Autonomous AtoZ Co., Ltd. (hereinafter referred to as the "Company") complies with the Personal Information Protection Act, and establishes a privacy policy in accordance with relevant laws to protect the rights and interests of users.

The Company's privacy policy includes the following contents.


1. Purpose of Processing Personal Information and Items collected

2. Provision of Personal Information to Third Parties

3. Retention and Use Period of Personal Information

4. Procedures and Methods for Destroying Personal Information

5. Rights and Obligations of Data Subjects and Methods of Exercising Them

6. Measures to Ensure the Security of Personal Information

7. Matters Concerning the Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

8. Matters Concerning the Installation and Operation of Video Information Processing Devices

9. Personal Information Protection Officer and Contact Information

10. Additional Information

11. Changes to the Privacy Policy


1. Purpose of Processing and Items of Personal Information Collected


Time of Collection

Purpose

Items Collected

Recruitment and Hiring

Application support, talent pool registration, recruitment screening

- Required: Name, phone number, email

- Optional (submitted by applicant - sensitive information): Disability status (for preferential recruitment)

- Optional (submitted by applicant - various information): Education, date of birth, gender, nationality, current employer, work experience, veteran status (if applicable), military service (if applicable), qualifications/language skills (type, level, score, date obtained), project details, awards, other information (foreign residency experience, IT skills, academic and extracurricular activities, volunteer work, etc.), self-introduction


Company Office Premises

Crime prevention and investigation, facility safety, and fire prevention

Personal video information


During the process of using the service or handling business, the following information may be automatically generated and collected.

- e.g.) Visitor records (IP address, access time), cookies


The company collects personal information through user input methods on its website (http://www.autoa2z.ai/), and in some cases, may collect information through printed documents or emails.


2. Provision of Personal Information to Third Parties

The Company uses personal information within the scope notified in "1. Purpose of Processing and Items of Personal Information Collected" and does not use or disclose personal information externally without the prior consent of the data subject, except in the following cases:

- When the data subject has given prior consent

- When required by law or requested by law enforcement agencies in accordance with legal procedures and methods for investigative purposes

- When provided in a pseudonymized form that cannot identify a specific individual for statistical purposes, scientific research, or public record preservation



3. Period of Retention and Use of Personal Information

The Company processes and retains personal information within the period of retention and use consented to by the data subject at the time of collection and, in principle, destroys personal information without delay once the purpose of processing is achieved.


4. Procedures and Methods for Destroying Personal Information

In principle, personal information is destroyed without delay when the purpose of processing is achieved. The Company's procedures and methods for destroying personal information are as follows:


A. Destruction Procedures

- Information entered by the data subject is transferred to a separate database (in the case of paper, a separate document box) after the purpose is achieved and stored for a certain period according to internal policies and other relevant laws (refer to "3. Period of Retention and Use of Personal Information") before being destroyed.

- This personal information is not used for any purpose other than retention except as required by law.


B. Destruction Methods

- Personal information printed on paper is destroyed by shredding or incineration.

- Personal information stored in electronic file format is deleted using technical methods that prevent the records from being restored.


5. Rights and Obligations of Data Subjects and Methods of Exercising Them

Data subjects can view or modify their registered personal information at any time and can request the deletion or suspension of processing. If you wish to delete or suspend the processing of your personal information, please contact the Personal Information Protection Officer by email, and we will take action without delay.


6. Measures to Ensure the Security of Personal Information

The Company takes the following protective measures to ensure that personal information is not lost, stolen, leaked, altered, or damaged during processing.


1) Administrative Measures

Establishment and implementation of internal management plans, regular training for personnel, etc.


2) Technical Measures

Management of access rights to personal information processing systems, installation of access control systems, encryption of key personal information, and installation of security programs


3) Physical Measures

Access control to computer rooms, data storage rooms, etc.


7. Matters Concerning the Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

The Company uses ‘cookies’ to provide web services. A cookie is a small amount of information that the server sends to the user’s web browser and is stored on the user’s PC hard drive.


A. Purpose of Using Cookies: Cookies are used to understand the visit and usage patterns of users on visited web pages and to determine secure access.


B. Installation, Operation, and Rejection of Cookies: You can refuse to store cookies through the option settings in the Privacy menu at the top of your web browser. There are no disadvantages to refusing to store cookies.


8. Matters Concerning the Installation and Operation of Video Information Processing Devices


1) Basis for Installation and Purpose of Video Information Processing Devices

The Video Information Processing Device Operation and Management Policy (hereinafter referred to as "this Policy") aims to protect the rights and interests of data subjects by specifying the matters that the Company must comply with in the installation and operation of video information processing devices and the protection of personal video information in accordance with the Personal Information Protection Act.


2) Principles for the Protection of Personal Video Information

The Company collects personal video information within the minimum necessary scope that meets the purpose of installing the video information processing device, and clearly informs customers of the purpose of installation. The Company does not use personal video information for purposes other than the stated purpose. The Company strives to ensure the accuracy and currency of personal video information and safely manages it. The Company discloses matters related to the processing of personal video information and guarantees customers' rights to personal video information.


3) Designation of Managers and Other Personnel

For the secure management of personal video information, the Company designates managers, departments, and personnel responsible for handling personal video information. The designated individuals are as follows:

  • Manager: Youngcheol Oh (CTO, Pyeongchon Research Center), Seungryong Jung (Business Operations, Sejong Research Center), Sejong Kim (Platform Operations, Ulsan Research Center), Seunghwa Hyun (ES Development, Daegu Research Center)

4) Installation of Video Information Processing Devices

The number, location, and range of video information processing devices are as follows:

Item

Range

Number of Video Information Processing Devices

24

Location of Video Information Processing Devices

Pyeongchon Research Center, Ulsan Research Center, Sejong Research Center, Daegu Research Center, Hwaseong Branch

Range of Video Information Processing Devices

Video information processing devices do not arbitrarily manipulate or point to other places for purposes other than those intended, and the recording function is not used.


5) Provision and Sharing of Personal Information

The Company takes necessary measures such as installing a signboard with the following information so that the data subject can easily recognize that the video information processing device is installed and operated:

  • Installation purpose and location, range and time of recording, name, title, and phone number of the manager
  • In case of entrustment of installation and management, the name and phone number of the trustee

The signboard is installed within the recording range where customers can easily read it, and the size of the signboard is 19.5 x 12 cm. However, the size may be changed according to the conditions of the installation site.


6) Requests for Access, etc. by Data Subjects

Data subjects can request access and confirmation of the existence of their personal video information processed by the Company (hereinafter referred to as "access, etc.") from the Company.

When the Company receives a request for access, etc., it shall take necessary measures without delay. In this case, the Company may verify the identity of the person who made the request by submitting an identification document such as a resident registration card, driver's license, or passport to ensure that they are the data subject or a legitimate agent.

Even if the data subject requests access, etc., the Company may refuse the request for access to personal video information in the following cases, and in such cases, the Company shall notify the customer of the reason for refusal and how to appeal within 10 days in writing, etc.:

  • If the retention period of personal video information has expired and it has been destroyed
  • If there are other legitimate reasons for refusing the data subject's request for access, etc.

 

7) Recording Time, etc. of Video Information Processing Devices

The recording time, retention period, and department in charge of personal video information are as follows:

  • Recording time: 24 hours
  • Retention period: 60 days from the recording date
  • Person in charge of retention: Youngcheol Oh (CTO, Pyeongchon Research Center), Seungryong Jung (Business Operations, Sejong Research Center), Sejong Kim (Platform Operations, Ulsan Research Center), Seunghwa Hyun (ES Development, Daegu Research Center), Byungyong Yoo (Platform Development, Hwaseong Branch)

 

8) Management of Video Information

When personal video information is used or provided for purposes other than the original purpose with the consent of the data subject or as required by law, the following information shall be recorded in the "Personal Video Information Management Ledger" and managed:

  • Name of the personal video information file
  • Name of the person who used or received the information
  • Purpose of use or provision
  • Legal basis for use or provision, if any
  • Period of use or provision, if specified
  • Form of use or provision
  • Destruction of personal video information: automatic deletion according to capacity (60 days)
  • Person in charge of destruction of personal video information: Youngcheol Oh (CTO, Pyeongchon Research Center), Seungryong Jung (Business Operations, Sejong Research Center), Sejong Kim (Platform Operations, Ulsan Research Center), Seunghwa Hyun (ES Development, Daegu Research Center), Byungyong Yoo (Platform Development, Hwaseong Branch)

 

9) Retention and Destruction

The Company automatically destroys personal video information when the retention period specified in this policy expires. However, this does not apply if there are special provisions in other laws. The methods of destroying personal video information are as follows:

  • Personal video information recorded in print (photos, etc.) is shredded or incinerated
  • Personal video information in electronic file format is permanently deleted using technical methods that make it impossible to restore


10) Administrative, Technical, and Physical Measures

  • Access to personal video information collected and processed by video information processing devices is limited to designated minimum personnel such as managers and staff.
  • The Company designates and controls access to the place where personal video information is viewed or played, and restricts entry and viewing to persons authorized with access rights.
  • The Company immediately changes or deletes access rights in case of personnel changes such as transfers or retirements.
  • The Company takes necessary measures such as setting passwords to ensure the security of personal video information when processing or transmitting personal video information files.
  • The Company regularly checks the normal operation of video information processing devices to prevent tampering with personal video information.


9. Contact Information for the Personal Information Protection Officer

You can report any privacy-related complaints that occur while using the website or other services to the Personal Information Protection Officer. The Company will promptly and sufficiently respond to users' reports.


Personal Information Protection Officer and Contact Information

Chief Privacy Officer

Deputy Privacy Officer

Name: Youngcheol Oh

Department: CTO

Position: Director

Email: ycoh@autoa2z.co.kr

Name: Myungseon Heo

Department: Autonomous Driving System Development Division

Position: Director

Email: hms@autoa2z.co.kr


If you need to report or consult about a personal information breach, please contact the following organizations.


Personal Information Dispute Mediation Committee (http://kopico.go.kr / 1833-6972)

Personal Information Infringement Report Center (http://privacy.kisa.or.kr / No area code 118)

Supreme Prosecutors' Office Cyber Investigation Division (http://www.spo.go.kr / No area code 1301)

Cyber Investigation Bureau of the National Police Agency (https://ecrm.cyber.go.kr / No area code 182)


10. Additional Information

Please note that the "Privacy Policy of Autonomous AtoZ Co., Ltd." does not apply to the collection of personal information by websites linked from this website.


11. Changes to the Privacy Policy

If there are any additions, deletions, or modifications to the current privacy policy, we will notify you through the 'Notice' section of the website at least 7 days before the revision. However, if there are significant changes to users’ rights such as the collection and use of personal information, and provision to third parties, we will notify you at least 30 days in advance.


- Announcement Date: February 21, 2024

- Effective Date: February 28, 2024