Personal Information Processing Policy

Hyundai Motorstudio Privacy Policy

1. General

Hyundai Motor Co., Ltd. (hereinafter referred to as the 'Company') has adopted the following personal information processing policy to protect customers' personal information and to handle related complaints promptly and smoothly in accordance with Article 30 of the 「Personal Information Protection Act」 Established and published.

2. Purpose of personal information processing, items and retention period

  1. 1) The company processes personal information items as follows for the following purposes.

    We process and retain personal information within the period of retention and use of personal information in accordance with laws and regulations or within the period of retention and use of personal information agreed upon when collecting personal information from customers.
    The personal information being processed will not be used for any purpose other than the following, and if the purpose or item of use is changed, necessary measures such as obtaining separate consent pursuant to Article 18 of the 「Personal Information Protection Act」 will be implemented.

    Service classification, purpose of collection and use, collection items, retention period information
    Service Classification Purpose of collection and use Collectibles retention period
    Use of the website (members) - Personal identification and authentication according to membership service use
    - Provision of permanent exhibition, program, event and test drive reservation service
    - Marketing utilization such as latest information and event information
    - Customer inquiry consultation and complaint handling     		[Required items]
    ID, name, date of birth, gender, domestic/foreign status, encrypted identification information (CI), mobile phone number, email, service use record, access log, cookie, access IP information

    [Optional items]
    Home address, Work address, home phone number, work phone number     		Until 5 days after membership withdrawal
    - Immediate destruction if there is no service use history
    - If there is payment and service use history, separate storage for up to 4 years
    Use of the website (non-members) - Provision of permanent exhibition, program and event services
    - Consultation for customer inquiries and handling of complaints     		[Required items]
    ID, name, mobile phone number, encrypted password, service use record, access log, cookie, access IP information     		Until 5 days have elapsed from the last access date or until 5 days have elapsed since the date of viewing
    Exhibition reservation service (member/non-member) - Provision of permanent exhibition service
    - Order/payment processing and payment information management
    - Payment approval or cancellation result history and statistical information
    - Reservation information information     		[Required items]
    Name, mobile phone number, card number, point usage information
    ※Credit card and check card numbers are encrypted information that has undergone de-identification measures, and information about the actual card number cannot be known.

    [Optional items]
    Visited vehicle number     		[Member] Until 5 days after membership withdrawal (However, until 5 days after the viewing date if the viewing date reserved by the member is after the withdrawal date)
    - 5 years (separate DB storage) in case of payment history
    - Handling of consumer complaints or disputes 3 years if there is a history
    (separate DB storage)

    [Non-members]
    Up to 5 days after the reservation date
    - 5 years if there is a payment history (separate DB storage) - 3 years (separately
    ) if there is a history of handling consumer complaints or disputes
    DB separate storage)
    Test drive reservation service (member/on-site reservation) - Test drive service provision - Order/payment processing and payment information management - Use of history and statistical information of payment approval or cancellation results - Response to accidents such as insurance handling in case of test drive accident - Handling fines/negligence due to non-compliance with traffic laws - Theft of test drive vehicle Prevention and operation management, customer complaints, etc. [Required items] Name, date of birth, mobile phone number, gender, signature, card number, point usage information ※Credit card and check card numbers are encrypted information that has undergone de-identification measures, and information about the actual card number cannot be known. [Optional items] Visited vehicle number, e-mail [Member] Until 5 days after membership withdrawal (However, until 5 days after the viewing date if the viewing date reserved by the member is after the withdrawal date) - 5 years (separate DB storage) in case of payment history - Handling of consumer complaints or disputes 3 years if there is a history (separate DB storage) [On-site reservation] Up to 5 days after the reservation date - 5 years if there is a payment history (separate DB storage) - 3 years if there is a history of handling consumer complaints or disputes ( Separate DB storage)
    Customer Center Consultation - Confirmation of customer identity
    - Provision of exhibition and test drive reservation service
    - Customer consultation and complaint handling/collection of opinions     		[Required items]
    Mobile phone number, call history (recording), information generated through customer consultation [Optional items] - ID, name, date of birth, e-mail, visited vehicle number, gender

    when using reservation service
    		Call history (record) 5 years
    Marketing and advertising utilization (members) - Sending out webzine such as newsletters
    - Information on new menus or events for kitchens and cafes
    - Selection of event winners and provision of prizes
    - Information on advertising related to new service development and events
    - Utilization of statistical analysis data for each customer, market research     		[Required items]
    Name, mobile phone number, email     		From the time of consent to receiving marketing information until membership withdrawal/inactive account conversion or refusal to receive marketing information
  2. 2) However, if there is an obligation to preserve in accordance with the provisions of relevant laws, such as the Commercial Act, the company keeps the customer's personal information.

    In this case, the company uses the stored information only for the purpose of storage, and the retention period is as follows.

    1. ① If an investigation or investigation is in progress due to a violation of the relevant laws and regulations, until the investigation or investigation is completed
    2. ② In the case of receivables and debt relations remaining due to the use of the website, when the receivables and debt relations are settled
    3. ③ Records on contract or subscription withdrawal: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
    4. ④ Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
    5. ⑤ Records on handling consumer complaints or disputes: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
    6. ⑥ Records on collection/processing and use of credit information: 3 years (Act on the Use and Protection of Credit Information)
    7. ⑦ Service use record, access log, access IP information according to 「Communication Secret Protection Act」: 3 months

    ※ According to the 'personal information validity period', the personal information of members who have not used the service for one year is separately stored and managed.

3. Personal information destruction procedure and method

  1. 1) The company destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period or achievement of the purpose of processing, unless it is necessary to preserve the personal information in accordance with other laws.
  2. 2) In the event that the personal information retention period agreed upon by the customer has elapsed or the purpose of processing has been achieved, if personal information needs to be kept according to the grounds under other laws and internal policies and information protection reasons (refer to the period of retention and use) , The personal information is transferred to a separate database (DB) or stored in a different storage location (in the case of paper, a separate filing cabinet). Personal information transferred to a separate DB will not be used for any purpose other than the purpose for which it is retained, unless it is required by law.
    1. ① Legal basis: Consumer Protection Act in Electronic Commerce, etc., Framework Act on National Tax and Corporate Tax Act, Commercial Act, Value-Added Tax Act, Communication Secret Protection Act
    2. ② Items of personal information to be preserved: Records on contract or subscription withdrawal (5 years), records on payment and supply of goods (5 years), records on consumer complaints or dispute handling (3 years), all transactions Information related to books and supporting documents (5 years), important documents and slips or similar information related to the company's commercial books and business (important documents 10 years / slip 5 years), tax invoices or receipts issued with books (5 years) year), service use record, access log, access IP information (3 months)
  3. 3) The procedure and method of personal information destruction are as follows.
    1. ① Destruction procedure

      The company selects the personal information for which the reason for destruction has occurred, and destroys the personal information with the approval of the company's personal information protection officer.

    2. ② Destruction method

      The company destroys personal information recorded and stored in the form of electronic files so that the record cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding or incineration with a shredder.

4. Consignment of personal information processing

  1. 1) The company entrusts the following personal information processing tasks for smooth personal information processing.
    Classification of consignment service of personal information processing, consignment company, entrusted work content information
    Service Classification trustee Consignment work
    common NICE Credit Rating Information Co., Ltd. Identification according to membership service use
    Hyundai Auto Ever Customer information management related to Hyundai Motorstudio, computer system development and maintenance
    KSnet Co., Ltd. Online payment proxy (credit/debit card and real-time account transfer)
    Eden & Alice Marketing 1. Specialized program operation, member marketing (SMS, DM, TM, etc.), specialized program civil complaint handling, etc.
    2. Partner service operation, affiliate service civil complaint handling, etc.
    Hyosung ITX Co., Ltd. Customer service related to Hyundai Motorstudio
  2. 2) When concluding a consignment contract, the company is responsible for prohibiting the processing of personal information other than for the purpose of performing entrusted tasks, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, and compensation for damages in accordance with Article 26 of the 「Personal Information Protection Act」 Matters are specified in documents such as contracts and supervise whether the trustee handles personal information safely.
  3. 3) If the contents of the consignment work or the consignee is changed, we will disclose it through this personal information processing policy without delay.

5. Provision of personal information to third parties

  1. 1) The company processes the personal information of the information subject only within the scope specified in Article 1 (Purpose of processing personal information), and in accordance with Articles 17 and 18 of the 「Personal Information Protection Act」 such as the consent of the information subject and special provisions of the law We only provide personal information to third parties where applicable.
  2. 2) When the company provides personal information to a third party, it receives consent after notifying the customer of the following items.
    1. ① Persons receiving personal information
    2. ② Purpose of use of personal information by the person receiving personal information
    3. ③ Items of personal information to be provided
    4. ④ Period of retention and use of personal information by the person receiving personal information
  3. 3) The company does not use the customer's personal information beyond the scope specified above, or provide personal information to others or other organizations. However, exceptions are made in the following cases.
    1. ① In case of prior consent of the customer
    2. ② In case of special provisions of laws and regulations
    3. ③ When there is a request from the investigation agency in accordance with the procedures and methods stipulated in laws and regulations for the purpose of investigation

6. Measures to ensure the safety of personal information

※ Technical/Administrative Protection Measures
for Personal Information The company applies the following technical/administrative measures to ensure safety so that personal information is not lost, stolen, leaked, altered or damaged in processing customer personal information.

  1. 1) Technical measures
    1. ① Encryption of customer information

      Valuable customer personal information is encrypted and stored in the DB, so that even if it is leaked by external intrusion, the customer's personal information cannot be used.

    2. ② Communication section encryption

      We are taking measures to ensure that customer information is safely transmitted through SSL in the section where customers enter and deliver customer information when registering and logging in through the website.

    3. ③ Installation of security solution

      In order to provide services and safely manage customer information, we install vaccine programs, periodically update and inspect the personal information processing system, and apply DB encryption solutions and screen capture prevention solutions. In addition, in preparation for external intrusion such as hacking, an intrusion prevention/detection system is installed and continuous monitoring is performed in preparation for hacking and external intrusion through the integrated security control center.

  2. 2) Administrative measures
    1. ① Establishment of personal information management system

      In order to safely manage personal information, the company has established and is operating a personal information management system internally.

    2. ② Operation of personal information protection committee

      We have formed a committee for the protection of personal information of the company, hold committee meetings at least twice a year, and strive to improve and correct matters such as the operation of the personal information management system and personal information protection issues.

    3. ③ Personal information handler management

      We receive personal information protection pledges from personal information handlers who handle customer personal information, and conduct personal information protection training at least twice a year to ensure the importance and safe management of customer information. In addition, we minimize unnecessary access to and exposure of customers' personal information through the authority management of the personal information controller.

  3. 3) Physical measures
    1. Control of access to computer rooms, data storage rooms, etc.

7. Matters concerning the installation, operation and rejection of the automatic personal information collection device

  1. 1) The company uses 'cookies' to store and retrieve usage information from time to time to provide users with individually customized services.
  2. 2) Cookies are a small amount of information sent by the server (http) used to operate the website to the user's computer browser and are also stored on the hard disk of the user's PC computer.
    1. ① Purpose of use of cookies: Cookies are used to provide targeted marketing and personalized services through website access frequency and visit time analysis, customer interest area identification and analysis, participation in various events and number of visits, etc. Customers have the option to install cookies. Therefore, the customer can accept all cookies by setting options in the web browser, check each time a cookie is saved, or refuse to save all cookies.
    2. ② Installation, operation and rejection of cookies: As a method of refusing cookie setting, you can accept all cookies by selecting the option of the web browser used by the customer, check each time a cookie is saved, or refuse to save all cookies. can.
      ※ Example of setting method (in case of Internet Explorer): Tools at the top of the web browser > Internet Options > Privacy > Advanced > Select setting method
    3. ③ However, if you refuse to store cookies, there may be difficulties in using some services that require login.

8. Rights and obligations of customers and legal representatives and how to exercise them

  1. 1) Customers or their legal representatives (for children under the age of 14) can withdraw (cancellation of membership) consent to collection, use, and provision of personal information to the company at any time, and to view, correct, delete, or suspend processing of personal information You can exercise your rights, such as demand.
  2. 2) Customers or their legal representatives can exercise the above rights in the personal information management menu after accessing the company website and verifying their identity online. and by contacting the person in charge, and the company will take action without delay.
      ① Person in charge of requesting/processing of personal information access, etc.
      - Person in charge of personal information management: Jeong-ah Jeong, responsible manager
      - Affiliation: HMS Management Team
      - Phone number: 1899-6611
  3. 3) The exercise of rights pursuant to Paragraphs 1 and 2 can be done through a representative such as your legal representative or a person who has been delegated. In this case, you must submit a power of attorney in the form of Attachment No. 11 of the “Personal Information Handling Method Notice (No. 2020-7)”.
  4. 4) The right of the customer to view personal information and request suspension of processing may be restricted in accordance with Articles 35 (4) and 37 (2) of the Personal Information Protection Act.
  5. 5) Request for correction and deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws.
  6. 6) The company checks whether the person who made the request, such as a request for reading, correction, deletion, or suspension of processing according to the rights of the information subject, is the person or a legitimate agent.
  7. 7) If the customer requests to correct errors in personal information, the company does not use or provide the personal information until the error correction is completed, and if the personal information has already been provided to a third party, the third party We notify you so that errors can be corrected.
  8. 8) If the customer or legal representative withdraws consent (cancellation of subscription), the company in principle destroys it without delay. We handle it according to the requirements and take measures so that it can be viewed or used only when absolutely necessary.

9. Remedies for Infringement of Customer's Rights and Interests

Customers can inquire about damage relief and consultation for personal information infringement to the following organizations.
The following organizations are separate organizations from the company. If you are not satisfied with the company's own personal information complaint handling and damage relief results, or if you need more detailed help, please contact us.

  • ▶ Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
    • - Responsibilities: Report personal information infringement, apply for counseling
    • - Homepage: privacy.kisa.or.kr
    • - Phone: (without area code) 118
    • - Address: (58324) 3rd floor, 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong)
  • ▶ Personal Information Dispute Mediation Committee
    • - Responsibilities: Personal information dispute mediation application, collective dispute mediation (civil settlement)
    • - Website: www.kopico.go.kr
    • - Tel: (without area code) 1833-6972
    • - Address: 12th floor of Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul (03171)
  • ▶ Supreme Prosecutors' Office Cyber ​​Crime Investigation Team: 02-3480-3573 (www.spo.go.kr)
  • ▶ National Police Agency Cyber ​​Security Bureau: 182 (https://cyberbureau.police.go.kr)

10. Personal information protection manager and person in charge, business processing department

  1. 1) The company is responsible for handling personal information, and has designated a person in charge of personal information protection as follows to handle customer complaints and remedy damages related to personal information processing.
    Hyundai Motorstudio service sector information
    Hyundai Motorstudio Service Division
    - Person in charge of personal information protection: Kim So-min, team leader
    - Affiliation: HMS management team     		- 개인정보 보호 담당자 : 정정아 책임매니저
    - 소속부서 : HMS매니지먼트팀
    - 전화번호 : 1899-6611
    Privacy Policy and General Information
    개인정보보호 정책 및 총괄
    - 개인정보 보호책임자 : 이상홍 상무
    - 소속 : 경영지원본부 개인정보보호팀     		- 개인정보 보호 담당자 : 김준호 책임매니저
    - 소속부서 : 개인정보보호팀
    - 전화번호 : 080-600-6000
    - 이메일 : h-privacy@hyundai.com
  2. 2) 고객께서는 회사의 서비스(또는 사업)을 이용하시면서 발생한 모든 개인정보 보호 관련 문의, 불만처리, 피해구제 등에 관한 사항을 개인정보 보호책임자 및 담당부서로 문의하실 수 있습니다. 회사는 고객님의 문의에 대해 지체없이 답변 및 처리해드릴 것입니다.

11. 광고성 정보 전송 관련 안내

  1. 1) 회사는 고객의 사전 동의 없이 영리목적의 광고성 정보를 전송하지 않습니다.
  2. 2) 회사는 이벤트 안내 및 마케팅 및 홍보 등 영리 목적의 광고성 정보를 전송하는 경우에는, 광고성 정보 전송에 대한 사전 동의를 득한 고객에 한하여 발송하고 있습니다.
  3. 3) 회사는 전자적 전송 매체를 이용하여 광고성 정보 전송하는 경우 「정보통신망 이용촉진 및 정보보호 등에 관한 법률」 제50조부터 제50조의8의 규정에 따라 다음과 같이 조치 후 전송하고 있습니다.
    - 전자적 전송 수단 : 휴대전화 문자메세지, 전자우편, 팩스, 그 밖의 전자적 전송매체
    1. ① 제목이 시작되는 부분에 (광고) 표시
    2. ② 전송자의 명칭 및 연락처
    3. ③ 무료 수신 거부 가능 번호 표기
  4. 4) 회사는 고객님이 광고성 정보 수신 동의를 한 날로부터 2년마다 고객의 광고성 정보 수신 동의 사실을 고객에게 확인합니다. 고객께서 수신 동의 여부 안내를 받은 후 아무런 의사표시를 하지 않으신 경우 수신 동의 의사가 그대로 유지됩니다.
  5. 5) 회사는 오후 9시부터 그 다음 날 오전 8시까지의 시간에 전자적 전송매체를 이용한 광고성 정보를 전송하지 않습니다.
  6. 6) 다만 아래의 경우에 전자적 전송매체로 발송하는 내용은 광고성 정보의 예외로 봅니다.
    • - 회사와 고객간 체결된 계약이행 등과 관련한 정보
    • - 고객께서 요청하신 정보에 대한 답변(예 : 견적서, 차량 카달로그, 요청에 의한 뉴스레터 등)
    • - 관련 법령에 따라 차량 안전 및 품질관련 내용 등 회사가 반드시 고객에게 고지해야 하는 사항

    ※ 광고성 정보 수신에 대한 동의 철회 방법은 다음과 같습니다.
    각 홈페이지 내 마이페이지에서 광고성 정보 수신거부로 변경,
    080-139-5001 : ARS 자동 거부(무료)

12. Matters concerning changes to the personal information processing policy

When the company changes this personal information processing policy, the reason and the change are notified in advance through the notice box on the first screen of the homepage or a separate window, etc., and then changed and applied.

This policy is effective from March 28, 2022.

TOP