. KOLON ENP

Privacy Policy

Policy for Personal Information Processing
and Protection

KOLON ENP strives our best to protect and manage customers’ personal information.

KOLON ENP Co., Ltd. Personal Information Processing Policy

KOLON ENP (hereinafter referred to as the "Company") establishes and discloses the following personal information processing policy to protect the personal information of information subjects and to swiftly and smoothly handle related grievances following Article 30 of the 「Personal Information Protection Act」 (hereinafter referred to as the "Act").

Article 1   Purpose of Personal Information Processing

  • The Company processes personal information for the following purposes.
  • Personal information being processed will not be used for purposes other than those listed below, and if the purpose is changed, separate consent will be obtained in accordance with Article 18 of the Act.
    Classification Purpose
    Recruitment inquiries Processing for the purpose of reference for future recruitment.
    Customer inquiries, product inquiries, technical inquiries Processing for the purpose of verifying the identity of the inquirer, confirming the inquiry contents, and notifying the processing results.
    Employee personal information Processing for the purpose of receiving suitable labor provision from employees and improving working conditions.

Article 2   Processing and Retention Period of Personal Information

  • The Company processes and retains personal information within the period specified following laws or the period agreed upon when collecting personal information from the information subject.
  • The processing and retention periods for each category of personal information are as follows.
    Retention Item Reason for Retention Retention Period
    Personal information of job applicants Reference for future recruitment 1 year
    Personal information of customer/product/technical inquiries Verification of inquirer's identity, confirmation of inquiry, and notification of processing results Until the inquiry is processed and completed
    Personal information of employees Article 43 of the Industrial Safety and Health Act and Article 107 of the Enforcement Regulations of the same Act (health examination results) 5 years
    Article 85-3, Paragraph 2 of the National Tax Basic Act (year-end settlement) 5 years from the statutory reporting deadline
    Personal information of retired employees Article 39 of the Labor Standards Act and Article 19 of the Enforcement Decree of the same Act 3 years after retirement

Article 3   Provision of Personal Information to Third Parties

  • The company does not provide the personal information of information subjects to third parties.
  • Notwithstanding the provisions of Paragraph 1, if the company has obtained prior individual consent from the information subject, or if there is a request from investigative agencies following the procedures and methods prescribed by law for investigative purposes, the personal information of the information subject may be provided to third parties.

Article 4   Outsourcing of Personal Information Processing

  • To facilitate smooth personal information processing, the Company outsources the following personal information processing tasks.
    Classification Outsourced Entity (Delegatee) Outsourced Tasks
    ERP System Outsourcing KOLON Benit Co., Ltd. Operation and improvement of the ERP system
  • When entering into outsourcing contracts, the Company specifies matters such as the prohibition of personal information processing beyond the outsourcing purpose, technical∙managerial protective measures, restrictions on re-outsourcing, management∙supervision of delegates, liability for damages, etc., in documents such as contracts following Article 25 of the 「Personal Information Protection Act」. The Company also supervises whether the delegate safely processes personal information.
  • If the content of the outsourced tasks or the delegate is changed, we will promptly disclose it through this Privacy Policy.

Article 5   Rights∙Obligations of Informaion Subjects and Legal Representatives and Methods of Exercise

  • Information subjects have the following rights regarding personal information protection at any time.
    • 1) Request for access to personal information
    • 2) Request for correction in case of errors
    • 3) Request for deletion
      However, when the personal information is specified as the collection target in other laws, the deletion cannot be requested.
    • 4) Request for suspension of processing
      However, if any of the following applies, the request for suspension of processing from the information subject may be refused, and in such cases, the reasons must be notified to the information subject within 10 days from the date of the request.
    • When there is a special provision in the law or it is necessary to comply with legal obligations.
    • When there is a risk of harming another person's life or body, or unfairly infringing on another person's property and other interests.
    • When it is difficult to fulfill the contract such as providing the agreed service to the information subject if personal information is not processed, and the information subject has not clearly expressed the intention to terminate the contract.
  • If the information subject requests correction or deletion of personal information, the company will not use or provide the relevant personal information until the correction or deletion is completed.
  • The exercise of rights according to paragraph 1 may be done through a legal representative of the information subject or a person delegated by the information subject. In this case, an authorization form according to the Enforcement Regulations of the Personal Information Protection Act must be submitted.
  • Information subjects must not violate the Personal Information Protection Act or other related laws and infringe on the personal information and privacy of themselves or others that the company is processing.

Article 6   Personal Information Items Being Processed

  • The Company may process the following personal information items.
    Classification Required Items Optional Items
    Recruitment Name, Mobile Number, Email
    Customer Inquiries, Product Inquiries, Technical Inquiries Name, Mobile Number, Email
    Employee List Name, Gender, Date of Birth, Address, Employment History, Date of Employment, Contract Period, and other employment-related information
    Payroll Ledger Name, Resident Registration Number, Date of Employment, Salary, Work Days, Work Hours, Basic Pay, Allowances, etc.

Article 7   Destruction of Personal Information

  • The Company promptly destroys personal information when it becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose.
  • If personal information must be retained under other laws even after the expiration of the agreed retention period or achievement of the processing purpose, the Company moves such personal information to a separate database (DB) or stores it in a different location.
  • The procedure and method for the destruction of personal information are as follows.
    • 1) Destruction Procedure
      The company selects personal information for disposal when the disposal reason arises and obtains approval from the company's personal information protection manager before disposing of the personal information.
    • 2) Destruction Method
      Personal information recorded and stored in electronic file format is destroyed using methods such as low-level formatting to make the records irretrievable. Personal information recorded and stored in paper documents is shredded or incinerated for disposal.

Article 8   Measures for Ensuring the Security of Personal Information

  • To ensure the security of personal information, the following measures are taken.
    • 1)Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.
    • 2)Technical Measures: Access control management of personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs.
    • 3)Physical Measures: Access control of computer rooms and data storage rooms.

Article 9   Personal Information Protection Manager

  • The company is responsible for overseeing tasks related to the processing of personal information and has designated a personal information protection manager to handle complaints and remedies related to the processing of personal information as follows.
    Personal Information Protection Manager Personal Information Protection Department
    Name Kim Mintae Position Ethics Management Team
    Position Division Director of Management Support Contact Person Jeong Jinhee, Manager
    Contact +82) 2-3677-3613 Contact +82) 2-3677-6244
  • Information subjects can contact the personal information protection manager and the responsible department for any inquiries, complaints, or remedies related to personal information protection that arise while using the company's services (or business).
    The company will promptly respond to and address inquiries from information subjects.

Article 10   Remedies for Violation of Rights

Article 11   Request for Access to Personal Information

  • Information subjects can request access to their personal information following Article 35 of the 「Personal Information Protection Act」 to the department below.
    The company will make efforts to promptly process information subjects' requests for access to personal information.
    Department for Receiving and Processing Requests for Access to Personal Information
    Department Ethics Management Team
    Contact Person Jeong Jinhee, Manager
    Contact +82) 2-3677-6244

Article 12   Installation∙Operation of Automatic Collection Devices for Personal Information

  • The company operates 'cookies' and other tools that continuously store and retrieve information from the user's browser.
    Cookies are very small text files sent by the server operating the company's website to the user's browser and stored on the information subject's computer hard drive.
    The company uses cookies for the following purposes.
    • 1) Purpose of using cookies : Analyzing service access frequency, visit time, visit count, etc., for service provision and improvement.
    • 2) Method to refuse cookie settings : Information subjects can control cookie installation.
      Therefore, users can choose to allow all cookies, receive confirmation for each cookie stored, or refuse to store all cookies by configuring options in the web browser.
    • Example of settings (for Internet Explorer) :
      At the top of the web browser, Tools 〉 Internet Options 〉 Privacy 〉 Advanced 〉 Select settings
      • - However, if you refuse to store cookies, some services that require login may be difficult to use.

Article 13   Changes to the Personal Information Processing Policy

  • This Personal Information Processing Policy applies from September 1, 2018.
  • You can check the previous Personal Information Processing Policy below.
    • - Applicable from August 1, 2015, to August 31, 2018 (Click)