아래 탭을 클릭하여 개인정보 취급방침을 확인 하세요.
“번역본” 한글번역이 영문과 해석상에 차이가 있는 경우, 영문 (원본)을 우선합니다.
“TRANSLATION” If there is a difference in interpretation between the Korean translation and the English version, the English version (original) shall prevail.
TÜV SÜD 웹사이트 www.tuvsud.com/에 오신 것을 환영합니다. 당사에 관심을 가져주셔서 감사합니다. 당사는 귀하가 당사에게 위탁하는 개인정보의 보호를 최우선으로 하며, 귀하가 당사의 웹사이트에 방문하거나 당사의 온라인 서비스를 이용할 때마다 안심하시기를 바랍니다.
TÜV SÜD는 산업, 제품 및 수송 시장 분야에서 활동하는 선도적인 기술 서비스 회사입니다. 당사의 서비스 범위는 자문 서비스, 전문가 보고서 및 시험, 검사 및 인증 서비스뿐 아니라 교육을 포함합니다. 당사의 목표는 지속가능성과 수익성 이외에 신뢰성, 안전, 보안 및 품질을 포함합니다.
본 개인정보보호 방침은 귀하가 당사의 서비스를 이용할 때 TÜV SÜD가 처리하는 귀하의 개인정보의 유형들에 대해 설명합니다. 본 웹사이트 상에서의 개인정보의 모든 처리는 본 개인정보보호 방침에 명시된 목적들을 위해 수행됩니다.
귀하가 유럽연합(EU) 또는 유럽경제지역(EEA)에 거주하는 자연인인 경우, 당사의 EU/EEA 개인정보보호방침을참조하시기 바랍니다. 이러한 맥락에서, 당사의 추가적인 특정 국가 또는 회사와 관련된 TÜV SÜD 웹사이트 및 법인 개인정보보호 방침을 또한 참조하시기 바랍니다.
국문원본 아래에 영문번역본이 있습니다.
English translation is following Korean original text.
TÜV SÜD Korea는 (이하회사) 고객의개인정보를보호하기위하여「정보통신망이용촉진및정보보호등에관한법률」및「개인정보보호법」등관련법령상의개인정보보호규정을준수하고다음과같은개인정보취급방침을가지고있으며본방침을통하여고객의개인정보가어떠한목적과방식으로수집·이용되고있는지, 고객의개인정보보호를위해회사가어떠한조치를취하고있는지를알려드립니다.
회사가수집하는개인정보의항목및이용목적은다음과같습니다. 처리한개인정보는다음의목적이외의용도로는사용되지않으며, 이용목적이변경될시에는사전동의를구할예정입니다.
서비스제공에관한상담, 계약, 요금정산, 용역의제공, 청구서등발송, 채권추심등을목적으로개인정보를처리합니다.
문의및민원인의신원확인, 민원사항확인, 사실조사를위한연락및통지, 처리결과통보등의목적으로개인정보를처리합니다.
회사는① TÜV SÜD Korea및 TÜV SÜD 지사와관련된전시회, 웹세미나, 이벤트, 백서, 뉴스레터, 업데이트, 사례분석, 시장분석, 회사의제품및서비스와관련된프로모션등에대한안내 (이하 “마케팅정보”), ②고객의회사웹페이지접속빈도파악, 또는③고객의서비스이용에대한통계조사등을목적으로개인정보를처리합니다.
특히마케팅정보의제공과관련하여, 고객이마케팅정보수신을위해제공한개인정보는본개인정보취급방침 1조 3항 (마케팅및광고에의활용)에서고지하는목적내에서만처리되도록할것입니다.
개인정보보호법제15조 2항에서규정하는바에따라, 회사가고객으로부터개인정보를수집·이용하기위해동의를얻을때에는①개인정보의수집·이용목적, ②수집하려는개인정보의항목, ③개인정보의보유및이용기간, ④동의거부권및거부에따른불이익이있을시그불이익의내용을안내할것입니다. 만일동의받은사항에변경이필요한경우에는해당고객으로부터변경사항에관한동의를새로구할것입니다.
1) 회사는다음의경우를제외하고는수집한개인정보를제3자에게제공하지않습니다. 다만다음의경우에는예외로합니다.
2) 개인정보보호법 17조 2항에서규정하는바에따라, 회사가고객의개인정보를제 3자에게제공하고자동의를얻을때에는①개인정보를제공받는자, ②개인정보를제공받는자의개인정보이용목적, ③제공하는개인정보의항목, ④개인정보를제공받는자의개인정보보유및이용기간, ⑤동의거부권및거부에따른불이익이있을시그불이익의내용을안내할것입니다. 만일동의받은사항에변경이필요한경우에는해당고객으로부터변경사항에관한동의를새로요청할것입니다.
3) 개인정보보호법 17조 3항에서규정하는바에따라, 회사가고객의개인정보를국외의제 3자에게제공할때또한본개인정보취급방침 4조 2항각호에따른사항을안내하고동의를받습니다.
회사는고객의동의없이고객의정보를외부업체에위탁하지않습니다. 향후그러한필요가생길경우, 위탁대상자와위탁업무내용에대해고객에게통지하고필요한경우사전동의를받도록하겠습니다.
만일위탁계약체결시회사는개인정보보호법제26조에따라위탁업무수행목적외개인정보처리금지, 기술적․관리적보호조치, 재위탁제한, 수탁자에대한관리․감독, 손해배상등책임에관한사항을계약서등문서에명시하고, 수탁자가개인정보를안전하게처리하는지를감독할것입니다.
1) 서비스의제공: 서비스공급완료및인보이스결제, 정산완료까지
2) 문의및민원처리: 문의및민원처리완료시까지
3) 마케팅및광고에의활용: 목적달성시까지혹은동의된기한동안
4) 단, 관계법령의규정에의하여보존할필요가있는경우관계법령에서정한일정한기간동안회원정보를보관합니다.
1) 회사는개인정보보유기간의경과, 처리목적달성등개인정보가불필요하게되었을때에는지체없이해당개인정보를파기합니다.
2) 정보주체로부터동의받은개인정보보유기간이경과하거나처리목적이달성되었음에도불구하고다른법령에따라개인정보를계속보존해야하는경우에는, 해당개인정보를별도의데이터베이스(DB)로옮기거나보관장소를달리하여보존합니다.
회사는전자적파일형태로기록 & 저장된개인정보는기록을재생할수없도록로우레밸포멧 (Low Level Format) 등의방법을이용하여파기하며, 종이문서에기록 & 저장된개인정보는분쇄기로분쇄하거나소각하여파기합니다.
1) 관리적조치: 내부관리계획수립․시행, 정기적직원교육등
2) 기술적조치: 개인정보처리시스템등의접근권한관리, 접근통제시스템설치, 고유식별정보등의암호화, 보안프로그램설치
3) 물리적조치: 전산실, 자료보관실등의접근통제
⑥ 자신의정보를받거나제3의정보처리자에게제공할것을요구 (“개인정보이동권”)
2) 제1항에따른권리행사는회사에대해서면, 전화, 전자우편, 모사전송(FAX) 등을통하여하실수있으며회사는이에대해지체없이조치하겠습니다.
3) 제1항에따른권리행사는정보주체의법정대리인이나위임을받은자등대리인을통하여하실수있습니다. 이경우개인정보보호법시행규칙별지제11호서식에따른위임장을제출하셔야합니다.
4) 개인정보열람및처리정지요구는개인정보보호법제 35조제 5항, 제 37조제 2항에의하여정보주체의권리가제한될수있습니다.
6) 적용가능한법령이허용하는한도내에서, 고객의데이터이동성권리는개인정보의처리가동의또는계약상의필요에기초하고그처리가자동화된방법으로수행되는경우로제한됩니다. 또한, 회사에부여된법적권한에의하거나공익을위하여개인정보를처리하는경우또는타인의권리와자유에부정적인영향을미치는경우회사는고객의데이터이동성권리에따른요청을거절할수있습니다.
7) 회사는정보주체권리에따른열람의요구, 정정및삭제의요구, 처리정지의요구시열람등요구를한자가본인이거나정당한대리인인지를확인합니다.
10. 개인정보자동수집장치의설치, 운영및거부에관한사항
회사는고객의정보를수시로저장하고찾아내는쿠키 (cookie) 등개인정보를자동으로수집하는장치를운용합니다. 쿠키란회사의웹사이트를운영하는데이용되는서버가고객의브라우저에보내는소량의정보이며고객들의 PC컴퓨터내의하드디스크에저장되기도합니다.
• 고객의접속빈도나방문시간등을분석하여취향과관심분야를파악, 개인맞춤서비스제공, 고객의습관분석및서비스개편의척도로활용
고객은쿠키설치에대한선택권을가지고있습니다. 따라서, 웹브라우저에서모든쿠키를허용하지않도록설정하거나, 쿠키가저장될때마다확인을거치게하는등의설정을통하여쿠키저장을거부할수있습니다.
설정방법의예 (인터넷익스플로러의경우): 웹브라우저상단의도구 > 인터넷옵션 > 개인정보에서변경. 단, 고객께서쿠키설치를거부하였을경우맞춤형서비스제공에어려움이있을수있습니다.
Website Cookie Notice에서도설정하실수있습니다.
1) 영상정보처리기기설치근거및목적: 회사의시설안전, 범죄예방, 증거수집등
2) 설치대수, 위치, 촬영범위: 서울(8대), 구로(2), 수원(6), 부산(2) 사무소및시험소출입구
3) 관리책임자, 담당부서및영상정보에대한접근권한자: IT 김범석팀장
4) 영상정보촬영시간, 보관기간, 보관장소, 처리방법:
5) 영상정보확인방법및장소: ADT CAPS online WEB 모니터링센터접속후관리자로그인
6) 고객의영상정보열람등요구에대한조치: 개인영상정보열람및존재확인청구서로신청하여야하며, 고객자신이촬영된경우또는명백히고객의성명/신체/재산적이익을위해필요한경우에한하여열람을허용합니다.
7) 영상정보보호를위한기술적/관리적/물리적조치 :
본방침은 2018년 8월 16일부터시행됩니다.
공고일자: 2018년 8월 16일
시행일자: 2018년 8월 16일
1. Purpose for Collecting and Processing Personal Data
The Company uses the personal data listed below for the following purposes:
1) Providing of Services
The Company handles personal data for the purposes of customer consultation, execution/performance of contract, service fee payments/settlements, sending of documents (e.g., invoices), collection of bills, etc.
2) Customer Service/Handling Complaints
The Company handles personal data for the purposes of identification of the enquirer and his/her request and of contact and notification with the enquirer to investigate the request and inform him/her of the results, etc.
3) Marketing and Advertisement
The Company handles personal data for the purposes of providing information and/or invitation to the customers for the Company’s trade fairs, webinars, events, white papers, newsletters, updates, case studies, market studies and promotions related to our product and services (hereinafter “Marketing Information”); of identifying the frequency of access of the Company’s website; and of collecting statistical data of the customers’ uses of the service, etc.
2. Items of Personal Data to be Collected
The Company collects and processes the following personal data:
1) Providing of Services
2) Customer Service/Handling Complaints
3) Marketing and Advertisement
4) The following items might be automatically collected while using the internet service.
3. Processing Personal Data
3) In accordance with the Article 15.2 of the Personal Information Protection Act, when obtaining consent from the customers for collection and use of personal data, the Company will inform the customers of ① purposes for which personal data is collected and used; ② items of personal data to be collected; ③ period for which personal data is retained and used; and ④ the customers’ rights to reject to give his/her consent and details of a disadvantage, if any, due to his/her rejection to give consent. If any of the aforementioned information changes, the Company shall obtain another consent to such changes from the customers in advance.
4. Third-Party Sharing of Personal Data
1) The Company currently does not share personal data of the customers with a third party. However, the Company may exceptionally share personal data with a third party if:
① the Company obtained prior consent from the customers; or
② required by the Relevant Rule(s) or requested by an investigative authority as provided by the laws and procedures.
2) In accordance with the Article 17.2 of the Personal Information Protection Act, when obtaining consent from the customers for third-party sharing of personal data, the Company will inform the customers of ① a recipient of personal data; ② purposes for which a recipient of personal data uses such information; ③ items of personal data to provide; ④ period for which a recipient of personal data holds and uses such personal data; and ⑤ the customers’ rights to reject give his/her consent and details of a disadvantage, if any, due to his/her rejection to give consent. If any of the aforementioned information changes, the company shall obtain another consent to such changes from the customers in advance.
3) In accordance with the Article 17.3 of the Personal Information Protection Act, when providing a third party at any overseas location with personal data, the Company shall also inform the customers of the aforementioned information and obtain another consent from the customers.
5. Entrustment of Handling of the Collected Personal Data
The Company does not entrust external companies to process personal data of the customers unless otherwise consented by the data subject in advance. When the business demands it, the Company will notify the customers of such entrustment and obtain a prior consent.
If the company enters into any agreement with an external company to process personal data of the customers, in accordance with the Article 26 of the Personal Information Protection Act, the Company will specifically set forth the matters including, without limitation, prohibition of handling personal data for any purpose other than performing the entrusted services, technical and administrative protection measures, restriction of re-entrustment, management and supervision over the entrusted company and compensation for damages in connection to such entrustment, and will supervise the entrusted company to ensure the safe handling of personal data.
6. Period for retention and use of Personal Data
The Company will process and retain personal data within the period set forth in any applicable law or within the period agreed by the customers when collecting the personal data.
The retention and usage period for retention is as follows:
1) Providing of Services: until the completion of the service agreement
2) Customer Service/Handling Complaints: until the completion of processing the enquiries/requests
3) Marketing and Advertisement: until the purpose has been achieved or for the period consented with the data subject
4)The information to be retained as required by relevant laws and regulations are as follows:
7. Procedures and Methods for Destruction of Personal Data
1) The Company shall, without delay, destroy the personal data concerned when the consented period expires or after the achievement of the purpose for the collection and use of personal data. Provided, however, that if any personal data is to be retained as required by Relevant Rule(s), the Company retains the personal data for the period as required by the Relevant Rule(s) before destruction and, in such event, such personal data will be stored and managed separately.
2) The procedures and methods for destruction are as follows:
① Destruction Procedures
Any personal data subject to destruction will be scheduled and destroyed by the Company upon approval by the responsible manager of the Company.
② Destruction Methods
Personal data stored in electronic file format shall be deleted by technical means that would render the records unrecyclable (e.g., by using Low Level Format). The personal data as written or printed out on paper shall be destroyed by shredding using a document shredder or by incinerating it.
8. Technical, Managerial, and Physical Measures for Protection of Personal Data
The Company takes technical, managerial and physical measures for protection of personal data as follows:
1) Managerial Measures
2) Technical Measures
3) Physical Measures
Perform access control for the facilities for storing personal data.
9. Rights of the Customers and Their Legal Representatives and Methods of Exercising Such Rights
1) The customers can exercise their rights to personal data by themselves or their legal representatives, such as:
① Access to Personal Data
② Correction of Personal Data
③ Deletion of Personal Data
④ Cessation of Processing Personal Data
⑤ Restriction of Processing Personal Data
⑥ Receiving/Transmitting Personal Data of the data subject’s own (“Data Portability”)
2) The customers who would like to exercise above rights can make a request to the Company to do so (via letter, phone call, e-mail, fax etc), and the Company will take prompt action.
3) The customers who would like to exercise above rights through their legal representatives shall submit a power of attorney in accordance with the Form 11 of the Enforcement Rules of the Personal Information Protection Act.
4) However, such request may be restricted based upon the Article 35.5 and 37.2 of the Personal Information Protection Act.
5) Requests for correction and deletion of personal data may not be accepted if the personal data is an object of collection under relevant law.
6) The customers' rights to data portability are limited to which the processing is based on consent or contractual necessity and which the processing is carried out by automated means. In addition, to the extent permitted by applicable law, the Company may refuse the customers' requests for data portability where processing personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company; or where such customer requests adversely affect the rights and freedoms of others.
7) The Company may verify the requester’s identification to check whether the requester is the legitimate person to make such request.
10. Installation and Operation of the device for Automatic Collection of Personal Data and on Refusal Thereof
The Company operates automatic data collection tools including cookies. Cookies are very small text files to be sent to the browser of the customers by the server used for operation of the websites of the Company and will be stored in hard-disks of the customers’ computers.
1) Purpose of using automatic data collection tools
The Company operates data collection tools to analyze the access frequency/patterns and visiting time of the customers for the purpose of finding out customer preferences and interests. This helps the Company provide the customers with customized services and measure service improvement.
2) Items to be collected through automatic data collection tools and retention period
3) Methods to refuse collecting cookies
The customers have options to manage cookies: block cookies, allow cookies only upon user’s confirmation, or allow all cookies in settings of their web browsers.
Please note that it might be difficult for the customers who blocked cookies to use part of the Company’s customized services.
11. Person in Charge of Managing the Personal Data and Handling Complaints
The Company designates the following department and person in charge of personal data in order to protect personal data and handle with complaints from the customers regarding thereof.
12. Prohibition to Unauthorized Collection of E-mail Addresses
The Company refuses the unauthorized collection of E-mail addresses posted on this website using e-mail address collection programs or other technical devices. Please note that such infringement may face penalty of law according to the Act on Promotion of Information and Communications Network Utilization and Information Protection Etc and the Personal Information Protection Act.
13. Installation and Operation of Visual Data Processing Devices
The Company has installed and operated visual data processing devices as follows:
1) Reasons for and purpose of installation visual data processing devices: Safety of Company facilities and assets, Crime prevention and detection, Collection of evidence etc.
2) Place and number of installations and locations filmed: Inside of the Company facilities including entrances and corridors: Seoul (8 cameras), Guro (2), Suwon (6), Busan (2)
3) Management officer, department in charge and the person who has right to access visual data: Bum-Suk Kim, IT Manager & System Administrator
4) Operating time, retention period, storage place and methods of handling visual data
5) How and where to review visual data
Upon the final approval of the manager in charge, the relevant visual data shall be shown via ADT CAPS online web monitoring center.
6) Measures to be taken in relation to the customers’ requests for access to visual data
The customers shall make a request to access/confirm existence of personal visual data, and access is allowed only when the customer is filmed or if evidently necessary for interests of life, body and properties of the customer.
7) Technical, managerial and physical measures to protect visual data
① Technical Measures: encrypt filmed data and implement a data circulation system (Data will be overwritten in accordance with the Company’s procedure)
② Managerial Measures: restrict and control of access to CCTV and relevant equipment
③ Physical Measures: secure CCTV set-top box and storage device in a safe place (e.g., inside the server room)