Privacy Policy
Privacy Policy
Personal information is information about a natural person, and refers to information such as signs, characters, voices, sounds, and images that can identify the individual concerned based on data such as names and dates of birth included in the information concerned. (This includes information that can be readily combined with other information to identify the individual, even when the information concerned alone is unable to identify a specific individual.) SeAH M&S Corp. (hereinafter the “Company”), which operates and manages the SeAH M&S website (hereinafter the “Website”), to protect the personal information of the information subject (refers to the person who provided personal information to the Company; hereinafter the “Information Subject”) pursuant to Article 30 of the Personal Information Protection Act and to promptly and smoothly handle complaints relating to such, establishes and discloses its Privacy Policy as follows.
-
The Company processes personal information for the following purposes. The personal information processed is not used for any purpose other than the following, and upon changes to its intended use, necessary measures are conducted, such as separately obtaining prior consent pursuant to Article 18 of the Personal Information Protection Act.
1. Registration/management of internal computer systems such as groupware (SeAHWorks) and ERP accounts, etc.
- Personal information is processed for purposes such as identification/authentication and the maintenance of account qualifications pursuant to the provision of account services.
2. Service provision
- Personal information is processed for purposes related to service provision, such as identity authentication, certificate issuance, and wage management.
3. Complaint handling
1) Perusing personal information; correcting and deleting personal information; requesting suspension of personal information processing; personal data breaches
2) Personal information is processed for the purpose of handling complaints related to personal information, such as reporting.
-
The Company collects/uses customers’ personal information to the minimum extent for the following purposes. The personal information collected is not used for any purpose other than the following, and upon changes to its intended use, the Company plans to obtain prior consent.
① The Company destroys the Information Subject’s personal information when the purpose of collecting and using the personal information is achieved or the personal information retention/use period agreed to by the Information Subject expires, or when the Information Subject withdraws consent to the Company’s collection of personal information.
② Regarding the personal information of an Information Subject who does not use the services, etc. provided by the Company for [3] years (if a separate period is stipulated in other laws and regulations or a different period is determined at the Information Subject’s request, then the period stipulated in the applicable laws and regulations or a period determined differently), the Company immediately destroys it or stores/manages it separately from the personal information of other Information Subjects. In such a case, by 30 days before the aforementioned period expires, the Company notifies the Information Subject of the fact of the destruction or separate storage/management of the personal information concerned, the expiration date of the period, and the items of the personal information concerned, via any one of the following methods: email, writing, phone, or a similar method to such.
③ Notwithstanding Paragraphs 1 and 2, if there is a need for the Company to preserve the Information Subject’s personal information for a certain period of time pursuant to the stipulations of relevant laws and regulations, all or part of personal information collected may be retained exceptionally for a certain period of time pursuant to the applicable laws and regulations, as follows.
Retained items Retention period Legal basis Computer communications or Internet log records data; access point tracking data 3 months Article 15-2, Paragraph 2 of the Protection of Communications Secrets Act and Other data verifying the facts of communications 12 months Article 41, Paragraph 2 of the Enforcement Decree of the Protection of Communications Secrets Act -
① The Company processes an Information Subject’s personal information only within the scope stipulated in Article 1 (The Purpose of Processing Personal Information) and does not use it beyond such a scope or, as a rule, provide it to external parties.
② Personal information is provided to third parties only when the Information Subject’s consent is obtained or in the following cases.
- When there are special provisions in other laws and regulations such as the Protection of Communications Secrets Act, Framework Act on National Taxes, Act on Promotion of Information and Communications Network Utilization and Information Protection, Act on Real Name Financial Transactions and Confidentiality, Credit Information Use and Protection Act, Framework Act on Telecommunications, Telecommunications Business Act, Local Tax Act, Framework Act on Consumers, Bank of Korea Act, and Criminal Procedure Act. However, even upon an administrative agency or investigative agency’s request for administrative or investigative purposes “in cases where there are special legal stipulations,” the Information Subject’s personal information is not provided unconditionally, and is provided pursuant to lawful procedures, such as by warrant or in writing stamped with the agency head’s seal, as prescribed by law..
- Otherwise, when personal information may be provided to a third party pursuant to Articles 17 and 18 of the Personal Information Protection Act
- Even in these exceptions, if information is provided pursuant to relevant laws and regulations or at the request of an investigative agency, we operate on the principle of notifying the Information Subject.. However, due to legal reasons, we may, unavoidably, be unable to provide notice. We will do our best to ensure that information is not provided indiscriminately or contrary to the original purposes of collection and use..
③ To smoothly conduct the Company’s business, the Company receives an “Employee Consent Form for the Processing and Third-Party Provision of Personal Information” when an employee first joins the company, with the following information indicated in the consent form.
1. The recipient of the personal information
2. The recipient’s purpose of using the personal information
3. The personal information items provided
4. The recipient’s retention/use period
-
① The Company may outsource personal information processing to ensure the smooth processing of personal information.
② When entering into a personal information outsourcing contract, the Company, pursuant to Article 26 of the Personal Information Protection Act, stipulates in documents such as agreements the conditions on responsibilities such as the prohibition of processing personal information for purposes other conducting the outsourced work; technical/managerial protection measures; restrictions on subcontracting; personal information management status inspection and contractor management/supervision; compensation for incidental damages; outsourced periods; post-processing returns or obligatory destruction of personal information, and supervises whether the contractor securely processes the personal information.
-
① The Information Subject may exercise the following rights relating to personal information protection against the Company at any time.
1. Requests to peruse personal information
2. Requests for correction if there are errors, etc.
3. Requests for deletion
4. Requests to stop processing
② The exercise of rights pursuant to Paragraph 1 may be made to the Company in writing, by phone, email, facsimile (fax), etc., and the Company takes action upon it without delay.
④ When the Information Subject requests a correction or deletion of errors, etc. in personal information, the Company does not use or provide the personal information concerned until the correction or deletion is complete.
⑤ The exercise of rights pursuant to Paragraph 1 may be conducted through an agent such as the Information Subject's legal representative or an authorized person. In such a case, a power of attorney must be submitted in the form of Annex No. 11 of the Notice on Personal Information Processing Methods.
⑥ The Information Subject must not, in violation of relevant laws and regulations such as the Personal Information Protection Act, infringe upon the personal information and privacy of the Information Subject itself or others being processed by the Company.
-
① Information Subjects who are Website users but not the Company’s employees may freely access most of the content provided by the Website without a separate membership registration process. Should they wish to use the Company's customer inquiry service, they must agree to the Company's collection of the following personal information, but even if they do not consent to the collection, they are not restricted from using the other services.
Items collected Methods of collection Purpose of collection/purpose of use Names, email addresses, and other information generated during the use of services Collection through a method in which the customer personally fills out the information, after the customer consents to the collection of personal information items Used for identity verification, consultation/inquiry, confirmation of complaints, contact/notification for factual investigation, response to customer inquiries, notification of processing results, etc. ② If the Information Subject is the Company’s employee, the Company collects and processes personal information items for the following purposes.
Items collected Methods of collection Purpose of collection/purpose of use Names, resident registration numbers (including dependents), usernames, passwords, addresses, phone numbers, genders, email addresses, personnel appointments, career backgrounds, educational backgrounds, training, physical conditions, military service, marital status, sureties, visas, veterans information The granting of operator and user privileges for internal computer systems such as groupware (SeAHWorks) and ERP accounts Personal information required to receive services, such as names, dates of birth, addresses, phone numbers, email addresses, and bank account information Provision of services -
① As a rule, when personal information becomes unnecessary, such as when the personal information retention period has passed or the purpose of processing has been achieved, the Company destroys the applicable personal information without delay, except in cases where storage is necessary pursuant to relevant laws and regulations.
② If personal information must continue to be preserved pursuant to other laws and regulations notwithstanding the expiration of the personal information retention period consented to by the Information Subject or the achievement of the purpose of processing, the applicable personal information is stored separately for the period stipulated in the relevant laws and regulations and then destroyed.
③ The procedures and methods for destroying personal information are as follows.
1. Destruction procedures
- Unnecessary personal information and personal information files are destroyed without delay from the end of the retention period, pursuant to internal policy procedures and under the supervision of the personal information supervisor.
2. Destruction methods
- For information in electronic form, technical methods that do not allow the regeneration of the records are used.
- Personal information printed on paper is destroyed by shredding or incineration.
-
When processing personal information, to prevent personal information from being lost, stolen, leaked, falsified, or damaged, the Company implements the necessary technical, managerial, and physical measures to ensure the security required by relevant laws and regulations, including the following, and is doing its best to protect personal information.
① Managerial measures :
- Establishing and implementing an internal management plan for the secure processing of personal information
- Limiting the staff involved in processing personal information to the minimum number of people
- Designating a personal information protection supervisor and implementing periodic personal information protection training
- Implementing personal information protection supervision and training for outsourced task processors
② Technical measures :
- Enhancing the management of access privileges to the personal information processing system to the minimum scope necessary to conduct work
- Installing and operating an access control system for the personal information processing system
- The encrypted storage of personal information for secure storage
- Encrypting or using the file lock function (lock) when transmitting or receiving through an information and communications network or conveying through auxiliary storage media (e.g. USB, HDD)
- Complying with rules for generating secure passwords and enforcing periodic changes
- Installing and operating security programs to protect handlers and systems when processing personal information
- Storing personal information processing system access records and applying forgery/falsification prevention measures
③ Physical measures :
- Establishing and operating access control procedures for personal information storage locations, such as computer rooms and data storage rooms
- Storing documents and auxiliary storage media, etc. containing personal information in secure locations with locks
- Installing CCTVs to protect personal information and storing personal video information in secure locations with locks
-
The Company does not use “cookies” to store usage information and retrieve it from time to time to provide individualized services to users.
-
① To oversee and supervise operations relating to personal information processing, and handle the complaints and relieve the damage relating to personal information processing of Information Subjects, the Company has designated a personal information protection supervisor as follows.
1. Personal Information Protection Supervisor :
Affiliation/Position/Name Management Planning Division/Head of Division/KIM Su Wun Phone number 02-6970-0707 Email ahndj88@seah.co.kr 2. Department in charge of personal information protection: Human Resources Team (+82-2-6970-0932)
② Information Subjects may forward their inquiries on any personal information protection-related question, handled complaint, or damage relief, etc. that arise while using the Company's services (or business) to the personal information protection supervisor and department in charge. The Company will do its best to promptly respond and handle inquiries from Information Subjects.
③ The Company values the protection of the Information Subject’s personal information and is doing its best to prevent the Information Subject’s personal information from being damaged, infringed upon, or leaked. However, the Company's implemented technical supplementary measures notwithstanding, the Company is not responsible for damage to information due to unexpected incidents caused by fundamental network risks such as hacking, or for various disputes caused by notices written by the Information Subject.
-
① The Information Subject may make a request to peruse personal information pursuant to Article 35 of the Personal Information Protection Act to the department below, and the Company will do its best to promptly handle the Information Subject's request to peruse personal information.
- Department receiving and handling personal information perusal requests: Human Resources Team (+82-2-6970-0932)
② Should the Information Subject need to consult or report a personal information infringement, please contact the personal information protection supervisor or the department in charge of personal information management listed in Article 10, Paragraph 1, or make an inquiry to the following agencies.
- Personal Information Protection Comprehensive Support Portal www.privacy.go.kr (+82-2-2100-3394)
- Personal Information Infringement Reporting Center www.118.or.kr (+82-118 without area code)
- Supreme Prosecutors' Office Cybercrime Investigation Unit www.spo.go.kr (+82-2-3480-3571)
- National Police Agency Cyber Terror Response Center www.ctrc.go.kr (+82-1566-0112)
-
The Company installs and operates video processing systems as follows.
① Basis and purpose of video processing system installation: Facility safety management, fire prevention
② Installation locations and filming range: (Seoul) SeAH Tower company building lobby, hallways
(Yeosu) Entire space of key factory facilities
① Management supervisor, department in charge, and person with access privileges to video information: Management Support Team Leader and manager
② Video recording time, storage period, storage location, and processing method
1. Recording time: 24-hour recording
2. Storage period: 30 days from the time of recording
3. Storage location and processing method: Stored and processed in the video processing system
③ Method and location of verifying video information: Via a request to the management supervisor (Management Support Team Leader and manager)
⑦ Measures in response to the Information Subject's request to peruse video information: Perusal is permitted only when the Information Subject has been recorded or when the Information Subject's life, body, or property is clearly at stake.
⑧ Technical, managerial, and physical measures to protect video information: Establishing an internal management plan; access control and access privilege restrictions; applying secure storage/transmission technologies to video information; storing processing records and measures to prevent forgery/falsification; furnishing storage facilities and installing lock devices, etc.
-
This Privacy Policy has been revised on March 1, 2023 and is applied from the effective date onwards. Should there be additions, deletions, or corrections to changes pursuant to laws, regulations, and policies, they will be announced through a notice at least 7 days prior to the implementation of the changes.