HD Hyundai commits to being a company that listens attentively, even to the smallest voices.
HD Hyundai (hereafter referred to as "the Company") values the personal information of data subjects, adhering to the [Personal Information Protection Act], [Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.], [Protection of Communications Secrets Act], and [Telecommunications Business Act] among other related legal regulations. The Company will handle personal information collected, retained, and processed according to these laws, appropriately and lawfully, to ensure the proper execution of business activities and protect the rights and interests of data subjects.
1. Purpose of Processing Personal Information
The Company processes personal information for the following purposes. The processed personal information will not be used for any other purposes unless the purpose of use changes, in which case prior consent will be obtained.
A. IR Meeting Requests and Service Provision
The Company collects personal information within the minimum scope for IR meeting requests. The specific purposes of processing are as follows:
Securing communication channels for responding to or handling IR meeting requests
2. Collection Items, Retention and Use Period of Personal Information
The Company collects and processes the minimum necessary personal information as follows. If the information needs to be preserved in accordance with the relevant laws and regulations, the information may be retained for the legally required period.
| Category | Items Collected | Retention Period |
|---|---|---|
| IR meeting booking |
- Applicant : Name, Company Name, Contact Number, Email - Visitor : Company, Name of the Main visitor, Additional Visitor Information(Name, Title, Company, Country), Company Profile, and any File Attachment(such as documents, images, or other supporting materials) |
3 months |
3. Provision of Personal Information to a Third Party
The Company does not provide to a third party the personal information of the Data subjects.
The personal information is provided to a third party only in such cases as when the Data subjects consent to such provision, or the personal information needs to be provided to a third party under Article 17 or Article 18 of the Personal Information Protection Act. If personal information is to be provided to a third party, it will be disclosed in accordance with the Personal Information Processing Policy.
4. Consignment of Personal Information Procession
For the effective processing of personal information, the company consigns the personal information processing to an external service provider as follows. If the content of the consigned work or the service provider changes, we will promptly disclose it in accordance with the Personal Information Processing through this policy without delay.
| Consignee | Consigned work | Retention Period |
|---|---|---|
| EASYMEDIA | Maintenance and repair of homepage | Until the end of consignment contract |
5. Procedures and Methods for Destroying Personal Information
The Company promptly destroys personal information when the purpose of its collection and use has been achieved or if the retention period has expired. If the retention of personal information is required by relevant laws, the information will be stored in a separate database (DB) or transferred to a different storage location.
Destruction Procedure and Methods
1) For electronic files: Deleted using a technical method that prevents recovery.
2) For paper documents and other records: Shredded or incinerated.
6. Measures to Ensure the Security of Personal Information
The Company takes the following measures to ensure the security of personal information against loss, theft, leakage, alteration, or damage.
A. Establishment and Implementation of Internal Management Plan
The Company implements an internal management plan based on standards for securing the safety of personal information.
B. Minimization and Training of Personal Information Processing Personnel
The Company limits access to personal information to designated personnel, assigns separate passwords that are regularly updated, and provides ongoing training to reinforce compliance with the Company’s privacy policies.
C. Access Restrictions to Personal Information
Access control measures are in place to restrict access, modify, and delete personal information within the Company’s database systems. Personnel accessing the personal information processing system via external networks must use a Virtual Private Network (VPN).
D. Record Maintenance and Tamper-Proofing of Access Logs
Access logs to the personal information processing system (e.g., web logs) are retained and managed for at least one year, and security measures are implemented to prevent tampering, theft, or loss of access logs.
E. Encryption of Personal Information
Personal information is stored and managed in encrypted form. Additionally, sensitive data is encrypted for secure storage and transmission.
F. Measures against Hacking and Viruses
01. The Company takes all necessary measures to prevent the leakage or damage of personal information due to hacking or computer viruses.
02. Data is regularly backed up, antivirus software is maintained, and encryption is used for secure data transmission.
03. Unauthorized access from outside sources is blocked through a firewall, and all possible technical measures are employed to ensure security.
G. Control of Physical Access to Data Storage Facilities
The Company’s privacy protection team monitors the implementation of privacy policies. If issues are detected, corrective measures are taken promptly. However, the Company is not responsible for any issues arising from data subjects’ negligence or issues with the internet that lead to the disclosure of IDs, passwords, social security numbers, etc.
7. Installation, Operation, and Refusal of Automatic Data Collection Devices
The Company currently does not operate any tools that automatically collect personal information, such as cookies. However, if necessary for future service provision, the Company may install and operate automatic collection tools. In such cases, data subjects will be given the option to accept or refuse the installation of cookies, or to reject the storage of all cookies.
A. What is a Cookie?
Cookies are small text files sent by the server operating the website to the data subjects' browser, which are then stored on the hard disk of the data subjects' computer. When the data subjects revisit the website, the website server reads the contents of the cookies stored on the data subjects' hard disk to maintain their preferences and provide customized services. Cookies do not automatically or actively collect information that identifies individuals, and data subjects may refuse or delete stored cookies at any time.
B. Installation, Administration and Refusal of Cookies
Data subjects have an option of installing cookies, and can configure settings (allowing, blocking, deletion etc. of cookies) through a web browser option.
- Allowing and blocking cookies at web browser.
01. Chrome: Web browser settings > Personal information protection and security > Deleting internet use record.
02. Edge: Web browser settings > Cookies and site authorization > Managing and deleting cookies and site data.
- Permitting and blocking cookies at mobile browser
01. Chrome: Mobile browser settings > Personal information protection and security > Deleting internet use record.
02. Safari: Mobile device settings > Safari > Advanced > Blocking all cookies.
03. Samsung internet: Mobile browser settings > Internet use record > Deleting internet use record.
8. Rights and Obligations of Information Owners and Legal Representatives and Method of Exercising the Rights
The Company enables data subjects to exercise, at any time, the rights to request access to, correction, deletion, suspension of processing of, or withdrawal of consent for the use of their personal information (hereinafter referred to as “exercise of rights”).
In accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, such requests may be made in writing, by telephone, e-mail, fax, or other means, and the Company will take prompt action upon receipt of such requests.
The exercise of rights may also be carried out through the data subject’s legal representative or an authorized agent. In such cases, a power of attorney in the form prescribed in Appendix 11 of the “Public Notice on Personal Information Processing Methods” must be submitted.
However, the right of a data subject to request access to or suspension of processing of personal information may be restricted pursuant to Articles 35(4) and 37(2) of the Personal Information Protection Act. In addition, if the collection of certain personal information is explicitly required by other laws, deletion of such information cannot be requested.
The Company shall also verify that the person exercising the rights is the data subject himself/herself or a duly authorized representative.
Data subjects may exercise their rights by contacting the department below.
[Department for Receiving and Processing Requests for Access to Personal Information]
- Department: Brand Design Team
- Email: haecheul.shim@hd.com
9. Privacy Protection Manager
The Company designates the following Privacy Protection Officers and personnel to protect customers' personal information and handle related complaints and inquiries.
| Role | Department | Name | Contact Info |
|---|---|---|---|
|
Chief Privacy Officer(CPO)
|
Information Security Team
|
Kim Sungbae
|
・Email: kimsb@hd.com
・Phone Number: 02-479-5683 |
|
Privacy Protection Officer
|
Information Security Team
|
Park Yoonsik
|
・Email: yoonsik.park@hd.com
・Phone Number: 02-479-8954 |
If you have any complaints related to the protection of personal information arising from the use of our services, you can report them to the Personal Information Management Officer or the relevant department. We will promptly provide sufficient answers to your reported issues.
10. Remedies for Data Subject Rights Violations
Data subjects may seek relief for personal data breaches by requesting dispute resolution or consultation from relevant authorities. Please contact the following organizations if you need to report or seek consultation regarding a personal information violation.
Personal Information Dispute Mediation Committee : (No area code needed) 1833-6972 (www.kopico.go.kr)
Personal Information Infringement Report Center of the KISA : (No area code needed) 118 (privacy.kisa.or.kr)
Supreme Prosecutors' Office : (No area code needed) 1301 (www.spo.go.kr)
National Police Agency : (No area code needed) 182 (ecrm.police.go.kr)
11. Changes to Personal Information Processing Policy
This policy will enter into force on November 28, 2025. The previous privacy policy can be found at the top right.