Personal Data Processing Policy

Samsung Electro-Mechanics’ Personal Data Processing Policy

Samsung Electro-Mechanics Co., Ltd. (hereinafter referred to as "SEM") lawfully processes and safely manages personal data in compliance with the Personal Information Protection Act and other related laws to protect the freedom and rights of data subjects. In accordance with Article 30 of the Personal Information Protection Act, the company has established and discloses the following personal data processing policy to keep data subjects informed about the procedures and standards for personal data processing and handle related grievances quickly and smoothly.

Article 1 (Purpose of Processing Personal Data)

The Company processes personal data for the following purposes. The processed personal data will not be used for any purpose other than the following purposes, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining a separate consent under Article 18 of the Personal Data Protection Act.

Article 1 (Purpose of Processing Personal Data)
No. Name of Personal Data File Operational Basis Processing Purpose
1 Ethical Management, Security Reporting, Compliance Management Reporting Consent by the owner of the personal data ("Data Subject")  Assign the appropriate contact person for an inquiry. Or, check the facts of a report. Reply to inquiries/reports
2 Product Inquiries, Technical Inquiries, Certificates, Recruitment Inquiries, Corporate Data, IR Service support for inquiries/requests
3 Newsletter Provide SEM reports and news
4 Samsung Electro-Mechanics’ Youtube Content Contest Identification, Receipt of and response to inquiries for operation of Youtube contest
5 Component product library Use the component product library
Article 2 (Personal Data Processing and Retention Period)
  1. ① The Company processes and retains personal data within the personal data retention and use period under laws or the personal data retention and use period agreed when collecting personal data from Data Subjects.
  2. ② (Ethical Management/Security Reporting/Compliance Management Reporting/Product Inquiries/Technical Inquiries/Certificates/Recruitment Inquiries/Corporate Data/IR)
    The personal data processing and retention period is one year. However, personal data for which the retention and use period has expired may be preserved without being destroyed, "where it is required to be preserved under other laws” or “where a separate consent has been obtained."
  3. ③ (Newsletter)
    Personal data processing and retention period is until the application for newsletter opt-out.
  4. ④ (Samsung Electro-Mechanics’ Youtube content contest)
    The personal data processing and retention period is three months from the day when results are announced. However, personal data for which the retention and use period has expired may be preserved without being destroyed, "where it is required to be preserved under other laws” or “where a separate consent has been obtained."
Article 3 (Provision of Personal Data to Third Party)
  1. ① The company processes the personal data of the data subjects only within the scope specified in the Purpose of Personal Data Processing, and provides personal data to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act as mentioned in the Consent of the Data Subject and special provisions of the law, and otherwise, does not provide the personal data of the data subjects to third parties.
  2. ② In accordance with the "Personal Data Handling and Protection Rules in Emergency Situations" jointly announced by the relevant government ministries and agencies, the company may provide personal data to relevant organizations without the consent of the data subject in response to emergencies such as disasters, infectious diseases, events or accidents that cause imminent danger to life or body, or imminent property loss.
Article 4 (Entrustment of Personal Data Processing)
  1. ① The Company entrusts the processing of personal data as shown in [Attachment 1] for the smooth processing of personal data.

    Article 4 (Entrustment of Personal Data Processing)
    No. Name of Entrustee Entrusted Work Representative Phone No.
    1 The Uber Creative Co., Ltd. Operation and maintenance of website, send newsletters +82-2-517-5133
    2 Samsung SDS Co.,LTD​ Operate computer system +82-2-6155-3114
  2. ② When executing an entrustment agreement, in accordance with Article 26 of the Personal Data Protection Act, the Company specifies prohibition on personal data processing for purposes other than the purpose of carrying out the entrusted work, technical and managerial protection measures for personal data, purpose and scope of the entrusted work, restriction on re-entrustment, safety securement measures, management and supervision of the entrustee, matters relating to liability such as compensation for damages, etc. in documents, and supervises whether the entrustee safely processes personal data.
  3. ③ If the content of the entrusted work or the entrustee is changed, the Company will immediately notify such change through this Personal Data Processing Policy.
Article 5 (Rights and Obligations of Data Subject, Its Statutory Agent and Method of Exercising Them)
  1. ① The Data Subject (refers to the statutory agent, in case the Data Subject is under the age of 14 may exercise the following rights relating to personal data protection against SEM at any time.

    1. 1. Request for access to personal data
    2. 2. Request for correction in case there exists any error, etc.
    3. 3. Request for deletion
    4. 4. Request for suspension of processing
  2. ② The exercise of rights pursuant to Paragraph 1 may be executed in writing, or by e-mail, fax, etc. in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and SEM will take action without delay accordingly.
  3. ③ The exercise of the rights under Paragraph 1 may be carried out through an agent such as the Data Subject’s statutory agent or delegated person. In this case, the power of attorney in the attached Form No. 11 of the Enforcement Rules of the Personal Data Protection Act shall be submitted.
  4. ④ In the case of the request for access to personal data or the request for suspension of processing, the Data Subject’s rights may be restricted under Articles 35 (4) and 37 (2) of the Personal Data Protection Act.
  5. ⑤ If the personal data is specified as a collection in any other laws and regulations, any correction and/or deletion of personal data cannot be requested.
  6. ⑥ SEM verifies whether the person who has made the request for access, the request for correction or deletion, or the request for suspension of processing based on the Data Subject’s rights is the Data Subject itself or its legitimate statutory agent.
Article 6 (Personal Data Items Processed)
  1. ① SEM is handling the following personal data items.

    Personal Data Items Processed
    No. Name of Personal Data File Personal Data Items Recorded in Personal Data File
    1 Ethical Management (reporting) (Optional) Name, Contact Number, E-mail
    2 Security Reporting (reporting) (Optional) First Name, Last Name, Company, Contact Number, E-mail
    3 Compliance Management (reporting) (Optional) First Name, Last Name, Company, Contact Number, E-mail
    4 Recruitment Inquiries Country recruited, Employment area, Type of employment, First Name, Last Name, Contact Number, School/Organization, Major/Department, E-mail
    5 Product, Technology, Certificates, Company Information, IR Country, First Name, Last Name, Company/Organization, Department, Contact Number, E-mail
    6 Newsletter E-mail
    7 SEM’s Youtube content contest Team Leader (Mandatory) Team Name, Password, Name, Date of Birth, E-mail, Contact Number
    (Optional) Affiliation, Matter of interest relating to Samsung Electro-Mechanics Co., Ltd., Questions about SEM
    Team Member Name, E-mail, Contact Number, Date of Birth
    8 Component product library Company ID, password
  2. ② The following personal data items can be automatically generated and collected in the process of using the Internet services.

    • IP address, cookie, service usage record, visiting record, defective usage record, etc.
Article 7 (Destruction of Personal Data)
  1. ① Where personal data becomes unnecessary because of expiration of the personal data retention period, achievement of the purpose of processing, etc., SEM shall immediately destroy the relevant personal data.
  2. ② In the event that the SEM must continue to preserve the personal data in accordance with other laws even when the personal data retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, SEM may move the personal data to a separate database or store it in a different storage location.
  3. ③ The procedure and method of destroying personal data are as follows.
    1. 1. Destruction procedure

      SEM selects personal data for which the cause for destruction occurs, and destroys personal data with the approval of the SEM’s person in charge of personal data protection.

    2. 2. Destruction method

      SEM destroys personal data recorded and kept in the form of an electronic file so that records cannot be reproduced, and the personal data recorded and kept in paper documents is shredded by a shredder or incinerated and destroyed

Article 8 (Measures concerning Destruction etc. of Personal Data of Non-Users) * Component product library
  1. ① SEM destroys the data of those users who have not used the service for one full year. However, until the retention period stipulated by other laws and regulations has elapsed, a user's data may be stored and managed as separated from other users' personal data.
  2. ② SEM notifies users of the fact that their personal data will be destroyed, the expiration date of the period, and items of personal data to be destroyed 30 days before the destruction of the personal data in types of notification available to users, as by e-mail or text message.
  3. ③ If you do not want your personal data destroyed, you can log in to the service before the expiration of the period.
Article 9 (Personal Data Security Securement Measures)
  1. ① SEM is taking the following measures to ensure the safety of personal data.
    1. 1. Establishment and implementation of an internal management plan
      SEM establishes and implements an internal management plan for the secure processing of personal data.
    2. 2. Minimization and training of the persons who handle personal data
      SEM manages personal data by designating and minimizing the persons who handle personal data, and conducts regular training for the employees who handle personal data.
    3. 3. Restriction of access to personal data
      SEM takes necessary measures to control access to personal data through granting, changing, and cancelling access to the database system that processes personal data, and controls unauthorized access from the outside using the intrusion prevention system.
    4. 4. Keeping of access records and prevention of forgery
      Records relating to access to the personal data processing system (web log, summarized data, etc.) are kept and managed in accordance with relevant laws, and security functions are used to prevent forgery, theft, and loss of access records.
    5. 5. Encryption of personal data
    6. 6. Technical countermeasures against hacking, etc.
      In order to prevent personal data leakage and damage caused by hacking or computer virus, etc., SEM installs security programs, conducts periodical updates and inspections, installs systems in areas where access from the outside is controlled, and performs monitoring and blocking technically and physically. In addition, SEM not only conducts monitoring of network traffic but also detects attempts to illegally alter data, etc.
    7. 7. Control of access against unauthorized persons
      SEM has a separate physical storage place for the personal data system where personal data is kept, and establishes and operates the access control procedure.
Article 10 (Matters Concerning Installation, Operation and Refusal of Automatic Personal Data Collection Device)
  1. ① SEM uses "cookies" that store and find usage data time to time.
  2. ② Cookies are a small amount of data that the server which is used to run the system sends to the user’s computer browser, and are stored on the user’s PC computer’s hard disk.
    1. 1. Purpose of using cookies : to check user errors and prevent illegal use by identifying visiting records and security access
    2. 2. Installation, operation and refusal of cookies
      • ▶ Internet Explorer web browser : You can refuse to store cookies by setting options at [Tools] on the top > [Internet Options] > [Personal Data] menus.
      • ▶ Chrome web browser : You can refuse to store cookies by setting [Setting] in the upper-right corner > [Personal Data and Security] > [Cookies and Site Data].
    3. 3. If you refuse to install cookies, provision of services may be difficult.
Article 11 (Matters concerning the Collection, Use, and Rejection of Behavioral Data)

SEM does not collect, use, or provide behavioral data for customized online advertisements, etc.

Article 12 (Person in Charge of Personal Data Protection)
  1. ① The SEM designates the person in charge of personal data protection as follows in order to protect personal data and handle complaints relating to personal data.

    제13조 (개인정보 보호책임자)에 대한 부서명,책임자,연락처 내용을 제공합니다.
    Classification Manager/Department Contact Information
    Personal Data Protection Officer Legal Team Leader Phone number : 031-210-5114
    Email :
    ※ It is connected to the personal data protection department.
    Personal Data Protection Division Personal Data Protection Secretariat, Legal Team Phone number : 031-210-5114
    Email :
  2. ② The Data Subject may contact the person in charge of personal data protection and the department with respect to all inquiries relating to personal data protection, handling of complaints, remedy, etc. that have occurred while using SEM’s service (or business). SEM will answer and deal with the Data Subject’s inquiries without delay.
Article 13 (Request for Access to Personal Data)
  1. ① The Data Subject may make a request for access to personal data to the following department under Article 35 of the Personal Data Protection Act. SEM will try to swiftly handle the Data Subject’s request for access to personal data.

    Request for Access to Personal Data
    Distinction Name of Department Contact Information
    Department of receiving and handling request for access to personal data Personal Data Protection Office Phone number : 031-210-5114
    Email :
Article 14 (Remedies for Infringement on Rights and Interests)

The Data Subject may contact the following institutions to inquire about damage relief, etc. in relation to personal data infringement. The following institutions are independent from the SEM, you can contact if you are not satisfied with the SEM’s own handling of personal data complaints or damage relief results, or if you need further assistance, please contact them.

Article 15 (Change of Personal Data Processing Policy)
  1. ① This Policy is effective from November 09, 2022. When the content of this Policy is added, deleted or modified in accordance with the change of laws/policies or security technology, the modified Personal Data Processing Policy will be disclosed on the website, etc.