Digital Responsibility

Privacy

Privacy

We appointed our Chief of Privacy Officer(CPO) to proactively respond to the privacy and issues related to personal information protection.

In accordance with the Personal Data Protection Act, inspections of the implementation status of personal information protection policies are conducted and the Personal Data Protection Council is convened every year. We are fully aware of the importance of data privacy and personal information protection and have adopted various stringent measures to ensure safe and secure digital responsibilities.

Customer Personal Information Protection Principles

  • Disclose transparently at all time

    Purpose, management, and disposal of collected data is disclosed transparently and provide details to users.

  • Minimize data collection and retention and manage the data responsibly.

    The company commits to deleting data after a defined amount of time and does not collect personal data from third parties (except when required by law). Company does not rent, sell, or provide personal data to third parties or purposes other than completing transactions/services. Through access control and protection, personal information can be safely stored.

  • Rights provided to individuals regarding the control of their data

    Users have right of access, rectification and deletion of individuals' data.

Operation of Dedicated Privacy Teams

Legal Service Team > Privacy Management Group > Personal Information Protection Council > System Operation Organizations Handling Personal Information > System 1 - Person in Charge | System 2 - Person in Charge ... System N - Person in Charge Legal Service Team > Privacy Management Group > Personal Information Protection Council > System Operation Organizations Handling Personal Information > System 1 - Person in Charge | System 2 - Person in Charge ... System N - Person in Charge

Personal Information Protection Activities

Policy
  • Establish operational standards and guidelines for privacy
  • Develop processes in case of data leakage
Legislation
  • Study and monitor constantly evolving trends and legal landscape around privacy
Training
  • Train employees who are responsible for privacy
  • Provide privacy guidelines for all employees to raise awareness
Audit
  • Regular audit on operation and application of data privacy and personal information policy
  • Take immediate actions in case of necessity

Data Breach/ Incident Response Plan

Samsung SDS has a swift and systematic response to incidents of personal information breaches in accordance with the Personal Information Protection Act. Upon detecting the breach of personal information, Samsung SDS immediately formulates response measures, and operates the breach response process. Disciplinary measures against violators and persons responsible for violations of the Personal Information Protection Act, such as the leakage of personal information, in accordance with the standards for violation of compliance.
Samsung SDS is committed to making every effort to prevent the leakage of personal information and to minimize any damage in the event of a breach.

  • Incident reporting
  • Task force to response
  • Emergency response
  • Notification to subject
  • Personal information breach report
  • Customer complaint response
  • Recurrence prevention plan
  • Personal Information System(PIS) Personal Information System(PIS) allows to track compliance against domestic and international regulations, and examines inspection history regarding privacy and personal data.
  • Privacy Policy Training Employees whose job is relevant to privacy are required to complete annual training on privacy and personal data protection.
Share