill the contract, including agreed services, without processing the personal information, meanwhile the informer does not reveal clearly the intention to terminate the contract.
Methods and Procedures to Exercise Rights
- - The informer who wants to read his or her personal information may submit the Request of Reading, Correction, Deletion and Suspension in writing, e-mail, fax, etc., to the department in charge (For this, see the section “09. Complaint Resolution Service for Personal Information”).
- - The Company takes action to respond to the demand within 10 days unless there is a justifiable reason, and communicates the reasons, if any, for such denial or restriction within five days, as well as the methods to appeal against this refusal or restriction.
- - The Company may verify the identity of the informer or, his or her representative that demands the reading, etc., of the personal information, checking his o her identity cards such as national identity card, one of certified electronic signatures or other equivalents.
08. Technical, Administrative, and Physical Protection Measures for Personal Information
The Company takes the following safety measures to prevent personal information from being lost, stolen, leaked, altered, or damaged.
- - The Company complies with the required legal standards for the secure storage and transmission of the personal information.
- - Using anti-virus software, the company takes steps to prevent the damage caused by computer viruses.
- The anti-virus program is updated periodically, and protects against the violation of privacy in case of a sudden outbreak of a new virus, providing its new version as soon as possible.
- - Against external attacks such as hacking, the Company does everything for the security, utilizing an intrusion detection system and a vulnerability assessment system for each server.
- - The company gives the exclusive access to personal information to those who deal with sales and marketing directly with the informers, to those in charge of the management of personal information, and those who inevitably handle the personal data through carrying out other tasks.
- - The employees who treat the personal information take a regular in-house training and outsourcing education on the protection of personal information, being properly supervised to strictly comply with laws and regulations to the same purpose after both starting work and after taking retirement.
- - For the secure storage of the personal information and its handling system, the facilities are equipped with protection measures to prevent a physical access, including physical locking devices.
- - The computer room and data storage room, designated as special security areas, are under strict access control.
09. Complaint Resolution Service for Personal Information
The Company designates and operates the following division and officer in charge to protect the personal information and respond to the complaints regarding the sector.
A. Personal Information Division
- Division: Information Security Team
- Phone : 02-3398-2906
- Fax : 02-3398-8499
- E-mail : firstname.lastname@example.org
- Business Hours: (Mon-Fri) 09:00 – 18:00, (closed on Sat-Sun, national holidays)
B. Chief Privacy Officer
- - Name: Park Dong-bum
- - Phone : 02-3398-2906
- E-mail : email@example.com
If you want to report or need an advice on the invasion of the privacy, please contact the following organizations.
- - Personal Information Dispute Mediation Committee
(http://privacy.kisa.or.kr - Phone : 118)
- - Privacy Complaint Center
(http://www.privacy.go.kr - Phone : 118)
- - Government Protection Mark Authentication Commission
(http://www.eprivacy.or.kr - Phone : 02-580-0533~4)
- - Internet Criminal Investigation Center, Supreme Prosecutor's Office
(http://www.spo.go.kr - Phone : 02-3480-3600)
- - Cyber Terror Response Center, National Police Agency
(http://www.ctrc.go.kr - Phone : 02-392-0330)
Additions, deletions and modifications of the current Personal Information Processing Policy will be notified through the website’s notice at least 10 days prior to the revision.
Announcement date: Sept. 30, 2011
Effective Date: Sept. 30, 2011
2. Personal Information Handling Policy
The following personal information handling policy is applied to this website (www.doosaninfracore.com/engine/, “this Site”)
This policy will take effect on September 30, 2011
01. Matters on Installation, Operation and Rejection of Automated Data (Personal Information) Collection System
02. Uses of Cookies, etc.
Cookies may be used to analyze the frequency of access or visiting hours of users, store the information about user preferences, track users’ web browsing habits, and provide target marketing and customized service through analysis of user participation in events and number of visits. You have a choice of whether to install cookies. You may accept all cookies, confirm whenever cookies are stored, or reject the storage of all cookies by setting an option in your web browser.
03. How to Reject the Storage of Cookies
You may accept all cookies, or confirm whenever cookies are stored, or reject the storage of all cookies by selecting an option in your web browser.
Example of settings (for Internet Explorer) : Tools > Internet Option > Privacy
But, if you refuse to install cookies, you may have a difficulty using certain services.
04. Purposes of Collection
The Company may collect your personal information for the following purposes.
- - To provide customer services such as membership management and complaints resolution
- - To provide you with better services and improve the level of this Site by conducting online market research or public opinion polls through which your ideas can be received
- - For marketing or advertising with your prior consent
- - To implement the provisions of service contracts and to provide billing content for services provided
05. Gathered Personal Information
The Company collects the following personal information to manage membership, counseling, or application for service.
- - Items collected: name, home address, e-mail, company name, service use, access log, cookies, IP information, mobile phone number, home phone number, employee number, and password
- - How to collect personal information: Homepage (Contact us, Product Inquiry)
06. Provision of Personal Information
The company, in principle, does not provide its users' personal information to outside persons, bodies or organizations.
However, the exceptions possible are listed below.
- - If users agree in advance
- - If the provision of personal information complies with provisions of the law or by the request of the investigation agencies according to the procedures and methods set forth for the purpose of investigation.
07. Disclosure of Personal Information
Personal information collected through this Site is not disclosed to third parties, excepting where you give prior consent, or where your personal information is required by law to be disclosed to third parties such as investigative agencies, judicial authorities or other branches of government.
Exceptions are made in the following cases :
- - Where you have agreed to disclose your personal information in advance.
- - Under the provision of laws or upon the request of investigative agency in accordance with the procedures and methods stipulated by law for investigation.
The Company does not provide your personal information to outside companies without your prior consent. If it is necessary to disclose your personal information to an outside company to provide the service you have requested, the Company will inform you of the identity of the company as well as the details of requested service and obtain your prior consent.
If you do not agree to disclose your personal information for purposes other than responding to your request for information / service, you may indicate as such by marking on the applicable column in your personal information page.
08. Rights of Users and Their Legal Representatives and How to Exercise Them
You and your respective legal representatives, at any time, may check or modify your registered personal information as well as request to cancel your prior consent. You may also contact our personal information manager in writing or by telephone or email, and the manager will help you promptly.
If you request to correct errors in your personal information, the information is neither used nor provided before the correction is completed. If your incorrect personal information has been provided to a third party, they will be promptly notified of the result of the correction.
The Company handles the personal information which has been withdrawn or deleted at the request of you or your legal representative in the manner provided in the ‘Retention and Duration of Use’ and does not access or use it for other purposes.
09. Retention and Destruction of Personal Information
Any information provided by you will be banned from use, other than for the purpose of record keeping in our archives or for the purpose of complying with relevant laws and regulations. Such information is promptly destroyed upon achievement of the purpose of its use. However, if you wish to remove your personal information from our records, the information in its entirety will be destroyed immediately upon your request, and no information shall be retained in our archives unless relevant laws and regulations require such information to be stored for a longer period of time. The procedures and methods are listed as below :
A. Retention and Duration of Use
- - Retained information: name, home phone number, home address, mobile phone number, e-mail
- - Statutory grounds for storage: prevention of confusion arising regarding service use, and cooperation with relevant investigation agencies in connection with any instances of service abuse
- - Retention period: 1 year
- - Reasons for retention: user inquiries/requests management, user identification, etc.
- - Retained information: service usage data, access log, cookies, IP information
- - Statutory grounds for storage: Communications Secrets Act
- - Retention period: 3 years
- - Reason for retention: collection of service use statistics
B. Destruction Procedures
The information that you enter is transferred to a separate database (a separate file folder in case of paper) after the achievement of its purpose, to be saved for internal policies and other information protection reasons adhering to the relevant regulations (see “Retention and Duration of Use”) during a limited time and will be destroyed ultimately. The data separately transferred into the database, unless the law permits the exception, shall not be used for purposes other than its original objective.
C. Destruction Methods
Personal information stored in electronic file formats shall be deleted using technical methods that prevent the recovery of its record.
10. Links to Third Party Websites
This Site may contain links to third party websites, and the Company shall not be liable for the use of the linked websites or their contents. You agree that the use of the linked websites is subject to the Personal Information Handling Policy of those websites.
11. Personal Information Security
The Company maintains strict safety devices to prevent unauthorized or inappropriate access to personal information by limiting the access or use by its employees to the information.
12. Outsourcing of Collected Personal Information Management
The Company outsources the implementation and operation of this service to the following external specialist :
- - Trustee: Doosan Information Communication Inc.
- - Outsourced service: website and system management
13. Customer Support Service for Personal Information Management
The Company designates and operates the following division and officer in charge to protect the personal information and respond to the complaints regarding the sector:
- - Division: Doosan Infracore Information Security Team
- - Phone: 02-3398-2906
- - E-mail : firstname.lastname@example.org
- - Business Hours: (Mon-Fri), 09:00 - 18:00, (closed on Sat-Sun, national holidays)
- - Individual Dispute Mediation Committee
(http://www.1336.or.kr - Phone : 1336)
- - Information Protection Mark Certification Committee
(http://www.eprivacy.or.kr - Phone : 82 2 580 0533~4)
- - Supreme Prosecutors’ Office Cyber Crime Investigation Center
(http://www.spo.go.kr - Phone : 82 2 3480 3600)
- - National Police Cyber Terrorism Countermeasure Center
(http://www.ctrc.go.kr - Phone : 82 2 392 0330)
- Announcement Date: September 30, 2011
- Effective Date: September 30, 2011
3. Visual Information Processing Equipment Management Policy
01. Basis and Purposes of the Installation of Visual Information Processing Equipment
The Visual Information Processing Equipment Management Policy (“the Policy”) has its purpose to promote the proper execution of work and contribute to the assurance of interests of the informers, establishing the provisions with which Doosan Infracore Engine (‘the Company) shall comply regarding the installation and operation of visual information processing equipment and the protection of personal video information, in accordance with Article 25 of the Personal Information Protection Act.
02. Principles of the Protection of Personal Visual Information
The Company collects personal visual information within the scope of minimum necessity to meet the purpose of installing visual information processing equipment, so that this intention will be recognized clearly by the informers, and does not use the data for purposes other than this. The Company commits to correctly managing the personal visual information safely, ensuring its accuracy and latest update, disclosing general details on the processing of personal visual information and guaranteeing the rights of any relevant informers.
03. Designation of the Administrator
The officer, division and personnel responsible for the safe management of the personal visual information are as follows :
- - Officer: General Affairs Team Manager
- - Division: General Affairs Team, Finance & Administration Division
- - Operator in charge: Operator responsible for installation and operation of visual information processing equipment, Emergency Planning Team, Div. of Administrative Support
04. Installation of Visual Information Processing Equipment
The number, locations, and shooting ranges of the installed visual information processing equipment are shown below.
- - Number of visual information processing equipment: A total 82 units (71 of fixed types, 11 of rotary types)
- - Locations of visual information processing equipment: Entrance and aisle of each floor, elevator hall and elevator interior, vehicles entering and exiting from parking facilities and outside square
- - Shooting range of video information processing equipment: Entrances, walkways, elevator hall and elevator interior
05. Installation of signs
The Company takes the necessary measures so that the installation and operation of visual information processing equipment can be easily recognized, including installation of information signs that state the following points:
- - Purpose and place of the installation, shooting range and time, and the administrator's name, job title and contact details
- - In case of the outsourcing of the installation and management, the trustee's name and contact details
Location and size of the sign attached are as follows
- - Place: Entrance to the building
- - Size: 40 ⅹ 30cm (However, it can be changed according to the condition of the installed location)
06. Viewing Request of the Informer
The informer may request the viewing and verification (“the view”) of his or her own personal visual information that the Company handles.
Request Form (Personal Visual Information)
When the Company receives the request for the view, it shall take necessary measures without delay, and may verify the identity of the requestor, or his or her legitimate representative with the submission of documents which can prove the informer’s identity, such as a national identity card, driver’s license or passport.
The Company may refuse the informer's request for the view, notifying within 10 days the denial reasons and appeal procedures in writing to him or her in the following cases
- - If the corresponding personal visual information is destroyed, due to the storage period termination
- - If there are legitimate reasons to reject the informer's view request
07. Recording Time of Visual Information Processing Equipment
Recording and storage times and storage areas are as follows.
- - Recording time: 24 hours
- - Storage time: 30 days to 3 months, depending on the shooting area
- - Storage areas: General Control Center
08. Visual Information Management
Using the personal visual information for any purpose other than the collection or providing it to third parties with informer's consent or by the provisions of the law requires the following points on the "Personal Visual Information Management Record" to be inscribed.
- - Name of personal visual information file
- - Name of the person who will use or receive the information
- - Purpose of the use or offer
- - Statutory grounds of the use or offer, if any
- - Period of the use or offer, if any
- - Form of the use or offer
In the case of the destruction of the personal visual information, it is required to note down the following points on the "Personal Visual Information Management Record”
- - Personal visual information item to be destroyed
- - Date of the destruction of personal visual information (in case of a pre-set period for automatic destruction, its destruction cycle, etc.)
- - Personnel in charge of the destruction of personal visual information
09. Storage and Destruction
The Company destroys the collected personal visual information without delay, when the storage period expires, set forth in the Policy. However, this does not apply if there are special provisions in other relevant laws.
- - For the output (pictures, for example) containing the personal visual information, shredding or incineration
- - For personal visual information in the form of electromagnetic video files, permanent deletion that incapacitates their restoration by technical means
10. Administrative, Technical and Physical Measures
- - The Company administers minimum personnel to access to the personal visual information processed by the equipment, including the administrator and responsible operator in charge.
- - The zones where the personal visual information transmitted by the processing equipment is viewed and played are designated as restricted access areas to control the entrance of the people other than the authorized to access.
- - The Company modifies or disqualifies without delay the permission rights of those who change their positions due to retirement and transfer.
- - The company takes necessary measures to ensure the security of the personal information or video files processed or transmitted, in order to prevent them from being lost, stolen, leaked, damaged or altered, including password setting.
- - The Company checks regularly the functions of the visual information processing equipment to block an alteration or falsification of the data.
11. Outsourcing of the Installation and Management of Visual Information Processing Equipment
The Company outsources the management of personal visual information to the following trustee and is responsible for overseeing the processing of the information.
- - Trustee: DFMS Inc.
- - Outsourced service: installation and operation of visual information processing equipment
Announcement Date: September 30, 2011
Effective Date: September 30, 2011