Privacy Policy

POSCO M-Tech (Company) establishes and discloses the following privacy policy to protect your personal data, rights and interests, while handling related complaints quickly and efficiently according to Article 30 of the Personal Information Protection Act. The Company will inform you of any revisions of the Privacy Policy through website announcements (or through a separate notice).

This policy is effective as of October 22, 2021.

Article 1. Purpose of handling personal information

The Company handles private information for the following purposes. The private information will not be used for any purpose other than the following, and in any case where the purpose of use changes, we will take due measures, such as obtaining separate consent according to Article 18 of the Personal Information Protection Act.

  • ○ Offered services
    • - Recruitment: We collect personal information to contact potential candidates and notify them of the next steps that will be taken and the interview results.
    • - e-Procurement System We collect private information to offer supplementary services related to the trade of the company’s products and services.

Article 2. Retention and usage periods of personal data

The Company processes and retains personal information within the retention and usage periods in accordance with the law or within the retention and usage periods you agreed to at the time your personal data was collected.

  • ○ Recruitment
    • - How we collect information : You enter your information on the Company’s hiring website.
    • - Retention period : The data is disposed of immediately after the hiring process is complete.
  • ○ e-Procurement System
    • - How we collect information : You enter your information in the e-Procurement System.
    • - Retention period : Until the information becomes no longer necessary for the business purpose.

Article 3. Provision of private information to a third party

In principle, the Company does not provide personal information to a third party. However, there are exceptions in the following cases.

  • ○ If we receive separate consent from you.
  • ○ In situations that fall under Articles 17 and 18 of the Personal Information Protection Act, including special provisions in laws.
  • ○ If there is a request from an investigation agency in accordance with the procedures and methods prescribed by laws and regulations for the purpose of investigation.

Article 4. Consignment of personal information

The Company consigns the management of personal information for efficiency as follows.

  • ○ Consignee : POSCO ICT
  • ○ Consigned services : When concluding a consignment contract, the Company that maintains and runs the POSCO Group’s hiring website, e-Procurement System, and the Help Desk retains the contract information by laying down clear regulations on compliance with laws and regulations on privacy, prohibition of provision of personal information to a third party, and relevant responsibilities. In the case that a consignee is changed, we will provide notification of the change in our update or privacy policy.

Article 5. You and your legal representative’s privacy rights and obligations, and how you can exercise said rights

As for children under the age of 14, a legal representative has the right to inquire or modify the child's personal information, and the right to withdraw consent to the collection and use of said information.

  1. 1. You or your legal representative may exercise the following privacy rights at any time against the Company.
    • ○ Request to access your personal information
    • ○ Request to revise your personal information when an error is found
    • ○ Request the deletion of your personal information
    • ○ Request to stop processing your personal information
  2. 2. You may exercise your rights according to paragraph 1 in writing, email, fax, etc. after filling out a form pursuant to Attachment 8 of the Enforcement Rule of the Personal Information Protection Act. The Company will take action without delay.
  3. 3. Should you or your legal representative request the Company to revise or delete errors found in your personal information, the Company will not use or provide the personal information until the correction or deletion is complete.
  4. 4. Your right and your legal representative’s right to access or stop processing your personal information may be restricted in accordance with Article 35.5 and Article 37.2 of the Personal Information Protection Act.
  5. 5. You may not be able to request to revise or delete your personal data if the information is specified as an item that must be collected under other laws.
  6. 6. You may be checked on whether you are the person you are claiming to be upon your request to access, revise, delete, or stop processing your personal data. The same is applied to your legal representative.
    • * [Attachment 8 of the Enforcement Rule for the Personal Information Protection Act] Request for personal information (For accessing, correction/deletion, suspension of processing.)
    • * [[Attachment 11 of the Enforcement Rule for the Personal Information Protection Act] Power of attorney

Article 6. Private information processed

The Company processes private information as follows:

  • ○ Recruitment
    • - Required information : Company name (Korean, English), representative's name, representative's resident registration number, business location, company phone number, business registration number, address, type of business, business item, registrant's name, registrant's phone number, registrant's e-mail address.

Article 7. How we dispose of your private information

In principle, if the purpose of processing the personal information is achieved, the Company disposes of your personal information immediately.
When it is necessary to keep retaining your personal information because the purpose of processing the personal information is not yet achieved, we transfer your information to another location including a separate database to store the information. In this case, we also discard the information if the retention period has elapsed.
We dispose of your private information using methods as follows.

○ Disposal process

The Company processes unnecessary personal data/files according to internal policy under the supervision of the Chief Information Officer as follows.

  • - Disposal of personal data
    • We discard the personal data immediately on the date the retention period has ended.
  • - Disposal of personal data files
    • We discard personal data files on the date when the file is considered unnecessary because the purpose of processing the data file has been achieved, or when the service or project that uses the information is terminated.

○ Disposal method

  • - We dispose of your personal information recorded/stored as electronic files using technical methods, so that the record cannot be reproduced.
  • - Personal information printed on paper is destroyed by using a paper shredder or by burning it.

Article 8. Measures to ensure the safety of personal information

The Company takes technical, administrative, and physical measures to ensure the safety of your personal information according to Article 29 of the Personal Information Protection Act.

  • ○ Establishment/implementation of an internal management plan
    • The Company establishes and implements internal management plans pursuant to internal management guidelines of the Ministry of Interior and Safety.
  • ○ Minimum number of Information Officers and training
    • We keep the number of Information Officers to a minimum and provide regular training according to Article 28.2 of the Personal Information Protection Act.
  • ○ Restrictions on access to personal information
    • We take due measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information. We use an intrusion prevention system to control unauthorized external access.
  • ○ Storage of access records and tampering prevention
    • The Company maintains and manages access records to the system (e.g. web logs, information summary) for at least one year, and uses security features to prevent tampering, theft, or loss of access records.
  • ○ Encryption of personal information
    • Your personal information is encrypted before it is stored and managed. We have added security features for important data and encrypt it when storing and transferring.
  • ○ Technical measures against hacking
    • The Company installs security programs to prevent leaking and damage of personal data due to hacking or computer virus. We update and inspect our systems periodically, set up our systems in areas with strict access control and monitor and block entry using technical and physical means. We also monitor network traffic and detect illegal attempts to change information.
  • ○ Access control for unauthorized people
    • We have prepared a physical place to store personal information systems and have established entry control of the place.

Article 9. Chief Information Officer

The Company has designated the CIO and an employee in charge of personal data as below in order to protect personal information and handle complaints regarding personal data (personal information pursuant to Article 31.1 of the Personal Information Protection Act).

  • ○ Chief Information Officer
    • - Name : Kyu-bong Kang
    • - Division : Executive officer
    • - Title: Managing Director
    • - Tel: 054-280-8215/koudi@poscomtech.com
  • ○ Chief Information Officer
    • - Name : Jae-ho Park
    • - Division : Finance Group
    • - Title: Group Head
    • - Tel: 054-280-8215/koudi@poscomtech.com
  • ○ Information Officer
    • - Name : Young-hee Park
    • - Division : Finance Group
    • - Title: Leader
    • - Tel: 054-280-8215/koudi@poscomtech.com

Article 10. Collection of personal data using automatic devices

The Company may use cookies (automatic device to collect personal data, such as internet access information) to save and retrieve user information. Cookies are small pieces of information that a server uses to run a website and sends to your browsers. They are sometimes stored on your computer hard disk. When you access a website, computers in the Company read the cookies in your browser, and find additional information from your computer to offer the service without having you to insert information such as your name. Cookies identify your computer but they do not identify you individually.

Using cookies, the Company gets information, such as frequency of your visits, your visiting time, and the number of visits, so as to provide the services needed to run or to reorganize the website.

You are able to choose your preference for the use of cookies. As such, you can set your preference on your web browser to allow all cookies, allow some, or reject all. Go to Tools > Internet options > Security > Preferences to allow all cookies, or confirm every time a cookie is saved, or refuse to save any cookies.

Article 11. Request to view personal information

You may file a request for access to personal information to the following departments in accordance with Article 35 of the Personal Information Protection Act. The Company will work to promptly process your request to access your personal information.

○ Department/person in charge of receiving and handling requests to view personal data

- Young-hee Park from the Finance Group (Tel : 054-280-8215, e-mail : koudi@poscomtech.com)

Article 12. Obligation of notification

In case any of the following items are changed, we will provide notification of such changes and obtain your consent.

  • ○ Purpose for the collection and use of personal information
  • ○ Information collected
  • ○ Retention and usage periods for personal data
  • ○ The fact that you have the right to not agree to consent, and disadvantages for not consenting to provide personal data
  • ○ Disclosure of personal data to a third party

Article 13. Remedies for infringement of rights

From the following institutions, you may inquire about relief for damage and consultation on personal information infringement.

<The following institutions are not affiliated with the Company. You may contact them if you are not satisfied with the results of the handling of your complaint or damage relief provided by the Company, or just need more detailed information.>

  • ○ Personal Information Infringement Report Center (Run by the Korea Internet & Security Agency)
    • - Duties: Handling of reports for infringement of personal information and providing consultation
    • - Website: privacy.kisa.or.kr
    • - Tel: (no area code necessary) 118
  • ○ Personal Information Dispute Mediation Committee (Run by the Korea Internet & Security Agency)
    • - Duties: Handling of mediation of disputes on personal information, mediation of group disputes (resolved through a civil suit)
    • - Website: privacy.kisa.or.kr
    • - Tel: (no area code necessary) 118
  • ○ Cyber Investigation Department, Prosecution Service: (no area code necessary) 1301 (www.spo.go.kr)
  • ○ Cyber Bureau, Korean National Police Agency: (no area code necessary) 182 (http://cyberbureau.police.go.kr)

Article 14. Revisions in the Privacy Policy

The Privacy Policy is effective as of October 22, 2021.

View previous versions of the Privacy Policy by selecting the version below.

Should the Company make changes to the Privacy Policy, we will provide notification of any changes along with the reasons on our homepage at least 7 days before such change is made.