DHL Korea Co., Ltd. Privacy Policy

DHL Korea Co., Ltd. (the “Company” or “DHL Korea”) has duly processed and safely managed personal information in compliance with the Personal Information Protection Act (the “PIPA”) and other applicable laws and regulations to protect the freedom and rights of data subjects. Accordingly, pursuant to Article 30 of the PIPA, DHL Korea hereby establish and disclose the following privacy policy to inform data subjects of the procedures and standards for the processing and protection of personal information and to ensure prompt and smooth handling of complaints related thereto.

Any and all amendments to this Privacy Policy will be disclosed on the Company’s website.

This Privacy Policy has been amended as follows and will take effect as of July 04, 2025.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. The personal information being processed shall not be used for any purpose other than the following purposes, and if the purpose of use is changed, necessary measures such as obtaining separate consent will be taken pursuant to Article 18 of the PIPA.

1. Provision of services

· Identification of customers, provision of various services of the Company (e.g., delivery service, calculation of delivery fees and guidance on delivery products, delivery reservation, preparation of waybill, packaging of products for delivery, pick-up service, tracking delivery, customer number issuance service, customs clearance and declaration, payment of customs duties and VAT, customs response service, customs refund service, customs clearance code proxy issuance service, operation of website, emergency passport express delivery service, shipment security service, document security service, and refund guarantee service), delivery of contracts and invoices, payment and calculation of unpaid amounts, provision of customized service, management of service usage history, preservation of records related to the provision of services, prevention of fraudulent or unauthorized use by non-qualified members, management of members, responses to inquiries and requests related to services, provision of up-do-date changes and materials

2. Response to inquiries and customer comments; handling of complaints

· Identification of customers and their complaints, communication and notification for fact-finding, notification of handling results, dispute mediation and preservation of relevant records, prevention of indiscriminate postings, delivery of announcements, utilization of statistical data, improvement of internet website, response to inquiries and comments

3. Execution and performance of contracts

· Verification and identification of counterparties, decision on contract execution, guarantee of fair execution of contracts, performance of contracts such as payment of expenses and amounts for service provision, business communication within the scope necessary for execution and performance of contracts, delivery of invoices, payment or collection of freight charges, documentation of lawful execution and performance of contract, management of overall status of contracts such as counterparties, contractual terms and conditions, details of payment, etc., business cooperation with related companies (head office, affiliates, etc.)

4. Marketing and public relations activities

· Provision of information related to the Company’s services or products via phone, text message, mail, email, mobile messenger or direct marketing, sending newsletters and surveys, general marketing activities such as hosting various campaigns and events including online events, handling of tasks related to hosting events (receiving event entries, selecting and contacting winners, delivering prizes, hosting events)

5. Management of visitors and mails

· Management of visitors to prevent unauthorized access to offices and service centers, issuance of temporary access cards, prevention of security accidents and terrorist activities, parking management, identification of circumstances in the event of an accident, maintenance and management of the Company’s security, prior examination of visitors

6. Performance of legal and administrative obligations of the Company

· Performance of various legal and administrative obligations of the Company pursuant to laws and regulations as well as orders and dispositions imposed by administrative agencies or relevant authorities based thereon, such as report and payment of various taxes including withholding of corporate income tax, value-added tax and income tax, issuance and delivery of receipts and tax invoices, compliance with international transport regulations

7. Handling of tasks related to job applications

· Performance of tasks related to hiring employees with qualifications required by the Company and their admittance to the Company, confirmation (inquiry and verification) of applicants’ identity, academic background, career and qualifications, reference check, management of past application history, progress and management of hiring procedures, confirmation of health conditions and determination of job eligibility, consideration of obligations under the Act on the Employment Promotion and Vocational Rehabilitation of Persons with Disabilities (determination of eligibility for employment of persons with disabilities, performance of obligation to hire persons with disabilities, report of employment contribution for persons with disabilities, etc.), determination and notification of employment, determination of eligibility for preferential employment (determination of eligibility for additional points under the Act on the Honorable Treatment of and Support for Persons of Distinguished Service to the State, etc.), confirmation of applicants’ intention of application, handling of relevant complaints and dispute resolution, creation of basic data for new employees upon confirmation of employment, confirmation of intention of application in the event of additional employment, operation of a pool of applicants (confirmation of intention of application in the event of additional employment), payment of travel expenses such as transportation expenses, etc., response to inquiries regarding job application

Article 2 (Items of Personal Information to be Processed)

The Company collects and uses personal information to the minimum extent necessary to provide the services.

1. Items of personal information processed without the consent of the data subject

(1) Items related to customer consultation

· Legal basis: Article 15(1)4 of the PIPA (i.e., performance of contracts)

· Items to be collected and used: name, contact information, email address, mobile phone number, details of consultation, details of call

2. Items of personal information for collection and use that is processed with the consent of the data subject

The Company processes the following items of personal information with the consent of the data subject pursuant to Articles 15(1)1 and 22(1)7 of the PIPA:

(1) Items related to handling inquiries and identity verification

· Name, email address, date of birth, mobile phone number, company phone number, customer cumber, company name, department, address, country/region, type of inquiry and content of inquiry, freight ID or tracking number, waybill number

(2) Items related to the delivery service

· Sender information {name, company, country/region, address, zip code, email address, contact information (mobile phone number, office phone number, fax number), VAT/Tax ID, EORI number}, recipient information {name, company, country/region, address, zip code, email address, contact information (mobile phone number, office phone number, fax number), VAT/Tax ID}, shipped goods information (type of packaging, weight, size, purpose of shipment, value of goods, whether the shipment security service is used), shipping charge, date of shipment/arrival, expected date and time of delivery, payment information, customer number (if applicable), payment method of customs duties and surtax, customs trade conditions, information on pick-up of goods upon reservation for pick-up (including total pick-up weight), preferred delivery method {including new delivery option, changed delivery address and name, changed delivery date and time range, receipt method, designated recipient’s name (including building/unit number), gate/door code, delivery instructions}

(3) Items related to website membership registration service (myDHL+, myGTS, MyBill, ODD, Express Mobile App, DHL Express Commerce)

· Name, email address, contact information (company phone number, fax number, home phone number, mobile phone number), password, country/region, company-related information (trade name, business entity registration number, address, country), position, DHL customer number (if applicable), whether the biometric information stored in the mobile phone matches (for mobile apps)

(4) Items related to customer number issuance service

· Company name, name of the person-in-charge, company phone number, fax number, home phone number, mobile phone number, business entity registration number, email address, address, whether the customer is a B2C customer, shipping destination, quantity and frequency, country of location, information to be noted, information collected during the opening process

(5) Items related to customs clearance service

· Name, email address, telephone number (mobile phone number, company phone number, home phone number, fax number), address, waybill number, personal customs clearance code, alien registration number, passport number, affiliated company (including company information such as customs clearance code), nationality (if the consignee is a foreigner), any and all personal information on other documents required for customs clearance (documents submitted to customs office)

(6) Items related to DHL’s liability for damages (shipment security service, document security service, refund guarantee service)

· Personally identifiable information (name, address, telephone number, email address), information related to the transport accident (type of cargo, DHL customer number, value of cargo, waybill number, place of shipment/arrival, cause of the accident, etc.), results of examination on payment of compensation, account information (bank name, account number, account name), mobile phone number

(7) Items related to customs duties refund (for breach) service

· Name, address, mobile phone number, personal customs clearance code, email address, account information for refund (bank name, account number, account name), trade name, waybill number, business entity registration number, alien registration number, passport number (only for foreigners)

(8) Items related to customs clearance code proxy issuance service

· Name, email address, telephone number (mobile phone number, office phone number), address, business entity registration number, alien registration number, passport number (only for foreigners)

(9) Items related to DHL reward service

· Name, email address, contact information (mobile phone number), amount of payment for delivery and the amount of relevant points (amount accumulated and amount used), membership class

(10) Items related to emergency passport express delivery service

· Customers using emergency passport delivery service: country of residence, name of diplomatic mission, whether the document security service is used, name of applicant, person who desires to have a passport issued (name, date of birth), telephone number, email address

· Users of diplomatic missions abroad: name of diplomatic mission, name, email address, ID, password

(11) Items related to business affiliates

· Name, company name, job title, business entity registration number, bank account number, address, name of person-in-charge, telephone number, email address, fax number, relationship with the Company’s employee

(12) Items related to job applicants

· Name (Korean/English), gender, photo, date of birth (age), nationality, address and location of residence, information on veterans and persons of distinguished service, telephone number, mobile phone number, email address, academic background (name of school, major, degree, attendance period, location, acquired credits, grade, etc.), grade, military service, career (company name, job position, duties, salary level, reputation, etc.), information on overseas stay and training activities (exchange student, etc.), information on social activities, leadership and social service activities, language (language ability test score, etc.) and other qualifications (information on certificates held, etc.), award-winning experience (name of competition, competition organizer, award details, award date, etc.) and other information on rewards and punishment, hobby, specialty, self-introduction, SNS address, application route, credit status, disability status, inquiries regarding job application

· Results of the Company’s evaluation, results of the personality and aptitude test, any and all information on other documents provided by the applicant to the Company (resume, letter of self-introduction, transcript, etc.)

· Additional items to be collected and used from those applying as drivers: whether they have a driver’s license, vehicle types of which they are capable of driving, accidents that occurred and penalty points that were earned after obtaining the license, history of license suspension/cancellation

· Additional items to be collected and used from interviewees (those who passed the document review process): information on designated/undesignated recommenders for reference check (information on companies or institutions of previous employment or superiors thereof such as name, affiliation, job position, contact information, etc.), results of reference check including performance evaluation, and for those applying for a job opening at the customer center, details of phone-response test recording

· Additional items to be collected and used from interviewees (those who passed the document review process): current health conditions, history of past diseases and injuries, reasons for military exemption, information on criminal records, whether they belong to a group subject to sanctions imposed by the UN Security Council, the Official Journal of the EU, the Office of Foreign Assets Control, U.S. Department of the Treasury, the Bureau of Industry and Security, U.S. Department of Commerce, whether they are infected with epidemic diseases that necessitate quarantine as per the CDC guidelines

(13) Items related to campaigns or events

· Information on those who entered online events such as name, email address, mobile phone number, telephone number, company name, address, company address, business entity registration number, access route, employee code of the person-in-charge, SNS (e.g., entrant ID, mobile phone number, address, customer number, person in charge of sales, other information provided at the time of entry or winning)

(14) Other automatically generated information

· Access IP information, cookies, service usage history, access logs

(15) Items related to customer feedback and customer satisfaction survey

· Name, mobile phone number, email address, telephone number, address, company name, waybill number, customer number, opinion on the Company’s service, etc. (including feedback and questions), feedback and complaint on service quality, visual data, voice data (depending on the media used for submitting opinions)

(16) Items related to vising customers and other visitors

· Name, affiliated company and job title, email address, telephone number, address, purpose of visit, items stated in the entry/exit ledger (entry/exit number, affiliation, vehicle number, time of visit and visited department, reason for visit, person guiding the visitor, equipment brought in/out)

Article 3 (Personal Information Processing and Retention Period)

1. The Company will process and retain personal information within the period of retention and use of personal information as required by laws and regulations or the period of retention and use of personal information consented at the time of collection of personal information from the data subject.

2. Each processing and retention period of personal information is as follows:

(1) Items related to customer consulting: up to 3 years

(2) Items related to handling inquiries and identity verification: until the purpose of use is achieved

(3) Items related to the delivery service: up to 11 years in accordance with each country’s laws and regulations

(4) Items related to website membership registration service (myDHL+, myGTS, MyBill, ODD, Express Mobile App, DHL Express Commerce): until membership withdrawal

(5) Items related to customer number issuance service: up to 3 years from the suspension of customer number (if the customer number is not issued, up to 1 year from the date of consent)

(6) Items related to customs clearance service

· Information on import declaration: up to 5 years from the last customs clearance date

· Information on export declaration: up to 3 years from the last customs clearance date

(7) Items related to DHL’s liability for damages (shipment security service, document security service, refund guarantee service): up to 1 year from the notification date of the results of examination on payment of compensation

(8) Items related to customs duties refund (for breach) service: up to 5 years from the processing of customs duties refund

(9) Items related to customs clearance code proxy issuance service: 30 days from the date of receipt of application

(10) Items related to DHL reward service: up to 1 year from the date of shipment of goods

(11) Items related to emergency passport express delivery service: up to 4 months after payment is completed

(12) Items related to business affiliates: up to 5 years from the termination of contract

(13) Items related to job applicants: If the Company refuses to hire an applicant or an applicant decides not to join the Company for other reasons, up to 1 year from such date; if the Company hires an applicant and he/she decides to join the Company, up to 5 years from the termination of employment relationship

(14) Items related to campaigns or events:

· Consultation on opening of customer number: up to 3 years from the suspension of customer number (if the customer number is not issued, up to 1 year from the date of consent)

· Members of the DHL website: until membership withdrawal

· Non-members: 5 years

(15) Other automatically generated information: until the purpose of use is achieved

(16) Items related to customer feedback and customer satisfaction survey: up to 1 year

(17) Items related to visiting customers and other visitors: up to 5 years

3. However, personal information shall be processed and retained until the end of the relevant period in the following cases:

(1) Transaction records, such as labeling and advertising, contractual terms and performance thereof, under Article 6 of the Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce

· Records on labeling and advertising: 6 months

· Records on contracts, offers, payment of transaction amount or withdrawal of provision of goods: 5 years

· Records on customer complaints or dispute settlement: 3 years (however, in the case of records on compensation claims: 5 years)

(2) Electronic communication-related records under Article 41 of the Enforcement Decree of the Protection of Communications Secrets Act

· The date and time of the communication, the starting time and the ending time of the communication, the registered number of the other party of the communication, point of use, data on tracking the location of the sending base station used for the electronic communication: 1 year

· Computer communication records, internet log and data on tracking the access location: 3 months

(3) In the case of evidentiary transaction records under Article 85-3(2) of the Framework Act on National Taxes, Article 116(1) of the Corporate Tax Act, Article 71 of the Value-Added Tax Act: 5 years from the filing deadline

(4) In the case of a recipient’s application for change of payment terms and confirmation letter: 1 year and 6 months from the date of submission to the Ministry of Economy and Finance

(5) In the case of visitor (access) management records: 5 years; in the case of mail: 1 year

(6) Information on customs clearance under Articles 254-2 and 12(1) of the Customs Act and Article 3(1)1 of the Enforcement Decree of the same Act

· 5 years from the date of acceptance of the special customs clearance declaration of consignments

4. Personal information transferred by the Company to its affiliates located overseas for overseas transportation will be retained for the period necessary to comply with the legal obligations under the laws of the relevant country.

Article 4 (Provision of Personal Information to Third Parties)

1. The Company shall process personal information of data subjects only to the extent specified for the purpose of processing such personal information, and shall provide personal information to a third party only in cases falling under Articles 17 and 18 of the PIPA, such as consent of data subjects and special provisions of laws, and shall not provide any other personal information of data subjects to a third party.

2. In order to facilitate the provision of the services, the Company provides personal information to third parties to the minimum extent necessary with the consent of the data subject in following cases pursuant to Article 17(1)1 of the PIPA:

3. In the event of emergencies such as disasters, infectious diseases, incidents or accidents that cause imminent danger to life or body, and urgent property loss, the Company may provide personal information to relevant agencies without the consent of the data subjects as follows. In such case, the Company will provide only the minimum personal information required under the applicable laws and regulations and will not provide it for any purpose other than the intended purpose.

4. Cases where personal information is provided to third parties outside of Korea are stated in Article 5-2 (Overseas Transfer of Personal Information).

Article 5 (Delegation of Personal Information Processing)

1. The Company delegates the processing of personal information as follows to facilitate the processing of personal information:

2. Pursuant to Article 26 of the PIPA, when executing a delegation agreement, the Company sets forth in the agreement and other documents the matters concerning the prohibition of personal information processing for other purposes that performing the delegated work, technical and administrative protection measures, restriction on sub-delegation, management and supervision of the delegatee, compensation for damages, etc., and supervises whether the delegatee processes personal information in a safe manner.

3. Pursuant to Article 26(6) of the PIPA, the delegatee shall obtain the Company’s consent when sub-delegating the processing of personal information.

4. The Company sub-delegates the processing of personal information to outside service providers as follows through head office Deutsche Post AG, which is the delegatee:

(The list of affiliates of Deutsche Post AG is available here)

5. If there is any change in details of the (sub-) delegated services or the (sub-) delegatee, the Company will disclose such change through this Privacy Policy without delay.

6. Cases where personal information processing is delegated to service providers outside of Korea are stated in Article 5-2 (Overseas Transfer of Personal Information).

Article 5-2 (Overseas Transfer of Personal Information)

1. The Company provides and delegates overseas the personal information collected from service users as follows. If you refuse to transfer your personal information overseas, you will not be able to use the service. If you do not want such overseas transfer, you can withdraw from the membership on the website or request for withdrawal through our service center (1588-0001):

(The list of affiliates of Deutsche Post AG, countries and contact information are available here)

(The countries and contact information of DHL Information Services are available here)

Article 6 (Rights and Obligations of Data Subjects and Method of Exercise Thereof)

1. A data subject may exercise his/her right to request the Company to access, correct, delete, suspend processing of, or withdraw his/her personal information at any time (the “Right to Request Access, etc.”).

※ Data subjects under the age of 14 must exercise the Right to Request Access, etc. regarding their personal information through legal representatives, and those above the age of 14 may exercise the Right to Request Access, etc. regarding their personal information by themselves or through legal representatives.

2. The Right to Request Access, etc. may be exercised against the Company in writing, by email, fax, telephone, or internet website (Contact Data Protection - DHL - Republic of Korea) pursuant to Article 41(1) of the Enforcement Decree of the PIPA, and the Company will take measures without delay.

· Data subjects can request access to their personal information at any time through the website Contact Data Protection - DHL - Republic of Korea.

3. The Right to Request Access, etc. may be exercised through an agent, such as a legal representative or a person authorized by the data subject. In such case, a power of attorney in Annex Form No. 11 of the Notification on Personal Information Processing Method must be submitted.

4. The data subject’s right to request access to and suspension of processing of his/her personal information may be restricted by Articles 35(4) and 37(2) of the PIPA.

5. If other laws and regulations specify that certain personal information is subject to collection, the data subject may not request the deletion of such personal information.

6. The Company shall confirm whether the person who exercised the Right to Request Access, etc. is the data subject himself/herself, or his/her legitimate agent.

7. The Right to Request Access, etc. may be exercised against the department stated below. The Company will endeavor to ensure that the data subject’s Right to Request Access, etc. is processed promptly.

Department in charge of receiving the request for access, etc. to personal information

· Department: IT Department (Information System Division)

· Address: Yeomri-dong, Mapo-gu, Seoul

· Tel.: 02-710-8368

· Contact information: KR-EXP-Privacy@dhl.com

Article 7 (Procedures and Methods of Destruction of Personal Information)

1. If personal information becomes unnecessary due to the lapse of the retention period or the achievement of the purpose of processing such personal information, etc., the Company will destroy such personal information without delay.

2. If it is required to continue to preserve personal information pursuant to other laws and regulations despite the lapse of the retention period consented by the data subject or the achievement of the purpose of processing such personal information, the relevant personal information will be transferred to a separate database or retained at a different place.

※ Items of personal information to be retained pursuant to other laws and regulations and the grounds for such retention are available in Article 3 (Personal Information Processing and Retention Period).

3. The procedures and methods of destruction of personal information are as follows:

(1) Destruction procedures:

The Company shall select and destroy personal information that has a reason for destruction.

(2) Destruction methods:

The Company shall destroy personal information recorded and stored in the form of electronic files in an irreproducible manner, and destroy personal information recorded and stored in paper documents by shredding or incinerating them.

Article 8 (Measures to Ensure Safety of Personal Information)

In order to ensure the safety of personal information, the Company takes the following measures:

1. Administrative measures: establishment and implementation of an internal management plan, minimization of employees who process personal information, and regular training of such employees

2. Technical measures: security measures using technologies, such as encryption of personal information, installation of security devices, preventive measures against forgery and alteration of access records, and preventive measures against malicious programs by installing and operating security programs

3. Physical measures: control of access to the computer room, data storage room, etc.

Article 9 (Additional Use and Provision of Personal Information)

1. The Company may additionally use or provide personal information without the consent of the data subject in consideration of the matters set forth in Article 14-2 of the Enforcement Decree of the PIPA pursuant to Articles 15(3) or 17(4) of the PIPA.

2. Accordingly, the Company has considered the following in order to additionally use and provide personal information without the consent of the data subject:

· The provision of personal information is for the purpose of “customs clearance”, which is the original purpose of collection, and thus, is related to the purpose of collection.

· Data subjects can foresee that their personal information may be provided to the Korea Customs Service due to the nature of the Company’s international transportation services.

· The information is provided to provide customs clearance services at the request of the data subject, and does not unfairly infringe on the interests of the data subject.

· The Company takes necessary measures to ensure safety in order to minimize the exposure of personal information.

Article 10 (Installation, Operation and Refusal of Automatic Personal Information Collection System)

<Automatic personal information collection system installed and operated by the Company>

1. The Company uses “cookies” that store and retrieve usage information from time to time to provide individual services and conveniences to users. These cookies are “session cookies” that are stored only for the time users visit our website and are automatically deleted when users’ browser is closed.

2. Cookies are small amounts of information that the server (http) used for operating the website sends to the data subject’s browser and are stored on the data subject’s PC or mobile.

3. Data subjects may set up options of their web browsers to allow, block, etc. cookies. However, any data subject refusing to store cookies may not be able to use customized services.

<How to allow or block cookies>

Allowing or blocking cookies in web browsers:

· Chrome: Web browser settings > Privacy and security > delete browsing data

· Edge: Web browser settings > Cookies and site permissions > manage and delete cookies and site data

Allowing or blocking cookies in mobile browsers:

· Chrome: Mobile browser settings > Privacy and security > delete browsing data

· Safari: Mobile device settings > Safari > Advanced > block all cookies

· Samsung Internet: Mobile browser settings > Browsing data > delete browsing data

Allowing or blocking cookies on DHL’s website

· DHL website: Cookie settings at the bottom of the page > Consent preferences management > deactivate performance, functional, and analytics information technologies

<Matters Concerning Provision and Refusal of Collection and Use of Behavioral Information>

1. The Company collects and uses behavioral information in a form that can identify individuals by using cookies in order to provide customized services and benefits optimized for users in the course of using the Company’s services.

2. The Company also applies the following technologies to store information about visitors who repeatedly access one of the Company’s internet pages. These technologies can be deactivated in the privacy settings center on the Company’s website, but this may affect users’ experience of the website and the services provided by the Company:

· Performance Technology: This technology is used to collect information about how the Company’s website is used, such as the internet browser and operating system used, the domain name of the website that accessed the Company’s site, the number of visits, the average time spent on the site, and the page viewed.

· Functional Technology: This website provides more personalized functions by remembering user choices. For example, when using a trackable application, this technology allows users to remember and store the last tracking number they have entered. The information collected through this technology can be processed anonymously, and other websites cannot track users’ search activity.

· Analytics Information Technology: The Company uses analytics information technology to improve the quality of the website and content and to ensure that partners’ inserted services work properly.

3. The Company collects behavioral information on its websites as follows:

Article 11 (Chief Privacy Officer)

1. The Company has designated a Chief Privacy Officer as follows to be in overall charge of the processing of personal information and to handle complaints and remedy damages of data subjects related to the processing of personal information:

Chief Privacy Officer

· Name: Bong-Jo Kim

· Title: IT Department (Information System Division), Head

· Contact information: KR-EXP-Privacy@dhl.com

Department in charge of personal information protection

· Department: IT Department (Information System Division)

· Tel.: 02-710-8368

· Contact information: KR-EXP-Privacy@dhl.com

2. Data subjects may contact the Chief Privacy Officer and the responsible department for any and all personal information protection-related inquiries, complaint handling, damage relief, etc. arising in the course of using the Company’s services (or businesses). The Company will respond to and process the data subject’s inquiries without delay.

Article 12 (Installation and Operation of Visual Data Processing Devices)

1. Grounds for and purpose of installing fixed visual data processing devices

Pursuant to Article 25(1) of the PIPA, the Company installs and operates visual data processing devices for the following purposes:

· To ensure the safety of the Company’s equipment (safety of facilities), to prevent fire, to prevent crime, etc.

2. The number of units installed, location of installation and scope of recording

3. Responsible managers and persons with access right

In order to protect your personal visual data and handle complaints related to such data, the Company has responsible managers and persons with access right to personal visual data as follows:

4. Recording time, retention period, place for storage and method of processing personal visual data

· Method of processing: The Company records and manages matters concerning the use of personal visual data for other purposes, provision to a third party, destruction, requests for access, etc. and permanently deletes (shreds or incinerates in the case of printouts) personal visual data in an irrecoverable manner upon expiration of the retention period.

5. Method of verifying personal visual data and place of verification

· Method of verification: You may verify visual data by requesting the person responsible for the maintenance and repair of each facility, and such data may be verified at a separate place of each facility with a lock. (If a customer or a third party who is not the Company’s responsible manager or employee requests access to visual data, such visual data may be provided and verified after obtaining final approval from the Chief Privacy Officer.)

· Place of verification: Separate place of each facility with a lock

6. Measures taken upon the data subject’s request for access, etc. to personal visual data

If you wish to access, confirm the existence of or delete personal visual data, you may request the Company at any time. However, this shall be limited to the personal visual data that has recorded you. If you request access to, confirmation of the existence or deletion of personal visual data, the Company will take necessary measures without delay.

7. Measures to ensure the safety of personal visual data

Personal visual data that the Company processes is safely managed through encryption and other measures. In addition, as a managerial measure to protect personal visual data, the Company grants access to personal information on a differentiated basis. In order to prevent any forgery or alteration of personal visual data, the Company records and manages the date and time of creation of personal visual data, the purpose of access, the person who accessed the personal visual data, and the date and time of access. The Company also installs locks to ensure the safe physical storage of personal visual data.

Article 13 (Remedies for Infringement of Rights and Interests)

1. In order to seek remedies for personal information infringement, data subjects may file an application for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Personal Information Infringement Reporting Center under the Korea Internet & Security Agency, etc. Please contact the following institutions for other reports and consultations on personal information infringement:

(1) Personal Information Dispute Mediation Committee: 1833-6972 (no area code required) (www.kopico.go.kr)

(2) Personal Information Infringement Reporting Center: 118 (no area code required) (privacy.kisa.or.kr)

(3) Supreme Prosecutors’ Office: 1301 (no area code required) (www.spo.go.kr)

(4) National Police Agency: 182 (no area code required) (ecrm.cyber.go.kr)

2. The Company guarantees the data subject’s right to control his/her own personal information and endeavors to provide consultations and remedies for personal information infringement. If you need to report or consult, please contact the responsible department below.

Consultation and reporting on personal information protection

· Department: IT Department (Information System Division)

· Tel.: 02-710-8368

· Contact information: KR-EXP-Privacy@dhl.com

Article 14 (Amendments to Privacy Policy)

1. This Privacy Policy shall take effect from July 04, 2025.

2. A comparison table of the changes to this Privacy Policy is available [here].

3. The previous privacy policies are available below.

· Applicable from December 29, 2017 to December 14, 2018 (Click)

· Applicable from December 15, 2018 to August 31, 2021 (Click)

· Applicable from September 1, 2021 to October 31, 2021 (Click)

· Applicable from November 1, 2021 to July 31, 2023 (Click)