Privacy Notice

Privacy Policy (DHL Korea Ltd.)

• Article 1 (Purpose of Personal Information Processing)

  The Company’s purpose for processing the Data Subjects’ personal information are described below. The Company processes personal information for the following purposes and does not use it for any other purposes. If the purpose of use shall change, the Company will take appropriate measures, such as obtaining separate consents from Data Subjects as required under
  the PIPA.
  
  1. Providing services
  Verification of customers, provision of various services of the Company (delivery service, membership service including MyDHL+, reward provision service, customer number issuance service, DHL ProView service, customs clearance and customs response service, My Bill service, emergency passport express delivery service, On Demand Delivery service, Internet website chat service, cargo liability insurance subscription service, customs refund service, customs clearance code proxy issuance service, etc.), management of service usage details, preservation of service provision records, calculation of delivery fees and notification of delivered goods, delivery reservation, delivery of shipments, sending of contracts and invoices, provision of customized services, payment and calculation of unpaid amount, preparation of waybill, customs declaration, payment of customs duties and surtax, insurance subscription, packaging of delivered goods, provision of pick-up service, delivery tracking, prevention of fraudulent or unauthorized use by undesirable members, member management, response to customers’ inquiries and requests for services such as delivery, provision of up-to-date changes and materials, etc.
  
  2. Response to customer inquiries or opinions and handling of complaints
  Verification of customers and their complaints, communication and notification for factfinding, notification of handling results, dispute mediation and preservation of relevant records, prevention of indiscriminate postings, delivery of announcements, utilization of statistical data, improvement of internet website, response to inquiries and opinions, etc.
  
  3. Execution and performance of contracts
  Verification and identification of counterparties, decision on contract execution, guarantee of fair execution of contracts, performance of contracts such as payment of expenses and amounts for service provision, business communication within the scope necessary for execution and performance of contracts, delivery of invoice, payment or collection of rent, documentation of lawful execution and performance of contracts, management of overall status of contracts such as counterparties, contractual terms and conditions, details of payment, etc., business cooperation with related companies (head office, affiliates, etc.), etc.
  
  4. Marketing and public relations activities
  Provision of information related to the Company’s services via phone, text message, mail, email, mobile messenger or direct marketing, conduct surveys, general marketing activities such as hosting various events including online events, handling of tasks related to hosting events (receiving event entries, selecting and contacting winners, delivering prizes, hosting events), etc.
  
  5. Management of visitors and mail
  Management of visitors to prevent unauthorized access to offices and service centers, issuance of temporary access cards, prevention of security accidents and terrorist activities, parking management, identification of circumstances in the event of an accident, maintenance and management of the Company’s security, prior examination of visitors, prevention of infection and spread of COVID-19, etc.
  
  6. Performance of legal and administrative obligations of the Company
  Performance of various legal and administrative obligations of the Company pursuant to laws and regulations as well as orders and dispositions imposed by administrative agencies or relevant authorities based thereon, such as report and payment of various taxes including withholding of corporate income tax, value-added tax and income tax, issuance and delivery of receipts and tax invoices, etc.
  
  7. Handling of tasks related to job applications
  Performance of tasks related to hiring employees with qualifications required by the Company and their admittance to the Company, confirmation (inquiry and verification) of applicants’ identity, academic background, career and qualifications, reference check, management of past application history, progress and management of hiring procedures, confirmation of health conditions and determination of job eligibility, consideration of obligations under the Employment Promotion and Vocational Rehabilitation of Disabled Persons Act (determination of eligibility for employment of persons with disabilities, performance of obligation to hire persons with disabilities, report of employment contribution for persons with disabilities, etc.), determination and notification of employment, determination of eligibility for preferential employment (determination of eligibility for additional points under the Act on the Honorable Treatment and Support of Persons of Distinguished Service to the State, etc.), confirmation of applicants’ intention of application, handling of relevant complaints and dispute resolution, creation of basic data of new employees upon determination of employment, confirmation of intention of application in the event of additional employment, operation of a pool of applicants (confirmation of intention of application in the event of additional employment), payment of travel expenses such as transportation expenses, etc., response to inquiries regarding job application, etc.
  
  8. Handling of other tasks performed by the Company
  Reponse to inquiries and requests related to the services provided by the Company and provision of information, etc.
  

   
• Article 2 (Items of Personal Information to be Processed)

  Key items of personal information processed by the Company pursuant to the consent provided by the Data Subjects or by applicable laws and regulations are as follows. The actual processed items may somewhat vary depending on the circumstances in which the Company processes the relevant personal information. However, if necessary, the Company obtains consent from the Data Subjects through the personal information consent form. Thus, please refer to the consent form.
  
  1. Items related to handling inquiries
  Name, email address, mobile phone number, customer number, company, department, country/region, type of inquiry and content of inquiry, freight ID or tracking number, waybill number, etc.
  
  2. Items related to delivery service
  Sender information (name, company, country/region, address, email address, contact information (mobile phone number, office phone number, fax number), VAT/Tax ID, EORI number), recipient information (name, company, country/region, address, email address, contact information (mobile phone number, office phone number, fax number, etc.), VAT/Tax ID), details of shipment, whether the content of shipment is document/freight, value of shipment, insurance coverage, desired packaging method, selection of packaging, shipping charge, weight, size, date of shipment/arrival, expected date and time of delivery, payment information, customer number (if applicable), method of payment of customs duties and surtax, customs trade conditions, information on pickup of goods upon reservation for pick-up (total pick-up weight, etc.), etc.
  
  3. Items related to MyDHL+ membership service
  Name, name of affiliated company (in the case of an individual, name of such individual), email address, contact information (office phone number, fax number, home phone number, mobile phone number, etc.), password, intention to apply for DHL customer number, frequency of delivery, address, etc.
  
  4. Items related to customer number issuance service
  Company name, name of person-in-charge, telephone number, business entity registration number, email address, address, whether the customer is a B2C customer and route, delivery address, quantity and frequency, location, information to be noted and other information collected during the opening process
  
  5. Items related to customs clearance service
  Name, email address, telephone number (mobile phone number, office phone number), address, waybill number, personal customs clearance code, alien registration number, passport number, affiliated company (including company information such as customs clearance code), nationality (if the consignee is a foreigner), any and all personal information on other documents required for customs clearance (documents submitted to customs office)
  
  6. Items related to the cargo liability insurance service
  Personally identifiable information (name, address, telephone number, email address), information related to the insured event (type of cargo, value of cargo, waybill number, place of shipment/arrival, cause of the accident, etc.), results on assessment of payouts of insurance proceeds, etc.
  
  7. Items related to DHL ProView service
  Name, job position, company name, address, country name, customer number, PIN number receipt route, email address, mobile phone number (telephone number), fax number, etc.
  
  8. Items related to My Bill service
  DHL customer number, company-related information (trade name, business entity number, address, country), name, email address, contact information (company or mobile phone number), job position, last DHL invoice (number, invoice amount, etc.)
  
  9. Items related to On Demand Delivery service
  Name, address, email address, mobile phone number, password, waybill number, mobile phone number, preferred delivery method (new delivery option, changed delivery address and name, changed delivery date and time zone, receipt method, designated recipient’s name (including building/unit number), gate/door code, delivery instructions, etc.), etc.
  
  10. Items related to customs duties refund (for breach) service
  Name, address, mobile phone number, personal customs clearance code, email address, account information for refund (bank name, account number, account name), trade name, waybill number, business entity registration number, passport number, alien registration number, etc.
  
  11. Items related to customs clearance code proxy issuance service
  Name, email address, telephone number (mobile phone number, office phone number), address, alien registration number, passport number, etc.
  
  12. Items related to DHL reward service
  Name, email, contact information (mobile phone number), amount of payment for delivery and the amount of relevant points (amount accumulated and amount used), membership class, etc.
  
  13. Items related to emergency passport express delivery service
  Country of residence, name of diplomatic mission, consulate, whether the document security service is used, name of applicant, person who desires to have a passport issued (name, date of birth), telephone number, email address, etc.
  
  14. Items related to related companies (affiliates)
  Name, company name, job title, business entity registration number, bank account number, address, name of person-in-charge, telephone number, email address, fax number, relationship with the Company’s employee, etc.
  
  15. Items related to job applicants

  • Name (Korean/English), gender, photo, date of birth (age), nationality, address and location of residence, information on veterans and persons of distinguished service, telephone number, mobile phone number, email address, academic background (name of school, major, degree, attendance period, location, acquired credits, grade, etc.), grade, military service, career (company name, job position, duties, salary level, reputation, etc.), information on overseas stay and training activities (exchange student, etc.), information on social activities, leadership and social service activities, language (language ability test score, etc.) and other qualifications (information on certificates held, etc.), awardwinning experience (name of competition, competition organizer, award details, award date, etc.) and other information on rewards and punishment, hobby, specialty, selfintroduction, SNS address, application route, credit status, disability status, inquiries regarding job application, etc.
    
    
  • Results of the Company’s evaluation, results of the personality and aptitude test, any and all information on other documents provided by the applicant to the Company (resume, letter of self-introduction, transcript, etc.), etc.
    
    
  • Additional items to be collected from those applying as drivers: whether they have a driver’s license, vehicle types of which they are capable of driving, accidents that occurred and penalty points that were earned after obtaining the license, history of license suspension/cancellation, etc.
    
    
  • Additional items to be collected from interviewees (those who passed the document review process): information on designated/undesignated recommenders for reference check (information on companies or institutions of previous employment or superiors thereof such as name, affiliation, job position, contact information, etc.), results of reference check including performance evaluation, and for those applying for a job opening at the customer center, details of phone-response test recording, etc.
    
    
  • Additional items to be collected from interviewees (those who passed the document review process): current health conditions, history of past diseases and injuries, reasons for military exemption, information on criminal records, whether they belong to a group subject to sanctions imposed by the UN or other international organizations, COVID-19 test results, etc.
    

  16. Items related to campaigns or events
  Information on those who entered online events such as name, email address, mobile phone number, telephone number, company name, address, company address, business entity registration number, access route, employee code of the person-in-charge, SNS (e.g., entrant ID, mobile phone number, address, customer number, person in charge of sales, other information provided at the time of entry or winning), etc.
  
  17. Other automatically generated information
  Access IP information, cookies, service usage history, access logs, etc.
  
  18. Items related to customer feedback
  Name, mobile phone number, email address, telephone number, address, company name, waybill number, customer number, opinion on the Company’s service, etc. (including feedback and questions), etc.
  
  19. Items related to visiting customers and other visitors
  Name, affiliated company and job title, email address, telephone number, address, purpose of visit, items stated in the entry/exit ledger (entry/exit number, affiliation, vehicle number, time of visit and visited department, reason for visit, person guiding the visitor, etc.), whether the visitor has fever symptoms, whether the visitor is infected with COVID-19, whether there has been confirmed cases of COVID-19 within the visitor’s company, etc.

• Article 3 (Personal Information Processing and Retention Period)

  1. The Company will retain and use personal information related to the provision of services for (i) the period set forth in applicable laws and regulations, (ii) the period specified in the consent form for the relevant Data Subjects submitted at the time of collecting personal information, or (iii) the period from the date of submitting consent form for use and collection of personal information until the date when the purpose of processing personal information is achieved; provided, however, that the Company may retain and use such personal information even after the expiration of the relevant retention period only for the purpose of handling complaints and performing obligations under applicable laws and regulations.
  
  2. In principle, the Company will process and retain personal information until the delivery of service and payment and calculation of the unpaid amount are completed; provided, however, the Company will process and retain personal information until the termination of the relevant grounds for retention in the following cases:
  

  (1) Transaction records, such as labeling and advertising, contractual terms and performance thereof, under Article 6 of the Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce, Etc.

  • Records on labeling and advertising: 6 months
    
  • Records on contracts, offers, payment of transaction amount or withdrawal of provision of goods: 5 months
    

  (2) Records on customer complaints or dispute settlement: 3 years (however, in the case of records on compensation claims: 5 years)Electronic communication-related records under Article 41 of the Enforcement Decree of the Protection of Communications Secrets Act

  • The date and time of the communication, the starting time and the ending time of the communication, the registered number of the other party of the communication, point of use, data on tracking the location of the sending base station used for the electronic communication: 1 year
    
  • Computer communication records, Internet log and data on tracking the access location: 3 months

  (3) In the case of identity verification records under Article 29 of the Enforcement Decree of the Network Act, 6 months after deleting the post posted on the bulletin board
  
  (4) In the case of evidentiary transaction records under Article 85-3(2) of the National Tax Basic Law, Article 116(1) of the Corporate Income Tax Law, Article 31 of the Value-Added Tax Law, etc., 5 years from the filing deadline
  
  (5) In the case of a recipient’s application for change of payment terms and confirmation letter, 1 year and 6 months from the date of submission to the Ministry of Economy and Finance
  
  (6) In the case of visitor (access) management records and mail, 1 year

• Article 4 (Provision of Personal Information to Third Parties)

  1. In principle, the Company will process personal information of the Data Subjects within the scope of the purpose set forth in Article 1 of this Privacy Policy and will not process or provide to a third party beyond the original scope, without prior consent of the Data Subjects; provided, however, that the foregoing shall not apply to the following cases:

  • Where the Data Subjects have given prior consent to the provide or transfer personal information; and
    
  • Where the provision of personal information is required or permitted by laws and regulations, etc.

  2. The Company shall provide personal information to the following third parties:
  

  Recipient: Korea Customs Service (125)
  Recipient's Purpose of Use: Imposition and collection of customs duties, declaration of transportation, handling of customs clearance and customs response, examination and processing of customs duties refund, customs duties refund for breach and issuance of customs clearance code
  Items to be Provided: Name, email address, contact information (office, home, mobile phone, fax), address (home, office), waybill number, personal customs clearance code, alien registration number, passport number, affiliated company (including company information such as customs clearance code), nationality (if the consignee is a foreigner), any and all personal information on other documents required for customs clearance (documents submitted to customs office)
  Recipient's Period of Retention and Use: Until the purposes of use of  personal information are attained

  Recipient: National Tax Service (126)
  Recipient's Purpose of Use: Imposition, reduction and collection of various taxes including VAT
  Items to be Provided: Name, email address, address, contact information (office, home, mobile phone, fax), address (home, office)
  Recipient's Period of Retention and Use: Same as above

  Recipient: AIG (1544-2792)
  Recipient's Purpose of Use: Assessment of payouts of insurance proceeds related to cargo, investigation of the insured event (if necessary), payouts of insurance proceeds, handling of complaints and legal actions
  Items to be Provided: Personally identifiable information (name, address, telephone number, email address), information related to the insured event (type of cargo, value of cargo, waybill number, place of shipment/arrival, cause of accident, etc.), results on assessment of payouts of insurance proceeds
  Recipient's Period of Retention and Use: Same as above

• Article 5 (Delegation of Personal Information Processing)

  1. The Company delegates the processing of personal information as follows for the effective management of tasks related to personal information:
  

  Service Provider: HMP Law
  Description of Delegated Serivce: Legal adivce
  

  Service Provider: DP DHL Group (Head Office)
  Description of Delegated Serivce: Overseas delivery and operation of the
  GoSource website

  Service Provider: MIDAS IN
  Description of Delegated Serivce: Recruitment related service (operation of
  recruitment websites, storage and management of job applicants’ information, etc.)

  Service Provider: BS IT
  Description of Delegated Serivce: IT support (hard disk drive restoration, etc.)

  Service Provider: LG U+
  Description of Delegated Serivce: Provision of web fax services

  Service Provider: TeamWave
  Description of Delegated Serivce: IT support (DLP system operation)

  Service Provider: BizTalk
  Description of Delegated Serivce: Sending of KakaoTalk messages

  Service Provider: i-Heart
  Description of Delegated Serivce: Sending of mobile phone text messages

  Service Provider: Samjung Data Service (Direct Send)
  Description of Delegated Serivce: Sending of text messages, etc.

  Service Provider: KG Inicis
  Description of Delegated Serivce: Provision of credit card payment services

  Service Provider: DadaGlobal (Subcontracting to post offices)
  Description of Delegated Serivce: Domestic transportation

  Service Provider: GS Networks (GS25), BGF Networks (CU)
  Description of Delegated Serivce: Provision of guidance and delivery of passwords to customers using unmanned delivery boxes at convenience stores

  Service Provider: Brink’s Korea
  Description of Delegated Serivce: Destruction of documents

  Service Provider: Gogovan, Delta-On, Dongbang
  Description of Delegated Serivce: Delivery

  Service Provider: QuickQuick, Kyoungdong Express, AnyQuick Logistics, Hana  Fine Logistics, Hayeong Company, Baekma Transportation, Ilyang Logis, Mirae Total Logistics, Jeju Air & Sea Cargo Service, KORAIL Networks Co., Ltd., Deoksu Company, DAWON Express
  Description of Delegated Serivce: Delivery (with delivery vans)

  Service Provider: Korean Air
  Description of Delegated Serivce: Air transportation

  Service Provider: Unseo Customs Broker Office
  Description of Delegated Serivce: Import and export clearance

  Service Provider: Aeris, Jupiter Express
  Description of Delegated Serivce: WMX related services

  Service Provider: Billpost
  Description of Delegated Serivce: Printing and sending of invoices to customers

  Service Provider: Crane Communications
  Description of Delegated Serivce: Operation and management of social media
  accounts and hosting of events (delivering prizes to event winners, etc.)

  Service Provider: Purple I&C
  Description of Delegated Serivce: Delivery of prizes to winners of online events

  Service Provider: Bear Better
  Description of Delegated Serivce: Production and delivery of calendars

  Service Provider: NHN KCP
  Description of Delegated Serivce: MYBILL PG and ADC

  Service Provider: Eber
  Description of Delegated Serivce: Management of membership points

  Service Provider: KCNET, KTNET
  Description of Delegated Serivce: Intermediary services for submission of import/export cargo manifests (submission of cargo manifests to the customs office)

  Service Provider: NICE AMC
  Description of Delegated Serivce: Debt collection

  
  The Company will subcontract the processing of personal information to outside service providers as follows through the head office (DP DHL Group); if there is any change in the subcontracted service providers or subcontracted services, the Company will disclose such change through this Privacy Policy:

  Subcontracted Service Provider: DHL Group Affiliates (The list of affiliates is available here.)
  Description of Subcontracted Services: Overseas delivery (approval of extremely heavy items, examination/approval of delivery of dangerous items)

  Subcontracted Service Provider: DPDHL Group IT Center Overseas
  Description of Subcontracted Services: Data processing and storage (operation and management of public folder system, etc., storage and management of phone call recording files, operation of the On Demand Delivery website)

  Subcontracted Service Provider: DHL Asia Pacific Shared Services Sdn Bhd
  Description of Subcontracted Services: Accounting services (accounting, collection of customer fares, etc.) Registration, management and maintenance (purchase) of partners,
  

  Subcontracted Service Provider: Taleo
  Description of Subcontracted Services: Recruitment services (operation of
  recruitment websites, storage and management of job applicants’ information, etc.)

  Subcontracted Service Provider: SHL
  Description of Subcontracted Services: Online personality and aptitude testing of job applicants

  Subcontracted Service Provider: Sonru
  Description of Subcontracted Services: Provision of video interview program
  services for job applicants

  Subcontracted Service Provider: Ingenico
  Description of Subcontracted Services: Provision of credit card payment services

  Subcontracted Service Provider:  ION, DotDigital
  Description of Subcontracted Services: Hosting of event websites and provision of internet platform services
  

  Subcontracted Service Provider:  Survey Monkey, Usabilla
  Description of Subcontracted Services: Conducting of surveys including customer satisfaction surveys and collection of website users’ opinions
  

  Subcontracted Service Provider:  Eber
  Description of Subcontracted Services: Management of membership points
  

  Subcontracted Service Provider:  Link Mobility
  Description of Subcontracted Services: Sending of emails and text messages
  

  In addition, the following (subcontracted) service providers of the above delegated (subcontracted) services for personal information processing are located outside of Korea:
  

  (Subcontracted) Service Provider (Country and Contact Information): Head office and affiliates (The list of affiliates, countries and contact information are available here.)
  Date, Time and Method of Transfer: Transfer of personal information through the telecommunications network immediately upon collection
  Transferred Items: Name, company, country/region, address, email address, contact information (mobile phone number, office number, fax number)(Subcontracted) Service Provider's Purpose of Use: Overseas delivery (approval of extremely heavy items, examination/approval of delivery of dangerous items)
  (Subcontracted) Service Provider's Period of Retention and Use: Until the processing of delegated services is completed or the delegation relationship is terminated
  

  (Subcontracted) Service Provider (Country and Contact Information): DPDHL Group IT Center Overseas (Malaysia, +6038315 8000)
  Date, Time and Method of Transfer: Same as above
  Transferred Items: Same as above
  (Subcontracted) Service Provider's Purpose of Use: Data processing and storage (operation and management of public folder system, etc., storage and management of phone call recording files, operation of the On Demand Delivery website)
  (Subcontracted) Service Provider's Period of Retention and Use: Same as above

  (Subcontracted) Service Provider (Country and Contact Information): Survey Monkey, Usabilla (USA, +1650543840 0)
  Date, Time and Method of Transfer: Same as above
  Transferred Items: Email address
  (Subcontracted) Service Provider's Purpose of Use: Collection of website users’ opinions and conducting of surveys including customer satisfaction surveys
  (Subcontracted) Service Provider's Period of Retention and Use: Same as above

  (Subcontracted) Service Provider (Country and Contact Information): Ingenico (France, +33 (0)1 34 34 95 95)
  Date, Time and Method of Transfer: Same as above
  Transferred Items: Credit card information
  (Subcontracted) Service Provider's Purpose of Use: Provision of credit card payment services
  (Subcontracted) Service Provider's Period of Retention and Use: Same as above

  (Subcontracted) Service Provider (Country and Contact Information): ION (UK, +44 20 7398 0200) DotDigital (UK, +44 (0)20 3953 3072)
  Date, Time and Method of Transfer: Same as above
  Transferred Items: Name, email address, address, contact information (mobile phone number, office number)
  (Subcontracted) Service Provider's Purpose of Use: Hosting of event websites  and provision of internet platform services
  (Subcontracted) Service Provider's Period of Retention and Use: Same as above

  (Subcontracted) Service Provider (Country and Contact Information): Link
  Mobility (Germany, +49408888080)
  Date, Time and Method of Transfer: Same as above
  Transferred Items: Name, email, contact information (mobile phone number)
  (Subcontracted) Service Provider's Purpose of Use: Sending of emails and text messages
  (Subcontracted) Service Provider's Period of Retention and Use: Same as above

  2. When entering into a personal information delegation agreement, the Company will separately set forth matters related to the delegation, including, but not limited to, prohibition of personal information processing for purposes other than the performance of the delegated services, technical and administrative protection measures, management and supervision of the service provider, compensation for damages and subcontracting as set forth in the agreement or other relevant documents, in accordance with the PIPA and the Company will supervise whether the service provider processes personal information in a safe manner.

  3. If there is any change in the details of the delegated services or the service provider, the Company will immediately notify such change through this Privacy Policy.
  

• Article 6 (Rights and Obligations of Data Subjects and Method of Exercise Thereof)

  1. The Data Subjects and their legal representatives may exercise the following rights related to personal information protection in their own names or in the name of children under the age of 14:
  
  (1) Request for access to personal information;
  (2) Request for correction of errors in personal information, etc. (if any);
  (3) Request for deletion of personal information;
  (4) Request for suspension of personal information processing; and
  (5) Withdrawal of consent regarding personal information.
  
  2. The rights set forth in Paragraph 1 above may be exercised in writing or via the Internet website, telephone, email address, fax, etc., and the Company will immediately take necessary measures such as verification of the identity of the relevant Data Subject as set forth in applicable laws and regulations including the PIPA.
  
  3. If a Data Subject or his/her legal representative requests correction or deletion of any error in personal information related to him/her or a child under the age of 14, the Company will not use or transfer such personal information until the request is completed and will correct the unlawful use or provision of personal information immediately upon discovery of such discrepancy in personal information.
  
  4. The rights set forth in Paragraph 1 above may be exercised through a legal representative (attorney-in-fact, agent, etc.), and in this case, a power of attorney in Annex Form No. 11 of the Notification on the Method of Processing Personal Information shall be submitted to the Company.
  
  5. All Data Subjects shall not infringe upon their own or third parties’ personal information and privacy processed by the Company in violation of applicable laws and regulations including the PIPA or the Network Act.

• Article 7 (Destruction of Personal Information)

  1. Unless the Company is required to retain personal information by laws and regulations, the Company will, in principle, destroy personal information without delay when personal information becomes unnecessary, such as when the purpose of processing personal information has been achieved.
  
  2. If the Company is required by laws and regulations to retain personal information even after the expiration of the applicable retention period or achievement of the purpose of processing personal information, the Company will store and manage such personal information separately from other personal information.
  
  3. The Company will delete electronic files containing personal information in a way that makes such personal information irrecoverable and will shred or incinerate and safely dispose printouts containing personal information.

• Article 8 (Measures to Ensure Safety of Personal Information)

  The Company will take technical, administrative and physical measures necessary to ensure security, including the following measures, in accordance with the PIPA:
  
  1. Administrative measures: implementation and operation of an internal management plan for personal information, minimization of employees who process personal information, training of such employees, etc.;
  
  2. Technical measures: security measures using technologies, such as encryption of personal information, installation of security devices, preventive measures against forgery and alteration of access records, preventive measures against computer viruses by installing and operating vaccine programs, etc.; and
  
  3. Physical measures: restriction and control of access to the computer room, data storage room, etc.

• Article 9 (Additional Use and Provision of Personal Information)

  The Company may use or provide personal information to the extent that is reasonably related to the original purpose of collection by considering whether there is any disadvantage to the Data Subjects, whether necessary measures to ensure security, such as encryption have been taken, etc.
  in accordance with the PIPA.
  
  The specific considerations are as follows, and the Company will carefully determine whether to use and provide personal information by comprehensively taking into account applicable laws and regulations including the PIPA, purpose of use and provision of personal information, methods of using and providing personal information, items of personal information to be used and provided, details of consent given by the Data Subjects or matters notified or disclosed to the Data Subjects, if any, impact of use and provision on the Data Subjects and measures taken to protect relevant information:

  • Whether the use or provision of personal information is related to the original purpose of collection;
    
  • Whether the additional use or provision of personal information is foreseeable in light of the circumstances in which personal information is collected or practices of processing personal information;
    
  • Whether the interests of the Data Subjects are unduly infringed; and
    
  • Whether necessary measures have been taken to ensure safety, such as pseudonymization or encryption.
• Article 10 (Installation, Operation and Refusal of Automatic Personal Information Collection System)

  1. The Company uses “cookies” to store and load user information to provide optimized information to website users by collecting and analyzing the types of visits to and use of its website and the number of users.
  
  2. Users of the website may choose whether or not to install cookies, and accordingly, users may change their options in the web browser to choose whether to allow the saving of all cookies, to confirm the same each time cookies are saved or to refuse the saving of all cookies.

• Article 11 (Chief Privacy Officer)

  Pursuant to the PIPA, the Company has appointed the following chief privacy officer (the “Chief Privacy Officer”) and working-level personnel to protect personal information and handle complaints related to personal information:
  
  1. Chief Privacy Officer
  Name: Bong-Jo Kim
  Department: IT Department (Information System Division), Head
  Contact information: KR-EXP-Privacy@dhl.com
  
  2. Department in charge of personal information protection
  Department: IT Department (Information System Division)
  Telephone: 02-710-8368
  Contact information: KR-EXP-Privacy@dhl.com

• Article 12 (Installation and Operation of Visual Information Processing Devices)

  The Company installs and operates visual information processing devices (“CCTVs”) as follows:
  
  1. Grounds and purposes of installing CCTVs: to ensure the safety of the Company’s equipment (safety of facilities), to prevent fire, to prevent crime, etc.
  
  2. Number of CCTVs installed, area of installation and scope of recording: The number of CCTVs installed is 996, CCTVs are installed inside and outside major facilities operated and managed by the Company, including lobby, entrance and emergency exit, and all areas of the major facilities are recorded.
  
  3. Responsible manager, department in charge and person with the right to access visual information: The Company has the following responsible manager to protect visual information and handle complaints related to personal visual information:

  Classification: Responsible Manager
  Name: Manager of each service center
  Title: Head of Center
  Department: Business Affairs Department
  Contact Information: Main number of each service center

  Classification: Person with access rights
  Name: Manager of each service center
  Title: Head of Center
  Department: Business Affairs Department
  Contact Information: Main number of each service center

  4. Recording time, retention period, place for storage and method of processing visual information:
  

  • Recording time: 24 hours
    
  • Retention period: 30 days (30 days for CCTVs installed at sales service branches)
    
  • Place for storage: The recorded visual information is stored in a separate place with a lock located at each facility operated and managed by the Company.
    
  • Method of processing: The Company records and manages matters concerning the use of personal visual information for other purposes, provision to a third party, destruction, requests for access, etc. and permanently deletes (shreds or incinerates in the case of printouts) personal visual information in an irrecoverable manner upon expiration of the retention period.

  5. Method of verifying visual information and place of verification: You may verify visual information by requesting the person responsible for the maintenance and repair of each facility, and such information may be verified at a separate place of each facility with a lock. (If a customer or a third party who is not the Company’s responsible manager or employee requests access to visual information, such visual information may be provided and verified
  after obtaining final approval from the Chief Privacy Officer.)
  
  6. Measures taken upon the Data Subject’s request for access to visual information, etc.: If you wish to access, confirm the existence of or delete visual information, you may request the Company at any time; provided, however, that the foregoing shall be limited to footages that record your visual information and any visual information that is clearly necessary for the urgent need to protect the life, body or property of the Data Subject. If you request access to, confirmation of the existence or deletion of visual information, the Company will take necessary measures without delay.
  

  However, the Company may refuse to take such measures despite the request for access to, confirmation of the existence or deletion of visual information in any of the following events, in which case the Company will notify the reason for refusal in writing, etc. within 10 days:
  

  • If visual information has been destroyed due to the lapse of the retention period;
    
  • If access to or disclosure of visual information is likely to infringe upon privacy of others;
    
  • If the request causes serious disruption to criminal investigation, maintenance of public prosecution, proceeding with a trial, etc.; or
    
  • If there is any other justifiable reason to refuse your request for access, etc.

  7. Technical, administrative and physical measures to protect visual information: The Company is taking security measures required by the PIPA and other applicable laws and regulations, including the following:

  Technical measures
  - The Company is applying technical controls to prevent access by unauthorized users.
  - The Company is carrying out monitoring to prevent accidents that may occur inside and outside the Company.
  
  Administrative measures
  - The Company strictly prohibits arbitrary access, reproduction, removal, etc. of information recorded and collected by CCTVs.
  - The Company complies with administrative protection measures under this Privacy Policy.
  
  Physical measures
  - CCTV recording equipment is kept separately in a designated restricted area, and access to such area is strictly controlled.
  

• Article 13 (Remedies for Infringement of Rights)

  In order to seek remedies for personal information infringement, the Data Subjects may apply for consultation with the Personal Information Dispute Mediation Committee, the Personal Information Infringement Reporting Center under the Korea Internet & Security Agency, etc.
  
  Please contact the following institutions for other reports and consultations on personal information infringement:
  
  1. Personal Information Dispute Mediation Committee: 118 (no area code required)
  2. Information Protection Mark Certification Committee: +82-2-580-0533~4
  3. Cyber Crime Investigation Team of the Supreme Prosecutors’ Office: +82-2-3480-3573
  4. Cyber Terror Response Center of the National Police Agency: +82-2-1566-0112
  

• Article 14 (Amendments to Privacy Policy)

  This Privacy Policy shall take effect from the effective date. If any addition, deletion or correction is made to this Privacy Policy pursuant to applicable laws and regulations and the guidelines on the provisions of this Privacy Policy, the Company will disclose such amendment in the manner prescribed by applicable laws and regulations.

  ※ History of establishment and amendment of this Privacy Policy

  No. 1 - December 29, 2017 - Established the Company's Privacy Policy
  No. 2 - December 15, 2018 - Reflected changes in service providers
  No. 3 - September 1, 2021 - Added Article 12 and reflected changes in service providers pursuant to the amended PIPA
  No. 4 - October 6, 2021 - Reflected changes in service providers

• DHL Express
  • DHL Express Personal Information Management Policy (English)

    pdf 1.2 MB
  • DHL Express Personal Information Management Policy (Korean)

    pdf 1.7 MB
• DHL Global Forwarding
  • DHL Global Forwarding Information Management Policy

    pdf 344.5 KB
  • DHL Global Forwarding Commercial Law

    pdf 265.5 KB
• DHL Supply Chain
  • DHL Supply Chain Information Management Policy

    pdf 273.4 KB