Private Policy
1. Items and method of personal information collection 2. Purpose of personal information management 3. Personal information management & period of information held 4. Entrustment of personal information management 5. Disclosure of personal information to third party 6 .Procedure and method of personal information destruction 7. Subject’s right/duty and mean of exertion 8. Measures confirming security of personal information 9. Privacy Officer Addendum |
1. Items and method of personal information collection
A. Essential items
Name, (cell) phone number, e-mail
B. Method of collection
Ethics Management Homepage (Reporting)
2. Purpose of personal information management
GS Caltex Corp.(“The Company”) manages personal information for the following purposes: To register, investigate whistleblowing or allegation report or to provide a feedback for the report.
3. Personal information management & period of information held
The Company will keep personal information until its purpose is achieved.
4. Entrustment of personal information management
The Company entrusts tasks in relation to personal information management as listed below. In case of entrustment contract, according to its relevant legislations, The Company makes necessary actions to assure that personal information is safely managed. Entrusted information is limited to minimum extent necessary for the tasks.
Company Name |
Scope of work |
GS ITM Yullin Technologies Nlln system |
Maintenance/Management of the IT System |
5. Disclosure of personal information to third party
The Company can disclose personal information of “Subject of Information” (as defined in Personal Information Protection Act) after obtaining consent of such Subject of information to third party. Such personal information shall be managed only for the purpose limited following the paragraph 2.
However, The Company can disclose personal information without the consent of the Subject of Information upon occurrence of any of followings:
- The law expressly provides for an exception to the above consent requirement.
- Disclosure is required to comply with duties imposed by the law.
- Personal information has been modified into a form that is not capable of identifying any particular individual and is being disclosed for statistics, research or market investigation purposes.
6. Procedure and method of personal information destruction
A. Procedure of destruction
The Company will destruct personal information immediately when it becomes unnecessary by termination of retention period or achievement of purpose. However, if the personal information has to be stored continuously to comply with company’s internal policies or other laws, it will be moved to separate data base or different location of the storage.
B. Method of destruction
For the personal information in electronic file format, technical methods that prevent repair or regeneration of the record will be used. Printed personal information copies will be destroyed by paper shredder or incineration.
7. Subject’s right/duty and mean of exertion
A. The subject of information can exert the following rights to The Company anytime. However, it can be limited according to Paragraph 3 in Article 35, Paragraph 1 in Article 36, and Paragraph 2 in Article 37 as per the Personal Information Protection Act.
① Reading request for personal information
② Suspension request for personal information management
③ Revision or deletion request for personal information
B. Mean of exertion is as in the following,
① Exertion of right is available through written document and e-mail in a separate format, to which The Company will take steps with no delay.
② If revision or deletion of personal information is requested, The Company will not use or provide the personal information until the request is complete.
③ If subject of information wishes to exert the right through legal representative or delegated substitute, power of attorney should be submitted.
8. Measures confirming security of personal information
The Company makes the following steps to assure security of personal information.
A. Administrative Measures
Establishment/enforcement of internal administrative plan, periodic training for employees etc..
B. Technical Measures
Management of access right such as personal information management system, installation of access control system, encryption of Unique Identifying Information, installation of security program etc.
C. Physical Measures
Access control to computer room and data storage etc.
9. Privacy Officer
Position |
Unit/Department |
Name |
Contact |
Privacy Officer |
Legal |
B. S. Lim |
02-2005-6032 |
Privacy Management person |
Compliance Team |
H. C. Kim |
02-2005-6520 |
Privacy Management staff |
Compliance Team |
S. H. Cho |
02-2005-6524 |
Addendum
Enforcement Date : Apr. 13. 2020.