Hanwha Energy

The Company processes personal information for the following purposes. Personal information will not be used for any purpose other than those stated below. If the purpose of use changes, the Company will take necessary measures, including obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
    - Category: Reporting via Hot Line
    - Purpose of Processing: Verification of reported facts, handling of reports, and notification of processing results

The Company processes and retains personal information within the period stipulated by law or within the period of consent provided by the data subject at the time of collection.
The retention and use period for each category of personal information is as follows:

- Collected Items: Name, Email, Contact Information (Telephone or Mobile Number)
- Retention Period: From the time of reporting until the purpose is achieved (e.g., completion of report handling)

The Company does not provide personal information of data subjects to any third parties.

To ensure smooth handling of personal information, the Company outsources the following personal information processing tasks:
- Outsourced Entity: Hanwha Systems Co., Ltd.
- Outsourced Tasks: Operation and maintenance of the Company’s website
2. When concluding an outsourcing contract, the Company specifies in writing, in accordance with Article 26 of the Personal Information Protection Act, obligations regarding prohibition of using personal information for purposes other than the contracted tasks, technical and administrative protective measures, restrictions on re-outsourcing, management and supervision of the service provider, and liability for damages. The Company also monitors the service provider to ensure personal information is handled securely.
3. In the event of any changes to the outsourced tasks or the service provider, the Company will promptly disclose such changes through this Privacy Policy.

Data subjects may exercise the following rights regarding the protection of their personal information at any time:
  1-1.Request access to personal information
  1-2.Request correction of errors or inaccuracies
  1-3.Request deletion of personal information
  1-4.Request suspension of processing
2. Rights under Clause 1 can be exercised in writing, by telephone, email, or fax in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act. The Company will take prompt action in response to such requests.
3. Rights under Clause 1 may also be exercised through a legal representative or an authorized agent. In such cases, a power of attorney must be submitted in accordance with Form No. 11 of the “Notice on Methods of Processing Personal Information (No. 2023-12).
4. Requests for access to personal information or suspension of processing may be restricted in accordance with Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act.
5. Requests for correction or deletion cannot be fulfilled if the personal information is explicitly required by other laws or regulations.
6. The Company verifies that the requester is either the data subject or a duly authorized representative before processing any requests for access, correction, deletion, or suspension.

The Company processes the following personal information:
   - Category: Reporting via Hot Line
   - Mandatory Items: Name, Email, Contact Information (Telephone or Mobile Number)

1. The Company will promptly destroy personal information when it is no longer necessary, such as upon expiration of the retention period or achievement of the processing purpose.
2. If personal information must continue to be retained in accordance with other laws even after the expiration of the retention period or completion of the processing purpose, the Company will transfer such information to a separate database or store it in a different location for secure preservation.
3. The procedures and methods for destroying personal information are as follows:
   3-1.Destruction Procedure: The Company selects personal information subject to destruction and obtains approval from the Company’s Personal Information Protection Officer before proceeding with destruction.
   3-2.Destruction Method: Personal information stored in electronic files will be destroyed so that it cannot be reconstructed. Personal information recorded or stored on paper documents will be shredded or incinerated.

The Company takes the following measures to ensure the security of personal information:

1. Administrative Measures: Establishment and implementation of internal management plans, regular employee training, and other related activities.
2. Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identifiers, and deployment of security programs.
3. Physical Measures: Access control to data centers, document storage rooms, and other facilities.

1. The Company oversees and is responsible for all tasks related to personal information processing and has designated the following Personal Information Protection Officer to handle complaints, remedies, and related matters concerning the processing of personal information:
   - Personal Information Protection Officer: Executive Director, CHRO, Jun-kyu Park (seajin.lee@hanwha.com)
   - Personal Information Protection Department: Infrastructure Support Team (hecsecurity@hanwha.com)
2. Data subjects may contact the Personal Information Protection Officer or the designated department regarding any inquiries, complaints, or requests for remedies related to personal information arising from the use of the Company’s services or business. The Company will respond to and address such inquiries without delay.

Data subjects may submit a request to access their personal information in accordance with Article 35 of the Personal Information Protection Act to the following department. The Company will make every effort to ensure that such requests are processed promptly:
  - Responsible Officer: Cheol-woo Jeong, Management Diagnosis Team (cwjeong@hanwha.com)

Data subjects may seek remedies for personal information infringement by applying for dispute resolution or consultation with the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center at the Korea Internet & Security Agency.
For other reports or consultations regarding personal information infringement, please contact the following organizations. Please note that these organizations are independent of the Company and should be contacted only if you are not satisfied with the Company’s handling of complaints or if resolution through the Company is difficult:

▶Personal Information Dispute Mediation Committee: 182 (no area code) | www.kopico.go.kr
▶Personal Information Infringement Report Center: 118 (no area code) | privacy.kisa.or.kr
▶Supreme Prosecutors’ Office: 182 (no area code) | www.spo.go.kr
▶National Police Agency: 182 (no area code) | ecrm.cyber.go.kr