OCI NOW

Personal Information Processing Guidelines

OCI is dedicated to protecting
the rights and interests of users.

Personal Information Processing Guidelines of OCI

OCI (hereinafter the “Company”) establishes and discloses the following personal information processing guidelines to protect the personal information of users and address related difficulties quickly and effectively in accordance with related laws such as the Act on Promotion of Information and Communications Network Utilization and Information Protection and the Personal Information Protection Act.

Article 1. Purpose of Personal Information Processing (Establishment and Use)

The Company processes personal information for the following purposes. The Company shall not use collected personal information for purposes other than the following, and if the purpose of use is changed, it will take necessary measures including obtaining prior consent from users in accordance with Article 18 of the Personal Information Protection Act.

[Provision of customer service]

The Company will process personal information to address questions and requests received from the customer service section of the Company’s website and to post notices of improvements and changes in services.

[Receipt and management of tip-offs related to ethical management]

The Company shall process personal information to respond to tip-offs sent to the cyber ombudsman and sexual harassment report center on the Company’s website and to verify facts.

[Recruitment]

The Company will process personal information to carry out recruitment screening, receive and correct applications, confirm successful applicants, communicate with applicants, verify qualification (career, education, certificates, etc.), manage other recruitment procedures, and resolve disputes related to recruitment.

Article 2. Items Subject to Personal Information Processing and Period of Retention

The Company collects a minimum range of personal information for user access to the website, recruitment applications and other purposes.

WebsiteService nameCategoryItems for collectionRetention period
WebsiteOnline whistleblowing systemOptionalName, phone number, email1 year after addressing tip-offs
Sexual harassment report centerOptionalName, phone number, emailImmediately deleted when purposes are fulfilled
Product inquiryRequiredName, phone number, emailImmediately deleted when purposes are fulfilled
Website for recruitmentRecruitment systemRequiredName, phone number, email, date of birth, gender, current address, place of resident registration, patriots and veterans information, military service information, education, letter of self-introductionUpon request for deletion by an applicant<br/>Deleted immediately
OptionalForeign language tests, qualificationsUpon request for deletion by an applicant<br/>Deleted immediately

[Sensitive information collection and purposes of use]

WebsiteService nameCategoryItems for collectionRetention period
Website for recruitmentRecruitment systemRequiredInformation on disabilities (grade and description)Upon request for deletion by an applicant<br/>Deleted immediately

Article 3. Provision of Personal Information to a Third Party

The Company provides personal information as follows after obtaining consent from users.

WebsiteReceiver of personal informationPurpose of provision Items providedRetention and use periods
WebsiteConsolidated subsidiaries of OCIAdditional verification and confirmation of receipt of tip-offsName, email address, phone numberUntil purposes are fulfilled or users withdraw consent to provision
Ministry of Patriots and Veterans AffairsVerification of preferential treatment eligibility for patriots and veteransName, date of birth, patriots and veterans registration numberUntil purposes are fulfilled or users withdraw consent to provision
Website for recruitmentConsolidated subsidiaries of OCIMaterial related to recruitment document screening and interviews by subsidiariesName, phone number, email, date of birth, gender, current address, place of resident registration, patriots and veterans information, military service information, education, letter of self-introduction, foreign language tests, qualificationsUntil purposes are fulfilled or users withdraw consent to provision

Article 4. Entrustment of Personal Information

The company entrusts the processing of personal information as follows for smooth processing of personal information.

WebsiteCompany nameEntrusted tasks
WebsiteEmotionManagement, operation and maintenance of the website
Website for recruitmentDoodlinRecruitment homepage management
Assessment Consulting GroupPersonality and aptitude tests for applicants
PAGODA SCSInterview in foreign languages
Seoul Central Medical Clinic
Donggunsan Hospital
Gwangyang Seoul Hospital
Pohang St. Mary's Hospital
Iksan Hospital
Employment health check-up agency

Article 5. Rights and Obligations of the Subject of Information and Method of Exercise

  • Users may exercise the right to request to view, modify, delete, or suspend the processing of personal information by the Company at any time.
  • The exercise of rights in paragraph 1 may be directed to the Company using form No. 8 of the Enforcement Rule of the Personal Information Protection Act in writing, email, or fax, and the Company will immediately take due measures after user identity authentication (within five (5) working days).
  • The rights in paragraph 1 may be exercised by agents such as the legal guardian of the subject of information or an entrusted person. In this case, power of attorney must be submitted using form No. 11 of Article 11 of the Enforcement Rule of the Personal Information Protection Act.
  • The Company may limit or deny access to personal information after it notifies the subject of information of the reason in any of the following cases.
    • Access is prohibited or limited by law;
    • Access may cause damage to the life or body of a third party, or unjustified infringement of property and other interests of another person;
    • Information requested by users for access does not exist or is not stored due to destruction; and
    • The request for the correction of an application for recruitment is made after the deadline for application submission.
  • If the subject of information requests the correction or deletion of errors on his or her personal information, the Company shall not use or provide it until correction or deletion is completed.

Article 6. Destruction of Personal Information

  • The Company shall destroy personal information without delay when the personal information becomes unnecessary owing to the expiry of the retention period and the attainment of the purpose of processing the personal information.
  • If personal information needs to be retained pursuant to other laws despite the expiry of the retention period of personal information for which consent was obtained from users or the attainment of purposes of personal information processing, such personal information will be separated and moved to another database or kept in other places.

Article 7. Measures to Secure Safety of Personal Information

The Company takes the following technical and management measures to protect the safety of personal information and prevent its loss, theft, leakage, falsification or damage.

[Establishment and implementation of internal control plan]

  • The Company establishes and implements an internal control plan for the safe processing of personal information.
  • The Company shall check the implementation of personal information protection measures and observance of internal control plan by a manager in charge of personal information protection through its internal information protection unit, and corrective measures will be taken immediately when problems are found.

[Personal information encryption]

  • The user’s personal information is stored and managed after encryption, and all transmission data is encrypted.

[Technical measures against hacking, etc.]

  • The Company uses the latest version of antivirus software and controls access rights to prevent the leakage or damage of personal information due to hacking or computer viruses.
  • The Company maintains the security of the personal information processing system and computers of employees handling personal information to prevent personal information from being disclosed to unauthorized persons through the Internet website and P2P sharing.
  • The Company separates and stores log records by designated employees who handle the personal information processing system.

[Physical protection measures]

  • The computer center and data storage room are designated as special protection areas for access control.

[Others]

  • The Company is not responsible for incidents caused by users’ mistakes or due to the intrinsic risks of the Internet.

Article 8. Designation of Manager in Charge of Personal Information Protection

The Company designates a manager and personnel in charge of personal information protection to protect users’ personal information and handle complaints.

Categorythe person in charge
Manager in charge of personal information protectionDepartment and positionGeneral Affairs Team / Team manager
NameHan SeongWoon
Personnel in charge of personal information protectionDepartment and positionGeneral Affairs Team / Manager
NameYang Jaeman
phone number+82-2-727-9500 (company phone number)
emailsecurity@oci.co.kr

Article 9. Methods of Remedy for the Infringement of the Rights and Interests of Users

To obtain relief for a breach of personal information, users may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or Korea Internet & Security Agency’s Personal Information Infringement Report Center. To file a report or receive consultation on cases of personal information breach, please contact the following entities.

  • Korea Internet & Security Agency Personal Information Infringement Report Center (http://privacy.kisa.or.kr): call 118
  • Personal Information Dispute Mediation Committee (http://kopico.go.kr): +82-2-2100-2499
  • Supreme Prosecutors’ Office Cyber Crime Investigation Team (http://spo.go.kr): +82-2-3480-3571
  • National Police Agency Cyber Bureau (http://cyberbureau.police.go.kr) call 182

Article 10. Installation and Operation of Personal Information Automatic Collection Device and Cookie Rejection

The Company does not use “cookies” that enable it to store and retrieve the browsing activities of information subjects.

Article 11. Changes in Personal Information Processing Guidelines

These personal information processing guidelines shall be effective from May 2, 2023.