Personal Information Processing Policy, Etc.
"Doosan Infracore Bobcat Korea, Inc." (hereinafter referred to as "the Company") is required to comply with personal information protection provisions of relevant laws such as the Personal Information Protection Act and the Act on the Promotion of Information and Communication Networks and Information Protection. At the same time, the Company is committed to protecting the rights and interests of our customers, employees, and users of the Site among others by establishing a personal information processing policy in accordance with relevant laws and regulations.
The Company lets you know how personal information is collected through [bobcat.com/AP] (hereinafter "the Site"), email and other electronic messages, the purposes of the collection of information and what actions are taken for the protection of personal information. In addition, we will notify you of any changes in or updates of our policy through the Site or individual notices.
This personal information processing policy is made up of a “personal information processing policy” for the protection of personal information of all information subjects with business relationships with the Company, a "personal information handling policy" concerning the information of the users of the Site and a “visual information processing equipment management policy” about the management of personal visual information.
Please read this policy carefully to familiarize yourself with our work practices and how we process our users’ information. Unless you agree with our policies and processing methods, please do not use the Site. Users who access or use the Site are deemed to agree to this personal information processing policy. Please acknowledge that the Company’s other related websites and affiliates may follow other policies.
• 1. Personal information processing policy
• 2. Personal information handling policy
• 3.Policy on operation and management of visual information processing equipment
General provisions
• “Personal Information" is information about a living individual. It means information that cannot be identified by individual information such as name, social security number, and photograph but is easily identifiable via a combination with other data.
• An “information subject" means a person who can be identified with this information and is the subject of the information.
• The Company will disclose this policy on the first page of the Site so that users can easily check the personal information processing policy and will inform of any changes or revisions through the Site or individual notices.
Purposes of personal information processing
Purposes of personal information processing and personal information items to be processed.
The Company will not process sensitive information that may expose unique identification information given for the privacy of an information provider or to distinguish the information provider from others, without relevant legal provisions or the consent of the information subject.
Individuals who provide information to the Site include customers, expected customers, stakeholders, employees or job seekers.
A. Processed Items
[Related to customers, expected customers and stakeholders]
Names, home addresses, email addresses, company names, service records, access logs, cookies, IP address information
[Related to employees and job seekers]
Names, resident registration numbers, photos, passwords, home addresses, home phone numbers, mobile phone numbers, email addressed, education, military service, foreign language and computer ability, qualification, family relationships and careers
B. Purpose of processing
[Related to customers, expected customers, stakeholders]
• Addressing grievances and complaints
• Online market research or survey
• Marketing or advertising
• Service delivery and payment
[Related to employees, job seekers]
• Assessment process, application change, confirmation of receipt, applicant contact, employee qualification
• Personnel management such as salaries, welfare benefits, support for various tasks, evaluation
Personal information processing
In principle, after the purpose of collecting personal information is achieved, the information is destroyed without delay. However, the following information is retained for the period specified below.
• Retention items: Name, home address, email address, company name
• Retention period: 1 year
• Purpose of retention: Management of users’ questions and requests, user identification, etc.
• Retention items: Passive information such as service utilization data, access logs, cookies, IP address information
• Retention period: 3 years
• Purpose of retention: To improve service quality through service utilization analysis
• Retention items: Name, password, date of birth, gender, resident registration number, home address, home phone number, mobile phone number, hobby, skill, education, job and career and foreign language ability
• Retention period: In principle until termination of employment
• Purpose of retention: Personnel management such as salaries, benefits for welfare, support for various tasks, evaluation and etc.
• However, the personal information of job applicants were recruited is discarded without delay.
Procedure of personal information destruction
A. Destruction procedure
When the purpose of collecting personal information is achieved or the retention period ends, the information will be deleted without delay. But it is an exception when the information needs retaining in accordance with agreements with information subjects, the terms of use or related laws.
B. How to Destroy
• Personal information stored in the form of electronic files is deleted using a technical method that cannot recover the record.
• Personal information printed on paper is destroyed by crushing or incinerating the paper.
Providing personal information to third parties
The Company uses the personal information of employees and job seekers within the scope of “02. Purposes of personal information processing and personal information items to be processed.” The Company does not disclose it to a third party beyond the scope. However, the following cases are exceptions.
• If the Company received separate consent from information subjects
• If there is a special provision in a relevant law requiring disclosure
• If information subjects or their legal representatives are in a situation not to express their her intention or are unable to obtain prior consent because of unknown addresses and the stored information is in the interests of the information subjects or related third parties in terms of their lives, health, and property
• If it is needed to provide personal information without revealing the person’s identity for statistical and research purposes
At present, the Company provides personal information of employees or job seekers to Multi Campus, the Korea TOEIC Committee, the Korea Chamber of Commerce and Industry, the Ministry of National Defense, the Office of Military Manpower Administration, and ward offices, county offices and local community centers.
• Items of provided personal information: Names, resident registration numbers, phone numbers, soldiers’ serial numbers
• Purpose of providing information: Qualification check
• Information retention and use period: Destroying it immediately after use
• Entity that receives personal information: [Doosan Infracore Bobcat Korea]
• Items of provided personal information: Name, resident registration number, photo, password, home address, home phone number, mobile phone number, email address, education, military service, foreign language ability, computer skill, qualification, family, job and career, social experience, overseas experience, received prize, research experience
• Objective: General HR management and development
• Information retention and use period: Until termination of employment
Entrustment of personal information processing
The Company does not entrust the processing of personal information to external agencies without prior consent of an information subject. The Company entrusts the processing of personal information as described below. The Company stipulates matters necessary for the entrustment of personal information processing so that the personal information can be safely managed after an entrustment contract is signed in accordance with related laws and regulations,.
• Entrusted entity: [Doosan Infracore Bobcat Korea]
• Entrusted work: salaries, compensation, etc.
• Entrusted entities: Multi Campus, Korea Academy, Alphaco, Spicus, Pickupphone, e-Campus, KT Innoedu
• Entrusted work: Online training courses for employees
• Entrusted entity: BU of Doosan Information & Communications
• Entrusted work: Operation of recruitment system
Rights and duties of information subjects
Rights and duties of information subjects and how to exercise rights
All information subjects can demand that their personal information processed by the company be viewed, corrected, deleted and discontinued. However, the Company may refuse or restrict such requests if any of the following are true:
• If there is a special provision in the law or it is inevitable to comply with statutory obligations
• If there is a risk of threatening a person's life or body or unfairly infringing his or her property or other interests.
• If it is difficult to fulfill contractual matters such as agreed services without the processing of personal information, and an information subject does not clearly indicate an intention to terminate the contract
Methods for and procedures of exercising rights
• An information subject who wants to view his or her personal information can submit requests for viewing, correction, deletion, and processing to the personal information department in writing or by e-mail or fax. (See "09. Personal information service")
• The Company will take proper actions within 10 days, unless there is a justifiable reason, and if there is a reason for refusal or limitation, the Company will notify of the reasons and how to raise the objection within 5 days.
• The Company may confirm the identity of a requestor by means of an identification document such as a resident registration card and an official digital signature when an information subject or his or her agent requests a perusal of his or her personal information.
Protection measures for personal information
Technical, administrative and physical protection measures for personal information
The Company takes the following safety measures to prevent personal information from being lost, stolen, leaked, altered or damaged.
<Technical measures>
• The Company observes standards set by law for the safe storage and transmission of personal information.
• The Company uses anti-virus programs to take measures to prevent damage by computer viruses. The vaccine program is regularly updated. If new viruses suddenly occur, we provide new vaccines as soon as they are released, thereby preventing an infringement of personal information.
• In preparation for external attacks such as hacking, each server ensures security through an intrusion detection system and a vulnerability analysis system.
<Administrative measures>
• The Company grants access to personal information only to those who carry out sales and marketing work while directly facing information subjects and perform personal information management work, or inevitably handle personal information.
• We conduct the in-house and entrusted education and training on personal information protection of employees who deal with personal information, and supervise them thoroughly so that they will comply with laws on personal information protection while working and even after retiring.
<Physical measures>
• We take protective measures to prevent physical access such as locks in order to secure personal information and its processing system.
• We control access to computer rooms and archives by designating them as special protection areas
Personal information service
In order to protect personal information and deal with related complaints, the Company has put related departments in place and posted protection officers as follows.
A. Unit in Charge of Personal Information
• Unit: [Compliance Team]
• Phone: [02-3398-8222]
• E-mail: [younguk1.kim@doosan.com]
B. Personal Information Protection Officer
• Name: Kim Jong-sun
• Phone: 02-3398-2620
• Email: jongseon.kim@doosan.com
• Personal Information Dispute Resolution Committee
• (Http://privacy.kisa.or.kr - Telephone: 118)
• General Portal of Personal Information Protection
• (Http://www.privacy.go.kr - Telephone: 118)
• Information Protection Mark Certification Committee
• (Http://www.eprivacy.or.kr - Tel: 82 2 580 0533 - 4)
• Internet Crime Investigation Center of Supreme Public Prosecutors Office
• (http://www.spo.go.kr - Tel: 82 2 3480 3600)
• Cyber Terror Response Center of National Police Agency
• (http://www.ctrc.go.kr - Tel: 82 2 392 0330)
Children under age of 13
The Site is not suitable for children under 13. Children under the age of 13 should not use it. Doosan Bobcat intentionally does not collect the personal information of children under 13. If we find out that we have collected or obtained personal information about children under 13, we will remove the information. If you believe that we have obtained information about children under 13, please contact Doosan Bobcat by following the instructions below.
Notice obligation
We will notify you through the public announcement page of the website at least 10 days before revision if a change is made in the current personal information processing policy.
• Announcement date: [August 22, 2016]
• Effective date: [August 22, 2016]