LG Chem : LG aesthetics

Europe(GDPR)
Global

Europe(GDPR)
Global

This Privacy Policy explains how LG Chem, Ltd. (“LG Chem”, “the Company,” “we”, “our”, or “us”) collects your personal information as you use lgchem.com (the “Website”), how we use this personal information, with whom we share this personal information, and your choices in connection with this.

This Policy consists of the following contents:

■ What data do we collect and how we use it?

■ With whom do we share with your data?

■ Where do we transfer your data?

■ What are your rights?

■ Collection and use of information from children

■ How do we protect your data?

■ How to contact us

■ How to contact the supervisory authority

■ Changes to our Privacy Policy

- Appendix I. Supervisory authority

- Addendum to Privacy Policy for California

■ What data do we collect and how we use it?

A. Information we collect from you

If you choose to engage in the services offered on our Website, we will collect personal information from you when you contact us through the submission of your personal identifiers. We use this personal information to respond to your questions or inquiries, and provide consultation. We may also use the personal information we collect as described in this section to comply with the law or for the purpose of the legitimate interests, and for other limited circumstances as described in With Whom do we share your information?

• Information from You

Categories of Service/Information		Description	Purpose and Legal Basis	Retention Period
1:1 Inquiry	Product Inquiry	Company name, Email, Phone number, Region	To provide customer service based on your consent	1 year from the inquiry/survey submission
1:1 Inquiry	General Inquiry	Email, Phone number		1 year from the inquiry/survey submission
Customer Satisfaction Survey		Company name, Name, Email, Contact		3 months from the survey submission
Sensitive Information		We do not collect sensitive information from you for any purpose.	N/A	N/A

B. Information Collected Automatically

In addition to the personal information you provide, when you use our Website, LG Chem automatically collects the usage, device, and location information via cookies and similar technologies. We use cookies to collect information on your use of the Website to improve our Website. We do not combine the information collected through cookies with personally identifiable information. The retention period of cookies used on the Website is notified in the Cookie Setting

• Usage information.

This includes information such as: your time of visit to the Website, pages visited, search terms, actions taken, how much time you spend on each page, transactions and payment method and amount, or customer objects throughout the Website and frequency of access. We use this personal information to: (i) conduct analytics; (ii) enhance user experience; (iii) prevent fraudulent use of the Website; and (iv) diagnose and repair errors.

• Device information.

This includes information about the device you use to access our Website, such as browser type, browser language, hardware model, operating system, and your preferences. We use this personal information to: (i) conduct analytics; (ii) enhance user experience; (iii) prevent fraudulent use of the Website; (iv) diagnose and repair errors; and (v) provide enhanced functionality.

• Location information.

This includes information about your location, which may be determined through your IP address.

• Google Analytics.

We use Google Analytics to collect information on your use of the Website to improve our Website. In order to collect this information, Google Analytics may set cookies on your browser, or read cookies that are already there. Google Analytics may also receive information about you from applications you have downloaded that partner with Google. You may choose not to allow analytical cookies in the Cookie Setting on our Website. To see a list of all cookies we use and to control your cookie preferences, please follow the instructions in the What are your rights? section.

- Google’s ability to use and share information collected by Google Analytics about your visits to our Website or to another application which partners with Google is restricted by the Google Analytics Terms of Use and the Google Privacy Policy available here.
- To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on for Google Analytics which can be found here.

■ With Whom do we share with your data?

LG Chem may need to make the personal information identified in this Privacy Policy available within LG Chem subsidiaries, with its service provider, or with other third parties.

• Within LG Chem.

We may share your personal information with LG Chem subsidiaries for legitimate business purposes and general business management. When a customer registers an inquiry or survey, the inquiry or survey details are sent by e-mail to the person in charge of the selected product and region, and the person in charge registers an answer by accessing the admin page. For your personal information collected by Ethics Hotline connected by link on the Website, Ethics Hotline may provide your personal information to LG Chem if the case is related to LG Chem. If the inquiry or survey or grievance is related to LG Chem subsidiaries, we may need to share your personal information with our subsidiaries for a legitimate business purpose.

• With service provider.

LG Chem shares your personal information with its service provider for Website maintenance, inquiry processing, sending and processing customer satisfaction surveys.

• For legal purposes.

LG Chem will share your personal information where legally required, in response to court orders, law enforcement or legal process, including for national security purposes; to establish, protect, or exercise our legal rights, as required to contracts; to defend against legal claims or demands; to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person; or to comply with the requirements of any applicable law.

■ Where do we transfer your data?

As a global company, we, our subsidiaries, and service providers may need to transfer your information outside the country where you are located. This includes transferring your information outside the European Economic Area, if this is where you are located. We transfer your personal information in connection with providing this manner in order to provide you with our Website. You will need to provide your consent to this in order to use the Website. LG Chem located in Republic of Korea (“Korea”) and the EU and Korea formally adopted an adequacy agreement on transfers of personal information This adequacy decision means that the Korea ensures an adequate level of protection with regard to the protection of personal information. You should also bear in mind that the data protection laws in many of these countries may not offer the same level of protection as those in the country where you are located. However, before transferring your Personally Identifiable Information we will take steps to ensure that safeguards are put in place aimed at ensuring such information will be afforded the same level of protection.

■ What are your rights?

You have all applicable data protection rights under relevant laws including the following:
The right to access – You have the right to request us for copies of your personal information.
The right to rectification – You have the right to request that we correct any information that is inaccurate. You also have the right to request us to complete information that is incomplete.
The right to erasure – You have the right to request that we erase your personal information, under certain conditions.
The right to restriction of processing – You have the right to request that we restrict the processing of your personal information, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The right to object – You have the right to object the processing of your personal information which we process in connection with website under the conditions given under applicable law. If in exceptional cases the data processing is based on your consent, your consent can be revoked at any time with effect for the future. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.
Do Not Track – We do not respond to Do Not Track (“DNT”) requests. Do Not Track is a preference you can set in your web browser to inform the Website that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

To the extent applicable, please also refer to the “Addendum to Privacy Policy for your country or region” hereto.

If you make a request, we will respond to you without undue delay, but at any rate within the timeframe as stipulated by law if such exists. If you would like to exercise any of these rights, please contact us by using the information in the How to contact us section below

■ Collection and use of information from children

Our Website is designed for a general audience and is not directed towards children. In connection with our Website, we do not knowingly collect or maintain personal information from anyone under the age of sixteen (16) or knowingly allow such persons to use our Website. If you are under the age of sixteen (16), please do not attempt to register for our Website or provide us with any personal information. If we learn that a person under the age of sixteen (16) has provided us with any personal information, we will promptly delete such personal information. If you believe that a child under the age of sixteen (16) may have provided us with personal information, please contact us using the information specified in the How to contact us section.

■ How do we protect your data?

LG Chem shall take the following technical and organizational security measures to protect your data:

• Maintain Information security policies and make sure that policies and measures are regularly reviewed and where necessary improved.
• Communication with the Company applications utilizes cryptographic protocols such as TLS to protect information in transit over public networks. At the network edge, firewalls, web application firewalls, and DDoS protection are used to filter attacks.
• Data security controls which include logical segregation of data, restricted (e.g. role-based) access and monitoring, and where applicable, utilization of commercially available and industry-standard encryption technologies.
• Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions.Physical and environmental security of data center, server room facilities and other areas containing client confidential information designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor and log movement of persons in and out of the Company facilities, and (iii) protections against environmental hazards such as heat, fire and water damage.
• Operational procedures and controls to provide for configuration, monitoring, and maintenance of technology and information systems according to prescribed internal and adopted industry standards, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from the Company possession.
• Network security controls that provide for the use of enterprise firewalls and layered DMZ architectures, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.
• Vulnerability assessment, patch management, and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.

As described above, we implement and maintain reasonable security measures to protect the personal information we collect and maintain from unauthorized access, destruction, use, modification, or disclosure. However, no security measure or modality of data transmission is 100% secure and we are unable to guarantee the absolute security of the personal information we have collected from you.

■ How to contact us

If you have any questions or concerns on this Privacy Policy, please contact us at:

LG Chem
LG Twin Towers 128, Yeoui-daero, Yeongdeungpo-gu, Seoul
security@lgchem.com

LG Chem will promptly respond to address the concern.

For the purposes of EU data protection legislation, LG Chem Europe subsidiaries’ Data Protection Officer can be contacted at drewes@privacy-advice.com.
LG Chem HQ Data Protection Officer can be contacted at dpo.lgchem@kdpc.uk.

■ How to contact the supervisory authority

Should you wish to report a complaint or if you feel that the Company has not addressed your concern in a satisfactory manner, you may contact the responsible supervisory authority using the contact details:

[Appendix I.] Supervisory Authority

■ Changes to our privacy policy

LG Chem keeps this Privacy Policy under regular review and places any updates on this web page. This Privacy Policy was last updated on [2023-09-12].

Appendix I. Supervisory Authority

Table 1: Supervisory Authority

Country	Organization name	Point of Contact
Republic of Korea	Korea Internet & Security Agency	https://privacy.kisa.or.kr
Germany	Landesdatenschutzbeauftragten Hessen	https://datenschutz.hessen.de/
US	Federal Trade Commission	https://www.ftc.gov
Poland	Urząd Ochrony Danych Osobowych	https://www.uodo.gov.pl/en
China	中华人民共和国国家互联网信息办公室	https://www.cac.gov.cn
Brazil	Autoridade Nacional de Proteção de Dados	https://www.gov.br/anpd/pt-br
Mexico	Instituto Nacional de Transparencia, Acceso a la Infomacion y Proteccion de Datos Personales	https://home.inai.org.mx
Türkiye	Kişisel Verileri Koruma Kurumu	https://www.kvkk.gov.tr/
Viet Nam	Ministry of Information and Communications	http://www.mic.gov.vn/
Indonesia	Badan Siber Dan Sandi Negara	https://bssn.go.id/
Thailand	Ministry of Digital Economy and Society	https://www.mdes.go.th/
Taiwan	國發會個人資料保護專區	pipa.ndc.gov.tw
Australia	Office of the Australian Information Commissioner	https://www.oaic.gov.au
Singapore	Personal Data Protection Commission	https://www.pdpc.gov.sg
Malaysia	Jabatan Perlindungan Data Peribadi	https://www.pdp.gov.my/jpdpv2/
India	Unique Identification Authority of India	https://uidai.gov.in/
Japan	Personal Information Protection Commission	https://www.ppc.go.jp/
UK	Information Commissioner's Office	https://ico.org.uk/

Addendum to Privacy Policy for California

This Addendum to Privacy Policy for California (this “Addendum”) applies to the processing of personal information collected from the California residents. This addendum explains the categories of personal data that we collect from you and how we collect and use personal data that is subject to the California Privacy Rights Act(the “CPRA”). It further describes the rights that California residents have with respect to their personal data. This addendum should be read together with the Privacy Policy, and in case of any conflict the terms of this addendum will prevail as to personal data of California residents that is subject to the CPRA. For purposes of this addendum, the term “personal data” includes all “personal information” as defined in the CPRA.

A. Your legal rights

In addition to the rights explained in the Privacy Policy, under certain circumstances, California residents have the following rights in relation to their personal data:

• Right to opt-out. You have the right to opt out of any sale or “sharing” of your personal information (as the term “sharing” is defined under California law, which means a disclosure to a third party for purposes of cross-context behavioral advertising).
• Right to non-discrimination. You have the right to exercise any of the rights listed above (and any other rights under CPRA) without discrimination by us.
• Right to limit the use and disclosure of sensitive information.

To exercise your right to access or delete your personal information, you may submit a request via telephone at 82-1644-7119 or via email in How to contact us.

For requests submitted via telephone, you must provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected the personal information and describe your request with sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information.

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf may make a request related to your personal information. If you are an authorized agent making a request on behalf of another individual, you must provide us with signed documentation that you are authorized to act on behalf of that individual.

B. Sources of, purposes for collecting, and categories of personal data collected and disclosed

We obtain your personal data mainly from or via you, and we collect and process personal data for a business purpose.

In the preceding twelve (12) months, we have collected the following categories of personal data from California residents. Please note that the following list represents categories of personal data across all California residents whose personal data we may have collected or received and does not necessarily represent information we have collected specifically about you. Please also note that the definition of “personal information” under CPRA is subject to certain exceptions as set forth therein and does not include information that is publicly available or has been aggregated or deidentified in accordance with CPRA.

• Identifiers. This includes information such as name, email address, telephone number, national identification number(or unique identification data equivalent thereto) and other similar identifiers.
• Personal information as defined by Cal. Civ. Code § 1798.80(e): The types of personal data in this category include several of the identifiers described above but also includes, among other things, information such as corporate credit card number.
• Certain protected classifications. Information under this category may include medical history.
• Professional or employment-related information. This includes information such as name of company/department and job title.
• Education Information. Educational background including majored fields of study.
• General information such as date of birth, age, sex, height, and weight.
• Internet or network activity. The types of information in this category includes information that relates to IP address and access records.

In the preceding 12 months, we may have disclosed or shared to service providers and our subsidiaries for a business purpose the categories of personal data listed above.

C. Sales of personal data

We do not sell your personal data for monetary consideration.

FOR EUROPEAN UNION ("EU") RESIDENTS

Legal Basis for Processing your Personal Information
The Company processes your personal information for the purposes described in Purposes of the Processing of Personal Information, only: (1) with your consent; (2) when processing is necessary for the performance of a contract between you and us or in order for us to take steps at your request prior to entering into a contract; (3) to comply with a legal obligation; or (4) where the processing is necessary for the purposes of our legitimate interests and where these interests are not overridden by your fundamental rights and interests. Such legitimate interests are marketing activities, responding to your requests for information or complaints, administrative functions within the Company and its affiliates, and maintaining the security and efficiency of the Website. You may obtain further information on the legitimate interests balancing exercises which we have carried out by contacting us using the contact details provided below.

Marketing Cookies table
No.	Legal Basis for Processing	Purposes
1	With your consent	To send you direct marketing in relation to our relevant products and services: - To provide information on online and/or offline training sessions, meetings, seminars, academic events and other educational or promotional events and related reports. - To provide e-Newsletters or various information on the Company’s products and services. - To conduct other marketing activities, and arranging and administering related events (e.g., events for giveaway prizes)
		To send you personalised commercial offers and information via email by the Company and its affiliates on our aesthetics and medical products in the area of face and body, providing of respective guidelines, videos and webinars, market research, satisfaction surveys etc ., by customising the direct marketing communication using and analysing, my usage data in connection with the Website and its services, the direct marketing messages and/or my preferences collected during individual communications. The data may be transferred to third party providers , in accordance with "Sharing Your Personal Information With Third Parties" and "Transfer of your personal information to other countries" sections of this Privacy Policy. To place cookies in accordance with our “Cookies and Similar Technologies”: - We may use your information to track your use of the Website and services provided through the Website to make sure that what you receive or hear from us is relevant and useful to you as an individual. For example, we may recommend a specific webinar to you or send you information about a specific topic when you have shown interest in such topic through your use of the Website.
		On other occasions where we ask you for consent, we will use the data for the purpose which we explain at the time.
2	When processing is necessary for the performance of a contract between you and us or in order for us to take steps at your request prior to entering into a contract	To provide information on clinical trials conducted by the Company solely or in collaboration with a medical partner
		To perform clinical activities (e.g., clinical trials) which you take part in
		To consult on clinical activities
		To make requests for clinical activities and arranging and executing contracts thereon
3	To comply with a legal obligation	To comply with applicable laws including in response to requests by government or law enforcement authorities conducting an investigation
4	Where processing is necessary for the purposes of our legitimate interests and where these interests are not overridden by your fundamental rights and interests	To provide customized service and consultation, to answer various questions, and to handle complaints
		To enable real-time chat consultations on the Website, as well as to respond to inquiries related to the Website
		To provide you with the requested information and contents on the Website
		To verify your professional affiliate and professional identity and to register you as a member of the Website
		To conduct marketing and research activities, and arranging and administering related events (e.g., events for giveaway prizes)
		To conduct market surveys by the Company (intended to hear your valuable opinions and to help improve the Company’s products and services accordingly)
		To register you with events, including academic events or webinars which you applied for, and to arrange and operate such events
		To maintain security by detecting threats and to protect the Website against fraudulent or malicious activities, etc.

Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.
Your Rights
If you reside in the EU, you have a right to lodge a complaint to the supervisory authority for data protection where you live, work or where you believe a breach may have occurred.
Also, subject to limitations and exceptions set forth in the General Data Protection Regulation of the European Union ("GDPR") and other applicable laws, you have the following rights relating to the processing of your personal information by the Company:
- - Right to access: you have the right to ask us for a copy of your personal information.
- - Right to rectification: you have the right to ask us to correct your personal information.
- - Right to erasure: you have the right to ask us to delete your personal information.
- - Right to restriction of processing: you have the right to ask us to stop any active processing of your personal information.
- - Right to object: you have the right to object to the processing of your personal information in some circumstances (in particular, where we don't have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
- - Right to data portability: you have the right to obtain the personal information you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.
Requests for the exercise of any of the foregoing rights should be submitted in writing to forryoo@lgchem.com.
Transfer of your personal information to other countries
Your personal information may be transferred to, stored, and processed in a country outside the European Economic Area, including South Korea, which may not provide an adequate level of data protection. For example, we may process the personal information in South Korea where the Company is located and the Company may share your personal information with service providers located in or out of South Korea. Such transfers will be carried out in accordance with applicable laws, including, where applicable, contractual requirements set out in standard data protection clauses which EU regulators have pre-approved. You can obtain a copy of such contracts by contacting forryoo@lgchem.com.
Representative of Company in European Union
As regards the processing of personal information concerning users within the EU, the Company has designated the following representative in the EU:

EU Authorized Representative

LG Chem Europe GmbH

Europe Life Sciences Business Team

Alfred-Herrhausen-Allee 3-5, 65760 Eschborn, Germany

forryoo@lgchem.com

Previous version