Privacy Policy

Privacy Policy (09.30.2011)
OK
The Doosan Machine Tools (the "Company") complies with the relevant statutory provisions regarding the protection of personal information, including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection.
The Company further commits to safeguarding the rights and interests of the owners and holders of personal information, such as its customers, staff and website users, and has established its own Privacy and Information Processing Policy, in accordance with the relevant legislation.
The Company, through its Privacy and Information Processing Policy, etc., notifies the purposes and procedures of the collection of personal information, as well as the relevant protection measures. In case of any update or revision to the Policy, the Company will announce the change either on its website’s notice or by means of individual communication.
However, other affiliated websites of the Company may have different policies.

1. Personal Information Processing Policy

01. General Provisions

"Personal Information" refers to the personally identifiable information of a living person whose identity may be checked easily in combination with the use of other sources such as name, national identification number, and picture, even though it is rarely possible to differentiate the individual in question with only the given information. "Informer" means the owner of any information that enables the recognition of a person’s identity. The Company discloses the Personal Information Processing Policy on the first screen of the website (www.doosanmachinetools.com) to facilitate the verification of the policy in question, and will always announce any changes or revisions to this policy via a notice posted on its website or through individual communication.

02. Processed Personal Information and Purposes of Processing

Without the legitimate provisions or the consent of the informer, the Company may handle neither the sensitive information that may significantly compromise the privacy of its provider nor the unique identification information assigned to distinguish the interested-party from others.

A. Processed Information

[Concerning customers]

Name, home address, e-mail, company name, service record, access log, cookies, and IP address information

[Concerning employment]

Name, social security number, picture, password, home address, home telephone number, mobile phone number, e-mail, education, military service, foreign language proficiency, computer skills, qualifications, family relationships, career, social experience, awards, international experience, and research experience

B. Purposes of Processing

[Concerning customers]

- Settlement of the complaints on the membership and points of dissatisfaction

- online market research or survey

- marketing or advertising; service delivery

- and the settlement of fees

[Concerning employment]

- Recruitment process, application form revision, employment success or failure, contact, employment requirements checkup

- payroll, welfare benefits, support for various tasks, and assessment (HR management)

03. Processing and the Retention Period of Personal Information

In principle, the collected personal information will be destroyed immediately after the purpose for which it was collected has been achieved. However, the following information will be retained during the designated period for the reasons set forth below.

- Retained information : name, home address, e-mail, company name

- Retention period : 1 year

- Reasons for retention : user inquiries/request management, user identification, etc.

- Retained information : service use data, access log, cookies, IP address information

- Retention period : 3 years

- Reasons for retention : enhancement of service quality through analysis of service use

04. Procedures and methods for the destruction of personal information

A. Destruction procedures

The company destroys the personal information without delay once it has achieved the purpose of its collection or the retention period has finished, except where the retention is required pursuant to the informer's consent, terms of use, or relevant legislation.

B. Methods of destruction

- Personal information stored in electronic file formats shall be deleted using technical methods that prevent the recovery of its record.

- Personal information printed on the paper shall be broken by the shredder, or destroyed through incineration.

05. Provision of personal information to a third party

The Company uses the personal information only within the scope laid out in "02. Processed Personal Information and Purposes of Processing”, and does not abuse it in excess of the established range nor discloses it to a third party. However, the following cases are exceptions.

- In the case of having received the special consent of the informer

- If there are special provisions in other relevant laws

- If it is impossible to obtain the prior consent of the informer or its legal representative due to the state in which he cannot express his or her intention or his or her unknown address, so that the stored information is deemed to be necessary evidence for an imminent benefit of life, health, property of the informer or relevant third party

- In case of providing the personal information in a form to block the recognition of a particular individual as necessary for the purposes of statistics and research.

The Company currently provides the following personal information

- Institutions receiving personal information : Multicampus, Korea TOEIC Committee, The Korea Chamber of Commerce & Industry, the Ministry of National Defense and Regional Military Manpower Administration, District Office/Community Center

- Offered personal information : name, social security number, mobile phone number, military serial number

- Purpose : verification of qualification

- Retention and use period : immediately destroyed

06. Outsourcing of personal information processing

The Company does not entrust the personal information processing to an outside agency without the prior consent of the relevant informer. For the outsourcing of personal information processing, the Company has in place the following instructions to safely manage the personal information when it concludes an outsourcing agreement in accordance with the relevant legislation

- Trustee company : Doosan Information Communication BU Inc.

- Outsourced service : Operation of the employment system

07. Rights and Obligations of Informers and Methods to Exercise the Rights

Every informer may demand the access, correction, omission, and suspension of his or her personal information that the Company treats. However, the Company may refuse or limit the aforementioned demand under the following conditions

- If there is a special legal provision or it is unavoidable to comply with statutory obligations

- If there is a concern to harm the lives or bodies of others, or to damage improperly the property and other interests of other people

- If it is difficult to fulfill the contract, including agreed services, without processing the personal information, meanwhile the informer does not reveal clearly the intention to terminate the contract

Methods and Procedures to Exercise Rights

- The informer who wants to read his or her personal information may submit the Request of Reading, Correction, Deletion, and Suspension in writing, e-mail, fax, etc., to the department in charge (For this, see the section "09. Complaint Resolution Service for Personal Information“).

- The Company takes action to respond to the demand within 10 days unless there is a justifiable reason, and communicates the reasons, if any, for such denial or restriction within five days, as well as the methods to appeal against this refusal or restriction.

- The Company may verify the identity of the informer or, his or her representative that demands the reading, etc., of the personal information, checking his or her identity cards such as social security card, one of certified electronic signatures or other equivalents.

08. Technical, Administrative, and Physical Protection Measures for Personal Information

The Company takes the following safety measures to prevent personal information from being lost, stolen, leaked, altered, or damaged

- The Company complies with the required legal standards for the secure storage and transmission of the personal information.

- Using anti-virus software, the company takes steps to prevent the damage caused by computer viruses. The anti-virus program is updated periodically, and protects against the violation of privacy in case of a sudden outbreak of a new virus, providing its new version as soon as possible.

- Against external attacks such as hacking, the Company does everything for the security, utilizing an intrusion detection system and a vulnerability assessment system for each server.

- The company gives the exclusive access to personal information to those who deal with sales and marketing directly with the informers, to those in charge of the management of personal information, and those who inevitably handle the personal data through carrying out other tasks.

- The employees who treat the personal information take a regular in-house training and outsourcing education on the protection of personal information, being properly supervised to strictly comply with laws and regulations to the same purpose after both starting work and after taking retirement.

- For the secure storage of the personal information and its handling system, the facilities are equipped with protection measures to prevent a physical access, including physical locking devices.

- The computer room and data storage room, designated as special security areas, are under strict access control.

09. Complaint Resolution Service for Personal Information

The Company designates and operates the following division and officer in charge to protect the personal information and respond to the complaints regarding the sector.

A. Personal Information Division

Division: Compliance Team

Phone : 02-3670-5386

Fax : 02-3670-5382

E-mail : Compliance_MT@doosan.com

Business Hours : (Mon-Fri) 09:00 – 18:00, (closed on Sat-Sun, national holidays)

B. Chief Privacy Officer

Name : Seungyoung Lee

Tel. : 02-3670-5384

E-mail : Compliance_MT@doosan.com

If you want to report or need an advice on the invasion of the privacy, please contact the following organizations.

- Personal Information Dispute Mediation Committee (http://privacy.kisa.or.kr tel: 118)

- Privacy Complaint Center (http://www.privacy.go.kr tel: 118)

- Government Protection Mark Authentication Commission (http://www.eprivacy.or.kr tel: 02-580-0533~4)

- Internet Criminal Investigation Center, Supreme Prosecutor's Office (http://www.spo.go.kr tel: 02-3480-3600)

- Cyber Terror Response Center, National Police Agency (http://www.ctrc.go.kr tel: 02-392-0330)

10. Notification

Additions, deletions and modifications of the current Personal Information Processing Policy will be notified through the website’s notice at least 10 days prior to the revision.

Announcement date: Sept. 30, 2011

Effective Date: Sept. 30, 2011

2. Personal Information Handling Policy

Doosan Machine Tools (“the Company”) appreciates the importance of your personal information and conforms to the Act on Promotion of Information and Communications Network Utilization and Information Protection. The Company hereby informs you of the purposes and methods by which we may use your personal information and of the actions taken to protect your privacy. If the privacy policy is modified or updated, the Company will inform you of the details by providing a notice on our website or through individual notification.

The following personal information handling policy is applied to this website (www.doosanmachinetools.com, “this Site”).

The following personal information handling policy is applied to this website (www.doosanmachinetools.com, “this Site”).

01. Matters on Installation, Operation, and Rejection of Automated Data (Personal Information) Collection System

The Company operates cookies, which frequently store and access your personal information. A cookie is a small piece of text sent by a web server to your web browser, which is used to run the website. It is also stored on the hard disk of your computer. The Company uses cookies for the purposes outlined in the following items:

02. Uses of Cookies, etc.

Cookies may be used to analyze the frequency of access or visiting hours of users, store the information about user preferences, track users’ web browsing habits, and provide target marketing and customized service through analysis of user participation in events and number of visits. You have a choice of whether to install cookies. You may accept all cookies, confirm whenever cookies are stored, or reject the storage of all cookies by setting an option in your web browser.

03. How to Reject the Storage of Cookies

You may accept all cookies, or confirm whenever cookies are stored, or reject the storage of all cookies by selecting an option in your web browser.

Example of settings (for Internet Explorer) : Tools > Internet Option > Privacy

But, if you refuse to install cookies, you may have difficulty in using certain services.

04. Purposes of Collection

The Company may collect your personal information for the following purposes:

- To provide customer services such as membership management and complaints resolution;

- To provide you with better services and improve the level of this Site by conducting online market research or public opinion polls through which your ideas can be received;

- For marketing or advertising with your prior consent; and

- To implement the provisions of service contracts and to provide billing content for services provided.

05. Gathered Personal Information

The Company collects the following personal information to manage counseling, application for service, etc.:

- Items collected : name, home address, e-mail, company name, service use, access log, cookies, IP information, mobile phone number, home phone number, social security number (training application)

- How to collect personal information : Home page (Contact Us, Training Application and Voice of Customer)

06. Provision of Personal Information

The company, in principle, does not provide its users' personal information to outside persons, bodies or organizations. However, the exceptions possible are listed below.

- If users agree in advance

- If the provision of personal information complies with provisions of the law or by the request of the investigation agencies according to the procedures and methods set forth for the purpose of investigation

07. Disclosure of Personal Information

Personal information collected through this Site is not disclosed to third parties, except where you give prior consent, or where your personal information is required by law to be disclosed to third parties such as investigative agencies, judicial authorities or other branches of government.

Exceptions are made in the following cases:

- If users agree in advance

- If the provision of personal information complies with provisions of the law or by the request of the investigation agencies according to the procedures and methods set forth for the purpose of investigation

Where you have agreed to disclose your personal information in advance;

Under the provision of laws or upon the request of investigative agency in accordance with the procedures and methods stipulated by law for investigation.

The Company does not provide your personal information to outside companies without your prior consent. If it is necessary to disclose your personal information to an outside company to provide the service you have requested, the Company will inform you of the identity of the company as well as the details of requested service and obtain your prior consent.

If you do not agree to disclose your personal information for purposes other than responding to your request for information/service, you may indicate as such by marking on the applicable column in your personal information page.

08. Rights of Users and Their Legal Representatives and How to Exercise Them

You and your respective legal representatives, at any time, may check or modify your registered personal information as well as request to cancel your prior consent.

You may also contact our personal information manager in writing or by telephone or email, and the manager will help you promptly. If you request to correct errors in your personal information, the information is neither used nor provided before the correction is completed. If your incorrect personal information has been provided to a third party, they will be promptly notified of the result of the correction.

The Company handles the personal information which has been withdrawn or deleted at your or your legal representative’s request in the manner provided in the ‘Retention and Duration of Use’ and does not access or use it for other purposes.

09. Retention and Destruction of Personal Information

Any information provided by you will be banned from use, other than for the purpose of record keeping in our archives or for the purpose of complying with relevant laws and regulations. Such information is promptly destroyed upon achievement of the purpose of its use. However, if you wish to remove your personal information from our records, the information in its entirety will be destroyed immediately upon your request, and no information shall be retained in our archives unless relevant laws and regulations require such information to be stored for a longer period of time. The procedures and methods are listed as below:

A. Retention and Duration of Use

- Retained information : name, home phone number, home address, mobile phone number, e-mail

- Reasons for retention : prevention of confusion arising regarding service use, and cooperation with relevant investigation agencies in connection with any instances of service abuse

- Retention period : 1 year

- Reasons for retention : user inquiries/requests management, user identification, etc.

- Retained information : service usage data, access log, cookies, IP information

- Reasons for retention : Communications Secrets Act

- Retention period : 3 years

- Reasons for retention : collection of service use statistics

B. Destruction Procedures

The information that you enter is transferred to a separate database (a separate file folder in case of paper) after the achievement of its purpose, to be saved for internal policies and other information protection reasons adhering to the relevant regulations (see “Retention and Duration of Use”) during a limited time and will be destroyed ultimately. The data separately transferred into the database, unless the law permits the exception, shall not be used for purposes other than its original objective.

C. Destruction Methods

Personal information stored in electronic file formats shall be deleted using technical methods that prevent the recovery of its record.

10. Links to Third Party Websites

This Site may contain links to third party websites, and the Company shall not be liable for the use of the linked websites or their contents. You agree that the use of the linked websites is subject to the Personal Information Handling Policy of those websites.

11. Personal Information Security

The Company maintains strict safety devices to prevent unauthorized or inappropriate access to personal information by limiting the access or use by its employees to the information.

12. Outsourcing of Collected Personal Information Management

The Company outsources the implementation and operation of this service to the following external specialist:

- Trustee : Doosan Information Communication Inc.

- Outsourced service : website and system management

13. Customer Support Service for Personal Information Management

The Company designates and operates the following division and officer in charge to protect the personal information and respond to the complaints regarding the sector:

Division : Compliance Team

Phone : 02-3670-5386

E-mail : Compliance_MT@doosan.com

Business Hours : (Mon-Fri), 09:00 – 18:00, (closed on Sat-Sun, national holidays)

If you want to report or need an advice on the invasion of privacy, please contact the following organizations:

- Personal Information Dispute Mediation Committee (http://privacy.kisa.or.kr Phone : 1336)

- Personal Information Protection Mark Accreditation Committee (http://www.eprivacy.or.kr Phone : 02-580-0533~4)

- Internet Criminal Investigation Center, Supreme Prosecutor's Office (http://www.spo.go.kr Phone : 02-3480-3600)

- Cyber Terror Response Center, National Police Agency (http://www.ctrc.go.kr Phone : 02-392-0330)

Announcement Date: September 30, 2011

Effective Date: September 30, 2011

3. Visual Information Processing Equipment Management Policy

01. Basis and Purposes of the Installation of Visual Information Processing Equipment

The Visual Information Processing Equipment Management Policy ("the Policy") has its purpose to promote the proper execution of work and contribute to the assurance of interests of the informers, establishing the provisions with which Doosan Machine Tools (‘the Company) shall comply regarding the installation and operation of visual information processing equipment and the protection of personal video information, in accordance with Article 25 of the Personal Information Protection Act.

02. Principles of the Protection of Personal Visual Information

The Company collects personal visual information within the scope of minimum necessity to meet the purpose of installing visual information processing equipment, so that this intention will be recognized clearly by the informers, and does not use the data for purposes other than this. The Company commits to correctly managing the personal visual information safely, ensuring its accuracy and latest update, disclosing general details on the processing of personal visual information and guaranteeing the rights of any relevant informers.

03. Designation of the Administrator

The officer, division, and personnel responsible for the safe management of the personal visual information are as follows:

- Officer : General Administration Team Manager

- Division : General Administration Team, Div. of Administrative Support

- Operator in charge : Operator responsible for installation and operation of visual information processing equipment, General Administration Team, Div. of Administrative Support

04. Installation of Visual Information Processing Equipment

The number, locations, and shooting ranges of the installed visual information processing equipment are shown below:

- Number of visual information processing equipment : A total 82 units (71 of fixed types, 11 of rotary types);

- Locations of visual information processing equipment : Entrance and aisle of each floor, elevator hall and elevator interior, vehicles entering and exiting from parking facilities and outside square

- Shooting range of video information processing equipment : Entrances, walkways, elevator halls and elevator interiors

05. Installation of Signs

The Company takes the necessary measures so that the installation and operation of visual information processing equipment can be easily recognized, including installation of information signs that state the following points:

- Purpose and place of the installation, shooting range and time, and the administrator's name, job title, and contact details

- In case of the outsourcing of the installation and management, the trustee's name and contact details

Location and size of the sign attached are as follows:

- Place : Entrance to the building

- Size : 40 ⅹ 30cm (However, it can be changed according to the condition of the installed location)

06. Viewing Request of the Informer

The informer may request the viewing and verification ("the view") of his or her own personal visual information that the Company handles.

When the Company receives the request for the view, it shall take necessary measures without delay, and may verify the identity of the requestor, or his or her legitimate representative with the submission of documents which can prove the informer’s identity, such as a ID card, driver’s license or passport.

The Company may refuse the informer's request for the view, notifying within 10 days the reasons for denial and appeal procedures in writing to him or her in the following cases:

- If the corresponding personal visual information is destroyed, due to the storage period termination

- If there are legitimate reasons to reject the informer's view request

07. Recording Time of Visual Information Processing Equipment

Recording and storage times and storage areas are as follows:

- Recording time : 24 hours

- Storage time : 30 days to 3 months, depending on the shooting area

- Storage areas : General Control Center, etc.

08. Visual Information Management

Using the personal visual information for any purposes other than the collection or providing it to third parties with informer's consent or by the provisions of the law requires the following points on the "Personal Visual Information Management Record" to be inscribed:

- Name of personal visual information file

- Name of the person who will use or receive the information

- Purpose of the use or offer

- Statutory grounds of the use or offer, if any

- Period of the use or offer, if any

- Form of the use or offer

In the case of the destruction of the personal visual information, it is required to note down the following points on the "Personal Visual Information Management Record":

- Personal visual information item to be destroyed

- Date of the destruction of personal visual information (in case of a pre-set period for automatic destruction, its destruction cycle, etc.)

- Personnel in charge of the destruction of personal visual information

09. Storage and Destruction

The Company destroys the collected personal visual information without delay, when the storage period expires, set forth in the Policy. However, this does not apply if there are special provisions in other relevant laws.
The personal visual information is destroyed as follows:

- For the output (pictures, for example) containing the personal visual information, shredding or incineration

- For personal visual information in the form of electromagnetic video files, permanent deletion that incapacitates their restoration by technical means

10. Administrative, Technical and Physical Measures

The Company administers minimum personnel to access to the personal visual information processed by the equipment, including the administrator and responsible operator. The zones where the personal visual information transmitted by the processing equipment is viewed and played are designated as restricted access areas to control the entrance of the people other than the authorized to access. The Company modifies or disqualifies without delay the permission rights of those who change their positions due to retirement and transfer. The company takes necessary measures to ensure the security of the personal information or video files processed or transmitted, in order to prevent them from being lost, stolen, leaked, damaged or altered, including password setting. The Company checks regularly the functions of the visual information processing equipment to block an alteration or falsification of the data.

11. Outsourcing of the Installation and Management of Visual Information Processing Equipment

The Company outsources the management of personal visual information to the following trustee and is responsible for overseeing the processing of the information.

- Trustee : DFMS Inc.

- Outsourced service : installation and operation of visual information processing equipment

Announcement Date: September 30, 2011

Effective Date: September 30, 2011