This policy applies solely to the official website (including mobile) of
Hyundai Steel Pipe Co., Ltd. (hereinafter referred to as the "Company").
The Company does not operate B2C membership services, personalized advertising,
or location-based services. On this site, personal information is collected only
through (i) the "Contact Us" form and (ii) the "Cyber
Whistleblowing" function. The submitted content is immediately forwarded
via email to the designated in-house personnel and is not stored on the
website's management server/DB (except for minimal technical records such
as access logs, which are stored separately).
· Effective Date: September 9, 2025
1. The Company complies with the Personal Information Protection Act and other
applicable laws to protect the personal information of data subjects, and discloses
its processing standards for personal information on this website through this Policy.
2. The scope of this Policy is limited to the Company's official website (including
mobile). Separate policies apply to the recruitment site, CCTV (video surveillance), etc.
3. This website is not intended for children under the age of 14. If it is confirmed
that personal information of a child under 14 has been submitted, the Company will
promptly delete it.
4. The Company processes personal information only to the minimum extent
necessary for handling inquiries and whistleblowing, and if the purpose
changes, it will take necessary measures in accordance with Article 18 of
the Personal Information Protection Act.
1. The Company processes personal information within the following purposes:
| Category | Purpose | Items Collected (Required / Optional) | Legal Basis | Retention Period | Processing / Storage Method |
|---|---|---|---|---|---|
| Contact Us | Receiving, reviewing, responding to inquiries; follow-up communication | Required: Name, Email, Contact No., Subject, Content | Article 15(1)(6) of the Act (legitimate interest) or consent (Art. 15(1)(1)) | Destroyed immediately upon completion (retained within reasonable scope if needed for disputes / complaints) | Input via web form → immediately forwarded to the responsible department via internal email; not stored elsewhere |
| Category | Purpose | Items Collected (Required / Optional) | Legal Basis | Retention Period | Processing / Storage Method |
|---|---|---|---|---|---|
| Cyber Whistleblowing | Receiving, investigating, and responding to reports (ethics, misconduct, human rights, etc., anonymous reporting allowed) | Required: Subject, Content / Optional: Name, Email, Contact No. | Article 15(1)(6) of the Act or consent (Art. 15(1)(1)) | Destroyed immediately upon completion (retained within reasonable scope if needed for audit/disputes) | Input via web form → immediately forwarded to the responsible department via internal email; not stored elsewhere |
2. Legal retention (if applicable): e.g., Article 15-2 of the Protection of Communications Secrets Act (connection logs, 3 months).
3. The Company may use pseudonymized data for statistical analysis, security reviews, or other public-interest purposes (in accordance with Article 28-2 of the Act). Pseudonymized data and additional information are stored separately and re-identification is strictly prohibited.
4. Residents' ID numbers, health information, and other sensitive data must not be submitted through inquiries or whistleblowing (if legally required, separate consent and safeguards will apply).
1. The Company uses only essential session cookies for website security functions. No cookies are used for advertising or analytics.
2. Users may allow, block, or delete cookies through browser settings. Blocking essential cookies may limit certain features.
[Current Cookies in Use]
| Cookie Name | Purpose | Type/Expiry | Key Attributes (Recommended) | Legal Basis |
|---|---|---|---|---|
| XSRF-TOKEN | Preventing CSRF attacks | Session / Deleted on browser close | Secure, SameSite=Lax, Path=/ (HttpOnly may not be set depending on framework) | Article 15(1)(6) (legitimate interest-security) and Article 29 (safeguards) |
1. Upon expiration of the retention period or achievement of the processing purpose, personal information is promptly destroyed in accordance with Article 21 of the Act.
2. Electronic files are permanently deleted using irrecoverable methods; paper documents are shredded or incinerated.
3. Legally required retained data are stored separately and not used for other purposes.
The Company does not provide personal information to third parties except with the data subject’s consent or as permitted by law (Articles 17 and 18 of the Act).
The Company does not entrust personal information processing to third parties. If entrustment occurs in the future, the Company will disclose the trustee, scope of entrustment, and protective measures in accordance with Article 26 of the Act.
The Company implements the following safeguards pursuant to Article 29 of the Act:
• Establishment and enforcement of internal management plans; staff training; minimization of access rights
• TLS encryption for transmission, malware protection, vulnerability assessments, and log monitoring
• IDS/IPS/WAF/EDR operation
• Physical access control to IT/server rooms and records storage, regular internal audits
1. Data subjects may request access, correction, deletion, or suspension of processing of their personal information, and may withdraw consent at any time (Articles 35‒37 of the Act).
2. If exercised by a representative, a power of attorney may be required.
3. Legal obligations may restrict deletion of certain records.
4. The Company does not operate automated decision-making.
| Institution | Website | Phone |
|---|---|---|
| Personal Information Infringement Report Center | privacy.kisa.or.kr | 118 (nationwide) |
| Personal Information Dispute Mediation Committee | www.kopico.go.kr | 1833-6972 |
| Supreme Prosecutors‘ Office | www.spo.go.kr | 1301 |
| Korean National Police Agency | ecrm.police.go.kr | 182 |
| Role | Department | Contact |
|---|---|---|
| Data Protection Officer | Business Planning Team | Mr. Lim Jeong-ho, +82-52-280-0320 / vincelim@hyundai-steelpipe.com |
| Data Protection Manager | Business Planning Team | Mr. Kang Dong-hyung, +82-10-5238-7794 / it-help@hyundai-steelpipe.com |
The Company does not transfer personal information abroad. If overseas transfer occurs in the future due to email, cloud services, etc., the Company will disclose the recipient country, transferee, items transferred, timing/method, retention period, safeguards, and opt-out options in accordance with the Act.
If this Policy is amended, the reason and key details will be posted on the website at least 7 days prior to enforcement (30 days prior for significant changes).
Note: The information you submit through these forms will be forwarded immediately to the designated staff via email and will not be stored on the website server. Please refrain from entering sensitive personal data such as Resident Registration Numbers or health information.