YKK KOREA CO,. LTD (hereinafter referred to as ‘company’) values personal information of users. We observe regulations related to personal information protection under the relevant laws including [Personal Information Protection Act] and [Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.], and lawfully and reasonably handle personal information collected, retained and processed according to the relevant laws in order to perform job properly and protect rights and interests of the subject of information.
1. Purpose of Handling of Personal Information
The company handles minimum of personal information required for the following purposes. Personal information handled by the company shall not be used for any other purposes except for purposes below, and if any change occurs in the purpose of use of personal information, the company will take necessary measures such as obtaining consent in accordance with Article 18 of Personal Information Protection Act.
|Classification||Purpose of Handling of Personal Information|
|Provision of web color website service||Required||- Confirmation of identity for provision of service, contacts, statistics for service use|
|Optional||- Position of customers in case of contacting for provision of service|
|Recruitment of applicants||Required||- Handling and management of recruitment processes between the company and applicants, inquiry and verification of career history/certificates/etc., decision of employment
- Handling of civil affairs, dispute resolution, observance of legal regulations
|Optional||- Inquiry and verification of job proficiency of applicants on the field of application|
and employment retention·termination of employees and executives
|Required||- Conclusion/maintenance/management of labor contract, etc. between the company and employees (including wage payment, provision of welfare, related tax affairs)
- Support for job performance and personnel management of employees (setting standard wage, support for job performance of employees such as business trip, evaluation, reward and punishment, education, training, other general personnel management)
- Issuance of certificates
- Dispute resolution, compliance of obligations under Labor Standard Act and other laws
|Optional||- Personnel management (setting standard wage)|
2. Items of Personal Information for Handling
The company handles each personal information item collected through the methods listed below.
|Classification||Items of Personal Information for Handling|
|Provision of web color website service||Required||- ID(E-mail), Password, Password Confirm, First Name, Last Name, Company Name, Industry, Department, Phone, Country, The Person In Charge Of YKK KOREA|
|Method of collection||- Register (direct inputs by customer)|
|Recruitment of applicants||Required||- Personal identification information [Name (Korean/English/Chinese), birthdate, gender, ID photo, current address, home phone, mobile phone, email address]
- Sensitive information [beneficiary of patriots and veterans affairs, disability, medical examination information (only applied to subjects of medical examination for recruitment purpose)]
- Military service
- Self-introduction, family background, education (level of education, major, etc.), foreign language, career history filled out in documents like resume that are submitted for job application
|Optional||- Other recruitment related information submitted by applicants necessity|
|Method of collection||- Direct entry or submission by applicants at the time of application|
and employment retention termination of employees and executives
|Required||- Personal identification information [Name (Korean/English/Chinese), birthdate, gender, ID photo, current address, home phone, mobile phone, email address, other contacts]
- Sensitive information [beneficiary of patriots and veterans affairs]
- Unique identification information (resident number, driver’s license number, alien registration number, passport number)
- Military service
- Account information and payment history with regard to wage payment (including tax affairs) and provision of welfare
- Employee number, department, position, performance of duties (business trip, etc.), personnel management (including absence/tardiness and evaluation information, reward, disciplinary, education, training), personnel management information generated∙created due to labor relations such as resignation
|Optional||- Sensitive information [disability, healthy related issues]
- Education, foreign language, certificate, career history
|Method of collection||- Submitted by employees or generated according to labor relations|
3. Processing of Personal Information and Retention Period
When the purpose of collecting and using personal information has been achieved, the company shall destroy such information without delay except for below information which shall be kept for the specified period.
* Retaining item :
Customer information used for answering and guiding customer inquiries
* Retention period :
* Purpose of retention :
confirmation of intent, new service, data for providing personalized service, personal identification, prevention of unjust and unauthorized use, keeping the record for dispute mediation, civil affairs such as complaint handling, delivery of notice
* Retaining item :
Job application and all refered recruitment
* Retention period :
* Purpose of retention :
Recruitment history management and human resources management for regular recruitment
4. Provision of Personal Information to a Third Person
The company shall not provide personal information to outside in principle. Personal information collected from the website (including web color) or recruitment is not disclosed to outside except when prior consent of a user is received or when the law requires to disclose personal information of a user to third parties such as investigative authority, judicial authority, and other government agency according to laws for the investigation purpose.
5. Procedures and disposal about Personal Information
As a rule, the company shall not use all information provided from users for any other purposes except for keeping information or observing the relevant laws. When the purpose of collecting and using personal information is has been achieved, such information will be destroyed without delay. Procedures and disposal about personal Information are as follows.
Information submitted by a user is transferred to separate DB (a separate cabinet in case of a document) after the purpose has been achieved, and it is destroyed after a certain period of storage according to information protection rules of company policies and other relevant laws. Personal information transferred to separate DB shall not be used for any other purposes than retention unless it is required by law.
5.2.1 Personal information printed on a paper : Destroy by shredding or incinerating.
5.2.2 Personal information stored in a form of electronic file : Permanently delete through a technical method that can’t reproduce records.
6. Consignment of Personal Information Handling
For efficient handling of personal information business, the company consigns handling of personal information as follows.
|Consignment company||Consignment tasks|
|Payday||Management of employee payment, social insurance, tax report|
|Deloitte Korea||Management of employee payment, social insurance, tax report|
|Redcap Tour Co., LTD||Booking and issuance of business trip of employees, visa application|
|Shinhan Bank||Management of retirement pension, wage payment of employees|
|KB Insurance||Purchase of accident insurance and travel insurance for business trip|
|KB Kookmin Bank||Wage payment of employees|
The company shall specify in documents like contract about matters related to the purpose of conducting consigning tasks, prohibition of handling personal information, technical and managerial protection measures, restriction of re-consignment, management and supervision over consignee, compensation, etc. in accordance with Article 26 of Personal Information Protection Act. And the company supervises the consignee to safety handle personal information.
7. Rights-Obligations of Subject of Information, and Method of Exercise
Users and legal representatives may view, modify, or request for termination of their registered personal information. If a user requests to correct an error in his or her personal information, the concerned personal information will not be used or provided before correction is completed. And if the wrong personal information is already provided to a third party, the company will immediately notify the result of correction to the third party for request of correction. Personal information terminated or deleted upon request of the user or legal representative shall be handled according to “Retention and Use Period of Personal Information,” and it will not be viewed or used for any other purposes.
8. Securing Safety of Personal Information
The company takes technical and managerial measures as below for securement safety to prevent loss, theft, leakage or damage of personal information in accordance with Article 29 (Duty of Take Saty Measures) of [Personal Information Protection Act].
8.1.1 Vaccine program
The company installs a vaccine program on each PC and takes every measures to prevent damages caused by computer viruses. The vaccine program is updated periodically to react to virus.
8.1.2 Intrusion control system and vulnerability analysis system
company pays full attention to security against intrusion from outside such as hacking.
8.1.3 Restriction of access of unauthorized persons
The company establishes and manages procedures for controlling access to physical storage place that keeps personal information. Physical measures such as installation of locks are carried out for safe storage of documents that contain personal information.
8.1.4 Encryption of personal information
Personal information of a user is encrypted for storage and management. The company uses separate security measures for important data.
8.1.5 Restriction of access to personal information
A person in charge of personal information takes technical measures to allow only authorized managers to access personal information handling system.
8.2.1 Establishment and implementation of internal management plans
Internal management plants of the company are implemented according to regulations of information security management system.
8.2.2 Education of personal information and information security for personal information manager and employees
The company appoints the minimum number of managers who handle personal information, and carries out in-house education on personal information protection and information security for all managers and employees.
8.2.3 Storage and prevention of falsification of access log
Access log (web log, summary information, etc.) to personal information handling system is stored and managed for the minimum period of 6 months in accordance with Article 29(Duty of Take Safty Measures) of [Personal Information Protection Act], standard protocols and notifications, and Clause 1 of Article 8 Storage and prevention of falsification of access log. The company takes measures and manages to prevent falsification and theft of access logs.
9. Personal Information Protection Supervisor
The company designates personal information supervisor and manager as below to protect personal information of users and handle complaints related to personal information. Please contact below for any inquiries related to personal information
|Personal information supervisor||Factory Personal information manager||Headquarters Personal information manager|
DepartmentPyeongtaek Operation center
NameMoon, Wonsik (factory)
DepartmentSeoul Operation center
NameHong, InKyoung (headquarters)
Please contact the organizations listed below for personal information infringement-related reports or consultation services.
- Korea Internet & Security Agency (http://privacy.kisa.or.kr, Tel: 118)
- Privacy Dispute Mediation Committee (www.1336.or.kr, Tel: 1336)
- Personal Information Protection Mark Accreditation Committee (www.eprivacy.or.kr, Tel: 82-2-580-0533~4)
- High-Tech and Financial Crimes Investigation Division, Supreme Prosecutors’ Office (http://www.spo.go.kr, Tel: 82-2-3480-3573)
- National Police Agency Cyber Bureau (http://www.ctrc.go.kr, Tel: 82-2-392-0330)