top of page

PRIVACY POLICY

Hanwha System (hereinafter referred to as the "Company") processes and safely manages personal information in compliance with the Personal Information Protection Act and related laws to protect the freedom and rights of information subjects. Accordingly, in accordance with Article 30 of the Personal Information Protection Act, the following personal information processing policies are established and disclosed to inform the data subject of procedures and standards for personal information processing and to handle complaints quickly and smoothly.

  1. Purpose of processing personal information

  2. Processing and retention period of personal information

  3. Matters concerning the processing of personal information of children under the age of 14

  4. Matters concerning the provision of personal information to third parties

  5. Matters concerning the entrustment of personal information processing

  6. Matters concerning procedures and methods for destroying personal information

  7. Matters concerning the rights, obligations, and methods of exercise of the information subject and legal representative

  8. Matters concerning measures to ensure the stability of personal information

  9. Matters concerning the installation and operation of a device that automatically collects personal information and its refusal

  10. Matters concerning the person in charge of personal information protection

  11. Relief methods for infringement of rights and interests of information subjects

  12. Matters concerning changes to the personal information processing policy

1. Purpose of processing personal information

The company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent under Article 18 of the Personal Information Protection Act.

  • Data Subject : Provision of Services

  • Log Information and Local Storage : Personal contact information (name, email)

2. Processing and retention period of personal information

  • The company processes and retains personal information within the period of personal information retention and use under the Act or within the period of personal information retention and use agreed upon by the data subject.

  • The processing and retention period of each personal information is as follows.

    • Data Subject : Provision of Services

    • Log Information and Local Storage : Personal contact information (name, email)

    • ​Use and retention period : Within 30 days after the award ceremony

3. Matters concerning the processing of personal information of children under the age of 14

The company does not collect personal information for children under the age of 14.

4. Matters concerning the provision of personal information to third parties

The company does not provide the personal information to third parties.

5. Matters concerning the entrustment of personal information processing

  • The company entrusts the processing of personal information as follows for smooth processing of personal information.

    • A consigned company : Wix.com, Inc, 100 Gansevoort Street, New York, NY 10014

    • Commissioned work : ​Database Management for Website Operation

    • Period of retention and use : by the end of the consignment contract

  • According to Article 26 of the Personal Information Protection Act, the company stipulates the prohibition of personal information processing, technical and management protection measures, restrictions on re-entrustment, management and supervision of the trustee, and supervises the safe handling of personal information.

  • If the contents of the entrusted work or the trustee changes, we will disclose it through this personal information processing policy without delay.

6. Matters concerning procedures and methods for destroying personal information

  • When personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing, the company destroys the personal information without delay.

  • If personal information must be preserved in accordance with other laws and regulations even though the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or stored differently.

  • After the purpose of using the collected personal information is achieved, the company destroys the information without delay according to the storage period and use period. The procedure, method, and time of destruction are as follows.

    • The personal information recorded by the customer for service use shall be deleted or destroyed after the retention period according to the internal policy and other relevant laws and regulations (see retention and use period of the personal information above) has been achieved. In general, personal information collected by the company and managed in the form of an electronic file is deleted immediately when the purpose is achieved.

    • The personal information printed on the paper is destroyed by crushing or incinerating it with a shredder or dissolving it by chemical treatment, and the personal information stored in the form of an electronic file is deleted using a technical method that cannot be reproduced.

7. Matters concerning the rights and obligations of the data subject and the method of exercise thereof

  • The information subject may exercise the right of the company to view, correct, delete, and stop processing personal information at any time.

  • The exercise of rights may be conducted in writing, e-mail, fax, etc. in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.

  • You can also exercise your rights through a legal representative of the information subject or an agent such as a delegated person. In this case, "Notification of the method of processing personal information (No. 2020-7)" You have to submit a power of attorney according to attached Form 11.

  • Requests for suspension of personal information access and processing may restrict the rights of data subjects pursuant to Articles 35 (4) and 37 (2) of the Personal Information Protection Act.

  • Requests for correction and deletion of personal information cannot be requested if other laws specify that the personal information is subject to collection.

  • The company checks whether it is a party or a legitimate agent who made a request for perusal, correction and deletion, or suspension of processing according to the rights of the information subject.

8. Matters concerning measures to ensure the stability of personal information

  • The company takes the following technical, administrative, and physical measures necessary to ensure safety so that personal information is not lost, stolen, leaked, tampered with, or damaged.

    • Establishment and implementation of internal management plan

      • Establish an internal management plan and implement it for personal information protection.

    • Minimize the number of personal information handlers and implement education

      • We are implementing measures to manage personal information by designating and minimizing the person in charge of handling personal information.

    • Restriction of access to personal information

      • We take necessary measures to control access to personal information by granting, changing, and canceling access to the database system that processes personal information, and use the intrusion prevention system to control unauthorized access from outside.

    • Storage of access records and prevention of forgery and alteration

      • Records of access to the personal information processing system (web logs, summary information, etc.) are kept and managed for at least two years, and security functions are used to prevent forgery, alteration, theft, and loss of access records.

    • Technical countermeasures against hacking, etc

      • In order to prevent personal information leakage and damage caused by hacking or computer viruses, security programs are installed, periodically updated, and checked, systems are installed in areas with controlled access from the outside, technically and physically monitored and blocked. It also detects attempts to monitor network traffic, as well as illegally changing information.

    • Access control for unauthorized persons

      • Access control procedures are operated by providing a separate physical storage location for the personal information processing system that stores personal information.

  • In order to ensure the safety of personal information, the company conducts the following activities in addition to those prescribed by laws and regulations.

  • Privacy activities: including privacy within ESG activities

  • Acquisition of domestic and foreign information protection certification: ISO/IEC 27001, ISMS, etc

9. Matters concerning the installation and operation of devices that automatically collect personal information and the refusal thereof

  • In order to provide individual customized services to executives and employees, the company may use "cookies" that store and recall usage information from time to time.

  • ​Cookies are a small amount of information sent by the server (http) used to run the website to the user's computer browser and are also stored on the user's PC computer's hard disk.

    • Purpose of Use of Cookies

      • Users have the option to install cookies. Therefore, users can allow all cookies by setting options in their web browser, go through confirmation whenever cookies are saved, or refuse to save all cookies

    • How to reject cookie settings

      • As a way to refuse to set up cookies, you can allow all cookies, go through confirmation every time you save them, or refuse to save all cookies by selecting the options in your web browser.

      • However, if the user refuses to install cookies, there may be difficulties in providing the service.

      • Example of how to set up (Chrome): Tools at the top of your web browser > Settings > Privacy and Security > Cookies and other site data

      • Example of how to set up (Microsoft Edge): Tools > Settings > Cookies and Site Privileges at the top of the web browser

      • Refusing to save cookies may cause difficulties in using customized services.

10. Matters concerning the person in charge of personal information protection

  • The company is in charge of personal information processing, and the person in charge of personal information protection is designated as follows for handling complaints, damage relief, request for perusal, report/consultation, etc. of the data subject related to personal information processing.

  • The information subject may contact the chief privacy officer and the department in charge of all personal information protection inquiries, complaints, damage relief, etc. arising from the use of the company's services (or business). The company will respond and handle inquiries from the information subject without delay.

11. Methods of remedy for infringement of rights and interests of data subjects

  • In order to receive relief for personal information infringement, the information subject may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, etc. In addition, please contact the institution below for reports and counseling on other personal information infringement.

    • Personal Information Dispute Mediation Committee

    • Personal Information Infringement Reporting Center

      • Contact :(without country number) 118

      • Home Page : privacy.kisa.or.kr

    • Supreme Prosecutors' Office(

      • Contact :(without national number) 1301

      • Home Page : www.spo.go.kr

    • National Police Agency Cyber Investigation Bureau

      • Contact :(without country code) 182

      • Home Page : cyberbureau.police.go.kr

  • A person who has been infringed on his/her rights or interests due to a disposition or omission made by the head of a public institution for requests under Articles 35 (access of personal information), 36 (correction and deletion of personal information), and 37 (stopping processing of personal information, etc.) may request an administrative trial as prescribed by the Administrative Appeals Act.

    • Central Administrative Appeals Board

12. Matters concerning the modification of the personal information processing policy

  • If there is an addition, deletion, or modification of the contents of this personal information processing policy, we will notify you on the website seven days before the change is implemented.

  • This personal information processing policy will be applied from 2025.3.24.

Copyright © 2025 Hanwha Systems Co., Ltd. All rights reserved.

bottom of page