Amorepacific Corporation (hereinafter “the Company”) establishes and discloses the following privacy policies to protect personal information pursuant to Article 30 of the Personal Information Protection Act and handle related grievances promptly and smoothly.
- Article 1 - Purpose of Processing Personal Information
- Article 2 - Processing and Retention Period of Personal Information
- Article 3 - Providing Personal Information to Third Parties
- Article 4 - Entrusting Personal Information Processing
- Article 5 - Rights, Duties, and Exercise Methods of the Information Subject and Legal Representatives
- Article 6 - Items of Personal Information to Process
- Article 7 - Destroying Personal Information
- Article 8 - Measures to Secure the Safety of Personal Information
- Article 9 - Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
- Article 10 - Matters Concerning Personal Information Security Officer
- Article 11 - Changing the Privacy Policy
Article 1 - Purpose of Processing Personal Information
The company is doing its best to protect personal information as well as the rights and interests of the information subject, and collects and uses personal information based on the relevant statutes or the consent of information subject for business processes.
Article 2 - Processing and Retention Period of Personal Information
The company processes and retains personal information within the period of possession and use of personal information under the relevant statutes or agreed by information subjects.
Article 3 - Providing Personal Information to Third Parties
The company shall provide the information to a third party only if the information subject agrees or if the Personal Information Protection Act permits, such as for the provisions of the law. Otherwise, the company cannot use or provide the customer’s personal information to third parties beyond the notified scope.
Article 4 - Entrusting Personal Information Processing
The company entrusts the processing of personal information to a specialized institution for smooth personal information processing, wherein the company clearly stipulates compliance with the relevant laws, the prohibition of providing personal information to third parties, as well as liability, and strives to protect personal information by signing and securing the details of the contract.
Article 5 - Rights, Duties, and Exercise Methods of the Information Subject and Legal Representatives
The information subject may exercise his/her right to view, correct, delete, or stop the processing of personal information from the company at any time by himself/herself, his/her legal representative, or a delegated person. Then, the company will take immediate action against the request for rights, except as otherwise provided for by law.
The information subject and a legal representative may exercise their rights by contacting the company using the Internet, telephone, or written documents in relation to personal information, and the company shall take the necessary measures without delay.
Article 6 - Items of Personal Information to Process
The company processes personally identifiable information, address, contact, etc. with the consent of the information subject or under the law for Amorepacific Group’s business, such as providing services to customers and managing its executive personnel and employees.
Article 7 - Destroying Personal Information
When personal information becomes unnecessary, such as the expiration of the period of personal information retention or the achievement of processing purposes, the company shall destroy such personal information without delay so that it cannot be reproduced or restored. If the law requires preservation, the information should be moved to a separate DB to minimize access.
Article 8 - Measures to Secure the Safety of Personal Information
To ensure the safety of personal information, the company implements the following measures and manages it strictly.
- ① Administrative measures: Establishment and implementation of internal management plans, regular training of employees, etc.
- ② Technical measures: Management of access authority of the personal information processing system, installation of the access control system, encryption of unique identification information, periodic inspection of access records, installation of security programs, etc.
- ③ Physical measures: Access control of computer rooms, archives, etc.
Article 9 - Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
The company uses “Cookie,” which stores information and frequently calls to provide users with personalized service and convenience. Moreover, the user can set/stop of cookies on the web browser.
Article 10 - Matters Concerning Personal Information Security Officer
The company is in charge of handling personal information and appoints a person in charge of personal information protection as follows to handle complaints and damage relief related to personal information processing as well as respond to and handle inquiries from the information subject without delay.
* Personal Information Security Officer: Information Technology Div. Cho Young-gil
Article 11 - Changing the Privacy Policy
When the company changes its privacy policy, it continuously discloses the timing of the change and the changed contents and compares the changes before and after so that the information subject can easily check them.
<Addendum>
• 2020.07.10 (Enforcement Date) This policy will take effect on 10 July 2020.