SeAH Special Steel Co., Ltd. (hereinafter the “Company”) strictly respects the personal information protection of website members and users (hereinafter “customers”) in managing the SeAH Special Steel website (hereinafter “Website”), and safely process and manage customers’ personal information in compliance with relevant laws such as the “Personal Information Protection Act” and “Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.”
Customers can freely access most of the content provided on the website without a membership registration process. If you wish to use the Company's IR inquiry or Help Desk service, you must agree to the Company’s collecting and processing personal information items on the website. For other services, however, there are no restrictions on use even if you do not consent to the collection of personal information.
Personal information collection items Method of collection Required items : Name, email address, and other information generated while using the service To collect personal information, the Company obtains customers’ written consent for collection and use of their personal information.
The information collected by the Company will be limited to the minimum necessary to achieve the following purposes: The personal information processed by the Company is not used for any purpose other than the following purposes specified below, and the Company will take necessary measures when any change occurs in the purposes of use, such as obtaining additional consent in accordance with Article 18 of the Personal Information Protection Act.
- Purpose of use of personal information collected when using customer inquiry service
A. Membership registration and management Used for identity verification, consultation/inquiry, confirmation of complaints, contact/notification for factual investigation, response to customer inquiries, notification of processing results, etc.
(1) The Company processes and retains personal information for the period to which the customer consented to when personal information was collected. When the purpose of processing personal information is achieved or the period agreed by the customer expires or the customer withdraws their consent to the processing of their personal information, the relevant personal information will be destroyed.
(2) Regarding the personal information of customers who have not used the Company's services for the period of three years (if a different period is designated by other laws or at the customer's request, during such period), the Company will either destroy the information immediately after 3 years or store and manage it separately from other customers' personal information. In this case, the Company will notify the customer of the following by email, writing, phone, or similar methods 30 days prior to the expiration of the above period: the fact about destruction or separate storage/management of personal information, the expiration date of the period, and the relevant personal information items.
(3) Notwithstanding Paragraphs 1 and 2, if it is necessary to preserve the personal information of a customer for a certain period of time pursuant to the provisions of relevant laws and regulations, including the cases listed below, the Company may retain all or part of the personal information collected during such period as an exceptional case
A. Records on contracts or withdrawal of offers, etc. in accordance with the Act on Consumer Protection in Electronic Commerce, etc.: 5 years
B. Records on payment and supply of goods, etc. in accordance with the Act on Consumer Protection in Electronic Commerce, etc.: 5 years
C. Records on the handling of complaints or disputes by consumers in accordance with the Act on Consumer Protection in Electronic Commerce, etc.: 3 years
D. Records on the collection, processing and use of credit information in accordance with the Credit Information Use and Protection Act. 3 years
E. Records on contracts or withdrawal of offers, etc. in accordance with the Act on Consumer Protection in Electronic Commerce, etc.: 5 years
F. If any claims/debt relationships remain due to use of the website, until the relevant claims/debt relationships are settled.
G. Data to confirm communication facts, such as computer communications and internet logs, in accordance with the Protection Of Communications Secrets Act: 3 months or 12 months
The Company shall not provide such personal information to any third parties without obtaining the prior consent of the customer or permitted by law pursuant to Article 17 or 18 of the Personal Information Protection Act as follows: Even with exceptions, if information is provided in accordance with relevant laws or at the request of an investigative agency, the Company makes it a rule to notify customer. However, there may be cases where notification may not be made unavoidably due to legal reasons. The Company will do its best to prevent information from being provided indiscriminately against the original purpose of collection and use.
A. If the customer's consultation or complaint is related to an affiliate of SeAH Group, the customer's personal information may be provided to the relevant affiliate to facilitate provision of services to the customer. In this case, the Company will obtain prior consent from the customer.
B. If there are special provisions in other laws such as the Protection Of Communications Secrets Act, Framework Act on National Taxes, Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., Act on Real Name Financial Transactions and Confidentiality, Credit Information Use and Protection Act, Framework Act on Telecommunications, Telecommunications Business Act, Local Tax Act, Framework Act on Consumers, Bank of Korea Act, Criminal Procedure Act, etc. However, even if an administrative or investigative agency requests for administrative or investigative purposes to the extent specifically prescribed by law, customers’ personal information will not be provided unconditionally and will be provided in accordance with the appropriate procedure as prescribed by law, including where a request is made through a warrant or in writing with the signature or seal of the head of the relevant agency.
C. Other cases where personal information may be provided to a third party pursuant to Articles 17 and 18 of the Personal Information Protection Act.
(1) In order to provide smooth services, the Company entrusts personal information processing to an external professional Company as follows:
- Trustee: Nine Five Co., Ltd
- Enrusted work: System operation and personal information collection work to provide services
(2) When concluding an entrustment contract, the Company will specify the following matters related to responsibility in documents such as the contract, and will supervise whether the trustee safely processes personal information: prohibition of processing personal information other than for the purpose of performing entrusted work in accordance with Article 26 of the Personal Information Protection Act, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, compensation for damages, entrusted period, and obligation to return or destroy personal information after completion of processing.
(1) Customers can exercise their privacy rights on their personal information at any time as follows:
- Request to view their personal information
- Request for correction if there is an error, etc.
- Request for deletion
- Request to stop processing
(2) You may exercise your rights in Paragraph 1 via email or phone, and the Company will take action without delay.
(3) If a customer requests correction or deletion of errors in personal information, the Company will not use or provide the personal information until correction or deletion is completed.
(4) The exercise of rights under Paragraph 1 may be made through an agent of the customer, such as a legal representative or a person who has been delegated. In this case, the customer must submit a power of attorney according to Attachment No. 11 of the “Notice on Personal Information Processing Methods (No. 2020-7)”.
(5) Customers must not infringe the personal information and privacy of the data subject himself or others processed by the Company in violation of related laws such as the Personal Information Protection Act.
In principle, when the purpose of processing of the personal information has been achieved, the Company will destroy the personal information without delay. The procedures, deadlines and methods for destruction are as follows
A. Destruction procedure
- When the purpose has been achieved, the information provided by the costomer is destroyed immediately, or is transferred to a separate database (or separate document storage if using paper), and then destroyed after being retained for a certain period as required by internal policies and other relevant laws and regulations. At this time, personal information transferred to the database will not be used for any other purpose unless required by law.
B. Destruction deadline
- If the retention period has expired, the customers’ personal information will be destroyed within five days from the end of the retention period. If the personal information becomes unnecessary for reasons such as achieving the purpose of processing personal information, abolishing the service, or terminating the business, the personal information shall be destroyed within five days from the personal information processing is deemed unnecessary.
C. Method of destruction
- For personal information in the form of electronic files, technical methods are used to prevent the records from being reproduced.
- Personal information printed on paper: shredded or incinerated
When processing personal information, the Company shall take technical, managerial, and physical measures necessary to secure the safety required by relevant laws and regulations, including the following in order to ensure that personal information will not be lost, stolen, leaked, forged, altered, or damaged.
(1) Technical protection measures
- Strengthening access control for personal information processing systems to the minimum extent necessary for performing their tasks
- Installation and operation of a system to limit access to personal information processing system
- Encrypted storage for safety of personal information
- When exchanging through an information communications network or transmitting through auxiliary storage media (USB, HDD, etc.), encryption or file locking functions (Lock) are used.
- Compliance with the rules for creating secure passwords and forcing periodic password changes
- Installation and operation of a security program for personal information processing to protect personal information handlers and the processing systems.
- Storage of access records to the personal information processing system and application of measures to prevent forgery and falsification
(2) Administrative protection measures
- Establishment and implementation of an internal management plan for safe processing of personal information
- Limiting the number of employees involved in processing personal information to a minimum
- Designation of the Personal Information Manager and provision of periodic training for personal information protection
- Supervision and training for entrusted data processors for personal information protection
(3) Physical protection measures
- Establishment and operation of access control procedures for personal information storage areas such as computer rooms and data storage rooms
- Safe storage of documents containing personal information, auxiliary storage media, etc. in a place with a lock.
- Installation of CCTV to protect personal information and safe storage of personal video information in a place with a lock.
(1) The Company is responsible for overall management of personal information processing, and has designated the Personal Information Manager and the Department of Personal Information Protection as shown below to protect personal information, handle customer complaints and provide relief for damages related to personal information processing.
- Department of Personal Information Protection: SeAH Special Steel Marketing Team
- Personal Information Manager: Marketing Team Leader Oh Byeong-gon
- Rank: Assistant Director
- Title: Marketing Team Leader
- Association: Marketing Team
- TEL: 02-6970-0295
- Email: email@example.com
(2) Please contact the Manager and the Department of Personal Information Protection for all personal information protection-related inquiries, complaint handling, damage relief, etc. that occur while using the Company's services (or while doing business with us), including requests to view personal information pursuant to Article 35 of the Personal Information Protection Act. The Company will to and process inquiries from customers without delay.
(3) The Company values its customers' personal information and does every effort to prevent its customers' personal information from being damaged, infringed, or leaked. However, the Company shall not be responsible for any damage to personal information due to unexpected accidents caused by basic network risks such as hacking, and for various disputes caused by postings made by customers if such an incident occurs despite the Company taking all possible technical supplementary measures.
If you need to inquire about or report a case of personal information infringement, please contact the Company's personal information management department or contact the organization below
- Personal Information Dispute Mediation Committee, 1833
-6972 (without an area code)
- Personal Information Infringement Reporting Center, 118 (without an area code)
- Supreme Prosecutors' Office, 1301 (without an area code)
- National Police Agency, 1833-6972 (without an area code)