1. Identity and contact details of the controller and, where applicable, of the controller’s representative
In the context of managing business partners of GS Caltex(HQ, Yeosu Complex, R&D Center) with its seat at name, e-mail, cell phone number, company’s phone number, company’s name: Business partners’ Personal Data registered in the systems(mail server, ERP, entrance control system etc.) Register maintained by GS Caltex (the “Company”), the Company (serving in a capacity of the Data Controller) will Process Personal Data about you, in both paper and electronic format. This Notice may be complemented by additional notices and policies, namely the ‘Data Protection Policy’, which provides more detailed information about particular processing activities.
2. Contact details
If you have any questions about how your information is being used you can contact us following as:
- Name : Inbum Park
- e-mail : privacy@gscaltex.com
- address : 508, Nonhyeon-ro, Gangnam-gu, Seoul, 06141 Korea
3. The purposes and legal basis of the processing
The Company processes the below categories of Personal Data for the following Purposes, based on the Legal Bases listed here of Where applicable, we will point out, at the time of the data collection, if the provision of the Personal Data is a statutory or contractual requirement and whether you are obliged to provide the Personal Data and the possible consequences of failure to provide such data.
3.1 Managing the Company’s legitimate business partners
The Categories of Personal Data that the Company processes about you, for this purpose, are the following:
- name, e-mail, cell phone number, company’s phone number, company’s name (Information similar to the content of a business card)
The Company processes the above Personal Data to business cooperation, communication between business stakeholders, business Information exchange and register and manage restricted area access.
The Company uses different legal grounds as a basis for the data processing, namely:
- Legitimate Interests as set out above
- Performance of the contract or the implementation of pre-contractual measures
4. The legitimate interests pursued by a third party
As a company/organisation, you often need to process personal data in order to carry out tasks related to your business activities. The processing of personal data in that context may not necessarily be justified by a legal obligation or carried out to execute the terms of a contract with an individual. In such cases, processing of personal data can be justified on grounds of legitimate interest.
The company has a legitimate interest when the processing takes place within a client relationship, to prevent fraud or to ensure the network and information security of your IT systems.
* if applicable
5. The recipients, or categories of recipients, of the data
Personal Data may be shared with other branches and subsidiaries or with third parties.
- For more information related branches and intra-group, please refer to the following link :
(GS Caltex Global Network) http://www.gscaltex.com/eng/company/network_0201.aspx
5.1 Company’s Global Network
The Company will need to share Personal Data about you with ‘GS Caltex Global Network’, depending on the purposes of the legal processing described in Article 3 of this Notice, including staff members from IT, Accounting, Legal/Compliance, security and Business related team.The business related employees, office managers of ‘GS Caltex Global Network’ have access to information about you contained in the business e-mail.
5.2 Third Parties
The Company may also share Personal Data in the following :
- system maintenance staff that are engaged to ‘GS ITM’,‘nlln’ or ‘Yullin Technologies’, IT system operation and management
- register and manage restricted area access staff that are engaged to ‘Jinmyung’, ‘Seoun’
In all such cases, the Company will put in place appropriate contracts with these parties to ensure that they only process Personal Data in accordance with our instructions and in order to provide these services and protect the integrity and confidentiality of the Personal Data.
For the purposes set out in Article 3 of this Notice, the Company may also disclose Data Subject’s Personal Data to its auditors, lawyers, consultants, law enforcement and other public authorities (such as tax and social security bodies), the police, prosecutors, courts and tribunals. All these recipients are themselves responsible to determine the purposes and means of the processing and for the lawfulness of the processing.
6. Give details of any planned transfers of personal data to a third country or international organisation
6.1 Company’s Global Network
Due to the global nature of our operations, some of the recipients mentioned in Section 5 may be located in countries outside the European Union(EU)/European Economic Area (EEA), which do not provide an adequate level of data protection. International transfers will be to countries where ‘GS Caltex Network’ has offices, including the Korea, Singapore etc.. The transfer of your Personal Data outside the EU/EEA takes place on the basis of standard data protection clauses adopted by the European Commission and in accordance with applicable law. You may ask DPO for a copy of the above document.
6.2 Third Parties
Some of the third parties with whom we share Personal Data are also located outside the EU/EEA. Transfers to third parties located in other third countries outside the EU/EEA take place using an acceptable data transfer mechanism, such as the EU Standard Contractual Clauses or in exceptional circumstances on the basis of permissible statutory derogations.
Please contact DPO if you want to receive further information or, where available, a copy of the relevant data transfer mechanism.
7. How long will the personal data be stored for (or the criteria used to determine that period)?
The Company retains your Personal Data for the period necessary to fulfil the purposes set out in this Notice or as required by applicable country specific applicable law, and, when the purposes are fulfilled, will delete or anonymize the Personal Data.
8. Data subject’s rights
8.1 Access
You have the right to obtain from us confirmation if personal data is being processed, the purpose of processing, the categories of data, the legal basis of the processing, information on recipients of the data and the non-EU countries in which they are located, the safeguards put in place for the transfer of data to non-EU countries, storage period of data or criteria to determine it, further information on your rights, our processing activities, sources of information and the significant and envisaged consequences of processing.
8.2 Rectification
You have the right the request the rectification of inaccurate personal data and to have incomplete data completed.
8.3 Erasure
You may request to erase your personal data if it is no longer necessary for the purposes for which we have collected it, you have withdrawn your consent and no other legal ground for the processing exists, you objected and no overriding legitimate grounds for the processing exist, pro processing Is unlawful, or erasure is required to comply with a legal obligation.
8.4 Portability
You may receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format and have the right to transfer it to other data controllers without hindrance. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.
8.5 Restriction
You may request to restrict processing of your personal data if (i) you contest the accuracy of it – for a period we need to verify your request; (ii) the processing is unlawful and you oppose the erasure of it and request restriction instead; (iii) we no longer need it, but you tell us you need it to establish, exercise or defend a legal claim; or (iv) you object to processing based on public or legitimate interest – for a period we need to verify your request.
8.6 Objection
You have the right to object to the processing of your personal data for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that processing.
9. Describe the data subject’s rights to withdraw consent at any time
Please note that in case we ask for your consent to processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences. The lawfulness of any processing of your Personal Data that occurred based on our legitimate interest and prior to the withdrawal of your consent will not be affected.
* Applies only to cases where consent is obtained
10. Detail the data subject’s right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with a supervisory authority, in particular in EU Member State of your residence, place of employment, or the location where the issue that is the subject of the complaint occurred.
11. Is the personal data a statutory or contractual requirement and are they obliged to provide it?
The Company may be required to share personal information with statutory or regulatory authorities and organisations to comply with statutory obligations.
* Applicable only if applicable based on statutory basis
12. Will the personal data be subject to automated processing, including profiling? If so describe the logic and potential consequences involved
The Company does not process your Personal Data by automated decision-making, including profiling.
12.1 Cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor access information. This information is used to compile statistical reports on website activity and security(protection from such as DDoS attack etc.)You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser.
We use 'google analytics' for cookie analysis.
- Disable, Enable Cookies
[Internet Explorer]
Open Internet Explorer and click the Tools button. Next click Internet Options and select the Privacy tab. Under Settings, move the slider to the top to block all cookies or to the bottom to allow all cookies, and then click Apply.
[Chrome]
To disable or enable Cookies on Chrome, click the Tools button > Settings. Towards the end of this page, you will see Show Advanced Settings link. Click on it. Under Privacy, click on the Content Settings button. Here you can select the options you feel are best suited for you.
[Firefox]
In Firefox, open Settings > Options > Privacy tab.
Under History, from the drop-down menu, select Use custom settings for history. You can now select the Cookies options you want.
[Opera]
In Opera, open settings > Privacy & Security.
Under Cookies you will see the options to manage your Cookie settings and choose which kind of Cookies you wish to allow or disallow on your Windows computer.
13. Effective Data
This policy is effective as of 25th May 2018.