HSC Korea Co., Ltd. Privacy Policy

1. Purposes of Processing Personal Information

The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those listed below, and if the purpose of use changes, necessary measures, such as obtaining separate consent under Article 18 of the Personal Information Protection Act, will be implemented.

1. Responding to Customer Inquiries and Consultations
   Personal information is processed to respond to product inquiries, quote requests, technical consultations, and other inquiries submitted through the website inquiry form.
2. Management of Business Partners and Conclusion and Performance of Contracts
   Personal information is processed for business consultations, contract conclusion, and tasks necessary to maintain business relationships, including quotations, orders, delivery, and settlement.
3. Facility Safety and Prevention of Fire and Crime
   Video information is processed through fixed visual information processing devices (CCTV) for the safety management of the interior and exterior of the office and building, as well as the parking lot, and for the prevention of theft, crime, and vehicle damage.

2. Items of Personal Information Processed

The Company collects and uses personal information to the minimum extent necessary for the purpose of processing, as follows.

The Company does not process sensitive information such as ideology, beliefs, union or political party membership, political opinions, health, sexual life, or other information that may significantly infringe upon the privacy of data subjects, nor does it process unique identification information (such as resident registration numbers).

3. Processing and Retention Period of Personal Information

The Company processes and retains personal information within the retention and usage period required by law or the period agreed upon when collecting personal information from data subjects.

However, if an investigation or inquiry is in progress due to a violation of relevant laws and regulations, the information will be retained until the conclusion of such investigation or inquiry.

4. Procedures and Methods for Destruction of Personal Information

When personal information becomes unnecessary, such as upon expiration of the retention period or fulfillment of the processing purpose, the Company destroys the relevant personal information without delay.

1. Destruction Procedure
   The Company identifies personal information for which a reason for destruction has arisen, and destroys the personal information upon approval by the Personal Information Protection Officer.
2. Destruction Method
   Personal information recorded and stored in electronic file format is destroyed using technical methods that prevent the recovery of records (such as permanent deletion), while personal information recorded and stored in paper documents is destroyed by shredding or incineration. CCTV video information is permanently deleted in a manner that prevents restoration upon expiration of the retention period.

5. Provision of Personal Information to Third Parties

The Company processes the personal information of data subjects only within the scope specified in Article 1, and does not provide it to third parties without the prior consent of the data subject. However, the following exceptions apply:

• When the data subject has given separate consent
• When there are special provisions in other laws, such as Article 17(1)(2) and Article 18(2) of the Personal Information Protection Act
• When provided in accordance with the procedures and methods prescribed by law, upon the request of an investigative agency

6. Overseas Transfer of Personal Information

The Company transfers personal information overseas (storage and processing entrustment) for business email/collaboration services and website operation as follows, and provides the following information in accordance with Article 28-8(2) of the Personal Information Protection Act.

6-1. Google Workspace (Email and Collaboration Services)

6-2. Amazon Web Services (Website Hosting and Server Operation)

7. Entrustment of Personal Information Processing Tasks

The Company may entrust personal information processing tasks when necessary for smooth handling of personal information operations. When concluding entrustment contracts, the Company specifies necessary matters in the contract and supervises the trustee in accordance with Article 26 of the Personal Information Protection Act.

※ Matters regarding overseas entrustment (Google Workspace, AWS) are described in "6. Overseas Transfer of Personal Information."

※ In the event of any additional domestic entrustment, the Company will promptly disclose such information through this Privacy Policy.

8. Measures to Ensure the Security of Personal Information

1. Administrative Measures: Establishment and implementation of an internal management plan, minimizing the number of employees handling personal information, and conducting regular training
2. Technical Measures: Access privilege management, installation of access control systems, encryption of personal information, installation and periodic updates/inspections of security programs, retention of access logs, and prevention of forgery and alteration
3. Physical Measures: Access control to data storage rooms, and storage of documents and auxiliary storage media in secure locations with locking devices

9. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices

1. The Company may use "cookies" to provide customized services.
2. Cookies are small pieces of information sent by the server to the data subject's browser, which are stored on the device and automatically transmitted when accessing the website.
3. Data subjects can set their browser options to allow or refuse cookies. However, if you refuse to allow cookies, there may be restrictions on the use of certain services.

How to Set Cookies in Web Browsers

• Chrome: ⋮ in the top right → Settings → Privacy and Security → Third-party cookies
• Edge: ⋯ in the top right → Settings → Cookies and site permissions → Manage and delete cookies and site data
• Safari (Mac): Safari menu → Settings → Privacy → Cookies and website data

10. Rights and Obligations of Data Subjects and Legal Representatives and Methods of Exercising Them

1. Data subjects may request the Company to view, correct, delete, or suspend the processing of their personal information, or withdraw their consent at any time.
2. Rights may be exercised in writing, by email, fax, etc., in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
3. Rights may also be exercised through a legal representative or a delegated agent. In this case, a power of attorney must be submitted.
4. Requests for access to and suspension of processing of personal information may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act.
5. Personal information designated for collection under other laws cannot be requested for deletion.
6. When exercising rights, the Company verifies whether the requester is the data subject or a legitimate representative.

11. Operation and Management of Fixed Visual Information Processing Devices

The Company hereby informs you of how personal video information processed by fixed visual information processing devices (CCTV) is used and managed, as follows.

① Basis and Purpose of Installation

The Company installs and operates CCTV for the following purposes in accordance with Article 25(1) of the Personal Information Protection Act and Article 6(1) of the Enforcement Rule of the Parking Lot Act.

• Facility safety and fire prevention
• Theft and crime prevention
• Prevention of vehicle theft and damage

② Number of Installations, Installation Locations, and Filming Range

③ Management Officer and Persons with Access Privileges

④ Filming Time, Retention Period, Storage Location, and Processing Method

Processing Method: Matters concerning the use of personal video information for purposes other than its intended purpose, provision to third parties, destruction, and requests for access, etc., are recorded and managed, and the information is permanently deleted in a manner that prevents restoration upon expiration of the retention period.

⑤ Method and Location for Confirming Personal Video Information

• Confirmation Method: You may confirm by contacting the Personal Video Information Management Officer in advance and visiting the Company.
• Confirmation Location: Company office

⑥ Measures Regarding Data Subjects' Requests for Access to Video Information

Data subjects may request the Company at any time to view, confirm the existence of, or delete personal video information. However, this is limited to personal video information in which the data subject is recorded. The Company will take necessary action without delay upon the request of the data subject.

⑦ Measures to Ensure the Security of Personal Video Information

Personal video information processed by the Company is safely managed through secure physical and administrative storage measures, including differentiated access privileges and the installation of locking devices.

12. Personal Information Protection Officer

13. Remedies for Infringement of Data Subjects' Rights

• Personal Information Dispute Mediation Committee: 1833-6972 (no area code required) (www.kopico.go.kr)
• Personal Information Infringement Report Center: 118 (no area code required) (privacy.kisa.or.kr)
• Supreme Prosecutors' Office Cyber Investigation Division: 1301 (no area code required) (www.spo.go.kr)
• National Police Agency Cyber Crime Reporting System: 182 (no area code required) (ecrm.police.go.kr)
• Central Administrative Appeals Commission: 110 (no area code required) (www.simpan.go.kr)

14. Changes to the Privacy Policy

1. This Privacy Policy is effective from May 14, 2026.
2. Content may be added, deleted, or modified in accordance with changes in laws, policies, or security technologies, and any changes will be announced through the website.