KOLON ENP

Article 1 Purpose of Personal Information Processing

The Company processes personal information for the following purposes.

Personal information being processed will not be used for purposes other than those listed below, and if the purpose is changed, separate consent will be obtained in accordance with Article 18 of the Act.

Classification	Purpose
Recruitment inquiries	Processing for the purpose of reference for future recruitment.
Customer inquiries, product inquiries, technical inquiries	Processing for the purpose of verifying the identity of the inquirer, confirming the inquiry contents, and notifying the processing results.
Employee personal information	Processing for the purpose of receiving suitable labor provision from employees and improving working conditions.

Article 2 Processing and Retention Period of Personal Information

The Company processes and retains personal information within the period specified following laws or the period agreed upon when collecting personal information from the information subject.

The processing and retention periods for each category of personal information are as follows.

Retention Item	Reason for Retention	Retention Period
Personal information of job applicants	Reference for future recruitment	1 year
Personal information of customer/product/technical inquiries	Verification of inquirer's identity, confirmation of inquiry, and notification of processing results	Until the inquiry is processed and completed
Personal information of employees	Article 43 of the Industrial Safety and Health Act and Article 107 of the Enforcement Regulations of the same Act (health examination results)	5 years
Personal information of employees	Article 85-3, Paragraph 2 of the National Tax Basic Act (year-end settlement)	5 years from the statutory reporting deadline
Personal information of retired employees	Article 39 of the Labor Standards Act and Article 19 of the Enforcement Decree of the same Act	3 years after retirement

Article 3 Provision of Personal Information to Third Parties

The company does not provide the personal information of information subjects to third parties.
Notwithstanding the provisions of Paragraph 1, if the company has obtained prior individual consent from the information subject, or if there is a request from investigative agencies following the procedures and methods prescribed by law for investigative purposes, the personal information of the information subject may be provided to third parties.

Article 4 Outsourcing of Personal Information Processing

To facilitate smooth personal information processing, the Company outsources the following personal information processing tasks.

Classification	Outsourced Entity (Delegatee)	Outsourced Tasks
ERP System Outsourcing	KOLON Benit Co., Ltd.	Operation and improvement of the ERP system

When entering into outsourcing contracts, the Company specifies matters such as the prohibition of personal information processing beyond the outsourcing purpose, technical∙managerial protective measures, restrictions on re-outsourcing, management∙supervision of delegates, liability for damages, etc., in documents such as contracts following Article 25 of the 「Personal Information Protection Act」. The Company also supervises whether the delegate safely processes personal information.
If the content of the outsourced tasks or the delegate is changed, we will promptly disclose it through this Privacy Policy.

Article 5 Rights∙Obligations of Informaion Subjects and Legal Representatives and Methods of Exercise

Information subjects have the following rights regarding personal information protection at any time.
- 1) Request for access to personal information
- 2) Request for correction in case of errors
- 3) Request for deletion
  However, when the personal information is specified as the collection target in other laws, the deletion cannot be requested.
- 4) Request for suspension of processing
  However, if any of the following applies, the request for suspension of processing from the information subject may be refused, and in such cases, the reasons must be notified to the information subject within 10 days from the date of the request.
- When there is a special provision in the law or it is necessary to comply with legal obligations.
- When there is a risk of harming another person's life or body, or unfairly infringing on another person's property and other interests.
- When it is difficult to fulfill the contract such as providing the agreed service to the information subject if personal information is not processed, and the information subject has not clearly expressed the intention to terminate the contract.
If the information subject requests correction or deletion of personal information, the company will not use or provide the relevant personal information until the correction or deletion is completed.
The exercise of rights according to paragraph 1 may be done through a legal representative of the information subject or a person delegated by the information subject. In this case, an authorization form according to the Enforcement Regulations of the Personal Information Protection Act must be submitted.
Information subjects must not violate the Personal Information Protection Act or other related laws and infringe on the personal information and privacy of themselves or others that the company is processing.

Article 6 Personal Information Items Being Processed

The Company may process the following personal information items.

Classification	Required Items	Optional Items
Recruitment	Name, Mobile Number, Email
Customer Inquiries, Product Inquiries, Technical Inquiries	Name, Mobile Number, Email
Employee List	Name, Gender, Date of Birth, Address, Employment History, Date of Employment, Contract Period, and other employment-related information
Payroll Ledger	Name, Resident Registration Number, Date of Employment, Salary, Work Days, Work Hours, Basic Pay, Allowances, etc.

Article 7 Destruction of Personal Information

The Company promptly destroys personal information when it becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose.
If personal information must be retained under other laws even after the expiration of the agreed retention period or achievement of the processing purpose, the Company moves such personal information to a separate database (DB) or stores it in a different location.
The procedure and method for the destruction of personal information are as follows.
- 1) Destruction Procedure
  The company selects personal information for disposal when the disposal reason arises and obtains approval from the company's personal information protection manager before disposing of the personal information.
- 2) Destruction Method
  Personal information recorded and stored in electronic file format is destroyed using methods such as low-level formatting to make the records irretrievable. Personal information recorded and stored in paper documents is shredded or incinerated for disposal.

Article 8 Measures for Ensuring the Security of Personal Information

To ensure the security of personal information, the following measures are taken.
- 1)Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.
- 2)Technical Measures: Access control management of personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs.
- 3)Physical Measures: Access control of computer rooms and data storage rooms.

Article 9 Personal Information Protection Manager

The company is responsible for overseeing tasks related to the processing of personal information and has designated a personal information protection manager to handle complaints and remedies related to the processing of personal information as follows.

Personal Information Protection Manager		Personal Information Protection Department
Name	Kim Mintae	Position	Ethics Management Team
Position	Division Director of Management Support	Contact Person	Jeong Jinhee, Manager
Contact	+82) 2-3677-3613	Contact	+82) 2-3677-6244

Information subjects can contact the personal information protection manager and the responsible department for any inquiries, complaints, or remedies related to personal information protection that arise while using the company's services (or business).
The company will promptly respond to and address inquiries from information subjects.

Article 10 Remedies for Violation of Rights

Information subjects can inquire about remedies, consultations, etc., for personal information breaches from the following institutions.
- ‣ Personal Information Infringement Report Center : 118 (no area code required) (https://privacy.kisa.or.kr)
- ‣ Personal Information Dispute Resolution Committee : 118 (no area code required) ( http://privacy.kisa.or.kr)
- ‣ Supreme Prosecutors' Office : 02-3480-3573 (http://www.spo.go.kr)
- ‣ Korean National Police Agency : 182 (no area code required) (https://ecrm.cyber.go.kr/minwon/main)

Article 11 Request for Access to Personal Information

Information subjects can request access to their personal information following Article 35 of the 「Personal Information Protection Act」 to the department below.
The company will make efforts to promptly process information subjects' requests for access to personal information.

Department for Receiving and Processing Requests for Access to Personal Information
Department	Ethics Management Team
Contact Person	Jeong Jinhee, Manager
Contact	+82) 2-3677-6244

Article 12 Installation∙Operation of Automatic Collection Devices for Personal Information

The company operates 'cookies' and other tools that continuously store and retrieve information from the user's browser.
Cookies are very small text files sent by the server operating the company's website to the user's browser and stored on the information subject's computer hard drive.
The company uses cookies for the following purposes.
- 1) Purpose of using cookies : Analyzing service access frequency, visit time, visit count, etc., for service provision and improvement.
- 2) Method to refuse cookie settings : Information subjects can control cookie installation.
  Therefore, users can choose to allow all cookies, receive confirmation for each cookie stored, or refuse to store all cookies by configuring options in the web browser.
- ᆞ Example of settings (for Internet Explorer) :
  At the top of the web browser, Tools 〉 Internet Options 〉 Privacy 〉 Advanced 〉 Select settings
  - - However, if you refuse to store cookies, some services that require login may be difficult to use.

Article 13 Changes to the Personal Information Processing Policy

This Personal Information Processing Policy applies from September 1, 2018.
You can check the previous Personal Information Processing Policy below.
- - Applicable from August 1, 2015, to August 31, 2018 (Click)

Privacy Policy

Policy for Personal Information Processing
and Protection

KOLON ENP Co., Ltd. Personal Information Processing Policy