Privacy PolicyPersonal Information Management Policy for Visitors

Home>Etc>Privacy Policy

GS Caltex Corporation (the ‘company’), according to 『Personal Information Protection Act』 and relevant legislations, establishes•announces the following Personal Information Management Policy to protect personal information of visitors including short-term accessor, employee, shipping driver and promptly manage relevant issues. The ‘company’ is liable to change Personal Information Management Policy in accordance with revisions in law, government policies, and company’s internal policies, and pledges to notify any revisions on our website homepage or bulletin board.

▶ Previous Privacy Policy(Aug. 7, 2014)

1. Items and method of personal information collection

A. Essential items

Short-term accessors
    • General Information : Name, address, date of birth, gender, cell phone number, affiliated company, vehicle registration number, video clip from CCTV
    • Additionally required information for entering nationally secured facilities : Photo
Employee
    • General Information : Name, address, date of birth, gender, phone number, cell phone number, affiliated company, educational background, work experience, vehicle registration number, video clip from CCTV
    • Additionally required information for entering nationally secured facilities : blood type, military status, family information(parent, spouse, children), office number, photo, legal domicile, E-mail
    • Additionally required Unique Identifying information for entering nationally secured facilities : Residence registration number
Shipping Driver
    • General Information : Name, address, date of birth, gender, cell phone number, affiliated company, vehicle registration number, vehicle ownership, photo, biometric data (fingerprint), location information, video clip from CCTV
    • Unique Identifying Information : driver’s license number

B. Method of collection

Via website, written document, fax, phone, e-mail, GPS

2. Purpose of personal information management

The ‘company’ manages personal information for the following purposes: approval and registration of entrance access to restricted areas, protection and observance of law related to nationally secured facilities, revisit or entrance management, entrance control in accordance with the company’s security regulations, operation record management, security management, verification of work performance, fulfillment of contract, and linkage of the company’s operation system for related work execution.

3. Personal information management & period of information held

The ‘company’ will keep personal information until its purpose is achieved.

 

4. Entrustment of personal information management

The ‘company’ entrusts tasks in relation to personal information management as listed below. In case of entrustment contract, according to its relevant legislations, the ‘company’ makes necessary actions to assure that personal information is safely managed. Entrusted information is limited to minimum extent necessary for the tasks.

Entrusted Companies Contents of entrusted duty
GS ITM Maintenance and system management
SeoUn STS, Jin Myung Staffs, Capstec, SmartTech Guidance and registration of entrance access Control of entrance door to restricted area

5. Disclosure of personal information to third party

The Company discloses personal information of “Subject of Information” (as defined in Personal Information Protection Act) after obtaining consent of such Subject of information to third party as set forth below. Such personal information shall be managed only for the Purpose.

Recipient Purpose of Disclosure Contents of disclosed personal information Storage/Usage Period
SK Gas,
E1,
Hyundai Oilbank,
DOPCO
SK Energy
Swap shipping Name, date of birth, vehicle registration number 5 year

However, the Company can disclose personal information without the consent of the Subject of Information upon occurrence of any of followings:

  • The law expressly provides for an exception to the above consent requirement.
  • Disclosure is required to comply with duties imposed by the law.
  • Personal information has been modified into a form that is not capable of identifying any particular individual and is being disclosed for statistics, research or market investigation purposes.

6 .Procedure and method of personal information destruction

A. Procedure of destruction
The ‘company’ will destruct personal information immediately when it becomes unnecessary by termination of retention period or achievement of purpose. However, if the personal information has to be stored continuously to comply with company’s internal policies or other laws, it will be moved to separate data base or different location of the storage.

 

B. Method of destruction

For the personal information in electronic file format, technical methods that prevent repair or regeneration of the record will be used. Printed personal information copies will be destroyed by paper shredder or incineration.

 

 

7. Subject’s right•duty and mean of exertion

A. The subject of information can exert the following rights to the ‘company’ anytime. However, it can be limited according to Paragraph 3 in Article 35, Paragraph 1 in Article 36, and Paragraph 2 in Article 37 as per the Personal Information Protection Act.

 

    ① Reading request for personal information
    ② Suspension request for personal information management
    ③ Revision or deletion request for personal information

B. Mean of exertion is as in the following,


    ① Exertion of right is available through written document and e-mail in a separate format, to which the ‘company’ will take steps with no delay.
    ② If revision or deletion of personal information is requested, the ‘company’ will not use or provide the personal information until the request is complete.
    ③ If subject of information wishes to exert the right through legal representative or delegated substitute, power of attorney should be submitted.

8. Measures confirming security of personal information

The ‘company’ makes the following steps to assure security of personal information.


A. Administrative Measures : Establishment•enforcement of internal administrative plan, periodic training for employees etc..

B. Technical Measures : Management of access right such as personal information management system, installation of access control system, encryption of Unique Identifying Information, installation of security program etc..

C. Physical Measures : Access control to computer room and data storage etc..


9. Manager of Personal Information Security

Subject Person in charge Contact

Head Office

Information Security Team
Y.T. Kim
Team Leader
02-2005-1631

YeoSu Plant

(Shipping Driver)
Blending & Storage Team 3
Song Dam Kim
Team Leader
061-680-2561

YeoSu Plant

(Visitors and Employee)
Emergency Response Team
Son Gyu Chon
Team Leader
061-680-2120

Local Business Site such as Oil Storage etc

Local Business Manager 1544-5151

Institute of Technology

R&D Planning Team
Hun Uck Chung
Team Leader
042-866-1810

10 . Department of Personal Information Security

Subject Person in charge Contact

Head Office

Information Security Team
Jin Woo Park Staff
02-2005-6534

YeoSu Plant

(Shipping Driver)
Blending & Storage Team 3
KyungWoo Lee
Manager
061-680-2562

YeoSu Plant

(Visitors and Employee)
Emergency Response Team
Sang Sun Lee
Manager
061-680-2133

Local Business Site such as Oil Storage etc

Local Business Staff 1544-5151

Institute of Technology

R&D Planning Team
Jong Yoon Han
General Manager
042-866-1825

Addendum

A. Announcement Date : Dec. 15, 2014

B. Enforcement Date : Dec. 15, 2014