Private Policy

1. Items and method of personal information collection 2. Purpose of personal information management 3. Personal information management & period of information held 4. Entrustment of personal information management 5. Disclosure of personal information to third party 6 .Procedure and method of personal information destruction 7. Subject’s right/duty and mean of exertion 8. Measures confirming security of personal information 9. Privacy Officer Addendum

 

 

 

 

 

 

 

 

 

1. Items and method of personal information collection

 

A. Essential items

Name, (cell) phone number, e-mail

 

B. Method of collection

Ethics Management Homepage (Reporting)

 

2. Purpose of personal information management

GS Caltex Corp.(“The Company”) manages personal information for the following purposes:  To register, investigate whistleblowing or allegation report or to provide a feedback for the report.

 

3. Personal information management & period of information held

 

The Company will keep personal information until its purpose is achieved.

 

4. Entrustment of personal information management

 

The Company entrusts tasks in relation to personal information management as listed below. In case of entrustment contract, according to its relevant legislations, The Company makes necessary actions to assure that personal information is safely managed. Entrusted information is limited to minimum extent necessary for the tasks.

 

Company Name	Scope of work
GS ITM Yullin Technologies Nlln system	Maintenance/Management of the IT System

 

5. Disclosure of personal information to third party

 

The Company can disclose personal information of “Subject of Information” (as defined in Personal Information Protection Act) after obtaining consent of such Subject of information to third party. Such personal information shall be managed only for the purpose limited following the paragraph 2.

However, The Company can disclose personal information without the consent of the Subject of Information upon occurrence of any of followings:

- The law expressly provides for an exception to the above consent requirement.

- Disclosure is required to comply with duties imposed by the law.

- Personal information has been modified into a form that is not capable of identifying any particular individual and is being disclosed for statistics, research or market investigation purposes.

 

6. Procedure and method of personal information destruction

 

A. Procedure of destruction

The Company will destruct personal information immediately when it becomes unnecessary by termination of retention period or achievement of purpose. However, if the personal information has to be stored continuously to comply with company’s internal policies or other laws, it will be moved to separate data base or different location of the storage.

 

B. Method of destruction

For the personal information in electronic file format, technical methods that prevent repair or regeneration of the record will be used. Printed personal information copies will be destroyed by paper shredder or incineration.

 

7. Subject’s right/duty and mean of exertion

 

A. The subject of information can exert the following rights to The Company anytime. However, it can be limited according to Paragraph 3 in Article 35, Paragraph 1 in Article 36, and Paragraph 2 in Article 37 as per the Personal Information Protection Act.

① Reading request for personal information

② Suspension request for personal information management

③ Revision or deletion request for personal information

 

B. Mean of exertion is as in the following,

① Exertion of right is available through written document and e-mail in a separate format, to which The Company will take steps with no delay.

② If revision or deletion of personal information is requested, The Company will not use or provide the personal information until the request is complete.

③ If subject of information wishes to exert the right through legal representative or delegated substitute, power of attorney should be submitted.

 

8. Measures confirming security of personal information

 

The Company makes the following steps to assure security of personal information.

 

A. Administrative Measures

Establishment/enforcement of internal administrative plan, periodic training for employees etc..

 

B. Technical Measures

Management of access right such as personal information management system, installation of access control system, encryption of Unique Identifying Information, installation of security program etc.

 

C. Physical Measures

Access control to computer room and data storage etc.

 

9. Privacy Officer

 

Position	Unit/Department	Name	Contact
Privacy Officer	Legal	B. S. Lim	02-2005-6032
Privacy Management person	Compliance Team	S.J.Lee	02-2005-6522
Privacy Management staff	Compliance Team	J.H.Kim	02-2005-6523

 

Addendum

 

Enforcement Date : Apr. 13. 2020.