UTILITY

A New Change Begins

PRIVACY & INFORMATION PROCESSING POLICY

HYOSUNG GOODSPRINGS Inc. (hereinafter called the "Company") values the personal information of its information principals, and establishes and discloses the ‘Privacy Policy’ to comply with relevant laws, including Personal Information Protection Act.

Article 1 General provision

“Personal information” refers to such information about a living individual that can identify said individual, such as name and resident registration number (including information which alone cannot identify a certain individual, but can be easily combined with other information to be used to identify that individual).
“Information principal” refers to a person who can be identified by the processed information and is the principal of that information.
The Company posts the privacy policy on the first screen of the website so that it can be viewed easily at all times. Also, In the event that this Privacy Policy is amended, the Company will post announcements on our corporate website (or notify individual customers).
Each business division may have its own privacy policy to fit its own business characteristics. In this event, the privacy policy of each business division will take precedence, and you are advised to check the privacy policy posted on the website.

Article 2 Personal information items collected and the purposes of using them

The Company processes the minimum personal information necessary for service provision.

1. Scope of collection
1) Data to be collected when contact us is submitted : Name, e-mail, company name, mobile phone number, phone number
2) Data automatically created and collected during use of the website : Access IP, record of service use, access logs, cookies, MAC address

2. Purpose of processing
1) User identification, response to questions from users, response to suggestions, complaints, request for after-sales service or other support, notifications
2) Analysis of how our services are used, including frequency of access and service usage, for more reliable service availability and optimization of user experiences

Article 3 Processing and retention period of personal information

The Company will destroy any personal information collected immediately after the purpose of collecting and using the personal information has been achieved. However, the following information will be retained for the following reasons for a specified period of time and, if necessary, the consent of the information principal will be obtained.

1. Data to be collected when contact us is submitted
- Period of retention : 1 year
- Purpose : User identification, response to user inquiries, user support, notifications

2. Data automatically created and collected during use of the website
- Period of retention : 6 months
- Purpose : Understanding of access frequency and collection of statistical data on service use

Article 4 Destruction of personal information

TThe Company will immediately destroy any personal information collected once the personal information retention period expires or else the purpose of processing thereof has been achieved.
In the event that personal information needs to be retained pursuant to other laws even if the personal information retention period, to which the information principal consented, has expired, or the purpose of processing thereof has been achieved, the personal information will be moved to a separate database (DB) or storage space.

Methods of destroying personal information are as follows:
1. Personal information recorded and stored in the form of electronic files must be deleted using a technical method ensuring that the records cannot be reproduced.
2. Personal information recorded and stored on paper documents must be shredded on the paper shredder or incinerated.

Article 5 Provision of personal information to a third party

The Company will use personal information within the purview of the purposes of collecting personal information, and will not use personal information outside the purview thereof, or provide it to or share it with a third party. However, exceptions will be made in the following events:

1. in the event that the consent of the information principal was obtained;
2. in the event that there are special provisions in other laws;
3. in the event that prior consent cannot be obtained because the information principal or his/her legal guardian cannot express his/her intention,
or his/her address is unknown, and it is clearly deemed urgently necessary for the life, body or pecuniary benefit of the information principal or a
third party;
4. in the event that it is necessary for statistics and academic research, and personal information is provide in a way that cannot identify
individuals
5. If no activity as required under other relevant laws can be performed unless personal data is used for other purposes than set out herein or
disclosed to a third party, provided that the Protection Committee has reviewed and granted approval.
6. If required for provision to a foreign government or an international organization under a treaty or other international agreement.
7. If required for investigation of a crime or initiation or maintenance of prosecution
8. If required in connection with court-related proceedings
9. If required for penalization, protective custody or probation

Article 6 Consignment of personal information processing

The Company consigns personal information processing as follows for the sake of efficiency, and if a consignment agreement is entered into according to related laws, matters necessary for safe management of personal information are stipulated.

1. Website operations
- Consignee: HYOSUNG TNS Inc.
- Details of consignment: homepage maintenance, system management, etc.
- Term for retention and use of personal data: As expressly specified or until the purpose is no longer valid

Article 7 Rights and obligations of the information principal and how to exercise these rights

The information principal may exercise the following rights related to personal information against the Company at any time:

1. Demanding to view personal information
2. Demanding that errors be corrected if any
3. Demanding deletion
4. Demanding that processing be stopped

formation principals may exercise their rights related to personal information protection by writing, e-mailing or faxing to the Company, and the Company will take necessary measures immediately.
Personal information request form

If an information principal demands that errors in personal information be corrected or deleted, the Company will not use or provide that personal information until the correction or deletion has been completed. Information principals may exercise their rights through their agents like legal guardians or consignees. In this event, the power of attorney must be submitted.
Power of attorney form

Article 8 Measures to ensure the safety of personal information

The company applies the following measures to ensure the safety of the personal information it retains.

1. Administrative measures: establishment and enforcement of internal control plans, regular employee education, etc.
2. Technical measures: installation of access control systems, encryption of important information, using vaccine programs to prevent damages
from computer viruses, personal information transmission security systems (SSL) on the network based on encryption algorithms, operation of
intrusion prevention systems, etc.
3. Physical measures: restriction of access to the computer room, data storage room, etc.

Article 9 Matters concerning the installation and operation of an automatic personal
information collection system, and the rejection thereof

The company applies the following measures to ensure the safety of the personal information it retains.

1. Administrative measures: establishment and enforcement of internal control plans, regular
employee education, etc.
2. Technical measures: installation of access control systems, encryption of important information, using vaccine programs to prevent damages
from computer viruses, personal information transmission security systems (SSL) on the network based on encryption algorithms, operation of
intrusion prevention systems, etc.
3. Physical measures: restriction of access to the computer room, data storage room, etc.

You may choose not to install cookies. Accordingly, you may allow all cookies by setting the option in the web browser, go through a confirmation process whenever a cookie is saved, or refuse to have all cookies saved.
You may reject cookies by selecting an option in your web browser to allow all cookies, going through a confirmation process each time a cookie is saved, or refusing to have all cookies saved.
How to set up (Internet Explorer): Tools > Internet options > Personal information at the top of the web browser If you refused to have cookies installed, however, there may be difficulties with service provision.

Article 10 Chief Privacy Officer

To protect and process personal information, and deal with complaints related the personal information, the Company has the Chief Privacy Officer
and the Department in charge of personal information.

1. Chief Privacy Officer
- Name: Sang-Duk Lee
- Position: Manager
- Contact info: 82-2-3279-8366, rachel.lee@hyosung.com
(※ You will be connected to the department in charge of personal information.)

2. Department in charge of personal information
- Department name: Communication Team
- Person in charge: hea-kyoung Lee
- Phone: 82-2-3279-8366
- e-mail: rachel.lee@hyosung.com

Information principals may direct all inquiries, complaints and requests for damages related to personal information protection in using the Company’s service to the chief privacy officer ands department in charge. The Company will provide prompt and sufficient answers to your inquiries.

If you need to report personal information intrusion or need consultation, you may contact the following agencies:
- Privacy Invasion Reporting Center (www.privacy.kisa.or.kr)
- Personal Information Dispute Mediation Committee (privacy.kisa.or.kr)
- High-Tech Crime Investigation Division, Supreme Prosecutors’ Office (www.spo.go.kr)
- Cyber Terror Response Center, National Police Agency (www.netan.go.kr)

Article 11 Change of the privacy policy

This personal information will go into effect on Feb. 01, 2000.