Personal Information Protection Policy

Samsung E&A Co. Ltd (hereinafter the "Company") recognizes the importance of 

protecting users' personal information and makres the utmost efforts to ensure 

information security by complying with the "Act on Information and 

Communications Network Use Promotion and Information Protection," "Personal 

Information Protection Act" and "EU General Data Protection Regulation" and 

developing this Personal Information Protection policy.

Here in this policy, the Company notifies its personal information protection policy 

including the following: the type of personal information to be acquired, purpose 

of personal information collection, handling of personal information and its 

duration, and rights of users and how to exercise them.

If any change, deletion or addition is made to this policy in accordance with 

revisions in relevant laws and regulations or the Company's internal policy, the 

Company will notify its users via Project Portal website (fgiprfid.com).

 

The contents of this policy are as follows:

1.Purpose of acquisition and use of personal information

2.Types of personal information to be acquired and how to collect it

3.Retention and use period of personal information

4.Provision of personal information to third parties

5.Outsourcing of personal information management

6.Procedure and methods of personal information disposal

7.Rights of users and their legal representatives and how to exercise the rights

8.Installation and operation of automatic collection system of personal information 

and how to reject its use

9.Location (Country) of handling personal information

10.Measures to protect personal information

11.Personnel in charge of personal information management and response to user 

complaints

12.How to seek help for security breach

13.Revisions to the Personal Information Protection Policy

 

1.Purpose of acquisition and use of personal information

The Company acquires and uses personal information for the following purposes. 

The acquired personal information is not used for any other purposes than the 

following, and the Company will take legally-required actions such as acquiring 

prior consents from users when there is any change to the purposes.

- Provide contents and other membership-based services

- Provide information on Projects and signing contract

 

2.The type of personal information to be collected and how to collect

1)Collected items

Collected items

Retain the information by

Information of a person in charge

❏ Essential

ID(Mobile phone number), Password, Name(Eng), Company, Designation, Birth date

❏ Optional

e-mail address

One(1) year after last log on

- The following information can be created and collected while users access and 

use our services.

. Access logs, cookies, IP addresses, service use records

2)How to collect

- The online membership registration webpage, paper-based registration form, 

phone, e-mail, online bulletin boards, registration for promotion events and other 

activities

- Live data collection tool (for access logs or cookies)

 

3.How long personal information is retained and used

1)The Company retains and uses personal information for the following period:

- Personal information inevitably collected and used to comply with separate legal 

requirements or legal obligations

: During the period the Company needs to retain the information based on the 

relevant laws and regulations

- Personal information inevitably collected and used in order to sign and execute 

contracts

: Until the Company fulfills the purposes of collecting and using the information

- Personal information collected and used by acquiring consents from individual 

users

: During the period the users consented for

2)The Company deletes personal information in its database immediately after the 

retainment and usage period is over or the purpose of information collection is 

achieved. However, if the Company needs to retain the information longer in 

accordance with the relevant laws and regulations or was granted the users' prior 

consents, it can retain the information exceeding the retainment and usage period.

3)For the users who have not accessed for a long period of time (over a year), the 

Company deletes or separately stores and manages their personal information 

immediately after 1 year has passed with no access. The period of no access is 

counted with access records, and users will be notified with e-mails one month 

before the point of 1 year with no access.

4)If users withdraw their membership, the Company will delete their personal 

information immediately. However, the Company will still keep the postings 

uploaded by the users even after their membership cancellation. If users want to 

delete their postings, they may delete them on their own before canceling their 

membership or may contact the Eco-generation team via e-mail or phone after 

cancellation and request the team to delete the postings on their behalf.

 

4.Provision of personal information to third parties

1)The Company does not disclose users' personal information to outside, except for 

the following cases where:

- The user granted prior consent

- The law states to disclose certain information or it is inevitable for the Company 

to release the information in order to fulfill its legal obligation because it is 

required to disclose the information in order to meet the urgent need of protecting 

life, physical security or assets of the user or a third party while it is impossible 

to gain the user's prior consent because the user in question or his/her legal 

representative is in a state unable to express one's will or cannot be reached 

because of unknown address (with a scope limited to the purpose of personal 

information collection.)

2)Users have a right not to allow their personal information to be shared with a 

third party, while, if they exercise the right, the users may face limits in services 

available to them.

 

5.Outsourcing of personal information management

1)The Company outsources personal information management to specialized 

vendors as follows in order to provide better services and promote user 

convenience. The Company ensures safe management of personal information by 

mandating necessary requirements in accordance with the relevant laws and 

regulation when signing outsourcing contracts with outside vendors.

Outsourcing vendors

Outsourced tasks

Contact

GSiL Co.Ltd.

Infrastructure services

+82-2-6200-7204

2)The Company includes, in its contract with the outsourcing vendors, the 

requirement to ban handling of personal information except for the purpose of 

performing the commissioned tasks, ensure technical and managerial protection 

measures, limit re-commissioning to other vendors and hold the vendors 

accountable for damages, in accordance with the Article 26 of Personal 

Information Protection Act and Act on Promotion of Information and 

Communications Network Utilization and Information Protection, and supervises the 

outsourcing vendors to ensure they handle personal information safely.

3)If the outsourcing vendors or their outsourced tasks are added or changed, the 

Company releases the information in this policy.

 

6.Procedure and methods of personal information disposal

After achieving the purpose of the collecting and retaining personal information or 

reaching the end of retainment period, the Company disposes of the personal 

information in the following procedures:

1)Disposal process

- Dispose of the information immediately after achieving the purpose or reaching 

the end of retainment period

- Select the information to be disposed of, execute the disposal, report the 

disposal and gain approval from personal information manager (before or after the 

disposal)

2)How to dispose:

- Information in electronic format: Delete permanently in a irreparable manner

- Printed materials, papers and other information in non-electronic format: 

Destroy by shredding, burning or dissolving

 

7.Rights of users and their legal representatives and how to exercise the rights

1)Users and their representatives can always withdraw their consent on collection, 

use and provision of personal information. They can also demand the Company 

disclose, provide, revise, delete or limit, oppose or stop handling of the following 

information in accordance with the relevant laws and regulations. When requested 

by users or their legal representatives, the Company will take necessary measures 

immediately (unless there are reasonable grounds not to do so)

- User's personal information

- The log of using or providing a third party with the user's personal information

- The status of the user's consent to collection, use and provision of their 

personal information

2)Users and their representatives can request the Company to transfer their 

personal information so that it can be re-used for other services. Upon request, 

the Company can provide the personal information in a format that can be 

mechanically deciphered in a systematic and universal manner or, if 

technologically possible, send the personal information directly to another entity 

that handles personal information.

3)The Company may limit or reject requests to view, provide, revise, delete or 

limit, oppose or stop handling or transfer of personal information in the following 

cases after informing users or their legal representatives of the reasons:

- When the Company needs to do so in order to comply with particular legal 

requirements or fulfill legal obligations

- When there is a risk of harming others physically and/or financially or infringe 

upon other's interests in an unfair manner

4)When the Company rejects requests of users or their legal representatives to 

view, provide, revise, delete or limit, oppose or stop handling or transfer of 

personal information, it will notify the users or their legal representatives of its 

decision to reject, the reasons why and how to raise objections.

 

8.Installation and operation of automatic collection system of personal information 

and how to reject its use

The Company manages "cookies" to store and find users' information. "Cookies" are 

small text files the Company's server sends to its users' browsers, and they are 

stored in the users' hard disk.

1)Purpose of using cookies

The Company uses cookies in order to provide optimized information for users by 

understanding the way users visit and use the website as well as the number of 

visits.

2)Setting for cookies: How to set, check and decline

Users can choose different options for cookies. They can set their web browser to 

allow all cookies, confirm every time cookies are stored, or decline all cookies 

from being stored. However, if users disable the use of cookies, services provided 

by the website can be limited.

- How to set up (for Internet Explorer 8.0)

Go to Tools and click Internet Options. Click Personal Information tab and Setting 

to set the allowance level of cookies.

- How to check the cookies stored on your computer (for Internet Explorer 8.0):

Go to Tools and click Internet Options. Click General tab to go to Search Results—

Setting—View Files.

- How to disable cookies (for Internet Explorer 8.0):

Go to Tools and click Internet Options. Click Personal Information tab and Setting 

to set the allowance level of cookies to "Disable all cookies".

 

9.Location (Country) of handling personal information

The Company conducts the overall personal information handling in the Republic 

of Korea. Please be advised that any personal information provided from any other 

country will be transferred to Republic of Korea via its dedicated network.

 

10.Measures to protect personal information

The Company is taking technical and managerial measure as follows in order to 

protect personal information to prevent loss, theft, leakage, distortion or damage 

of information.

1)Development and implementation of internal management plan

- The Company has developed and implemented an internal management plan to 

ensure safe handling of personal information.

- With its dedicated team for protection of personal information, the Company 

makes sure proper protection measures are implemented, its personnel comply 

with protection policies and, when problems are identified, corrective measures are 

taken.

2)Control and limits on access to personal information

- Installation and operation of access control tools

• The Company uses a breach blocking system to block any unauthorized access 

and is doing its best to secure all possible technical equipment to ensure security 

on its system.

- Minimized designation and training of personal information managers

• The Company minimizes designation of personnel in charge of handling personal 

information and provides regular training with in-house and outside trainers.

• Handover of personal information management tasks is carried out in full 

security and the Company clearly identifies accountability for security breach after 

its employees join the Company or resign.

- Control access to personal information

• The Company controls the access to personal information by granting, changing 

or terminating access authority to database handling personal information. The 

Company also records the details of granting, changing or terminating access 

authority and retains the records for 3 years at minimum.

3)Encoding personal information

- Users' personal information is protected by passwords, and files and transmitted 

data is encoded or locked when stored and managed. Important data is protected 

with additional security functions.

- The Company is using a security system that utilizes encoded algorithms to 

transmit personal information on the network (SSL).

4)Storage of access records and measures to prevent record falsification

- The Company retains and manages the record of access to personal information 

management system for at 6 months at minimum and uses security functions to 

ensure access records are not falsified.

5)Installation and renewal of security programs

- In order to prevent leakage or damage of personal information data caused by 

hackers or computer virus, the Company runs security programs and regularly 

updates them and monitors their operation.

- The Company also runs a hacker blocking system and weakness analysis system 

in each server to prevent any hacker intrusion and ensure online security.

6)Physical actions including securing storage facilities with locks

- The Company secured a separate physical storage of database that retains 

personal information and controls the access to the storage.

 

11.Personnel in charge of personal information management and response to user 

complaints

The Company designated a responsible personnel and a dedicated staff for 

personal information management as follows in order to protect the users' 

personal information and respond to users' complaints regarding personal 

information. If you have any questions about personal information protection and 

management, please contact the following personnel.

1)Person in charge of personal information management (protection)

• Name: Kang Sung Kyu, Kim Jin Ju

• Department: Overseas Business Department, Executive Support Office 

• Position: Manager, professional

 

2)Dedicated personnel for personal information management (protection)

• Name: Kang Sung Kyu, Kim Jin Ju

• Department: Overseas Business Department, Executive Support Office 

• Contact: +82-2-6200-7204

• E-mail: 4s@gsil.kr

 

12.How to seek help for security breach

Users can request mediation or advice to Personal Information Dispute Mediation 

Committee or Personal Information Breach Report Center run by or Korean 

Internet & Security Agency to seek help for security breach. For further 

information, please contact the following institutions:

-Personal Information Dispute Mediation Committee (+82-118)

- Personal Information Breach Report Center of Korean Internet & Security Agency

(www.kopico.or.kr/1336)

- Personal Information Protection Label Certification Committee

(http://eprivacy.or.kr/+82-2-580-0533~4)

- Supreme Prosecutors' Office Cyber Crime Investigation Center

(http://icic.sppo.go.kr/+82-2-3480-3600)

- Korean National Police Agency

(www.police.go.kr/+82-1566-0112)

- Personal Information Protection Commission

(http://privacy.kisa.or.kr/kor/main.jsp) /+82-2-2180-3000)

13. Revisions to the Personal Information Protection Policy

When revisions are made to this Personal Information Protection Policy, the 

Company will notify the details on the notice board and a pop-up window of this 

website.

❏ Personal Information Protection Policy (Ver. 1.0) Enforcement: Mar. 03, 2025