Article 1. General Provisions
GS Power Co., Ltd. (hereinafter referred to as the "Company") establishes and discloses these guidelines for processing personal information in order to protect the personal information of information subjects in accordance with Article 30 of the Personal Information Protection Act and to promptly and smoothly handle related complaints.
The Personal Information Processing Policy contains the following:
1. General Provisions
2. Purposes of Personal Information Processing
3. Period of Personal Information Processing and Retention
4. Provision of Personal Information to Third Parties
5. Outsourcing of Personal Information Processing
6. Rights and Obligations of Information Subjects and Methods of Exercising Rights
7. Personal Information Items Processed
8. Destruction of Personal Information
9. Measures for Ensuring the Security of Personal Information
10. Personal Information Protection Manager
11. Request to view Personal Information
12. Remedies for Privacy Violations
13. Installation and Operation of image Information Processing System
14. Changes to the Personal Information Processing Policy
Article 2. Purposes of Personal Information Processing
The company processes personal information for the following purposes.
The processed personal information will not be used for purposes other than the following, and if the purpose of use changes, necessary measures will be taken in accordance with Article 18 of the Personal Information Protection Act to obtain separate consent.
- 1. Website member registration and management.
The company processes personal information for the purpose of confirming the intention of membership registration, verifying and authenticating individuals for the provision of membership services, maintaining and managing membership qualifications, verifying identity according to limited self-verification requirements, preventing fraudulent use of services, confirming the consent of legal guardians for the processing of personal information of children under 14 years of age, and for various notifications, and handling complaints.
- 2. Provision of goods or services
The company processes personal information for the purpose of delivering goods, providing services, sending contracts and invoices, providing content, offering personalized services, identity verification, age verification, fee payment and settlement, debt collection, and other related purposes.
- 3. Complaint handling
The company processes personal information for the purpose of confirming the identity of complainants, verifying the details of complaints, contacting and notifying for fact-finding investigations, and informing the results of the complaint handling.
Article 3. Period of Personal Information Processing and Retention
- ① The company processes and retains personal information within the agreed-upon personal information retention and usage period obtained at the time of collecting personal information, in accordance with applicable laws.
- ② The individual periods for processing and retaining each type of personal information are as follows:
- 1. Website member registration and management: Until the withdrawal from the website
However, in cases falling under the following circumstances, until the end of the respective circumstances:
1) In cases where investigations or proceedings are ongoing due to violations of related laws, until the conclusion of such investigations or proceedings.
2) In cases where there are remaining rights and obligations related to website usage, until the settlement of such rights and obligations.
- 2. Provision of goods or services: Until the completion of the supply of goods/services and the completion of fee payment and settlement.
However, in cases falling under the following circumstances, until the end of the respective circumstances:
1) Records related to transactions, including but not limited to marking/advertising, contract content, and performance, in accordance with the "Act on Consumer Protection in Electronic Commerce, Etc"
- Records related to marking/advertising: 6 months
- Records related to contracts or subscription withdrawal, payment of fees, supply of goods, etc.: 5 years
- Records related to consumer complaints or dispute resolution: 3 years
2) Preservation of communication fact verification materials in accordance with the "Act on the Protection of Communications Secrets"
- Computer communication, internet log records, access point tracking records: 3 months
Article 4. Provision of Personal Information to Third Parties
The company processes the personal information of the data subject only within the scope specified in Article 1 (Purpose of Processing Personal Information) and may provide the personal information to a third party in cases where it falls under Article 17 of the Personal Information Protection Act, such as with the consent of the data subject or in accordance with specific legal provisions.
Article 5. Outsourcing of Personal Information Processing
① The company may, when necessary for the smooth processing of personal information tasks, entrust personal information processing tasks to third parties.
② When entering into outsourcing agreements, the company will specify in the contract or other documents matters related to the prohibition of personal information processing beyond the purpose of performing the outsourcing tasks under Article 25 of the Personal Information Protection Act, technical and managerial protective measures, restrictions on re-outsourcing, management and supervision of the outsourced party, and liability for damages. The company will also ensure that the outsourced party securely handles the personal information.
③ In the event of a change in the content of the outsourcing tasks or the outsourced party, the company will promptly disclose such changes through this privacy policy.
Article 6. Rights and Obligations of Information Subjects and Methods of Exercising Rights
① Data subjects have the following rights related to the protection of personal information, and they can exercise these rights at any time with respect to the company:
1. Request to view personal information
2. Request for correction in case of errors
3. Request for deletion
4. Request for suspension of processing
② The exercise of the rights under paragraph 1 can be made to the company in writing, by telephone, via electronic mail, or by fax, and the company will promptly take appropriate actions in response.
③ The exercise of the rights under paragraph 1 can be made to the company in writing, by telephone, via electronic mail, or by fax, and the company will promptly take appropriate actions in response.
④ The exercise of the rights under paragraph 1 can be made through a legal representative or an authorized agent of the data subject. In this case, the data subject must submit a power of attorney in accordance with the format prescribed in Attachment No. 11 of the Enforcement Rules of the Personal Information Protection Act.
⑤ Data subjects must not infringe upon the personal information and privacy of themselves or others, including personal information being processed by the company, in violation of relevant laws and regulations such as the Personal Information Protection Act.
Article 7. Personal Information Items Processed
The company processes the following personal information items:
- 1. Website member registration and management:
ㆍUser name, ID, password, address, phone number, business registration number, email address
- 2. Provision of goods or services:
ㆍUser name, ID, password, address, phone number, business registration number, email address
- 3. During the process of using internet services, the following personal information items may be automatically generated and collected:
ㆍIP address, cookies, MAC address, service usage records, visit history, etc.
Article 8. Destruction of Personal Information
- ① When personal information is no longer necessary due to the expiration of the retention period or the achievement of the processing purpose, the company will promptly destroys the relevant personal information.
- ② If personal information must be retained under other laws despite the expiration of the agreed-upon retention period or the achievement of the processing purpose, the company will move the personal information to a separate database (DB) or store it in a different location for continued preservation.
- ③ The procedure and method for the destruction of personal information are as follows:
- 1. Destruction Procedure
The company selects personal information for destruction when the reasons for destruction arise and obtains approval from the company's data protection officer before proceeding with the destruction.
- 2. Destruction Method
Personal information recorded or stored in electronic file formats is destroyed in a manner that makes it impossible to regenerate the records, using methods such as low-level formatting (Low Level Format). Personal information recorded or stored in paper documents is destroyed by shredding or incineration.
Article 9. Measures for Ensuring the Security of Personal Information
The company takes the following measures to ensure the security of personal information:
- 1. Administrative Measures: Establishment and implementation of internal management plans, regular employee training, and other internal measures are in place.
- 2. Technical Measures: Access control for systems such as personal information processing systems, access restrictions, and installation of security programs are implemented.
- 3. Physical Measures: Access control for areas such as computer rooms and data storage rooms is enforced.
Article 10. Personal Information Protection Manager
① The company has appointed a Personal Information Protection Manager to oversee matters related to the processing of personal information, as well as handling complaints and providing remedies for information subjects.
▷ Personal Information Protection Manager
Name: Kim Hyeong-tae(Team leader)
Position: Head of HR Development Team
Contact: 02-2005-4120, cozy20@gspower.co.kr, Fax: 02-2005-4150
▷ Department Responsible for Personal Information Protection
Department Name: HR Development Team
Person in Charge: Shin Yeonkwon
Contact: 02-2005-4033, researcher@gspower.co.kr, Fax: 02-2005-4150
② Information subjects can contact the Personal Information Protection Manager and the designated department for any inquiries, complaints, or requests for remedies related to personal information protection that may arise while using the company's services (or business). The company will promptly respond to and address information subjects' inquiries.
Article 11. Request to view Personal Information
Information subject may request access to personal information pursuant to Article 35 of the Personal Information Protection Act to the department below. The company will strive to promptly process the information subject's request to view personal information.
▷ Department Responsible for Receiving and Processing Request to view Personal Information
Department Name: HR Development Team
Person in Charge: Shin Yeonkwon
Contact: 02-2005-4033, researcher@gspower.co.kr, Fax: 02-2005-4150
Article 12. Remedies for Privacy Violations
Information subjects can also inquire about remedies and counseling related to personal information breaches through organizations such as the Personal Information Infringement Report Center and the Personal Information Dispute Resolution Committee.
< Please note that these organizations are separated from the company and, if you are not satisfied with the company's internal handling of personal information complaints or remedies, or if you need more detailed assistance, you may contact them. >
Article 13. Installation and Operation of image Information Processing System
① GS Power Co., Ltd. operatesthe following image information processing devices:
- 1. Basis and Purpose of Installation of Image Information Processing Devices: Facility safety and fire prevention at GS Power Co., Ltd.
- 2. Number of Installations, Locations, and Recording Range: 32 devices installed in key facilities such as the headquarters and production facilities, covering the entire space of key facilities.
- 3. Person in Charge of Management, Responsible Department, and Authorized Access Personnel for Image Information
▷ Image Information Protection Responsible Department
- Anyang -
Department Name: Power Generation Planning Team
Person in Charge: Lee Hyewon (Staff)
Contact: 031-596-2712, wonmyluv68@gspower.co.kr, Fax: 031-596-2717
- Bucheon -
Department Name: Power Generation Planning Team
Person in Charge: Song Eunsung (Manager)
Contact: 032-320-0483, ss0227@gspower.co.kr, Fax: 032-320-3214
- 4. Recording Time, Retention Period, Storage Location, and Handling Method of Image Information:
- Recording Time: 24 hours
- Retention Period: 30 days from the time of recording
- Storage Location and Handling Method: Stored and processed in the Image Information Processing Device Control Room of the Power Generation Planning Team.
- 5. Method and Location for Checking Image Information: Request to the responsible person – Power Generation Planning Team.
- 6. Measures for Requests to view Image Information by Data Subjects: Access to viewing is allowed only when the data subject is clearly identifiable in the video or when it is necessary to protect the life, body, or property interests of the data subject.
- 7. Technical, Administrative, and Physical Measures for Image Information Protection: Establishment of internal management plans, access control and access authorization restrictions, application of secure storage and transmission technologies for Image Information , storage of processing records and prevention of tampering, installation of locking devices for storage facilities, etc.
Article 14. Changes to the Personal Information Processing Policy
- ① This privacy policy has been in effect since 1st January, 2012.
- ② In the event of changes to this privacy policy, we will ensure that you can compare and review the previous version.