This Policy consists of the following contents:
■ What data do we collect and how we use it?
A. Information we collect from you
• Information from You
|Categories of Service/Information||Description||Purpose and Legal Basis||Retention Period|
|1:1 Inquiry||Product Inquiry||Company name, Email, Phone number, Region||To provide customer service based on your consent||1 year from the inquiry/survey submission|
|General Inquiry||Email, Phone number|
|Customer Satisfaction Survey||Company name, Name, Email, Contact||3 months from the survey submission|
|Sensitive Information||We do not collect sensitive information from you for any purpose.||N/A||N/A|
B. Information Collected Automatically
• Usage information.
• Device information.
• Location information.
• Google Analytics.
- To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on for Google Analytics which can be found here.
■ With Whom do we share with your data?
• Within LG Chem.
• With service provider.
• For legal purposes.
■ Where do we transfer your data?
■ What are your rights?
The right to access – You have the right to request us for copies of your personal information.
The right to rectification – You have the right to request that we correct any information that is inaccurate. You also have the right to request us to complete information that is incomplete.
The right to erasure – You have the right to request that we erase your personal information, under certain conditions.
The right to restriction of processing – You have the right to request that we restrict the processing of your personal information, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The right to object – You have the right to object the processing of your personal information which we process in connection with website under the conditions given under applicable law. If in exceptional cases the data processing is based on your consent, your consent can be revoked at any time with effect for the future. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.
Do Not Track – We do not respond to Do Not Track (“DNT”) requests. Do Not Track is a preference you can set in your web browser to inform the Website that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
If you make a request, we will respond to you without undue delay, but at any rate within the timeframe as stipulated by law if such exists. If you would like to exercise any of these rights, please contact us by using the information in the How to contact us section below
■ Collection and use of information from children
■ How do we protect your data?
- • Maintain Information security policies and make sure that policies and measures are regularly reviewed and where necessary improved.
- • Communication with the Company applications utilizes cryptographic protocols such as TLS to protect information in transit over public networks. At the network edge, firewalls, web application firewalls, and DDoS protection are used to filter attacks.
- • Data security controls which include logical segregation of data, restricted (e.g. role-based) access and monitoring, and where applicable, utilization of commercially available and industry-standard encryption technologies.
- • Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions.Physical and environmental security of data center, server room facilities and other areas containing client confidential information designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor and log movement of persons in and out of the Company facilities, and (iii) protections against environmental hazards such as heat, fire and water damage.
- • Operational procedures and controls to provide for configuration, monitoring, and maintenance of technology and information systems according to prescribed internal and adopted industry standards, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from the Company possession.
- • Network security controls that provide for the use of enterprise firewalls and layered DMZ architectures, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.
- • Vulnerability assessment, patch management, and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
As described above, we implement and maintain reasonable security measures to protect the personal information we collect and maintain from unauthorized access, destruction, use, modification, or disclosure. However, no security measure or modality of data transmission is 100% secure and we are unable to guarantee the absolute security of the personal information we have collected from you.
■ How to contact us
LG Twin Towers 128, Yeoui-daero, Yeongdeungpo-gu, Seoul
LG Chem will promptly respond to address the concern.
For the purposes of EU data protection legislation, LG
Chem Europe subsidiaries’ Data Protection Officer can be
contacted at email@example.com.
LG Chem HQ Data Protection Officer can be contacted at firstname.lastname@example.org.
■ How to contact the supervisory authority
Appendix I. Supervisory Authority
Table 1: Supervisory Authority
|Country||Organization name||Point of Contact|
|Republic of Korea||Korea Internet & Security Agency||https://privacy.kisa.or.kr|
|US||Federal Trade Commission||https://www.ftc.gov|
|Poland||Urząd Ochrony Danych Osobowych||https://www.uodo.gov.pl/en|
|Brazil||Autoridade Nacional de Proteção de Dados||https://www.gov.br/anpd/pt-br|
|Mexico||Instituto Nacional de Transparencia, Acceso a la Infomacion y Proteccion de Datos Personales||https://home.inai.org.mx|
|Türkiye||Kişisel Verileri Koruma Kurumu||https://www.kvkk.gov.tr/|
|Viet Nam||Ministry of Information and Communications||http://www.mic.gov.vn/|
|Indonesia||Badan Siber Dan Sandi Negara||https://bssn.go.id/|
|Thailand||Ministry of Digital Economy and Society||https://www.mdes.go.th/|
|Australia||Office of the Australian Information Commissioner||https://www.oaic.gov.au|
|Singapore||Personal Data Protection Commission||https://www.pdpc.gov.sg|
|Malaysia||Jabatan Perlindungan Data Peribadi||https://www.pdp.gov.my/jpdpv2/|
|India||Unique Identification Authority of India||https://uidai.gov.in/|
|Japan||Personal Information Protection Commission||https://www.ppc.go.jp/|
|UK||Information Commissioner's Office||https://ico.org.uk/|
- • Right to opt-out. You have the right to opt out of any sale or “sharing” of your personal information (as the term “sharing” is defined under California law, which means a disclosure to a third party for purposes of cross-context behavioral advertising).
- • Right to non-discrimination. You have the right to exercise any of the rights listed above (and any other rights under CPRA) without discrimination by us.
- • Right to limit the use and disclosure of sensitive information.
To exercise your right to access or delete your personal information, you may submit a request via telephone at 82-1644-7119 or via email in How to contact us.
For requests submitted via telephone, you must provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected the personal information and describe your request with sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf may make a request related to your personal information. If you are an authorized agent making a request on behalf of another individual, you must provide us with signed documentation that you are authorized to act on behalf of that individual.
B. Sources of, purposes for collecting, and categories of personal data collected and disclosed
We obtain your personal data mainly from or via you, and we collect and process personal data for a business purpose.
In the preceding twelve (12) months, we have collected the following categories of personal data from California residents. Please note that the following list represents categories of personal data across all California residents whose personal data we may have collected or received and does not necessarily represent information we have collected specifically about you. Please also note that the definition of “personal information” under CPRA is subject to certain exceptions as set forth therein and does not include information that is publicly available or has been aggregated or deidentified in accordance with CPRA.
- • Identifiers. This includes information such as name, email address, telephone number, national identification number(or unique identification data equivalent thereto) and other similar identifiers.
- • Personal information as defined by Cal. Civ. Code § 1798.80(e): The types of personal data in this category include several of the identifiers described above but also includes, among other things, information such as corporate credit card number.
- • Certain protected classifications. Information under this category may include medical history.
- • Professional or employment-related information. This includes information such as name of company/department and job title.
- • Education Information. Educational background including majored fields of study.
- • General information such as date of birth, age, sex, height, and weight.
- • Internet or network activity. The types of information in this category includes information that relates to IP address and access records.
In the preceding 12 months, we may have disclosed or
shared to service providers and our subsidiaries for a
business purpose the categories of personal data listed
C. Sales of personal data
We do not sell your personal data for monetary consideration.
Legal Basis for Processing your Personal Information
The Company processes your personal information for the purposes described in Purposes of the Processing of Personal Information, only: (1) with your consent; (2) when processing is necessary for the performance of a contract between you and us or in order for us to take steps at your request prior to entering into a contract; (3) to comply with a legal obligation; or (4) where the processing is necessary for the purposes of our legitimate interests and where these interests are not overridden by your fundamental rights and interests. Such legitimate interests are marketing activities, responding to your requests for information or complaints, administrative functions within the Company and its affiliates, and maintaining the security and efficiency of the Website. You may obtain further information on the legitimate interests balancing exercises which we have carried out by contacting us using the contact details provided below.
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.
If you reside in the EU, you have a right to lodge a complaint to the supervisory authority for data protection where you live, work or where you believe a breach may have occurred.Also, subject to limitations and exceptions set forth in the General Data Protection Regulation of the European Union ("GDPR") and other applicable laws, you have the following rights relating to the processing of your personal information by the Company:
- - Right to access: you have the right to ask us for a copy of your personal information.
- - Right to rectification: you have the right to ask us to correct your personal information.
- - Right to erasure: you have the right to ask us to delete your personal information.
- - Right to restriction of processing: you have the right to ask us to stop any active processing of your personal information.
- - Right to object: you have the right to object to the processing of your personal information in some circumstances (in particular, where we don't have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
- - Right to data portability: you have the right to obtain the personal information you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.
Requests for the exercise of any of the foregoing rights should be submitted in writing to email@example.com.
Transfer of your personal information to other countries
Your personal information may be transferred to, stored, and processed in a country outside the European Economic Area, including South Korea, which may not provide an adequate level of data protection. For example, we may process the personal information in South Korea where the Company is located and the Company may share your personal information with service providers located in or out of South Korea. Such transfers will be carried out in accordance with applicable laws, including, where applicable, contractual requirements set out in standard data protection clauses which EU regulators have pre-approved. You can obtain a copy of such contracts by contacting firstname.lastname@example.org.
Representative of Company in European Union
As regards the processing of personal information concerning users within the EU, the Company has designated the following representative in the EU:
EU Authorized Representative
LG Chem Europe GmbH
Europe Life Sciences Business Team
Alfred-Herrhausen-Allee 3-5, 65760 Eschborn, Germany
|No.||Legal Basis for Processing||Purposes|
|1||With your consent||
To send you direct marketing in relation to our relevant products and services:
- To provide information on online and/or offline training sessions, meetings, seminars, academic events and other educational or promotional events and related reports.
- To provide e-Newsletters or various information on the Company’s products and services.
- To conduct other marketing activities, and arranging and administering related events (e.g., events for giveaway prizes)
To place cookies in accordance with our “Cookies and Similar Technologies”:
- We may use your information to track your use of the Website and services provided through the Website to make sure that what you receive or hear from us is relevant and useful to you as an individual. For example, we may recommend a specific webinar to you or send you information about a specific topic when you have shown interest in such topic through your use of the Website.
|On other occasions where we ask you for consent, we will use the data for the purpose which we explain at the time.|
|2||When processing is necessary for the performance of a contract between you and us or in order for us to take steps at your request prior to entering into a contract||To provide information on clinical trials conducted by the Company solely or in collaboration with a medical partner|
|To perform clinical activities (e.g., clinical trials) which you take part in|
|To consult on clinical activities|
|To make requests for clinical activities and arranging and executing contracts thereon|
|3||To comply with a legal obligation||To comply with applicable laws including in response to requests by government or law enforcement authorities conducting an investigation|
|4||Where processing is necessary for the purposes of our legitimate interests and where these interests are not overridden by your fundamental rights and interests||To provide customized service and consultation, to answer various questions, and to handle complaints|
|To enable real-time chat consultations on the Website, as well as to respond to inquiries related to the Website|
|To provide you with the requested information and contents on the Website|
|To verify your professional affiliate and professional identity and to register you as a member of the Website|
|To conduct marketing and research activities, and arranging and administering related events (e.g., events for giveaway prizes)|
|To conduct market surveys by the Company (intended to hear your valuable opinions and to help improve the Company’s products and services accordingly)|
|To register you with events, including academic events or webinars which you applied for, and to arrange and operate such events|
|To maintain security by detecting threats and to protect the Website against fraudulent or malicious activities, etc.|