Hanwha Defence Australia (hereinafter referred to as “We” or the “Company”) attaches great importance to the privacy of its customers, and is dedicated to complying with regulations on personal information under applicable laws, including the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Data Protection, Etc., and to protecting the interests of its customers (the users of the web page) by maintaining its Privacy Policy pursuant to related laws and regulations. In this regard, through the Privacy Policy and others, the Company informs the customers of how and for what purpose personal information provided by customers (the users of the web page) is processed and what measures are taken to protect personal information. When the Company revises its Privacy Policy, it shall publicly announce the revision through a notification on our website (or give personal notice).

Article 1. (General provisions)
1) “Personal Information” means any information related to a living person that may identify the person via name, residence registration number, or image (including information that may be easily combined with other information to identify a specific person, even though such information may not identify anyone by itself).
2) “Information subject” means any web page user who is the subject of collected Personal Information and who may be identified by processing of his or her Personal Information.
3) The Company’s Privacy Policy is made easily accessible to customers on our website’s homepage (www.hanwha-defense.co.kr), and the Company shall publicly announce revisions to the Privacy Policy through notification on our website (or give personal notice).

Article 2. (Personal Information collected and how we collect it)
The Company shall not process any sensitive information which may significantly infringe the privacy of an Information Subject, or any unique identification information assigned to an Information Subject, without the Information Subject’s consent.

1. For supporting scheduled business visits, the Company collects the following Personal Information:

Collection Method: At homepage  (Visit Application link)
Mandatory: Name, birthdate, company name, title, nationality, telephone number (mobile phone), address (home or office)
Optional: None

2. The following automatically generated information may be collected when using services on the website or during the course of business processes:
※ Access IP information, cookies, access logs, service use records


Article 3. (Collection and use of Personal Information)
The Company may use collected Personal Information for the following purposes:


Collection Method: At homepage (Visit Application link)
Mandatory: Required fields
Purpose: To schedule a visit  

Collection Method: At homepage
Mandatory: Access IP information, cookies, access logs, service use records
Purpose: To identify access frequency, for service use statistics



Article 4. (Use period and destruction of Personal Information)
Users’ Personal Information shall be either retained or destroyed as follows:
1. Retained items: Information provided for the visit scheduling system and other user information
2. Retention period: Until purpose of collection or use is fulfilled
3. After expiration: Destroyed without delay

The above retention period notwithstanding, we will receive consent from the user if it is necessary to continuously retain such information after expiration; however, the Company may keep any Personal Information pursuant to provisions under applicable laws, if it is required to do so by such laws.

Article 5. (Procedures and methods for destruction of Personal Information)
1) Destruction procedure: The Company will, after the purpose of processing Personal Information collected has been fulfilled or the retention period has passed, destroy such information without delay, unless it is necessary to keep it in accordance with the Information Subject’s consent, the Terms of Use, or applicable law.
2) Destruction methods: Personal Information saved in an electronic file format shall be deleted in a technical manner that prevents recovery of the deleted files, and Personal Information printed out on paper shall be shredded or incinerated.

Article 6. (Provision of Personal Information to a third party)
The Company may use the Personal Information within the scope of “Article 3. Collection and use of Personal Information” and shall not use or disclose the Personal Information to any third party beyond such scope, except in the following cases:

1) When the Information Subject’s separate consent has been obtained,
2) Pursuant to any provisions under other laws, or when required by an investigating agency according to procedures and methods for investigation purposes, 3) In the event that it is impossible to obtain consent, due to an Information Subject or their legal representative being under circumstances in which they are unable to express their intentions, or located at an unknown address, when it is deemed explicitly necessary for the benefit of life, body, or property of such Information Subject or the third party.

Article 7. (Assignment of Personal Information collected)
1) For the smooth processing of Personal Information, the Company has assigned the following:

Assigned Task: Maintenance of Hanwha Defense homepage
Entrusted Personal Information items: Collection items under Article 2.
Assigned company: Hanwha Systems  

Assigned Task: Managing visiting system
Entrusted Personal Information items: Collection items under Article 2.
Assigned company: Hanwha Systems


2) When the Company assigns the above tasks, it vows to establish matters with respect to prohibition from processing other than for the purpose of performing assigned works, technical and managerial protection measures, inspection and supervision of assignee or responsibility for damages, etc., and supervise whether the assignee processes Personal Information securely.

3) When the contents or any assignee is changed, the Company will immediately disclose the change via this Privacy Policy.

Article 8. (Rights of Information Subjects and their legal representatives and how to exercise them)
1) All Information Subjects may request review, correction, deletion, or suspension of processing of their Personal Information by the Company, provided that the Company may reject or limit such requirement in cases where:
A. There is any special provision under applicable law, or it is unavoidable to comply with obligations under the law;
B. It is likely to damage other people’s lives or bodies or any other interests; or
C. In the case where it is hard to perform Services agreed upon with the Information Subject, unless such Personal Information is processed, when such Information Subject does not expressly indicate an intention to terminate the Agreement.

2) Exercise of rights and method
A. Any Information Subjects who wish to review their Personal Information may submit a written request for review, correction, deletion, or suspension of processing of their Personal Information to the Personal Information Department via email or fax (refer to “Article 12. Personal Information protection officer and service for complaints)
B. The Company shall take appropriate measures within ten (10) days, unless there is any reasonable cause, and inform the Information Subject within five (5) days of the reason for limitation or rejection and method of appeal thereof
C. When any Information Subject or their representative requests any Personal Information, the Company may determine whether or not the person is a principal or agent through ID confirmation, including residence registration card, official electronic signature, etc.

Article 9. (Withdrawal of consent to collection, use, or provision of Personal Information)
Any Information Subject may, at any time, withdraw their consent to collection, use, or provision of Personal Information. If an Information Subject contacts a Personal Information protection officer for Withdrawal of Consent via written request, telephone, or email, the Company will immediately take necessary measures, including deletion of such Information, and will give notice of such acts upon withdrawal of consent and taking the necessary measures.

Article 10. (Installation, operation. or rejection of devices that automatically collect Personal Information)
1) The Company will use “cookies,” which from time to time search and save your information.

A cookie is a small text file that the server sends to your browser to be saved in your computer for the Company to use in operation of its website. The Company may use cookies for the following purposes:

A. Use for measurements to reform service by analyzing the frequency of customer visits and visiting times, etc., and identifying customers’ tastes and individual interests;
B. In order for the Company to provide distinctive information related to individual interests.

2) Users have the choice to install cookies. Accordingly, users may choose to allow all cookies, to be prompted to confirm whenever a cookie is saved, or to block all cookies by setting options in their browser:

A. Method to reject cookies in settings (Internet Explorer)
① Select [Tools]> [Internet Options].
② Select [Personal Information Tab].
③ Set [Personal Information Protection Level].

B. To see Cookie received (Internet Explorer)
① Select [Tools].
② Select [Internet Options].
③ Select [Setup] on [Common tab (Basic tab)]
④ Select [View file].

3) If you have rejected cookie installation, you may have difficulty using the Company’s Service.

Article 11. (Technical and administrative measures for protection of Personal Information)
In handling Personal Information, the Company prepares and takes measures to ensure the safe protection of Personal Information to prevent it from being lost, stolen, disclosed, altered, or damaged.

1. Technical Measures:
We comply with standards set by laws for safe storage and transmission of Personal Information.
We take measures to prevent damage from computer viruses by using antivirus software, and shall promptly update antivirus software as soon as it is available to prevent Personal Information from breaches by the sudden emergence of new viruses.
Ensure security by using a data breach prevention system and vulnerability analysis system on each server to provide for outside data breaches such as hacking.

2. Administrative Measures
- The Company limits access to the Information Subject’s Personal Information to a minimum number of personnel, designated below:

· Hiring personnel who are directly contacting users;
· Personnel performing administration of Personal Information, including Personal Information protection officers and managers;
· Other personnel for whom Personal Information handling is unavoidable for work purposes.

- We regularly perform internal and outside consignment training to all employees handling Personal Information

- Handover of work by the personnel handling Personal Information shall be strictly performed to maintain security, and shall be thoroughly controlled and supervised so as to comply with laws regarding Personal Information protection during and after employment, and personnel shall take clear responsibility for any incident. The Company is not liable for any matters arising out of either individual mistakes of the user or the fundamental risks of Internet use. Applicants shall manage their passwords properly and take personal responsibility for them. In the event that any Personal Information is lost, stolen, disclosed, altered, or damaged due to an error by an internal administrator or by accident under technical management, the Company will immediately inform the Information Subject of such facts to take appropriate measures and compensation;

3. Physical Measures
- We take preventive measures, such as using physical locks, to prevent physical access so as to securely store Personal Information and our Personal Information processing system. Access to the computer room and archive is restricted by setting up a restricted area.

Article 12. (Personal Information protection officer and service for complaints)
1) The Company assigns the related department and Personal Information protection officer as below to protect Information Subjects’ Personal Information and handle any complaints in connection with the Personal Information of users.

A. Personal Information protection officer
1) Name: Lee Daewoo
2) Telephone: 02.729.3570

B. Personal Information manager and contact person

Personal Information manager
(visit scheduling)
Name: Lee Jaewoo
Position: Security team
Tel: 02.729.3624
Fax: 02.729.3886

Personal Information officer
(visit scheduling)
Name: Kang Hyunseok
Position: Security team
Tel: 055.280.6125
Fax: 055.280.6118

Personal Information manager
(homepage)
Name: Lee Bongki
Position: Information planning team
Tel: 02.729.4213
Fax: 02.729.5820

Personal Information officer
(homepage)
Name: Park Hyoseok
Position: Information planning team
Tel: 055.280.6940
Fax: 055.280.6946

2) Should any consultation or report for Personal Information infringement be necessary, customers may contact the following agencies: - Personal Information Dispute Mediation Committee: 02.405.5150 (www.kopico.or.kr) (w/o local code) 118 (privacy.kisa.or.kr)
- Privacy Complaint Center: (w/o local code) 118 (privacy.kisa.or.kr)
- Cybercrime Investigation Division of the Supreme Prosecutors’ Office: 02.3480.3571 (cybercid@spo.go.kr)
- National Police Agency Cyber Bureau : 1566.0112 (cyberbureau.police.go.kr) Article

13. (Appendix)
If there is any addition, deletion, or change in the contents of this Privacy Policy, it shall be announced in advance through the website of Hanwha Defence Australia

Established date of the Privacy Policy: January 1, 2019
Version Number of the Privacy Policy: 1.1
Date of the last revision of the Privacy Policy: January 1, 2019 .