대한전선

Article 1 (Purpose of Processing Personal Information)

The Company handles the personal information that pertains to the minimum required scope of personal information for the purposes shown in the table below. Personal information processed by the Company shall not be used for purposes other than the purpose of processing personal information stipulated in this article, and should the said purpose change, the Company shall take necessary measures, such as obtaining separate and additional consent from the data subject in compliance with the “Personal Information Protection Act” and other related laws.

Article 2 (Processing and Retention Period of Personal Information)

The Company shall destroy personal information within five days of achieving or fulfilling the purpose of collecting and using any given personal information item. However, if the Company is obliged by law to preserve a personal information item in accordance with relevant laws or if the Company obtains consent from the data subject, it shall keep relevant personal information for a set period of time.

1. 1)1:1 Inquiry: Day of completing the processing of an inquiry
2. 2)Hot line service: Day of informing the complainant and completing the processing of the particular complaint
3. 3)Recruitment web page: Day of ending a particular recruitment process or cycle
4. 4)Registration of business partners for goods and services: Day of closing a transaction or settling an account
5. 5)Processing of human resources records for employees: Day of the particular employee’s resignation/termination
6. 6)Storage of Video Information (CCTV): 45 days
7. 7)Collection of Biometric Information (Fingerprint): Retained during the period in which access authorization is maintained and destroyed without delay upon termination of such authorization

Article 3 (Items of Personal Information Processed by the Company and Collection Methods)

The Company shall collect and process the following personal information from users.

1. 1) Collected items

   Type	Required information	Optional information	Retention and usage period
   1:1 inquiry	Name, contact information, e-mail, country (for the global website only)	Affiliated company, mobile phone number	3 months
   Hot line service Reports on violations	Name, contact information, e-mail		3 months
   Recruitment web page	Name, contact information, e-mail, status as a combat veteran and/or disabled person, academic background, performance, military service record, career experience, overseas experience, language and other qualifications, awards, personal introduction	Other job-related information prepared according to the needs of the applicant	1 year
   Registration of business partners for goods and services	Name, contact information, e-mail
   Processing of human resources records for employees	Name, contact information, e-mail, status as a combat veteran and/or disabled person, academic background, performance, military service record, career experience, overseas experience, language and other qualifications, awards, personal introduction	Human resources-related information prepared for other needs	When the prepared information is no longer needed
   Storage of Video Information (CCTV)	Video Information (recording time, recording location)		45 days
   Collection of Biometric Information (Fingerprint)	Fingerprint Information		Destroyed upon termination of access authorization

2. 2) Collection method
   
   

   A. Online collection: Directly inputted by website users

   B. Offline collection: Collected during the process of sales and customer consultations either in person, via written means (documentation), fax, e-mail, contact information, etc.

   C. Video information collected through video information processing devices (CCTV) for the purposes of business site access security, facility safety, crime prevention, and protection of national core technologies

   D. Collection of biometric information (fingerprint information) through a fingerprint-based access control system for access control and security management

Article 4 (Matters Concerning the Provision of Personal Information to Third Parties)

1. 1)The Company shall process the personal information of the data subject only within the scope specified in the Purpose of Processing Personal Information stipulated above, and it shall provide personal information to third parties only with the consent of the data subject and when it falls under Articles 17 and 18 of the Personal Information Protection Act, including any special provisions of the law. Otherwise, the Company shall not provide the personal information of a data subject to third parties.
2. 2)In case of emergencies such as disasters, infectious diseases, incidents/accidents that pose an imminent threat to a person’s life/bodily harm, imminent property loss, etc., the Company may provide personal information to related organizations without the consent of the data subject. In such a case, the Company shall provide only the minimum necessary personal information in accordance with applicable laws, and shall not provide the information for any other purpose.
3. 3)The Company shall not provide video information (CCTV) and biometric information (fingerprint information) collected for the purposes of access control, facility security, crime prevention, industrial security, and protection of national core technologies to any third party, except where required by applicable laws and regulations.
4. 4)However, the Company may provide video information within the necessary scope where required under applicable laws and regulations, including criminal investigations, accident investigations, court orders, or lawful requests from relevant authorities.
5. 5)Biometric information (fingerprint information) shall be processed only for the purposes of verifying access authorization and personal identification, and shall not be provided to external parties except where required by applicable laws and regulations.

Classification	Legal basis	Receiving entity	Personal information provided
Disaster response	Framework Act on the Management of Disasters and Safety	Central Countermeasure Headquarters or Local Countermeasure Headquarters	Name, resident registration number, address, and phone number (including mobile phone number) The following information to help determine movement/evacuation routes and for search and rescue purposes A. Information collected through CCTVs B. Transportation card user history C. Date and time, place of use of credit card, debit card, and prepaid card transactions D. Name and phone number of the medical institution on a prescription, date and time of treatment stated in a medical record (For telecommunication service providers or location information service providers only) Personal location information
Prevention and management of infectious diseases	Means to prevent infectious diseases	Korea Disease Control and Prevention Agency or nationwide Si/Do governments	Name, resident registration number, address, and phone number (including mobile phone number) Prescription and medical records according to the “Medical Service Act” Immigration records for a period determined by the Commissioner of the Korea Disease Control and Prevention Agency Other information on the following to determine movement/evacuation routes A. Credit card/debit card/prepaid card transaction details in accordance with the “Specialized Credit Finance Business Act” B. Public transportation card usage details in accordance with the “Act on the Support and Promotion of Utilization of Mass Transit System” C. Video/image information collected via image information processing devices in accordance with the “Personal Information Protection Act” (For telecommunication service providers or location information service providers only) Personal location information
Prevention of an outbreak/spread of infectious diseases in livestock	Act on the Prevention of Contagious Animal Diseases	National animal disease control agencies governed by the Ministry of Agriculture, Food and Rural Affairs	(For personal location information service providers or toll road management authorities only) Expressway traffic information
Finding missing children, mentally handicapped persons, dementia patients, etc.	Act on the Protection and Support of Missing Children	Police stations	(For personal location information service providers, telecommunication service providers, personal identity verification agencies, or resident registration number alternative subscription service providers only) Personal location information, internet address, communication incidence verification data
Potential suicide risk protection	Suicide prevention	Police stations Coast guard Fire departments	(For information and communication service providers only) Name, resident registration number (or date of birth in the absence of resident registration number information), address, phone number, ID, e-mail address, and personal location information of the person subject to emergency rescue or assistance
Response to emergency rescue/assistance requests, etc.	Act on the Protection and Use of Location Information	Fire departments	(For location information service providers only) Personal location information
Response to crisis situations such as economical/financial distress or hardships	Emergency Aid and Support Act	Central and local governments	Minimum information required to identify entities subject to immediate livelihood assistance in the case of economical/financial distress or hardships
Processing of personal information belonging to victims of crimes such as kidnapping and involuntary confinement	Personal Information Protection Act	Police stations	Video/image information, including CCTV footage
	Telecommunications Business Act	Competent investigative authorities	(For information and communications service providers only) Name and resident registration number of relevant users
Information for identifying movement routes and for search and rescue operations	Personal Information Protection Act	Central Disaster and Safety Countermeasure Headquarters, Korea Disease Control and Prevention Agency (KDCA), Police Stations, Fire department	Video information collected through CCTV Access records through the access control system

Article 5 (Matters Concerning the Consignment of Tasks related to the Processing of Personal Information)

1)The Company consigns tasks related to the processing of personal information as follows to ensure the smooth processing of personal information.

Consignee	Consigned responsibilities	Retention and usage period
GS ITM Co., Ltd.	System operation and maintenance	Until December 2027
Geumsang Tech Co., Ltd.	Maintenance of Video Information Devices and Access Control Systems	Until June 11, 2027

1. 2)The Company shall comply with Article 26 of the Personal Information Protection Act when concluding a consignment contract, and shall stipulate in written form, such as contracts, responsibilities such as the prohibition of personal information processing other than the purpose of performing consigned tasks, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the consignee, and indemnification against damages, and the Company shall also supervise the consignee’s safe handling of personal information. In particular, with respect to the maintenance of video information processing devices (CCTV) and access control systems, the Company implements necessary protective measures such as access authorization management, retention of access logs, secure management of video information and access records, and control of remote access.
2. 3)If the specific description of the consigned work or the consignee changes, the Company shall disclose relevant facts in compliance with this privacy policy without delay.

Article 6 (Procedures and Methods for Destroying and Discarding Personal Information)

1. 1)The Company shall destroy personal information without delay when said personal information becomes no longer necessary to retain, such as the expiration of the personal information retention period or achievement of the purpose of processing the personal information.
2. 2)If the retention period for personal information consented to by the data subject has expired, or if the personal information has to be kept in compliance with other laws despite achieving the purpose of processing said personal information, it may be transferred to a separate database (DB) or stored on a different means of storage for safe-keeping.
3. 3)The procedure and method of destroying and discarding personal information shall be as follows.
   - Destruction procedure: Personal information which has satisfied the conditions for destruction shall be identified and destroyed without delay unless other laws and regulations stipulate further safe-keeping.
   - Destruction method: The Company shall destroy personal information recorded and stored in the form of electronic files using means that render said information irreproducible, and personal information recorded and stored in paper documents shall be destroyed by shredding with a shredder or incineration.

Article 7 (Matters Concerning the Rights and Obligations of Legal Representatives of Information Subjects and Methods of Exercising Them)

A data subject can exercise the following rights to protect its personal information protection against the Company at any time.

1. 1)A data subject can exercise the right to view, correct, delete, and suspend the processing of its personal information against the Company at any time.
2. 2)Rights can be exercised against the Company in writing, via e-mail, fax, etc. in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the “Personal Information Protection Act,” and the Company shall take the required action without delay in the event of such request.
3. 3)Rights can be exercised through an agent such as the legal representative of the data subject or a person who has been delegated to act on behalf of the data subject. In such a case, the data subject shall submit a power of attorney using the form provided as Attachment No. 11 of the “Announcement on the Handling Method for Personal Information (No. 2020-7).”
4. 4)The rights of a data subject may be restricted in accordance with Article 35, Paragraph 4 and Article 37, Paragraph 3 of the “Personal Information Protection Act” pertaining to requests to view and suspend the processing of its personal information.
5. 5)Correction and deletion of personal information cannot be requested if the personal information is specified as required information in other laws.
6. 6)The Company shall confirm whether the person who made a request according to a data subject’s legal rights pertaining to personal information, such as a request for viewing, correcting/deleting, or suspending the processing of personal information, is the data subject of said information or a legitimate agent of the data subject.

Article 8 (Matters Concerning Measures to Ensure the Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information.

1. 1)Administrative measures: Establishing and executing an internal management plan, operating a dedicated organization, and conducting regular employee training
2. 2)Technical measures: Managing the rights to access the personal information processing system, etc., installing access control systems, encrypting personal information, installing and updating security programs, retention of access logs and prevention of tampering and alteration
3. 3)Physical measures: Controlling access to computer rooms, data storage rooms, access control for video information storage facilities, etc.

Article 9 (Matters Concerning the Installation, Operation, and Declining of Devices that Automatically Collect Personal Information)

The Company shall not use “cookies” that store and retrieve a data subject's usage information on demand.

Article 10 (Matters Concerning the Collection, Usage, Provision, and Declining of Activity/Behavior Information)

The Company shall not import, utilize, or provide activity/behavior information for customized online advertisements, etc.

Article 11 (Criteria for Determining Additional Usage/Provision)

1)The Company shall consider matters stipulated under Article 14-2 of the Enforcement Decree of the Personal Information Protection Act in accordance with Article 15, Paragraph 3 and Article 17, Paragraph 4 of the Personal Information Protection Act in additionally using/providing personal information without the consent of the data subject.

2)Accordingly, the Company shall consider the following in order to additionally use/provide personal information without the consent of the data subject.
A. Whether the purpose of additional use/provision of personal information is related to the original purpose of collecting said personal information
B. Whether there is any predictability of additional use/provision of personal information in light of the circumstances in which it was collected or the practices through which the information is processed;
C. Whether additional use/provision of personal information unreasonably infringes upon the interests of the data subject
D. Whether measures necessary to ensure safety, such as the pseudonymization or encryption of data, have been taken

Article 12 (Matters Concerning the Person in Charge of the Protection of Personal Information)

1. 1)The Company shall be responsible for the overall handling of personal information, and shall designate a person in charge of the protection of personal information (Chief Privacy Officer) as follows in order to handle complaints and provide relief for data subjects against damages related to the processing of personal information.

2. Chief Privacy Officer

   Department name: Human Resources Team
   Contact information: 02-316-9402

   Computerized information manager

   Department name: IT Support Team
   Contact information: 02-316-9234
   ※ Responsible for access requests to personal information at the “Personal Information Protection Department”

   
   
3. 2)A data subject may inquire about all personal information protection-related inquiries, complaint handling, damage relief, etc. that had occurred while using the company's services (or businesses) to the Chief Privacy Officer and the department in charge. The Company shall respond and handle the inquiries by the data subject without delay.

Article 13 (Remedies for Infringements against the Rights and Interests of Data Subjects)

1)A data subject may file for dispute resolution or consultation with the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center at the Korea Internet & Security Agency to seek relief from personal information infringements. For other personal information infringement reports and consultations, please contact the following organizations.

Type	Contact information	Website
Personal Information Dispute Mediation Committee	(No area code required) 1833-6972	www.kopico.go.kr
Personal Information Infringement Report Center	(No area code required) 118	privacy.kisa.or.kr
Supreme Prosecutor's Office	(No area code required) 1301	www.spo.go.kr
National Police Agency	(No area code required) 182	ecrm.cyber.go.kr

1. 2)The Company shall guarantee a data subject's right to self-determination of personal information, and shall strive for counseling and damage relief due to personal information infringement. Should a data subject need to report an incident or seek consultation, please contact the department in charge below.

2. Customer inquiries and reporting related to the protection of personal information

   Department name: Human Resources Team
   Contact information: 02-316-9402

Article 14 (Operation of Video Information Processing Devices)

The Company installs and operates video information processing devices (CCTV) for the purposes of facility safety, fire prevention, access control, security management, crime prevention, and protection of national core technologies.

1. 1)Installation Locations and Scope of Recording
   The Company may install and operate video information processing devices at major entrances of its headquarters and business sites, parking areas, common areas, entrances to production facilities, and protected areas.
2. 2)Recording Time and Retention Period
   - Recording Time: 24-hour continuous recording or motion-detection recording
   - Retention Period: Up to 45 days from the date of recording
   - Video information shall be securely destroyed in a manner that prevents recovery once the retention period has expired.
3. 3)Storage Location and Responsible Department
   - Storage Location: Designated locations such as the control room and each relevant department office
   - Responsible Department: Management Support Team and each relevant operational department
4. 4)Method of Accessing Video Information
   A data subject may request access only to video footage in which he or she appears, and such access may be granted in accordance with applicable laws and the Company’s internal procedures.
5. 5)Protection Measures for Video Information
   - Restriction of access authorization and differentiated assignment of access rights
   - Password configuration and periodic password changes
   - Management of video export and access records
   - Access control and security management for storage devices
   - Implementation of personal information protection training
6. 6)Policy on the Operation and Management of Video Information Processing Devices
   Details regarding the installation and operation of video information processing devices shall be governed by the separately published “Policy on the Operation and Management of Video Information Processing Devices.”

Article 15 (Access Control and Processing of Biometric Information)

The Company may operate an access control system for business site access security, facility safety, and protection of national core technologies, and may process biometric information such as fingerprint information where necessary.

1. 1)Processed Items
   - Fingerprint Information, Name, Department, Access History Information
2. 2)Retention and Use Period
   The collected information shall be retained during the period in which access authorization is maintained and shall be destroyed without delay upon termination of such authorization.
3. 3)Processing and Protection Measures for Biometric Information
   - Operation of a separate consent procedure
   - Minimization of access authorization
   - Encrypted storage and access control
   - Immediate deletion upon termination of authorization
   - Implementation of regular management inspections

Article 16 (Matters Concerning Changes to the Privacy Policy)

- This Privacy Policy shall be enacted as of May 22, 2026.