Privacy Policy

Daewon Sanup Co., Ltd. (hereafter called the “Company”) is committed to protecting personal information of data subjects in accordance with Article 30 of the Personal Information Protection Act and Personal Information Protection Management Regulations, and has established and disclosed the following personal data processing policy on the Company’s website, to keep the users informed about why and how their personal information is used, and what reasonable approaches are taken to safely collect, secure and process their data.

Article 1. Purpose of Processing Personal Information

The Company will not use the collected information for any other purpose than the following, and in any case where the purpose of use changes, due measures will be taken such as obtaining a separate consent according to Article 18 of the Personal Information Protection Act.
  1. Staff access control, payroll processing and welfare benefit related tasks
  2. Access control of external visitors
  3. Recruiting, HRM, customer complaint handling, dispute resolution, etc.

Article 2. Retention Period and Processing of Personal Information

  1. The Company processes and retains personal information within the personal information retention and processing period in accordance with the relevant laws or the personal information retention and processing period consented when collecting personal information from data subjects.
  2. The life cycle of personal information retention and processing begins when personal information is collected and ends when deleted. The retention period is determined in respective provisions. However, if not specified in the relevant laws, the Company shall follow the standard defined in the table of personal information retention period included in the Standard Personal Information Protection Guideline.

Article 3. Provision of Personal Information to Third Party

  1. The Company processes personal information of the data subjects only within the scope specified in Article 1 (Purpose of Personal Information Processing), and provides personal information to third parties only when it falls under Article 17 of the Personal Information Protection Act as mentioned in the Consent of the Data Subject and special provisions of the law.
  2. The Company discloses personal information to the following third parties.
    1. Financial institutions processing payroll, group life insurance and medical insurance companies and retirement pension firms
    2. Ministry of Employment and Labor, 4 major Social Insurance Scheme agencies (National Pension, Health Insurance, Worker’s Compensation Insurance and Employment Insurance) and health service centers
    3. Travel agencies, education/training centers, advisory bodies and other entrusted parties
  3. Provided information: personally identifiable information, wage, retirement pension deposits, educational training records, unique identifying information of employee’s partner and children for medical insurance policy
  4. Authorized period for the recipient to retain and use personal information: from the day of provision to when the purpose of providing personal information is achieved

Article 4. Entrustment of Personal Information Processing

The Company entrusts part of its work to the outside to provide better services. The personal information that is created by or obtained from the user is stored in the database (physical location is in Korea) owned by Amazon Web Services Inc. (AWS). AWS is only eligible to provide physical maintenance of the servers, and will not have any access to user’s personal information. The Company shall stipulate the matters necessary for the entrusted party to safely store and process personal information and carries out management and supervision to ensure safe processing.

Article 5. Rights and Obligations of Data Subject, and How to Exercise Such Rights

  1. Data subjects may exercise any of the following privacy rights anytime against the Company
    1. Request access to their personal information
    2. Request errors to be corrected if any
    3. Request personal information to be deleted
    4. Suspend processing of personal information
  2. The rights set forth in Paragraph 1 may be exercised in writing, via email and facsimile against the Company, and the Company will process the request without delay. However, the requestor may face challenges at work after deleting his/her personal information.
  3. When data subjects demand that an error in their personal information be rectified or deleted, the Company will not use or disclose related personal information until it is rectified or deleted.
  4. The rights set forth in Paragraph 1 may be exercised by a proxy such as a legal representative or an individual duly authorized by the related data subject, in which case a written power of attorney using Form 11 of the Enforcement Rules of the Personal Information Protection Act shall be submitted.
  5. Data subjects shall not infringe on personal information and privacy of a third party being processed by the Company, in violation of the relevant statutes including the Personal Information Protection Act.

Article 6. Personal Information Items to be Processed

The Company processes the following personal information items.
  1. Necessary information for hiring – name, nationality, address, place of residence and contact information including e-mail address, phone number, cellphone number, and information submitted by job applicants such as family information, educational background, work experience, license and qualifications and language proficiency (including updated information).
  2. Information necessary for the company to fulfill legal obligations
  3. Unique identifying information of employee’s partner and children to sign up for group life insurance and medical insurance policies.
  4. Information the user consented to provide for entrustment
  5. Other personal information related to work: bank account information for monthly wage, sign-up information of group insurance policy, payment history of welfare benefit programs, the duration and previous records of educational trainings, etc.

Article 7. Destruction of Personal Information

  1. The Company immediately destroys any personal information when the retention period expires or the purpose of processing thereof has been achieved and is no longer required.
  2. In the event that personal information needs to be retained pursuant to other laws even if the personal information retention period, to which the data subject consented, has expired, or the purpose of processing thereof has been achieved, the personal information will be moved to a separate database (DB) or storage space.
  3. The procedure and method for the destruction of personal information are as follows.
    1. Destruction procedure: The Company shall select personal information subject to destruction and destroy such personal information with the approval of Chief Privacy Officer.
    2. Destruction method: The Company destroys personal information recorded/stored in electronic file format in a way that renders it impossible to be reproduced. If personal information is recorded/stored in a hardcopy, it will be shredded by a shredding machine or incinerated for destruction.

Article 8. Safeguards for Personal Information

The Company has the following measures in place to safeguard personal information. However, the Company is not responsible for any problems caused by breach of personal information due to user’s inattention or internet and/or communication issues.
  1. Administrative measures: establish and enforce internal control plan, regular staff training, etc.
  2. Technical measures: manage access to personal information processing system, install access control system and security programs, encryption of unique identifying information, etc.
  3. Physical measures: control physical access to computer labs and data storage rooms

Article 9. Chief Privacy Officer and Remedies for Privacy Violation

  1. The Company appoints a Chief Privacy Officer who is accountable for personal information processing operations and handling data subjects’ complaints and remedy damage related to personal information processing.
    1. Chief Privacy Officer
      • Name: Dae-kyoung Kim
      • Job Title: Managing Director of General Affairs
      • Contact: Tel. 031-495-2301 (ext. 214)
    2. Department in charge of personal information
      • Department: General Affairs
      • Contact: Jae-yong Park
      • Contact: Tel. 031-495-2301 (ext. 213)
  2. Data subjects are entitled to contact the Chief Privacy Officer and the department responsible for privacy-related inquiries, complaints, and remedies arising in connection with the use of service and the inquiries will be processed without delay. If you need consultation on other privacy infringements, please contact the following institutions.
    1. Privacy Infringement Reporting Center, Korea Internet & Security Agency (KISA) ( / 118)
    2. Personal Information Dispute Mediation Committee, KISA ( / 1833-6972)
    3. Cyber Crime Investigation Unit, Supreme Prosecutor’s Office ( / 02-3480-3573)
    4. Cyber Terror Response Center., National Police Agency ( / 1566-0112)

Article 10. Request for access to Personal Information

Data subjects may contact the following department to request access to their personal information according to Article 35 of the Personal Information Protection Act. The Company will make its best efforts to promptly process the request.
    1. Department in charge handling requests for access to personal information
      • Division: General Affairs
      • Contact: Jae-yong Park
      • Tel. 031-495-2301 (ext. 213)

Article 11. Revisions in the Privacy Policy

This Privacy Policy was established in October 20, 2022. Users will be notified of any addition, deletion and/or modification hereof in the wake of a change in laws/policies or security technologies with the reasons and contents of the change no later than seven days prior to enforcing the updated Privacy Policy.
    1. Published in October 20, 2022
    2. Enforced in October 20, 2022