Hankook Cosmetics (“the company” hereinafter) highly values the users of its website (“the users” hereinafter) and complies with the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.

The company informs its users of the usage and methods of their personal information provided by the users and the actions taken to protect such personal information through its policy on personal information protection. The company will publish any revisions to its policy on personal information protection through its announcement on its website (or notify individually).

◆ This policy will go into force on July 3, 2015.

1. Purpose of collection or use of personal information
You may freely access most contents of its website without undergoing any separate procedure for membership subscription. However, the company collects some personal information concerning the applicants who want to use services related to customer complaints, suggestions, counseling on service for purchase of its products, and counseling on customer service.

2. Consent to collection of personal information
The company provides processes for the users to click the buttons of ‘I Agree’ or ‘I Don’t Agree’ in connection with its collection of personal information. When the user clicks the ’I Agree’ button, he/she is deemed to have consented to the collection of personal information.

3. Items of personal information to be collected
The company collects the below-listed personal information for counseling, request for service etc.:

① Items collected : Name in full, mobile phone number, e-mail address, access IP device, cookies, service usage records, and access log data

② Means for collection of personal information : Website

4. Period of retention and use of personal information
As a rule, the company destroys the relevant information without delay when the purpose of its collection or use of personal information is accomplished. However, the company retains the information concerning its members (users) for a given period provided under the relevant statutes as follows when it is necessary to archive such information pursuant to the relevant statutes:
Records concerning handling of consumer complaints and disputes: 3 years (Act on Consumer Protection in Electronic Commerce, etc)

5. Procedures and methods for destroying personal information
As a rule, the company destroys the relevant information without delay when the purpose of its collection or use of personal information is accomplished. Procedures and methods for destroying personal information are as follows:

① Destroying procedure
Information entered by the users are destroyed after storage for a given period based on causes for protection of information provided under the internal company policy or relevant statutes (See Period of retention and use) after being transferred to a separate database (a separate filing cabinet in case of paper documents) when the purpose is accomplished.
The personal information transferred to the separate database is not used for purposes other than retention unless otherwise provided under the law.

② Destroying method
Personal information saved in digital file formats are deleted using technological means for disabling regeneration of the records.

6. Entrustment or outsourcing of processing of collected personal information
The company outsources the processing of the personal information to an outside service provider as follows to perform its services:

① Contractor outsourced : Inspot Co., Ltd.

② Contents of outsourced functions : Website and system management

7. Rights and duties of the users and methods for their exercise
The users may exercise the below-listed rights as subject individual:

① he users may exercise their rights concerning the below-listed matters for protection of their personal information against the company at their convenience:

1.Request for review of their personal information

2.Request for correction of errors if any

3.Request for deletion

4.Request for discontinuance of handling

② The users may exercise their rights under paragraph 1 against the company using with a letter, e-mail or fax using Form No. 8 in Annex of the Enforcement Rules of the Act on Protection of Personal Information whereas the company will take actions against such request without delay.

③ When a user or subject individual requests correction or deletion of errors in their personal information, the company will not use or provide [to any third party] the personal information until such errors are fully corrected or deleted.

④ The rights under paragraph 1 may be exercised by a legal agent or empowered attorney of the subject individual. In such a case, a power of attorney (proxy) should be submitted using Form No. 11 under Annex of the Enforcement Rules of the Act on Protection of Personal Information.

8. Actions for security of personal information
The company takes technical, administrative or physical steps as follows to secure safety [of personal information] pursuant to Article 29 of the Personal Information Protection Act:

① Periodic internal audit
To secure safety in handling personal information, an internal audit is performed periodically (once each quarter).

② Internal control plans developed and implemented
To ensure safe handling of personal information, internal control plans are developed and implemented.

③ Encryption of personal information
Only the subject user may understand the password for access to their personal information as it is saved and managed in encrypted format.

④ Technical measures against hacking, etc.
To prevent any leakage or damage of personal information by hacking or computer viruses, the company installs security programs and conducts periodic updates or inspections and installs systems in zones to which access is controlled. The systems are technically and physically monitored and blocked.

⑤ Restriction of access to personal information
The company takes steps necessary to control access to personal information by granting, altering or removing access authority to its database systems that handle personal information. It also controls unauthorized access from the outside using intrusion blocking systems.

⑥ Storage of access records and prevention of forging or tampering
The records of access to personal information handling systems are stored and managed for a minimum of six months and security functions are used to prevent forging, tampering, theft or loss of access records.

9. Person responsible for protection of personal information

① The company appoints persons responsible for protection of personal information as follows to supervise functions related to handling of personal information and complaints or relief of subject individuals:

▶ Person responsible for protection of personal information
Name in Full : Kim Gyu-dong
Position : Management Support Unit Manager
E-mail address : kd7190@hkcosm.com
※ You will be automatically connected to the department responsible for protection of personal information.

▶ Department responsible for protection of personal information
Department name : Marketing strategy team, Hankook Cosmetics Co., Ltd.
Phone number : +82-2-724-3326
E-mail address : ryoon@hkcosm.com

② The users or subject individuals may ask questions to the person or department responsible for protection of personal information concerning any matters related to inquiry, handling of complaints or relief of damages arising related to personal information while using Hankook Cosmetics website and its services. The company will respond to or handle all such questions raised by subject individuals, without delay.

10. Request for review of personal information

① The users or subject individuals may request the below-listed department for review of their personal information pursuant to Article 35 of the Personal Information Protection Act: The company will resort to speedily handling such request for review of personal information by subject individuals.

▶ Department accepting and handling request for review of personal information
Department name : Computing team
Phone number : +82-2-724-3381
E-mail address : poj@hkcosm.com

② The users or subject individuals may request for review of their personal information through the integrated support portal website of the Ministry of Security and Public Administration () in addition the company’s department accepting and handling request for review of personal information under paragraph 1.

▶ The Ministry of Security and Public Administration integrated the support portal website for protection of personal information → Complaints concerning personal information → Request for review of personal information (i-pin required for the user authentication)

11. Changes or amendments to policy on handling of personal information
This policy on handling personal information is applied on its date of enforcement. Any addition, deletion or correction based on changes in the relevant statutes or the company’s policy will be published through its announcement from seven days before the enforcement of such changes.