Local privacy guideline
1 General provisions
Robert Bosch Korea Limited Company (hereinafter “the Company”) establish, implement and comply with the Privacy Policy (hereinafter “this Privacy Policy”) in an effort to proactively protect the personal information of the principal of information (hereinafter “Principal”) processed by the Company and to protect the information and the rights of the Principal and to smoothly address the grievance suffered by the Principal related to the personal information pursuant to the Personal Information Protection Act (hereinafter “PIPA”). This Privacy Policy is subject to change pursuant to relevant laws, regulations and rules and the Company’s internal operation policies, in which case the changes made to this Privacy Policy will be disclosed in accordance with the methods stipulated by relevant laws and regulations.
This Privacy Policy is put into force from May 01, 2019.
2 Purposes of processing personal information and items of personal information to be processed
| Purposes of processing | Items of personal information |
|---|---|
|
Purposes of processing
Execution and performance of contract
Identification of the contracting party; determination of whether to execute a contract; receipt of credit rating information; performance of contract including supply of product and receipt of payment; payment and reimbursement of the sales incentive; countermeasures against defaults including sending content-certified letter, filing petition for preliminary attachment and institution of lawsuit; valuation of the security |
Items of personal information
Name, gender, date of birth, address, home telephone
number, mobile phone number, fax number, e-mail address,
name of company, business type, title, purchase history
Matters concerning payment of prices; Account number at financial institutions such as banks and securities companies |
|
Purposes of processing
Performance of legal and administrative obligation of
the company
Performance of legal and administrative obligations imposed on the Company, including the followings: report and payment of all sorts of taxes including corporate income tax and value added tax; issuance and delivery of receipts, tax invoices |
Items of personal information
Name, gender, address, home telephone number, mobile phone
number, fax number, e-mail address, name of company,
business type, title, purchase history
|
|
Purposes of processing
Computerized management of contract terms, transaction
status, descriptions of product supply and payment
|
Items of personal information
Name, gender, address, home telephone number, mobile phone
number, fax number, e-mail address, name of company,
business type, title, purchase history
|
|
Purposes of processing
Promotion of the Company’s products via sending mail
(including e-mail), transmitting SMS, telephone
|
Items of personal information
Name, address, mobile phone number, e-mail address, name
of company, purchase history
|
|
Purposes of processing
Management of education history and recommendation of
education program; provision of information on event, sale
and giveaway event
|
Items of personal information
Name, mobile phone number, e-mail address, name of
company, purchase history
|
|
Purposes of processing
Customer relation management (CRM); provision of response
to the inquiries of discontent customers; provision of
after-sales service
|
Items of personal information
Name, address, mobile phone number, e-mail address,
purchase history
|
|
Purposes of processing
Reservation of transportation means and accommodation
facilities and payment of fees for event winners
|
Items of personal information
Name, address, home telephone number, mobile phone number,
e-mail address, name of company, job title, professional
field
|
|
Purposes of processing
Implementation of due diligence in preparation for the
possible transfer, merger and division of Company‘s
business in whole or in part (incl. the transfer of the
corporate group which the Company is affiliated to)
|
Items of personal information
Name, address, home telephone number, mobile phone number,
fax number, e-mail address, name of company, business
type, title, bank account number
|
|
Purposes of processing
Delivery of products for customer companies
|
Items of personal information
Name, address, mobile phone number
|
3 Period of processing and retention of personal information and destruction of personal information
The Company will immediately destroy personal information when the purposes of processing such personal information are attained and the personal information becomes unnecessary.
When the Company destroys personal information, it will implement measures to ensure that the information is not restored or regenerated.
However, when the Company has obtained prior approval from the Principal or when the Company must retain the personal information of the Principal pursuant to other laws and regulations, the Company will store and manage such personal information or personal information file separately from other personal information.
4 Transfer of personal information to a third party
The Company transfers the data subjects’ personal information to third parties as follows:
| Recipient | Transferred Items | Recipients’ | Recipient |
|---|---|---|---|
|
Recipient
Korea Appraisal Board
|
Transferred Items
Name, phone number, address
|
Recipients’
Appraisal of mortgages for the contract with individual
business owners
|
Recipient
Until the purposes of provision are attained
|
|
Recipient
Jeong Gongsoo Judicial Agent
|
Transferred Items
Name, phone number, address
|
Recipients’
Establishment/cancellation of kun-mortgage rights, other
legal measures (esp. for the contract with individual
business owners)
|
Recipient
Until the purposes of provision are attained
|
|
Recipient
Joongang Credit Information
|
Transferred Items
Name, phone number, address
|
Recipients’
Request for debt collection
|
Recipient
Until the purposes of provision are attained
|
|
Recipient
Olivevine
|
Transferred Items
Name, mobile phone number, address
|
Recipients’
Building community of BCS and delivery of goods
|
Recipient
Until the purposes of provision are attained
|
|
Recipient
Bosch Sicherheitssysteme GmbH
|
Transferred Items
Company, name, email address, phone number
|
Recipients’
Management of projects with customers/dealers via RB
global system
|
Recipient
Until the purposes of provision are attained
|
|
Recipient
BCD Travel
|
Transferred Items
Name, company
|
Recipients’
Verification of workshop participants for reservation of
transportation and accommodation and travel insurance
|
Recipient
Until the purposes of provision are attained
|
|
Recipient
Naeil Tour
|
Transferred Items
Name, company, date of birth, mobile phone number
|
Recipients’
Verification of workshop participants for reservation of
transportation and accommodation and travel insurance
|
Recipient
Until the purposes of provision are attained
|
|
Recipient
Bosch Electrical Drives Company, Bosch Rexroth Korea Ltd.,
ETAS Korea Co., Ltd.
|
Transferred Items
Name, country, email address
|
Recipients’
Handling of inquiries and responding the inquiry senders
directly by the applicable RB entities
|
Recipient
Until the purposes of provision are attained
|
5 Delegation of Personal Information Processing Services
The Company delegates personal information processing services as follows:
| Provider of Delegated Services | Contents of Delegated Services |
|---|---|
|
Provider of Delegated Services
CAPSTEC
|
Contents of Delegated Services
Management of access to the Company
|
|
Provider of Delegated Services
GIG Co., Ltd.
|
Contents of Delegated Services
Storage, package and delivery of goods to customers,
warehousing related tasks and order processing
|
|
Provider of Delegated Services
Ethan & Alice Marketing Inc. & Call center
|
Contents of Delegated Services
Announcement of events and event winners
Handling of customers’ inquiries |
|
Provider of Delegated Services
METANET MCC Inc.
|
Contents of Delegated Services
Customer call center (in-and outbound)
|
|
Provider of Delegated Services
Olivevine
|
Contents of Delegated Services
Marketing events on SNS, delivery of goods (AA)
|
|
Provider of Delegated Services
Kises
|
Contents of Delegated Services
Delivery of promotion goods
|
|
Provider of Delegated Services
Bosch Service Solutions, Inc.
|
Contents of Delegated Services
Bosch Korea contact channel management including
forwarding inquires to responsible persons in Korea
|
|
Provider of Delegated Services
Bosch Sicherheitsysteme GmbH
|
Contents of Delegated Services
The operation and management of the BT global website for
Korea
The operation and management of the BT global system for customer management |
|
Provider of Delegated Services
Robert Bosch Power Tools GmbH
|
Contents of Delegated Services
The operation and management of the PT global websites for
Korea
|
|
Provider of Delegated Services
Bosch Security Systems BV
|
Contents of Delegated Services
Issuance of the license of BT software to customers in
Korea
|
|
Provider of Delegated Services
RB GmbH
|
Contents of Delegated Services
The operation and management of the RB global system for
customer management (PT, AA)
|
|
Provider of Delegated Services
SO/OPM3-ml
|
Contents of Delegated Services
The operation and management of the RB global system for
order management (AA)
|
|
Provider of Delegated Services
McKalley Communications
|
Contents of Delegated Services
Collection of the AA marketing event participants’
personal information, notification to the gift winners and
delivery of the gifts
|
|
Provider of Delegated Services
Jinsung
|
Contents of Delegated Services
Collection of event participants’ business cards for PT
Korea’s marketing events
|
6 Limits on processing resident registration numbers
The Company processes resident registration numbers only in following cases:
(1) in case processing resident registration numbers is required or allowed by legal provisions, or
(2) in case there is clear evidence of some urgent need to handle resident registration number, for the sake of the safety or property of the Principal or of a third party, or
(3) in case there exist special provisions under any other laws or ordinance of the Ministry of Government Administration and Home Affairs (hereinafter “MGAHA”).
7 Matters concerning the rights and obligations of principal and method of exercise thereof
7.1 Inspection of personal information
(1) The Principal may request inspection of his/her own personal information processed by the Company.
(2) Within ten (10) days from the receipt of the Principal’s request for inspection of personal information, the Company will allow the Principal to inspect his/her personal information. If the personal information cannot be inspected within the above period due to a justifiable reason, the Company may delay inspection after notifying the Principal of the reason for the delay. When the reason for the delay ceases to exist, the Company will immediately allow inspection of the persona information.
(3) In any of the following cases, the Company may restrict or refuse inspection of personal information after notifying the Principal of the reason for such refusal or restriction:
1) If inspection is prohibited or restricted by law; or
2) If such an act is likely to inflict damages upon another person’s life or body or unfairly infringe upon another person’s property or other rights.
7.2 Correction and deletion of personal information
(1) The Principal who has inspected his/her personal information may request that the Company correct or delete his/her personal information.
(2) the Company will deliver a report on the results of correction or deletion notifying the Principal of (i) the fact that the Company has taken necessary measures such as correction or deletion of such information as requested by the Principal or (ii) the fact that the Company has not complied with the Principal’s request for deletion because the personal information is specified as items subject to collection under other law. However, if specific procedures for correction or deletion of personal information are stipulated by other laws and regulations, the Company will comply with such laws and regulations.
(3) When the Company deletes personal information in accordance with the Principal’s request, it will implement measures to ensure that the information is not restored or regenerated.
7.3 Suspension of processing of personal information
(1) The Principal may request that the Company suspend the processing of his/her own personal information.
(2) In any of the following cases, the Company may refuse the Principal’s request for suspension of processing of personal information:
1) If there is a special provision in law or if denying the request is necessary to comply with legal obligations;
2) If such an act is likely to inflict damages upon another person’s life or body or unfairly infringe upon another person’s property and other rights; or
3) If performing the contract becomes difficult (i.e. unable to provide the agreed services to the Principal) unless the personal information is processed, and the Principal has not expressed a clear intention to terminate such contract.
(3) With regard to the personal information of which processing has been suspended in accordance with the request of the Principal, the Company will immediately take necessary measures such as destruction of the personal information.
7.4 Methods and procedures of exercising rights
Request for inspection, correction or deletion of personal information or suspension of processing of personal information can be made by the Principal, his/her legal representative or delegatee. However, in the event that the Principal is represented by his/her legal representative or delegatee, a power of attorney of the Principal as prescribed by the Decree of the MGAHA should be submitted to the Company.
8 Measures to ensure safety of personal information
The Company takes the following technical, managerial and physical actions necessary for ensuring safety in order to prevent the loss, theft, unlawful leakage, alteration or damage of personal information.
(1) Establishment and implementation of an internal management plan for the safe processing of personal information
(2) Measures to control access to personal information and to limit access rights
(3) Application of encryption technology or equivalent measures that enable safe storage and transmission of personal information
(4) Maintenance of login history to take measures against the infringement incident of personal information and measures to prevent forgery or alteration
(5) Installation and upgrade of security programs for personal information
(6) Physical measures including preparation of storage facilities and installation of locking system for the safe storage of personal information
9 Automatic collection of personal information on websites
The Company uses cookies and active components (e.g., JavaScript) to track visitors’ preferences and customize the design of the websites. Cookies are small text files stored on your computer when you visit our website. You can delete the cookies at any time. However, this can result in some functions no longer being available. For information on deleting the cookies, please consult your browser’s help function.
The Company allows you to control the use of cookies. To do so, click the ‘Privacy settings’ link in the footer. There you can configure which cookies you want to use.
- Purposes: operation of the website function, improvement of usability, performance and design, constant implementation of the privacy setting, anonymizing of user data
- Rights to refuse: You may reject the storage of cookies by changing the privacy setting in the web-browser. Tool > Internet Options > Privacy
10 Collection of opinions and handling of complaints
The Principal may file any complaint regarding protection of personal information to the CPO or the department in charge. The Company will provide a prompt and sufficient response with regard to the complaint of the Principal.
Chief Privacy Officer
Seongsoo Park
031-270-4155
Seongsoo.Park@kr.bosch.com
Privacy Officer Team Members
Daesic Bae
031-270-4352
Daesic.Bae@kr.bosch.com
Minhee Kim
031-260-9946
Minhee.Kim@kr.bosch.com
Sungun Oh
042-939-7502
Sungun.Oh@kr.bosch.com
In case the incidents of personal information protection breach, the Principals may contact the following government organization under the Ministry of Science, ICT and Future Planning.
Korea Internet & Security Agency (KISA)
- Tel: 82-2-405-5118 (ARS - extension number: 2)
- E-mail: privacyclean@kisa.or.kr
History
| Issue | Date | Editor | Description of amendment |
|---|---|---|---|
| Issue |
Date
2012.02.24
|
Editor
RBKR/DSO
|
Description of amendment
• The privacy guideline of Bosch Korea has been
established and published.
|
| Issue |
Date
2013.08.12
|
Editor
RBKR/DSO
|
Description of amendment
• The legal name of Bosch Korea has been changed.
• Matters regarding delegation of processing PI have been changed. • The organization name of the relevant government ministry has been changed. |
| Issue |
Date
2014.06.26
|
Editor
RBKR/DSO
|
Description of amendment
• The items of processed PI have been changed.
• Matters regarding transfer of PI to third parties have been changed. |
| Issue |
Date
2015.11.25
|
Editor
RBKR/DSO
|
Description of amendment
• Deletion of a few processed PI items concerning
individual career
• Addition of details on transfer of Company’s Business • Change of organization name of relevant government ministry • Change of Chief Privacy officer in Bosch Korea |
| Issue |
Date
2016.10.31
|
Editor
RBKR/DSO
|
Description of amendment
• Change of the corporate name: Robert Bosch Korea Ltd.
and Robert Bosch Korea Diesel Ltd. -> Robert Bosch
Korea Limited Company
• Change of Chief Privacy officer in Bosch Korea |
| Issue |
Date
2017.07.31
|
Editor
RBKR/DSO
|
Description of amendment
• Deletion of the matters regarding transfer of PI to
third parties
• Partial change of matters regarding deletion of personal information processing services • Deletion of unnecessary items |
| Issue |
Date
2018.10.31
|
Editor
RBKR/DSO
|
Description of amendment
• Addition of the article regarding the automatic
collection of personal information on websites
• Addition of the article regarding the transfer of personal information to third parties • Change of the parties to whom the personal information processing is outsourced (addition of new partners, deletion of expired partners, etc.) |
| Issue |
Date
2019.05.01
|
Editor
RBKR/DSO
|
Description of amendment
• Change of the Chief Privacy Officer
• Addition of the third parties to whom personal information is provided for the purposes of handling inquiries • Addition of the parties to whom the personal information processing is outsourced (AA marketing agency, PT marketing agency) |