Private Policy

LG Hausys Global Website

LG Hausys, Ltd. (hereinafter referred to as the “Company”) values users’ personal information and complies with laws and regulations in relation to information protection and personal information. The Company provides the purpose and method of users’ personal information and the measures taken for personal information protection through Privacy Notice. If there is a change in Privacy Notice, the Company will notice it through Privacy Notice (or individual notice).

1. Purpose of collection and use of personal information

The Company collects the minimum amount of personal information necessary to provide smooth services.

  1. Items to be collected and purpose of use of personal information
    1. 1.Product Inquiry
      • Required item : Location(including country, street, state, city), e-mail address, Telephone number(including mobile number)
    2. 2.The information can be created and collected while using the service as follows
      • Records on use of services, access records, cookies, mobile phone device country code, etc.
  2. Collection method : Information on Location, e-mail address, Telephone number is directly entered by users.

2. Retention and use period of personal information

The Company disposes of any personal information immediately after the purposes of collection and using the personal information are achieved.
Provided that personal information shall be retained for a specified period of time according to other rules and regulations, such personal information may be disposed of after the stated retention period.

3. Procedure and method of disposal of personal information

Disposal Items Disposal Period
Location, E-mail address, Telephone number(including mobile number) Three years after Q&A

When the retention and use period of personal information expire, the Company will promptly destroy such personal information. The procedure of disposal is as follows:

  1. Procedure of disposal
    • When the purpose of personal information that users entered is fulfilled, the information is stored for a certain period of time and disposed of under the cases of the personal information specified by law (refer to “2. the retention and use period of personal information”).
    • The above personal information cannot be used for other purposes, except as required by law or internal regulations.
  2. Disposal method
    • The personal information stored in electronic file is removed with a technological method that prevents the recovery of deleted files.
    • The personal information printed on paper is destroyed by shredder or incineration.

4. Entrustment of collected personal information

Contents of entrustment Entrustment information Retention and use period Handling service provider
Website management and maintenance Product inquiry → Locaion(including country, street, state, city), E-mail address, Telephone number(including mobile number) Until the expiration of the purpose of using personal information LG CNS,
efusioni

5. Provision of personal information to third parties

  1. The Company uses users’ personal information within the scope specified in “1. Purpose of collection and use of personal information”and does not abuse it in excess of the established range nor provides it to a third party. Personal information to the third party may be provided in the following cases.
    • Prior disclosure of personal information or consent of users to the provision of personal information to a third party has been obtained
    • If there are provisions in law or if there is a formal request by investigative agencies and supervisory authorities in accordance with the procedures and methods specified by law for the purpose of investigation
  2. If it is deemed necessary to provide other personal information to a third party, such personal information can be provided to a third party through legitimate proce dures such as obtaining users’ consent.

6. Rights of users and methods to exercise such rights

As the subject of the personal information, users may exercise the following rights:

  1. Right to have access to personal information : If users request to have access to their personal information stored in the Company database, the Company will imme diately take action upon receipt of your contacting a personal information manager by e-mail.
  2. Right to request deletion of personal information: If users request to correct or delete their personal information registered in the Company database, the Company will immediately take action upon receipt of your contacting a personal information manager by e-mail.
  3. Right to request discontinuance of personal information processing: If users request to discontinue personal information processing stored in the Company database, the Company will immediately take action upon receipt of your contacting a personal information manager by e-mail. Upon subjecting such request, the following cases may be rejected at the request of discontinuance of such processing.
  4. As for the request of having access, correcting, deleting, and discontinuing personal information, the Company takes action to respond to such request within 10 days.
    If there is no action taken within 10 days, the Company will notify the delay of processing to the user by e-mail or phone. If users request to have access, correct, delete, and discontinue personal information, you can submit such request to the department in charge.

7. Matters concerning the installation, operation, and rejection of automatic personal information collection

he Company operates “cookies” that function as storing and finding users’ information any time to provide a more convenient environment to users.
 - What is a cookie?
A cookie is a very small text file sent to a user’s browser by the serve used for operating Website and it is also stored in a user’s HardDisk.
 - Purpose of using cookies
By storing users’ preferential setting, the Company can provide a prompt Website environment and improve services.
 - Set cookies
Users have the choice to install cookies. Accordingly, users can set the options of Website to allow all cookies, to confirm each installation of cookie, or to refuse all cookies.
 - How to set cookie settings
Internet Explorer : Tools > Internet Options > Privacy >Advanced > Cookies
Chrome : Tools > Options > Under the Hood > Privacy > Clear browsing data
However, there may be differences in the method of cookie settings depending on types of smartphone device. If users refuse the cookie setting, they may not be entitled to use some services.

8. Measures to secure safety of personal information

The Company takes the following technical, administrative and physical measures to prevent personal information from being lost, stolen, leaked, altered or damaged in handling users’ personal information:

  1. Establishing and implementing internal management plan
    The Company establishes and implements internal management plan to handle personal information with safety.
  2. Minimizing number of staff handling personal information and training
    The Company gives a minimum number of staff permission to handle personal information and provides a regular training to encourage them to comply with Privacy Notice.
  3. Limiting access to personal information
    The Company authorizes accounts that can access personal information database systems, and takes measures to control access to personal information by granting, changing, and cancelling authorization to staff. The Company also records the contents of granting, changing, and cancelling authorization to staff who can have access to personal information, and keeps such contents.
  4. Storage of access records and prevention of forging or falsifying logs
    The Company stores and manages records of access to personal information systems (web logs, summary information, etc.) for at least 6 months and takes measures to prevent such access records from being forged or falsified and from being stolen or ost.
  5. Technical measures to prevent hacking
    The Company installs security programs in order to prevent leakage or damage of personal information cause by computer hacking or virus, and renews and checks the system regularly. Virtual Private Network (VPN) is installed where access from outside is made to personal information process system through information network. In addition, technical and physical monitoring and blocking system are operated to make it possible only for authorized staff to have access to a place where prevents unauthorized access from outside.
  6. Control of unauthorized access
    The Company has a storage place where personal information is physically stored, and established and implements a process of controlling access to such place.

9. Personal information management director

The Company appoints a personal information management director as follows to protect users’ personal information and handle complaints relating to personal information. Users may direct all personal information related to complaints arising from users’ using the Company’s services to the personal information management director. The Company will promptly respond to such enquiries.

Personal information management director
  • Division Information strategy team
  • Name Han Yoon-seok team leader
  • E-mail privacy@lghausys.com
  • Tel. 02-6930-1397
Personal information protection staff
  • Division Information strategy team
  • Name Cho Sung-hwan manager
  • E-mail kerotin@lghausys.com
  • Tel. 02-6930-1397

10. Duty of notification

This Privacy Notice will take effect from the effective date, and any changes, deletion or correction of the Notice will be announced 7 days prior to the date on which such changes will take effect.

※ For GDPR(General Data Protection Regulation)

■ Purposes of Collecting and Using Personal Data

DIRECT SALES
* Direct Sales refer to any and all traditional and ordinary course of business taken off-line. However, some referral may be made directly by a source using E-Mail system. Any and all referrals and traditional business method, such as exchanging of business cards, phone calls, on-the-ground business transactions, exhibitions and trade shows, etc. will be considered as Direct Sales.
: LG Hausys collect customer(EU citizens) personal information through Direct Sales.

• For the furtherance of commercial interest, the Company will process all personal information received from Direct Sales into the LG Hausys. However, such personal data, unless specific purpose or appropriate consent is documents, will be only used when and if the Company receives consent or specific instruction from the respective data subject. Such method will be carried out by the “Thank You” or confirmatory E-Mail.
• Absent appropriate consent or specific purpose provided, the Company shall delete all personal information collected from the database(internal document) within 30 days.

GENERAL APPLICABILITY

  1. The Company collects and processes your personal data by using one or more of the lawful bases permitted under the laws and regulations (such as performance of contract, legitimate interest of the Company, required by law, etc.).
  2. If the data subject does not provide the Company with sufficient personal data to perform for a data subject’s request, then the Company will not be able to proceed.
  3. If you made consent to specific use, then you are free to withdraw your consent at any time. Please refer to https://himacs.eu/en/rights-data-subject for more details on withdrawal, unless specified otherwise hereunder.
  4. The Company does not collect or process personal data of a minor child. The Company sets, as its internal policy, the age of consent to be 18. However, if the minor has legitimate interest in doing business with the Company and permitted by laws and regulations (such as obtaining authorization from legal guardian or parent), he or she may able to submit certain personal information for the furtherance of mutual commercial interest. There is no other exception.
  5. The Company currently does not implement any features or services related to automated decision making or profiling.
  6. The Company, unless required by law, does not collect or process any specially categorized personal data as set forth in by the GDPR.

■ Personal Data Retention Policy

The Company conforms to the data retention period as permitted or required by law. However, if it is not clearly specified or managed by law, then the Company shall reasonably set the retention period as its internal policy. When and if the data subject makes a request for deletion of certain or all of his or her personal data, then the Company will do so without undue delay unless other reasonable ground exists.

As a general standard, LG Hausys does not retain personal data for longer than the period necessary. As a general rule, the 3-year mark is considered as the point of deletion for unused personal data, absent other reasonable ground exists to further retain. In short, if LG Hausys does not use your personal data for 3 years, then it will be deleted automatically.

For statistical purpose in the interest of commercial objectives, the Company may safely archive expired or terminated personal data by anonymizing (no one will be able to identify who it is) such data.

■ Matters Regarding Transfer of Your Personal Data to a Third-Party

The Company, in order to efficiently process and safeguard data, processes or transfers applicable data to its affiliates and external service providers. All personal data provided herein shall only be collected and processed for the purpose provided by you.

  1. The Company Newsletter services are being serviced by LG CNS. This service provider, as part of its service related to the Newsletter services, will be able to access your personal information collected through the Website.
  2. To better provide system provided by LG Hausys, Ltd. and its service provider for such system is LG CNS. This service provider, as part of its service related to the internal E-Mailing system, will be able to access your personal information collected.
  3. When and if the relationship with an aforementioned service provider ends, absent lawful reasons to retain, all personal data processed in the course of the relationship will be deleted by such service provider as soon as the relationship ceases to exist.
  4. The Company collects and processes your personal data by using one or more of the lawful bases permitted under the laws and regulations (such as performance of contract, legitimate interest of the Company, required by law, etc.). If you do not provide the Company with sufficient personal data to perform for your request, then the Company will not be able to proceed to fulfill your request.
Data Being Collected and/or Processed
(Based on Request or Situation)
Service Provider Service Provider’s Purpose for Processing of Personal Data Distinction
(third party/consignment)
E-Mail LG CNS External E-Mail (Thank You , Newsletters, Mass Notices, etc.) Consignment

■ Matters Regarding International Transfer of Personal Data

The Company may transmit collected personal data to countries outside of the EEA (European Economic Area) in the following cases:

Recipient Data Being Collected and/or Processed
(Based on Request or Situation)
Transmitted country and transmission method A recipient’s purpose for using and period of storing and using
LG Hausys, Ltd. and its Approved Subprocessors Name, E-Mail, Phone Number, Business Name, Business Address Country: Republic of Korea
Method: Transmit to the company’s internal mail
Answers to questions, sample shipping and product tests that the Company cannot handle by itself/3 months
  1. The Company uses internal systems and assistance provided by LG Hausys, Ltd. and as its service provider, LG CNS, is located in Korea, international transfer of your personal data occurs.
  2. The Company entered into a Data Processing Agreement and executed a Model Contractual Clauses with the terms provided by the European Commission. Therefore, the proposed international transfer of personal data is permitted by the relevant laws and regulations.

■ Matters Regarding Automated Decision-Making, Profiling

The Company currently does not implement any type of automated decision-making such as profiling or others having similar or substantial effects on a data subject. If changes occur, this General Privacy Policy shall be revised accordingly to notify the users of its details.

■ Complying with Request Relating to the Rights of the Data Subject under the Privacy/Data Protection Laws and Regulations.

In accordance with the rights provided by the GDPR and other relevant laws and regulations, you can request the following from the Company:

  1. 1. To Access Personal Data relating to You (‘Access to Personal Data’)
  2. 2. To Modify/Rectify Personal Data relating to You (‘Rectification of Personal Data’)
  3. 3. To Delete Personal Data relating to You in its Entirety or Partially (‘Deletion of Personal Data’)
  4. 4. To Limit Certain Processing of Your Personal Data (‘Limitations of the Processing of Personal Data’)
  5. 5. To Request Data Porting of Your Personal Data (‘Personal Data Portability’)
  6. 6. To Object on Certain Processing of Your Personal Data (i.e. profiling) (‘Objection to the Processing of Personal Data’)
  7. 7. To Inquire into the Automated Decision-Making relating to Your Personal Data (‘Automated Decision Making’)
  8. 8. To Withdraw from Certain Consent Made to Process Your Personal Data (‘Withdrawal of Consent to Personal Data’)

The above form is only effective only when and if the Company has any personal data relating to you. The Company may refuse to comply with your request when there is necessity to process your personal data for certain lawful purpose (contract, required by law, etc.) or the Company has overriding legitimate interest to process.

If you want to make a request as mentioned above, you can download the respective form from https://himacs.eu/en/rights-data-subject and submit such request to the kerotin@lghausys.com. However, you are not absolutely required to use the form. not In order for us to expeditiously process your request, you must fill-in all required information and thereon, you are strongly encouraged to fill-in additional information reasonably related to your request.

The standard processing time permitted by law is to respond within 30 days of the request. If the Company cannot process such request within the permitted time period, then you will be notified with the reasons for the delay and the anticipated delivery date. When there is an abusive, excessive, and/or repetitive request made, the Company may charge reasonable administrative fees to process such request.

This Privacy Policy takes effect on May 25, 2018.