Privacy Policy
DR B&H Co., Ltd. (hereinafter referred to as the "Company") complies with the "Personal Information Protection Act" and related laws to protect the freedom and rights of data subjects, processes personal information lawfully, and manages it safely. Accordingly, in accordance with Article 30 of the "Personal Information Protection Act," we establish and disclose the following personal information processing policy to inform data subjects about the procedures and standards for processing personal information and to handle related grievances promptly and smoothly.
Purpose of Processing Personal Information
The Company processes personal information for the following purposes. Personal information processed by the Company is not used for purposes other than the following, and if the use purpose changes, we will take necessary measures, such as obtaining separate consent under Article 18 of the "Personal Information Protection Act."
1. Service Provision
1) To provide services in response to various inquiries, including customer inquiries, recruitment inquiries, and business partnerships.
2) To confirm and respond to reports of illegal, burdensome, or unethical conduct by employees.
Period of Processing and Retention of Personal Information
1. The Company processes and retains personal information within the personal information retention and usage period agreed upon when collecting personal information from the data subject or within the period prescribed by law.
2. The retention and usage period for personal information is one year.
Items of Personal Information Processed
The Company processes the following personal information items:
1. Inquiries: name, affiliation, phone number, email address, inquiry content.
2. Cyber Report: name, affiliation, phone number, email address of the reporter, and the affiliation, name, business department, position, and report content of the subject being reported.
Procedure and Method of Personal Information Destruction
1. When personal information becomes unnecessary, such as the expiration of the retention period or achievement of the processing purpose, the Company will promptly destroy the personal information.
2. If the retention period agreed upon by the data subject has expired or the processing purpose has been achieved but the personal information must be preserved according to other laws, the personal information will be moved to a separate database (DB) or stored in a different location.
3. The procedure and method of personal information destruction are as follows:
1) Destruction Procedure: The department or person in charge selects the personal information to be destroyed and destroys it according to the destruction method outlined below.
2) Destruction Method: Personal information recorded and stored in electronic file form is destroyed using a method that ensures the data cannot be reconstructed. Personal information recorded and stored in paper documents is shredded or incinerated.
Rights and Obligations of Data Subjects and Methods of Exercise
1. Data subjects can exercise their rights to request access to, correction, deletion, or suspension of processing of personal information at any time.
2. Rights can be exercised through written, email, or fax requests under Article 41, Paragraph 1 of the "Personal Information Protection Act Enforcement Decree." The Company will promptly take action on such requests.
3. Rights can also be exercised through an agent, such as a legal representative or a person authorized by the data subject. In such cases, a power of attorney must be submitted in accordance with Form 11 of the "Personal Information Processing Method Notification (No. 2020-7)."
4. Requests for access to or suspension of processing of personal information may be restricted under Articles 35, Paragraph 4, and 37, Paragraph 2 of the "Personal Information Protection Act."
5. Requests for correction and deletion of personal information cannot be made if other laws specify that the information is subject to collection.
6. The Company verifies the identity of the requester or the legitimacy of the representative for requests for access, correction, deletion, or suspension of processing.
Measures to Ensure the Safety of Personal Information
The Company takes the following measures to ensure the safety of personal information:
1. Administrative Measures: Establish and implement internal management plans, operate dedicated organizations, and conduct regular employee training.
2. Technical Measures: Manage access rights to personal information processing systems and install security programs.
3. Physical Measures: Control access to data processing rooms and document storage facilities.
Criteria for Additional Use and Provision
1. The Company may use and provide personal information additionally without the data subject's consent under Articles 15, Paragraph 3, and 17, Paragraph 4 of the "Personal Information Protection Act," considering the factors outlined in Article 14-2 of the Enforcement Decree of the same Act.
2. The Company considered the following factors for additional use and provision without the data subject's consent:
3. Whether the purpose of additional use and provision is related to the original purpose of collection.
4. Whether the additional use and provision are predictable considering the context of collection or processing practices.
5. Whether the additional use and provision unjustly infringe on the interests of the data subject.
6. Whether necessary measures have been taken to ensure safety, such as pseudonymization or encryption.
Personal Information Protection Officer
1. The Company designates a Personal Information Protection Officer who is responsible for overseeing personal information processing, handling complaints, and providing relief related to personal information processing.
1) Personal Information Protection Officer
Department, Name, Position:
Contact: info@drbnh.com / +82 2-2293-3131
2) Personal Information Protection Department
Department Name:
Contact: info@drbnh.com / +82 2-2293-3131
※ This department handles requests for access to personal information.
2. Data subjects can contact the Personal Information Protection Officer or the department responsible for any inquiries, complaints, or requests for relief related to personal information processing while using the Company's services (or business).
Changes to the Personal Information Processing Policy
1. This personal information processing policy is effective from January 2, 2024.
2. If there are any changes to the personal information processing policy, previous versions will be available for review on this page.