Privacy Policy

Taihan Cable & Solution Co., Ltd. (hereinafter the “Company”) complies with the “Personal Information Protection Act” and other related laws in order to protect the freedom and rights of the data subjects, and also to legally process and safely manage personal information. Thus, in accordance with Article 30 of the “Personal Information Protection Act,” the Company has established and disclosed the following privacy policy to inform the data subjects of the procedures and standards for processing personal information and to handle related grievances swiftly and smoothly.

Article 1 (Purpose of Processing Personal Information)

The Company handles the personal information that pertains to the minimum required scope of personal information for the purposes shown in the table below. Personal information processed by the Company shall not be used for purposes other than the purpose of processing personal information stipulated in this article, and should the said purpose change, the Company shall take necessary measures, such as obtaining separate and additional consent from the data subject in compliance with the “Personal Information Protection Act” and other related laws.

1)Online consultation (Customer > 1:1 Inquiries) on the Company’s official website: Collecting information for handling inquiries pertaining to official work responsibilities or other matters

2)Report via the “Hot line” service (ESG > Hot line) available on the Company's official website : Collecting information to handle reports related to ethical management practices and fair trade voluntary compliance programs at the Company

3)Recruitment web page : Offering information on recruitment for the Company, including updates on ongoing recruitment processes and the results of each step, and establishing a talent pool for prospective employees

4)Registration of business partners for goods and services : Registering places of purchase or vendors and collecting information for work-related consultations and negotiations

5)Processing of human resources records for employees : Processing human resources records, issuing certificates of working experience, and handling other work-related purposes

Article 2 (Processing and Retention Period of Personal Information)
The Company shall destroy personal information within five days of achieving or fulfilling the purpose of collecting and using any given personal information item. However, if the Company is obliged by law to preserve a personal information item in accordance with relevant laws or if the Company obtains consent from the data subject, it shall keep relevant personal information for a set period of time.

1)Online consultations : Day of completing the processing of an inquiry

2)Hot line service : Day of informing the complainant and completing the processing of the particular complaint

3)Recruitment web page : Day of ending a particular recruitment process or cycle

4)Registration of business partners for goods and services : Day of closing a transaction or settling an account

5)Processing of human resources records for employees : Day of the particular employee’s resignation/termination

Article 3 (Items of Personal Information Processed by the Company and Collection Methods)
The Company shall collect and process the following personal information from users.

1) Collected items

Type Required information Optional information Retention and usage period

1-On-1 inquiries Name, contact information, e-mail, country (for the global website only) Affiliated company, mobile phone number 3 months

Hot line service Reports on violations or transgressions against the Fair Trade Compliance Program Name, contact information, e-mail 3 months

Recruitment web page Name, contact information, e-mail, status as a combat veteran and/or disabled person, academic background, performance, military service record, career experience, overseas experience, language and other qualifications, awards, personal introduction Other job-related information prepared according to the needs of the applicant 1 year

Registration of business partners for goods and services Name, contact information, e-mail

Processing of human resources records for employees Name, contact information, e-mail, status as a combat veteran and/or disabled person, academic background, performance, military service record, career experience, overseas experience, language and other qualifications, awards, personal introduction Human resources-related information prepared for other needs When the prepared information is no longer needed

2) Collection method

A. Online collection: Directly inputted by website users

B. Offline collection : Collected during the process of sales and customer consultations either in person, via written means (documentation), fax, e-mail, contact information, etc.

Article 4 (Matters Concerning the Provision of Personal Information to Third Parties)

1)The Company shall process the personal information of the data subject only within the scope specified in the Purpose of Processing Personal Information stipulated above, and it shall provide personal information to third parties only with the consent of the data subject and when it falls under Articles 17 and 18 of the Personal Information Protection Act, including any special provisions of the law. Otherwise, the Company shall not provide the personal information of a data subject to third parties.

2)In case of emergencies such as disasters, infectious diseases, incidents/accidents that pose an imminent threat to a person’s life/bodily harm, imminent property loss, etc., the Company may provide personal information to related organizations without the consent of the data subject. In such a case, the Company shall provide only the minimum necessary personal information in accordance with applicable laws, and shall not provide the information for any other purpose.

Classification Legal basis Receiving entity Personal information provided

Disaster response Framework Act on the Management of Disasters and Safety Central Countermeasure Headquarters or Local Countermeasure Headquarters

Name, resident registration number, address, and phone number (including mobile phone number)

he following information to help determine movement/evacuation routes and for search and rescue purposes
A. Information collected through CCTVs
B. Transportation card user history
C. Date and time, place of use of credit card, debit card, and prepaid card transactions
D. Name and phone number of the medical institution on a prescription, date and time of treatment stated in a medical record

(For telecommunication service providers or location information service providers only) Personal location information

Prevention and management of infectious diseases Means to prevent infectious diseases Korea Disease Control and Prevention Agency or nationwide Si/Do governments

Name, resident registration number, address, and phone number (including mobile phone number)

Prescription and medical records according to the “Medical Service Act”

Immigration records for a period determined by the Commissioner of the Korea Disease Control and Prevention Agency

Other information on the following to determine movement/evacuation routes
A. Credit card/debit card/prepaid card transaction details in accordance with the “Specialized Credit Finance Business Act”
B. Public transportation card usage details in accordance with the “Act on the Support and Promotion of Utilization of Mass Transit System”
C. Video/image information collected via image information processing devices in accordance with the “Personal Information Protection Act”

(For telecommunication service providers or location information service providers only) Personal location information

Prevention of an outbreak/spread of infectious diseases in livestock Act on the Prevention of Contagious Animal Diseases National animal disease control agencies governed by the Ministry of Agriculture, Food and Rural Affairs

(For personal location information service providers or toll road management authorities only) Expressway traffic information

Finding missing children, mentally handicapped persons, dementia patients, etc. Act on the Protection and Support of Missing Children Police stations

(For personal location information service providers, telecommunication service providers, personal identity verification agencies, or resident registration number alternative subscription service providers only) Personal location information, internet address, communication incidence verification data

Potential suicide risk protection Suicide prevention Police stations
Coast guard
Fire departments

(For information and communication service providers only) Name, resident registration number (or date of birth in the absence of resident registration number information), address, phone number, ID, e-mail address, and personal location information of the person subject to emergency rescue or assistance

Response to emergency rescue/assistance requests, etc. Act on the Protection and Use of Location Information Fire departments

(For location information service providers only) Personal location information

Response to crisis situations such as economical/financial distress or hardships Emergency Aid and Support Act Central and local governments

Minimum information required to identify entities subject to immediate livelihood assistance in the case of economical/financial distress or hardships

Processing of personal information belonging to victims of crimes such as kidnapping and involuntary confinement Personal Information Protection Act Police stations

Video/image information, including CCTV footage

Telecommunications Business Act Competent investigative authorities

(For information and communications service providers only) Name and resident registration number of relevant users

Article 5 (Matters Concerning the Consignment of Tasks related to the Processing of Personal Information)
1)The Company consigns tasks related to the processing of personal information as follows to ensure the smooth processing of personal information.

Consignee Consigned responsibilities Retention and usage period

GS ITM Co., Ltd. System operation and maintenance Until December 2025

2)The Company shall comply with Article 26 of the Personal Information Protection Act when concluding a consignment contract, and shall stipulate in written form, such as contracts, responsibilities such as the prohibition of personal information processing other than the purpose of performing consigned tasks, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the consignee, and indemnification against damages, and the Company shall also supervise the consignee’s safe handling of personal information.

3)If the specific description of the consigned work or the consignee changes, the Company shall disclose relevant facts in compliance with this privacy policy without delay.

Article 6 (Procedures and Methods for Destroying and Discarding Personal Information)

1)The Company shall destroy personal information without delay when said personal information becomes no longer necessary to retain, such as the expiration of the personal information retention period or achievement of the purpose of processing the personal information.

2)If the retention period for personal information consented to by the data subject has expired, or if the personal information has to be kept in compliance with other laws despite achieving the purpose of processing said personal information, it may be transferred to a separate database (DB) or stored on a different means of storage for safe-keeping.

3)The procedure and method of destroying and discarding personal information shall be as follows.
- Destruction procedure: Personal information which has satisfied the conditions for destruction shall be identified and destroyed without delay unless other laws and regulations stipulate further safe-keeping.
- Destruction method: The Company shall destroy personal information recorded and stored in the form of electronic files using means that render said information irreproducible, and personal information recorded and stored in paper documents shall be destroyed by shredding with a shredder or incineration.

Article 7 (Matters Concerning the Rights and Obligations of Legal Representatives of Information Subjects and Methods of Exercising Them)
A data subject can exercise the following rights to protect its personal information protection against the Company at any time.

1)A data subject can exercise the right to view, correct, delete, and suspend the processing of its personal information against the Company at any time.

2)Rights can be exercised against the Company in writing, via e-mail, fax, etc. in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the “Personal Information Protection Act,” and the Company shall take the required action without delay in the event of such request.

3)Rights can be exercised through an agent such as the legal representative of the data subject or a person who has been delegated to act on behalf of the data subject. In such a case, the data subject shall submit a power of attorney using the form provided as Attachment No. 11 of the “Announcement on the Handling Method for Personal Information (No. 2020-7).”

4)The rights of a data subject may be restricted in accordance with Article 35, Paragraph 4 and Article 37, Paragraph 3 of the “Personal Information Protection Act” pertaining to requests to view and suspend the processing of its personal information.

5)Correction and deletion of personal information cannot be requested if the personal information is specified as required information in other laws.

6)The Company shall confirm whether the person who made a request according to a data subject’s legal rights pertaining to personal information, such as a request for viewing, correcting/deleting, or suspending the processing of personal information, is the data subject of said information or a legitimate agent of the data subject.

Article 8 (Matters Concerning Measures to Ensure the Safety of Personal Information)
The Company takes the following measures to ensure the safety of personal information.

1)Administrative measures : Establishing and executing an internal management plan, operating a dedicated organization, and conducting regular employee training

2)Technical measures : Managing the rights to access the personal information processing system, etc., installing access control systems, encrypting personal information, installing and updating security programs

3)Physical measures : Controlling access to computer rooms, data storage rooms, etc.

Article 9 (Matters Concerning the Installation, Operation, and Declining of Devices that Automatically Collect Personal Information)
The Company shall not use “cookies” that store and retrieve a data subject's usage information on demand.
Article 10 (Matters Concerning the Collection, Usage, Provision, and Declining of Activity/Behavior Information)
The Company shall not import, utilize, or provide activity/behavior information for customized online advertisements, etc.
Article 11 (Criteria for Determining Additional Usage/Provision)
1)The Company shall consider matters stipulated under Article 14-2 of the Enforcement Decree of the Personal Information Protection Act in accordance with Article 15, Paragraph 3 and Article 17, Paragraph 4 of the Personal Information Protection Act in additionally using/providing personal information without the consent of the data subject.

2)Accordingly, the Company shall consider the following in order to additionally use/provide personal information without the consent of the data subject.
A. Whether the purpose of additional use/provision of personal information is related to the original purpose of collecting said personal information
B. Whether there is any predictability of additional use/provision of personal information in light of the circumstances in which it was collected or the practices through which the information is processed;
C. Whether additional use/provision of personal information unreasonably infringes upon the interests of the data subject
D. Whether measures necessary to ensure safety, such as the pseudonymization or encryption of data, have been taken
Article 12 (Matters Concerning the Person in Charge of the Protection of Personal Information)

1)The Company shall be responsible for the overall handling of personal information, and shall designate a person in charge of the protection of personal information (Chief Privacy Officer) as follows in order to handle complaints and provide relief for data subjects against damages related to the processing of personal information.

Chief Privacy Officer

Department name: Human Resources Team
Contact information: 02-316-9402

Computerized information manager

Department name: IT Support Team
Contact information: 02-316-9234
※ Responsible for access requests to personal information at the “Personal Information Protection Department”

2)A data subject may inquire about all personal information protection-related inquiries, complaint handling, damage relief, etc. that had occurred while using the company's services (or businesses) to the Chief Privacy Officer and the department in charge. The Company shall respond and handle the inquiries by the data subject without delay.

Article 13 (Remedies for Infringements against the Rights and Interests of Data Subjects)
1)A data subject may file for dispute resolution or consultation with the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center at the Korea Internet & Security Agency to seek relief from personal information infringements. For other personal information infringement reports and consultations, please contact the following organizations.

Type Contact information Website

Personal Information Dispute Mediation Committee (No area code required) 1833-6972 www.kopico.go.kr

Personal Information Infringement Report Center (No area code required) 118 privacy.kisa.or.kr

Supreme Prosecutor's Office (No area code required) 1301 www.spo.go.kr

National Police Agency (No area code required) 182 ecrm.cyber.go.kr

2)The Company shall guarantee a data subject's right to self-determination of personal information, and shall strive for counseling and damage relief due to personal information infringement. Should a data subject need to report an incident or seek consultation, please contact the department in charge below.

Customer inquiries and reporting related to the protection of personal information

Department name: Human Resources Team
Contact information: 02-316-9402

Article 14 (Matters Concerning the Operation and Management of Video/Image Information Processing Equipment)

1)The Company shall install and operate video/image information processing equipment as follows.

A.Legal basis and purpose of installing video/image information processing equipment: Ensure the safety of Company facilities, prevent fire

B.Number and location of installations, the scope of recordings: 95 cameras installed in key facilities, including the office lobby and exhibition hall. Cameras record the entire space of each key facility

C.Person in charge, department in charge, and persons with authority to access video information: Heo Seong-wook, Manager, Labor Support Team

D.Video/image information recording duration, storage period, storage location, processing method

- Recording duration: Video/image information recorded 24 hours a day

- Storage period: 60 days from the time of recording

- Storage location and processing method: Storage and processing at the control office at the Labor Support Team on the 1st floor of the Human Resources Development Center

E.Video/image information access method and location: Request access to the person in charge (Heo Seong-wook, Manager, Labor Support Team)

F.Measures to meet a data subject's request to view video/image information, etc.: Application must be made with a request for viewing and confirming the existence of personal video/image information, and only when the data subject has been recorded or when the request is clearly necessary for the benefit of the data subject's life, body, and property, the request to access video/image information shall be granted

G.Technical, administrative, and physical measures to protect video/image information: Establishing an internal management plan, controlling access and restricting rights to access video/image information, applying safe storage and transmission technology of video/image information, storing processed records and measures to prevent forgery and falsification, providing storage facilities, and installing locking devices

Matters concerning the consignment of installing and managing video/image information processing equipment, etc

The Company shall consign the installation and management of video/image information processing devices as follows, and shall stipulate necessary matters so that personal information can be safely managed in the consignment contract in accordance with all relevant laws and regulations.

Organization name/department Consignee Person in charge Contact information

Labor Support Team Sun TNS Na Hyeon-seon 010-9922-9066

I. Matters concerning changes in the operation and management policy of video/image information processing equipment

This operation and management policy for video/image information processing devices was enacted on October 13, 2022. In the event of any additions, deletions, or revisions to its content according to changes in relevant laws, policies, or security technologies, the Company shall disclose the grounds and content of said changes without delay through its official website.

Article 15 (Matters Concerning Changes to the Privacy Policy)
1) This Privacy Policy shall be enacted as of October 13, 2022.

2) Please refer to the following for previous versions of this Privacy Policy.

Type	Required information	Optional information	Retention and usage period
1-On-1 inquiries	Name, contact information, e-mail, country (for the global website only)	Affiliated company, mobile phone number	3 months
Hot line service Reports on violations or transgressions against the Fair Trade Compliance Program	Name, contact information, e-mail		3 months
Recruitment web page	Name, contact information, e-mail, status as a combat veteran and/or disabled person, academic background, performance, military service record, career experience, overseas experience, language and other qualifications, awards, personal introduction	Other job-related information prepared according to the needs of the applicant	1 year
Registration of business partners for goods and services	Name, contact information, e-mail
Processing of human resources records for employees	Name, contact information, e-mail, status as a combat veteran and/or disabled person, academic background, performance, military service record, career experience, overseas experience, language and other qualifications, awards, personal introduction	Human resources-related information prepared for other needs	When the prepared information is no longer needed

Classification	Legal basis	Receiving entity	Personal information provided
Disaster response	Framework Act on the Management of Disasters and Safety	Central Countermeasure Headquarters or Local Countermeasure Headquarters	Name, resident registration number, address, and phone number (including mobile phone number) he following information to help determine movement/evacuation routes and for search and rescue purposes A. Information collected through CCTVs B. Transportation card user history C. Date and time, place of use of credit card, debit card, and prepaid card transactions D. Name and phone number of the medical institution on a prescription, date and time of treatment stated in a medical record (For telecommunication service providers or location information service providers only) Personal location information
Prevention and management of infectious diseases	Means to prevent infectious diseases	Korea Disease Control and Prevention Agency or nationwide Si/Do governments	Name, resident registration number, address, and phone number (including mobile phone number) Prescription and medical records according to the “Medical Service Act” Immigration records for a period determined by the Commissioner of the Korea Disease Control and Prevention Agency Other information on the following to determine movement/evacuation routes A. Credit card/debit card/prepaid card transaction details in accordance with the “Specialized Credit Finance Business Act” B. Public transportation card usage details in accordance with the “Act on the Support and Promotion of Utilization of Mass Transit System” C. Video/image information collected via image information processing devices in accordance with the “Personal Information Protection Act” (For telecommunication service providers or location information service providers only) Personal location information
Prevention of an outbreak/spread of infectious diseases in livestock	Act on the Prevention of Contagious Animal Diseases	National animal disease control agencies governed by the Ministry of Agriculture, Food and Rural Affairs	(For personal location information service providers or toll road management authorities only) Expressway traffic information
Finding missing children, mentally handicapped persons, dementia patients, etc.	Act on the Protection and Support of Missing Children	Police stations	(For personal location information service providers, telecommunication service providers, personal identity verification agencies, or resident registration number alternative subscription service providers only) Personal location information, internet address, communication incidence verification data
Potential suicide risk protection	Suicide prevention	Police stations Coast guard Fire departments	(For information and communication service providers only) Name, resident registration number (or date of birth in the absence of resident registration number information), address, phone number, ID, e-mail address, and personal location information of the person subject to emergency rescue or assistance
Response to emergency rescue/assistance requests, etc.	Act on the Protection and Use of Location Information	Fire departments	(For location information service providers only) Personal location information
Response to crisis situations such as economical/financial distress or hardships	Emergency Aid and Support Act	Central and local governments	Minimum information required to identify entities subject to immediate livelihood assistance in the case of economical/financial distress or hardships
Processing of personal information belonging to victims of crimes such as kidnapping and involuntary confinement	Personal Information Protection Act	Police stations	Video/image information, including CCTV footage
	Telecommunications Business Act	Competent investigative authorities	(For information and communications service providers only) Name and resident registration number of relevant users

Type	Contact information	Website
Personal Information Dispute Mediation Committee	(No area code required) 1833-6972	www.kopico.go.kr
Personal Information Infringement Report Center	(No area code required) 118	privacy.kisa.or.kr
Supreme Prosecutor's Office	(No area code required) 1301	www.spo.go.kr
National Police Agency	(No area code required) 182	ecrm.cyber.go.kr