Privacy Notice for HANJIN

HANJIN TRANSPORTATION CO., LTD. (hereinafter called “the Company”) respects your privacy and is committed to protecting it. The Company provides this Privacy Policy to inform you of our policies and practices governing how we process and use your personal data.

We may update this Privacy Policy from time to time. When we do, we will communicate any material changes to you and publish the updated Privacy Policy on our website.

Who is responsible for data processing and how do you reach the Data Controller if you have any questions?

Responsibility lies with

• Name : HANJIN TRANSPORTATION CO., LTD.
• Address : Hanjin New Bldg Namdaemunro 63, Jung-gu, Seoul, Korea
• Telephone Number : +82-2-728-5550
• Email address : SELAGY@hanjin.co.kr

Where do we obtain your data and which types of data do we use?

We process personal data which we receive directly from your company, our corporate customer(controller and processor) in connection with the provision.
Specifically, the Company collects your contact information (Name, Telephone number (or Business telephone number), Phone numbers, Email, Business address, Name of department, Name of Corporation) for the purposes set out below.
If you provide the Company with personal data of third parties (such as consignee data), we process such data under the assumption that it was obtained and provided to us by you in accordance with applicable laws. Also, it is your responsibility to ensure that such third parties have been provided with a copy of this notice.

What are the purposes of processing your data and on which legal basis does the processing take place?

We process personal data for the purposes and pursuant to the legal grounds set out below:

• a for the performance of a contract with you(Art. 6 (1 b) GDPR)We process your personal data in order to provide your company with transportation services based on the contract between your company and us, and to perform various tasks ancillary thereto (payment of expenses, processing of claims, and any other tasks requiring your contact information). Thus, your company is initially responsible for obtaining legitimizing grounds for the processing of your personal data by us and you may be required to provide your personal data to us by your company in order to comply with your obligations under the employment contract with your company. We may also process your personal data for legitimate interests such as maintaining communications with your company and managing records regarding the transportation services. (Art. 6.1. f) GDPR).
• b on the basis of legal requirements (Art. 6 (1 c) GDPR)We are subject to various legal obligations, including statutory requirements, and, in order to comply with these legal obligations, we are required to collect and process certain personal data about you.
• c where it is necessary for the legitimate interests of the Company or of third parties (Art. 6 (1 f) GDPR)To the extent necessary, we may process your data beyond the scope of the contract in order to protect the legitimate interests of our own and those of third parties and without prejudicing your interests and fundamental rights and freedoms. We may process personal data in order to process claims we receive in connection with our services, operate, evaluate, and improve our business, managing our communications, conducting accounting and auditing, and improving and maintaining the quality of our customer services we provide to you using your personal data.

Who will receive your data?

Within the Company, those units will be granted access to your data that need it in order to comply with our contractual and statutory obligations.
Service providers and agents appointed by us may also receive the data for these purposes on the condition that they are bound by duties of confidentiality. They only process personal data based on our instructions and only in order to perform services on our behalf or comply with legal requirements. Also, we may share your personal data with our business partners such as the Company’s European subsidiary, resellers, and agency offices, which may use the personal data for the purposes described in this Privacy Policy.
Otherwise, we will only disclose your personal data to third parties if this is required by law or by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies, you have given your consent or to the extent otherwise permitted under the applicable laws.

Will the data be transferred to a third country or an international organization?

Your personal data will be transferred to the Company’s head office in South Korea, outside the European Economic Area (“EEA”). In addition, the Company’s service providers with whom information is shared may be based outside the EEA. Data protection laws may or may not apply in jurisdictions outside the EEA or may not be as stringent as those in the EEA. In any case, Company will implement appropriate contractual measures (such as standard data protection clauses, a copy of which you can obtain by contacting SELAGY@hanjin.co.kr to ensure that the relevant third parties outside the EEA provide an adequate level of protection to your personal data as set out in this policy and as required by applicable local law.

For how long will your data be stored?

We process and store your personal data as long as this is required to meet applicable contractual or legal or regulatory obligations or legitimate business needs (e.g., preservation of evidence under the statutory regulations regarding the statute of limitations.

• 1 Global express data : after Issue up to 5 years
• 2 Documents related to export : after Issue up to 10 years
• 3 Invoice data : after Issue up to 10 years

When storing your personal data, we take steps to minimize the impact on your rights, including by masking personal data and restricting access authority to the personal data retained in our systems.

How is your data protected?

The Company maintains reasonable security measures to safeguard personal data from loss, interference, misuse, unauthorized access, disclosure, alteration or destruction. The Company also maintains reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete and current.

What are your rights with regard to data protection?

Subject to limitations and exceptions set out in the applicable laws, you have the following rights relating to the Company’s processing of your personal data: the right of access pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR. Moreover, there is a right to appeal to a competent data protection supervisory authority pursuant to Article 77 GDPR.

The foregoing rights may be exercised by contacting SELAGY@hanjin.co.kr.

To what extent will decision­making be automated?

We do not use fully automated decision-making processes pursuant to Article 22 GDPR in the context of our employment relationship with you.

Will profiling take place?

No profiling of your personal data by means of automated processing will take place.