• Home
  • About us
  • Sustainability
  • Compliance


Samsung Biologics fulfills our social roles and responsibilities as a CMO company in the Biologics industry by practicing legal and ethical compliance-oriented management principles and abiding by all applicable laws. To that end, we have a robust Compliance Program, which is the most fundamental aspect of fulfilling our company’s social responsibilities. Through our education and system organization, we ensure compliance becomes the basis of all business activities and decision-making. In addition, our Compliance Program addresses management risks stemming from infringement of intellectual property rights, as well as strengthening our responsibility on the issues of human rights, safety, health, and the environment.

Compliance Program

  • Compliance

    Compliance Program (CP) activities of Samsung Biologics are executed by our management through the following process :
    The establishment of CP standard procedures → Execution of education → Inspection and monitoring → Evaluation and reporting.
    The Legal & Compliance Management Department establishes and provides CP regulations, detailed guidelines, action standards, and manuals to employees. The department promotes legal compliance by continuous education and monitoring on daily basis. Additionally, it receives inquiries and reports regarding issues and concerns on the compliance of relevant laws and regulations by its employees.

    Compliance Program Compliance Program
  • CP Execution

    Our CP execution system is composed of the CEO, the Legal & Compliance Management Committee, and the Legal & Compliance Management Department.

    CP Execution System CP Execution System
    Legal & Compliance Management Committee

    The Legal & Compliance Management committee, with the CEO as the chairman, deliberates and resolves key issues and makes decisions related to legal and compliance management. The Committee meets regularly and reports on CP performance and issues.

    Legal & Compliance Management Department

    Legal & Compliance Management Department is responsible for overall operations of the Compliance Program of Samsung Biologics, with the CCO (Chief Compliance Officer) as the head of the organization. The department establishes compliance and action standards and supports the Legal & Compliance management committee.

  • Key CP Policies

    Compliance practice for each category include: protection of confidential information, observance of fair trade, prevention of corruption, maintenance of environmental safety, protection of intellectual property, safeguard of information security, and protection of personal information.

Legal Compliance Management Action Standard

The staff and executives of Samsung Biologics fully recognize the importance of compliance management. Samsung Biologics complies with all applicable laws and internal regulations, accomplishing the objectives including, but not limited to, the following:

  • Action
    1. Healthy Organizational Culture

    We will respect the dignity and diversity of individual staff and executives, and comply with the laws related to personnel management.

    2. Fair Competition

    We will respect the free and fair market economic order and comply with the fair trade laws.

    3. Working together with Subcontractors

    We will work with cooperative companies as partners in business and not abuse our bargaining power.

    4. Anti-Corruption

    We will not improperly acquire business opportunities or receive benefits.

    5. Accounting and Public Announcements

    We will accurately record financial information according to internationally recognized accounting standards, and we will sincerely notify the public of required corporate information and important issues.

    6. Confidential Information and Intellectual Property

    We will protect confidential information and intellectual property rights.

    7. Personal Information

    We will protect personal information.

    8. Safety, Health, and Environment

    We will preserve the health and safety of our workers, the public, and the environment.

  • Reports

    For questions or comments regarding the legal & compliance management of Samsung Biologics, please send them to the address below:

    Legal & Compliance Team, Compliance Manager, Samsung Biologics, 300, Songdo bio-daero, Yeonsu-gu, Incheon 21987, Republic of Korea





Samsung Biologics (hereinafter, the “Company”) values users’ personal information, complies with statutory obligation s on protection of personal information such as the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc. and the Act on Protection of Personal Information, and has created a Policy to Handle (Process) Personal Information to protect the users’ right and interest to the maximum extent possible.

Through the Policy to Handle (Process) Personal Information, the Company publicizes its operations on personal information treatment (processing) with particulars such as the types of personal information collected from the users and the purpose of processing such information, the time limit for processing and holding in possession, users’ method to exercise their rights, measures to procure the security, and so on.

Whenever there is a change in the Policy to Handle (Process) Personal Information, including updating, deleting, or adding its contents, whether resulting from any amendment to the relevant statutory sources or the administrative policy or change in the Company’s internal policy, we will post the change on our website at www.samsungbiologics. com so as to keep the users updated.

The Company’s Policy to Handle (Proce ss) Personal Information contains the following:

  • 1. Purpose of collecting and using personal information
  • 2. Types of personal information collected and method of collection
  • 3. Time limit for possessing and using personal information
  • 4. Matters regarding entrustment of personal information
  • 5. Matters on providing personal information to a third party
  • 6. Rights of users and legal representatives and how to exercise such rights
  • 7. Installation and operation of automatic collection of personal information and disallow ance
  • 8. Measures to procure security of personal information
  • 9. Personal information manager and customer complaint center
  • 10. Measures to remedy infringement of rights and interest
  • 11. Amendment to the Policy to Handle (Process) Personal Information
1.Purpose of collecting and using personal information

The Company collects personal information for the following purposes. The pfi will not be used for any other purpose and whenever it is necessary to change the purpose, we will comply with the statutory requirements such as obtaining users’ consents in advance.

  • Customer inquiry (Contact Us)

    Review and reply to the inquiries from users

  • Upload a curriculum vitae (Talent Pool Registration)

    Check employment history, give notices for future recruitment opportunities.

2.Types of personal information collected and method of collection
  • Types of personal information collected
    Collection Item information items include Category, Collection Item, and so on.
    Category Collection Item
    Contact Us,
    Talent Pool
    Required Name, Email Address, Company, Occupation, Country, Areas of Interest
    Optional Job Title, Phone Number

    The following information may be generated and collected in the course of using the service.

    Access long, cookie

  • Method to collect

    Collection through Contact Us, Talent Pool within the Website

    Collection through generated information collection tool (for access long, cookie, etc.)

3.Time limit for possessing and utilizing personal information
  • The time limit that the Company may possess and utilize personal information is as follows.

    Personal information that needs to be collected and utilized inevitably as specifically required by law or regulations, or in order to comply with statutory requirements : As long as it is necessary to keep such information in possession under relevant statute.

    Personal information that needs to be collected and utilized inevitably in order to execute and perform various contracts: Until the purpose of collection/utilization is accomplished.

    Personal information collected and used with the consent of individual user: For the time period consented to.

  • Once time period for possession and utilization of the collected personal informationexpires or the purpose is accomplished, the Company will immediately destroy the personal information. However, the Company may continue to possess it beyond the time limit if deemed necessary under the
4.Entrustment of personal information
  • If, in order to provide better service, it is desirable to entrust the handling of personal information to an independent professional business, the Company will obtain the consent of the owner of information and notify the name of the trustee company and the service to be entrusted.
  • When entrusting personal information processing, the Company will ensure to safeguard the personal information. In particular, we will clearly define in the contract such matters as strict compliance with instructions for personal information protection, keeping the personal information confidential, prohibition of disclosing the personal information to a third party, liability attribution at an accident, entrustment period, return or destruction of personal information after the completion of the processing, which will be recorded in paper and/or electronic media.
  • In case of any change in the service contents or in the trustee, we will immediately disclose such change via this Policy to Handle (Process) Personal Information
5.Matters on providing personal information to a third party
  • The Company will not disclose duly collected users’ personal information outside the Company as a matter of principle. However, as follows are the exceptions.

    If the user has given his/her consent in advance.

    If it is specifically required by laws or regulations or inevitable in order to comply with statutory requirements, or if it is deemed necessary for the sake of life, body or property of the information owner or a third party when the information owner or his/her legal representative is under a state incapable of communication or unable to give consent due to unknown domiciles or otherwise (only to the extent the purpose of collecting personal information is served).

  • A user has right to disallow disclosure of his/her personal information to a third party. However, those users who refuse to give consents may have his/her use of the service limited.
6.Rights of users and legal representatives and how to exercise such rights
  • Any user (or his/her legal representative) may withdraw the consent to collection, utilization and conveyance of personal information at any time and may also demand that the following information be tendered for viewing corrected, deleted, or suspended processing, in accordance as prescribed in laws or decrees. Once demanded by a user (or his/her legal representative), the Company will immediately take the appropriate actions, as long as such demand is reasonable and well-grounded.

    User’s personal information

    History of the users personal information being utilized or provided to a third party

    History of consents given to collection, utilization and provision of personal information

  • In any of the following cases, the Company may restrict or refuse to allow access to, tender, correct, delete or suspend processing personal information upon notifying user (or his/her legal representative) of the reason.

    If it is specifically required by laws or regulations or inevitable in order to comply with statutory requirements.

    If it is likely to jeopardize a person’s life or body or unjustly infringe a person’s property or other interests.

  • When the Company decides not to honor a user (or his/her legal representative) demand, we will advise him/her of the fact, reason and process to object the decision in accordance as prescribed in the laws and decrees.
7.Installation and operation of automatic collection of personal information and disallowance

The Company is operating cookies that regularly stores and locates users’ information.

  • Purpose of operating cookies The purpose of the cookie operation is to provide users with optimized information based on the data of users’ website visit and utilization as well as the number of users.
  • Cookie creation, confirmation and how to disallow Each user has the option to allow or disallow cookie installation. By setting an option on the web browser, a user may allow all the cookies, give confirmation every time a cookie is stored, or disallow any cookie storage. However, refusing to allow installation of cookies may lead to some limitation of service to the user.

    How to install cookies (if using Internet explorer 8.0) Select “Internet Option” in the “Tool”. Click “Privacy” tab. Using “Setting”, users may set the level of allowing cookies as suitable for their own needs.

    How to view the cookie received (if using Internet explorer 8.0)

    Select “Internet Option” in the “Tool”. Click “General” tab and select “Setting” of the Browsing History to check the files in “View Files”.

    How to disallow cookie installation (if using Internet explorer 8.0) Select “Internet Option” in the “Tool”. Click “Privacy” tab. Using “Setting”, set it to the higher level, that is, “Block All Cookies”

8.Measures to procure security of personal information

in handling users’personal information, the Company endeavors to keep the personal information from being lost, stolen, revealed, tampered or damaged. To this end, the following technical and managerial actions are taken.

  • Establishment and implementation of internal management plan

    The Company implements its own internal management plan to secure safety in processing the personal information.

    The Company is operating an internal organization dedicated to personal information protection to monitor the status of compliance with the personal information protective requirements and the responsible staff’s duty performance and takes corrective measures when any irregularity is found.

  • Restriction of access to personal information

    Installation and operation of access restriction device Using the intrusion blocking system, the Company controls any unauthorized access from outside and endeavors to procure all the technological system to the maximum extent feasible in order to secure systematic security.

    Minimized designation of personal information processors and education The Company minimizes designation of personal information processors and implements internal and/or outsourced education on a regular basis. Personal information processors’ duty handover is conducted with the security fully maintained and their responsibilities for any personal information accident are clearly defined even after they have left the Company.

    Restrictions on access to personal information The Company places restrictions on access to personal information through granting, changing or revoking the right to access to database system that processes personal information. We also record the history of granting, changing or revoking the right, which are retained for our records for at least three years.

  • Encryption of personal information

    The personal information of users is protected by the password and the file and transmission data are encrypted or stored by using file lock function. More important data are protected through certain separate security measures.

    The Company has adopted security devices that enable safe transmission of personal information on the network using encryption algorithm.

  • Installation and updating of security program

    To safeguard personal information from leak or loss by hackers or computer viruses, the Company has installed a security program and conducts periodic updating and reviewing.

    For unmistakable security operation, every server is installed with intrusion blocking system as a means to block outsider intrusion by hacking as well as a system to analyze vulnerability.

9.Personal information manager and customer complaint center

To protect users’personal information and handle personal information-related customer complaint, the Company has appointed a personal information manager and processor. Any inquiry related to personal information protection and management should be directed to the personal information processor for instant and adequate reply.

  • personal information management (protection) processor

    Division: General Affairs Security Part, Personnel Management Team

    Contact: 032-455-3739

    E-mail: bio.security@samsung.com

10.Measures to remedy infringement of rights and interest

Any user seeking to relief from personal information infringement may apply for resolution or consultation to Personal Information Dispute Mediation Committee, Korea Internet and Security Agency (Personal Information Grievance Center). In addition, users may contact the following institutions to be consulted on personal information infringement cases.

  • Personal Information Dispute Mediation Committee (118)

    Korea Internet and Security Agency (Personal Information Grievance Center)(www.kopico.or.kr/1336)
    Information Protection Mark Verification Committee (http://eprivacy.or.kr/02-580-0533~4)
    Internet Crime Investigation Center of the Supreme Prosecutors’ Office
    Cyber Police Agency (www.police.go.kr/1566-0112)
    Personal information Protection Committee (http://privacy.kisa.or.kr/kor/main.jsp)/02-2180-3000)

11.Amendment to the Policy to Handle (Process) Personal Information

When this ‘Policy to Handle (Process) Personal Information’ needs to be changed to reflect the change in statutory sources or government policies, we will put such change in public notice through an advisory statement and a separate window on the website.



Your valuable comments contribute to protecting Samsung Biologic’s core technology and management information, as well as reinforcing domestic competency and economic development.

  • This page is created for reporting core technology and management information leakage.
  • The reported contents as well as the identity of the reporter are strictly secured.