Samsung SDS Privacy Policy

[V 2.0] JAN 14. 2016

Select

[V 7.0] February 7, 2024 [V 6.2]December 22, 2023 [V 6.1] April. 26. 2023 [V 6.0] March 7, 2023 [V 5.1] October 14, 2022 [V 5.0] April 8, 2022 [V 4.1] August 30, 2021 [V 4.0] April 30, 2021 [V 3.7] May 19, 2020 [V 3.6] January 16, 2020 [V 3.5] January 14, 2020 [V 3.4] August 1, 2018 [V 3.3] July 15, 2018 [V 3.2] April 5, 2018 [V 3.1] JUL 12, 2017 [V 3.0] DEC 31, 2016 [V 2.1] MAR 18. 2016 [V 2.0] JAN 14. 2016 [V 1.9] NOV 16. 2015 [V 1.8] JUL 2. 2015 [V 1.7] NOV 27. 2014 [V 1.6] OCT 15. 2014 [V 1.5] SEP 4. 2014

Samsung SDS Co., Ltd. (hereinafter called “Company”) is committed to protect our users’ personal information and also to comply with the Act on Promotion of Information and Communication Network Utilization, and Information Protection and the Personal Information Protection Act. This privacy policy describes exactly how and why the Company collects and uses personal information from its users. Additional measures are then taken to protect their personal information. Through notices on individual notices, the Company will inform our clients if there are any changes to its privacy policy.

The Company’s privacy policy as follows:

  1. 1. What and How Personal Information is Collected
  2. 2. For What Purpose We Collect and Use Personal Information
  3. 3. Sharing and Provision of Collected Personal Information
  4. 4. Use of Third Party for Handling of Personal Information
  5. 5. Retention Period of Personal Information
  6. 6. Procedure and Methods for the Disposal of Personal Information
  7. 7. Measures to Ensure the Security of Personal Information
  8. 8. User’s or Legal Representative’s Rights and How to Exercise Them
  9. 9. Installation and Operation, or Refusal to Install or Operate, the Means of Automatically Collecting Personal Information
  10. 10. Chief Privacy Officer, Department Name and Contact Information
  11. 11. Duty to Notify

This policy takes effect on January 14, 2016.

1. What and How Personal Information is Collected

Information We Collect

The Company collects the following personal information for administrative purposes. This includes inquiries related to the Company, inquiries related to services/products, investment inquiries, job-related inquiries, website-related inquiries, reports on wrongful practices, and security reports.

Inquiries
- Required Information
  : Name, company name, e-mail, contact information
- Refusal of Consent and Disadvantages
  : You have the right to refuse your consent for any data collection of information.
    However, your refusal will restrict our ability to answer your inquiries.
Reporting Wrongful Practices
- Required Information : Not applicable
- Optional : Name, contact information, e-mail
- Refusal of Consent and Disadvantages
  : You have the right to refuse to have your personal information collected. You will still can report security violations anonymously.
Security Report Center (Reporting)
- Required Information : Not applicable
- Optional : Name, contact information, e-mail
- Refusal of Consent and Disadvantages
  : You have the right to refuse to have your personal information collected. You will still can report security violations anonymously.
     However, if you refuse to provide your personal information, your report may not be processed in a timely manner.

How We Collect Information

The Company collects personal information through the following means
- “Inquiries,” “Reporting Wrongful Practice s,” and “Security Report Center” menus on its website.

The Purpose for Collecting and Using Personal Information

2. For What Purpose We Collect and Use Personal Information

To respond to and manage customer inquiries, reports on wrongful practices, and security reports
- The company is also able to provide feedback on and manage company-related inquiries.
These inquiries include, services/products, investment inquiries, job-related inquiries, website-related inquiries, reports on wrongful practices, and security reports.

3. Sharing and Provision of Collected Personal Information

In principle, the Company does not disclose any of the personal information collected; however, the following are exceptions
- If the user has given consent to disclose information in advance; or
- If the disclosure is required by law or requested by a law enforcement agency for investigative purposes in accordance with legal or criminal activities.

4. Use of Third Party for Handling of Personal Information

In principle, the Company does not use a third party to handle any of our users’ personal information; however, the following are exceptions:
- If the user has given consent to disclose information in advance; or
- If the disclosure is required by law or requested by a law enforcement agency for investigative purposes in accordance with legal or criminal activities

5. Retention Period of Personal Information

The company destroys the information as soon as it receives feedback on customer inquiries, reports on fraud, and security-related complaints.

6. Procedure and Methods for the Disposal of Personal Information

Upon fulfilling the purposes of collecting and using personal information, the Company immediately disposes the information.
The following describes the procedure and methods for disposal

Disposal Procedure
- The information customers provided will be stored for a certain period of time and then disposed of as soon as the purposes of collecting the information are fulfilled, under the Company’s policy (see Retention Period of Personal Information).
- he said information will not be used for purposes other than retention unless required by law.
Disposal Method
- The personal information printed in paper will be destroyed by either shredded or burned.
- The personal information stored in electronic files will be deleted using the technical methods that prevents the retrieval of records from replaying.

7. Measures to Ensure the Security of Personal Information

The Company takes the following technical, administrative, and physical measures needed to ensure security:

Establishment and Execution of Internal Management Plan
- The Company establishes an internal management plan and executes it to protect personal information. Reducing and Training Personal for the Handling of Information - The Company appoints and reduces the number of employees who handle personal information, and implements measures to manage personal information more efficiently.
Restrictions on Access to Personal Information
- The Company takes the necessary steps to monitor access to personal information. This is done by granting, changing, and removing the access to database systems where personal information is handled. The Company also deploys and uses an intrusion prevention system to control unauthorized access.
Keeping Access Records and Preventing Tampering
- The Company retains records of access to the personal information handling system (e.g. web log and summary data) for at least 6 months and uses security features to prevent tampering, theft and any loss of access records
Technical Measures against Hackers
- To prevent the loss, destruction of, or damage to personal data caused by hackers or computer viruses, the Company has installed security software that has regular updates and monitoring.
In addition, the Company has also installed a system in off-limits areas for technical/physical monitoring and blocking. Furthermore, the Company also provides network traffic monitoring and the detection of any attempts to, for example, make illegal changes to information.
Unauthorized Access Monitoring
- To prevent the loss, destruction of or damage to personal data caused by hacking or computer viruses, the Company has installed security software and implements regular updates and monitoring. In addition, the Company has also installed a system in off-limits areas for technical/physical monitoring and blocking. Furthermore, the Company also provides network traffic monitoring and the detection of any attempts to, for example, make illegal changes to information.

8. User’s or Legal Representative’s Rights and How to Exercise Them

Users and their legal representatives can access or edit their personal information provided to the Company anytime they want. Once a request to access, edit or delete personal information is made to the Privacy Officer by phone or by e-mail, the officer will immediately confirm the requester’s identity and take appropriate action.

If the user request has made an error in personal information that wants to be modified, the information will not be used or provided until the modification has been completed. In addition, if false personal information has been already provided to a third party, the Company will immediately notify the third party, so that corrections can be immediately made. Personal information that is cancelled or deleted, from the request of the user or their legal representative, will be handled and described as “Retention Period of Personal Information”. This information will not be accessed or used for any other purpose.

9. Installation and Operation, or Refusal to Install or Operate, the Means of Automatically Collecting Personal Information

The Company does not use any means of collecting the personal information created when cookies or other internet services are used.

10. Chief Privacy Officer and Department

The Company appoints the following department and officers to protect personal information and handles complaints relating to personal information.

Chief Information Security Officer
- Name : Vice President Jayseok Lee
- Telephone : 82-2-6155-0119
- E-mail : infosec@samsung.com
Chief Privacy Officer
- Name : Group Leader Yoon Gi-Wone
- Telephone : 82-2-6155-6203
- E-mail : gw_yoon@samsung.com
Privacy Officer
- Name : Senior Specialist Moon Sea-Sun
- Telephone : 82-2-6155-1034
- E-mail : seasun.moon@samsung.com
Users can file complaints related to privacy and security issues that may arise from their use of the Company’s services to the Chief Privacy Officer or the responsible department. The Company will promptly provide satisfactory answers to users’ complaints. If you need to report any privacy infringement or need additional counseling, please contact the following:
- Privacy Infringement Report Center (www.118.or.kr/118)
- Privacy Mark Certification Committee (www.eprivacy.or.kr/82-2-580-0533~4)
- High-tech Crime Investigation Division of Supreme Prosecutor’s Office (http://www.spo.go.kr/82-2-3480-2000)
- Cyber Terror Response Center of Korea National Police Agency (www.netan.go.kr/82-1566-0112)

11. Duty to Notify

If the Company makes any additions, deletions, or changes to the present Privacy Policy, it will notify through “Notices” on its website at least seven (7) days prior to such changes.




Privacy Policy Version: V.2.0
Privacy Policy Effective Date: October 1, 2012
Latest Update to Privacy Policy: January 14, 2016

Share