Privacy Policy

Human Consulting Group Co., Ltd. (hereinafter referred to as “HCG”) processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those stated below, and if there is any change in the intended use, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.

1. 1. Consultation Requests and Inquiries
   • 1) HCG processes personal information with the consent of the data subject for the purpose of responding to inquiries about HCG's services and products and providing relevant information.
2. 2. Provision of Services
   • 1) We provide maintenance services for HR systems and payroll outsourcing services.

1. HCG processes the following categories of personal information with the consent of the data subject in accordance with Article 15(1)(1) and Article 22(1)(7) of the Personal Information Protection Act.

1. HCG processes and retains personal information within the period of retention and use as stipulated by law or within the period of retention and use for which the data subject has given consent at the time of collecting the personal information.

2. The period of processing and retention of personal information for each service is as follows:

• 1) Membership Registration and Management: Until withdrawal from the website
• 2) HR System Maintenance Service: Until the completion of service provision as agreed upon with the client
• 3) Contact Us and User Support: Until 1 year from the date of inquiry and user support request, or until the request for withdrawal of consent for personal data collection and use
• 4) Retention of Communication Confirmation Data in accordance with Article 15-2 of the Protection of Communications Secrets Act
• ① Computer Communication and Internet Log Records, Access Location Tracking Data related to Service Use: 3 months

1. HCG will promptly destroy personal information without delay when it is no longer necessary, such as when the retention period has expired, or the purpose of processing has been achieved.

2. If the retention period of personal information, as consented by the data subject, has expired or the purpose of processing has been achieved, but the personal information must continue to be preserved in accordance with other laws, the information will be moved to a separate database (DB) or stored in a different location for preservation.

3. The procedures and methods for destroying personal information are as follows:

• 1) Destruction Procedure
• ① HCG selects the personal information that needs to be destroyed due to the occurrence of a reason for destruction and, with the approval of HCG's Personal Information Protection Officer, destroys the personal information.
• 2) Destruction Methods
• ① HCG destroys personal information recorded and stored in electronic file formats so that the records cannot be reproduced. Personal information recorded and stored in paper documents is destroyed by shredding or incineration.

1. The company does not use the personal information collected from users for purposes other than those intended, nor does it provide such information to third parties.

2. HCG may provide personal information to relevant institutions without the data subject's consent in the event of an emergency, such as a disaster, infectious disease outbreak, incidents or accidents that pose an imminent threat to life or physical safety, or urgent situations involving significant property loss, in accordance with the “Guidelines for Personal Information Processing and Protection in Emergency Situations” jointly announced by government agencies.

1. The company provides and entrusts personal information collected from service users to overseas entities as follows:

2. Users may refuse the overseas transfer of personal information through the company's personal information protection officer and responsible department.

3. If a user refuses the overseas transfer of personal information, the company will exclude that user's personal information from the transfer. However, in such cases, access to services where overseas data transfer is essential may be restricted.

1. HCG entrusts personal information processing tasks to third parties as follows to ensure smooth processing of personal information tasks.

1. To ensure the security of personal information, the following measures are being implemented:

• 1) Administrative Measures: Establishment and implementation of an internal management plan, operation of a dedicated organization, and regular employee training
• 2) Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, and installation and updates of security programs
• 3) Physical Measures: Access control to the computer room

1. HCG uses ‘cookies’ that store and retrieve usage information from time to time to provide users with personalized services and convenience.

2. Cookies are small pieces of information sent by the server (http) used for website operation to the data subject's browser, and they are stored on the data subject's PC or mobile device.

3. The data subject can configure their web browser options to allow, block, or set other preferences regarding cookies. However, refusing to store cookies may result in difficulties in using personalized services.

• 1) How to Allow or Block Cookies
  • ① Allowing/Blocking Cookies in a Web Browser
    • ・ Chrome: Web Browser Settings > Privacy and Security > Site Settings > Cookies and other site data
    • ・ Edge: Web Browser Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data
  • ② Allowing/Blocking Cookies in a Mobile Browser
    • ・ Chrome (Mobile): Mobile Browser Settings > Privacy and Security > Clear Browsing Data
    • ・ Safari: Mobile Device Settings > Safari > Advanced > Block All Cookies
    • ・ Samsung Internet: Mobile Browser Settings > Browsing History > Delete Browsing Data

1. The data subject may, at any time, exercise their rights (hereinafter referred to as “Exercise of Rights”) with respect to HCG, including requesting access to, correction of, deletion of, suspension of processing, or withdrawal of consent for their personal information, as well as objecting to or requesting an explanation about automated decisions.

2. The exercise of rights can be made to HCG in writing, via email, fax, or other methods in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and HCG will take action without delay.

3. The exercise of rights may also be carried out through the legal representative of the data subject or an authorized representative. In such cases, a power of attorney, in the form prescribed by Form No. 11 of the “Public Notice on the Methods of Processing Personal Information,” must be submitted.

4. The data subject's right to request access to personal information and to request suspension of processing may be restricted in accordance with Article 35(4) and Article 37(2) of the Personal Information Protection Act.

5. If the personal information is specified as a subject of collection under other laws, the data subject cannot request the deletion of that personal information.

6. If the data subject has given consent to automated decision-making, has been informed in advance through a contract, or if it is clearly stipulated by law, the right to object to automated decisions is not recognized; only requests for explanation and review are permitted.

• 1) Additionally, a request to object to or seek an explanation regarding an automated decision may be denied if there is a legitimate reason, such as the risk of unjustly infringing upon another person's life, body, property, or other interests.

7. HCG verifies that the individual exercising the rights is the data subject or a legitimate representative.

8. The exercise of rights can be directed to the following department(s) at HCG.

9. HCG will make efforts to ensure that the exercise of the data subject's rights is processed promptly.

• 1) Personal Information Protection Department
• ・ Department Name: Information Security Team
• ・ Person in Charge: Team Leader YangWon Cho
• ・ Contact: 031-8023-9051
• ・ Email: privacy@e-hcg.com

1. HCG has designated a Personal Information Protection Officer as follows, who is responsible for overseeing and managing the processing of personal information and handling complaints and remedies related to personal information processing.

• 1) Personal Information Protection Officer
  • ・ Name and Position: Executive Vice President Uk Hur
  • ・ Contact: 031-8023-9002
  • ・ Email: privacy@e-hcg.com
• 2) Personal Information Protection Department
  • ・ Department Name: Information Security Team
  • ・ Person in Charge: Team Leader YangWon Cho
  • ・ Contact: 031-8023-9002
  • ・ Email: privacy@e-hcg.com

2. The data subject may direct all inquiries, complaints, and requests for remedies related to personal information protection, arising from the use of HCG's services (or business) to the Personal Information Protection Officer and the responsible department. HCG will respond to and handle the data subject's inquiries without delay.

1. The data subject may seek remedies for personal information infringement by applying for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency (KISA), or other relevant organizations. For reporting or consultation on other cases of personal information infringement, please contact the following organizations.

• 1) Personal Information Dispute Mediation Committee: (without dialing an area code) 1833-6972 (www.kopico.go.kr)
• 2) Personal Information Infringement Report Center: (without dialing an area code) 118 (privacy.kisa.or.kr)
• 3) Supreme Prosecutor's Office: (without dialing an area code) 1301 (www.spo.go.kr)
• 4) National Police Agency: (without dialing an area code) 182 (ecrm.cyber.go.kr)

2. HCG is committed to ensuring the data subject's right to self-determination regarding personal information and strives to provide consultation and remedies for any personal information infringement. If you need to report or seek consultation, please contact the responsible department below.

• 1) Customer Consultation and Reporting Related to Personal Information Protection
• ・ Department Name: Information Security Team
• ・ Person in Charge: Team Leader YangWon Cho
• ・ Contact: 031-8023-9002
• ・ Email: privacy@e-hcg.com

1. Human Consulting Group Co., Ltd. (hereinafter referred to as “HCG”) informs you through the ‘Physical Security Guidelines’ about how personal video information processed by HCG is used and managed, including its purposes and methods.

• 1) Legal Basis and Purpose of Installing Fixed Video Surveillance Devices
  • ① HCG installs and operates fixed video surveillance devices for the following purposes in accordance with Article 25(1) of the Personal Information Protection Act.
  • ② Facility safety and management, fire prevention
• 2) Number of Installations, Installation Locations, and Shooting Range

  Number of Installations	Installation Locations and Shooting Range
  2 units	Office entrances (Seocho Center, Pangyo Center)

• 3) Person in Charge of Management and Authorized Personnel with Access

  Category	Name	Position	Department	Contact
  Person in Charge of Management	Young-Sook Park	Manager	Admin Team	02-2194-5000

• 4) Recording Time, Retention Period, Storage Location, and Processing Method of Personal Video Information

  Recording Time	Retention Period	Storage Location
  24 hours	30 days	Computer Room (Seocho Center)

  • ① Processing Method: Personal video information is recorded and managed concerning use beyond its intended purpose, provision to third parties, destruction, and requests for access. Upon expiration of the retention period, it is permanently deleted using methods that make restoration impossible (for printed materials, this means shredding or incineration).
• 5) Matters Regarding the Delegation of Installation and Management of Fixed Video Surveillance Devices
  • ① HCG delegates the installation and management of fixed video surveillance devices as outlined below and ensures that necessary provisions are included in the delegation contract to manage personal information securely in accordance with relevant laws and regulations.

  Service Provider	Contact Person	Contact Information
  S-1 (Secom)	Customer Service Center	1588-3112

• 6) Matters Regarding the Methods and Location for Accessing Personal Video Information
  • ① Method for Accessing: Personal video information can be accessed by contacting the person in charge of managing the information in advance and arranging a visit.
  • ② Location for Access: Admin Team
• 7) Measures Regarding Requests by Data Subjects for Access to Personal Video Information
  • ① If you wish to access, verify the existence of, or delete personal video information, you may make a request at any time to the operator of the fixed video surveillance devices. Please note that this applies only to personal video information in which you are featured.
  • ② HCG will promptly take the necessary actions upon receiving a request to access, verify the existence of, or delete personal video information.
• 8) Measures for Ensuring the Security of Personal Video Information
• ① The personal video information processed by this organization is securely managed through encryption and other measures. Additionally, as part of its administrative safeguards for protecting personal video information, the organization implements differential access controls and records the creation time of the personal video information, as well as the purpose, viewer, and time of access, to prevent tampering or alteration. Furthermore, physical security measures, such as locking mechanisms, are in place to ensure the safe storage of personal video information.

1. Purpose and Retention Period of Personal Location Information Processing

• 1) The company provides location-based services using users' location information received from location information providers. The purpose and retention period of personal location information for service provision are as follows.

  Service Name	Purpose of Personal Location Information Processing	Retention Period of Personal Location Information
  JaDE	Provides check-in/check-out authentication using location data for employees of contracted corporations	Until the attendance verification by the contracted corporation's attendance manager
  talenx	Provides check-in/check-out authentication using location data for employees of contracted corporations	Until the attendance verification by the contracted corporation's attendance manager

2. Basis and Retention Period for Confirmation of Collection, Use, and Provision of Personal Location Information

• 1) In accordance with Article 16, Section 2 of the Act on the Protection and Use of Location Information, the company automatically records the details of collection, use, and provision of personal location information in the location information system. These records are maintained at a level that allows for confirmation, and handling records are kept for at least six months.

3. Procedure and Method for Disposal of Personal Location Information

• 1) Personal location information is promptly deleted once the purpose of its collection and use has been fulfilled. The company follows the disposal procedure and method outlined in Article 4 regarding personal data destruction.

4. Provision of Personal Location Information to Third Parties

• 1) The company does not provide personal location information to third parties without the consent of the data subject. If third-party services involving location data provision are offered, the company will notify the data subject in advance and obtain consent regarding the recipient and purpose.

5. Notification of Third-Party Provision of Personal Location Information

• 1) When the company provides personal location information to a third party designated by the user, it will immediately notify the user via the communication device from which the location information was collected, specifying the recipient, provision date, and purpose.
  • ① If the communication device lacks text, voice, or video reception capabilities
  • ② If the user has pre-requested notification via online posting, the company will send notifications to a pre-designated device or email address.

6. Rights and Obligations of Guardians for Children Under Eight, Persons Under Legal Guardianship, or Severely Mentally Disabled Individuals

• 1) If a guardian consents to the collection, use, or provision of personal location information for the protection of a child under eight years old or a severely mentally disabled individual, it is considered as the individual's consent. The applicable individuals include:
  • ① Children under eight years old
  • ② Persons under legal guardianship
  • ③ Individuals classified as severely mentally disabled under the Welfare Act and officially registered as disabled persons
• 2) Guardians include:
  • ① A legal representative or appointed guardian for minors in protective facilities
  • ② A legal representative of a person under legal guardianship
  • ③ A legal representative or head of a government-operated facility under relevant disability and mental health laws
• 3) Guardians must submit written consent along with supporting documents proving their guardian status.
• 4) If consent is granted, guardians may exercise all rights of the location information subject.

7. Contact Information of the Location Information Management Officer

• 1) The company appoints a location information management officer responsible for protecting location data and ensuring smooth handling of complaints.
  • ① Location Information Management Officer
  • ・ Name and Position: Executive Vice President Uk Hur
  • ・ Contact: 031-8023-9002
  • ・ Email: privacy@e-hcg.com

1. We would like to inform you that the contents of the Privacy Policy are scheduled to be changed as follows. The revised Privacy Policy will take effect on February 9, 2026.