Article 1 [Purpose of Personal Information Processing]

The Company may process personal information of data subjects for the following purposes. The personal information being processed will not be used for purposes other than those specified below, and when the purpose of use changes, the Company will take necessary measures, including obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. User's personal information: Confirmation and processing of business consultation-related inquiries and suggestions
2. Job applicant's personal information: Management of recruitment procedures and company's talent pool

Article 2 [Personal Information Items Processed and Retention Period]

The Company processes and retains the following personal information items within the minimum necessary scope for website operation, within the retention and use period with the data subject's consent in accordance with Article 15(1)(1) and Article 22(1)(7) of the Personal Information Protection Act.

1. Purpose of collection/use of personal information, retention and use period (Users)

1. Collection Purpose: Confirmation and processing of business consultation-related inquiries and suggestions
2. Collection Items: Name, contact information (including phone number, mobile number, email address), affiliated company of the data subject included in the user's inquiries and suggestions
3. Retention and Use Period: Until the completion of processing the user's inquiries and suggestions

1. Purpose of collection/use of personal information, retention and use period (Job Applicants)

1. Collection Purpose: Management of recruitment procedures and company's talent pool
2. Collection Items: Name, contact information (including phone number, mobile number, email address, address), contents stated in resume and self-introduction (including gender, military service, education, language scores, awards, certificates), contents stated in career history (only for experienced job applicants, portfolio, current company and career, previous company's annual salary)
3. Retention and Use Period: 3 years after the completion of the recruitment process

The Company processes and retains the following personal information items within the retention and use period under relevant laws without the data subject's consent.

1. Labor Standards Act

1. Relevant Laws: Article 42 of the Labor Standards Act and Article 22 of its Enforcement Decree
2. Retained Information: Important documents related to labor contracts
3. Retention and Use Period: 3 years

1. Communications Privacy Protection Act

1. Relevant Laws: Article 15-2(2) of the Communications Privacy Protection Act and Article 41(2) of its Enforcement Decree
2. Retained Information: Communication confirmation data (log records, IP) provided upon request from investigative agencies
3. Retention and Use Period: 3 months

Article 3 [Provision of Personal Information to Third Parties]

The Company does not provide personal information received from data subjects to third parties.

Article 4 [Entrustment of Personal Information Processing]

The Company entrusts personal information processing as follows to ensure smooth personal information processing.

1. Entrusted Party (Processor): Hana Medical Foundation
2. Entrusted Tasks: Health examination of confirmed recruits among job applicants

1. The Company specifies in contracts and other documents matters regarding prohibition of processing personal information beyond the purpose of entrusted tasks, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of processors, and liability for damages in accordance with Article 26 of the Personal Information Protection Act when concluding entrustment contracts, and supervises whether processors safely process personal information.
2. In accordance with Article 26(6) of the Personal Information Protection Act, when processors re-entrust the Company's personal information processing tasks, they must obtain the Company's consent.
3. When the content of entrusted tasks or processors change, we will disclose this through this personal information processing policy without delay.

Article 5 [Rights, Obligations, and Exercise Methods of Data Subjects and Legal Representatives]

1. Data subjects may exercise their rights to request inspection, correction, deletion, and suspension of processing of personal information (hereinafter referred to as "exercise of rights") to the Company at any time.
2. Exercise of rights under Paragraph 1 may be done through written documents, email, facsimile transmission (FAX), etc. in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take measures without delay.
3. Exercise of rights under Paragraph 1 may be done through legal representatives or authorized agents. In this case, you must submit a power of attorney in accordance with Form No. 11 of the "Notice on Methods of Processing Personal Information."
4. Requests for inspection and suspension of processing of personal information may be restricted in accordance with Article 35(4) and Article 37(2) of the Personal Information Protection Act.
5. Requests for correction and deletion of personal information cannot be made when the personal information is specified as a collection target under other laws.
6. The Company verifies whether the person requesting inspection, correction, deletion, or suspension of processing is the person themselves or a legitimate representative when exercising rights.

Article 6 [Destruction of Personal Information]

1. The Company destroys personal information without delay when it becomes unnecessary due to the expiration of the retention period or achievement of processing purposes.
2. When personal information must be preserved under other laws even after the retention period agreed with the data subject has expired or the processing purpose has been achieved, the Company moves or stores the personal information in a separate database (DB) or different storage location.
3. The procedures and methods for destroying personal information are as follows.

1. Destruction Procedure: The Company selects personal information subject to destruction and destroys it after obtaining approval from the Company's personal information protection officer.
2. Destruction Method: The Company destroys personal information recorded and stored in electronic file format so that the records cannot be reproduced, and shreds or incinerates personal information recorded and stored in paper documents.

Article 7 [Security Measures for Personal Information]

The Company takes the following measures to ensure the security of personal information.

1. Administrative Measures: Establishment and implementation of internal management plans, regular employee education, etc.
2. Technical Measures: Management of access rights to personal information processing systems, installation of security programs, etc.
3. Physical Measures: Access control to data storage locations, etc.

Article 8 [Installation, Operation, and Refusal of Personal Information Automatic Collection Devices]

The Company does not use 'cookies' that store and retrieve user information from time to time.

Article 9 [Personal Information Protection Officer]

1. The Company designates a personal information protection officer as follows to be responsible for overall personal information processing and handle complaints and damage relief related to personal information processing.

Personal Information Protection Officer and Department in Charge

1. Name: Song Eui-jin
2. Position: Support Department Leader
3. Department in Charge: Support Department
4. Contact: 02-3140-4600
5. Email: ygp_it@ygmail.net

Data subjects may contact the personal information protection officer and department in charge regarding all personal information protection-related inquiries, complaints, and damage relief that occur while using the Company's website. The Company will respond to and process inquiries without delay.

Article 10 [Request for Personal Information Inspection]

Data subjects may request inspection of personal information in accordance with Article 35 of the Personal Information Protection Act to the following department.

1. Department: Support Department
2. Person in Charge: Personal Information Protection Officer
3. Contact: 02-3140-4600, ygp_it@ygmail.net

Article 11 [Remedies for Rights Infringement]

Data subjects may apply for dispute resolution or counseling to the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency, Personal Information Infringement Report Center, etc. to receive relief from personal information infringement. For other reports and counseling regarding personal information infringement, please contact the following institutions.

1. Personal Information Dispute Mediation Committee:
   (No area code) 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Report Center:
   (No area code) 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors' Office:
   (No area code) 1301 (www.spo.go.kr)
4. National Police Agency:
   (No area code) 182 (ecrm.police.go.kr)

A person whose rights or interests have been infringed due to an act or omission by the head of a public institution regarding requests under Articles 35 (Inspection of Personal Information), 36 (Correction and Deletion of Personal Information), and 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.
※ For detailed information about administrative appeals, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).

Article 12 [Changes to Personal Information Processing Policy]

This personal information processing policy applies from March 26, 2025.

Previous personal information processing policies can be viewed through the separate link at the top.