Hugel, Inc. (hereinafter referred to as the "Company") complies with the Personal Information Protection Act and related laws and regulations to protect the freedom and rights of information subjects, and process personal information lawfully and securely. In accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses a privacy policy to guide information subjects on the procedures and standards for processing personal information and to handle related complaints promptly and smoothly.
The Company processes personal information for the following purposes. Personal information processed by the Company will not be used for purposes other than those specified below, and in the event that the purpose of use is changed, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1. Service Provision
1) Personal information is processed for the purpose of providing services for various inquiries, including customer inquiries, recruitment inquiries, and business partnerships.
2) Personal information is processed for the purpose of verifying and responding to reports of illegal, burdensome, or unethical conduct by employees.
1. The Company processes and retains personal information within the period of personal information retention and use as specified by law or within the agreed-upon the period of personal information retention and use obtained from the information subject at the time of collection.
2. The processing and retention period of personal information is one (1) year.
The Company processes the following items of personal information:1. Inquiry Details: Name, affiliation, telephone number, email address, inquiry content
2. Cyber Sinmungo: Reporter's name, affiliation, telephone number, email address; and reported subject's affiliation, name, business division, position, and report content
1. When personal information becomes unnecessary due to the expiration of the retention period of personal information, the achievement of the processing purpose, etc., the Company promptly destroys the relevant personal information.
2. If personal information must be retained pursuant to other laws despite the expiration of the agreed-upon retention period obtained from the information subject or the achievement of the processing purpose, the Company transfers the personal information to a separate database (DB) or stores it in a different location.
3. The procedure and method of personal information destruction are as follows.
1) Destruction Procedure: The department or person in charge responsible for the relevant information selects the personal information for destruction when the reason for destruction occurs and proceeds to destroy the personal information according to the following method of destruction.
2) Destruction Method:The Company destroys personal information recorded or stored in electronic file from in a manner that the records cannot be regenerated, and shreds or incinerates personal information recorded or stored in paper documents.
1. Information subjects have the right to request access, correction, deletion, or suspension of processing of personal information from the Company at any time.
2. Rights can be exercised by submitting a request to the Company in writing, via electronic mail, facsimile transmission (FAX), etc., in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will promptly take action upon receipt of such requests.
3. Rights can also be exercised through legal representatives of information subjects or individuals delegated to act on their behalf. In this case, a power of attorney according to Annex 11 of the ‘Guidelines on Personal Information Processing Methods (No. 2020-7)’ must be submitted.
4. Requests for access to personal information or for suspension of processing may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act.
5. Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target under other laws.
6. The Company verifies whether the person making a request for access, correction, deletion, or suspension of processing under the rights of the information subject is the information subject themselves or a legitimate representative.
To ensure the security of personal information, the Company has implemented the following measures:
1. Administrative Measures: Establishment and implementation of internal management plans, operation of dedicated organizations, regular employee training, etc.
2. Technical Measures: Management of access rights to personal information processing systems, installation of security programs, etc.
3. Physical Measures: Access control to computer rooms, data storage rooms, etc.
1. In accordance with Article 15(3) and Article 17(4) of the Personal Information Protection Act, the Company may use or provide personal information additionally without the consent of the information subject, considering the matters specified in Article 14-2 of the Enforcement Decree of the Personal Information Protection Act.
2. Accordingly, the Company has considered the following factors to additionally use or provide personal information without the consent of the information subject:
1) Whether the purpose of additional use or provision of personal information is related to the original purpose of collection.
2) Whether there is predictability of additional use or provision in light of the circumstances under which the personal information was collected or processing practices.
3) Whether the additional use or provision of personal information unjustly infringes on the interests of the information subject.
4) Whether necessary measures to ensure safety, such as pseudonymization or encryption, have been taken.
1. The Company is responsible for overseeing personal information processing tasks and has designated a personal information protection manager for handling complaints and remedies related to personal information processing. The details are as follows:
1) Personal Information Security Officer
Department, Name, Position: Security Office, Lee Sang Gyu, Director
Contact: privacy@hugel-inc.com / 02-6966-1600
2) Personal Information Security Department
Department Name: Security Office, Security Team 1
Contact: privacy@hugel-inc.com / 02-6966-1600
※ This department also handles personal information access requests.
2. Information subjects can contact the personal information security officer and the department in charge regarding all inquiries, complaints, and remedies related to personal information protection arising from the use of the Company's services (or business). The Company will promptly respond and address inquiries of information subjects.
1. Information subjects may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency Personal Information Infringement Report Center, and other relevant institutions, to seek resolution for personal information breaches. For other reports or consultations regarding personal information breaches, please contact the following organizations:
1) Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
2) Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
3) Supreme Prosecutors' Office of the Republic of Korea: 1301 (www.spo.go.kr)
4) National Police Agency: 182 (ecrm.cyber.go.kr)
2. The Company ensures information subjects' right to self-determination of personal information and endeavors to provide consultation and remedy for damages caused by personal information breaches. If reporting or consultation is necessary, please contact the following department:
1) Customer Consultation and Reporting for Personal Information Protection
Department Name: Security Office, Security Team 1
Contact: privacy@hugel-inc.com / 02-6966-1600
3. According to the provisions of Article 35 (Access to Personal Information), Article 36 (Correction or Deletion of Personal Information), and Article 37 (Suspension of Personal Information) of the ‘Personal Information Protection Act’, individuals who have suffered infringement of rights or interests due to the actions or omissions of a public institution’s head in response to requests based on those provisions may file an administrative appeal in accordance with the Administrative Appeals Act.
1) Central Administrative Appeals Commission: (Without area code) 110 (www.simpan.go.kr)
1. This Privacy Policy will be effective from April 1, 2024.
2. In the event of changes to the Privacy Policy, we will provide access to previous versions on this page.
