1. LG Chem(‘Company’) is a controller of the vendor personal data in the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘GDPR’).
2. ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. [GDPR Art 4 (1)]
3. The Company considers your personal data as valuables and complies with GDPR and personal data protection laws.
■ Categories and purpose of processing personal data
||Basis for processing
||Legal obligation or legitimate interest
||Name, Phone number, fax, email
||vendor registration, entry into the contract, performance of the contract
||The performance of the contract with a vendor
The Company may process your personal data for the legitimate interest of the Company or the third party. If you don’t provide its personal data to the Company, you may be restricted from entry into the contract, performance of the contract including remittance of payment.
■ Retention period
Personal data will be processed for at least the period of a contract and for a longer of the following periods: data retention period specified in the laws or until the expiration of the claim limitation period - in accordance with the data retention policies applied by the Company. You may obtain the data retention policies by contacting the Company.
The Company discloses the personal data to the third party as below.
LG Chem, Ltd. and its affiliates or subsidiaries (The most recent list is available at [www.lgchem.com])
Share the information of vendor
Furthermore, depending on the circumstances, the personal data may be transferred to other entities, e.g. entities providing services to the Company, such as IT service providers, advisers, auditors, and to the extent that it is necessary to fulfill obligations resulting from legal regulations, e.g. to the government authorities.
■ Deletion of personal data
1. The Company will delete the personal data without delay, when the purpose of personal data processing is achieved or the retention period is expired unless the personal data is necessary or mandatory by the laws or the contract with you or your company.
2. In case of the personal data in the form of the paper, the Company uses the paper shredder to dispose of such data or incinerate the paper, and in case of the personal data in the form of the electronic files, the Company deletes the data by using the means which preclude any restoration of such data.
■ Technical and organisational measures
The Company, with regard to processing your personal data, adopts technical and organisational measures necessary to ensure the personal data not to be lost, stolen, disclosed, altered or destructed as below.
1. Encryption of password
Your password shall be encrypted.
2. Measures preventing hacking
The Company tries to prevent the personal data from any personal data breach such as loss, destruction, alteration by hacking or malicious virus, and adopts security measures such as SSL by using cryptographic algorithm which enables the personal data on the network to be transferred safely. Furthermore, the Company restricts the unauthorized access from outside by using a firewall and tries to adopt all other technical measures to secure our system.
3. Minimizing personnel who is processing personal data and training
The Company authorizes only the person who is necessary to process the personal data for the work purpose to process the personal data and assigns the password for such authorization. The Company periodically opens the internal training sessions regarding the personal data to enhance the awareness on the significance of personal data protection.
■ Rights of the data subject
1. The Company has responsibility to ensure the rights of data subject with regard to personal data in the Company retained in any form such as electronic files, papers.
2. The laws may grant the data subject specific rights in connection with the processing of personal data by the Company. In situations specified in the regulations, the data subject has the right to access their data, rectify it, delete, and restrict the processing of personal data, the right to object to the processing of personal data and the right to data portability.
3. The data subject may exercise his or her rights by contacting the personal data protection department/team as specified information below and upon receiving your fax, phone or email, the Company will promptly respond, at the latest within one month. The Company may demand to the data subject the copy of identification by which the Company can verify the identity of the data subject.
4. The Company may request the Power of Attorney and the copy of identification by which the Company can verify the existence of legitimate delegation to the representative of the data subject, if the data subject exercises its rights through its representative.
5. If the personal data are processed under the data subject’s consent, the data subject will withdraw his or her consent at any time without prejudice to the lawfulness of personal data processing before data subject’s withdrawal of consent.
■ Automated decision making, including profiling
The Company does not adopt any automated decision making including profiling which produces legal effects concerning you or similarly significantly affects you. The Company will give prior notice to you about the logic, necessity, expected results of the automated decision making system, if the Company expects to adopt any automated decision making system.
■ Transfer of personal data
The Company, as the subsidiary of LG Chem, Ltd, in Seoul, the Republic of Korea (“LG CHEM”) for the purpose of organizational administration and work efficiency, transfers your personal data to LG CHEM. Company has entered into the EU standard data protection clauses with LG CHEM as required by the GDPR. LG CHEM and its affiliates or subsidiaries in overseas may access your personal data such as name, email, phone number in Company’s system.
Personal data shall be processed to the extent of “Scope and purpose of processing personal data” and, without prior notice, shall not be processed beyond such scope and purpose.
The personal data are transferred through leased line or VPN and Company adopts technical and organisational measures necessary to ensure transferred personal data not to be lost, stolen, disclosed, altered or destructed. If you need further information regarding technical and organisational measures to be adopted, contact as below information, then we will promptly respond to your inquiry.
■ Data protection department/team
- Department/team : Information Security
- Name : Jaeik Baek / Team leader
- Phone/Email : +82 2 3773 0981, firstname.lastname@example.org
■ Data Protection Officer
- Name : Minki Han / Department Leader
- Phone/Email : +82 2 3773 0981, email@example.com