Specific Privacy Policy for Korea

1. General provisions

ETAS Korea Co., Ltd. (hereinafter “the Company”) establish, implement and comply with the Privacy Policy (hereinafter “this Privacy Policy”) in an effort to proactively protect the personal information of the Data subject of information (hereinafter “Data subject”) processed by the Company and to protect the information and the rights of the Data subject and to smoothly address the grievance suffered by the Data subject related to the personal information pursuant to the Personal Information Protection Act (hereinafter “PIPA”). This Privacy Policy is subject to change pursuant to relevant laws, regulations and rules and the Company’s internal operation policies, in which case the changes made to this Privacy Policy will be disclosed in accordance with the methods stipulated by relevant laws and regulations.

This Privacy Policy is put into force from Jun 11, 2024.

2. Purposes of processing personal information and items of personal information to be processed

[Purposes of processing 1] Execution and performance of contract: Identification of the contracting party; performance of contract including supply of product and receipt of payment
[Items of personal information 1] Name, name of company, name of department, date of birth, address, telephone number, mobile phone number, email address, bank account number, name of bank

[Purposes of processing 2] Performance of legal and administrative obligation of the company: Performance of legal and administrative obligations imposed on the Company, including the followings: report and payment of all sorts of taxes including corporate income tax and value added tax; issuance and delivery of receipts, tax invoices
[Items of personal information 2] Name, date of birth, resident registration number, address, telephone number, mobile phone number, email address

[Purposes of processing 3] Computerized management of customer registration, customer order, contract terms, transaction status, descriptions of product supply and payment
[Items of personal information 3] Name, name of company, address, telephone number, mobile phone number, email address, purchased product information, user ID, password

[Purposes of processing 4] Receipt of training application, issuance of the training completion certificates, management of education history and recommendation of education program
[Items of personal information 4] Name, name of company, mobile phone number, email address, address

[Purposes of processing 5] Handling of customer requests (inquiries, newsletter requests)
[Items of personal information 5] Name, name of company, department, phone number, email address, gender, address

[Purposes of processing 6] Processing the request for customers’ return, exchange or repair
[Items of personal information 6] Name, name of company, department, address, telephone number, mobile phone number, email address

[Purposes of processing 7] Provision of software license related service (e.g., installation and re-hosting of software)
[Items of personal information 7] Name, name of company, department, phone number, email address, PC Mac address

3. Period of processing and destruction of personal information

The Company will immediately destroy personal information when the purposes of processing such personal information are attained and the personal information becomes unnecessary.

When the Company destroys personal information, it will implement measures to ensure that the information is not restored or regenerated. If the personal information to be destroyed by the company is in the electronic file type, it shall be permanently deleted in a way that cannot be restored, and other records, printed materials, written documents, and other recording media shall be shredded or incinerated.

However, when the Company has obtained prior approval from the Data subject or when the Company must retain the personal information of the Data subject pursuant to other laws and regulations, the Company will store and manage such personal information or personal information file separately from other personal information.

4. Transfer of personal information to a third party

The Company does not transfer personal information to third parties.

The Company may provide personal information without the consent of the data subjects in case of emergency situations such as disasters, infectious diseases, events or accidents that cause imminent danger to life or body and imminent property loss, etc according to 「Personal Information Handling and Protection Rules in Emergency Situations」 jointly announced by the relevant government authorities. For more information, please click here*.

5. Delegation of Personal Information Processing Services

The Company delegates personal information processing services as follows:

  • Provider of Delegated Services : Robert Bosch Korea Limited Company
  • Contents of Delegated Services : Withholding the other income tax and issuing tax invoice for the external partners who are individual business owners
  • Provider of Delegated Services : ETAS GmbH (Germany)
  • Contents of Delegated Services : Operation and management of the website of ETAS Korea and the database
     
  • Provider of Delegated Services : RBVH (Vietnam)
  • Contents of Delegated Services : Issuance of software trial license and change management

6. Limits on processing resident registration numbers

The Company processes resident registration numbers only in following cases:

(1) in case processing resident registration numbers is required or allowed by legal provisions, or

(2) in case there is clear evidence of some urgent need to handle resident registration number, for the sake of the safety or property of the Data subject or of a third party, or

(3) in case there is inevitable to process resident registration numbers in line with subparagraphs (1) and (2) in circumstances publicly notified by the Protection Commission.

7. Matters concerning the rights and obligations of Data subject and method of exercise thereof

7.1 Inspection of personal information

(1) The Data subject may request inspection of his/her own personal information processed by the Company.

(2) Within ten (10) days from the receipt of the Data subject’s request for inspection of personal information, the Company will allow the Data subject to inspect his/her personal information. If the personal information cannot be inspected within the above period due to a justifiable reason, the Company may delay inspection after notifying the Data subject of the reason for the delay. When the reason for the delay ceases to exist, the Company will immediately allow inspection of the persona information.

(3) In any of the following cases, the Company may restrict or refuse inspection of personal information after notifying the Data subject of the reason for such refusal or restriction:

    1) If inspection is prohibited or restricted by law; or

    2) If such an act is likely to inflict damages upon another person’s life or body or unfairly infringe upon another person’s property or other rights.

7.2 Correction and deletion of personal information

(1) The Data subject who has inspected his/her personal information may request that the Company correct or delete his/her personal information.

(2) the Company will deliver a report on the results of correction or deletion notifying the Data subject of (i) the fact that the Company has taken necessary measures such as correction or deletion of such information as requested by the Data subject or (ii) the fact that the Company has not complied with the Data subject’s request for deletion because the personal information is specified as items subject to collection under other law. However, if specific procedures for correction or deletion of personal information are stipulated by other laws and regulations, the Company will comply with such laws and regulations.

(3) When the Company deletes personal information in accordance with the Data subject’s request, it will implement measures to ensure that the information is not restored or regenerated.

7.3 Suspension of processing of personal information

(1) The Data subject may request that the Company suspend the processing of his/her own personal information.

(2) In any of the following cases, the Company may refuse the Data subject’s request for suspension of processing of personal information:

   1) If there is a special provision in law or if denying the request is necessary to comply with legal obligations;

   2) If such an act is likely to inflict damages upon another person’s life or body or unfairly infringe upon another person’s property and other rights; or

   3) If performing the contract becomes difficult (i.e. unable to provide the agreed services to the Data subject) unless the personal information is processed, and the Data subject has not expressed a clear intention to terminate such contract.

(3) With regard to the personal information of which processing has been suspended in accordance with the request of the Data subject, the Company will immediately take necessary measures such as destruction of the personal information.

7.4 Methods and procedures of exercising rights

Request for inspection, correction or deletion of personal information or suspension of processing of personal information can be made by the Data subject, his/her legal representative or delegatee. However, in the event that the Data subject is represented by his/her legal representative or delegatee, a power of attorney of the Data subject as prescribed by Notification of the Protection Commission should be submitted to the Company. Data subject shall not infringe on the personal information and privacy of employees or other persons by violation of the Personal Information Protection Act and relate laws.

8. Measures to ensure safety of personal information

The Company takes the following technical, managerial and physical actions necessary for ensuring safety in order to prevent the loss, theft, forged, unlawful leakage, alteration or damage of personal information.

(1) Establishment and implementation of an internal management plan for the safe processing of personal information

(2) Measures to control access to personal information and to limit access rights

(3) Application of encryption technology or equivalent measures that enable safe storage and transmission of personal information

(4) Maintenance of login history to take measures against the infringement incident of personal information and measures to prevent forgery or alteration

(5) Installation and upgrade of security programs for personal information

(6) Physical measures including preparation of storage facilities and installation of locking system for the safe storage of personal information

9. Automatic collection of personal information on websites

The Company uses 'cookies' to store and retrieve usage information frequently to provide users with individually customized services.

Cookies are small text files stored on your computer when you visit our website. You can delete the cookies at any time. However, this can result in some functions no longer being available. For information on deleting the cookies, please consult your browser’s help function.

The Company allows you to control the use of cookies. To do so, click the ‘Privacy settings’ link in the footer. There you can configure which cookies you want to use.

  • Purposes: It is used to provide optimized information to users by identifying the types of visits and usage, popular search terms, and secure access to each service and website visited by the user.
  • Rights to refuse: You may reject the storage of cookies by changing the privacy setting in the web-browser.  Tool > Internet Options > Privacy 

10. Collection of opinions and handling complaints

The Data subject may request personal information protection related inquiries, complaints, damage relief, access to his/her personal information, etc. to the privacy officer or the department in charge. The Company will provide a prompt and sufficient response with regard to the Data subject’s requests.

Chief Privacy Officer (CPO)

Name:Youngbum Kim l Tel no: 02-1599-3567 / Department: C/DSO-KR / E-mail: Privacy@kr.bosch.com

Data Security Partners (DSP)

Name: Daesic Bae / Tel no: 02-1599-3567 / Department: C/DSO-KR / E-mail: Privacy@kr.bosch.com

11. Remedies for infringement of Data Subjects’ rights and interests

You may contact the following government agency in case you need settlement of dispute or consultation about infringement of personal information.

Personal Information Dispute Mediation Committee

Site: www.kopico.go.kr/ Tel no: 1833-6972

Privacy Infringement Report Center

Site: privacy.kisa.or.kr / Tel no: 118

Supreme Prosecutor’s Office

Site: www.spo.go.kr / Tel no:1301

Korean National Policy Agency

Site: ecrm.cyber.go.kr / Tel no:182

History

  • Issue 1.0 : [2012.02.24] The privacy guideline of Bosch Korea has been established and published. (Editor : RBKR/DSO)
  • Issue 2.0 : [2013.08.12] The legal name of Bosch Korea has been changed. Matters regarding delegation of processing PI have been changed. The organization name of the relevant government ministry has been changed. (Editor : RBKR/DSO)
  • Issue 3.0 : [2014.06.26] The items of processed PI have been changed. Matters regarding transfer of PI to third parties have been changed. (Editor : RBKR/DSO)
  • Issue 4.0 : [2015.11.25] Addition of details on transfer of Company’s Business. Change of organization name of relevant government ministry. Change of Chief Privacy officer in Bosch Korea. (Editor : RBKR/DSO)
  • Issue 4.1 : [2017.07.31] Change of the Chief Privacy Officer. Deletion of the matters regarding transfer of PI to third parties. Partial change of matters regarding deletion of personal information processing services. (AEM sending service provider) Deletion of unnecessary items. (Editor : RBKR/DSO)
  • Issue 4.2 : [2018.11.01] Addition of the article regarding the automatic collection of personal information on websites. Addition of the purpose and processed items. Addition of the parties to whom the personal information processing is outsourced. (Editor : RBKR/DSO)
  • Issue 4.3 : [2019.05.01] Change of the Chief Privacy Officer (Editor : RBKR/DSO)
  • Issue 4.4 : [2020.04.06] Update of the Chief Privacy Officer and Government Agency (Editor : C/DSO-KR)
  • Issue 4.5 : [2021.04.07] Change of the name of relevant government ministry. Change of Data Security Partner (DSP). (Editor : C/DSO-KR)
  • Issue 4.6 : [2022.04.29] Update of Purposes of processing personal information and items of personal information to be processed, Update of Transfer of personal information to a third party by addition of provision of personal information according to [Personal Information Handling and Protection Rules in Emergency Situations], Update of Delegation of personal information processing services, Update of Automatic collection of personal information on websites, Update of Collection of opinions and handling of complaints (Editor : C/DSO-KR)
  • Issue 4.7 : [2023.05.03] Update of items of personal information to be processed, Addition of the department which handles the Data Subjects’ requests for access to his/her personal information (Editor : C/DSO-KR)
  • Issue 4.8 : [2024.06.11] Update of items of personal information to be processed, Update of Delegation of personal information processing services (Editor : C/DSO-KR)