HEI

Introduction 1. HEI Corporation ( “HEI”) establish and disclose this Privacy Policy to protects customers’ personal information and rights and interests in accordance with Article 30 of the Personal Information Protection Act and Article 31 of the Enforcement Decree of the same act, so that personal information can be handled smoothly. 2. This Privacy Policy explains how personal information is used and what measures are being taken to protect personal information. Privacy Policy may be revised in accordance with related laws, government guidelines, and changes to HEI's business strategic policies, and in case of revision, HEI will notify customers through official notices or individual notices. Personal Information to be collected and purpose HEI collects the following personal information to provide services. 1. Information collected during sign-up process - For identification purposes, ‘ID, password, name, date of birth, gender, mobile phone number’ are collected as mandatory items. 2. Personal information collected for service use - We collect ‘Vehicle Model/Battery Capacity/Year’ or ‘Vehicle Identification Number’ to identify a vehicle equipped with a battery to be serviced. - Collect charging station membership information. - Collect charging information when charging an electric vehicle. - (Optional) When a member uses the smartphone camera to use the service, photos (including meta information) obtained through this are collected. 3. Personal information for purchasing goods or services - When purchasing products (ex. adapters), we collect delivery information (name, mobile phone number, address) for delivery. - Collect information necessary for payment, such as credit card information, carrier information, and gift certificate number. 4. Personal information generated and collected in the process of using the service - We collect location information in order to provide location-based services. - Collect service usage records. Methods of information collection 1. HEI collects personal information through the following methods. - Using the member's smartphone app - Conversation via phone call - Online conversation via email Use of personal information 1. It is used for membership management required for services (including web/app), service development, provision and improvement, and discovery of new service elements. 2. It is used to maintain, manage and protect membership, prevent illegal use of services, and prevent sanctions. 3. It is used for marketing and promotion purposes, such as providing event information and participation opportunities, and providing advertising information. 4. In case of complaint, it is used for the following purposes. - Identification of the complainant - Confirmation of complaints, contact and notification for fact-finding, and notification of processing results - Securing a efficient communication channel, such as sending notices, confirming the purpose, and handling complaints 5. In the following cases, pseudonymized information is used so that the subject of specific personal information cannot be identified. - Big data construction and analysis (including commercial purposes) - Research (including industrial research) - Record-keeping for the purpose of public interest 6. May be used for marketing and advertising purposes (only to customers who have consented to selective collection and use). Provision of personal information to others HEI does not provide personal information to others without the member’s prior consent. However, if it is necessary to check whether the member is using the affiliate's service, if the member directly consents to the provision of personal information in order to use the affiliate's service, and if there is an obligation to submit personal information in accordance with related laws, when an imminent risk to the life or safety of the member needs to be identified and resolved. Consignment 1. HEI entrusts some of the tasks necessary to provide services to external companies. 2. Information consigned, currently - Identity verification service: Nice Information Service Co., Ltd. 3. When signing a consignment contract, HEI sets out responsibilities such as prohibition of processing of personal information other than for the purpose of performing entrusted work, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, and compensation for damages in accordance with the Personal Information Protection Act in the contract, etc. It is specified in the document and supervises whether the company handles personal information safely. 4. If the contents of the consignment work or the consigned company is changed, we will disclose it through this Privacy Policy without delay. Processing and retention period of personal information HEI processes and retains personal information within the agreed retention and use period when collecting members' personal information, and, in principle, destroys it without delay when the purpose of processing personal information is achieved. However, if there is a need to preserve it in accordance with the relevant laws or prior consent from the customer as follows, it will be retained for a certain period of time. 1. Prevention of fraudulent sign-up and use - Mobile phone number of the user who has withdrawn: 6 months from the date of withdrawal - Identification information of illegal users: 1 year from the date of withdrawal 2. Act on Consumer Protection in Electronic Commerce - Records on contract or subscription withdrawal: 5 years - Records on payment and supply of goods: 5 years - Records on consumer complaints or dispute settlement: 3 years 3. Act on Electronic Documents and Electronic Transactions - Records on distribution of electronic documents through authorized electronic addresses: 10 years 4. Communication Secret Protection Act - Login history: 3 months 5. In case of obtaining consent from customers - Retention period: depending on the consent Destruction of personal information 1. HEI destroys the personal information without delay when the personal information becomes unnecessary, e.g. when the retention period of the personal information is expired, or the purpose of personal information is achieved. 2. However, in the following cases, personal information must be kept in accordance with other laws and regulations despite the expired retention period or the achievement of the purpose. The corresponding personal information may be moved to a separate database or stored in different physical locations. - When a credit information agency or credit inquiry company retains personal credit information for the purpose of intensive management and utilization of credit information or evaluating an individual's creditworthiness, it is retained to ensure the accuracy of the information. - When a credit information agency or credit inquiry company has personal or criminal liability or prescription continues, or holds personal credit information as evidence of a dispute - In case of preservation in accordance with laws such as Article 33 of the Commercial Act - In case of other similar justifiable reasons 3. HEI destroys personal information recorded and stored in electronic file format so that the record cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding or incineration with a shredder. HEI’s effort for the security of personal information In handling personal information, HEI is taking the following protection measures to ensure that personal information is not lost, stolen, leaked, altered or damaged. 1. Establishment and implementation of internal management plan 1)HEI establishes and implements an internal management plan that includes the following for the secure handling of personal information, and if there is an important change, it is immediately reflected and corrected. - Matters concerning the designation of managers (“protection manager”) who are in charge of personal information protection. - Matters concerning the roles and responsibilities of the protection managers and personal information handlers - Matters necessary to the security of personal information 2. Access control and management of access rights 1)The access privilege to personal information processing system is set to minimum necessary for business performance and the protection managers’ access privileges are differentiated according to their security level. When there is a change to the security level of the protection managers, it is immediately reflected on their access privileges to personal information processing system and recorded. 2)The number of personal information handlers, who process personal information, is kept to a minimum and personal information processing system and computers will be treated to prevent personal information from being disclosed to entities without the access privilege to read it or leaked to the outside. 3. Encryption of personal information 1)We encrypt and store passwords and identification information that are required to be encrypted by law. 2)When HEI transmits/receives personal information through wired and wireless networks or transmits it using auxiliary storage media, it is always encrypted. 3)HEI, in general, does not store personal information on business computers and when the information is stored for unavoidable reasons, it is safely encrypted using commercial encryption softwares. 4. Access records and prevention of forgery and falsification 1)HEI keeps and manages the records of accessing personal information processing system for more than two years, and keeps the access records safely to prevent falsification, theft, or loss of the access records. 5. Installation and operation of security programs 1)HEI frequently backs up data in preparation for damage to personal information, and uses the latest vaccine program to prevent leakage or damage to users' personal information or data. 2)HEI immediately implements an update in response to an alert related to a malicious program or a security update notice from the manufacturer of the application or operating system software in use. 6. Physical measures of personal information 1)HEI stores documents containing personal information and auxiliary storage media in a safe place with a lock. 2)When using an external cloud service, HEI selects and entrusts a company with highly reputed reliability in terms of physical measures, and manages and supervises it carefully. Rights and obligations of the subject of information and methods of exercising them The customer may exercise the following privacy-related rights at any time. 1. Request to view personal information 2. Request for correction, in case of typos, errors, etc. 3. Request for deletion 1)However, if other laws and regulations specify that the corresponding personal information needs to be collected, the deletion cannot be requested. 4. Request to suspend processing 1)However, in any of the following cases, the customer's request to suspend processing may be rejected, and in this case, the reason will be informed to the customer. - When there are special provisions in the law or when it is unavoidable to comply with legal obligations - If there is a risk of harming the life or body of another person or unfairly infringing on the property and other interests of another person - If it is difficult to fulfill the contract, such as not being able to provide the service contracted with the customer if personal information is not processed, and the customer does not clearly indicate his/her intention to terminate the contract Designation for Personal Information Protection If you have any questions regarding personal information, please contact us in writing, by phone, or by e-mail at the address below. - Responsible for: Information Security Team - Address (Seoul Office): 3rd floor, 21-7, Eonju-ro 108-gil, Gangnam-gu, Seoul - Email address: privacy@thinkhei.com - Phone: 070-4279-7810 Remedial procedures for Infringement of Rights and Interests of Information Subjects Customers, who stay in South Korea, can contact the following organizations for remedies and consultation for personal information infringement. - Personal Information Infringement Report Center: (without area code) 118 (http://privacy.kisa.or.kr) - Personal Information Dispute Mediation Committee: 1833-6972 (http://kopico.go.kr) - Supreme Prosecutors' Office Cyber Investigation Division: (without area code) 1301, cid@spo.go.kr (http://spo.go.kr) - National Police Agency Cyber Security Bureau: (without area code) 182 (http://cyberbureau.police.go.kr) Customers, who stay outside of South Korea, are advised to contact the organizations for remedies and consultation for personal information infringement in the corresponding country. Addendum These Terms and Conditions are effective from June 1, 2022.