1. Personal Information Processing Policy
01. General Provisions
“Personal Information“ refers to the personally identifiable information of a living person whose identity may be checked easily in combination with the use of other sources such as name, national identification number, and picture, even though it is rarely possible to differentiate the individual in question with only the given information. "Informer" means the owner of any information that enables the recognition of a person’s identity. The Company discloses the Personal Information Processing Policy on the first screen of the website (www.dn-solutions.com) to facilitate the verification of the policy in question, and will always announce any changes or revisions to this policy via a notice posted on its website or through individual communication.
02. Processed Personal Information and Purposes of Processing
Without the legitimate provisions or the consent of the informer, the Company may handle neither the sensitive information that may significantly compromise the privacy of its provider nor the unique identification information assigned to distinguish the interested-party from others.
A. Processed Information
[Concerning customers]
Name, home address, e-mail, company name, service record, access log, cookies, IP address information, Mobile phone number, home phone number
[Concerning the Website]
Company name, CEO's name, home address, company address, company contact information, name, date of birth, contact number, email address
[Concerning employment]
Name, social security number, picture, password, home address, home telephone number, mobile phone number, e-mail, education, military service, foreign language proficiency, computer skills, qualifications, family relationships, career, social experience, awards, international experience, and research experience
B. Purposes of Processing
[Concerning customers]
- Settlement of the complaints on the membership and points of dissatisfaction
- Online market research or survey
- Marketing or advertising
- Service delivery and the settlement of fees
[Concerning the website]
- Application for On/Off-line equipment programming education
- Cyber reporting
[Concerning employment]
- Recruitment process, application form revision, employment success or failure, contact, employment requirements checkup
- Payroll, welfare benefits, support for various tasks, and assessment (HR management)
03. Processing and the Retention Period of Personal Information
In principle, the collected personal information will be destroyed immediately after the purpose for which it was collected has been achieved. However, the following information will be retained during the designated period for the reasons set forth below.
- Retained information : name, home address, e-mail, company name
- Retention period : 1 year
- Reasons for retention : user inquiries/request management, user identification, etc.
- Retained information : service use data, access log, cookies, IP address information
- Retention period : 1 year
- Reasons for retention : enhancement of service quality through analysis of service use
04. Procedures and methods for the destruction of personal information
A. Destruction procedures
The company destroys the personal information without delay once it has achieved the purpose of its collection or the retention period has finished, except where the retention is required pursuant to the informer's consent, terms of use, or relevant legislation.
B. Methods of destruction
- Personal information stored in electronic file formats shall be deleted using technical methods that prevent the recovery of its record.
- Personal information printed on the paper shall be broken by the shredder, or destroyed through incineration.
05. Provision of personal information to a third party
The Company uses the personal information only within the scope laid out in "02. Processed Personal Information and Purposes of Processing”, and does not abuse it in excess of the established range nor discloses it to a third party. However, the following cases are exceptions.
- In the case of having received the special consent of the informer
- If there are special provisions in other relevant laws
- If it is impossible to obtain the prior consent of the informer or its legal representative due to the state in which he cannot express his or her intention or his or her unknown address, so that the stored information is deemed to be necessary evidence for an imminent benefit of life, health, property of the informer or relevant third party
- In case of providing the personal information in a form to block the recognition of a particular individual as necessary for the purposes of statistics and research.
The Company currently provides the following personal information
- Institutions receiving personal information : Hunet Co. Ltd., Ubob Inc., Midasin Co., Ltd,, Korea TOEIC Committee, The Korea Chamber of Commerce & Industry, the Ministry of National Defense/Army Headquarters, Ministry of Public Administration and Security/Changwon City Hall
- Offered personal information : name, date of birth, military serial number, social security number, mobile phone number, address
- Purpose : verification of qualification
- Retention and use period : immediately destroyed
06. Outsourcing of personal information processing
The Company does not entrust the personal information processing to an outside agency without the prior consent of the relevant informer. For the outsourcing of personal information processing, the Company has in place the following instructions to safely manage the personal information when it concludes an outsourcing agreement in accordance with the relevant legislation
- Trustee company : Doosan Information Communication BU Inc.
- Outsourced service : Outsourcing of System Operation and Maintenance (Maintenance)
- Trustee company : Ninetree Co., Ltd.
- Outsourced service: Outsourcing of Website Management and Maintenance
- Trustee company: Gaonsoft Co. Ltd.
- Outsourced service: Company-wide portal, OA management, facility construction management, and accounting manual.
- Trustee company: Zenith & Company
- Outsourced service: AD server management, Exchange server management, and maintenance of Microsoft 365.
- Trustee company : S1 Corporation
- Outsourced service: Photography, oversight of access card production/issuance.
- Trustee company : Kuma Data Tech Corp.
- Outsourced service: Employee ID card production/issuance.
- Trustee company : Hunect Corp.
- Outsourced service: Call center phone consultations.
- Trustee company : Machine Tech Co., Ltd., Incheon Machine Tool Service, Co., Ltd., Total CMS Co, Ltd, Sungjin Machine, KC Technology Co., Ltd., MCT Service, Hanwool Tech, Daewoo E&C, Daelim Tech, MDK Co., Ltd., MT Solution Co., Ltd., DMS Co., Ltd., Daewoo CNC, DSMT Chungcheong Co., Ltd., DCS Co., Ltd., Woori Total Machinery, DSM, Sama Engineering, Kyungho Machinery, Youngjin Machinery, Kyungsung Machinery, Daegu Gyeongbuk Service, DY Tech, DMT Solution, Hanyoung Machinery, Ring Engineering, NCS, MNT, Geusan Precision, MTS Co., Ltd., Ring ENG, TOP Co., Ltd., Youngnam Machine Co., Ltd., Gwangmyung Industrial Co., Ltd., TIS, Sindo Machinery, Taeyoung E&C, Myungsung Machinery, Taewon Synthesis Machinery, Daewoo Machinery
- Outsourced service: Service dispatch.
- Trustee company : Taeyoung E&C
- Outsourced service: Equipment operation training for customers.
- Trustee company : Myung Seong Machinery, Daewoo Machinery
- Outsourced service: Customer support for equipment parts.
- Trustee company : J&K, JR
- Outsourced service: Equipment programming training.
- Trustee company : PNS Networks Inc., Gusan Logistics Co., Ltd., DHL Korea Co., Ltd., MNC International Co., Ltd., EGL CO LTD., Kuls Co., Ltd., Glonet TLS Co., Ltd., The Ton Logis, Dongwon LOEX Co., Ltd., Sunjin Logistics Co., Ltd., Wallenius Wilhelmsen Ocean AS – Korea Branch, EUNSAN SHIPPING AIRCARGO CO., LTD., LX Pantos Co., Ltd, Pyeongtaek Marine Co., Ltd., Pyeongtaek International Ro-Ro Terminal, Daeyang TNTS Co., Ltd., Kwangdong TLS Co., Ltd.
- Outsourced service: Transportation of equipment
07. Rights and Obligations of Informers and Methods to Exercise the Rights
Every informer may demand the access, correction, omission, and suspension of his or her personal information that the Company treats. However, the Company may refuse or limit the aforementioned demand under the following conditions
- If there is a special legal provision or it is unavoidable to comply with statutory obligations
- If there is a concern to harm the lives or bodies of others, or to damage improperly the property and other interests of other people
- If it is difficult to fulfill the contract, including agreed services, without processing the personal information, meanwhile the informer does not reveal clearly the intention to terminate the contract
Methods and Procedures to Exercise Rights
- The informer who wants to read his or her personal information may submit the Request of Reading, Correction, Deletion, and Suspension in writing, e-mail, fax, etc., to the department in charge (For this, see the section "09. Complaint Resolution Service for Personal Information“).
- The Company takes action to respond to the demand within 10 days unless there is a justifiable reason, and communicates the reasons, if any, for such denial or restriction within five days, as well as the methods to appeal against this refusal or restriction.
- The Company may verify the identity of the informer or, his or her representative that demands the reading, etc., of the personal information, checking his or her identity cards such as social security card, one of certified electronic signatures or other equivalents.
08. Technical, Administrative, and Physical Protection Measures for Personal Information
The Company takes the following safety measures to prevent personal information from being lost, stolen, leaked, altered, or damaged
(Technical measures)
- The Company complies with the required legal standards for the secure storage and transmission of the personal information.
- Using anti-virus software, the company takes steps to prevent the damage caused by computer viruses. The anti-virus program is updated periodically, and protects against the violation of privacy in case of a sudden outbreak of a new virus, providing its new version as soon as possible.
- Against external attacks such as hacking, the Company does everything for the security, utilizing an intrusion detection system and a vulnerability assessment system for each server.
(Administrative measures)
- The company gives the exclusive access to personal information to those who deal with sales and marketing directly with the informers, to those in charge of the management of personal information, and those who inevitably handle the personal data through carrying out other tasks.
- The employees who treat the personal information take a regular in-house training and outsourcing education on the protection of personal information, being properly supervised to strictly comply with laws and regulations to the same purpose after both starting work and after taking retirement.
(Physical measures)
- For the secure storage of the personal information and its handling system, the facilities are equipped with protection measures to prevent a physical access, including physical locking devices.
- The computer room and data storage room, designated as special security areas, are under strict access control.
09. Complaint Resolution Service for Personal Information
The Company designates and operates the following division and officer in charge to protect the personal information and respond to the complaints regarding the sector.
A. Personal Information Division
Division: IT Innovation Department
Phone : 055-608-6640
Fax : 055-280-4063
E-mail : security@dncompany.com
Business Hours : (Mon-Fri) 09:00 - 18:00, (closed on Sat-Sun, national holidays)
B. Chief Privacy Officer
Name : Seungyoung Lee
Tel. : 055-608-6640
E-mail : seungyoung.lee@dncompany.com
If you want to report or need an advice on the invasion of the privacy, please contact the following organizations.
- Personal Information Breach Report Center (http://privacy.kisa.or.kr Phone Number: 118)
- Cyber Investigation Department, Prosecutor-General’s Office (cybercid.spo.go.kr / 1301 without area code)
- Cyber Safety Guardian, National Police Agency (www.police.go.kr/www/security/cyber.jsp / 182) without area code
10. Notification
Additions, deletions and modifications of the current Personal Information Processing Policy will be notified through the website at least 10 days prior to the revision.
Announcement date: August 1, 2023
Effective Date: August 1, 2023
2. Visual Information Processing Equipment Management Policy
01. Basis and Purposes of the Installation of Visual Information Processing Equipment
The Visual Information Processing Equipment Management Policy ("the Policy") has its purpose to promote the proper execution of work and contribute to the assurance of interests of the informers, establishing the provisions with which DN Solutions (‘the Company) shall comply regarding the installation and operation of visual information processing equipment and the protection of personal video information, in accordance with Article 25 of the Personal Information Protection Act.
02. Principles of the Protection of Personal Visual Information
The Company collects personal visual information within the scope of minimum necessity to meet the purpose of installing visual information processing equipment, so that this intention will be recognized clearly by the informers, and does not use the data for purposes other than this. The Company commits to correctly managing the personal visual information safely, ensuring its accuracy and latest update, disclosing general details on the processing of personal visual information and guaranteeing the rights of any relevant informers.
03. Designation of the Administrator
The officer, division, and personnel responsible for the safe management of the personal visual information are as follows:
- Officer: Head of the Security Department
- Division: Security Department
- Operator in charge: Person in charge of installing and operating video information processing equipment in the Security Department
04. Installation of Visual Information Processing Equipment
The number, locations, and shooting ranges of the installed visual information processing equipment are shown below:
- Number of visual information processing equipment : A total 82 units (71 of fixed types, 11 of rotary types);
- Locations of visual information processing equipment : Entrance and aisle of each floor, elevator hall and elevator interior, vehicles entering and exiting from parking facilities and outside square
- Shooting range of video information processing equipment : Entrances, walkways, elevator halls and elevator interiors
05. Installation of Signs
The Company takes the necessary measures so that the installation and operation of visual information processing equipment can be easily recognized, including installation of information signs that state the following points:
- Purpose and place of the installation, shooting range and time, and the administrator's name, job title, and contact details
- In case of the outsourcing of the installation and management, the trustee's name and contact details
Location and size of the sign attached are as follows:
- Place : Entrance to the building
- Size : 40 x 30cm (However, it can be changed according to the condition of the installed location)
06. Viewing Request of the Informer
The informer may request the viewing and verification ("the view") of his or her own personal visual information that the Company handles.
When the Company receives the request for the view, it shall take necessary measures without delay, and may verify the identity of the requestor, or his or her legitimate representative with the submission of documents which can prove the informer’s identity, such as a ID card, driver’s license or passport.
The Company may refuse the informer's request for the view, notifying within 10 days the reasons for denial and appeal procedures in writing to him or her in the following cases:
- If the corresponding personal visual information is destroyed, due to the storage period termination
- If there are legitimate reasons to reject the informer's view request
07. Recording Time of Visual Information Processing Equipment
Recording and storage times and storage areas are as follows:
- Recording time : 24 hours
- Storage time : 30 days to 3 months, depending on the shooting area
- Storage areas : General Control Center, etc.
08. Visual Information Management
Using the personal visual information for any purposes other than the collection or providing it to third parties with informer's consent or by the provisions of the law requires the following points on the "Personal Visual Information Management Record" to be inscribed:
- Name of personal visual information file
- Name of the person who will use or receive the information
- Purpose of the use or offer
- Statutory grounds of the use or offer, if any
- Period of the use or offer, if any
- Form of the use or offer
In the case of the destruction of the personal visual information, it is required to note down the following points on the "Personal Visual Information Management Record":
- Personal visual information item to be destroyed
- Date of the destruction of personal visual information (in case of a pre-set period for automatic destruction, its destruction cycle, etc.)
- Personnel in charge of the destruction of personal visual information
09. Storage and Destruction
The Company destroys the collected personal visual information without delay, when the storage period expires, set forth in the Policy. However, this does not apply if there are special provisions in other relevant laws.
The personal visual information is destroyed as follows:
- For the output (pictures, for example) containing the personal visual information, shredding or incineration
- For personal visual information in the form of electromagnetic video files, permanent deletion that incapacitates their restoration by technical means
10. Administrative, Technical and Physical Measures
The Company administers minimum personnel to access to the personal visual information processed by the equipment, including the administrator and responsible operator. The zones where the personal visual information transmitted by the processing equipment is viewed and played are designated as restricted access areas to control the entrance of the people other than the authorized to access. The Company modifies or disqualifies without delay the permission rights of those who change their positions due to retirement and transfer. The company takes necessary measures to ensure the security of the personal information or video files processed or transmitted, in order to prevent them from being lost, stolen, leaked, damaged or altered, including password setting. The Company checks regularly the functions of the visual information processing equipment to block an alteration or falsification of the data.
11. Outsourcing of the Installation and Management of Visual Information Processing Equipment
The Company outsources the management of personal visual information to the following trustee and is responsible for overseeing the processing of the information.
- Trustee company : S1 Corporation
- Outsourced service : installation and operation of visual information processing equipment
Announcement Date: August 1, 2023
Effective Date: August 1, 2023
