HAIMK Privacy Policy
HAIMK Co., Ltd. (the “Company”) complies with applicable personal data protection laws and regulations, including the Act on Promotion of Information and Communications Network Utilization and Information Protection and the Personal Information Protection Act (PIPA). The Company establishes and follows this Privacy Policy to protect data subjects’ personal information and rights, and to handle privacy-related inquiries and complaints smoothly.
Data subjects may refuse to consent to the collection, use, provision, and outsourcing of personal information (collectively, “processing”) described below. However, if consent is refused, all or part of the services may be unavailable.
This Privacy Policy includes the following:
1. Purpose of Processing Personal Information
The Company collects and processes personal information to the minimum extent necessary to provide services for the purposes below:
- Website “Contact Us” (Customer Support → Online Inquiry): To collect customer information in order to respond to and provide guidance on inquiries.
- Recruitment site: To conduct recruitment procedures, provide information on results at each stage, and build/manage a talent pool.
- New vendor registration: To collect information necessary to register business partners and proceed with related 업무.
- ERP / QMS: To register user information for use of the ERP/QMS services.
The Company collects the following categories of personal information as necessary to provide services:
· Main website – Customer Support → Online Inquiry
- Required: Name, Email address, Mobile phone number
- Optional: Company name, Telephone number
· Recruitment site
- Required: Name, Nationality, Address, Veteran and/or disability status, Telephone number, Mobile phone number, Education, Academic records/grades, Military service, Work experience, Overseas residence and training activities, Social activities, Language skills and other qualifications, Awards, Hobbies, Special skills, Self-introduction (personal statement)
- Optional: Other employment-related information provided by the applicant as needed
· New vendor registration
- Required: Business registration certificate, Copy of bankbook/bank account document, Telephone number, Email address
· ERP / QMS
- Required: Vendor/company name, Name, Date of birth, Email address, Mobile phone number
- Online: Information entered directly by customers on the website
- Offline: Information collected in writing or via fax, email, or telephone during sales activities, customer consultations, etc.
3. Rentention and Destruction of Personal Information
Once the purposes of collection and use have been achieved, the Company destroys the relevant personal information without delay, as follows:
Website Online Inquiry: After the inquiry has been processed and completed
- However, where retention is required under applicable laws and regulations, the Company retains the information for the period prescribed by such laws.
Recruitment site: Until the statutory retention period expires as required under the Labor Standards Act, the Act on the Fairness of Recruitment Procedure, and PIPA
New vendor registration: After the partner company ceases business, or upon the data subject’s request for deletion
ERP / QMS: After membership withdrawal (account deletion)
- Records related to consumer complaints or dispute resolution: 3 years (under the Act on the Consumer Protection in Electronic Commerce, etc.)
4. Outsourcing of Personal Information Processing
To provide services, the Company outsources certain IT-related tasks and real-name/identity verification tasks to external professional service providers as follows:
| Service Provider | Outsourced Processing Activities |
| LS ITC | Security operations; ERP data processing and maintenance; groupware and business system development; network management |
| Five Pro | Website administration and operation |
| Mpower System | PC maintenance/repair and security system operation |
| Solva Technology | Quality Management System (QMS) administration, operation, and maintenance |
| Somansa | Data Loss Prevention (DLP) solution administration and outsourced operation |
The Company enters into a written or electronic outsourcing agreement in accordance with applicable personal information protection laws and regulations. Such agreements clearly specify matters including: compliance with data protection requirements, prohibition of providing personal information to third parties, allocation of liability in the event of an incident, the outsourcing period, and the return or destruction of personal information upon completion of processing. The Company retains the agreement (in writing or electronically).
If the outsourced tasks or service providers change, the Company will disclose such changes without delay through this Privacy Policy.
5. Provision of Personal Information to Third Parties
In principle, the Company does not provide users’ personal information to third parties. However, exceptions apply in the following cases:
- Where the user has provided prior consent.
- Where disclosure is required by applicable laws and regulations, or where an investigative authority requests disclosure in accordance with procedures and methods prescribed by law for investigative purposes.
6. Destruction of Personal Information
In principle, once the retention period has expired or the purpose of processing has been achieved, the Company destroys the relevant personal information without delay. The procedures and methods are as follows:
1) Destruction Procedure
- Personal information entered by data subjects for inquiries, etc. is transferred to a separate database (or, in the case of paper records, to a separate file storage location) after the purpose is achieved, retained for a certain period in accordance with the Company’s internal policies and other applicable laws and regulations (see “Retention and Destruction”), and then destroyed.
2) Destruction Methods
- Personal information stored in electronic file form is deleted using technical methods that prevent the records from being restored or reproduced.
- Personal information printed on paper is destroyed by shredding or incineration.
7. Rights and Obligations of Data Subjects and How to Exercise Them
Data subjects may exercise their rights at any time with respect to the Company, including the right to request access to, correction of, deletion of, and suspension of processing of their personal information.
1) Requests may be submitted to the Company’s personal information protection contact/handling department via the website inquiry channel, in writing, by email, or by fax. The Company will take action without delay after completing verification procedures for the requester (the data subject or an authorized representative).
2) Rights may also be exercised through a representative, such as a legal guardian or an authorized agent. In such cases, a power of attorney in the form prescribed under Appendix Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
3) Requests for access to personal information and for suspension of processing may be restricted pursuant to Article 35(4) and Article 37(2) of the Personal Information Protection Act.
4) Requests for correction or deletion may be denied where other laws require the relevant personal information to be collected/retained.
5) In principle, the Company does not collect personal information of children under the age of 14; however, if collection is unavoidable for business purposes, the Company obtains prior consent from the child’s legal guardian.
6) If a data subject requests correction of an error in personal information, the Company will not use or provide the relevant personal information until the correction is completed.
8. Measures to Ensure the Security of Personal Information
In processing personal information, the Company implements technical, administrative, and physical safeguards necessary under Article 29 of the Personal Information Protection Act to prevent loss, theft, leakage, alteration, or damage of personal information. However, the Company shall not be liable for issues arising from personal information leakage caused by an individual’s negligence or internet-related problems.
1) Establishment and implementation of an internal management plan: The Company establishes and implements internal policies and plans to prevent loss, theft, leakage, forgery, alteration, or damage of personal information.
2) Minimization and training of personnel handling personal information: The Company designates personnel authorized to handle personal information, limits such personnel to the minimum necessary, and provides periodic training to ensure safe management.
3) Access control to personal information: The Company controls access to database systems processing personal information by granting, changing, and revoking access rights as necessary, and uses intrusion prevention systems to control unauthorized external access.
4) Retention of access logs and prevention of tampering: The Company retains and manages records of access to personal information processing systems (e.g., web logs and summary information) for at least one year, and uses security measures to prevent forgery/tampering, theft, or loss of such records.
5) Encryption of personal information: Important personal information is encrypted for storage and management. The Company also applies separate security measures such as encryption during storage and transmission of important data.
6) Technical safeguards against hacking, etc.: The Company installs security programs, performs periodic updates and inspections, places systems in areas with controlled external access, and monitors/blocks threats through technical and physical measures. The Company also monitors and controls network traffic and detects attempts to illegally alter information.
7) Physical measures for secure storage: The Company maintains separate physical locations for systems storing personal information and establishes and operates access control procedures. The Company also implements physical safeguards such as locks to securely store documents containing personal information.
9. Automatic Collection of Personal Inforamtion and How to Refuse
1) Definition of Cookies
A cookie is a very small text file sent by the server operating a website to a user’s computer and stored on the computer’s hard drive. Users can choose whether to allow the installation and collection of cookies and may refuse cookie collection.
2) How to Disable or Manage Cookies
- Internet Explorer: Tools (top of browser) → Internet Options → Privacy → Set the privacy level manually
- Chrome: Customize and control Google Chrome (top right) → Settings → Advanced → Privacy and security → Content settings → Configure settings under the Cookies section
10. Chief Privacy Officer / Privacy Contact
The Company appoints a person responsible for protecting the personal information it processes and for handling privacy-related complaints. For inquiries regarding personal information, please contact:
- Chief Privacy Officer (CPO): Dongchoon Myung (Head of Management Support Division)
- Privacy Contact Department/Person: Myunghun Ji (Assistant Manager, Management Support Team)
- Tel: +82-31-8045-8556
- Email: myunghun.ji@haimk.co.kr
To facilitate communication regarding requests for access to personal information, the Company operates a personal information management function. Contact details are as follows:
- Contact Person: Myunghun Ji (Assistant Manager)
- Tel: +82-31-8045-8556
- Address: 6F, LS Mtron Tower, 39, LS-ro 116beon-gil, Dongan-gu, Anyang-si, Gyeonggi-do, Republic of Korea
If your rights or interests related to personal information have been infringed, or if you need consultation, you may contact the following organizations:
- Personal Information Dispute Mediation Committee: 1833-6972 (no area code)
- Personal Information Infringement Report Center (KISA): 118 (no area code)
- Supreme Prosecutors’ Office: 1301 (no area code)
- National Police Agency: 182 (no area code)
This Privacy Policy is effective as of 2023-07-25. If this Privacy Policy is amended, the timing and details of the changes will be continuously disclosed.
- Version: V1.0
- Effective Date: 2023-07-25
