Privacy Policy : Doosan Enerbility

Privacy Policy on Handling of Personal Information

Doosan Enerbility Co., Ltd. (hereinafter “Company”) complies with the relevant laws and regulations dealing with personal information protection, including the Personal Information Protection Act and the Act on Promotion of Information Communications Network Utilization and Information Protection. The Company is doing its utmost to protect the rights and interests of its customers and website users (hereinafter “Data Subjects”) in accordance with the Privacy Policy on Handling of Personal Information, which was devised based on the relevant laws.

The Privacy Policy on Handling of Personal Information is used by the Company to notify the data subjects of how and for what purpose the personal information is being used and what measures are being taken for the protection of personal information. In the event of any amendments to the policy, notification will be given on the amendments via the company website or individual notice.

The Company’s policies regarding the handling of personal information consist of the following: (1) “Privacy Policy on Handling of Personal Information,” which contains stipulations concerning the protection of data subjects’ personal information handled by the Company, and (2) “Policy on Operation & Management of Video Information Processing Devices,” which contains stipulations concerning the protection of personal video information. However, in case of other Doosan affiliates’ websites, each have their own respective privacy policy established.

The Company greatly values the personal information of its customers or data subjects who are users of the company website(www.doosanenerbility.com) and as such, does its best to ensure the protection of such personal information. To this end, the Company is complying with the relevant laws, such as the Personal Information Protection Act and the Act on Promotion of Information Communications Network Utilization and Information Protection (hereinafter “Information Communications Network Act”).

Current effective date 2021.07.26

01. Scope of Collected Personal Information: 1. The Company uses fair and lawful methods to collect the data subjects’ personal information.; 2. The personal information collected by the Company shall be limited to the minimum information that is required for the provision of services, and unless permitted by law or given consent by the data subject, the Company shall not collect any sensitive personal information, which has the risk of clearly infringing upon the privacy of data subjects (personal ideology & beliefs, political views, health, sexual orientation, genetic information, criminal record, etc.), nor shall any personal identification information that can be used to identify specific individuals be gathered.

02. Types of Personal Information Collected & Data Collecting Method

The types of personal information collected by the Company on the data subjects are as listed below. During the course of using the company website, the data items specified under No. 2 may be automatically generated and collected.

1. Handling of Complaints

Mandatory Data : Name, Email Account
Optional Data: Location (City, Province), Phone Number (Contact Info.), Country Name, Company Name

2. Analysis of Services & Enhancement of Service Quality: Data automatically generated and collected during the use of Internet services

Service usage log, access log, cookies, IP connection information

3. Recruiting & Hiring

General Information: Name (in Korean, Chinese, English), Date of Birth, Gender, Photo, Password, Home Phone Number, Home Address, Mobile Number, Email, Academic Background, Military Service Record (Performance of Military Service(Yes/No), Service Period, Military Branch, Rank), Foreign Language Proficiency, Qualifications, Eligibility for Patriot & Veteran Treatment, Work Experience, Social Experience, Research Experience.
Sensitive Information: Person with Disability (Yes/No), Disability Rating

03. Collection of Personal Information & Purpose of Collected Information

The Company collects the personal information of data subjects for the following purposes:

1. Customer Related Information

Analysis of Services & Enhancement of Service Quality: By analyzing the service usage, the users are provided with better services and an improved company website (Analysis of services and enhancement of service quality), etc.
Handling of Complaints: Confirmation of registered complaints, contact & notification for fact findings, notifications on outcome, etc.

2. Recruiting Related Information

Recruiting & Hiring Related Information: Personal identity & real name verification, recruitment screening and contact with applicants, traits of ideal candidate defined based on relevant legal requirements, i.e., Act on the Honorable Treatment of and Support for Persons of Distinguished Services to the State, Act on the Employment Promotion and Vocational Rehabilitation of Persons with Disabilities (Information regarding those eligible for honorable treatment of veterans & patriots, information relating to disabilities, etc.)

04. Personal Information Retention & Usage Period

1. Handling of Complaints

Data Held: Name, Email Account, Location (City, Province), Phone Number (Contact Info), Country, Company
Retention Period: 1 year

2. Analysis of Service & Enhancement of Service Quality

Data Held: Service usage log, access log, cookies, IP connection information
Retention Period: 3 years

3. Recruiting & Hiring

Data Held: Name (in Korean, Chinese, English), Photo, Password, Home Phone Number, Home Address, Mobile Number, Email, Academic Background, Military Service Record (Performance of Military Service: Yes/No), Service Period, Military Branch, Rank), Foreign Language Proficiency, Qualifications, Eligibility for Patriot & Veteran Treatment, Work Experience, Social Experience, Research Experience, Sensitive Information Related to Having a Disability (Yes/No), Disability Rating.
Retention Period
- For those who were not hired, such people’s information shall be held for five years following after the end of the recruiting process, provided that their consent was obtained on the data retention period (To be registered on the recruiting site’s human resources database and held for the purpose of managing data on candidates available for future hiring)
- For those who were hired, their data shall be held until the purpose of the data has been served, provided that their consent was obtained on the data retention period.

05. Personal Information Disposal Process & Method

1. Disposal Process
The Company shall dispose of the personal information within five days from the end of the personal information retention and usage period. If the personal information is no longer needed owing to reasons, such as fulfillment of the purpose of the personal information handling, shutdown of the relevant service or closing of the business, the personal information shall be disposed of within five days from the day it was recognized that the information is no longer needed.

2. Disposal Method

Personal Information on Paper & Printouts : To be shredded or incinerated
Personal Information Saved in Electronic File Format: To be permanently deleted using technology that prevents recovery of the deleted records

06. Disclosure of Personal Information to Third Parties

The Company shall not disclose any of the personal information to third parties without just cause, unless it is required by law or prior consent was obtained from the data subject. However, the following cases shall be exceptions:

Consent was obtained from the data subject
Disclosure of the information is requested in specific provisions of relevant laws or is deemed unavoidable if one wishes to fulfill legal obligations
The data subject or his/her legal representative is in a state in which an opinion or intent cannot be expressed or prior consent cannot be gained owing to an invalid address, but disclosure to a third party is urgently needed for the sake of the data subject or third party’s life, physical well-being or the person’s interests, such as those related to his/her property.

The Company currently provides the following types of personal information :

Table by personal information
Data Recipient	Data Provided	Purpose of Data	Retention Period
Multicampus Co., Ltd.	Name, Date of Birth, Test Date, Registration Number, Score	Personal identification required when checking OPIc score	Immediately disposed of once score is confirmed
Korea TOEIC Committee	Name, Date of Birth, Test Date, Registration Number, Score	Personal identification required when checking TOEIC Speaking Test score	Immediately disposed of once score is confirmed

07. Commissioning of Personal Information Handling Service

The Company commissions an outside agency to handle some of the work required for provision of services and has a set of regulations set up to manage and monitor matters for the purpose of ensuring that the personal information can be safely handled as stipulated in the relevant laws. The commissioned service for handling of personal information is as follows :

Table by Commissioning of Personal Information Handling Service
Information Recipient	Description of Commissioned Service
Doosan Corporation Digital Innovation	Operation & Management of company’s IT systems, including website (Maintenance)

08. Rights & Obligations of Data Subjects and Method for Exercising Rights: 1. The data subjects may request for the viewing, modification or withdrawal of consent at any time in regard to their personal information. Should the data subject contact the department in charge of personal information in order to file a written request or make a request by phone or email, proper action shall be immediately taken without delay to address the matter.; 2. In the event of a request by the data subject for the correction of an error in his/her personal information, the Company shall not use or disclose the personal information until correction of the error has been completed.; 3. In the case of minors who are of the age 14 or younger, the child’s legal representative has the right to view or amend the child’s personal information, as well as the right to withdraw the consent given on the collection and usage of personal information.; 4. In the event of a request for the cancellation or deletion of personal information by the data subject or his/her legal representative, this shall be handled in accordance with the Privacy Policy on Handling of Personal Information, and the personal information shall not be viewed or used for any other purposes.

09. Installation, Operation or Declining of Automatic Personal Data Collecting Tool: 1. The Company operates “cookies” which are used to store and track information about the data subjects. Cookies are small blocks of text files that are sent by a website server to be stored on the user’s computer hard drive.; 2. The data subject has the option of choosing to accept the cookies or not. Options can be set to either accept all cookies, confirm each time a cookie is about to be stored or decline all cookies. However, if the data subject decides to decline installation of the cookies, some difficulties may be encountered in using the services.

10. Personal Information Safeguarding Measures

In accordance with Article 29 of the Personal Information Protection Act and Article 28 of the Information Communications Network Act, the Company is taking technical, administrative and physical measures aimed at ensuring the security of personal information.

1. Personal information handling personnel kept to a minimum

To ensure the protection of personal information, minimal authority is granted to those assigned with handling personal information

2. Training conducted on regular basis for relevant personnel

Training is conducted on a regular basis to promote awareness of the importance of personal information protection.

3. Internal inspections conducted on regular basis

The Company conducts inspections on a regular basis to ensure the security of personal information

4. Creating and implementing personal information management plans

The Company shall create and manage a corporate plan for the safe handling and management of personal information.

5. Encryption of Personal Information

The data subject’s personal information and password are stored and managed in encrypted format and a security mechanism is applied in the data transmission process to ensure that the data is safely managed.

6. Anti-Hacking Measures

The Company has security programs installed to prevent personal information leaks and damages from occurring due to computer hacking or virus infections, and has periodic updates and inspections performed, which may lead to the installation of security systems in designated off-limits areas, enabling the Company to perform technical and physical surveillance and protect the system against infiltrations.

7. Restriction of Access to Personal Information

Measures such as granting, changing and cancelling of authority for accessing the personal information management system are being taken to effectively control the access to personal data, and an infiltration prevention system is being used to control unauthorized access by outsiders.

8. Storing of Access Logs and Prevention of Forgeries

A system access log containing records of the access made to the personal information management system is stored and managed for a minimum period of six months, and a security mechanism is used to prevent any data forgery, theft or loss from occurring to the log.

9. Lock Devices Used for Document Security

Documents and data storage devices containing personal information are kept in a safe place with a lock device.

10. Access Control for Unauthorized People

A separate physical location for storing personal information is kept, with an access control process being set up and applied.

However, the Company shall not be liable for incidents that arise due to the data subject’s own fault or owing to basic risks inherent in the Internet.

11. Personal Information Protection Administrator and Managing Department

1. The Company has appointed the following department and person to be in charge of the protection of personal information and the handling of associated complaints.

A. Personal Information Protection Administrator

Name: Kyunghwan Lee, Head of Legal Department
Tel: 031-5179-3251
Email: web.master@doosan.com

B. Department in Charge of Personal Information Protection

Name: Legal Team
Tel: 031-5179-3252
Fax: 031-5179-3296
Email: web.master@doosan.com

2. Should you need to file a report or receive consultation on a personal information infringement case, please contact the following agencies:

Korea Internet & Security Agency (KISA)’s Personal Information Infringement Reporting Center (www.privacy.kisa.or.kr Tel: 118)
Supreme Prosecutor’s Office Cybercrime Investigation Division (www.spo.go.kr Tel: 1301)
Korean National Police Agency’s Cyber Security Division (www.cyberbureau.police.go.kr Tel: 182)

12. Notification of Privacy Policy Amendments: In the event of any additions, deletions and modifications to the Privacy Policy on Handling of Personal Information, the Company shall post the reason for the amendment and description on the company website prior to putting the amended policy into effect.; Date of Enforcement : July 26, 2021

Article 1 (Items of personal information collected and collection method)

1. Items of personal information to be collected
The company collects the following personal information from the users who use its website:

Table by collect data
Classification	Essential items
Items of personal information collected	– name in full, phone number, e-mail address, organization

※ The company does not collect any sensitive information that may seriously infringe the privacy of its users (information concerning their ideology, credo, current and past memberships in labor unions or political parties, political opinions, health, sex life, etc.) or their unique identification unless permitted under statutes or consented to by the relevant users.

2. Method of collecting personal information
The company collects personal information using the following means:

Webpage-based tour application, Contact Us, Suggestions, Voice of a power company customer, Technical Support Center for Power Group Companies, Cyber Reporting Center, Win-Win Call Center, Subscription to Newsletter
Collection of information that is automatically generated by the system when the service is used

※ When requesting for the consent of users to its collection or use of their personal information, the company provides on its website a procedure wherein users may to opt to “Agree,” “Disagree,” “Agree to the provision of essential information,” or “Agree to the provision of optional information” as to the details of all information.

Article 2 (Purposes of collection or use of personal information)

1. The company shall use the personal information it collects for the following purposes:

Table by Purposes of collection or use of personal information
Classification		Items of personal information	Purposes of use
tour application	Essential item	Name of visiting organization, Address, Phone number, Name of applicant, Mobile phone number of the applicant, e-mail address of the applicant	For identifying the organization, reviewing or replying to tour applications, or providing useful information
Contact Us	Essential Items	Name, e-mail address, phone number, company name	For replying to questions about or requests for products or services or providing useful information
suggestion uploading	Essential items	Name, e-mail address, organization	For replying to suggestions or providing useful information
Voice from Power Group Customers	Essential items	Name in full, name of power generating company, office phone number, e-mail address	For identifying the organization, replying to questions about or requests for products or services, or maintaining records
Technical Support Center for Power Group Companies	Essential items	Name in full, name of power generating company, office phone number, e-mail address	For identifying the organization or replying to requests for technical support
Cyber Report Center	Essential items	Name in full, mobile phone number, e-mail address	For replying to reports
Win-Win Call Center	Essential items	Company name, position, name in full, e-mail address, phone number	For identifying the organization or replying to questions or requests
Subscription to Newsletter	Essential items	Name, e-mail address, phone number	For providing Newsletter

2. The personal information under processing shall not be used for purposes other than its intended use. The company shall take the necessary actions if the intended use is modified, including securing separate consent as required under the relevant statutes.

Article 3 (Period of retention and use of personal information)

1. The company shall process or retain personal information for the intended purposes only within the period of retention or use of personal information set forth under the statutes or within the period consented to by the information subjects at the time their personal information is collected.

2. The company shall process or retain personal information whose collection was consented to by the information subjects for 5 years

3. The following periods of processing or retaining personal information are set forth under the statutes as follows:

Table by Period of retention and use of personal information
Items retained	periods retained	statutory grounds
User’s Internet log data / Data for tracking users’ access place	3 months	Act on the Protection of Communication Confidentiality
Data for verifying communication	12 months

Article 4 (Procedure and method for destroying personal information): 1. The company shall destroy the relevant personal information without delay when the period of retaining personal information lapses or when it is no longer necessary since the processing purpose has been achieved. The following procedures or methods shall be used by the company for destroying the personal information:
1. Destruction procedures
The relevant personal information shall be destroyed by the company when the period of retaining personal information lapses, when it is no longer necessary since the processing purpose has been achieved, or when the retention period lapses pursuant to the relevant statutes.

2. Destruction methods
The company shall delete the personal information stored in digital files using irrecoverable technical means or incinerate or shred personal information that is recorded or outputted on paper.

Article 5 (Entrustment of the collected personal information)

1. The company shall entrust an outside specialized vendor with the following services of processing personal information in order to perform services or duties smoothly:

Table by Entrustment of the collected personal information
Name of the vendor entrusted	Details of duties or services entrusted
Doosan Corporation Information & Communications	Operation, improvement, repair or maintenance of the relevant system

2. In order to ensure that the relevant personal information is protected securely, the company shall clearly define matters related to responsibilities for confidentiality and damage compensation when personal information processing is entrusted, including prohibition of personal information processing for purposes other than the performance of the entrusted duties or services and technical, administrative, or physical measures for protecting security, while monitoring the vendor to supervise whether it processes the personal information securely.

3. The company shall disclose the information through this policy for handling personal information without delay when any change is made in the entrusted duties or vendors.

Article 6 (Provision of personal information to third parties): 1. The company shall not provide the users’ personal information to any third party without the users’ consent. Note, however, that the following shall be treated as exceptions:
1. When it is unavoidable to comply with the specific provisions or duties set forth under the statutes;
2. When clearly deemed urgently necessary for the life, body, or property of the information subject or third parties in a situation wherein the information subject or legal agent is unable to express his/her intent or it is difficult to secure prior agreement since their address is not available;
3. When it is required under the provisions of laws or requested by law enforcement authorities for investigation according to the procedure and methods set forth under the statutes; 2. The company shall provide personal information to any third party completing a procedure for securing the users’ consent anew when the third party is replaced or when personal information whose collection was consented to by the users needs to be provided anew.

Article 7 (Rights of users or their legal agents and exercise methods): 1. The users or their legal agents may review their personal information registered with the company, withdraw their consent, or request for the termination of their subscription at any time. Note, however, that all of part of the company’s services may be restricted in such cases.; 2. To that end, the company shall take actions without delay when such request is made by users on its website, for the attention of the personal information manager or the department responsible for personal information, in writing, or by phone or e-mail.; 3. The company may refuse the review, correction, or deletion of all or part of the personal information in any of the following cases:
1. When review is prohibited or restricted under the statutes; or 2. When it is feared that the user request may harm other persons’ life or body or may unfairly infringe other persons’ properties or other benefits; 4. When the user requests for the correction of errors in his/her personal information, the company shall neither use nor provide the personal information to a third party before the correction is finished. The company shall notify the third party of the correction details if any incorrect personal information has already been provided to any third party.; 5. The company shall handle the personal information of a user who has been deleted or whose processing has been discontinued based on the request of the user or his/her legal agent as set forth under “3. Period of Retention or Use of Personal Information” so that the deleted information may not be viewed or used for any other purpose.; 6. The users shall enter their latest personal information correctly. The user shall be responsible for any mishap that may arise because of incorrect information he/she enters. His/Her user eligibility may be revoked if someone else’s or false information is entered.; 7. The users shall protect themselves and refrain from infringing information belonging to others in addition to their right to the protection of their personal information. The users shall work to prevent their personal information from being leaked or refrain from tampering with the personal information belonging to others. The users may be punished according to the pertinent statute if they fail to fulfill their obligations or damage the personal information or dignity of others.

Article 8 (Provisions on the installation, operation, or refusal of devices automatically collecting personal information): The operator of www.doosanenerbility.com shall not use software cookies that store and occasionally search information concerning the customers who visit the website.

Article 9 (Other policies for handling personal information): 1. Measures for ensuring security for protecting personal information
The company shall take the following administrative, technical, and physical actions to secure safety in handling the users’ personal information to prevent loss, theft, leak, forgery, or tampering:
1. Administrative actions for the development, observance, supervision, or regular education of internal policies that need to be followed to protect personal information
2. Technical actions for the management of access authority to personal information processing systems, installation of access control systems, encryption of unique identification information, or installation of security programs
3. Physical actions for the control of access to computer or data storage rooms or installation of systems for access clearance or monitoring; 2. Policy concerning refusal of unauthorized collection of e-mail addresses
The company shall refuse the unauthorized collection of displayed e-mail addresses using e-mail collection programs or other technical devices. Any violation shall be punished pursuant to the Act on the Promotion of ICT Network or Protection of Information.

Article 10 (Information concerning the personal information manager or responsible department)

1. The company shall designate as follows its manager and department responsible for handling personal information, with both inclusively responsible for functions related to the handling of personal information as well as handling complaints or relief of the information subjects involved in personal information handling:

Personal information administrator or manager

Organization: Changwon CR Team
Phone : 055-278-3041
Mail : web.master@doosan.com

Department responsible for personal information

Organization: Changwon CR Team
Phone : 055-278-3047
Fax : 055-278-8409
Office hours: 08:00~17:00 (Mon to Fri), closed on holidays (Sat to Sun)

2. The information subjects may contact the company’s manager or department responsible for personal information concerning all matters related to the protection of their personal information, handling of complaints, or relief of damages that arise during their use of the company’s services (programs). The company shall reply to or handle the questions by the information subjects without delay.

3. The information subjects may contact the following agencies to request for or inquire about counseling on the relief of damages caused by the infringement of their personal information (they are agencies independent from the company; you may contact them for help or detailed information if you are dissatisfied with the company’s handling of your complaint or outcome of relief actions):

1. Center for Reporting Infringements of Personal Information (operated by KISA)

Functions: Accepts reports or requests for counseling on the infringement of personal information
Website : privacy.kisa.or.kr
Phone number: 118
Address: KISA Center for Reporting Infringements of Personal Information, 135 Jungdae-ro, Songpa-gu, Seoul 138-950

2. Commission for Mediating Disputes Related to Personal Information (operated by KISA)

Functions: Accepts requests for mediation of disputes related to personal information or collective disputes (civil settlement)
Website : privacy.kisa.or.kr
Phone number: 118
Address: KISA Center for Reporting Infringements of Personal Information, 135 Jungdae-ro, Songpa-gu, Seoul 138-950

3. Cyber Crime Investigation Group, Supreme Prosecutors’ Office : 02-3480-3571, cybercid@spo.go.kr(www.spo.go.kr)

4. Cyber Terror Response Center, Korean National Police Agency : 1566-0112 (www.netan.go.kr)

Article 11 (Amendment to policies for handling personal information): 1. This policy for handling personal information (Version 4.0) shall enter into force on 2 October 2015.

01. Grounds and Purpose of Image Information Processing Equipment Installation: The Image Information Processing Equipment Operation & Management Policy (“the Policy”) sets forth the rules for Doosan Enerbility to comply with concerning the installation and operation of the image information processing equipment (IIPE), and personal image information protection requirement under Article 25 of the Personal Information Protection Act. The Policy aims to promote the adequate performance of work and to contribute to the protection of the rights and interests of the persons providing personal information.

02. Protection Principles of Personal Image Information: Doosan Enerbility will collect personal image information within the narrow scope in line with the purpose of installing the IIPE and will insure that persons providing personal information will be able to clearly recognize the installation purpose, and will not use the information for any purpose other than the aforementioned purpose. Doosan Enerbility will safely mange the personal image information, disclose the matters related to the processing of such information, and guarantee the rights of those persons on their personal image information.

03. Appointment of an Administrator

Doosan Enerbility manages the installation and operation of the personal IIPE through each business division, and the following information are disclosed on websites separately operated by each business division:

Person in charge: Jung Hwan-yeob.(Phone: +82-55-278-7300, e-mail address : web.master@doosan.com)
Department responsible: Emergency Planning Team
Person in charge: Kim Jae-sam (phone: +82-55-278-7170, e-mail address : web.master@doosan.com)
Number, locations, or capturing scope of image information processing appliances
Capturing hours, data retention period, and place of image information processing appliances
Matters concerning the outsourcing of installation and maintenance functions of image information processing appliances

04. Information Sign Posting

Doosan Enerbility will take a necessary action such as posting an information sign containing the following so that the persons providing their own person information can easily notice the installation and operation of the IIPE:

The purpose, location, shooting scope and time, controller’s name, position, and contact number.
In the case the installation and control is outsourced, the outsourced person/company’s name and contact number.

The information sign shall be posted in a place where those who provide their own personal information can easily see it within the shooting scope. The size of the information sign shall be 40x30cm. However, the size is subject to change, according to the circumstances of the installation location.

05. Request of the Persons Providing Their Own Personal Information, Such As Requesting to View/Inspect Their Personal Information

A person providing their own personal information (“a person”) can request Doosan Enerbility to view/inspect and confirm the identification (”Viewing/Inspection”) regarding their own personal image information.
Request Form

Doosan Enerbility will take a necessary action upon receiving a request for veiwing/inspection. In doing so, Doosan Enerbility may check through a submitted ID including resident registration card or driver’s license to confirm whether the requesting person is the person concerned or a legitimate representative.

Doosan Enerbility may reject such a request in the following cases and in such cases, Doosan Enerbility will give notice, in writing, to the requesting person or the representative of the reason for rejection or the method for appealing within 10 days of receiving the request:

When the personal image information was destroyed because of the expiration of the retention period.
When other legitimate reasons exist to reject such a viewing/inspection request.

06. Image Information Control

When the personal image information is used for the purpose other the intended purpose of the collection or when it is transferred to a third party pursuant to your consent or according to the provisions of laws and regulations, the following will be recorded in the Personal Image Information Log:

Name of the personal image information file
Name of the user or person to whom the transfer was made
Purpose of use or transfer
In the event it exists, the legal grounds of use or transfer
If it exists, period when the use or transfer occurred
Type of use or transfer

When destroying personal image information, the following shall be recorded in the Personal Image Information Log:

Destroyed personal image information (items)
Date of destruction (destruction frequency, etc., when automatic deletion takes place preset destruction period)
Person in charge of personal image information destruction

07. Retention and Destruction

Doosan Enerbility will immediately destroy the collected personal image information upon the expiration of the retention period specified in the Policy. However, it will not do so if required by specific provisions in relevant laws and regulations. The methods of destroying personal image information are as follows:

The hardcopy recordings (photo, etc.) of personal image information will be shredded or incinerated.
Electronic file format information will be permanently deleted in the technical manner through which the deleted personal image information cannot be retrieved.

08. Administrative, Technical, and Physical Actions: The right to access personal image information collected and processed by the IIPE is limited to a minimum number of people, including the controller and the person in charge of the work.
The place where the personal image information transmitted by the IIPE is viewed/inspected and retrieved is designated as being a restricted area, and only the authorized people are allowed to access and view/inspect the information.
Doosan Enerbility immediately changes or withdraws the access rights of a person, whose access right changes, due to HR changes such as job transfer or retirement.

We take necessary safeguards to ensure the safety of personal image information, including setting a password in the event that we process personal image information or send and receive such a file so that it cannot be lost, stolen, leaked, modified, or damaged.
We regularly inspect the status of the operation of the IIPE to prevent the forgery or modification of personal image information.; Date of Public Notification: September 30, 2011
Date of Enforcement: September 30, 2011