Personal Information Handling Policy
Personal Information Handling Policy of Hyundai Mobis Co., Ltd. 

Hyundai Mobis Co., Ltd. (hereinafter called “the Company”) observes personal information protection regulation and this company is doing its best in protecting users’ rights by specifying personal information handling policy of product Hyundai Mobis Smart Key Band, application and web site based on applicable law. Users are entitled to reject consent to personal information collection but at the time of consent rejection, disadvantage of restricting smooth use of service may follow. Personal information handling policy of Hyundai Mobis contains following contents:

1.	Personal information items to be collected and collection method
2.	Collection of personal information and using purpose
3.	Sharing and provision of personal information
4.	Commissioning of personal information handling
5.	Retention of personal information and its using period
6.	Destruction procedure and method of personal information
7.	Authority of users and legal representative and its exercising method
8.	Installation/operation and rejection of automatic collection system of personal information
9.	Technical/administrative protection countermeasure of personal information
10.	Contact point of personnel responsible for personal information management (control)
11.	Obligation of notification


1.	Personal information items to be collected and collection method
1-1	Personal information items to be collected
First, Hyundai Mobis collects following personal information at the time of membership subscription at first execution of product Hyundai Mobis Smart Key Band, its application and first membership subscription in web site.
A.	All the models of Hyundai Mobis Smart Key Band
① Essential items – measurement base information such as DOB, height, gender, age, weight  
② Option items – mobile phone number, e-mail, password, etc.

B.	Web site
①	 Essential items – mobile phone number, gender, DOB, password, etc.

Second, in the process of using web site service or business handling, following information may be automatically generated and collected.
IP Address, Cookie, visit date, service using record, bad using record

Third, in a process of using value added service and customized service or entering for an event, information may be collected by limited to users of relevant service who consented to additional collection of personal information.

1-2. Personal information collection method
The company is collecting personal information based on the following method.

A.	All Hyundai Mobis Smart Key Band models
Personal information is collected through methods of ‘result save’ at the time of first execution of product Smart Key Band, membership subscription at initial execution of product application, ‘mobile phone number input’, ‘input of membership number’ or ‘result transmission to web’.

B.	Web site
Personal information is collected by subscription method in web site.

2.	Collection of personal information and its using purpose
2-1 Provision of service
Provision of contents, specific customized service, dispatch of goods or invoice, user authentication, personal identification, prevention of wrongful use by bad member, unauthorized person, confirmation of subscription intention, subscription and restriction on its frequency, record keeping for dispute resolution, public complaint handling, delivery of notification

2-3 Utilization in developing new service
Development of new service and provision of customized service, provision of service based on statistical features, confirmation of service validity, provision of event information and participating opportunity, identifying access frequency, statistics for service use of members, other various PR and marketing purposes

3.	Sharing and provision of personal information
The company uses personal information within the range notified in “2. Collection of personal information and its using purpose”, does not use information exceeding such range without consent of the users or disclose personal information of users to outside in principle. But following cases are exception.
-	In case that users consent to disclosure in advance
-	In case of demand by investigation agency based on legal regulation or legally specified procedure and method for the purpose of investigation
-	In case that public institution request for personal information for providing various services

4.	Commissioning of personal information handling
The company may entrust input of personal information to personal information handling personnel of an institution that uses this program. Relevant personnel receive sufficient education so that saved personal information will not be lost, stolen, leaked, falsified or damaged.

5.	Retention and using period of personal information

Personal information of users is destroyed without delay when collection and using purpose of personal information are accomplished. However, following information is preserved for a specified period due to following reasons.
   5-1 Information retention cause based on internal policy of the company
-	Wrongful using record
-	Preservation reason: Prevention of wrongful use
-	Retention period: 1 year

5-2 Information retention cause based on relevant law
In case that personal information is required to be preserved based on regulation of relevant law including commercial law, consumer protection law in e-commerce, the company preserves personal information of members for a certain period of time specified in relevant law. In this case, the company uses preserved information based on originally intended purpose and retention period is as follows.
-	Web site visit record
· Preservation cause: Communication secret protection law
· Preservation period: 3 months

-	Record for user confirmation
· Preservation cause: Law of using promotion of information communication network and information protection
· Preservation period: 6 months

-	Consumer complaint or dispute resolution record
· Preservation cause: Law of consumer protection in e-commerce
· Preservation period: 3 years

6.	Destruction procedure and method of personal information
Personal information of users is destroyed in principle when collection and using purpose of personal information is accomplished and its destruction procedure and method are as follows.
6-1 Destruction procedure
-	Input information of users for membership subscription is transferred to a separate DB (in case of paper, a separate document cabinet) after its purpose is accomplished and destroyed after saving for a certain period of time based on information protection cause by internal policy and other relevant law (See preservation and using period.).
-	This personal information is not used for other purpose than legally stipulated purpose.
6-2 Destruction method
-	Personal information printed out in paper is pulverized by pulverizer or destroyed by incineration.
-	Personal information saved in an electronic file form is deleted by using technical method that disables record reproduction.

7.	Rights of users, legal representatives and its exercising method

-	Users and legal representatives are entitled to inquire or modify personal information of themselves or children aged below full 14 years old at any time and request for subscription termination.
-	Direct reading, correction or withdrawal is enabled after passing through user confirmation procedure by clicking ‘change of personal information’ (or ‘modification of member information’) for inquiring, modifying personal information of users or children below full 14 years old and “membership withdrawal” for subscription termination(consent withdrawal).
-	Or if contact is made to personal information control personnel in writing or through telephone or e-mail, we are ready to take an action immediately.
-	In case that users request for correction of error of personal information, concerned personal information is not used or provided until correction is completed. In addition, in case that wrong personal information is provided to any third party, correction will be made by notifying correction handling result to such third party without delay.
-	The company handles personal information being terminated or deleted by the request of users or legal representative based on the procedure specified in “5. Retention of personal information and its using period” and restricts on reading or use for other purpose.

8.	Installation/operation and rejection of automatic collection system of personal information 
The company uses ‘Cookie’ that saves users’ information and imports it frequently in order to provide personalized and customized service. Cookie is a very small text file that is sent to user’s web browser by server used for operating web site and is saved in hard disc of user computer.
8-1 Using purpose of cookie
It is used for providing users with optimized information by identifying every service of MyInBody.com visited by users, web site visit and using form.

8-2 Installation/operation and rejection of cookie
Users have option for cookie installation. Therefore, users may permit all the cookies by setting option in web browser, passing through confirmation whenever cookie is saved or reject save of all the cookies. However, in case of rejecting cookie save, using difficulty in partial service of MyInBody.com requiring log-in may be experienced. 
-	Designating method of cookie installation permission status (In case of internet explorer)
①	 Select [Internet option] from [Tool] menu.
②	Click [personal information tap].
③	Set [personal information handling level].

9.	Technical/administrative protection countermeasure of personal information
The company is providing technical/administrative countermeasure as follows in order to secure safety so that personal information will not be lost, stolen, leaked, falsified or damaged in its handling process.
9-1 Encryption of personal information
Password of members is saved and controlled by encryption and it is known to concerned user only and confirmation and change of personal information are also enabled by concerned user who knows password. In addition, as mobile phone number and DOB are encoded, leakage and falsification of personal information are prevented.

9-2 Countermeasure against hacking
The company is doing its best in order to prevent leakage or damage of personal information of members by hacking or computer virus. In preparation for personal information damage, data is backed up frequently and by using latest vaccine program, leakage or damage of personal information of users is prevented and through encoded communication, personal information is made to be transmitted safely in network. And by using intrusion blocking system, unauthorized access from outside is controlled and in order to secure systematic security, all the possible technical systems are provided.

9-3 Minimization of handling staff and their education
Handling staff of personal information of the company is limited to responsible personnel and even in case of inputting personal information by responsible personnel, observance of personal information handling policy is emphasized all the time through frequent education for responsible personnel.
9-4 Operation of an organization exclusive for personal information protection 
The company is confirming implementation status of personal information handling policy and observance status of responsible personnel through an organization exclusive for personal information protection and if any problem is found, such problem is modified and corrected immediately.
However, the company is not responsible for the problem being taken place by leakage of personal information including mobile phone number, password due to user’s negligence or internet trouble.

10.	Responsible personnel of personal information control
You may report public complaint relevant to all the personal information protection while using company service to responsible personnel of personal information protection control or relevant department. The company will fully reply to the report of users without delay.

Hyundai Mobis Co., Ltd.
Rep. call: +82-1588-7278

If any report or consultation is required for information intrusion, please contact the following institutions:
-	Report center of personal information intrusion (www.118.or.kr/118)
-	Information protection mark authentication commission (www.eprivacy.or.kr/+82-2-580-0533-4)
-	High-tech criminal investigation section of supreme prosecutor’s office (www.spo.go.kr/+82-2-3480-2000)
-	Cyber terror response center of police agency (www.ctrc.go.kr/+82-2-392-0330)

11.	Obligation of notification
If any addition, deletion and modification in contents of current personal information handling policy are present, it will be notified through ‘notification’ of home page at latest 7 days before revision.
-	Date of public notification: July 1, 2019
-	Date of enforcement: July 1, 2019