Privacy Policy
POSCO FLOW Co., Ltd. (the “Company”) establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information and rights of data subjects and to ensure the prompt and smooth handling of grievances related to personal information. Any amendments to this Privacy Policy will be announced through notices on the website (or through individual notices, where applicable).
Article 1. Purpose of Processing Personal Information
The Company collects only the minimum personal information necessary from users in order to provide Cyber Reporting Center services. The personal information processed will not be used for any purposes other than those specified below. In the event that the purpose of use changes, the Company will take necessary measures in accordance with Article 18 of the Personal Information Protection Act, including obtaining separate consent where required.
Article 2. Retention and Processing Period of Personal Information
The Company processes and retains personal information within the retention and use period prescribed by applicable laws and regulations or within the period consented to by the data subject at the time of collection.
Cyber Reporting Center- Collection Method : Personal information is entered directly by the data subject through the Reporting Center page
- Retention Period : 5 years from the date of submission of the report
Article 3. Provision of Personal Information to Third Parties
In principle, the Company does not provide users’ personal information to external parties. However, exceptions may apply in the following cases: ① Where the data subject has given consent ② Where disclosure is required under special provisions of applicable laws or otherwise permitted under Articles 17 and 18 of the Personal Information Protection Act ③ Where disclosure is requested by an investigative agency in accordance with the procedures and methods prescribed by applicable laws for investigative purposes
Article 4. Entrustment of Personal Information Processing
The Company entrusts personal information processing tasks to third parties as follows in order to ensure the efficient handling of personal information-related operations.
- Entrusted Party: Intermajor
- Scope of Entrusted Work: Maintenance and operation of the POSCO FLOW website
※ When entering into entrustment agreements, the Company clearly stipulates compliance with applicable personal information protection laws and regulations, the prohibition of unauthorized disclosure of personal information to third parties, and related responsibilities and liabilities, and retains the relevant contractual documentation. In the event of any changes to the entrusted parties, such changes will be announced through notices and this Privacy Policy.
Article 5. Rights and Obligations of Data Subjects and Legal Representatives and How to Exercise Them
In the case of children under the age of 14, their legal representatives have the right to access or correct the child’s personal information and to withdraw consent to the collection and use of such personal information. 1. Data subjects and legal representatives may exercise the following rights related to personal information protection at any time:
- Request access to personal information
- Request correction of errors, if any
- Request deletion
- Request suspension of processing
2. The rights set forth in Paragraph 1 may be exercised by submitting a written request in accordance with Form No. 8 of the Enforcement Rules of the Personal Information Protection Act via written document, email, facsimile (FAX), or other applicable means, and the Company will take action without delay. 3. Where a data subject or legal representative requests the correction or deletion of personal information due to errors or other inaccuracies, the Company will not use or provide the relevant personal information until such correction or deletion has been completed. 4. Requests for access to personal information and suspension of its processing may be restricted in accordance with Article 35(5) and Article 37(2) of the Personal Information Protection Act. 5. Requests for correction or deletion of personal information may not be granted where the collection of such personal information is specifically required under other applicable laws and regulations. 6. When a data subject or legal representative requests access, correction, deletion, or suspension of processing in accordance with their rights, the Company verifies whether the person making such a request is the data subject or a duly authorized representative.
*[Form No. 8 of the Enforcement Rules of the Personal Information Protection Act] Request Form for Access to, Correction/Deletion of, or Suspension of Processing of Personal Information * [Form No. 11 of the Enforcement Rules of the Personal Information Protection Act] Power of Attorney
Article 6. Categories of Personal Information Processed
The Company processes the following categories of personal information:
- Required Information : Name, Email, Password
- Optional Information : Request Notification of Results, Confidentiality
Article 7. Procedures and Methods for Destruction of Personal Information
In principle, the Company destroys personal information without delay once the purpose of processing has been fulfilled.
Personal information that must continue to be retained due to an unfulfilled processing purpose within the applicable retention period will be transferred to a separate database (DB) or stored separately in a different location. Even in such cases, the personal information will be destroyed immediately upon expiration of the applicable retention period.
The procedures, retention periods, and methods for the destruction of personal information are as follows.
Destruction Procedures
- Unnecessary personal information and personal information files are processed as follows under the responsibility of the Personal Information Protection Officer and in accordance with internal policies and procedures.
Destruction of Personal Information
- Personal information will be destroyed without delay upon expiration of the applicable retention period.
Destruction of Personal Information Files
- When personal information files become unnecessary due to the fulfillment of the purpose of processing, discontinuation of the relevant service, termination of the business, or other similar reasons, such files will be destroyed without delay from the date they are deemed unnecessary.
Destruction Methods
- Personal information stored in electronic form is destroyed using technical methods that prevent its reproduction.
- Personal information printed on paper is destroyed by shredding or incineration.
Article 8. Measures to Ensure the Security of Personal Information
In handling users’ personal information, this website implements the following technical measures to prevent loss, theft, leakage, alteration, or damage. ① Passwords protect users’ personal information, and important data is safeguarded through separate security measures, including the encryption of files and transmitted data, as well as file-locking functions. ② This website implements measures to prevent damage from computer viruses by using antivirus software. The antivirus software is regularly updated, and in the event of a sudden virus outbreak, security updates are promptly applied as soon as they become available to help prevent breaches of personal information. ③ This website uses security measures (SSL/TLS) to enable the secure transmission of personal information over networks through encryption algorithms. ④ To prevent users’ personal information from being leaked due to hacking or other unauthorized activities, the website uses security systems designed to block external intrusions, and intrusion detection systems are installed on each server to monitor unauthorized access 24 hours a day.
Article 9. Personal Information Protection Officer
The Company has designated the following Personal Information Protection Officer and responsible personnel to protect personal information and handle complaints related to personal information. (Personal Information Protection Officer pursuant to Article 31(1) of the Personal Information Protection Act)
Personal Information Protection Officer
- Name : 김재만
- Department : Management Culture Office
- Contact : 02-3457-3012 / jaeman@poscoflow.com
Personal Information Protection Manager for the Reporting Center
- Name : 박성원
- Department : Integrity Management Group
- Contact : 02-3457-3128 / psw002@poscoflow.com
Personal Information Protection Manager for the Reporting Center
- Name : 심환철
- Department : Integrity Management Group
- Contact : 02-3457-3059 / spsiou@poscoflow.com
Article 10. Collection of Personal Information Through Automatic Collection Devices
“The Company may use cookies (“Cookies”), which are automatic personal information collection devices, including internet access information files, that are used to store and periodically retrieve user information. Cookies are small amounts of information sent to the user’s browser by the server that operates the Company’s website, and they may be stored on the user’s computer hard drive. When a user accesses the website, the Company’s server reads the contents of the cookies stored in the user’s browser. It retrieves additional information from the user’s computer upon access to provide services without requiring additional input, such as the user’s name. Cookies identify the user’s computer but do not personally identify the user. The Company uses cookies to support and improve website operations by analyzing information such as users’ access frequency, visit times, and the number of visits to the website. Users have the right to choose whether to accept cookies. Accordingly, users may configure their web browser settings to allow all cookies, allow only certain cookies, or reject all cookies. Users may also choose to allow all cookies, require confirmation each time a cookie is stored, or reject all cookies by selecting [Tools] → [Internet Options] → [Security] → [Custom Level] in their web browser settings.
Article 11. Requests for Access to Personal Information
Data subjects may submit requests for access to personal information pursuant to Article 35 of the Personal Information Protection Act to the department listed below. The Company will make every effort to ensure that requests for access to personal information are processed promptly.
Department and Contact Person Responsible for Receiving and Processing Requests for Access to Personal Information
- Integrity Management Group, Deputy Manager 심환철 (Tel: +82-2-3457-3130, Email: spsiou@poscoflow.com)
Article 12. Duty to Provide Notice
In the event of any changes to any of the following matters, the Company will provide notice and obtain consent:
- Purpose of the collection and use of personal information
- Categories of personal information to be collected
- Retention and use period of personal information
- The fact that users have the right to refuse consent and the details of any disadvantages resulting from such refusal
- Provision of personal information to third parties
Article 13. Remedies for Infringement of Rights and Interests
Data subjects may contact the following organizations for consultation or remedies related to personal information infringement. <The organizations listed below are independent of the Company. If you are not satisfied with the outcome of the Company's handling of your personal information complaint or request for remedy, or if you require further assistance, please contact the relevant organization below.>
Personal Information Infringement Report Center (operated by the Korea Internet & Security Agency)
- Services: Application for personal information dispute mediation and collective dispute mediation (civil resolution)
- Website : privacy.kisa.or.kr
- Tel : 118 (without area code)
Personal Information Dispute Mediation Committee (operated by the Korea Internet & Security Agency)
- Services: Application for personal information dispute mediation and collective dispute mediation (civil resolution)
- Website : www.kopico.go.kr
- Tel : 1833-6972 (without area code)
Cyber Investigation Division of the Supreme Prosecutors’ Office: 1301 (without area code) (www.spo.go.kr)
Cybercrime Reporting System : 182 (without area code) (ecrm.police.go.kr)
Article 14. Changes to the Privacy Policy
This Privacy Policy takes effect on October 28, 2026. If this Privacy Policy is amended, the Company will provide notice of the reasons for the changes and the revised contents at least seven days in advance through a separate notice window on the main page of the website or by other appropriate means.