Suprema ID Privacy Policy

Article 1. Personal information to be collected and methods of collection

(1) Personal information to be collected
The Company collects the following personal information:

(2)Methods of collection
- When users enter their personal information on websites
- Through tools for collecting generated information (e.g. connection logs, cookies, etc.)
- When users directly provide their personal information offline such as at exhibitions
- Via mail, phone calls, fax, etc. when users inquire or consult

Article 2. Purposes of collection and use of personal information

The Company collects and uses personal information for the purposes set out below. The personal information collected shall be used solely for the purposes. In the event of any changes to such purposes, the Company will take the necessary measures required by laws, including obtaining prior consent.

Article 3. Retention and usage periods

Unless required by applicable laws, the Company, in principle, promptly destroys personal information after achieving the purposes for which it was collected. The Company will retain personal information collected upon a user’s consent for an agreed period.

If you wish to withdraw your consent, please contact our data protection division (privacy@suprema.co.kr) or the website management team (marketing@suprema.co.kr). Your requests will be processed immediately upon verifying your identity.
Once you agree to the use of personal data for marketing purposes, we will retain your personal data until you cancel the subscription.

In the event that applicable laws require personal information to be retained, the Company may keep users’ information for certain period of time as stipulated in applicable laws as follows:

Article 4. Provision of personal information to a third party

Unless prior consent of users is acquired or otherwise required by applicable laws, the Company does not in any case provide users' personal information to a third party.

Article 5. Entrustment and international transfer of personal information

The Company entrusts processing of personal information to external entities in order to provide more convenient and improved services. The entrusted entities only manage infrastructure operation, but do not access to users’ personal information.

- Entrusted Entity : Salesforce.com
- Contact : privacy@salesforce.com
- Entrusted task : DM mailing
- Entrusted Personal Information : E-mail, Name, Country, Company, Telephone number, Position
- Location of entrusted entity : Japan
- Date of entrustment and method : Via the network upon users’ entering personal information on websites Transfer via network after users provide personal information offline
- Personal information retention and usage period : Until users request to cancel DM subscriptions or delete personal information

The Company manages and supervises the entrusted entities to ensure that the entrusted entities process personal information solely for the entrusted tasks take technical and administrative security measures, and comply with applicable laws relating to personal information.

In the event that details of entrusted tasks or entrusted entities change, the Company will promptly disclose such information under Article 11 of this Privacy Policy.

Article 6. Rights and obligations of users and means to exercise rights

(1) Users can at any time exercise the following rights pertaining to the protection of personal information:

• 1. Right to request access to personal information
• 2. Right to request correction of errors
• 3. Right to request deletion of personal information
• 4. Right to request suspension of processing personal information
• 5. Opposition rights

(2) The rights set forth above may be exercised in writing or by telephone, e-mail or fax, etc., and the Company will take action immediately upon identity verification.

(3) In principle, the Company will not collect personal information of users under the age of 16.

Article 7. Cookies; installation, operation and refusal

(1) The Company uses cookies to store and retrieve user information from time to time to provide relevant and useful services to users. Cookies are small text files that the servers running the Company's website send to users' computers and are stored on users' computer hard disks. Users can choose whether or not to accept cookies, provided, however, that the Company shall not be held accountable for any issues or limitations in using services caused by disabling cookies.

(2) How to reject cookies
- Users can either accept all cookies, confirm each time, or reject all cookies from their web browser settings.- How to enable/disable cookies (for Internet Explorer)

• 1. Select [Internet Options] from the [Tools] menu
• 2. Click on [Privacy]
• 3. Click on [Advanced]
• 4. Select to enable/disable

To learn more about our use of cookies, please see the Cookie Policy Page

Article 8. Procedure and method of destroying personal information

The Company takes technical, administrative, and physical measures necessary for ensuring security as follows:

(1) Procedure
‍Once the purposes have been achieved, the personal data you entered will be either destroyed immediately or after being stored for a certain period of time in a separate database (separate documents if the information is on paper) as required by internal policies or applicable laws. Personal data transferred to the database will not be used for any other purpose unless required by law.

(2) Method of destroying personal data
‍The information in the form of electronic files will be deleted using technical methods that prevent records from being recovered. Personal data printed on paper will be either shredded or incinerated.

Article 9. Security measures for protection of personal information

The Company takes technical, administrative, and physical measures necessary for ensuring security as follows:

(1) Administrative measures
Establishing and implementing internal management plan, and training personnel regarding protection of personal information

(2) Technical measures
Managing rights to access to personal information processing systems, installing access control systems, encrypting security programs, etc.

(3) Physical measures
Access control to computer rooms

Article 10. Contact information of the Data Protection Officer

In order to protect users' personal information and respond to complaints regarding personal information, the Company has appointed a Data Protection Officer and the relevant division as follows:

*Data Protection Officer
Name : Park Chang-sun
Title : Head of Division
Contact information : 031-710-2450 / cspark@suprema.co.kr

*Data Protection Division
Division: Information security TF
Contact information: privacy@suprema.co.kr

Users can contact the Data Protection Officer or the division for any inquiries on personal information protection and complaints while using Company services. The Company will promptly respond to and process inquiries from users.

Article 11. Security measures for protection of personal information

Any changes will be effective 7 days after the Company posts the revised Privacy Policy in this section on the Company’s website.Any significant changes to users' rights, including changes to collection and use of personal information and provision of personal information to third parties, will be notified at least 30 days in advance.

1) Announcement Date: June 17, 2020
2) Effective Date: July 17, 2020