Samsung C&T Corporation’s Engineering and Construction Group (hereinafter referred to as the “Company”) established and disclosed the following privacy policy so as to protect the personal data of a subject of information, and to deal with corresponding grievances promptly and efficiently pursuant to Article 30 of the Personal Information Protection Act.

The Privacy Policy is established in connection to the personal information provided by job applicants, clients, visitors, customers requesting online consultation or making enquiries on the company’s representative webpage (http://www.secc.co.kr), partners’ employees, and onsite hired workers. In the case of those signing a Raemian contract, those purchasing Raemian products, those moving in Raemian products, and the Raemian webpage’s (http://www.raemian.co.kr) users, please refer to the privacy policy notified on the webpage.

Article 1 (Purpose of Personal Data Handling)

The Company shall handle personal information for the purposes stated below, and the personal data being handled shall not be put to use for any other purpose. Where change is made to the purposes, the Company shall take necessary measures, such as receiving a separate consent in accordance with the relevant laws.

• 1. Personal Information of Job Applicants
  It shall be handled, with an aim of notifying recruitment-related information, including the implementation of a recruitment type and the result of each process stage.
• 2. Personal Information of Clients
  
  • 1) Contracted Clients (Corporations & Individuals)
    It shall be handled, with an aim of signing and fulfilling a contract, registering the corresponding information into the internal system, conducting tasks entrusted by the Client, and complying with other relevant laws.
  • 2) Visitors to Business Places
    It shall be handled, with an aim of facilitating seamless work depending on the purpose of a visit, dealing with security matters, having under control parking, and preventing infectious disease.
  • 3) Representative Webpage Users
    It shall be handled, with an aim of receiving claims of a subject of information through the online CS Center and responding to the enquiries, and an aim of receiving claims in light of the company’s businesses, responding to the enquiries thereof.
• 3. Personal Information of Partners’ Employees (Subcontractors or Suppliers)
  
  • 1) Partners’ Employees in charge of Contracting
    It shall be handled, with an aim of participating in bidding, entering into & delivering agreement, submitting an estimation, controlling supplies, issuing tax invoices, carrying out settlement work for payment, offering evaluation & training sessions for subcontractors and suppliers, and sending out notices and official documents, etc.
  • 2) Partners’ Employees (Technicians)
    It shall be handled, with an aim of complying with obligations under relevant laws, checking personal health status and appropriate job placement, managing labor attendant, controlling safety & health, and dealing with industrial accidents, etc.
• 4. Personal Information of Onsite Hired Workers
  It shall be handled, with an aim of complying with obligations under relevant laws, checking personal health status and appropriate job placement, managing labor attendant, controlling safety & health, handling mutual retirement aid funds, and dealing with industrial accidents, etc.
• 5. Personal Information of Retiring Employees
  It shall be handled, with an aim of paying the severance pay, issuing all kinds of certificates, and claiming & settling personal ∙retirement pension, etc.

Article 2 (Personal Information Handling & Retention Period)

• ① Where the Company collects the personal data of a subject of information or the retention∙use periods according to laws, it shall handle∙keep the personal information within the retention∙use periods agreed.
• ② Respective personal information handling methods and retention periods are as follows.

• 1. Personal Information of Job Applicants: 180 days as of the date when hiring is confirmed
  However, the privacy policy for employees shall be observed at the time of hiring.
• 2. Personal Information of Clients
  • 1) Contracted Clients (Corporations & Individuals): It relates to the fulfilment or termination of a contract. It is held until the end of the company’s support
  • 2) Visitors to Business Sites
    [Where visiting the HQ]
    - Entrance Record: 1 month after a visit
    - Name, Company, Vehicle Number (in the case of on premise parking): 1 month after a visit
    - CCTV Filming at Restricted Zone: 5 days after filming
    [Where visiting a Site]
    - Name, Mobile Number, Vehicle Number (Where it is used): Until the completion of the applicable project
    * Other items excluding the above shall abide by the retention period set forth in the consent on the personal data collection & use of visitors to each site
  • 3) Customers using the Online CS Center and Make an Enquiry option on the Representative Webpage: 1 year after being finished with consultation
• 3. Personal Information of Partners’ Employees: Until the completion of registering a pool of the company’s partners except for the following cases

  - Where it is required to see a doctor, receive treatment, apply for hospitalization, and take follow-up measures due to the occurrence of an accident: Until the completion of handling the case

  - Where a retention period is set according to related laws, such as the Industrial Safety and Health Act: Until the applicable retention period

  - Information related to onsite labor attendant: 1 year upon completion of the site work

  - Information confirming whether to complete HSE training: 1 year upon completion of the site work

• 4. Personal Information of Onsite Hired Workers: 5 years upon the employment contract’s termination except for the following cases

  - Where it is required to see a doctor, receive treatment, apply for hospitalization, and take follow-up measures due to the occurrence of an accident: Until the completion of handling the case

  - Where a retention period is set according to related laws, such as the Industrial Safety and Health Act: Until the applicable retention period

  - Information related to onsite labor attendant: 1 year upon completion of the site work

  - Information confirming whether to complete HSE training: 1 year upon completion of the site work

• 5. Personal Information of Retired Executives & Employees:

  - Name, DOB, Contact, Address, Working History for the issuance of individual certificates: Until a subject of information makes a request for deletion

  - Savings Account Number for claiming/settling severance pay & individual∙retirement pensions, etc., Local Registration Number (or Foreigner Registration Number, Passport Number): 1 year after retirement

Article 3 (Outsourcing & International Transfer of Personal Information)

• ① The Company outsources personal information handling jobs to the following external professional companies for seamless handling of personal information. Where the company is changed, the name will be announced.
  [Outsourced work]
  - Medical Checkup for Job Applicants & Retired Executives
  - Entrance Log & CCTV Operation: S-1
  [Outsourced Company]
  - Designated hospitals, such as : Kangbuk Samsung Hospital, Samsung Changwon Hospital
  ※ In terms of on-site visits, assignees for the security of each site’s facilities
  Development, Operation and Maintenance of the Representative Webpage: Samsung SDS, Media4th & Company
  Development, Operation and Maintenance of Partners’ Management System and Projects Management System: Samsung SDS, Miracom, Inc., Soft Lab Management of Onsite Labor Attendant & Assistance with Operation of Labor Attendant Management Equipment: Companies establishing the labor attendant system contracted per site, such as S-1, Doall-tech, ID convergence
  Application for and Implementation of HSE Training for Onsite Hired Workers: HSE Professional Training Centers (Construction Basic OSH Training Institute, Korea Temporary Equipment Association, Korea Occupational Safety and Health Agency, etc.)
  Payment of Severance Pay for Retired Executives & Employees, Issuance of Personal Certificate, and Lodgment & Settlement of Personal∙Retirement Pensions: Etners
  Operation of Safety Training Management System for Onsite Visitor: Soft Lab
  Statistical Analysis of Webpage User: Google, Inc.
  AI Video Interview Service: Genesis Lab, Inc.
• ② Pursuant to Article 26 of the Personal Information Protection Act, when entering into an outsourcing agreement, the Company shall specify the following responsibilities in the contract: the prohibition of handling personal information excluding the outsourced purpose; technical•administrative safeguards; limitation to secondary outsourcing; monitoring•supervision for the outsourced company; and compensation of damages. Also, the Company shall keep under monitoring whether the outsourced company handles personal information in a safe manner.
• ③ When it comes to some of the personal information, this is stored in and entrusted to international companies for the provision of services and enhancement of user’s convenience.
  • Name & contact of company where information is transferred: Google Inc. (https://analytics.google.com/)
  • Country where information is transferred: The United States
  • Date & method of transfer: Sending through the network when visitors use services on the website
  • Personal information items to be transferred: Cookie, Data related to Device’s Browser, IP Address, Site/App Activity Logging (Failure to send personal identification information)
  • Purpose of Recipient & Period of Retention•Use: It is to perform statistical measurement in terms of users’ interactions occurring on websites (Roles of providing and maintaining the security of IP Address services and of notifying the information of a user’s access country), 38 months to archive the data of users and events

Article 4 (Provision of Personal Information to Third Party)

• ① The Company shall deal with the personal data of a subject of information within the scope stipulated Article 1 (Purpose of Personal Data Handling), and provides personal information to a third party only when applicable to Article 17 of the Personal Information Protection Act, where a consent is obtained from the subject or special provisions exist. Furthermore, the provision of local registration numbers is applicable only when there is a legal basis.
• ② The Company shall provide personal information to third parties as below.

• 1. Personal Information of Job Applicants
  
  • - Whom to be Provided: Vendors which look up educational background∙ working experience, such as First Advantage, Nterway Partners, National Student Cleaning House, Confucius Institute in Seoul, AuraData, British Council in Korea.
    - Purpose of Provision: to verify a job applicant’s qualifications and degrees and conduct a Reference Checking
    - Item of Provision: Name, DOB, Telephone Number, Educational Background, Working Experience
    - Retention & Use Period: Until fulfilling the use purpose
• 2. Personal Information of Visitors to HQ
  
  • - Whom to be Provided: Welstory
    - Purpose of Provision: to use the cafeteria (where applicable)
    - Item of Provision: Name, Group, Access Card ID*(* where applicable)
    - Retention & Use Period: Until fulfiling the use purpose
    However, in terms of visiting a site, this shall follow the provision to third parties section of the consent on collection & use of visitors’ personal information.
• 3. Personal Information of Partners’ Employees in charge of Contracting
  
  • A. Training Session for Partners
    - Whom to be Provided: Samsung SDS, MultiCampus
    - Purpose of Provision: to provide training sessions to partners
    - Item of Provision: Belonging Company, Name, DOB, Mobile Number, and E-mail
    - Retention & Use Period: Until fulfiling the use purpose
  • B. Evaluation & Due Diligence for Partners
    - Whom to be Provided: Samsung Engineering, Samsung Heavy Industry
    - Purpose of Provision: to conduct evaluation & due diligence for partners
    - Item of Provision: Belonging Company, Name, DOB, Mobile Number, Telephone Number, Photo, e-mail, Roles & Responsibilities, Position, Employment Type, Personnel Type, Joining Date, Educational Background, Hands-on Experience, Military Service, Occupation Type, Certificate Number
    - Retention & Use Period: Until fulfilling the use purpose
• 4. Personal Information of Retired Executives & Employees
  
  • - Whom to be Provided: Resort Group at Samsung Construction & Trading, Co., Ltd.
    - Purpose of Provision: to assist with retired executives (where applicable)
    - Item of Provision: Name, DOB, Address, Contact, Position at the time of working
    - Retention & Use Period: Until fulfilling the use purpose

Article 5 (Rights∙Obligations of a Subject of Information & Legal Representatives and Exercising Methods)

• ① A subject of information shall exercise a right to read/correct/delete personal information, and a right to suspend dealing with personal information to the Company at any time.
• ② Exercising the rights to the Company according to subparagraph ① can be performed in writing, by e-mail, and facsimile (FAX), etc. pursuant to subpara. 1 of Article 41 of the Enforcement Decree of the Personal Information Protection Act. The Company shall take prompt action.
• ③ Exercising the rights according to subparagraph ① can be performed through proxy persons, including the legal representative of a subject of information or a delegated one. In this case, a power of attorney should be submitted according to the Annex No. 11 form of the Enforcement Decree of the Personal Information Protection Act.
• ④ Regarding claims to read personal information and suspend its dealing, the rights of a subject of information could be restricted according to subpara. 4 of Article 35 and subpara. 2 of Article 37 of the Personal Information Protection Act.
• ⑤ Regarding claims to correct or/and delete personal information, where the applicable personal information is specified as a collection item in other laws, the deletion cannot be requested.
• ⑥ Where a request to read, correct, delete personal information, or to suspend its dealing is made according to the rights of a subject of information, the Company shall determine that the requester is the subject him/herself or a lawful representative.

Article 6 (Handled Personal Information Items)

The Company handles the below personal information items.

• 1. Job Applicants
  
  • - Compulsory Item: Name (Korean, English), DOB, E-mail, Telephone Number, Mobile Number, Address, Educational Background (Name of Institution Graduated, Major, Matriculation Date, Graduation Date, Title of Thesis), Job Experience, Certificate, Language Information, Income Information, Military Service, Veteran Record, Men of National Merit, Disability Category, Result of Medical Check-up for Recruitment, Passport Number, Foreigner Registration Number
• 2. Clients
  
  • 1) Contracted Clients (Corporations & Individuals)
    - Compulsory Item: Name, Group, Contact, E-mail, Local Registration Number, and Other Personal Information required to enter into & deliver an agreement
    ※ Relevant laws in terms of collecting Local Registration Number: VAT Act, etc.
  • 2) Visitors to Business Sites
    - Compulsory Item: Name, Group, Contact, Vehicle Number (in the case of use), Records of CCTV’s filming communal areas, Access Card ID*(for affiliates only), Facial Images taken by thermal imaging camera
    However, in terms of visiting a site, this shall follow the collection items within the consent on collection & use of visitors’ personal information.
  • 3) Customers using the Online CS Center and Make an Enquiry option
    - Compulsory Item: Name, E-mail
    - Elective Item: Contact, Name of Company
• 3. Partners’ Employees
  
  • 1) Basic Information of Partners & CEO
    - Compulsory Item: Name of Company, Name of CEO, CEO’s Contact & E-mail
  • 2) Information of Partners’ Employees in charge of Contracting
    - Compulsory Item: Name of Company, Name, DOB, Mobile Number, Phone Number, Photo, E-mail, Roles & Responsibilities, Position, Employment Type, Personnel Category, Joining Date, Educational Background
    - Elective Item: Hands-on Experience, Military Service, Occupation Type, Certificate Number
  • 3) Information of Partners’ Employees (Technicians)
    - Compulsory Item: Name of Company, Name, DOB, Telephone Number, E-mail, Position, Joining Date, and Labor Attendant History
    - Elective Item: Occupation Type, Certificate Number
• 4. Onsite Hired Workers
  
  • - Compulsory Item: Name, DOB, Nationality, Local Registration Number (or Passport Number, Foreigner Registration Number), Gender, Address, Contact, E-mail, Savings Account Number, Skill Qualification & Level, Onsite Labor Attendant
    ※ Relevant laws in terms of collecting Local Registration Number: The Labor Standards Act, the Income Tax Act, the National Health Insurance Act, the National Pension Act, the Employment Insurance Act, and the Industrial Accident Compensation Insurance Act; Related documents, such as a diagnosis report, a doctor’s note, and a copy of the identification card at the time of seeing a doctor, receiving treatment, applying for hospitalization, and taking follow-up measures due to the occurrence of an accident
• 5. Retired Executives & Employees
  
  • - Compulsory Item: Name, DOB, Contact, Address, Savings Account Number, Working
    History, Local Registration Number (or Foreigner Registration Number, Passport Number)
    ※ Relevant laws in terms of collecting Local Registration Number: the Labor Standard Act and Income Tax Law, etc.
• 6. Automatically Collected & Created Information due to Use of Service:
  
  • IP Address, Service Use Log, Access Log and Cookie, etc.
    ※ Collection Method: Webpage, Written Form and E-mail, etc.

Article 7 (Additional Use∙Provision of Personal Information)

• ① The Company can use or provide additional personal information without the consent of a subject of information according to the subpara. 3 of Article 15 and subpara. 4 of Article 17 of the Personal Information Protection Act.
• ② Where it is necessary for the Company to use or provide additional personal information without the consent of a subject of information pursuant to the above ①, this shall be carried out only when each of the following items is adhered to.
  • 1. It has a direct effect on the original purpose of collection;
  • 2. In light of the circumstances in which personal information is collected or the handling practices, it is possible enough to predict the additional use or provision of personal information;
  • 3. It does not unfairly infringe on the interests of a subject of information; and
  • 4. Necessary measures are taken for the sake of safety, as in pseudonymization or encryption of personal information
• ③ In terms of additional use∙provision of personal information, the rights∙obligations of a subject of information & legal representatives and the exercising methods shall apply in the same manner as set in Article 5 of the Privacy Policy.

Article 8 (Destruction of Personal Information)

• ① Where personal information becomes unwanted as its retention period expires or the purpose is fulfilled, the Company shall destruct the personal information without delay.
• ② Where the personal information agreed by a subject of information needs to be kept according to other laws despite its retention period elapsing or the purpose being fulfilled, the personal information shall be transferred to a separate database (DB) or be stored in a different place of storage.
• ③ The procedures and methods of destructing personal information are as follows.
  • 1. Destruction Procedures: The Company selects the personal information where a reason for destruction arises, and destructs the personal information through gaining the consent of the Company’s personal information protection officer or that of staff to whom the authority is delegated.
  • 2. Destruction Method: The Company permanently deletes personal information recorded or saved in an electronic file form so that this cannot be restored or reproduced. Also, the Company destructs personal information logged or saved in records, printed materials, written documents, or other recording medium through shredding or incineration.

Article 9 (Measures securing Safety of Personal Information)

The Company shall take the following measures in order to secure the safety of personal information.

• 1. Administrative Measures: Establishment & implementation of internal management plans, and periodic employees training
• 2. Technical measures: Control over access authority, such as personal information handling system, installation of access restricting systems, encryption as in unique identification information, and installation of security programs
• 3. Physical Measures: Restricted access to IT center and data storage room, etc.

Article 10 (Matters concerning the Installation, Operation and Rejection of Devices Auto-collecting Personal Information)

• ① The Company may use “Cookies” that automatically save and retrieve information at any time so that it could provide tailor-made services to users.
• ② “Cookies” are small amounts of data which the server (http) used when running a website sends to the user’ PC browser. This could be stored in your computer’s hard drive.
• ③ The Company analyzes your use of websites in making use of Google Analytics, which is a service offered by Google Inc. ("Google"). The information created through Google Analytics shall be subject to Google’s privacy policy, and be saved after being sent to Google servers in the US. Google assesses your use of websites through information processing on behalf of the Company, and writes down a report on website activities, thereby providing other services related to use of the Internet. You may refuse to use cookies for the aforementioned purposes by way of browser settings, but in that case, you may not be able to fully utilize all of the features on the website. You can download and install additional features for your current web browser from tools.google.com/dlpage/gaoptout to further opt-out from collecting and handling your information (including IP Address). For more information on Google's use of your information, please refer to www.google.com/analytics/learn/privacy.html.
  • 1. Purpose of Cookies Use: It analyzes users’ access frequency or visit time, and so on, and figure out users’ needs and interests. This is used as an indicator of target marketing and service renewal.
  • 2. Installation, Operation and Rejection of Cookies: You may refuse saving cookies by clicking on ‘Tools΄ → ΄Internet Option΄ → ΄Personal Information΄, and configuring settings on the ‘Personal Information’ tap
  • 3. Where it is denied to save cookies, this might lead to difficulties with using the services offered by Samsung C&T Corporation.

Article 11 (Data Protection Department)

• ① The Company shall be in overall charge of personal information handling jobs, and appoint the following staff in charge in order to deal with a subject of information’s complaints and to provide remedies in connection to personal information handling.
  • [Chief Privacy Officer]
    • Name: VP/ KyeongSu Lee
    • Position: HR Team Leader, CPO (Chief Privacy Officer)
    • Contact: (Tel)02-2145-6115
  • [Department in charge of Personal Data Protection]
    • Dept. Name: HR Team
    • Contact: (Tel)02-2145-6115, (Fax) 02-2145-5589
    (E-mail) security.cnt@samsung.com

Article 12 (Inspection Request for Personal Information)

A subject of information can request to inspect personal information according to Article 35 of the Personal Information Protection Act from the department in charge of personal data protection specified in Article 11 of the Privacy Policy. The Company shall endeavor to take swift action in dealing with the inspection request.

Article 13 (Remedies against Infringement of Rights)

Where it is required to report an infringement of personal information and to ask for advice, the on the webpage shall receive these enquires.

If the Company’s dealings with complaints about personal information, and the resulting remedies are not as good as expected, or in-depth assistance is necessary, please make a contact.

• ▶Personal Information Infringement Report Center: (Without area code) 118 (http://privacy.kisa.or.kr)
• ▶Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
• ▶Supreme Prosecutors’ Office Cybercrime Investigation Division: (Without area code) 1301, cid@spo.go.kr (http://spo.go.kr)
• ▶Police Cyber Bureau: (Without area code) 182 (http://cyberbureau.police.go.kr)

Article 14 (Changes to the Privacy Policy)

Where it is required to report an infringement of personal information and to ask for advice, the on the webpage shall receive these enquires.

If the Company’s dealings with complaints about personal information, and the resulting remedies are not as good as expected, or in-depth assistance is necessary, please make a contact.

• ① Where addition, deletion or modification is made to the Privacy Policy, it shall be notified at least 7 days before the effective date.
  • - Date of announcing the Privacy Policy: 2023. 2. 20
  • - Date of implementing the Privacy Policy: 2023. 2. 27
• ② A previous privacy policy can be located by choosing its date on the upper part of the Privacy Policy’s pop-up.

Samsung C&T Corporation’s Engineering and Construction Group (hereinafter referred to as the “Company”) establishes and discloses personal information handling policy (hereinafter referred to as the “Policy”) as below, with an aim to protect personal data of Users and Data Subjects, and to deal with related grievances promptly and efficiently in compliance with applicable personal data protection laws including but not limited to the Republic of Korea’s Act on Promotion of Information and Communications Network Utilization and Information Protection, Personal Information Protection Act and the EU’s General Data Protection Regulation (2016/679) (hereinafter referred to as the “Applicable Law”).

The subject to the Policy shall be limited to Users and Data Subjects specified in Article 1. As for other subjects not specified herein, appropriate personal data processing policies are separately established and disclosed.

Article 1 (Purpose of Handling Personal Data)

The Company shall handle personal data submitted by the Company’s applicants, clients, partners and site workers (hereinafter referred to as the “Users and Data Subjects”) for purposes stated below, and shall not use the personal data for any other purpose unless otherwise agreed by the Users and Data Subjects.

In the event that the purpose of use changes, the Company shall take necessary measures such as receiving a separate consent from Users and Data Subjects unless otherwise specified in the Applicable Law.

• 1. Personal Data of the Company’s Applicants :
  Personal data of the Applicants including workers directly hired by sites or part-time employees who do not go through online application process of the Company’s recruitment webpage is processed for purposes including recruitment procedures, provision of recruitment-related information such as result by process stage.
• 2. Personal Data of the Company’s Clients :
  
  • 1) Contract Clients (B2B)
    Clients’ personal data is processed for purposes including the signing and enforcement of contracts, registration of information in the Company system, execution of tasks entrusted by Clients and compliance with the Applicable Law.
  • 2) Visitors to Business Sites
    Clients’ personal data is processed for purposes including smooth process of the visit and security.
  • 3) Clients Using Q&A Section in the Company Website
    Clients’ personal data is processed for purposes including provision of responses/guides to the Clients’ online enquiries and feedback regarding the Company business through Q&A section.
• 3. Personal Data of the Company’s Subcontractors and Suppliers :
  Subcontractors and Suppliers ’ personal data is processed for purposes including tender participation, signing and enforcement of contracts, submission of estimates and management of delivery, issuance of tax invoice, settlement for payment, evaluation and training of Subcontractors and Suppliers’ employees, and sending official notices and documents.
• 4. Personal Data of the Company’s Site Workers:
  Site Workers refer to laborers of the Company, Subcontractors or Suppliers who are mobilized for project execution at (business) sites. The personal data of the Site Workers (Laborers) is processed for purposes including fulfillment of legal obligations, health and safety management and handling of industrial accidents.

Article 2 (Items of Personal Data to be Processed)

The Company processes items of personal data in the following. However, personal data items subject to collection and processing shall be limited to those specified in the Agreement on Collection and Use of Personal Data of Users and Data Subjects.

• 1. Personal Data of Applicants :
  - Collected Items: name, nationality, address, contact number, academic background, completed courses and grades, career, language and other qualifications, records of awards, hobby, talent, and other related information
• 2. Personal Data of Clients :
  • 1) Contract Clients (B2B)
    - Collected Items: name, company (department), contact number, E-mail address, other personal data necessary for the signing and enforcement of contracts
  • 2) Visitors to Business Sites
    - Collected Items: name, company (department), contact number, vehicle number (if used)
  • 3) Clients Using Q&A Section in the Company Website
    - Mandatory Items: name, E-mail
    - Optional Items: company (department), contact number
• 3. Personal Data of Subcontractors and Suppliers :
  • 1) Basic Information
    - Collected Items: company name, corporation number, date of incorporation, country name, name of CEO, contact number and E-mail address, size (scale) of the company, etc.
  • 2) Representative Business Site
    - Collected Items: business registration number, name of business site, name of CEO, address of business site, contact number, date of incorporation, business conditions (status), type of business, etc.
  • 3) Relevant Staff of Subcontractors and Suppliers
    - Collected Items: name, contact number, E-mail, position, type of occupation, final degree/education, technical qualifications and levels, etc.
• 4. Personal Data of the Company’s Site Workers :

  - Collected Item: name, date of birth, nationality, gender, address, contact number, E-mail, bank account number, technical qualifications and levels, etc.
  ※ However, in the case of medical consultation, treatment, application for hospitalization and the follow-up measures due to accidents, relevant documents including medical report and doctor’s note and a copy of ID card will be collected.

Article 3 (Personal Data Processing and Retention Period)

• ① The Company shall process and store personal data within the period required by laws or within the period agreed by Users and Data Subjects when collecting personal data.
• ② Unless otherwise requested by Users and Data Subjects, the retention period for each type of personal data shall be as follows.

• 1. Personal Data of Local Applicants
  With respect to an applicant not yet hired by the Company, until the hiring decision is made. However, the Company’s Policy shall apply after the applicant is hired as an employee of the Company.
• 2. Personal Data of Clients
  • 1) With respect to Contract Client (B2B), until the fulfilment of contract
  • 2) With respect to Visitors to Business Site, for three (3) months after the visit to the Company (site)
  • 3) With respect to Clients Using Q&A Section of the Company Website, until the clients withdraw their consent
• 3. Personal Data of Subcontractors and Suppliers
  • 1) With respect to information registration in the Company system (for outsourcing, finance & accounting, materials, etc.), implementation of contract, tender participation and signing of contract until their business relations with the Company are effective
  • 2) With respect to safety and health management or application for medical care (shutdown) benefits, until the period specified in the Applicable Law
• 4. Personal Data of Site Workers
  • 1) Until the completion of the relevant tasks for which the Site Workers are mobilized
  • 2) With respect to personal data processed for medical treatment, application for hospitalization and its follow-up measures, until the corresponding cases are completed

Article 4 (Provision of Personal Data to Third Party)

• ① The Company shall handle personal data of Users and Data Subjects only for the purposes stated in Article 1 (Purpose of Handling Personal Data), and is entitled to provide the personal data to a third party with Users and Data Subjects’ prior consent, or without such consent if allowed under the Applicable Law.
• ② The Company is entitled to provide personal data to a third party as follows subject to Users and Data Subjects’ prior consent, or without such consent if allowed under the Applicable Law.

• 1. Personal Data of Local Applicants :
  
  • 1) Medical check-up (if necessary)
    - Third party: hospitals designated by the Company
    - Purpose: medical checkup
    - Items provided: name, date of birth
    - Retention and usage period: until the hiring decision is made
• 2. Personal Data of Clients :
  
  • 1) Contract Client (B2B)
    - Third party: Samsung SDS
    - Purpose: operation and maintenance/repair of work platforms of the Company including ERP system for contract signing and implementation
    - Items provided: name, department, contact number, E-mail
    - Retention and usage period: until the full implementation of the contract
  • 2) Visitors of Business Sites
    - Third party
    ∙ For Seoul Office: S1, S-Tec system
    ∙ For (Business) Site: security companies designated by each (business) site
    - Purpose: facility access and security management
    - Items provided: company, name, contact number, vehicle number (in case of use)
    - Retention and usage period: for three (3) months after the last visit
  • 3) Clients using Q&A Section in the Company Website
    - Third party: Media4th & Company, Samsung SDS
    - Purpose: website operation, maintenance and repair
    - Items provided: name, contact number, E-mail, and department
    - Retention and usage period: until the client withdraw his/her consent
• 3. Personal Data of Subcontractors and Suppliers :
  
  • 1) Management System
    - Third party: Samsung SDS
    - Purpose: entrustment of system operation, maintenance and repair
    - Items provided: company, name, date of birth, mobile phone number, telephone number, E-mail, duty, position, and career
  • 2) Online Training
    - Third party: Credu
    - Purpose: application for training of Subcontractors and Suppliers’ employees
    - Items provided: company of applicant, name of applicant, date of birth, mobile phone number and E-mail
    - Retention and usage period: until the purpose is accomplished
  • 3) Evaluation :
    - Third party: SECL, Samsung Heavy Industries
    - Purpose: evaluation of Subcontractors and Suppliers’ employees and on-site inspection
    - Items provided: company name of the employees subject to evaluation, name, date of birth, contact number, E-mail, duty in charge, position, and career
    - Retention and usage period: until the purpose is accomplished
• 4. Personal Data of Site Workers
  

  Personal Data of Site Workers - Third Party, Items to be Provided, Purpose of Usage, Retention and Usage Period

  Third Party	Items to be Provided	Purpose of Usage	Retention and Usage Period
  Each (business) site’s security company	Name, date of joining, entrance/exit record	Access management	Until the worker leaves the Company
  Safety and health training institutions(Domestic)	Name, date of birth, address, contact number, company (department),E-mail	Application for training courses on safety/health

Article 5 (Transfer of Personal Data to Third Country)

• ① The Company may transfer personal data to a third country including the Republic of Korea with consent of Users and Data Subjects, and only in the cases where such transfer is inevitable for the purposes of personal data handling specified in Article 1 and Article 3 agreed between the Company registered in the Republic of Korea, Users and Data Subjects. In the aforementioned case, the Company shall use the transferred personal data only for the intended purposes.
• ② The Company shall destroy personal data transferred to a third country without undue delay, upon the expiry of retention and usage period, accomplishment of the purpose of collection and usage, or requests by Users and Data Subjects in accordance with the Applicable Law. However, the Company may retain personal data whose retention and usage period expired, “if further retention is required according to the Applicable Law” or “with separate consent of Users and Data Subjects.”
• ③ The types of personal data transferred to a third country are as follows.
  • - Purpose, transferred items, retention and usage period: purpose of handling personal data, collection items, and retention and usage period specified in Article 1 and 2 shall be applied.
  • - Target system and transfer destination (country)
    

    Target system and transfer destination (country) - Users and Data Subjects, Target system(Transfer destination)

    Users and Data Subjects	Target system(Transfer destination)
    Contract client	ERP system and other work platforms(the Republic of Korea)
    Client using the Company website (Q&A)	Company website(the Republic of Korea)
    Subcontractors and Suppliers of the Company	Subcontractor/Supplier information system(the Republic of Korea)
    Site workers of the Company(transfer when an accident occurs)	Safety support & accident prevention system(the Republic of Korea)

Article 6 (Installation and Operation of Automatic Personal Data Collection Device)

• ① The Company installs and operates automatic personal data collection devices including cookie that frequently saves and finds user information. Cookie is a very small text file that a server, used for the operation of the Company website, sends to user’s browser, and is stored in the computer hard disk of users.

  Website, Content, Purpose of Collection

  Website	Content	Purpose of Collection
  www.secc.co.kr	The Company websites(PR, Q&A, etc.)	Collecting data of pop-up usage to increase user convenience
  www.samsungcnt.com
  www.secc-partners.co.kr	Subcontractors and Suppliers’ sign-up and use of SRM system	Providing automatic setting functions including User ID and Language on the Log-in page.

• ② Cookie settings can be changed in the option tab in the web-browser setting, where you can choose to permit all cookies, to check every cookie before saving, or refuse to save all cookies.
• ③ In the case of the Internet Explorer, by selecting an option on the top of the web browser from Tool → Internet Option → Personal Data, you can permit all cookies, or check every cookie before saving or refuse to save all cookies. However, a refusal to install cookie may cause limited access to services.

Article 7 (Guarantee of Rights of Data Subjects)

The Company shall ensure the rights of employees according to the Applicable Law, and notify relevant information about their personal data processing as follows.

• 1. The Company shall designate a person in charge of supervising protection of personal data (hereinafter "DPO", "Data Protection Officer"). DPO shall be an executive in charge of security of the Company (Head of Human Resources Team), and be engaged in all matters related with personal data protection in a swift and appropriate manner. DPO is obligated to keep and maintain secrecy when performing his/her duty according to the Applicable Law.
• 2. The Company shall designate Project Manager (PM) to be in charge of on-site security, as the local agent of personal data protection. The PM is obligated to ensure rights of Data Subjects respond to relevant complaints and remedy damage arising from personal data processing.
• 3. If there is a need of transferring personal data to a third country, the Company shall transfer the information online through the Company’s safely encoded IT network. In this case, appropriate technical and managerial protection measures shall be applied to the system which is used for the transfer.
• 4. Users and Data Subjects are entitled to withdraw consent on personal data processing including its transfer to a third country, and to file relevant complaints with the department in charge. Upon withdrawal of consent, their personal data shall be deleted or its processing shall be limited without undue delay, except for a case where the deletion is impossible for reasons including compliance with the Applicable Law.
• 5. Users and Data Subjects are entitled to request to the Company access to their personal data and relevant information, to know how their personal data are processed and whether it is legitimate. In the above case, the Company shall provide relevant information to Users and Data Subjects without undue delay.
  With respect to personal data not directly collected from Users and Data Subjects, the Company shall provide Users and Data Subjects relevant information regardless of their request, whichever comes first among the following:
  • ⅰ) within one month after obtaining the personal data
  • ⅱ) if such personal data is going to be used for communication purposed between the Company and Users and Data Subjects, at the time of the first communication to them at the latest and
  • ⅲ) If a disclosure of relevant data to a third party is envisaged, at the time of the first such disclosure at the latest.
• 6. Users and Data Subjects are entitled to request for correction of their personal data, if the data they provided to the Company are inaccurate or incomplete. In this case, the Company shall correct the personal data within one (1) month after receiving such request. However, if a request for correction is complicated, the abovementioned period may be extended by two (2) months.
• 7. If there is personal data provided according to consent or agreement or automatically collected and processed, Users and Data Subjects are entitled to receive the personal data in commonly used and reliable formats, and transfer such data to another “Controller” without interruption by the Company. Also, if technically available, Users and Data Subjects are entitled to make the Company transfer their personal data to another “Controller.” For the purpose of this Article, “Controller” refers to a natural or legal person who, independently or jointly, determines the purpose and means of handling personal data of employees.
• 8. In the following cases, Users and Data Subjects are entitled to request for limited processing of personal data instead of requesting for its modification or deletion:
  • ⅰ) as for Users and Data Subjects who raised an objection about the accuracy of personal data, during the period in which the Company can verify its accuracy
  • ⅱ) when the processing of personal data is illegal Users and Data Subjects oppose to the deletion of the personal data and request the limited use of the data instead
  • ⅲ) when the Company no longer needs the personal data for processing, but Users and Data Subjects need the data to establish, exercise or defend their legal rights or
  • ⅳ) when Users and Data Subjects oppose to their personal data being processed under the Applicable Law, until it is established that the Company’s legal grounds prevail over theirs. In either of the above cases, the Company shall only retain the personal data and suspend its processing, unless otherwise specified in the Applicable Law. The Company shall inform the Users and Data Subjects of the limited processing of their personal data before the limitation is lifted.
• 9. Users and Data Subjects are entitled to oppose to their personal data being processed by the Company at any time. In the event of opposition by Users and Data Subjects, the Company shall suspend the processing of personal data without undue delay, except for cases where the suspension is impossible for reasons including compliance with the Applicable Law.
• 10. Users and Data Subjects are entitled to make the Company delete their personal data without undue delay in either of the following cases:
  • ⅰ) when their personal data has become no longer needed with regards to the purpose of collection
  • ⅱ) when Users and Data Subjects have withdrawn their consent and where there is no other legal ground for the processing
  • ⅲ) when Users and Data Subjects oppose to the processing and where the Company does not have predominant grounds for the processing
  • ⅳ) when the personal data has been processed illegally

Article 8 (Person in Charge of Personal Data Protection)

• ① The Company has designated the person and department in charge of personal data protection as follows, for protecting personal data of Users and Data Subjects and ensuring rights of Data Subjects specified in Article 7.
  • 1. Data Protection Officer, DPO: Head of Human Resources Team
  • 2. Department in charge of personal data protection: Human Resources Team’s Information Security Center
  • 3. EU Data Protection Representative: PM or Head of Branch Office
• ② Users and Data Subjects may contact the below institutions for an inquiry about damage relief and consultation, etc.
  • 1. The Republic of Korea
    Privacy Call Center (operated by Korea Internet Security Agency)
    Personal Information Dispute Mediation Committee (operated by Korea Internet Security Agency)
    Supreme Prosecutors’ Office, Cyber Crime Division
    National Police Agency, Cyber Terror Response Center
  • 2. EU Region: Agencies in charge in each EU country
• ③ In the event that Users and Data Subjects’ rights under the Applicable Law of EU are infringed, the Users and Data Subjects have a right to file lawsuits with supervisory agencies, receive effective judicial relief based on those agencies’ legally binding decisions and receive effective legal remedies according the Applicable Law.
• ④ The following department of personal data protection is in charge of dealing with matters specified in Article 7 including withdrawal of consent on personal data collection and usage, filing of grievances, access, correction of data and limit on processing, opposition to collection and processing, deletion and relevant inquires.
  
  - Department in Charge: Samsung C&T Engineering & Construction Group, Information Security Center
  (Contact number: +82-2-2145-6115, E-mail:security.cnt@samsung.com)

Samsung C&T Corporation E&C Group (hereinafter referred to as “Samsung C&T”) will inform you how and for what purposes your personal information has been used, and what measures have been taken for its protection, in compliance with 「Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. 」 and 「Personal Information Protection Act」 and, specifically, Article 30 of 「Personal Information Protection Act」

Article 1 (Website)

Samsung C&T E&C Group’s Website: http://www.secc.co.kr

Article 2 (Purpose of Collection and Use of Personal Information)

A. Online Consultation Center
- Receiving users’ opinions
- Answer/guidance to the inquiries received
B. Inquiry
- Receiving opinions regarding building/civil/plant/residential projects
- Answer/guidance to the inquiries received

Article 3 (Items of Personal Information to be Collected and Methods of Collection)

• A. Items of personal information to be collected are as follows.

  Division	Required Information	Optional Information
  Online Consultation Center	Name, E-mail	Mobile phone number, Company Name
  Making an inquiry (about building/civil/plant/residential projects)	Name, E-mail	Mobile phone number

  * Even if you do not provide optional information, there will be no limitation in use.

• B. Collection Method
  Samsung C&T collects personal information on its website in the following cases.
  - Online consultation and handling inquiries (about building/civil/plant/residential projects)

Article 4 (Period of Retaining and Using Personal Information)

Article 5 (Provision of Personal Information to a Third Party)

Except for cases where you provide consent or required by relevant laws, Samsung C&T will neither use your personal information nor provide it to a third person or organization beyond the scope stipulated in the 「Purpose of Collection and Use of Personal Information」. However, the followings are to be excluded.
- When users or information subjects provided consent in advance
- When the provision of relevant laws requires such use or provision, or an investigation agency makes a request in compliance with legal procedures and methods for the purpose of investigation.

Article 6 (Consignment of Personal Information Handling)

Samsung C&T outsources the following personal-information-handling tasks to ensure the stable operation of Samsung C&T’s website and provision of services:

Samsung C&T outsources the following personal-information-handling tasks - Outsourced Task, Service Provider

Outsourced Task	Service Provider
Website development and maintenance	Media4th & Company Samsung SDS

In order to protect personal information, Samsung C&T clearly stipulates, in its consignment agreement and as per Article 25 of 「Personal Information Protection Act, the compliance with directives regarding personal information protection, restrictions in dealing with personal information, and liability for an incident.
In case there are changes in works consigned to a third party or the third party itself, Samsung C&T will notify the changes in its personal information protection policy.

Article 7 (Procedure and Method of Destroying Personal Information)

In principle, personal information of users will be destroyed without delay once the purpose of collection and use is accomplished.
The procedure and method of destroying personal information in Samsung C&T is as follows.

• A. Destruction Procedure
  - The information that you input for online consultation and inquiry submission will be destroyed after the purpose of its collection and use is accomplished.
  - The personal information will not be used for any purpose other than retention, unless otherwise required by laws.
• B. Destruction Method
  - Personal information stored in the form of electronic files will be destroyed using technology that will make its restoration impossible.

Article 8 (Rights of Users and Ways of Exercising the Rights)

Users and information subjects may, at any time, request to read, revise, delete, stop processing their personal information registered in the system and withdraw their consent to its use. In case you want to read, revise, delete, stop processing and withdraw your consent to your personal information, you may call General Directory Number (02-2145-6442) or contact the person in charge of personal information protection in writing, phone or email. Then the person in charge will process your request without delay after verifying your identity.
In case users or information subjects request to correct errors in personal information, his/her personal information will not be used until the correction is completed.
Samsung C&T processes the personal information which was unsubscribed or deleted upon the request of users according to the "4. Period of Retaining and Using Personal Information" and makes sure that such information is not read or used otherwise.

Article 9 (Measures to Secure Safety of Personal Information)

When handling personal information of users, Samsung C&T takes technical/managerial measures for the safety of the personal information by preventing any loss, theft, leakage, falsification or damage.

• A. Establishment and Enforcement of Internal Management Plan
  Samsung C&T will establish and implement its internal management plan in compliance with notifications of Korea Communications Commission.
• B. Minimizing the Number of Personal Information Handlers and their Training
  Samsung C&T designates the minimum number of personal information handlers and conducts training programs frequently, thereby ensuring safe management of personal information.
• C. Limitation of Access to Personal Information
  Samsung C&T takes necessary measures for control of access to personal information, through grant, change and deprivation of access to database system that processes personal information; and uses an intrusion prevention system to control unauthorized access from outside.
• D. Storage of Access Record and Prevention of Falsification
  Samsung C&T stores and manages access record of personal information processing system at least for six (6) months, and uses its security functions in order to prevent any falsification, theft or loss of the access records.
• E. Encryption of Personal Information
  Your important personal information is encrypted, stored and managed. Also, Samsung C&T uses a separate security function such as encryption of important data when saving/transferring them.
• F. Technical Countermeasures against Hacking, etc.
  Samsung C&T does its best to prevent any leakage or damage of personal information by hacking or a computer virus. Specifically, Samsung C&T backs up the data on a regular basis to prevent any damage to personal information; uses the latest vaccine programs to prevent any leakage or damage of users’ personal information; and ensures safe transmission of personal information over the network through cryptographic communications, etc. Also, Samsung C&T controls unauthorized access from outside by using intrusion prevention system, and makes an effort to set up all possible technical devices to ensure other system security.
• G. Physical Measures for Safe Storage of Personal Information
  Samsung C&T sets aside physical storage place of the personal information storage system; establishes and operates a procedure of controlling access to this place. Also, Samsung C&T takes physical measures including installation of locking devices for safe storage of documents that contain personal information.
• H. Operation of a Dedicated Organization for Personal Information Protection
  Through a dedicated organization for personal information protection in the company, Samsung C&T checks whether measures for protecting personal information have been taken, or the managers in charge of personal information protection have performed their duties; and ensures corrective measures are taken immediately in case any issue is found.

Article 10 (Installation/Operation and Rejection of Automatic Personal Information Collection Devices)

Samsung C&T operates “cookie” that frequently stores and searches your personal information. The cookie is a very small text file sent to your browser by the server which is used to operate the website of Samsung C&T’s E&C Group; and is stored on your computer hard-disk.
Samsung C&T uses cookie for the following purposes.

• 1. Cookie is used as a measure of target-marketing and service improvement, by analyzing the access frequency and visiting time of members and non-members and figuring out users’ preference and areas of interest.
• 2. You may allow all cookies or to be notified upon cookie installation or refuse all cookies in settings of Tool > Internet Option Tab on the top menu of the web browser.
• 3. In case you refuse the installation of cookies, there may be some limitation when using Samsung C&T services.

Article 11 (Contact of the Person in Charge of Personal Information Protection)

Samsung C&T has a person in charge of protecting your personal information and dealing with related grievances. Should you have any inquiry regarding personal information treatment, please contact the person in charge stated below. The person in charge will provide a prompt and faithful response to your questions.

• The Person in Charge of Personal Information Protection

  •Name: Seokjin Yun •Post: HR Team Leader •Contact Information: (T) 02-2145-6115, (F) 02-2145-5555 security.cnt@samsung.com

Article 12 (Remedies to Infringement on the Rights of Users)

In case you need to report and consult about infringement on personal information, you may inquire about consultation or remedies to the below organizations.
< The below organizations are independent organs of Samsung C&T. Please contact the below organizations if you are not satisfied with the company’s handling of grievances or remedies related with personal information treatment. >
The Privacy Call Center: (Without area code) 118 (http://privacy.kisa.or.kr)
Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
Cyber Investigation Division of the Supreme Prosecutor’s Office: (Without area code) 1301, cid@spo.go.kr(http://spo.go.kr)
The Cyber Security Bureau of the National Police Agency: (Without area code) 182 (http://cyberbureau.police.go.kr)

Article 13 (Changes in Personal Information Handling Policy (Duty of Notification))

Any addition, deletion or revision of the current personal information handling policy will be notified on the website at least seven (7) days before the Enforcement Date of the new version.
- Notification Date of Personal Information Handling Policy: 17-Jan-2018
- Enforcement Date of Personal Information Handling Policy: 22-Jan-2018

Samsung C&T Corporation E&C Group (hereinafter referred to as “Samsung C&T”) will inform you how and for what purposes your personal information has been used, and what measures have been taken for its protection, in compliance with 「Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. 」 and 「Personal Information Protection Act」.

Article 1 (Website)

Samsung C&T E&C Group’s Website: http://www.secc.co.kr

Article 2 (Purpose of Collection and Use of Personal Information)

A. Online Consultation Center
- Receiving users’ opinions
- Answer/guidance to the inquiries received
B. Inquiry
- Receiving opinions regarding building/civil/plant/residential projects
- Answer/guidance to the inquiries received

Article 3 (Items of Personal Information to be Collected and Methods of Collection)

• A. Items of personal information to be collected are as follows.

  Division	Required Information	Optional Information
  Online Consultation Center	Name, E-mail	Mobile phone number, Company Name
  Making an inquiry (about building/civil/plant/residential projects)	Name, E-mail	Mobile phone number

  * Even if you do not provide optional information, there will be no limitation in use.

• B. Collection Method
  Samsung C&T collects personal information on its website in the following cases.
  - Online consultation and handling inquiries (about building/civil/plant/residential projects)

Article 4 (Period of Retaining and Using Personal Information)

Article 5 (Provision of Personal Information to a Third Party)

Except for cases where you provide consent or required by relevant laws, Samsung C&T will neither use your personal information nor provide it to a third person or organization beyond the scope stipulated in the 「Purpose of Collection and Use of Personal Information」. However, the followings are to be excluded.
- When users or information subjects provided consent in advance
- When the provision of relevant laws requires such use or provision, or an investigation agency makes a request in compliance with legal procedures and methods for the purpose of investigation.

Article 6 (Consignment of Personal Information Handling)

In case of consigning personal information handling work to an outside agency for providing services, Samsung C&T will seek the consent of users and inform them of the consignment agency as well as the consigned work.
In order to protect personal information, Samsung C&T clearly stipulates, in its consignment agreement, the compliance with directives regarding personal information protection, restrictions in dealing with personal information, and liability for an incident.
In case there are changes in works consigned to a third party, Samsung C&T will notify the changes in its personal information protection policy.

Article 7 (Procedure and Method of Destroying Personal Information)

In principle, personal information of users will be destroyed without delay once the purpose of collection and use is accomplished.
The procedure and method of destroying personal information in Samsung C&T is as follows.

• A. Destruction Procedure
  - The information that you input for online consultation and inquiry submission will be destroyed after the purpose of its collection and use is accomplished.
  - The personal information will not be used for any purpose other than retention, unless otherwise required by laws.
• B. Destruction Method
  - Personal information stored in the form of electronic files will be destroyed using technology that will make its restoration impossible.

Article 8 (Rights of Users and Ways of Exercising the Rights)

Users and information subjects may, at any time, request to read, revise, delete, stop processing their personal information registered in the system and withdraw their consent to its use. In case you want to read, revise, delete, stop processing and withdraw your consent to your personal information, you may call General Directory Number (02-2145-6442) or contact the person in charge of personal information protection in writing, phone or email. Then the person in charge will process your request without delay after verifying your identity.
In case users or information subjects request to correct errors in personal information, his/her personal information will not be used until the correction is completed.
Samsung C&T processes the personal information which was unsubscribed or deleted upon the request of users according to the "4. Period of Retaining and Using Personal Information" and makes sure that such information is not read or used otherwise.

Article 9 (Measures to Secure Safety of Personal Information)

When handling personal information of users, Samsung C&T takes technical/managerial measures for the safety of the personal information by preventing any loss, theft, leakage, falsification or damage.

• A. Establishment and Enforcement of Internal Management Plan
  Samsung C&T will establish and implement its internal management plan in compliance with notifications of Korea Communications Commission.
• B. Minimizing the Number of Personal Information Handlers and their Training
  Samsung C&T designates the minimum number of personal information handlers and conducts training programs frequently, thereby ensuring safe management of personal information.
• C. Limitation of Access to Personal Information
  Samsung C&T takes necessary measures for control of access to personal information, through grant, change and deprivation of access to database system that processes personal information; and uses an intrusion prevention system to control unauthorized access from outside.
• D. Storage of Access Record and Prevention of Falsification
  Samsung C&T stores and manages access record of personal information processing system at least for six (6) months, and uses its security functions in order to prevent any falsification, theft or loss of the access records.
• E. Encryption of Personal Information
  Your important personal information is encrypted, stored and managed. Also, Samsung C&T uses a separate security function such as encryption of important data when saving/transferring them.
• F. Technical Countermeasures against Hacking, etc.
  Samsung C&T does its best to prevent any leakage or damage of personal information by hacking or a computer virus. Specifically, Samsung C&T backs up the data on a regular basis to prevent any damage to personal information; uses the latest vaccine programs to prevent any leakage or damage of users’ personal information; and ensures safe transmission of personal information over the network through cryptographic communications, etc. Also, Samsung C&T controls unauthorized access from outside by using intrusion prevention system, and makes an effort to set up all possible technical devices to ensure other system security.
• G. Physical Measures for Safe Storage of Personal Information
  Samsung C&T sets aside physical storage place of the personal information storage system; establishes and operates a procedure of controlling access to this place. Also, Samsung C&T takes physical measures including installation of locking devices for safe storage of documents that contain personal information.
• H. Operation of a Dedicated Organization for Personal Information Protection
  Through a dedicated organization for personal information protection in the company, Samsung C&T checks whether measures for protecting personal information have been taken, or the managers in charge of personal information protection have performed their duties; and ensures corrective measures are taken immediately in case any issue is found.

Article 10 (Installation/Operation and Rejection of Automatic Personal Information Collection Devices)

Samsung C&T operates “cookie” that frequently stores and searches your personal information. The cookie is a very small text file sent to your browser by the server which is used to operate the website of Samsung C&T’s E&C Group; and is stored on your computer hard-disk.
Samsung C&T uses cookie for the following purposes.

• 1. Cookie is used as a measure of target-marketing and service improvement, by analyzing the access frequency and visiting time of members and non-members and figuring out users’ preference and areas of interest.
• 2. You may allow all cookies or to be notified upon cookie installation or refuse all cookies in settings of Tool > Internet Option Tab on the top menu of the web browser.
• 3. In case you refuse the installation of cookies, there may be some limitation when using Samsung C&T services.

Article 11 (Contact of the Person in Charge of Personal Information Protection)

Samsung C&T has a person in charge of protecting your personal information and dealing with related grievances. Should you have any inquiry regarding personal information treatment, please contact the person in charge stated below. The person in charge will provide a prompt and faithful response to your questions.

• The Person in Charge of Personal Information Protection

  •Name: Chanbeom Jeong •Post: HR Team Leader •Contact Information: (T) 02-2145-6115, (F) 02-2145-5555 security.cnt@samsung.com

Article 12 (Remedies to Infringement on the Rights of Users)

In case you need to report and consult about infringement on personal information, you may inquire about consultation or remedies to the below organizations.
< The below organizations are independent organs of Samsung C&T. Please contact the below organizations if you are not satisfied with the company’s handling of grievances or remedies related with personal information treatment. >
The Privacy Call Center: (Without area code) 118 (http://privacy.kisa.or.kr)
Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
Cyber Investigation Division of the Supreme Prosecutor’s Office: (Without area code) 1301, cid@spo.go.kr(http://spo.go.kr)
The Cyber Security Bureau of the National Police Agency: (Without area code) 182 (http://cyberbureau.police.go.kr)

Article 13 (Changes in Personal Information Handling Policy (Duty of Notification))

Any addition, deletion or revision of the current personal information handling policy will be notified on the website at least seven (7) days before the Enforcement Date of the new version.
- Notification Date of Personal Information Handling Policy: 2017. 12. 13
- Enforcement Date of Personal Information Handling Policy: 2017. 12. 20

Samsung C&T corporation (hereinafter referred to as Samsung C&T) values personal information of the information entity, and enacts and complies with the 'Samsung C&T personal information handling policy (hereinafter referred to as "policy")' to comply with related laws such as the 'Personal Information Protection Act'.

• This policy is subject to change according to enactment and amendment, change in governmental policy and change in internal policy of Samsung C&T.
• In case Samsung C&T changes this policy, it shall announce (or individually notify) in the notice board of the company homepage (www.samsungcnt.com).
• The information entity shall frequently check this policy by visiting the 'Samsung C&T homepage (www.samsungcnt.com)'.
• This policy contains the following contents.
  • Article 1 (General rules)
  • Article 2 (Collected personal information item and collection method)
  • Article 3 (Collecting purpose, and processing and possessing period of personal information)
  • Article 4 (Provision and sharing personal information)
  • Article 5 (Consignment of handling collected personal information)
  • Article 6 (Possession and utilization period and disposal of personal information)
  • Article 7 (Rights and obligations of user and legal deputy and method of action)
  • Article 8 (Personal information protection manager)
  • Article 9 (Measures to secure safety to protect personal information)
  • Article 10 (Changes in Personal Information Handling and Management Policy)

Article 1 (General rules)

• ① "Personal information" refers to the information on a living individual and refers to the identifiable information of the relevant individual (including those identifiable in combination with other information although it cannot identify the individual on its own) such as name and resident registration number.
• ② "Information entity" refers to the personnel identifiable by information handled by Samsung C&T and the personnel that becomes the entity of the information.
• ③ Samsung C&T highly values personal information protection of the information entity, and complies with personal information protection regulation of the "Personal Information Protection Act" and "Standard Personal Information Protection Guidelines" enacted by the Ministry of Security and Public Administration. Through this policy, Samsung C&T notifies how personal information provided by the information entity is used and what measures are taken to protect personal information.
• ④ To consistently improve this policy, Samsung C&T states necessary procedures to amend this policy. When this policy is amended, the version number will be issued so that the information entity can easily identify amendments.

Article 2 (Collected personal information item and collection method)

• ① Samsung C&T provides diverse and convenient service to the information entity and collects personal information in the following methods for personal identification of information entity.
  • 1) Personal information item collected

    Type	Collected items
    Handling of customer inquiries	Email
    Information created and collected in the process of using services	Cookies, service usage records, access logs, access IP information
    Security notification (Report)	Email

  • 2) Personal information collection method
    • Access via homepage or homepage link Collect from available system
    • Samsung C&T provides a procedure for the information entity to "agree" or "disagree" with each content of a personal information collection agreement or agreement of utilization of Samsung C&T and regards that the collection of personal information is agreed to if "Agree" is selected.
  • 3) Personal information collection range
    • The above collection item and collection method are subject to change according to service purpose and type.
• ② However, sensitive personal information that may breach basic human rights of the information entity (race and ethnic group, belief and ideology, place of origin and legal domicile, political tendencies and criminal record, health state and sexual life) will not be collected.

Article 3 (Collecting purpose, and processing and possessing period of personal information)

• ① Samsung C&T collects personal information for the following purpose within the minimum range required for provision of satisfactory service.
  Handling personal information, viewing, correcting, deleting and suspending process of personal information, civil processes such as submitting and processing reports on breach of personal information, cancelling customer agreements and replies to customer inquiries
• ② Processing and possessing period: Until agreement is cancelled

Article 4 (Provision and sharing personal information)

Article 5 (Consignment of handling collected personal information)

• ① In case of consigning personal information handling external professional partners for executing service, Samsung C&T shall ask for consent of information entity according to law, and notify the consigned work of the partner. The company consigns personal information handling as below.

  Entrusted company	Entrusted tasks
  Media4th&Company	Maintenance and management of website

• ② In case of consigning personal information processing, to protect personal information, the compliance of instructions related with personal information protection, confidentiality of personal information, prohibition of provision to third party, liability in case of an accident, consignment period and return and disposal of personal information after completion of process shall be clearly defined and the relevant contract term shall be stored in writing or electronically.
• ③ In case the content of work consigned to the partner is changed, it shall be notified by one or more methods in writing, email, phone, SMS or other similar methods.

Article 6 (Possession and utilization period and disposal of personal information)

• ① Samsung C&T shall dispose personal information of the entity without delay when the entity cancels an agreement or the purpose of collecting and receiving personal information has been fulfilled. The handling, processing and possessing period of personal information of a customer are as below.

  Type	Period for handling, management and retention
  Personal information collected and used when inevitable according to special regulations of laws or legal obligations	For the retention period required by the relevant laws
  Personal information collected and used according to individual consent (via email)	Until the purpose of its collection and use is fulfilled

• ② However, in case it needs to be possessed for a certain period of time for identification of rights and obligations related to transaction according to related laws such as commercial law, it shall be possessed for a certain period of time.
  ※ Possess information based on related laws (commercial law, national tax basic law, corporate tax law, consumer protection from electronic commerce transaction act, etc.)
• ③ Disposal procedure and method
  • Personal information of the entity in the disposal procedure shall be moved to a separate DB after the entity cancels an agreement or the collection purpose is fulfilled, and shall be disposed after storing for a certain period of time according to internal policy or other related laws (refer to possessing and utilization period). This personal information will not be used for any other purposes than possessing according to law.
    Cancellation of agreement can be done by a set procedure by contacting the personal information department (Article 8).
  • Disposal method: Personal information printed on paper shall be disposed by shredding with a document shredder or burning. Personal information in an electronic file will be deleted by using the technical method to prevent regeneration.

Article 7 (Rights and obligations of user and legal deputy and method of action)

• ① The information entity may view or request for correction, deletion, suspension of processing and cancel agreements on registered personal information. To view, correct, delete, suspend processing and cancel agreement of personal information, contact the representative phone (02-2145-6442) or the personal information protection manager in writing, by phone or email to take action without delay through the personal identification procedure.
• ② In case the information entity requests for correction of error in personal information, the relevant personal information shall not be utilized or provided until correction is completed. Also, in case wrong personal information has already been provided to a third party, the corrected processing result will be notified to said third party without delay for correction to take effect.
• ③ Samsung C&T shall process personal information requested for deletion by entity according to the possession and utilization period of collected personal information and other laws and shall prohibit viewing and utilization for other purposes.
• ④ Please prevent inevitable accidents by accurately entering the latest personal information. The entity shall be responsible for accidents from entering incorrect information and may also face legal breach for illegally using information of others or entering false information.
• ⑤ The information entity has the right to be protected of personal information as well as obligations to protect itself and not to breach information of others. Be careful not to leak personal information of the entity or damage personal information of others including postings. In case of failing to comply with these responsibilities and damaging the personal information and dignities of others, the personnel may be punished by related laws.
• ⑥ The user and legal deputy may view personal information of itself or a child under 14 and request for deletion. To view and correct personal information of oneself and the child under 14, contact the personal information manager in writing or by phone or email to take measure without delay after the personal identification procedure ("Article 8"). In case the user or legal deputy requested for correction of error in personal information, the relevant information shall not be utilized or provided until correction is made. Also, when wrong personal information has already been provided to a third party, the correction result shall be notified to said third party without delay to take effect. The company processes cancelled or deleted personal information by request of the user or legal deputy as stated in "Possession and utilization period of personal information collected by the company" and prohibits viewing and utilization for any other purposes.

Article 8 (Personal information protection manager)

• ① To protect personal information of the entity and process complaints and inquiries regarding personal information, Samsung C&T appoints related departments and the personal information protection manager as below.
  Personal information protection manager
  • Name: Chan Beom Jung
  • Affiliation: HR team, Phone: 02-2145-6115
  • Email: security.cnt@samsung.com
• ② Personal information department: To respond to demands related with personal information of the entity, Samsung C&T is operating related departments.
  • Business hours: Weekdays 08:00~17:00
  • Closed on Saturdays/Sundays and public holidays
  • Manager: Boyeon Han (hongboteam@samsung.com, 02-2145-6441)
• ③ For report and consultation on breach of personal information, please inquire at the below institution.
  • Privacy Information Violation Report Center (http://privacy.kisa.or.kr / +82-118)
  • Information Protection Mark Certification Committee (http://www.eprivacy.or.kr / +82-2-580-0533~4)
  • Supreme Public Prosecutor's Office - Cybercrime Uni (http://www.spo.go.kr / +82-2-3480-2000)
  • National Police Agency - Cyber Bureau (http://www.ctrc.go.kr / +82-2-392-0330)

Article 9 (Measures to secure safety to protect personal information)

When handling personal information of the entity, to prevent loss, theft, leakage, forgery or damage of personal information, Samsung C&T is taking the following technical, administrative and physical measures.

• 1) Samsung C&T stores and manages encoded personal information.
• 2) Measures against hacking
  • To prevent leakage or damage of personal information of the entity from hacking and computer viruses, Samsung C&T is taking the best efforts.
  • To deal with damage to personal information, data is frequently backed up, personal information or data is prevented from leakage or damage using the latest vaccine programs and personal information is securely sent on a network through encoded communication.
  • An invasion blocking system is used, illegal access from outside is controlled and all possible technical measures are equipped to secure system security.
• 3) Minimization and education of handling employees
  • Employees of Samsung C&T handling personal information is limited to manager, separate passwords are granted and regularly renewed, and through frequent training of the manager, personal information is safely managed.
  • Transfering duties of an employee handling personal information is conducted under strict security, and responsibility on accidents involving personal information after entering and exiting the company is ensured.
  • The computing room and data archive are designated as special protected zones and strictly controlled.
• 4) Operation of exclusive organizations for personal information protection
  • Through exclusive organizations for personal information protection in the company, execution of personal information protection measures and compliance of the manager shall be confirmed, and immediate correction shall be taken on the discovery of the problem. However, a problem occurring from leakage of personal information due to negligence of an individual or internet problem shall not be responsible by Samsung C&T.

Article 10 (Changes in Personal Information Handling and Management Policy)

This policy takes effect on April 28, 2016.

Samsung C&T Corporation (“the company”) strives to protect the personal information of its customers by observing all regulations related to personal information protection under the relevant laws, including the Personal Information Protection Act and Act on Promotion of Information and Communications Network Utilization and Information Protection.

• The company informs all the relevant parties of policies related to the handling and management of personal information provided by customers, such as items and purpose of handling and managing personal information collected, period for handling, management and retention, rights and obligations of customers and methods of exercising rights, measures to secure safety of personal information through the Personal Information Handling and Management Policy of Samsung C&T Corporation (“this policy”). The company shall publicly announce any changes in this policy by posting a public notice on its website (http://www.samsungcnt.com/EN/cnt/index.do).
• This policy contains the following contents.
  • 1. Items of Personal Information Collected, and Methods of Collection
  • 2. Purpose of Collection and Use of Personal Information
  • 3. Provision of Personal Information to a Third Party
  • 4. Entrustment of Management of Personal Information
  • 5. Period for Handling, Management and Retention of Personal Information
  • 6. Rights of User and Legal Representative, and Methods of Exercising Rights
  • 7. Destruction of Personal Information and Its Procedures and Methods
  • 8. Installation, Operation, and Denial of Device for Automatic Collection of Personal Information
  • 9. Securing the Safety of Personal Information
  • 10. Contact Information of Personal Information Protection Supervisor and Manager
  • 11. Changes in Personal Information Handling and Management Policy

1. Items of Personal Information Collected, and Methods of Collection

• (1) The company collects the following types of personal information.

  Type	Collected items
  Handling of customer inquiries	Email
  Information created and collected in the process of using services	Cookies, service usage records, access logs, access IP information
  Security notification (Report)	Email

• (2) The methods of collection are as follows.
  • Customer inquiries posted on the website and reports to the security report center
  • Data gathering tool

2. Purpose of Collection and Use of Personal Information

The company handles and manages personal information for the following purposes. The handled and managed personal information shall not be used for any purpose other than the following purposes, and if there is any change in the purpose of using personal information, necessary measures such as obtaining a separate consent shall be taken in accordance with the Personal Information Protection Act.

• (1) Handling of customer inquiries

  Personal information is handled and managed for the purpose of making contact and replying to the customer for confirmation and fact finding in the event of customer inquiries.

• (2) Security notification (Report)

  Personal information is handled and managed to reply to complaints, and provide security notifications (Report).

3. Provision of Personal Information to a Third Party

• (1) The company uses the personal information of its users within the scope specified under "2. Purpose of Collection and Use of Personal Information." The company shall not go beyond the purpose of use and make such information public without the prior consent of the user, except in the following circumstances:
  • If the user gives consent in advance
  • If it does so pursuant to the regulations of the laws, or if there is a request by an investigative authority according to the procedures and methods established by laws for investigation purposes
• (2) The company currently does not provide the personal information of users to third parties.

4. Entrustment of Handling and Management of Personal Information

The company entrusts the handling and management of personal information as follows to improve service quality, and regulates matters required to safely manage personal information when signing an entrustment contract in accordance with the relevant laws.

• (1) The company entrusts the handling and management of personal information as follows.

  Entrusted company	Entrusted tasks
  Samsung SDS	Maintenance and management of website

• (2) The company shall specify matters related to the following in official documents such as the contract in accordance with Article 26 of the Personal Information Protection Act and Article 25 of Act on Promotion of Information and Communications Network Utilization and Information Protection: prohibition of handling personal information for purposes other than conducting entrusted tasks, technical and managerial protection measures, restriction of re-entrustment, management and supervision over the entrusted company and compensation for damages,. The company supervises the entrusted company to ensure the safe handling of personal information.
• (3) If any change is made in the contents of entrusted tasks or the entrusted company, such information shall be reported through this policy.

5. Period for Handling, Management and Retention of Personal Information

Period for the handling, management and retention of personal information is as follows.

• Type	Period for handling, management and retention
  Personal information collected and used when inevitable according to special regulations of laws or legal obligations	For the retention period required by the relevant laws
  Personal information collected and used according to individual consent (via email)	Until the purpose of its collection and use is fulfilled

The company destroys personal information without delay once the period for handling, management and retention of personal information has passed or the purpose of its collection and use has been fulfilled. However, the company may retain personal information for which the period of retention and use has elapsed if the information must be “retained according to other laws” or when “individual consent from the customer has been received.”

6. Rights of User and Legal Representative, and Method of Exercising Rights

• (1) Viewing of personal information
  • The customer may request to view his or her personal information handled and managed by the company through the personal information manager under Article 10 of this policy, and the company shall allow the customer to view his or her personal information within 10 days from the date of receiving such request. However, if there is a justifiable reason for the access to not be permitted within the above period, the handling of the request can be delayed by notifying the customer of the reason, and when the corresponding reason is no longer valid, the information can be viewed by the customer without delay.
  • If the company intends to delay, restrict or refuse access to the information, the company shall notify the customer of the reason for such delay, restriction or refusal and of a method through which the customer can make an objection through writing, email or facsimile within 5 days from the date the request for inquiry has been received. The company may restrict or refuse customers’ request to view his or her personal information after notifying the subject of the information in any of the following circumstances: the request is prohibited or restricted subject to relevant laws; the request may be threatening to other peoples' lives or health; or the request may unfairly infringe on properties and benefits of other people.
• (2) Modification and deletion of personal information
  • The customer who makes a request to view his or her personal information according to the preceding paragraph may request the company's personal information manager to modify or delete the information. However, if the information is stated in other laws as the subject of collection, the customer cannot request deletion.
  • When the request for modification and deletion of personal information is made, the company must immediately investigate the personal information and take necessary measures such as modification and deletion of information upon the request of the customer, and notify the result to the customer except when there are special procedures related to modification or deletion of personal information specified in other laws.
  • If a customer requests that an error in personal information be corrected, the personal information concerned will not be used or provided before such correction is completed. If the incorrect personal information has already been provided to a third party, the company will immediately notify the correction to the third party to request a consequent correction.
  • When the company deletes personal information, it must be deleted in a manner that will prevent its restoration or reproduction, and if the personal information the customer has requested to be modified or deleted cannot be deleted because the corresponding information is defined as a subject of collection under other laws, the customer must immediately be notified.
  • When investigating information following a customer’s request for modification and deletion of personal information, the company may ask the customer to submit relevant data confirming the request for modification and deletion.
  • The detailed methods and procedures for modification and deletion of personal information are subject to those of viewing personal information.
• (3) Suspension of handling and management of personal information
  • Customers may request the company to suspend the handling and management of their personal information through the personal information manager.
  • The company shall immediately suspend the handling and management of personal information in whole or in part at the request of the customer. However, the company may reject such request in any of the following circumstances:
    • If there are special regulations under laws that inevitably require the company to collect and handle such information;
    • If a risk is posed to the life and health of other people, or the properties and benefits of other people may be unfairly infringed upon; and,
    • If it is difficult to fulfill a contract with the customer if personal information is not handled and managed, and the customer has not clearly indicated intent to cancel the contract.
  • If the company rejects the customer’s request to suspend its handling and management of personal information, the company shall immediately notify the reason to the customer.
  • When the handling and management of personal information has been suspended according to the request of the customer, the company shall immediately take necessary measures, such as destruction of the corresponding information.
  • The detailed methods and procedures for suspension of handling and management of personal information are subject to those of viewing personal information.
• (4) Methods and procedures of exercising rights
  • Customers may request a representative to view, modify, delete, and obtain information regarding the handling and management of his or her personal information (“requests such as viewing”) based on the methods and procedures specified in Article 45 of the Personal Information Protection Act.
  • The company may demand the payment of commission and postage fee (only when a mailed copy is requested) from a person who makes a request such as a request to view personal information in accordance with the Personal Information Protection Act.
  • Customers may make a request such as a request to view personal information through the personal information manager, and contact the personal information manager if there are any additional inquiries.

7. Destruction of Personal Information and Its Procedures and Methods

The company immediately destroys personal information once the personal information of customers is no longer necessary, for reasons such as the lapse of the personal information retention period and/or the achievement of the purpose of handling and management of personal information. However, if personal information must be stored in accordance with another law (Protection of Communications Secrets Act), the corresponding personal information is transferred to a separate database (DB) or stored in a different storage place. Detailed destruction procedures and methods are as follows:

• (1) Destruction procedure
  • The company selects personal information to be destroyed, and destroys such information upon the approval of the personal information supervisor of the company.
• (2) Destruction method
  • Personal information saved in the form of an electronic file shall be permanently deleted through a technical method that prevents its reproduction, while printed and/or written documents that record personal information are shredded or incinerated.

8. Installation, Operation, and Denial of Device for Automatic Collection of Personal Information

• (1) What are cookies?
  • The company uses cookies to store and load user information, thereby providing personalized and customized service.
  • Cookies are small text files that are sent from the company web server to the user’s browser, and are stored on the user’s hard drive. When users visit the website in the future, the website server will read the cookies in the hard drive to maintain the user’s settings and provide customized service.
• (2) Purpose of using cookies

  Cookies are used to identify the user’s website usage pattern, whether the user accesses through secure connection, and the number of the users in order to provide optimal customized service.

• (3) Installation, operation, and denial of cookies
  • Users have the right to opt in or out of installation of cookies. Users may choose to allow all cookies, to confirm every time cookies are enabled, or to block all cookies by making adjustments in the web browser settings.
  • Denying installation of cookies may limit the usage of the services provided.
  • How to enable cookies (Internet Explorer):
    (Top right side of the browser)
    Tools > Internet Options > Privacy > Advanced Privacy Settings

9.Securing the Safety of Personal Information

The company takes administrative, technical and physical measures to secure the safety of personal information.

• (1) Administrative measures
  • Establish and implement internal administrative plans for the safe handling and management of personal information
  • Establish and implement training plans for employees or other staffs entrusted to directly handle and process personal information
  • Conduct regular internal inspection according to internal administrative plans
• (2) Technical measures
  • Restriction and management of rights to access personal information
  • Identification and verification to confirm rights to access personal information
  • System installation or other measures to block unauthorized access to personal information
  • Encryption of personal information for safe storage and transfer
  • Measures for storage of access records and prevention of forging and falsification of such records
  • Installation of security program and its regular renewal and inspection
• (3) Physical measures
  • Access control and locking device for safe storage of personal information

10.Contact Information of Personal Information Protection Supervisor and Manager

The company designates a department in charge of personal information management, personal information supervisor and personal information manager as follows to protect the personal information of customers, process and address complaints, and remedy issues related to handling and processing of personal information.

• Department: Human Resources Team
• Supervisor: Vice President Cheolwoong Lee
• Manager: Senior Manager Chansu Jun
• Tel: 82-2-2145-2114

Customers may report any complaint and/or request relief to the personal information protection supervisor or manager for damages related to the handling and management of personal information. The company will promptly respond and address customer reports.

To report or receive counselling concerning violation of personal privacy, please contact the following agencies:

• Privacy Information Violation Report Center (http://privacy.kisa.or.kr / +82-118)
• Information Protection Mark Certification Committee (http://www.eprivacy.or.kr / +82-2-580-0533~4)
• Supreme Public Prosecutor's Office - Cybercrime Unit (http://www.spo.go.kr / +82-2-3480-2000)
• National Police Agency - Cyber Bureau (http://www.ctrc.go.kr / +82-2-392-0330)

11.Changes in Personal Information Handling and Management Policy

This policy takes effect on September 1, 2015.