Privacy Policy
<HL Robotics Corp> (http://www.hlrobotics.co.kr/, hereinafter referred to as the “Company”) established the following privacy policy to protect the personal information, rights and interests of the users and to process any grievances of the users related to the personal information pursuant to the Personal Information Protection Act. The Company will provide notice of any changes to the privacy policy through the notices section (or individual notice) on the website.
Effective Date of the Privacy Policy: April 2, 2025
The Company processes personal information for the following purposes. The personal information processed shall not be used for other purposes, and a prior consent will be obtained pursuant to Article 18 of the Personal Information Protection Act when the purpose of the use is changed.
A. Processing Complaints
- Personal information is processed for the purpose of verifying the identity of the person making the complaint, verifying the complaint, contact/notice for fact-finding and notice of the processing result, etc.
A. The Company processes and retains the personal information for the duration provided for by the relevant statutes for the retention and use of personal information or the period to which each data subject consents when the personal information is collected.
B. The period during which personal information is processed and retained is as follows:
- Processing Complaints: 30 days (prior consent of the user)
A. The Company does not process or share personal information beyond the scope of the stated purposes, except in the following cases:
- When the user has given prior consent
- When required by law
- When obtaining consent is impractical due to economic or technical reasons and the data is necessary to fulfill a service contract
- When the information is anoymized and cannot identify an individual
A. To provide smooth service and technical support, the Company outsources part of its personal information processing as follows:
System Maintenance
– Processor: I’m Web Co., Ltd.
– Purpose: System management
– Period: Until the end of the contract
Cloud Server
– Processor: LUNASOFT Co., Ltd., Stibee Inc. (*Sub-processor: Amazon Web Services, Inc.)
– Purpose: Data storage and processing in cloud environments
– Period: Until the end of the contract
B. When entering into an outsourcing agreement, the Company clearly stipulates in writing — in accordance with Article 25 of the Personal Information Protection Act — that the outsourced party is prohibited from processing personal information beyond the scope of the delegated task. The agreement also includes clauses on technical and administrative safeguards, restrictions on sub-outsourcing, supervision of the outsourced party, and liability for damages. The Company regularly monitors the outsourced party to ensure safe and lawful handling of personal information.
C. Any changes to the content of the outsourcing arrangements or the outsourced parties shall be disclosed through this Privacy Policy without delay.
The user may exercise the following rights as the data subject.
A. The data subject may exercise each of the following personal information protection-related rights against The Company at any time:
① Request for accessing personal information;
② Request for correcting errors, if any;
③ Request for deleting personal information; and
④ Request for suspending processing.
B. The rights provided in Paragraph A may be exercised by completing the form specified Personal Information Protection Act and submitting it by post, e-mail or fax. In such cases, The Company will take the necessary measures promptly.
C. Where a data subject requests the correction or deletion of any error, etc., to his/her personal information, the relevant information will not be used or provided until such information is corrected or deleted.
D. A data subject may exercise the rights provided in Paragraph A through an agent, including a legal representative and a power of attorney. In such a case, the data subject is required to submit a letter of delegation as specified Rule of the Personal Information Protection Act.
A. The Company processes the following personal information:
<Processing of Complaints>
– Required Items: Name, e-mail, telephone, details of the complaint
B. The following personal information may be automatically created and collected in the process of using the internet service:
– IP Address, cookies, MAC address, service use record, visiting log, etc.
The Company disposes of records containing personal information immediately after achieving the purpose of processing the personal information, as a rule. The procedures, deadlines and methods for destroying personal information are as follows
A. Procedure for Destruction
– The information entered by the user is moved to a separate DB after achieving the purpose (a separate document, in case of a paper document) and destroyed after being retained for a fixed period pursuant to the internal policy and other relevant laws, or immediately. At such a time, the personal information moved to a separated DB is not used for other purposes, unless required by law.
B. Deadline for Destruction
– The personal information of the users is destroyed within 5 days after the expiration of the retention period, when the retention period has elapsed, and within 5 days from becoming unnecessary when such personal information becomes unnecessary, such as achieving the purpose of processing the personal information, abolition of the concerned service and the end of the business, etc.
C. Method of Destruction
– The information stored in electronic files will be destroyed through technical methods to prevent the recovery of the records. The personal information recorded and preserved in paper documents will be destroyed by a shredder or incinerated.
We use cookies or a similar means to save your data and retrieve it from time to time.
A. Option to Use Automatic Collection
- your web browser, you can either accept all cookies, demand consent from you whenever a cookie is stored or prevent cookies from being installed.
B. Disapproval of Automatic Collection
- you can either accept all cookies, demand consent from you whenever a cookie is stored or prevent cookies from being installed. (Please note that if you do not allow cookies to be installed on your computer, your access to certain services may be limited.)
The Company takes the following technical, administrative and physical measures necessary to ensure the safety pursuant to Personal Information Protection Act and Article 30 of the Enforcement Decree of the Act:
1. Conducting Self-Audit on a Regular Basis
- To ensure safety related to the handling of personal information, a self-audit is conducted on a regular basis (quarterly)
2. Minimizing and Educating Personnel Authorized to Handle Personal Information
- The Company designates and minimizes the personnel handling of the personal information to manage the personal information
3. Establish and Implement an Internal Management Plan
- The Company establishes and implements internal management plans to safely process the personal information
4. Technical Measures Against Hacking, Etc.
- The Company has installed a security program and updates and inspects the programs to protect personal information from being leaked externally or destroyed by hacking or computer viruses, and the systems have been installed in an area with restricted access to technically and physically monitor and block external access.
5. Encryption of Personal Information
- Passwords and identification numbers for the personal information of each user are encrypted for storage and management. Furthermore, additional means, such as encrypting essential data for storage and transmission, are used in securing important data that are known only by the information owner.
6. Preserving Access Logs and Preventing any Forgery and Alteration
- Log data about access to the personal information processing system are retained for at least 6 months, and the access logs are maintained properly to prevent any forgery, theft and losses.
7. Restrictions on Access to Personal Information
- Access to personal information is controlled by granting, amending or cancelling the authority to access the database system that processes personal information. Unauthorized external access is controlled by operating firewalls.
8. Use of Locking Devices to Protect Documents
- Documents and storage media with personal information are stored in a secure location with locking devices.
9. Controlling Access by Unauthorized Persons
- The area for the physical storage of the personal information is separated from other areas and a procedure for controlling access to this area is established and implemented.
A. The Company designates a privacy officer to supervise and be responsible for the personal information processing duties and for the processing of any complaints by the data subjects on the personal information processing.
| Division | 개인정보보호 책임자 | 개인정보보호 관리 담당자 |
| Name | Heekyoo, Lee / CFO | Sunghoon, Ko / Senior Associate |
| heekyoo.lee@hlcompany.com | sunghoon.ko@hlcompany.com |
B. Any inquiries related to personal information protection, complaints processing, damage relief from using the services (or business) of The Company can be directed to the privacy officer or the managing department. HL Mando Website will answer and process any inquiries regarding a data subject without delay.
If a data subject seeks relief for any infringement of personal information, they may contact the following organizations for assistance.
▶ Personal Information Infringement Reporting Center (privacy.kisa.or.kr / 118)
▶ Prosecution Service (www.spo.go.kr / 02-3480-2000)
▶ Korea National Police Agency Cyber Terror Response Center (cyberbureau.police.go.kr / 182)
This privacy policy is effective from the implementation date, and any addition, deletion or correction of the terms pursuant to the laws and/or policy will be publicly announced through the notice 7 days prior to the implement of the changes.
