POSCO FUTURE M

POSCO FUTURE M Co., Ltd. (“Company”) establishes and discloses the following privacy policy to protect your personal data and handle related complaints quickly and efficiently according to Article 30 of the Personal Information Protection Act.

The Company informs you of how the personal data you provide to us is used, for which purpose, and what kind of measures are taken to protect it.

The Company has a procedure of clicking either the “I agree” or “I do not agree” button with regard to the terms and conditions of the Company website (www.poscofuturem.com). If you click the “I agree” button, you will be deemed as having provided consent to the collection of your personal data.

The Company processes private information for the following purposes. The processed private information will not be used for any purpose other than the following, and in any case where the purpose of use changes, we will take due measures, such as obtaining separate consent according to Article 18 of the Personal Information Protection Act.

The Company processes and retains personal information within the retention and usage periods in accordance with the law or within the retention and usage periods you agreed to at the time your personal data was collected.
The retention period of your personal data collected in our the Company website is as follows. Personal data collected for consultation or reports are deleted after six months of the consultation and the report.

▶ Get Support, Consultation/Reporting on Fair Trade, Voice of the Customers, Whistleblower Center, Bullying & Sexual Harassment report, Ombudspersons

• - How we collect information: You enter your information on the Company website.
• - Basis of operation of information: Your consent
• - Retention period: For six months after a report is made or consultation is provided

When deleting your information, the Company website immediately deletes your personal data in a manner designed to ensure that they cannot be reconstructed (in case the data is provided to a third party, we instruct the third party to destroy the data as well). In any of the following events, however, personal information will be retained for the period specified in each paragraph.

• ➀ If it is necessary to retain personal information according to laws, such as the Commercial Act, the transaction details and the minimum basic information will be retained for the retention period set forth in the laws.
• ➁ The retention period will be notified to members in advance, and if the retention period has not expired, and the your consent was obtained, personal information will be retained for the promised retention period.

In principle, the Company website processes information within the scope specified for the purpose of collection and usage, and does not handle it for purposes that exceed the scope of the original purpose or provide the information the third party without receiving prior consent from you except for in the cases below.

• ① In case we receive separate consent from you
• ② In case there is a special provision in the law

• ➀ The Company website cosigns the management of personal information for efficiency as follows:

  Consignment of the management of personal information

  Consignee	Consigned services	Required information
  POSCO ICT	Company website, HW and SW maintenance, help desk	Until the termination of the consignment contract

• ➁ When a consignment contract is concluded, the Company website stipulates matters concerning responsibility (e.g. prohibition of processing personal information for purposes other than performing the consigned jobs, technical and administrative protection measures, limitation of re-consignment, management and supervision of consignees and compensation for damages) in documents, such as contracts, and supervises whether the consignee safely processes personal information according to Article 25 of the Personal Information Protection Act. When the consignment contract is concluded, the Company website stipulates matters concerning responsibility (e.g. prohibition of processing personal information for purposes other than performing the consigned jobs, technical and administrative protection measures, limitation of re-consignment, management and supervision of consignees and compensation for damages) in documents, such as contracts, and supervises whether the consignee safely processes personal information according to Article 25 of the Personal Information Protection Act.

• ➂ In case the consigned task or an consignee changes, the Company will immediately disclose the information through this privacy policy.

• ① You can exercise the following privacy rights at any time against the Company.
  • 1. Request to view your personal information.
  • 2. Request to revise your personal information when an error is found.
  • 3. Request the deletion of your personal information.
  • 4. Request to stop processing your personal information.

• ② You may exercise your rights according to paragraph 1 in writing, by phone, email, fax, etc. after filling out a form pursuant to Attachment 8 of the Enforcement Rule of the Personal Information Protection Act. The company will take action without delay.

• ③ Should you request the Company to revise or delete errors found in your personal information, the Company will not use or provide the personal information until the correction or deletion is complete.

• ③ Should you request the Company to revise or delete errors found in your personal information, the Company will not use or provide the personal information until the correction or deletion is complete.

• ⑤ You must not infringe upon the personal information and privacy of others the company is handling in violation of related laws such as the Personal Information Protection Act.

• ⑥ The procedure for filing a claim for the refusal of your request to view, revise, delete, or suspend the processing of your information is as follows.
  • 1. If your request is delayed or is rejected by the Data Privacy Department, you will be notified of the justifiable reason and how to make a claim in 10 days since your request is made.
  • 2. The Information Officer in the Data Privacy Department checks and receives the claim (document, phone call or email).
  • 3. The Chief Information Officer (CIO) performs the final review of claim.
  • 4. The Data Privacy Department notifies you of the result.
    * [Attachment 8 of the Enforcement Rule for the Personal Information Protection Act] Request for personal information (For viewing, correction/deletion, suspension of processing)
    * [Attachment 11 of the Enforcement Rule for the Personal Information Protection Act] Power of attorney

When handling personal information, the Company website has the following technical measures to ensure safety in processing your personal information so that it is not lost, stolen, leaked, altered or damaged.

• ➀ Your personal information will be protected by a password, and important data will be protected by using separate security features, such as encryption of files and transferring of data in a locked file.
• ➁ The Company website uses a vaccine program to prevent damage caused by computer viruses. The vaccine program is updated periodically, and when a virus is discovered suddenly, we provide a vaccine as soon as it becomes available to prevent any infringement of personal information.
• ➂ The Company website has a security device (SSL or SET) that can use an encryption algorithm to safely transmit personal information on the network.
• ➃ To prevent your personal information from being leaked due to hacking, or any other reasons, we are using a device that prevents intrusion. We have also put in place an intrusion detection system in each server for 24-hour monitoring of intrusion.

The Company processes private information as follows:

• ① Mandatory information : Your name, email and phone number
• ② The following information may be automatically generated and collected during the process of using the service.
  - Your IP address, cookies, MAC address, record of services used, your visits, and bad access

The Company website uses cookies that constantly save and find your personal information. Your personal information, which the Company website collects through cookies, is limited to purposes including page view status, and no other information will be collected. Such information is used for the following purposes.

The Company website uses cookies that constantly save and find your personal information. Your personal information, which the Company website collects through cookies, is limited to purposes including page view status, and no other information will be collected. Such information is used for the following purposes.

You can choose your preference for the use of cookies. Go to Tools > Internet options > Security > Preference to allow all cookies, or confirm every time a cookie is saved, or refuse to save any cookies.

The Company processes private information as follows:

• ① If personal information becomes unnecessary because its retention period has expired, or the purpose of processing the personal information is achieved, the Company immediately disposes of your personal information.
• ② When it becomes necessary to retain your personal information pursuant to other laws even after the retention period has elapsed or the purpose of processing the personal information is achieved, we transfer your information to another location including a separate database to store the information.
• ③ We dispose of your private information as follows.
  • 1. Disposal process
    The Company selects the personal information to be disposed of, gets an approval from the CIO and then disposes of the information.
  • 2. How we dispose of your personal data
    The Company disposes of your personal information recorded/stored as electronic files using technical methods, so that the record cannot be reproduced. Personal information recorded/stored as paper document is destroyed by using a paper shredder or burning them.

The company takes following measures to ensure the safety of your personal information.

• ① Administrative measures: Establishment/implementation of internal management plan and regular training of our employees, etc.
• ② Technical measures: Management of access to the personal information processing system, etc., installation of an access control system, encryption of the identification information, and installation of security programs
• ③ Physical measures: Access control of the computer room, data storage room, etc.

We have an Information Officer in charge of the Company webpage to manage your complaints on personal information. We are also setting up a channel where you can make inquiries or complaints regarding your personal information. If you have any questions or complaints related to your personal information, contact the Information Officer below, and we will take immediate action and notify you of the results.

From the following institutions, you may inquire about relief for damage and consultation on personal information infringement. The following institutions are not affiliated with the Company. You may contact them if you don’t feel satisfied with the results of the handling of your complaint or damage relief by the Company, or just need more detailed information.

• • Cyber Bureau, Korean National Police Agency
  • - Link : cyberbureau.police.go.kr
  • - Tel : (no area code necessary) 182

• • Cyber Crime Investigation Team, Prosecution Service
  • - Link : www.spo.go.kr
  • - Tel : 02-3480-3573

• • Personal Information Infringement Report Center (Run by the Korea Internet & Security Agency)
  • - Duties : Handling of reports for infringement of personal information and providing consultation
  • - Link : privacy.kisa.or.kr
  • - Tel : (no area code necessary) 118
  • - Address : 3F, 9, Jinheung-gil, Naju-si, Jeollanam-do, 58324

• • Personal Information Dispute Mediation Committee
  • - Duties : Handling for mediation of disputes on personal information, mediation of group disputes (resolved through a civil suit)
  • - Link : www.kopico.go.kr
  • - Address : 4F, Seoul Government Complex, 209, Sejong-daero, Jongno-gu, Seoul, 03171

You may file a request for access to personal information to the following departments in accordance with Article 35 of the Personal Information Protection Act. The company will work to promptly process your request to access your personal information.

[Department in charge]

• - Department; PR Group
• - Person in charge: Han Sang-jin
• - Tel: 02-3457-4569
• - E-mail : hansj3022@poscofuturem.com
• - Fax: 054-290-0899

This Privacy Policy comes into effect as of August 24, 2021 and should new information be added or the existing information be deleted or revised, we will provide notification of it seven days prior to the enforcement of the revised privacy policy on the website.

View previous version of the Privacy Policy by selectiong the version below