PRIVACY STATEMENT OF SAMSUNG BIOLOGICS CO.LTD
Samsung Biologics (hereinafter, the “Company”) values users’ personal information, complies with
statutory obligation s on protection of personal information such as the Act on Promotion of Information and
Communication Network Utilization and Information Protection, etc. and the Act on Protection of
Personal Information, and has created a Policy to Handle (Process) Personal Information to protect
the users’ right and interest to the maximum extent possible.
Through the Policy to Handle (Process) Personal Information, the Company publicizes its operations on personal
information treatment (processing) with particulars such as the types of personal information collected from
the users and the purpose of processing such information, the time limit for processing and holding in possession,
users’ method to exercise their rights, measures to procure the security, and so on.
Whenever there is a change in the Policy to Handle (Process) Personal Information, including updating, deleting,
or adding its contents, whether resulting from any amendment to the relevant statutory sources or the administrative
policy or change in the Company’s internal policy, we will post the change on our website at www.samsungbiologics.
com so as to keep the users updated.
The Company’s Policy to Handle (Proce ss) Personal Information contains the following:
- 1. Purpose of collecting and using personal information
- 2. Types of personal information collected and method of collection
- 3. Time limit for possessing and using personal information
- 4. Matters regarding entrustment of personal information
- 5. Matters on providing personal information to a third party
- 6. Rights of users and legal representatives and how to exercise such rights
- 7. Installation and operation of automatic collection of personal information and disallow ance
- 8. Measures to procure security of personal information
- 9. Personal information manager and customer complaint center
- 10. Measures to remedy infringement of rights and interest
- 11. Amendment to the Policy to Handle (Process) Personal Information
1.Purpose of collecting and using personal information
The Company collects personal information for the following purposes.
The pfi will not be used for any other purpose and whenever it is necessary to change the purpose,
we will comply with the statutory requirements such as obtaining users’ consents in advance.
① Customer inquiry (Contact Us)
Review and reply to the inquiries from users
② Upload a curriculum vitae (Talent Pool Registration)
Check employment history, give notices for future recruitment opportunities.
2.Types of personal information collected and method of collection
① Types of personal information collected
Collection Item information items include Category, Collection Item, and so on.
||Name, Email Address, Company, Occupation, Country, Areas of Interest
||Job Title, Phone Number
The following information may be generated and collected in the course of using the service.
Access long, cookie
② Method to collect
Collection through Contact Us, Talent Pool within the Website
Collection through generated information collection tool (for access long, cookie, etc.)
3.Time limit for possessing and utilizing personal information
The time limit that the Company may possess and utilize personal information is as follows.
Personal information that needs to be collected and utilized inevitably as specifically required by
law or regulations, or in order to comply with statutory requirements : As long as it is necessary to
keep such information in possession under relevant statute.
Personal information that needs to be collected and utilized inevitably in order to execute and
perform various contracts: Until the purpose of collection/utilization is accomplished.
Personal information collected and used with the consent of individual user: For the time period
Once time period for possession and utilization of the collected personal informationexpires or the
purpose is accomplished, the Company will immediately destroy the personal information. However,
the Company may continue to possess it beyond the time limit if deemed necessary under the
4.Entrustment of personal information
If, in order to provide better service, it is desirable to entrust the handling of personal information to
an independent professional business, the Company will obtain the consent of the owner of
information and notify the name of the trustee company and the service to be entrusted.
When entrusting personal information processing, the Company will ensure to safeguard the
personal information. In particular, we will clearly define in the contract such matters as strict
compliance with instructions for personal information protection, keeping the personal information
confidential, prohibition of disclosing the personal information to a third party, liability attribution at
an accident, entrustment period, return or destruction of personal information after the completion
of the processing, which will be recorded in paper and/or electronic media.
In case of any change in the service contents or in the trustee, we will immediately disclose such
change via this Policy to Handle (Process) Personal Information
5.Matters on providing personal information to a third party
The Company will not disclose duly collected users’ personal information outside the Company as a
matter of principle. However, as follows are the exceptions.
If the user has given his/her consent in advance.
If it is specifically required by laws or regulations or inevitable in order to comply with statutory
requirements, or if it is deemed necessary for the sake of life, body or property of the information
owner or a third party when the information owner or his/her legal representative is under a state
incapable of communication or unable to give consent due to unknown domiciles or otherwise
(only to the extent the purpose of collecting personal information is served).
A user has right to disallow disclosure of his/her personal information to a third party.
However, those users who refuse to give consents may have his/her use of the service limited.
6.Rights of users and legal representatives and how to exercise such rights
Any user (or his/her legal representative) may withdraw the consent to collection, utilization and
conveyance of personal information at any time and may also demand that the following
information be tendered for viewing corrected, deleted, or suspended processing, in accordance as
prescribed in laws or decrees. Once demanded by a user (or his/her legal representative), the
Company will immediately take the appropriate actions, as long as such demand is reasonable and
User’s personal information
History of the users personal information being utilized or provided to a third party
History of consents given to collection, utilization and provision of personal information
In any of the following cases, the Company may restrict or refuse to allow access to, tender, correct,
delete or suspend processing personal information upon notifying user (or his/her legal
representative) of the reason.
If it is specifically required by laws or regulations or inevitable in order to comply with statutory requirements.
If it is likely to jeopardize a person’s life or body or unjustly infringe a person’s property or other interests.
When the Company decides not to honor a user (or his/her legal representative) demand, we will
advise him/her of the fact, reason and process to object the decision in accordance as prescribed in
the laws and decrees.
7.Installation and operation of automatic collection of personal information and disallowance
The Company is operating cookies that regularly stores and locates users’ information.
Purpose of operating cookies
The purpose of the cookie operation is to provide users with optimized information based on the
data of users’ website visit and utilization as well as the number of users.
Cookie creation, confirmation and how to disallow
Each user has the option to allow or disallow cookie installation.
By setting an option on the web browser, a user may allow all the cookies, give confirmation every
time a cookie is stored, or disallow any cookie storage. However, refusing to allow installation of
cookies may lead to some limitation of service to the user.
How to install cookies (if using Internet explorer 8.0)
Select “Internet Option” in the “Tool”. Click “Privacy” tab. Using “Setting”, users may set the level of
allowing cookies as suitable for their own needs.
How to view the cookie received (if using Internet explorer 8.0)
Select “Internet Option” in the “Tool”. Click “General” tab and select “Setting” of the Browsing History
to check the files in “View Files”.
How to disallow cookie installation (if using Internet explorer 8.0)
Select “Internet Option” in the “Tool”. Click “Privacy” tab.
Using “Setting”, set it to the higher level, that is, “Block All Cookies”
8.Measures to procure security of personal information
in handling users’personal information, the Company endeavors to keep the personal information from
being lost, stolen, revealed, tampered or damaged. To this end, the following technical and managerial actions are taken.
Establishment and implementation of internal management plan
The Company implements its own internal management plan to secure safety in processing the
The Company is operating an internal organization dedicated to personal information protection to
monitor the status of compliance with the personal information protective requirements and the
responsible staff’s duty performance and takes corrective measures when any irregularity is found.
Restriction of access to personal information
Installation and operation of access restriction device
Using the intrusion blocking system, the Company controls any unauthorized access from outside
and endeavors to procure all the technological system to the maximum extent feasible in order to
secure systematic security.
Minimized designation of personal information processors and education
The Company minimizes designation of personal information processors and implements internal
and/or outsourced education on a regular basis.
Personal information processors’ duty handover is conducted with the security fully maintained and
their responsibilities for any personal information accident are clearly defined even after they have
left the Company.
Restrictions on access to personal information
The Company places restrictions on access to personal information through granting, changing or
revoking the right to access to database system that processes personal information. We also record
the history of granting, changing or revoking the right, which are retained for our records for at least
Encryption of personal information
The personal information of users is protected by the password and the file and transmission data
are encrypted or stored by using file lock function. More important data are protected through
certain separate security measures.
The Company has adopted security devices that enable safe transmission of personal information
on the network using encryption algorithm.
Installation and updating of security program
To safeguard personal information from leak or loss by hackers or computer viruses, the Company
has installed a security program and conducts periodic updating and reviewing.
For unmistakable security operation, every server is installed with intrusion blocking system as a
means to block outsider intrusion by hacking as well as a system to analyze vulnerability.
9.Personal information manager and customer complaint center
To protect users’personal information and handle personal information-related customer complaint,
the Company has appointed a personal information manager and processor.
Any inquiry related to personal information protection and management should be directed to
the personal information processor for instant and adequate reply.
10.Measures to remedy infringement of rights and interest
Any user seeking to relief from personal information infringement may apply for resolution or
consultation to Personal Information Dispute Mediation Committee,
Korea Internet and Security Agency (Personal Information Grievance Center).
In addition, users may contact the following institutions to be consulted on personal information infringement cases.
Personal Information Dispute Mediation Committee (118)
Korea Internet and Security Agency (Personal Information Grievance Center)(www.kopico.or.kr/1336)
Information Protection Mark Verification Committee (http://eprivacy.or.kr/02-580-0533~4)
Internet Crime Investigation Center of the Supreme Prosecutors’ Office
Cyber Police Agency (www.police.go.kr/1566-0112)
Personal information Protection Committee (http://privacy.kisa.or.kr/kor/main.jsp)/02-2180-3000)
11.Amendment to the Policy to Handle (Process) Personal Information
When this ‘Policy to Handle (Process) Personal Information’ needs to be changed to reflect the change
in statutory sources or government policies,
we will put such change in public notice through an advisory statement and a separate window on the website.