HDHydrogen (hereinafter referred to as the "Company") values the personal information of data subjects and complies with personal information protection regulations under relevant laws, including the [Personal Information Protection Act], [Act on Promotion of Information and Communications Network Utilization and Information Protection], [Protection of Communications Secrets Act], and [Telecommunications Business Act]. The Company will handle personal information collected, retained, and processed by relevant laws appropriately and legally to protect the rights and interests of data subjects and ensure proper business operations.
1. Purpose of Personal Information Processing
The Company processes personal information for the following purposes. The processed personal information will not be used for purposes other than those specified below. If the purpose of use changes, necessary measures such as obtaining separate consent by Article 18 of the Personal Information Protection Act will be taken.
Personal Information Processing Name,Collection Basis,Purpose of Provision -Purpose of Personal Information Processing
|
Personal Information Processing Name
|
Collection Basis
|
Purpose of Provision
|
|
Customer Inquiries
|
Consent of the data subject
|
Responding to customer inquiries
|
2. Personal Information Items and Collection Methods
a. The Company processes the following minimum personal information:
Personal Information Processing Name, Processing Items, Retention Period - Personal Information Items and Collection Methods
|
Personal Information Processing Name
|
Processing Items
|
Retention Period
|
|
Customer Inquiries
|
Required: Name, Phone Number, Email
Optional : Company Name
|
1 Year
|
b.
However, exceptions are made in cases where personal information needs to be preserved under relevant laws as follows:
-
1) Records of consumer complaints or dispute handling: 3 years (Act on Consumer Protection in Electronic Commerce)
-
2) Records of site visits: 3 months (Storage of communication verification data under Article 41 of the Protection of Communications Secrets Act)
-
3) Other cases where individual customer consent has been obtained: Period agreed upon
We will obtain customer consent if continued retention is necessary despite the above retention periods.
3. Matters Concerning Provision of Personal Information to Third Parties
The Company will only provide personal information to third parties in cases under Articles 17 and 18 of the ""Personal Information Protection Act,"" such as with the data subject's consent or under special law provisions. It will announce such provisions through website notices.
4. Matters Concerning Outsourcing of Personal Information
a. The Company outsources personal information processing tasks as follows for efficient handling of personal information:
Processor, Outsourced Tasks, Retention Period - Matters Concerning Outsourcing of Personal Information
|
Processor
|
Outsourced Tasks
|
Retention Period
|
|
Easy Media
|
System Development and Maintenance
|
Until contract termination
|
b. When concluding outsourcing contracts, by Article 26 of the "Personal Information Protection Act," we specify in documents including contracts matters concerning the prohibition of personal information processing beyond the purpose of performing outsourced tasks, security measures, restrictions on re-outsourcing, management, and supervision of processors, and liability for damages, and supervise whether processors handle personal information safely.
c. If any changes are made to the outsourced tasks or processors, we will promptly disclose such changes through this privacy policy.
5. Matters Concerning Personal Information Destruction Procedures and Methods
a. The Company destroys personal information without delay when it becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose.
b. If personal information must continue to be preserved under other laws despite the expiration of the retention period agreed upon by the data subject or achievement of the processing purpose, such personal information (or personal information files) will be transferred to a separate database (DB) or stored in a different location.
c.
The procedures and methods for destroying personal information are as follows:
-
Personal information stored in electronic file format is deleted using technical methods that prevent recovery of records.
-
Records, printouts, documents, and other recording media not in electronic file format are destroyed through shredding or incineration.
6. Matters Concerning Personal Information Security Measures
The Company implements the following measures to ensure security and prevent loss, theft, leakage, alteration, or damage of data subjects' personal information:
a. Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.
b. Technical Measures: Access authority management for personal information processing systems, installation of access control systems, encryption of unique identifying information, installation of security programs, etc.
c. Physical Measures: Access control for computer rooms, data storage rooms, etc.
7. Matters Concerning Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
The Company currently does not operate devices that automatically collect personal information, such as cookies, during service use. However, we may install and operate automatic collection devices if necessary for future service provision, in which case data subjects can accept cookie installation or reject the storage of all cookies.
a. What are cookies? Cookies are tiny text files sent by servers operating websites to data subjects' browsers and stored on data subjects' computer hard drives. When data subjects subsequently visit websites, website servers read the contents of cookies stored on data subjects' hard drives to maintain their environment settings and provide customized services. Cookies do not automatically/actively collect personally identifying information; data subjects can reject or delete such cookies anytime.
b.
Cookie Installation, Operation, and Rejection Data subjects have choices regarding cookie installation and can set cookie allowance, blocking, deletion, etc., through web browser options.
-
Cookie Allow/Block in Web Browsers
1. Chrome: Browser Settings > Privacy and Security > Clear Browsing Data
2. Edge: Browser Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data
-
Cookie Allow/Block in Mobile Browsers
1. Chrome: Mobile Browser Settings > Privacy and Security > Clear Browsing Data
2. Safari: Mobile Device Settings > Safari > Advanced > Block All Cookies
3. Samsung Internet: Mobile Browser Settings > Browse History > Delete Browse History
8. Matters Concerning Personal Information Protection Officer
a. The Company designates the following personal information protection officer and manager to protect customers' personal information and handle related complaints:
Position, Department, Name, Email - Matters Concerning Personal Information Protection Officer
|
Position
|
Department
|
Name
|
Email
|
|
Personal Information Protection Officer
|
Business Strategy Team
|
Team Leader
Song Deok-young
|
sdy1982@hd.com
|
|
Personal Information Protection Manager
|
Business Strategy Team
|
Manager
Park Seung-jin
|
promotion@hd.com
|
b. You may report all privacy-related complaints to the Personal Information Protection Manager while using the Company's services. The Company will promptly provide sufficient responses to data subjects' reports.
9. Matters Concerning Requests for Access to Personal Information
Data subjects may request access to personal information by Article 35 of the ""Personal Information Protection Act"" to the department below. The Company will strive to promptly process data subjects' requests for access to personal information.
Personal Information Processing Name, Department, Name, Email - Matters Concerning Requests for Access to Personal Information
|
Personal Information Processing Name
|
Department
|
Name
|
Email
|
|
Customer Inquiries
|
Business Strategy Team
|
Manager
Jung Yun-se
|
yoonse.jung@hd.com
|
10. Remedies for Infringement of Data Subjects' Rights and Interests
Data subjects may request dispute resolution or consultation from the Personal Information Dispute Mediation Committee, KISA Personal Information Infringement Report Center, etc., to receive a remedy for personal information infringement. For other reports and consultations regarding personal information infringement, please contact the following institutions:
-
Personal Information Dispute Mediation Committee: (No Area Code) 1833-6972 (www.kopico.go.kr)
-
Personal Information Infringement Report Center: (No Area Code) 118 (privacy.kisa.or.kr)
-
Supreme Prosecutors' Office: (No Area Code) 1301 (www.spo.go.kr)
-
National Police Agency: (No Area Code) 182 (ecrm.cyber.go.kr)
11. Matters Concerning Changes to Privacy Policy
a. This policy will be effective from April 11, 2025.
b. Previous privacy policies can be viewed via the link in the upper right corner.