Personal Information Processing Policy
"Doosan Bobcat Korea Co., Ltd. ." (hereinafter referred to as "the Company") is required to comply with personal information protection provisions of relevant laws such as the Personal Information Protection Act and the Act on the Promotion of Information and Communication Networks and Information Protection. At the same time, the Company is committed to protecting the rights and interests of our customers, employees, and users of the Site among others by establishing a personal information processing policy in accordance with relevant laws and regulations.
The Company lets you know how personal information is collected through [bobcat.com/AP] (hereinafter "the Site"), email and other electronic messages, the purposes of the collection of information and what actions are taken for the protection of personal information. In addition, we will notify you of any changes in or updates of our policy through the Site or individual notices.
Please read this policy carefully to familiarize yourself with our work practices and how we process our users’ information. Unless you agree with our policies and processing methods, please do not use the Site.. Please acknowledge that the Company’s other related websites and affiliates may follow other policies.
1. General provisions
• The Company will disclose this policy on the first page of the Site so that users can easily check the personal information processing policy and will inform of any changes or revisions through the Site or individual notices.
2. Purposes of personal information processing
Purposes of personal information processing and personal information items to be processed.
The Company will not process sensitive information that may expose unique identification information given for the privacy of a subject of information or to distinguish the information provider from others, without relevant legal provisions or the consent of the information subject.
Individuals who provide information to the Site include customers, expected customers, stakeholders, employees or job applicants.
A. Processed Items
[Related to customers, expected customers and stakeholders] Mandatory Items: Names, addresses, email addresses, company names, service records, access logs, cookies, IP address information
[Related to job applicants]
Mandatory Items: Names, birth date, gender, citizenship, photos, passwords, addresses, phone numbers, mobile phone numbers, email address, education(name of school, date of enrolment/graduation, majors, GPA), professional experience (company name, job title, position, department name, tenure period), military service, veterans (if applicable), disability (if applicable)
Optional Items: foreign language and computer ability, qualification and others that the applicants provide
[Related to employees and prospective employees]
Mandatory Items: Resident registration numbers, family relationship
B. Purpose of processing
Related to customers, expected customers, stakeholders]
• Addressing grievances and complaints
• Online market research or survey
• Marketing or advertising
• Service delivery and payment
[Related to job applicants]
• Individual identification of applicants, job screening process, application change, notification, applicant contact, qualification check
[Related to employees and prospective employees]
• Identification of employees, execution of employment agreement, personnel management such as salaries, welfare benefits, support for various tasks, evaluation
3. Personal information processing
In principle, after the purpose of collecting personal information is achieved, the information is destroyed without delay. However, the following information is retained for the period specified below.
[Related to customers, expected customers, stakeholders]
• Retention items: Name, home address, email address, company name
• Retention period: 1 year
• Purpose of retention: Management of users’ questions and requests, user identification, etc.
• Retention items: Passive information such as service utilization data, access logs, cookies, IP address information
• Retention period: 3 years
• Purpose of retention: To improve service quality through service utilization analysis
[Related to job applicants]
Personal information of unemployed applicants will be destructed without delay after the recruitment process is over.
[Related to employees and prospective employees]
Information permitted to be retained by relevant laws and regulations is kept for the period specified by the laws.
(Notwithstanding the foregoing, if the information subject consents separately, the information will be retained and processed within the purpose and use period.)
1) Documents to be preserved under the Labor Standards Act: 3 years
2) Documents to be preserved under the Income Tax Act and the Basic National Tax Act: 5 years
4. Procedure of personal information destruction
A. Destruction procedure
When the purpose of collecting personal information is achieved or the retention period ends, the information will be destructed without delay. But it is an exception when the information needs retaining in accordance with agreements with information subjects, the terms of use or related laws.
B. How to Destroy
• Personal information stored in the form of electronic files is deleted using a technical method that cannot recover the record.
• Personal information printed on paper is destroyed by crushing or incinerating the paper.
5. Providing personal information to third parties
The Company uses the personal information of information subject within the scope of “2. Purposes of personal information processing and personal information items to be processed.” The Company does not disclose it to a third party beyond the scope without consent of information subject. However, the following cases are exceptions.
• If the Company received separate consent from information subjects
• If there is a special provision in a relevant law that requires disclosure or it is inevitably required to comply with the laws
• If information subjects or their legal representatives are in a situation not to express their intention or are unable to obtain prior consent because of unknown addresses and the stored information is clearly in the interests of the information subjects or related third parties in terms of their lives, health, and property
• If it is needed by relevant decree or for the purpose of investigation by the way and procedure under the relevant law from the investigation authorities.
At present, the Company provides personal information of job applicants to the Korea TOEIC Committee, the Korea Chamber of Commerce and Industry, the Ministry of National Defense, the Office of Military Manpower Administration, and ward offices, county offices and local community centers.
• Items of provided personal information: Names, date of birth, phone numbers, soldiers’ serial numbers
• Purpose of providing information: Qualification check
• Information retention and use period: Destroying it immediately after use
6. Entrustment of personal information processing
The Company entrusts the processing of personal information as described below for the efficient work process. The Company stipulates matters necessary for the entrustment of personal information processing so that the personal information can be safely managed after an entrustment contract is signed in accordance with related laws and regulations,.
• Entrusted entities: Multi Campus, Korea Academy, Alphaco, Spicus, Pickupphone, e-Campus, KT Innoedu
• Entrusted work: Online training courses for employees
• Entrusted entity: BU of Doosan Information & Communications
• Entrusted work: Operation of recruitment system
7. Rights and duties of information subjects
Rights and duties of information subjects and how to exercise rights
All information subjects can demand that their personal information processed by the company be viewed, corrected, deleted and discontinued. However, the Company may refuse or restrict such requests if any of the following are true:
• If there is a special provision in the law or it is inevitable to comply with statutory obligations
• If there is a risk of threatening a person's life or body or unfairly infringing his or her property or other interests.
• If it is difficult to fulfill contractual matters such as agreed services without the processing of personal information, and an information subject does not clearly indicate an intention to terminate the contract
Methods for and procedures of exercising rights
• An information subject who wants to view his or her personal information can submit requests for viewing, correction, deletion, and processing to the personal information department in writing or by e-mail or fax. (See "10. Personal information service")
• The Company will take proper actions within 10 days, unless there is a justifiable reason, and if there is a reason for refusal or limitation, the Company will notify of the reasons and how to raise the objection within 10days.
• The Company may confirm the identity of a requestor by means of an identification document such as a resident registration card and an official digital signature when an information subject or his or her agent requests a perusal of his or her personal information.
8. Protection measures for personal information
Technical, administrative and physical protection measures for personal information
The Company takes the following safety measures to prevent personal information from being lost, stolen, leaked, altered or damaged.
• The Company observes standards set by law for the safe storage and transmission of personal information.
• The Company uses anti-virus programs to take measures to prevent damage by computer viruses. The vaccine program is regularly updated. If new viruses suddenly occur, we provide new vaccines as soon as they are released, thereby preventing an infringement of personal information.
• In preparation for external attacks such as hacking, each server ensures security through an intrusion detection system and a vulnerability analysis system.
• The Company grants access to personal information only to those who carry out sales and marketing work while directly facing information subjects and perform personal information management work, or inevitably handle personal information.
• We conduct the in-house and entrusted education and training on personal information protection of employees who deal with personal information, and supervise them thoroughly so that they will comply with laws on personal information protection while working and even after retiring.
• We take protective measures to prevent physical access such as locks in order to secure personal information and its processing system.
• We control access to computer rooms and archives by designating them as special protection areas
9. Automatically collected personal information an
The Company operates “cookies” that store and find user information from time to time. A “cookie” is a tiny element of data that this web site can send to your browser, which may then be stored on your hard drive so that the Bobcat server can recognize you when you return. Web site uses cookies to track activities (such as pages visited, links clicked) so that more customized features can be provided when the website user returns. Users may erase cookies or block this information from users’ computer by changing the setting of computer. However, if users opt out to use cookies, there may be difficulties in providing the service.
10. Personal information service
In order to protect personal information and deal with related complaints, the Company has put related departments in place and posted protection officers as follows.
A. Unit in Charge of Personal Information
• Unit: [Compliance Team]
• Phone: [02-3398-8222]
• E-mail: [younguk1.kim@doosan.com]
B. Personal Information Protection Officer
• Name: Cho Duckje
• Phone: [02-3398-1301]
• E-mail: [duckje.cho@doosan.com]
• Personal Information Dispute Resolution Committee
• (Http://privacy.kisa.or.kr - Telephone: 118)
• General Portal of Personal Information Protection
• (Http://www.privacy.go.kr - Telephone: 118)
• Information Protection Mark Certification Committee
• (Http://www.eprivacy.or.kr - Tel: 82 2 580 0533 - 4)
• Internet Crime Investigation Center of Supreme Public Prosecutors Office
• (http://www.spo.go.kr - Tel: 82 2 3480 3600)
• Cyber Terror Response Center of National Police Agency
• (http://www.ctrc.go.kr - Tel: 82 2 392 0330)
11. Children under age of 14
The Site is not suitable for children under 14. Children under the age of 14 should not use it. The Company intentionally does not collect the personal information of children under 14. If we find out that we have collected or obtained personal information about children under 14, we will remove the information.
12. Notice obligation
We will notify you through the public announcement page of the website at least 10 days before revision if a change is made in the current personal information processing policy.
• Announcement date: [-, 2021]
• Effective date: [, 2021]
[Previous Privat Policy]