CelloLogistics.com Privacy Policy

[CelloLogistics.com Privacy Policy]

v1.3.0 -  Effective From November 27,2019

Samsung SDS Co., Ltd. (hereinafter referred to as the "Company") provides this Privacy Policy to inform www.cellologistics.com users of its policies regarding the collection, use and disclosure of information we receive to protect users’ personal information and quickly resolve issues they might have on the matter.

Article 1 Purposes of Processing Personal Information
The Company processes personal information for the following purposes. The personal information we manage will not be used for purposes other than those set out below. We will ask for your consent if there are any updates or changes in the purposes of this Privacy Policy.

1. To administer website membership and provide member services
We process your personal information to process your application for membership, identify/authorize your access to the website, manage your account, give notifications and help your inquiries.
1) To provide general services
2) To provide Express services
2. To provide services related to conferences, seminars
We process your personal information to register (pre-registration, on-site registration) for conferences/seminars and to improve our services by analyzing customer data.
3. To handle customer inquiries
We process your personal information to check a customer’s identification/inquiries, contact/notify facts, respond to inquiries and notify results.
4. To send marketing materials and newsletters (promotional information) via email
We provide information on logistics market indicators/trends, white papers, events (conferences, seminars, etc.) via email.
5. To run shared growth programs
We process your personal information to register for the Company's shared growth programs and operate the programs.

Article 2 Items of Personal Information to be Processed
The Company processes the following items of personal information.

1. Administering website membership
1) General service members
Required information: Email, Password, Name, Country, Company Name, Company Type
2) Express service members
Required information: Email, Password, Name, Mobile Number, Country, Company Name, Department
2. Providing conference/seminar services
Required information: Name, Email, Company Name, Company Type, Mobile Number, Department, Job Title
3. Handling customer inquiries
Required information: Name, Country, Company Name, Company Type, Email
4. Sending marketing materials and newsletters (advertising information)
Optional information: Email
5. Running shared growth programs
Required information: Name, Company Name, Job Title, Mobile Number, Email
In the process of using internet services, the following personal information can be automatically collected.
- IP address, used service data, log data
- Cookies (Identity, Session, Referral)

Article 3 Method of Personal Information Collection
1. The Company collects one’s personal information when the user agrees on the collection and types in his or her information in the process of applying for a membership and using services.
2. The Company collects one’s personal information when the user agrees on the collection and types in his or her information in the process of pre-registering/ registering on-site for conferences/seminars.
3. Your personal information may be collected in the process of registering inquiries.
4. The Company collects one's personal information when the user agrees on the collection and types in his or her information in the process of applying for shared growth program sessions.

Article 4 Processing and Retention of Personal Information
1. The Company retains personal information for the period allowed under the relevant laws and regulations or agreed by users when collecting their personal information.
2. Period of personal information processing and retention is as follows:
1) For membership management: 90 days after the user’s withdrawal from its membership
2) For providing conference/seminar services: A year from the point of registration
3) For handling customer inquiries: A year from the point of inquiry
4) For running shared growth programs: A year from the point of registration
However, in case of the following events, the retention period will be extended until the end of these events.
1) In the event where an investigation is underway due to violation of relevant laws: Until the investigation ends
2) In the event where debt remains regarding the use of the website: Until the debt is paid
3. In the event where goods or services are provided: Until the provision of the goods or services is completed, fees are paid and settled.

Article 5 Provision of Personal Information to a Third Party
1. The Company processes personal information within the scope specified in this Privacy Policy and provides it to a third party only when consent is given by the user concerned or the provision is subject to a law or regulation.
2. The Company provides personal information to a third party as below when a user’s inquiry requires engagement by an overseas logistics entity provided that the user has given a prior consent.
- Third party which will be provided with personal information: Samsung SDS’s Overseas logistics offices
- Purpose: To process customer inquiries
- Personal information items to be provided: Name, Country, Company Name, Company Type, Email
- Retention Period: Until the inquiries are processed

Article 6 Using Data Processor
1. The Company uses data processor to handle and manage certain user information as follows to improve service quality.
1) Purpose: For services related to conferences and seminars
- Data Processor: THEGOODMARKETING Co., Ltd
- Tasks performed: Sending text messages on guides to conferences/seminars, making name tags, checking one’s identity, figuring out the number of registrations (pre-registration, on-site registration), etc.
2) The Company uses a data processor to run its shared growth programs.
- Data Processor: Multicampus Co., Ltd.
- Tasks performed: Membership management (assigning user name & password), session operation
2. The company shall ensure that the data processor abides by at least the same level of protection for user’s personal information on following: prohibition of handling personal information for purposes other than conducting entrusted tasks, technical and managerial protection measures, restriction of re-entrustment, management and supervision over the entrusted company and compensation for damages.
3. If any change is made in the contents of entrusted tasks or the entrusted company, such information shall be reported through this privacy policy.

Article 7 International Transfer of Personal Information
1. The Company shares some of the personal information with an external service provider.
1) We use an online marketing solution (Eloqua) when we send email newsletters (promotional information).
- Transferred personal information: Email
- Transferred to: Oracle Corporation
Chief Privacy Officer, Oracle Corporation, 10 Van de Graaff Drive,
Burlington, MA 01803 USA
http://www.oracle.com/legal/privacy/services-privacy-policy.html
- Country to which personal information is transferred: Australia
- Time & method of transfer: Transfer to a server overseas via network when sending an email
- Retention / Use period: 1 year from the registration
2) We transfer information if a user consents to receiving email newsletters. Other personal information is not transferred outside the country.

Article 8 Users’ Rights/Obligations and Methods of Exercising Rights
1. Users can exercise the rights regarding personal information protection below at any time.
1) To require the Company to allow the user to view his or her personal information
2) To request the Company to correct errors in his or her personal information
3) To request the Company to delete his or her personal information
4) To request the Company to stop processing his or her personal information
2. Users can exercise their right regarding 1.1) via paper, call, email or fax, and the Company will respond to it without delay.
3. When a user has requested the Company to correct errors or delete his or her personal information, the Company does not provide the user’s personal information until the Company completes the correction or deletion.
4. Users should not infringe on privacy of others by violating relevant laws and regulations, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., Personal Information Protection Act.

Article 9 Installation, Operation and Refusal of Cookies
The Company uses cookies to store and load user information, thereby providing personalized and customized service.

1. Purpose of using cookies
Cookies are used to analyze visit frequency or time of members/non-members, tracking users’ interests and figuring out how frequently one has participated in events in order to provide targeted marketing and customized services.
2. Types of cookies
Cookie: __utma - Name: Identity cookie ? Expiration: 2 years from set/update
Used to distinguish users and session.
Cookie: __utmb - Name: Session cookie ? Expiration: 30 years from set/update
Used to determine new sessions/visits.
Cookie: __utmc - Name: Session cookie ? Expiration: End of browser session
Used to determine new sessions/visits.
Cookie: __utmz - Name: Referral cookie ? Expiration: 6 months from set/update
It stores the traffic source or campaign that explains how the user reached your site.
You can check the latest information on cookies at Google Analytics site below:
http://code.google.com/intl/en/apis/analytics/docs/concepts/gaConceptsCookies.html
3. How to Block Cookies
Users can block cookies. If you block cookies, however, you may not be able to use certain features on the website.
(Setting, IE) Click Tools in the top bar > Internet Options > Privacy > Block Cookies

Article 10 Destruction of Personal Information
1. The Company, without delay, destroys the relevant information, once the personal information of customers is no longer necessary, for reasons such as the lapse of the personal information retention period and/or the achievement of the purpose of handling and management of personal information.
2. However, if personal information must be stored in accordance with other laws, the corresponding personal information is transferred to a separate database (DB) or stored in a different storage place.
3. Detailed destruction procedures and methods are as follows:
1) Destruction procedures
The Company selects personal information to be destroyed, and destroys such information upon the approval of the personal information supervisor of the company.
2) Destruction methods
The personal information saved in an electronic file format is deleted with the use of technical methods in which records cannot be regenerated. The personal information printed out in sheets is to be shredded by paper shredders or destroyed by way of incineration.

Article 11 Security Measures
The Company takes the following technical, administrative, and physical measures needed to ensure security of personal information:

1. Establish and Execute internal management plans
2. Reduce the number of employees in charge of handling personal information and train them
3. Restrict access to personal information: The Company takes the necessary steps to monitor access to personal information. This is done by granting, changing, and removing the access to database system where personal information is handled. The Company also deploys and uses an intrusion prevention system to control unauthorized access.
4. Keep access records and prevent tampering: The Company retains records of access to the personal information handling system (e.g. web log and summary data) for at least 5 years and uses security features to prevent tampering, theft and any loss of access records.
5. Take technical measures against hackers: To prevent the loss, destruction of, or damage to personal data caused by hackers or computer viruses, the Company has installed security software that has regular updates and monitoring. In addition, the Company has also installed a system in off-limits areas for technical/physical monitoring and blocking. Furthermore, the Company also provides network traffic monitoring and the detection of any attempts to, for example, make illegal changes to information.
6. Monitor and control unauthorized access

Article 12 Data Protection Officer
1. The Company appoints the following officers and departments which take responsibility in protecting personal information, handling complaints on the matter and resolving damages.
▶ Data Protection Officer
People in Charge: Senior Professional Kidong Kang
Contact: +44-19-3282-3456, kidong.kang@samsung.com
▶ Chief Privacy Officer
Name: Jooho Lee
Position: Leader of Solution Group (Cello Platform)
Contact: +82-2-6484-1001, mingo74.lee@samsung.com
▶ Private Data Protection Departments
Department: Solution Group (Cello Platform) of Development Office
People in Charge: Senior Engineer Daeseok Yoo, Consultant Seungyong Baik
Contact: +82-2-6484-1654, syoung.baik@samsung.com

Department: Marketing Group of Logistics Business Unit
People in Charge: Senior Engineer Kimoon Seo, Engineer Minkyung Song
Contact: +82-2-6484-1782, km.seo@samsung,com
2. Users can file complaints related to privacy and security issues that may arise from their use of the Company’s services to the Chief Data Protection Officer and relevant departments. The Company will promptly provide satisfactory answers to users’ complaints.

Article 13 Changes in This Privacy Policy
1. This Privacy Policy (v1.3.0) will be effective as of November 27, 2019.
2. If revisions are made to this Privacy Policy to add, delete or modify details, we will provide you with a 7-day prior notice by posting notice of the change on the ‘Notification’ page of our website.

Version number of this Privacy Policy: v1.3.0
Effective date: November 27,2019