Privacy Policy
Personal Information Handling Policies
SF Express Co., Ltd. (hereinafter the “Company”) stipulates the following handling policies in order to protect personal information, rights and interests of users under the Personal Information Protection Act and smoothly handle users’ grievances regarding their personal information.
The personal information handling policies are operated pursuant to Section 1, Article 30 of the Personal Information Protection Act and Section 1, Article 31 of the Enforcement Decree of the Act.
The Company provides necessary procedures to amend the personal information handling policies in order to continuously improve the personal information handling policies. And since the personal information handling policies may be changed from time to time, please regularly visit and verify the policies.
Article 1 (Purpose of Handling Personal Information) The Company collects personal information to a minimum extent as far as it is necessary to provide logistics services, handle relevant complaints and perform businesses. The personal information collected by the Company shall not be used for purposes other than the above-mentioned purpose. If the purpose of use is changed, the Company will take necessary measures such as obtaining consent from users under Article 18 of the Personal Information Protection Act.
Article 2 (Period for Handling and Retaining Personal Information)
The Company handles and retains personal information within the period for retaining and using personal information under the laws or within the period for retaining and using personal information consented by the information subjects when it collects personal information.
Article 3 (Provision of Personal Information to Third Parties)
In principle, the Company handles personal information of information subjects within the scope specified for the purpose of collecting and using personal information of information subjects. Except for each of the following cases, the Company shall not use or provide a third party with personal information of information subjects in excess of the original purpose of use without prior consent by information subjects:
1. In the event that the Company has obtained independent consent from the information subject;
2. In the event that there is a special provision under the laws;
3. In the event that the information subject or his or her legal representative is unable to manifest his or her intention or his or her prior consent cannot be obtained due to the unclarity of his or her address, etc., and it is found urgently necessary for the information subject’s or a third party’s imminent life, bodily, or proprietary interests;
4. In the event that the personal information is provided in a form that specific individuals cannot be identified as necessary to execute statistics or conduct academic study;
5. In the event that unless the personal information is used for purposes other than the intended purpose or provided to a third party, the relevant duties prescribed by other laws and regulations cannot be performed;
6. In the event that it is necessary to provide personal information to a foreign country or an international institution in order to perform treaties or other international conventions;
7. In the event that it is necessary to provide personal information in order to investigate crimes, bring and maintain a charge;
8. In the event that it is necessary to provide personal information in order to perform duties of judgment by courts;
9. In the event that it is necessary to provide personal information in order to enforce a sentence, care and custody, or protective disposition.
<Transfer of Personal Information to Foreign Countries>
Person to be Provided (Contact Information) |
Country Where Person to be Provided is Located |
Purpose of Using Personal Information by Person to be |
Items of Personal Information to be Provided
|
Period of Retaining and Using Personal Information by |
National Tax Service (126) |
South Korea |
Imposing,reducing, exempting, and collecting various taxes including value added taxes |
Name, Phone No. (Company, Home, Mobile), Fax No. (Company, Home), Address (Company, Home), Bank Account No. |
Until the purpose of using personal information is accomplished |
Korea Customs Service (1577-8577) |
|
Imposing, collecting customs duties,managing freights |
Name, Phone No. (Company, Home, Mobile), Fax No. (Company, Home), Address (Company, Home) |
|
Nice Information & Credit Evaluation Inc. |
|
|
Company Name (Korean, English), Country, Postal Code, Business License No., Company Establishment Date, No. of Employees, Type of Business, Address (Company, Home, Supply), Phone No. (Company, Authorized |
|
GORYEO Information & Credit Evaluation Inc. (1522-3333) |
South Korea |
Credit evaluation (Verifying information on defaults) |
Trade Name(Korean, English), Country, Postal Code, Business License No., Company Establishment Date, No. of Employee, Type of Business, Address(Company, Home, Supply Center), Phone No.(Company, Authorized Staff, Logistic Staff, Finance Staff), Fax No. (Company, Authorized Staff, Logistic Staff, Finance Staff), Name(Representative Director, Authorized Staff, Logistic Staff, Finance Staff), Department(Authorized Staff, Logistic Staff, Finance Staff) Position(Company, Authorized Staff, Logistic Staff, Finance Staff), E-mail(Company, Authorized Staff, Logistic Staff, Finance Staff) |
|
Ilyang Logis (1588-0002) KyungDong Express Nawoo |
South Korea |
|
Name (Korean, English), Company Name, Country, Phone No. (Company, Home, Mobile), Fax No. (Company, Home), Address (including City, Province/Do, Country), Postal Code, Customer No., Business License No., Name of Board Chairman, Name of Contact Person (Korean, English), Company Address, Postal Code |
|
Article 4 (Subcontract to Handle Personal Information and Transfer of Personal Information to Foreign Affiliates, etc.)
① The Company may subcontract a third party to handle personal information in order to improve its services. In the event that the Company subcontracts a third party to handle personal information, it shall without delay disclose the content of duties to be subcontracted and the subcontractor on its homepage according to the personal information handling policies.
② When the Company enters into a subcontract agreement, pursuant to Article 26 of the Personal Information Protection Act, it shall specify in writing relevant provisions including prohibition of handling personal information for purposes other than the purpose of subcontracted duties, technical and managerial protective measures, restrictions on subcontract, and liabilities regarding management, supervision, and compensation for damages of a subcontractor, etc., and supervise the subcontractor to check whether it safely handles personal information.
③ In the event that there is a change in the content of subcontracted duties or the subcontractor, the Company shall without delay disclose the change(s) through the personal information handling policies.
④ Pursuant to Article 63 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., and Article 67 of the Enforcement Decree of the Act, the Company obtains consent from customers regarding transfer of personal information to its affiliate – S.F. Express Co., Ltd. (head office in China), and the Company will manage and supervise personal information pursuant to the Technical and Administrative Measures for Protecting Personal Information.
<Subcontract for Personal Information>
Subcontractor |
Subcontracted Duties |
Daegou Customs Office |
Customs clearance |
A-One Customs Office |
Customs clearance |
Yuhan Technos |
Customs clearance system |
<Transfer of Personal Information to Foreign Countries>
Person to be Provided (Contact Information) |
|
Purpose of Using Personal Information by Person to be |
|
|
|
China, etc. |
|
|
|
Article 5 (Rights and Obligations of Information Subject, and the Exercise Methods)
① Information subjects may exercise the following rights with respect to their own personal information:
1. To request access to personal information;
2. To request correction of personal information when there is a mistake, etc.;
3. To request deletion of personal information; or
4. To request the discontinuance of processing of personal information.
② Information subjects may exercise the rights of Section 1 in writing, by e-mail, fax, etc. in the prescribed form of the Company, and the Company shall take relevant measures therefor without delay.
③ In the event that an information subject has requested the Company to correct or delete mistakes, etc. of personal information, the Company shall not use or provide relevant personal information until the time when it has completely corrected or deleted the mistakes, etc.
④ Information subjects may exercise the rights of Section 1 through their agent, including their legal representative or delegate, etc. In this case, the Company shall verify whether the agent is an authorized representative.
⑤ Information subjects shall not infringe upon their or third parties’ personal information or privacies being handled by the Company by violating relevant laws including the Personal Information Protection Act.
Article 6 (Items of Personal Information to be Handled)
① When users first subscribe to membership, the Company collects items such as IDs, passwords, names, telephone numbers, e-mail addresses, questions and answers for identification in order to smoothly provide basic services, and other personal information as necessary for provision of additional services.
② The Company collects IP addresses and visiting dates via an automatic collecting program in order to prevent members from illegal use.
Article 7 (Destruction Procedures and Methods for Personal Information)
① The Company in principle shall without delay destroy personal information after the purposes of collecting or using personal information have been fulfilled; provided, however, that an exception may be made where it is required to be retained under other laws. The destruction procedures and methods shall be as follows:
A. Destruction Procedures
The Company handles unnecessary personal information and personal information files under the responsibility of its personal information protection manager according to its internal policy procedures as follows:
1) Destruction of Personal Information
The Company shall without delay destroy personal information whose retention period has lapsed, from the date of completion.
2) Destruction of Personal Information Files
When relevant personal information files have become unnecessary because the purpose of handling personal information files has been accomplished, relevant services have been canceled, or relevant businesses have been completed, etc., it shall without delay destroy the personal information files from the date when it is found unnecessary to handle personal information.
B. Destruction Methods
1) The personal information in an electronic form shall be deleted by using technical methods that prevent records from being regenerated.
2) The personal information printed out in sheets shall be shredded using paper shredders or destroyed by way of incineration.
Article 8 (Measures to Ensure Security of Personal Information)
① The Company shall take the following measures in order to ensure security of personal information:
1. Minimizing the number of employees in handling personal information and providing trainings to those employees
Handling of personal information shall be limited only to persons necessary to do so. Such persons will be designated and managed by the Company and be offered security management trainings by the Company.
2. Restricting access to personal information
The Company takes necessary measures to control the access to personal information by granting, changing, or canceling the access to its database system that processes personal information, and restricts unauthorized access from the outside by using firewall systems.
3. Retaining access records
The Company retains and controls the records of access to the personal information handling system (web logs, summary information, etc.) for at least six months.
4. Encrypting personal information
The Company safely saves and controls personal information by encryption. Also as to significant data, the Company uses separate security functions, such as encrypting the data when saving or sending the data.
5. Installing security programs and conducting periodic checking or update
The Company installs and periodically updates and checks security programs in order to prevent the disclosure and damage of personal information by hacking or computer viruses, etc.
Article 9 (Personal Information Protection Manager)
The Company has appointed the following personal information protection manager in order to generally handle duties for handling personal information, and handle complaints of information subjects regarding its handling of personal information and provide remedies for damages, etc.
Personal information protection manager
Name : PARK, Dong-Kyun
Position : IT Service Support Engineer
Affiliation : IT
Tel. No. : 02-2657-8752
E-mail : kr_privacy@sf-express.com
Article 10 (Remedial Methods for Infringement of Rights and Interests)
① Information subjects may consult the following institution for remedies for damages and other issues with respect to infringement of their personal information:
☞ Personal Information Dispute Mediation Committee: (without a telephone exchange number) 118 (privacy.kisa.or.kr)
Article 11 (Application of Personal Information Handling Policies)
Effective Date: Jan 02, 2020.