The ‘PRIVACY NOTICE’ tells you how we treat your personal information. This notice is layered index. So, if you wish, you can easily see the reason we process your personal information and see what we do with it.
- Purpose of Processing Personal Information
- Items of personal information processed
- Processing and Retention Period of Personal Information
- Providing third party
- Transfer of personal data to Third Countries
- Destruction of personal information
- Rights of Data subjects
- Measures to ensure the safety of personal information
- Data subject rights remedy
- The notice of Privacy notice changed
1. Purpose of Processing Personal Information
- Creation of the ID numbers and email addresses of employees
- processing compensation for work and other benefits
- processing data indicated by labour law, taxation policies, social welfare policies
- processing personal data by HR department for internal management
2. Items of personal information processed
Categories of personal data (mandatory)
- 1) Driver Full Name
- 2) Driver Phone No
- 3) Driver License No
3. Processing and Retention Period of Personal Information
- 1) Until the termination of the data subject’s labor contract, or ;
- 2) Until the data subject withdraws his or her consent, or ;
- 3) Until the data subject requests to erasure his or her personal data
4. Providing third party
Pantos has committed the following personal information processing tasks for smooth personal information processing.
|Company Name||Company Explain||Purpose of transfer||Categories of data||Address and country of establishment|
|LG Corporation||LG Corporation is a holding company of LG Group.||For the purpose of surveys and feedback exercises relating to LG’s employment and business practices||Full name, affiliated company, department, position, job title, e-mail address||128, Yeoui-daero, Yeongdeungpo-gu, Seoul, 07336, Republic of Korea|
|LG CNS||LG CNS is subsidiary of LG Corporation and it subprocesses certain personal data related to the data subject.||For the purpose of providing LG messenger service||Full name, affiliated company, department, position, job title, telephone number, e-mail address||71, Magokjungang 8-ro, Gangseo-gu, Seoul, 07795, Republic of Korea|
|Serveone||Serveone is a subsidiary of LG Corporation and it subprocesses certain personal data related to the data subject.||For the purpose of reading information of LG’s employees||Full name, affiliated company, department, position, job title, telephone number, e-mail address||150, Magokjungang-ro, Gangseo-gu, Seoul, 07789, Republic of Korea|
5. Transfer of personal data to Third CountriesNon – EU Controller
- HQ: Pantos Logistics Co., Ltd (LG)
- (Address : LG Gwanghwamun Building, 58 Saemunan-ro, Jongro-gu, Seoul, 03184, Korea)
- Standard contractual clauses for the transfer of personal data from the Community to third countries (dated 02.April.2018)
- ※ You can find the standard contractual clauses in GSI board
6. Destruction of personal information
In principle, Pantos will destroy personal information without delay when the purpose of processing personal information is achieved. The procedures, deadlines and methods of destruction are as follows.1) Destruction procedure
- The information entered by the information subject will be destroyed immediately after the purpose has been achieved. If it is necessary to keep it according to other laws and regulations, it will be transferred to another DB (separate document for paper) and destroyed. At this time, the personal information transferred to the DB will not be used for other purposes unless it is under the law.
- Employee's personal information will be kept for 5 years after termination.
- Information in the form of electronic file cannot reproduce the record Use technical methods.
- Personal information printed on paper is crushed by a crusher or destroyed by incineration.
7. Rights of Data subjects
The controller must provide relevant information without undue delay and at the latest within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the date subject of any such extension within one month of receipt of the request.
1) Right of access
According to GDPR Articles 12 and 15, GDPR whereas clause 59, 63 and 64, the data subject can exercise the right to access.1) confirmation that one’s personal data is being processed,2) access to one’s personal data.
2) Right to rectification
According to GDPR Articles 12, 16 and 19, the data subject can exercise right of rectification. The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. And the data subject has the right to have incomplete personal data completed.
3) Right to erasure
According to GDPR Articles 17, 19, GDPR whereas clauses 65 and 66, the data subject can exercise right to erasure (right to be forgotten).
4) Right to erasure
According to GDPR Articles 12 and 18, GDPR whereas clauses 65 and 67, the data subject can exercise restrict processing. The data subject has the right to demand restrict processing regarding one’s personal data. At the request of restrict processing, the controller only can store personal data but restricted from processing of personal data except for special circumstances. If the controller decided to remove restrict processing, the controller immediately notify data subject of such restrict processing.
5) Right to data portability
According to GDPR Articles 12 and 20, GDPR whereas clauses 65 and 67, the data subject has right to exercise data portability. The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. The data subject has the right to transmit those data to another controller without hindrance from the controller
6) Right to erasure
According to GDPR Articles 12 and 21, GDPR whereas clauses 69 and 70, the data subject has right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on points (e) or (f) of GDPR Article 6(1), including profiling based on those provisions.
※ At present, Pantos does not carry out any business related to the right to confidential information.
8. Measures to ensure the safety of personal information
Pantos has the following technical, administrative and physical measures to ensure safety.1) Regular self-audit
- We conduct our own audits regularly (quarterly) to ensure the stability of handling personal information.
- Employees who deal with personal information are designated and limited to the person in charge, and measures are taken to minimize personal information.
- We have established and implemented an internal management plan for the safe handling of personal information.
- In order to prevent leakage and damage of personal information caused by hacking or computer virus, Pantos installs security program, periodically updates and checks the system, installs the system in outside controlled area and technically / physically monitors and blocks.
- The personal information and the password of the information subject are encrypted and stored and managed only by the user, and the important data is using a separate security function such as encrypting the file and transmission data or using the file lock function.
- We keep and manage the records that we access to the personal information processing system for at least six months and use the security function to prevent the connection record from being stolen, altered, stolen or lost.
- We take necessary measures to control access to personal information through granting, modifying, and deleting access rights to the database system that processes personal information. We also control unauthorized access from outside by using an intrusion prevention system.
- We keep documents with personal information and auxiliary storage media in safe place with lock.
- We have set up a separate physical storage area for personal information and set up access control procedures.
9. Data subject rights remedy
The data subject can inquire about the following organizations to prevent damage to personal information infringement, consultation. Please contact us if you are not satisfied with our personal information complaint, the results of the damage relief, or need further assistance.
If the controller does not take action on the request, the data subject has right to file a complaint to the supervisory authority and take legal action.
Name : EunKyung Woo(Europe Biz Division), Tel : 49-6105-4053-213, E-mail : email@example.com
10. The notice of Privacy notice changed
We keep our privacy notice under regular review to make sure it is up to date and accurate.
PRIVACY NOTICE : 2018. 05. 25.