Privacy Policy

  • 1. Purpose of Using Personal Data of Applicants
  • 2. Items of Personal Data Used
  • 3. Retention and Use Period of Personal Data of Applicants
  • 4. Retention or Use Period of Personal Data
  • 5. Consignment of Personal Data of Applicants
  • 6. Destruction of Personal Data of Applicants
  • 7. Rights and Duties of Data Subject and Exercise of Rights
  • 8. Security Measures for Personal Data of Applicants
  • 9. Staff Responsible for Protection of Personal Data
  • 10. Reception department of Reading Inquiry of Personal Data of Applicants
  • 11. Resolution of the Infringed Rights of Data Subjects
  • 12. Changes in Policy on Personal Data of Applicants

1. Purpose of Using Personal Data of Applicants

The Company uses minimum personal data of applicants required for the following purposes.

  • 1) Recruitment
  • 2) HR operations required to abide by and fulfill all and any legal and administrative duties imposed on the Company pursuant to applicable laws and regulations regarding labor relations, occupational safety and health, foreign workers, etc.

2. Items of Personal Data Used

  • -  Mandatory items: name, date of birth, I-PIN number, address, phone number, employer information, e-mail address

  • -  After the Company decides to hire an applicant, the Company will additionally collect the applicant’s bank account information, resident registration number, driver’s license number, passport number, nationality, alien registration number, etc. pursuant to “Policy on Handling of Personal Data of Employees”.

3. Retention and Use Period of Personal Data of Applicants

The Company keeps and uses an original copy of an applicant’s resume for three years from the day when the applicant gives consent to the day when hiring process closes in order to check record of previous applications and engage in year-round recruitment.
(However, since the Company separately receives the Consent Form on Collection and Use of Personal (Credit) Information from the applicants who are decided to be hired, their information would be kept and used for the period specified in the consent form they submit.)

  • 1) Running personal data of applicants

    After the Company separately receives the consent from the applicants who are decided to be hired, it runs credit information of the applicants in credit bureaus (NICE Information Service Co., Ltd., Korea Credit Bureau, etc.) or credit information collection agencies (Korea Federation of Banks, Specialized Credit Financial Business Association, etc.) as below pursuant to Article 32 Clause 2 of the Act on Use and Protection of Credit Information.(The Company does not run credit information of applicants who have not been decided to be hired.)

    • ① Personal data to be read
      • A. Personally identifiable information (name, address, phone number, employer information, e-mail address, bank account information, date of birth, resident registration number, driver’s license number, passport number, nationality, alien registration number)
      • B. Information which enables the Company to understand specifics of loan, co-signing, collateral, credit card, installment financing or other transactions of an applicant such as type of transaction, period, amount, credit line, etc.
      • C. Information which enables the Company to assess credibility of an applicant such as amounts of delinquency, default, subrogation or other acts that disturb sound credit practices of the society or when such acts take place/get resolved, etc.
      • D. Information which enables the Company to assess an applicant’s ability to conduct credit transactions such as amounts of asset/debt/income, record of tax payments, etc.
      • E. Information shared by public institutions which enables the Company to assess an applicant’s identity, credibility and ability to conduct credit transactions such as court trial or rulings including individual workout, bankruptcy, bankruptcy discharge, registration as defaulters / late payment / resident registration / social insurance and public utility bill / administrative orders, etc.
      • F. Other information which enables the Company to assess an applicant’s credit such as credit rating, record of credit checks, debt re-adjustment agreement, etc.
    • ② Purpose of reading
      Reference for internal moves, internal inspection and business compatibility
    • ③ Period of agreement on reading personal data
      From the date of agreement to the date of complement
    • ④ Retention and use period of personal (credit) data
      From the date of receipt to the date of accomplishment

  • 2) Providing personal data of applicants to the third party

    The Company will provide personal data to the third party (person or other companies) only negotiated content between the company and the subject. However, following lists are exceptions.

    • ① Prior agreement from employees to use Personal Data for other purpose
    • ② Provide personal data for statistics, academic research, market research, but privacy will be kept confidentially
    • ③ Special policies in other laws
    • ④ If the information object or his/her legal representative is not in the normal state to express their own opinion or has inaccurate address, the third party or the information object could be considered to agree on disclosure of their personal data for their life, physical, or property matters
    • ⑤ Personal data for legal duty can be used as freely as agreement states

4. Retention or Use Period of Personal Data

  • 1) Period of personal (credit ) data retained and used by recipients

    The Company keeps and uses an original copy of an applicant’s resume for three years from the day when the applicant gives consent to the day when hiring process closes in order to check record of previous applications and engage in year-round recruitment.
    (However, since the Company separately receives the Consent Form on Collection and Use of Personal (Credit) Information from the applicants who are decided to be hired, their information would be kept and used for the period specified in the consent form they submit.)

  • 2) Recipients of personal (credit) information, recipients’ purpose for using the information, items of personal information provided

    Personal information provided to, Purpose for using personal information, Items of personal information provided table
    Personal information provided to Purpose for using personal information Items of personal information provided
    Saramin Recruitment Solution Service Name, Date of Birth, Sex, E-mail address, Phone Number, Educational Background, Employment History
    Midasin On-line AI Interview Agency Name, Test identification Number, E-mail address, Phone Number, Video information, Voice information, Access information (IP address, access time, browser information, operating system information), Session cookies information, Results of aptitude test analysis
    FN Executive Search Reputation Inquiry service Name, Date of Birth, Sex, Educational Background, Employment History
    Grab Coding Test, Online Test Video Director Service Agency Name, Test identification Number, Video information
    BSC Aptitude Test Agency Name, Test identification Number, Date of Birth, Sex

5. Consignment of Personal Data of Applicants

The company may outsource processing of personal data of applicants to outside vendors to provide better services.

  • 1) Period of personal (credit ) data retained and used by recipients

    The Company keeps and uses an original copy of an applicant’s resume for three years from the day when the applicant gives consent to the day when hiring process closes in order to check record of previous applications and engage in year-round recruitment.
    (However, since the Company separately receives the Consent Form on Collection and Use of Personal (Credit) Information from the applicants who are decided to be hired, their information would be kept and used for the period specified in the consent form they submit.)

  • 2) Recipients of personal (credit) information, recipients’ purpose for using the information, items of personal information provided

    Personal information provided to, Purpose for using personal information, Items of personal information provided
    Personal information provided to Purpose for using personal information Items of personal information provided
    SARAMIN Recruitment Solution Service Name, Date of Birth, Sex, E-mail address, Phone Number,
    Educational Background, Employment History
    MIDASIN On-line AI Interview agency Name, Test identification number, E-mail address, Telephone number, Video information, Voice information, Access information (IP address, access time, browser information, operating system information), Session cookies information, Results of aptitude test analysis

6. Destruction of Personal Data of Applicants

After ‘retention and use period of personal data of applicants’, the company will destroy the identifiable personal data due to following procedure and methods.

  • 1) Personal data of applicants will be destroyed after retention and use period of personal data of applicants. These personal data will not be saved or used for any reason without legal purpose.

  • 2) If the data is saved in software program, it will be destroyed, and if it is in paper work, it will be destructed, fired, or melted.

7. Rights and Duties of Data Subject and Exercise of Rights

  • 1) Rights to request read, edit, destroy, or stop processing personal data

    • ① Under the policy of Ministry of Public Administration and Security, data subjects have rights to request read, edit, destroy, or stop processing personal data
    • ② The Company can restrict or reject the request with supporting reasons in 10 days from the date of receiving the request in following cases
      • A. Under the law, it is not allowed to read or restricted to read
      • B. If it could physically hurt or kill other people, or violate one’s property or profits with inappropriate excuses
      • C. If the data subject didn’t cancel the contract, but the contract can be invalid without processing personal data
      • D. If the person is hired

  • 2) Methods and procedure of exercising rights

    • ① The Company does not ask additional process or certificate for personal data.
      • A. Data subjects can have a legal representative to exercise their rights, such as request to read, edit, destroy, or stop processing their personal data. For this case, the legal representative should have power of attorney from a data subject

8. Security Measures for Personal Data of Applicants

In dealing with personal data of applicants, the Company has put security measures in place to make sure any personal data would not be lost, stolen, breached, fabricated or damaged.

  • 1) Security measures for internal management plan

    The Company provides following internal management plan for security

    • ① Designating person in charge of personal data protection
    • ② Position and responsibility for security manager of personal data of applicants and manager of personal data management
    • ③ Measure for personal data security
    • ④ Education for manager of personal data management
    • ⑤ Other matters for personal data protection

  • 2) Measures to control personal data access and restrict access authority

    • ① Personal data of application should be stored at document storage in personal data processing system (HR ERP), and the Company provides limited access for least number of people in charge. If the people in charge of accessing the data change, the whole rights to access the personal data processing system will be changed or expired. Also, it is strict to record every access to personal data storage.
    • ② PIN number does not indicate the registration number which can be an identifying number for each personal data.
    • ③ The Company has strict rules for creating password.
    • ④ The Company operates detecting system against outflow trial for limited access system. Manager of personal data management can access the system through secured access methods, such as VPN or private line. Also, the personal data processing system (HR ERP) and computers are controlled against the outflow of any personal data.

  • 3) Encoding technique for personal data of applicants and following measures

    • ① The Company encodes whatever case in wireless transmission of identifiable personal data, passwords, and bio-information, or in sub-storage medium. Passwords and bio-information are encoded into secured coding algorism.
    • ② The company encodes identifiable personal data when it is saved in Demilitarized Zone between internet and local network.
    • ③ Under the law of ‘Security Measure for Personal Data Notification’ of Ministry of Public Administration and Security, the Company sets an encryption plan in three months and exercises the plan in twelve months for coded personal data.
    • ④ If the Company inevitably has to store the identifiable personal data in personal computer, it is stored under the password encoded from secured encoding algorism.

  • 4) Storage of accessing record and protecting measure against falsification

    The Company saves and manages the record of manager of personal data management’s access to personal data processing system (HR ERP) for more than 6 months, and it is safely saved not to be falsified, stolen, or lost.

  • 5) Installment and update of protection program for personal data of application

    The Company installed vaccine programs for personal data processing system (HR ERP) or personal computer, checks PC once a day, and the vaccine is updated automatically. Also, if any invasion of malicious program is detected or any protection update is noticed from software companies, it exercises updates immediately.

  • 6) Physical security measures for personal data of application

    The Company limits the access to physical storage place for personal data such as computer room and document storage room by using security measures for documents containing personal data and for sub storage medium.

9. Staff Responsible for Protection of Personal Data

The Company has designated its staff responsible for protection of personal data in order to safeguard personal data of applicants and address complaints that applicants may have regarding the company’s handling of their personal data. If you have any questions about personal data, please contact the responsible staff below.

  • 1) Executive responsible for protection of personal data at Hyundai Card/Hyundai Commercial

    - Name: Seonghoon Moon
    - Department/Team: Information Security Department at Hyundai Card Co., Ltd., Hyundai Commercial, Inc.
    - Job position: Department Head

  • 2) Manager responsible for protection of applicants’ personal data

    - Name: Yun-jung Cho
    - Department/Team: Talent Management Team
    - Job position: Team Leader

  • 3) Employee responsible for personal data management

    - Name: Eui-ryung Kang
    - Department/Team: Talent Management Team
    - Job position: Associate
    - Phone: 02-2167-6620
    - Address: 9th floor, Hyundai Capital Building 1, Uisadang-daero 3, Yeongdeungpo-gu, Seoul
    - E-mail: euiryung3.kang@hcs.com

10. Reception Department of Reading Inquiry of Personal Data of Applicants

The Company operates the department in charge of receiving reading inquiry of personal data of applicants.

HR Department of Hyundai Card (extension number: 02-2167-6620), Commercial HR Team of Hyundai Commercial (extension number: 02-2090-5447)

11. Resolution of the Infringed Rights of Data Subjects

Applicants can contact Infringement of Rights and Interests Report Center, High-Tech and Financial Crimes Investigation Division at the Supreme Prosecutor’s Office, Cyber Police or others, if they experience any infringement of rights to personal data protection.

12. Changes in Policy on Personal Data of Applicants

This <Personal Data Policy for Applicants> will be announced at 27th March 2012, and if there should be anything to be added, deleted, or edited, it will be noticed at least seven days beforehand through of the recruiting hompage(careerhyundai.com) of Hyundai Card Co., Ltd. and Hyundai Commercial, Inc.