DN Solutions Co., Ltd. (hereinafter referred to as the “Company”) complies with personal information protection regulations under applicable laws, including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, and establishes privacy policies in accordance with relevant laws to protect the rights and interests of data subjects, including customers, employees, and website users.
Through its privacy policies, the Company informs data subjects of the purposes and methods by which the personal information they provide is processed and what measures are taken to protect such personal information. If the Company amends its privacy policies, it will notify users through the Company website notice board or individual notices.
The personal information-related policies disclosed by the Company consist of two policies: the Privacy Policy, which concerns the protection of personal information of all data subjects processed by the Company, and the Video Information Processing Device Operation and Management Policy, which concerns the protection of personal video information.
However, separate privacy policies apply to Company websites other than this website.
“Personal information” refers to information relating to a living individual, such as name, resident registration number, image, etc., by which the individual can be identified, and information by which a specific individual cannot be identified on its own but can be easily combined with other information to identify the individual. “Data subject” refers to a person who can be identified by the information being processed and who is the subject of such information. The Company discloses this Privacy Policy on the first screen of the website or through a linked screen so that data subjects can easily access it at any time. The Company may amend this Privacy Policy due to changes in applicable laws, services, or internal operating policies, and if the Privacy Policy is amended, the Company will provide prior notice through the website notice board.
02. Items, Purposes, and Retention Periods of Personal Information Processing
In principle, the Company does not process sensitive information or unique identification information. However, if there is a basis under applicable laws or separate consent from the data subject has been obtained, such information may be processed within the necessary scope. In principle, personal information is destroyed without delay once the purpose of collection and use has been achieved. However, the following information is retained for the periods specified below for the following reasons.
Category
Purpose of Processing
Items Processed
Retention and Use Period
Customer Inquiries
Receipt and handling of customer inquiries, technical support, complaint handling
Name, company name, contact number, email address, nationality, address
1 year from the date of collection
Training Application
Receipt of training applications, training operation, and training history management
Name, company name, contact number, email address
1 year after completion of training
Material Download
Provision of product catalogs and technical materials, download history management,
response to customer inquiries
Name, company name, address, contact number, email address
1 year from the date of collection
Online Vendor Registration
Partner registration and transaction review
Company name, representative name, business registration number, company address, person in charge,
contact number, email address, nationality, address
Until the purpose is achieved
Exhibition Application
Receipt and operation of applications for exhibitions· seminars· events,
participant management
Sending newsletters and providing product·service information
Name, email address
Until consent is withdrawn
Visit Reservation
Visit reservation and visitor management
Name, date of birth, company name, contact number, email address
1 year after completion of visit
Recruitment Site
Job application and applicant management, talent pool registration management
Name, nationality, address, contact number, email address, password, education, grades, military service,
career history, overseas residence and training experience, social activities, language skills and other qualifications,
awards, hobbies, special skills, self-introduction, sensitive information: eligibility for veterans’ benefits and disability status
1 month after completion of the recruitment process
Receipt and handling of recruitment inquiries, response to recruitment-related disputes, and
inquiry history management
Name, contact number, email address, nationality
Up to 3 years after processing is completed
Cyber Reporting
Verification of reported matters, investigation, and notification of processing results
Optional: name, email address, contact number
1 year after closure of the report
(However, exceptions apply where additional verification or processing is necessary, or where there is an obligation to retain the information under applicable laws.)
Website Use
Website operation, service improvement, security management, statistical analysis
Service usage records, access logs, cookies, access IP address, browser information
3 months
03. Procedures and Methods for Destroying Personal Information
A. Destruction Procedure
When the processing purpose of the collected personal information has been achieved or the retention period has expired, the Company destroys such information without delay, except where retention is required pursuant to the consent of the data subject, terms of use, or applicable laws.
B. Destruction Method
- Personal information stored in electronic file format is deleted using technical methods that prevent the records from being restored.
- Personal information printed on paper is destroyed by shredding or incineration.
04. Provision of Personal Information to Third Parties
The Company processes personal information of data subjects only within the scope specified in Article 2, Items, Purposes, and Retention Periods of Personal Information Processing, and does not provide personal information to third parties except where the data subject has given consent or where there are special provisions under applicable laws.
However, exceptions apply in the following cases.
1. Where separate consent has been obtained from the data subject
2. Where there are special provisions under law or it is unavoidable in order to comply with legal obligations
3. Where it is deemed necessary for the urgent interests of life, body, or property of the data subject or a third party
4. Where the information is provided in a form that cannot identify a specific individual for statistical compilation or academic research purposes
5. Where an investigative agency requests the information for investigation purposes in accordance with the procedures and methods prescribed by law
The Company provides personal information to third parties as follows.
Recipient
Purpose of Provision
Items Provided
Retention and Use Period
Ubob Co., Ltd.
Training operation and completion management
Name, date of birth, mobile phone number, address
Destroyed immediately after the purpose is achieved
MIDASIN Co., Ltd.
Recruitment and qualification verification
Name, date of birth, mobile phone number, address
Destroyed immediately after the purpose is achieved
Korea TOEIC Committee
Verification of language test scores
Name, date of birth, mobile phone number, address
Destroyed immediately after verification is completed
05. Outsourcing of Personal Information Processing
The Company outsources personal information processing tasks as follows for smooth handling of personal information-related work and provision of services.
Contractor
Outsourced Tasks
ASPN
System operation and maintenance
Ninetree Co., Ltd.
Website operation and maintenance
MIDASIN Co., Ltd.
Operation and maintenance of recruitment website and recruitment management system
Kaonsoft Co., Ltd.
Operation and maintenance of cyber reporting system and visitor system
Zenith & Company Co., Ltd.
Email service operation and maintenance
Hunect Co., Ltd.
Customer consultation center operation and telephone consultation services
Machine Tech, ITT Co., Ltd., Total CMS Co., Ltd., Sungjin Machine, KC Technology Co., Ltd., MCT Service, Hanul Tech, Daewoo Engineering, Daelim Tech, MDK Co., Ltd., MT Solution Co., Ltd., DMS Co., Ltd., Daewoo CNC, DSMT Chungcheong Co., Ltd., DCS Co., Ltd., Woori General Machinery, DSM, Sama ENG, Kyungho Machinery, Youngjin Machinery, Kyungsung Machinery, Daegu Gyeongbuk Service, DY Tech, DMT Solution, Hanyoung General Machinery, Ring Engineering, NCS, Geosan Precision, MTS Co., Ltd., Ring ENG, TOP Co., Ltd., Yeongnam Machine Co., Ltd., Gwangmyeong Industry, TIS, Shindo Machinery, Taeyoung ENGINEERING, Myungsung Machinery, Taewon General Machinery, Daewoo Machinery, ICS, ESR
When outsourcing personal information processing, the Company clearly stipulates matters concerning responsibilities, including prohibition of personal information processing for purposes other than the performance of outsourced tasks, technical and managerial protection measures, restrictions on re-outsourcing, management and supervision of contractors, and liability for damages, and supervises whether contractors process personal information safely.
If the contractor or the content of the outsourced tasks changes, the Company will disclose such changes without delay through this Privacy Policy.
Outsourced personal information will be destroyed without delay once the purpose of personal information collection and use has been achieved.
06. Rights and Obligations of Data Subjects and Methods of Exercising Rights
All data subjects may request access to, correction·deletion of, and suspension of processing of their personal information processed by the Company. However, the Company may refuse or restrict such requests in the following cases.
- Where there are special provisions under law or it is unavoidable in order to comply with legal obligations
- Where there is a risk of harming another person’s life or body, or a risk of unfairly infringing another person’s property or other interests
- Where it is difficult to fulfill a contract, such as being unable to provide services agreed with the data subject without processing the personal information, and the data subject has not clearly expressed an intention to terminate the contract
Methods and Procedures for Exercising Rights
- A data subject who wishes to access, correct·delete, or suspend the processing of personal information may submit a request to the department in charge of personal information by written document, email, fax, etc. For the department in charge, please refer to 「09. Personal Information Complaint Service」.
- When the Company receives a request to exercise rights from a data subject, it will take action without delay and notify the data subject of the result within the period prescribed by applicable laws.
- The Company may request the submission of necessary documents, such as an identification document including a resident registration card, driver’s license, or passport, or a power of attorney, in order to verify whether the requester is the data subject or a legitimate representative.
- The legal representative of the data subject or an authorized representative may exercise rights in accordance with applicable laws.
- If other laws specify that the relevant personal information must be collected, the Company cannot comply with a request to delete such personal information.
07. Installation and Operation of Devices That Automatically Collect Personal Information and Refusal Thereof
A. The Company operates ‘cookies’ that store and retrieve information of data subjects from time to time. Cookies are small pieces of information sent by the server used to operate the website to the browser of the data subject and are stored on the data subject’s computer or mobile device.
B. The Company uses cookies for the following purposes.
- Analysis of users’ access frequency and visit time
- Analysis of service usage patterns and service improvement
- Security access management
- Enhancement of user convenience
C. Data subjects may choose whether to allow the use of cookies. Through the web browser settings, data subjects may allow all cookies, require confirmation each time cookies are stored, or refuse the storage of all cookies.
D. How to Set Cookies
- Microsoft Edge : Settings → Cookies and site permissions
- Chrome : Settings → Privacy and security → Cookies and other site data
- Safari : Settings → Privacy
- Firefox : Settings → Privacy and security
E. If a data subject refuses the storage of cookies, the use of certain services may be restricted.
08. Technical, Managerial, and Physical Measures for Protecting Personal Information
In handling personal information, the Company takes the following safety measures to prevent personal information from being lost, stolen, leaked, altered, or damaged.
(Technical Measures)
- The Company complies with the standards prescribed by law for the safe storage and transmission of personal information.
- The Company uses antivirus programs to prevent damage caused by computer viruses. Antivirus programs are updated regularly, and if a new virus suddenly appears, the Company provides the vaccine as soon as it is available to prevent personal information from being infringed.
- To prepare for external intrusions such as hacking, the Company uses intrusion prevention systems and vulnerability analysis systems for each server and makes every effort to ensure security.
(Managerial Measures)
- The Company restricts access to personal information to persons who conduct sales and marketing activities directly targeting data subjects, persons who perform personal information management duties, and other persons whose handling of personal information is unavoidable for business purposes.
- The Company provides regular internal training and external outsourced training on personal information protection to employees who handle personal information, and thoroughly manages and supervises employees to comply with laws related to personal information protection during employment and after resignation.
(Physical Measures)
- The Company takes protective measures to prevent physical access, such as physical locking devices, for the safe storage of personal information and personal information processing systems.
- The Company designates computer rooms and document storage rooms as specially protected areas and controls access thereto.
09. Personal Information Complaint Service
The Company designates the following relevant departments and Chief Privacy Officer to protect personal information and handle complaints related to personal information.
A. Chief Privacy Officer
Name : Sang-gil Kim
Position : Head of IT Innovation Division
Phone : 055-280-4203
Email : sanggil.kim@dncompany.com
B. Departments and Persons in Charge of Personal Information by System
Category
Department and Person in Charge
Contact
Email
Website
(www.dn-solutions.com)
IT Innovation Division
Seungyoung Lee, Senior Manager
If you need to report or consult on other personal information infringements, please contact the following organizations.
- Personal Information Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
- Cyber Investigation Division, Supreme Prosecutors’ Office (www.spo.go.kr / 1301 without area code)
- Cyber Investigation Bureau, Korean National Police Agency (ecrm.police.go.kr / 182 without area code)
- Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
11. Duty to Notify
If there are any additions, deletions, or amendments to the current Privacy Policy, the Company will notify users through the website at least 10 days prior to the effective date of the amendment.
Date of Notice : June 19, 2026
Effective Date : June 30, 2026
2. Video Information Processing Device Operation and Management Policy
01. Basis and Purpose of Installing Video Information Processing Devices
The Video Information Processing Device Operation and Management Policy (hereinafter referred to as the ‘Policy’) aims to ensure the proper performance of business operations and contribute to protecting the rights and interests of data subjects by stipulating matters that DN Solutions Co., Ltd. (hereinafter referred to as the ‘Company’) must comply with regarding the installation and operation of video information processing devices and the protection of personal video information pursuant to Article 25 of the Personal Information Protection Act.
02. Principles for Protecting Personal Video Information
The Company collects personal video information only to the minimum extent necessary in accordance with the purpose of installing video information processing devices, ensures that data subjects can clearly recognize such installation purpose, and does not use personal video information for purposes other than the intended purpose. The Company endeavors to ensure the accuracy and currency of personal video information and to manage it safely, discloses general matters concerning the processing of personal video information, and guarantees the rights of data subjects with respect to personal video information.
03. Designation of Manager, etc.
For the safe management of personal video information, the manager, department in charge, and person in charge of work who are responsible for overseeing personal video information processing are as follows.
- Manager : Head of Security Office
- Department in Charge : Security Office
- Person in Charge : Gwangmuk Lim, Senior Manager, in charge of installation and operation of video information processing devices at the Security Office (055-280-4152)
04. Installation of Video Information Processing Devices
The number, location, and filming scope of video information processing devices are as follows.
- Number of video information processing devices : 190 units in total
- Location of video information processing devices : Entrances and corridors on each floor, elevator halls and interiors, parking facility entry and exit points, and outer plaza
- Filming scope of video information processing devices : Entrances, corridors, elevator halls and interiors, customer waiting rooms, etc.
05. Installation of Notice Boards
The Company takes necessary measures, such as installing notice boards containing the following information, so that data subjects can easily recognize that video information processing devices are installed and operated.
- Purpose and location of installation, filming scope and time, name, position, and contact information of the manager
- If installation and management work is outsourced, the name and contact information of the contractor
The locations and specifications of notice boards are as follows.
- Location : Building entrance
- Specification : 40x30cm (however, this may vary depending on the conditions of the installation location)
06. Requests for Access, etc. by Data Subjects
Data subjects may request access to and confirmation of the existence of their personal video information processed by the Company (hereinafter referred to as “access, etc.”).
When the Company receives a request for access, etc., it must take necessary measures without delay. In such cases, the Company may verify whether the person requesting access, etc. is the data subject or a legitimate representative by requesting submission of an identification document, such as a resident registration card, driver’s license, or passport.
Notwithstanding a data subject’s request for access, etc., the Company may refuse such request in the following cases. In such cases, the Company will notify the data subject in writing, etc. of the reason for refusal and the method of appeal within 10 days.
- Where the retention period of the personal video information has expired and the information has been destroyed
- Where there is any other legitimate reason to refuse the data subject’s request for access, etc.
07. Filming Time, etc. of Video Information Processing Devices
The filming time, retention period, and retention location of video information are as follows.
- Filming time : 24 hours
- Retention period : 30 days to 3 months depending on the filming area
- Retention location : Security office, guard office, network equipment room, etc.
08. Management of Video Information
If personal video information is used for purposes other than the purpose of collection or provided to a third party based on the consent of the data subject or provisions of law, the following matters are recorded in the 「Personal Video Information Management Ledger」 and managed accordingly.
- Name of the personal video information file
- Name of the person who used or received the information
- Purpose of use or provision
- Legal basis for use or provision, if any
- Period of use or provision, if such period is specified
- Form of use or provision
When destroying personal video information, the following matters are recorded in the 「Personal Video Information Management Ledger」 and managed accordingly.
- Items of personal video information to be destroyed
- Date and time of destruction of personal video information (in the case of automatic deletion where the destruction timing, etc. is predetermined, the destruction cycle, etc.)
- Person in charge of destroying personal video information
09. Retention and Destruction
When the retention period specified in this Policy expires, the Company destroys the collected personal video information without delay. However, this does not apply where there are special provisions under other laws.
The methods of destroying personal video information are as follows.
- Printed materials containing personal video information, such as photographs, are shredded or incinerated
- Personal video information in electronic file format is permanently deleted using technical methods that make restoration impossible
10. Managerial, Technical, and Physical Measures
Access authority to personal video information collected and processed by video information processing devices is restricted to the minimum designated personnel, such as the manager and persons in charge of work. Places where personal video information transmitted by video information processing devices is accessed and played back are designated as restricted areas, and access to, viewing of, and playback by persons other than those with authorized access are controlled. If access authority changes due to personnel changes such as transfer or retirement, the Company changes or deletes such authority without delay. When the Company processes personal video information or sends and receives personal video information files, it takes measures necessary to ensure safety, such as setting passwords, to prevent the video information from being lost, stolen, leaked, altered, or damaged. The Company regularly inspects whether video information processing devices are operating properly to prevent falsification or alteration of video information.
11. Outsourcing of Installation and Management of Video Information Processing Devices
The Company outsources the processing of personal video information as follows and manages and supervises whether the contractor processes personal video information safely.
- Contractor : S-1 Corporation
- Outsourced tasks : Affairs related to the installation and operation of video information processing devices
Date of Notice : June 29, 2026
Effective Date : July 9, 2026