Privacy policy

The DN Solutions (the “Company“) complies with the relevant statutory provisions regarding the protection of personal information, including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection.

The Company further commits to safeguarding the rights and interests of the owners and holders of personal information, such as its customers, staff and website users, and has established its own Privacy and Information Processing Policy, in accordance with the relevant legislation.

The Company, through its Privacy and Information Processing Policy, etc., notifies the purposes and procedures of the collection of personal information, as well as the relevant protection measures. In case of any update or revision to the Policy, the Company will announce the change either on its website’s notice or by means of individual communication.

The Company's policy on the disclosure of personal information consists of two components: the (Personal Information Processing Policy), which pertains to the protection of the personal information of all information subjects processed by the Company, and the (Visual Information Processing Equipment Management Policy), which focuses on the protection of personal visual information.

However, other affiliated websites of the Company may have different Personal Information Processing Policies.

1. Personal Information Processing Policy

01. General Provisions

“Personal Information“ refers to the personally identifiable information of a living person whose identity may be checked easily in combination with the use of other sources such as name, national identification number, and picture, even though it is rarely possible to differentiate the individual in question with only the given information. "Informer" means the owner of any information that enables the recognition of a person’s identity. The Company discloses the Personal Information Processing Policy on the first screen of the website (www.dn-solutions.com) to facilitate the verification of the policy in question, and will always announce any changes or revisions to this policy via a notice posted on its website or through individual communication.

02. Processed Personal Information and Purposes of Processing

Without the legitimate provisions or the consent of the informer, the Company may handle neither the sensitive information that may significantly compromise the privacy of its provider nor the unique identification information assigned to distinguish the interested-party from others.

A. Processed Information

[Concerning customers]
Name, address, e-mail, company name, service record, access log, cookies, IP address information, contact information

[Concerning the Website]
Company name, CEO's name, home address, company address, company contact information, name, contact number, email address,Resident Registration Number, Primary Bank Account, Account Holder, Account Number (Copy of Bank Book), Seal Certificate

[Concerning employment]
The details will be specified separately on the recruitment website.

[Concerning Cyber Reporting Information] The details will be specified separately on the recruitment website.

B. Purposes of Processing

[Concerning customers]
- Settlement of the complaints on the membership and points of dissatisfaction
- Online market research or survey
- Marketing or advertising
- Service delivery and the settlement of fees

[Concerning the website]
- Application for On/Off-line equipment programming education
- Customer Inquiries
- Online Company Registration

03. Processing and the Retention Period of Personal Information

In principle, the collected personal information will be destroyed immediately after the purpose for which it was collected has been achieved. However, the following information will be retained during the designated period for the reasons set forth below.

- Retained information : name, address, e-mail, company name
- Retention period : 1 year
- Reasons for retention : user inquiries/request management, user identification, etc.

- Retained information : service use data, access log, cookies, IP address information
- Retention period : 1 year
- Reasons for retention : enhancement of service quality through analysis of service use

- Retained information : Name,Email
- Retention period : Until withdrawal of consent or termination of service
- Reasons for retention : Send email for Newsletter

04. Procedures and methods for the destruction of personal information

A. Destruction procedures

The company destroys the personal information without delay once it has achieved the purpose of its collection or the retention period has finished, except where the retention is required pursuant to the informer's consent, terms of use, or relevant legislation.

B. Methods of destruction

- Personal information stored in electronic file formats shall be deleted using technical methods that prevent the recovery of its record.
- Personal information printed on the paper shall be broken by the shredder, or destroyed through incineration.

05. Provision of personal information to a third party

The Company uses the personal information only within the scope laid out in "02. Processed Personal Information and Purposes of Processing”, and does not abuse it in excess of the established range nor discloses it to a third party. However, the following cases are exceptions.

- In the case of having received the special consent of the informer
- If there are special provisions in other relevant laws
- If it is impossible to obtain the prior consent of the informer or its legal representative due to the state in which he cannot express his or her intention or his or her unknown address, so that the stored information is deemed to be necessary evidence for an imminent benefit of life, health, property of the informer or relevant third party
- In case of providing the personal information in a form to block the recognition of a particular individual as necessary for the purposes of statistics and research.

The Company currently provides the following personal information

- Institutions receiving personal information : Hunet Co. Ltd., Ubob Inc., Midasin Co., Ltd,, Korea TOEIC Committee, The Korea Chamber of Commerce & Industry, the Ministry of National Defense/Army Headquarters, Ministry of Public Administration and Security/Changwon City Hall
- Offered personal information : name, date of birth, military serial number, social security number, mobile phone number, address
- Purpose : verification of qualification
- Retention and use period : immediately destroyed

06. Outsourcing of personal information processing

The Company does not entrust the personal information processing to an outside agency without the prior consent of the relevant informer. For the outsourcing of personal information processing, the Company has in place the following instructions to safely manage the personal information when it concludes an outsourcing agreement in accordance with the relevant legislation

- Trustee company : ASPN
- Outsourced service : Outsourcing of System Operation and Maintenance (Maintenance)

- Trustee company : Ninetree Co., Ltd.
- Outsourced service: Outsourcing of Website Management and Maintenance

- Trustee company: Gaonsoft Co. Ltd.
- Outsourced service: Company-wide portal, OA management, facility construction management, and accounting manual.

- Trustee company: Zenith & Company
- Outsourced service: AD server management, Exchange server management, and maintenance of Microsoft 365.

- Trustee company : Hunect Corp.
- Outsourced service: Call center phone consultations.

- Trustee company : Machine Tech Co., Ltd.,Total CMS Co, Ltd, Sungjin Machine, KC Technology Co., Ltd., MCT Service, Hanwool Tech, Daewoo E&C, MDK Co., Ltd., MT Solution Co., Ltd., DMS Co., Ltd., Daewoo CNC, DSMT Chungcheong Co., Ltd., DCS Co., Ltd., Woori Total Machinery, DSM, Sama Engineering, Kyungho Machinery, Youngjin Machinery, Kyungsung Machinery, Daegu Gyeongbuk Service, DY Tech, DMT Solution, Hanyoung Machinery, Ring Engineering, NCS, Geusan Precision, MTS Co., Ltd., Ring ENG, TOP Co., Ltd., Youngnam Machine Co., Ltd., Gwangmyung Industrial Co., Ltd., TIS, Sindo Machinery, Taeyoung E&C, Myungsung Machinery, Taewon Synthesis Machinery, Daewoo Machinery, ICS, ESR
- Outsourced service: Service dispatch.

- Trustee company : Taeyoung E&C
- Outsourced service: Equipment operation training for customers.

- Trustee company : Myung Seong Machinery, Daewoo Machinery
- Outsourced service: Customer support for equipment parts.

- Trustee company : J&K, JR
- Outsourced service: Equipment programming training.

- Trustee company : PNS Networks Inc., Gusan Logistics Co., Ltd., DHL Korea Co., Ltd., MNC International Co., Ltd., EGL CO LTD., Kuls Co., Ltd., Glonet TLS Co., Ltd., The Ton Logis, Dongwon LOEX Co., Ltd., Sunjin Logistics Co., Ltd., Wallenius Wilhelmsen Ocean AS – Korea Branch, EUNSAN SHIPPING AIRCARGO CO., LTD., LX Pantos Co., Ltd, Pyeongtaek Marine Co., Ltd., Pyeongtaek International Ro-Ro Terminal, Daeyang TNTS Co., Ltd., Kwangdong TLS Co., Ltd.
- Outsourced service: Transportation of equipment

07. Rights and Obligations of Informers and Methods to Exercise the Rights

Every informer may demand the access, correction, omission, and suspension of his or her personal information that the Company treats. However, the Company may refuse or limit the aforementioned demand under the following conditions

- If there is a special legal provision or it is unavoidable to comply with statutory obligations
- If there is a concern to harm the lives or bodies of others, or to damage improperly the property and other interests of other people
- If it is difficult to fulfill the contract, including agreed services, without processing the personal information, meanwhile the informer does not reveal clearly the intention to terminate the contract

Methods and Procedures to Exercise Rights

- The informer who wants to read his or her personal information may submit the Request of Reading, Correction, Deletion, and Suspension in writing, e-mail, fax, etc., to the department in charge (For this, see the section "09. Complaint Resolution Service for Personal Information“).
- The Company takes action to respond to the demand within 10 days unless there is a justifiable reason, and communicates the reasons, if any, for such denial or restriction within five days, as well as the methods to appeal against this refusal or restriction.
- The Company may verify the identity of the informer or, his or her representative that demands the reading, etc., of the personal information, checking his or her identity cards such as social security card, one of certified electronic signatures or other equivalents.

08. Installation and Operation of Devices for the Automatic Collection of Personal Information and Matters Related to Refusal

A. The company operates 'cookies' that store and retrieve information about the data subject on a regular basis. Cookies are small amounts of information sent from the server operating the website to the data subject's browser, which are then stored on the hard disk of the data subject's computer.

B. The data subject can choose whether or not to accept cookies. The data subject can set their web browser to accept all cookies, prompt confirmation each time a cookie is set, or reject all cookies. However, if the data subject rejects the installation of cookies, he or she may experience difficulties in receiving the service.

09. Technical, Administrative, and Physical Protection Measures for Personal Information

The Company takes the following safety measures to prevent personal information from being lost, stolen, leaked, altered, or damaged

(Technical measures)

- The Company complies with the required legal standards for the secure storage and transmission of the personal information.
- Using anti-virus software, the company takes steps to prevent the damage caused by computer viruses. The anti-virus program is updated periodically, and protects against the violation of privacy in case of a sudden outbreak of a new virus, providing its new version as soon as possible.
- Against external attacks such as hacking, the Company does everything for the security, utilizing an intrusion detection system and a vulnerability assessment system for each server.

(Administrative measures)

- The company gives the exclusive access to personal information to those who deal with sales and marketing directly with the informers, to those in charge of the management of personal information, and those who inevitably handle the personal data through carrying out other tasks.
- The employees who treat the personal information take a regular in-house training and outsourcing education on the protection of personal information, being properly supervised to strictly comply with laws and regulations to the same purpose after both starting work and after taking retirement.

(Physical measures)

- For the secure storage of the personal information and its handling system, the facilities are equipped with protection measures to prevent a physical access, including physical locking devices.
- The computer room and data storage room, designated as special security areas, are under strict access control.

10. Complaint Resolution Service for Personal Information

The Company designates and operates the following division and officer in charge to protect the personal information and respond to the complaints regarding the sector.

A. Personal Information Division

Division: IT Innovation Department
Phone : 055-608-6640
Fax : 055-280-4063
E-mail : security@dncompany.com
Business Hours : (Mon-Fri) 09:00 - 18:00, (closed on Sat-Sun, national holidays)

B. Chief Privacy Officer

Name : Seungyoung Lee
Tel. : 055-608-6640
E-mail : seungyoung.lee@dncompany.com

If you want to report or need an advice on the invasion of the privacy, please contact the following organizations.

- Personal Information Breach Report Center (http://privacy.kisa.or.kr Phone Number: 118)
- Cyber Investigation Department, Prosecutor-General’s Office (cybercid.spo.go.kr / 1301 without area code)
- Cyber Safety Guardian, National Police Agency (cyberbureau.police.go.kr / 182) without area code

- Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)

 

11. Notification

Additions, deletions and modifications of the current Personal Information Processing Policy will be notified through the website at least 10 days prior to the revision.

Announcement date: August 20, 2024
Effective Date: September 1, 2024

2. Visual Information Processing Equipment Management Policy

01. Basis and Purposes of the Installation of Visual Information Processing Equipment

The Visual Information Processing Equipment Management Policy ("the Policy") has its purpose to promote the proper execution of work and contribute to the assurance of interests of the informers, establishing the provisions with which DN Solutions (‘the Company) shall comply regarding the installation and operation of visual information processing equipment and the protection of personal video information, in accordance with Article 25 of the Personal Information Protection Act.

02. Principles of the Protection of Personal Visual Information

The Company collects personal visual information within the scope of minimum necessity to meet the purpose of installing visual information processing equipment, so that this intention will be recognized clearly by the informers, and does not use the data for purposes other than this. The Company commits to correctly managing the personal visual information safely, ensuring its accuracy and latest update, disclosing general details on the processing of personal visual information and guaranteeing the rights of any relevant informers.

03. Designation of the Administrator

The officer, division, and personnel responsible for the safe management of the personal visual information are as follows:

- Officer: Head of the Security Department
- Division: Security Department
- Operator in charge: Person in charge of installing and operating video information processing equipment in the Security Department,Kwangmug Lim (055-280-4152) 

04. Installation of Visual Information Processing Equipment

The number, locations, and shooting ranges of the installed visual information processing equipment are shown below:

- Number of visual information processing equipment : 190 units;
- Locations of visual information processing equipment : Entrance and aisle of each floor, elevator hall and elevator interior, vehicles entering and exiting from parking facilities and outside square
- Shooting range of video information processing equipment : Entrances, walkways, elevator halls and elevator interiors,Customer Waiting Room, etc.

05. Installation of Signs

The Company takes the necessary measures so that the installation and operation of visual information processing equipment can be easily recognized, including installation of information signs that state the following points:

- Purpose and place of the installation, shooting range and time, and the administrator's name, job title, and contact details
- In case of the outsourcing of the installation and management, the trustee's name and contact details

Location and size of the sign attached are as follows:

- Place : Entrance to the building
- Size : 40 x 30cm (However, it can be changed according to the condition of the installed location)

06. Viewing Request of the Informer

The informer may request the viewing and verification ("the view") of his or her own personal visual information that the Company handles.

When the Company receives the request for the view, it shall take necessary measures without delay, and may verify the identity of the requestor, or his or her legitimate representative with the submission of documents which can prove the informer’s identity, such as a ID card, driver’s license or passport.
The Company may refuse the informer's request for the view, notifying within 10 days the reasons for denial and appeal procedures in writing to him or her in the following cases:

- If the corresponding personal visual information is destroyed, due to the storage period termination
- If there are legitimate reasons to reject the informer's view request

07. Recording Time of Visual Information Processing Equipment

Recording and storage times and storage areas are as follows:

- Recording time : 24 hours
- Storage time : 30 days to 3 months, depending on the shooting area
- Storage areas : Security Office, Guard Room, Network Equipment Room, etc.

08. Visual Information Management

Using the personal visual information for any purposes other than the collection or providing it to third parties with informer's consent or by the provisions of the law requires the following points on the "Personal Visual Information Management Record" to be inscribed:

- Name of personal visual information file
- Name of the person who will use or receive the information
- Purpose of the use or offer
- Statutory grounds of the use or offer, if any
- Period of the use or offer, if any
- Form of the use or offer

In the case of the destruction of the personal visual information, it is required to note down the following points on the "Personal Visual Information Management Record":

- Personal visual information item to be destroyed
- Date of the destruction of personal visual information (in case of a pre-set period for automatic destruction, its destruction cycle, etc.)
- Personnel in charge of the destruction of personal visual information

09. Storage and Destruction

The Company destroys the collected personal visual information without delay, when the storage period expires, set forth in the Policy. However, this does not apply if there are special provisions in other relevant laws.
The personal visual information is destroyed as follows:

- For the output (pictures, for example) containing the personal visual information, shredding or incineration
- For personal visual information in the form of electromagnetic video files, permanent deletion that incapacitates their restoration by technical means

10. Administrative, Technical and Physical Measures

The Company administers minimum personnel to access to the personal visual information processed by the equipment, including the administrator and responsible operator. The zones where the personal visual information transmitted by the processing equipment is viewed and played are designated as restricted access areas to control the entrance of the people other than the authorized to access. The Company modifies or disqualifies without delay the permission rights of those who change their positions due to retirement and transfer. The company takes necessary measures to ensure the security of the personal information or video files processed or transmitted, in order to prevent them from being lost, stolen, leaked, damaged or altered, including password setting. The Company checks regularly the functions of the visual information processing equipment to block an alteration or falsification of the data.

11. Outsourcing of the Installation and Management of Visual Information Processing Equipment

The Company outsources the management of personal visual information to the following trustee and is responsible for overseeing the processing of the information.

- Trustee company : S1 Corporation
- Outsourced service : installation and operation of visual information processing equipment

Announcement Date: August 20, 2024
Effective Date: September 1, 2024