Privacy Policy

HYUNDAI _ Privacy Policy

Hyundai Engineering & Construction Co., Ltd. (hereinafter referred to as “the Company”) has established the privacy policy as follows in order to protect users’ personal information and efficiently deal with any grievances faced by the users with respect to personal information.

1. Purpose for Collection and Use of the Personal Information
The Company collects and uses the personal information of users for the purposes described below. Any personal information processed shall not be used for purposes other than stated below. If changes to originally prescribed purposes are necessary, the Company will take measures required, such as obtaining user’s prior consent.
Purpose : To register and reply to filed reports (via online, paper, phone call) related to the Company's corruption, irregularities, and others
2. Period of Retention and Use of Personal Information
The Company shall process and retain personal information on the basis of the legislation or within the scope of the consent received. All personal information shall be destroyed after being stored for three years. However, any information that is destroyed after being stored for a certain period under the internal policies and laws is as follows:
① Act on the Consumer Protection in Electronic Commerce, Etc.: Record regarding customer complaints or dispute resolutions (3 years)
② Protection of Communications Secrets Act: : Log record data, communications confirmation data such as trace record of access location, etc. (3 months)
③ If consented by users: Until the end of the period consented by the user
3. Disclosure of Personal Information to 3rd Parties
1. The Company processes the personal information in accordance with Article 1 (Purpose for Collection and Use of the Personal Information). Transfer of personal information is only permissible under applicable laws and regulations or through the separate consent of the subject of personal information.
2. If the report is related to the Company’s affiliates, the personal information may be provided to the third party. In this case, the third party will include but not limited to our affiliates.

- The Company’s Affiliates: Hyundai Engineering, Hyundai Steel Industries, Hyundai City Corp, Hyundai farm land & development, Songdo Landmark City, Hyundai Eco Energy Co

- Purpose of providing personal information: To verify the validity of the reports filed and any response thereof

- Provided Information: Name, Telephone number, e-mail address, Contents and Attachments files

- Period of retention and use: 3 years from the date of receipt

4. Consignment of personal information processing
1. The personal information collected by the Company is outsourced to the third parties below for personal information processing.

- Assignee: Hyundai Autoever Corp

- Commissioned operation: Server and system management

- Personal information provided is specified in Article 6.

- Period of retention and use is specified in Article 2.

2. When the Company enters into the consignment contract with the Assignee, the following contents will be specified: prohibition of processing personal information outside the assigned purpose, technical and managerial protection measures, limitation of re-consignment, management, and supervision on the Assignee, remedies, etc. The Company oversees whether the Assignee collects and uses personal information in a safe and appropriate manner.
3. When the scope of assigned work or the Assignee is changed, the Company will reflect such change to this Privacy Policy.
5. Rights of Users and Their Legal Representatives and How to Execute
1. Users may exercise the following rights to the Company, with regards to the protection of their personal information.

① Right of access

② Right to rectification

③ Right to erasure

④ Right to restriction of processing

2. Users may contact our Personal Information Manager at any time to exercise the aforementioned rights, in paper or electronic format such
as e-mail. In this case, the Company will take necessary measures without undue delay.
3. When users request the rectification or erasure of their personal information, such information will not be used or provided to third parties until the necessary measure is taken.
6. Personal Information to be Collected and Used
The company collects the following personal information.

① Cyber Audit Office Homepage
- Name, Contact (telephone) number, e-mail address, Connection Log, IP address

② Paper or Telephone, and email reports
- Name, Contact (telephone) number, e-mail address, Address.

7. Destruction of Personal Information
1. The Company will destroy personal information without delay after the purpose of use is achieved.
2. If the personal information retention period agreed by the user has elapsed or the personal information has to be kept in accordance with other laws despite the achievement of the purpose of processing, the personal information may be moved to a separate database (DB) or stored in a different location.
3. The destruction procedures and methods are as follows:

① Procedure : The Company selects personal information to be destroyed and destroys it under the approval of the Company’s Personal Information Manager.

② Destruction method : Personal information recorded or stored in electronic format will be destroyed in non-restorable manner. Personal information recorded or stored in printed (paper) format will be shredded or incinerated.

8. Safeguard of Personal Information
The Company takes the following technical, managerial, and physical measures to secure stability to prevent loss, theft, exposure, falsification, or damage of the personal information pursuant to Article 29 of the Personal Information Protection Act. However, the Company will not be responsible for any damages caused by the negligence of user or online accidents outside the scope of management by the Company
1. Establishment of personal information management system The Company's internal management policy is established and implemented in compliance with the internal management guidelines of the Ministry of the Interior and Safety.
2. Minimizing Number of Employees Authorized to Handle Personal Information and Education: The Company designates selected employees to handle personal information and provides education and training on personal information protection.
3. Restriction on the access of personal information The Company takes necessary measures to restrict access to the personal information database system and uses a prevention system to control unauthorized access from outside.
4. Retention of access log and prevention of forgery and modification All logs accessing the personal information processing system (weblog, summary information, etc.) are retained and managed for at least two years. Security features are applied to prevent access logs from being modified, forged, stolen, or lost.
5. Encryption of personal information The user's personal information is encrypted. Additional security features are applied so that important data are encrypted before use when stored or transmitted.
6. Countermeasures against hacking The Company installs and regularly updates security programs to prevent leakage or damage of the personal information due to possible hacking or computer viruses. Systems are installed in areas restricted from external factors. In addition, a monitoring system has been established to technically and physically oversee network traffic and to detect and block any hacking attempts, including any illegal attempt to change information.
7. Limited access for unauthorized users The Company has established and currently operates access control procedures, setting separate physical storage of the system retaining personal data. In addition, it has physical measures in place, including the installation of a locking device to safely store documents containing personal data.
9. Automatic collection tool for cookies and the denial thereof
The Company does not use ‘cookies’ which are automatically generated when users use internet service in the website.
10. Personal Information Manager
In order to protect personal information and handle complaint with regards to personal information, the Company has appointed personal data protection personnel as below.
  • ▶ Privacy officer in charge of personal information protection
  • - Kim, Ki Hong / Vice President
  • - Business support group
  • - Phone Number: 1577-7755,
  • ▶ Department for personal data protection related service:
  • - Yang, Ji Hyuk / Senior Manager
  • - Auditing group
  • - Phone Number: 02-746-3696, jihyuk.yang
Should users have any inquiries about the protection of their personal information, the handling of complaints, or the remedy for damages while using the services provided by the Company, users may contact our Personal Information Manager. In this case, the Company will answer the inquiries promptly and sincerely.
11. Additional Remedies for infringement of personal information
Users can contact the institutions below if you have further inquiries or wish to report other infringement of personal information.
  • ▶ Personal Information Infringement Report Center
  • - 118
  • ▶ Personal Information Dispute Mediation Committee
  • - 1833-6972
  • ▶ Cyber Crime Investigation Division of the Supreme Prosecutors' Office
  • - 02-3480-3573
  • ▶ Cyber Terror Response Centre of the National Police Agency
  • - 182
12. Matters relating to changes in Privacy Policy
This privacy policy was first enacted on 7 Aug 2014 and last updated on 5 July 2021. In case of further additions, deletions, or amendments in accordance with the establishment/amendment of applicable laws, changes in government policies, the Company will post reasons for changes and its details on the website at least seven days prior to the amendment.