Your privacy is important to BHEVS and its subsidiaries and affiliates (collectively, “BHEVS” “we,” “us” or “our”), as is your trust in BHEVS’s products and services.

Article 1 (Purpose of Processing Personal Information)

• The company processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following, and if the purpose of use is changed, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
  • - Inquiry Handling for Products: Personal information is collected for the purpose of confirming product inquiries.
  • - You may refuse to consent to the collection and use of personal information, but if you refuse, you may not receive responses to product inquiries.

Article 2 (Period of Processing and Retention of Personal Information)

• ① The company processes and retains personal information within the period specified by law or the period of retention and use agreed upon when collecting personal information from the data subject.
• ② The period of processing and retention of each personal information is as follows:
  • - Personal information related to handling complaints and related matters is collected and used for <3 years> from the date of consent for the purpose of use mentioned above.
  • - Basis of retention: Consent of the data subject

Article 3 (Items of Personal Information Processed)

• ① BHEVS collects no information other than the name of the product inquiry contact person and email.

Article 4 (Matters concerning the Provision of Personal Information to Third Parties)

• ① The company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information), and provides personal information to third parties only when the consent of the data subject or special regulations of the law, such as Articles 17 and 18 of the Personal Information Protection Act, are met.

Article 5 (Matters concerning Entrustment of Personal Information Processing)

• ① The company entrusts personal information processing tasks as follows to ensure smooth personal information management.
• ② When entering into an entrustment contract, the company specifies matters such as the prohibition of processing personal information beyond the intended purpose of entrustment, technical and managerial protective measures, restrictions on re-entrustment, and management and supervision of the trustee's handling of personal information, as well as liability for damages in the contract or other documents, in accordance with Article 26 of the Personal Information Protection Act.
• ③ In the event of changes in the content of the entrusted tasks or the entrusted party, such changes will be promptly disclosed through this Privacy Policy.

Article 6 (Procedure and Method of Personal Information Destruction)

• ① <Personal Information Processor's Name> shall promptly destroy the relevant personal information when it becomes unnecessary due to the expiration of the retention period of personal information or the achievement of the processing purpose.
• ② If personal information must be retained in accordance with other laws despite the expiration of the consented retention period or the achievement of the processing purpose, the personal information shall be transferred to a separate database or stored in a different location.
• ③ The procedure and method of personal information destruction are as follows:
  • - Procedure of Destruction: The personal information manager selects the personal information for destruction, and with the approval of the personal information protection manager, proceeds to destroy the personal information.
  • - Method of Destruction: The personal information manager ensures that electronically recorded personal information is irreversibly destroyed, while personal information recorded on paper documents is shredded or incinerated for destruction. Technical methods that render electronic information irretrievable are employed for electronically recorded information.

Article 7 (Rights, Duties, and Methods of Exercise of Rights of Information Subjects and Legal Representatives)

• ① Information subjects may exercise their rights to access, correct, delete, or request the suspension of processing of personal information from the company at any time.
• ② The exercise of rights under paragraph 1 may be made in writing, by electronic mail, facsimile transmission (FAX), etc., pursuant to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the company shall promptly take measures accordingly.
• ③ The exercise of rights under paragraph 1 may be made through a legal representative of the information subject or a delegate. In this case, a power of attorney in accordance with the Form No. 11 attached to the "Guidelines for Personal Information Processing Methods (No. 2020-7)" must be submitted.
• ④ The rights of information subjects may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act.
• ⑤ Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection subject under other laws.
• ⑥ The company verifies whether the requester of access, correction, deletion, or processing suspension is the information subject or a legitimate representative when fulfilling requests based on information subject rights.

Article 8 (Measures for Ensuring the Security of Personal Information)

The company takes the following measures to ensure the security of personal information:

• ① Establishment and Implementation of Internal Management Plans
  • - Internal management plans are established and implemented to ensure the secure processing of personal information.
• ② Minimization and Education of Personnel Handling Personal Information
  • - Employees handling personal information are designated and limited to minimize and manage access to personal information.
• ③ Regular Internal Audits
  • - Regular internal audits (once per quarter) are conducted to ensure the security of personal information handling.
• ④ Access Restriction to Personal Information
  • - Access controls are implemented for database systems handling personal information, including the granting, modification, and revocation of access permissions. Intrusion prevention systems are used to control unauthorized access from external sources.
• ⑤ Storage and Prevention of Tampering of Access Records
  • - Access records for personal information processing systems are stored and managed for a minimum of 1 year. However, for cases involving personal information of more than 50,000 individuals or processing of unique identifiers or sensitive information, records are stored and managed for at least 2 years. Security features are used to prevent tampering, theft, or loss of access records.
• ⑥ Encryption of Personal Information
  • - User personal information, including passwords, is stored and managed using encryption methods to ensure that only the individual can access it. Additional security measures, such as encryption of files and transmitted data or the use of file locking functions, are employed for important data.
• ⑦ Technical Measures against Hacking and Other Threats
  • - Security programs are installed, regularly updated, and checked to prevent leakage or tampering of personal information due to hacking, computer viruses, etc. Systems are installed in restricted access areas and monitored and blocked both technically and physically.
• ⑧ Access Control for Unauthorized Persons
  • - Physical storage locations containing personal information are separately managed with established access control procedures.

Article 10 (Installation, Operation, and Refusal of Devices for Automatically Collecting Personal Information)

• ① We use "cookies" to store and retrieve usage information periodically in order to provide individualized customized services to users.
• ② Cookies are small pieces of information sent by the server (HTTP) operating the website to the user's computer browser, and they may be stored on the hard drive of the user's PC.
  • - Purpose of using cookies: Cookies are used to understand the usage patterns of users on each service and website visited, popular search terms, and secure access status in order to provide optimized information to users.
  • - Installation, operation, and refusal of cookies: Users can refuse to store cookies by adjusting the options in the Tools > Internet Options > Privacy menu of the web browser.
  • - Refusal to store cookies may cause difficulties in using customized services.

Article 11 (Criteria for Additional Use or Provision)

In accordance with Article 15(3) and Article 17(4) of the Personal Information Protection Act and Article 14-2 of the Enforcement Decree of the Personal Information Protection Act, the company may use or provide personal information additionally without the consent of the information subject. In order to use or provide personal information additionally without the consent of the information subject, the following factors were considered:

• ① Whether the additional use or provision of personal information is relevant to the original collection purpose.
• ② Whether there is predictability regarding the additional use or provision based on the circumstances of the information collection or processing practices.
• ③ Whether the additional use or provision of personal information unduly infringes on the interests of the information subject.
• ④ Whether necessary measures, such as anonymization or encryption, have been taken to ensure security.
  • ※ Criteria for consideration of additional use or provision should be autonomously determined and disclosed by the business/entity itself.

Article 12 (Matters Concerning the Personal Information Protection Manager)

• ① The company takes overall responsibility for personal information processing, including the appointment of a personal information protection manager to handle complaints from information subjects and provide remedies for damages related to personal information processing.
  • o Personal Information Protection Manager:
    • - Name: Jinsup Park
    • - Contact: +82 2-6911-5701
    • - Email: jinsup.park@bhevs.co.kr
  • o Personal Information Protection Department:
    • - Department: Global Information Center
    • - Person in Charge: Hanheum Cho
    • - Contact: +82 2-6911-5722
• ② Information subjects can contact the personal information protection manager and department for all inquiries, complaints, and remedies regarding personal information protection arising from the use of the company's services (or business). The company will promptly respond and handle inquiries from information subjects.

Article 13 (Department Responsible for Receiving and Processing Requests for Access to Personal Information)

• ① Information subjects may request access to personal information under Article 35 of the Personal Information Protection Act from the department listed below. The company will make efforts to promptly process information subjects' requests for access to personal information.
  • o Department Responsible for Receiving and Processing Requests for Access to Personal Information:
    • - Department: Strategic Planning Team
    • - Person in Charge: Jaeyup Jung (Manager)
    • - Contact: +82 2-6911-5723
    • - Email: jaeyup.jung@bhevs.co.kr

Article 14 (Remedies for Violation of Information Subject's Rights)

• ① Information subjects may apply for dispute resolution or consultation regarding personal information disputes through the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency Personal Information Infringement Reporting Center, etc., to seek remedies for damages caused by personal information infringements. Additionally, for reporting or consulting on other personal information infringements, please contact the following agencies:
  • o Personal Information Dispute Mediation Committee: 1833-6972 (kopico.go.kr)
  • o Korea Internet & Security Agency Personal Information Infringement Reporting Center: 118 (privacy.kisa.or.kr)
  • o Supreme Prosecutors' Office: 1301 (spo.go.kr)
  • o National Police Agency: 182 (ecrm.cyber.go.kr)
• ② Those who have suffered infringement of rights or interests due to measures taken by the head of a public agency or arbitrary acts in response to requests made under Article 35 (access to personal information), Article 36 (correction or deletion of personal information), or Article 37 (suspension of processing personal information) of the Personal Information Protection Act may file an administrative lawsuit in accordance with the Administrative Litigation Act.