Privacy Policy

Human Consulting Group Co., Ltd. (hereinafter "HCG") establishes and discloses this Privacy Policy to inform data subjects of the procedures and standards for processing personal information and to ensure the prompt and smooth handling of related grievances, in accordance with Article 30 of the Personal Information Protection Act.

Article 1. (Purpose of Personal Information Processing)
Personal information is processed for the following purposes. The processed personal information will not be used for any purposes other than those specified below. If the purpose of use changes, necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act, will be implemented.
① Membership registration and management
  • • Personal information is processed with the consent of the data subject to respond to inquiries about HCG's services and products and to provide related information.
② Service provision
  • • Personal information is processed with the consent of the data subject to provide services such as personnel system maintenance and payroll management.
Article 2. (Period of Retention and Use of Personal Information)
① HCG processes and retains personal information within the period of retention and use agreed upon by the data subject or as prescribed by law. The retention and use periods for each type of personal information are as follows:
② Membership registration and management: Until the website membership withdrawal.
  • • Service provision: Until the completion of the agreed-upon service and the completion of fee payment and settlement. However, in case of specific reasons, until the completion of the reason:
    • • Records related to display, advertisement, contract content, and performance: 6 months.
    • • Records related to contracts or subscription withdrawal, payment, and supply: 5 years.
    • • Records related to consumer complaints or dispute resolution: 3 years.
    • • Communications confirmation data retention: 1 year (for subscriber electronic communications date and time, start/end time, counterpart subscriber number, usage frequency, originating base station location tracking data), 3 months (for computer communications and internet log records and access location tracking data)
Article 3. (Items of Personal Information Processed)
HCG collects personal information as follows for smooth customer consultation and various service provision. You have the right to refuse consent to the collection of essential information, and you may refuse to consent to the collection of optional information. Refusal to consent to the collection of essential information may limit service use.
Service name Purpose Items Collected Retention/Use Period
Website Product inquiry and consultation - Required: Service type, company name, name, contact (company), mobile number, department, email, inquiry details, preferred consultation time, how you learned about HCG 1 year
Year-end Tax Settlement
Customer Support - Required: ID, password, name, company, general phone, mobile phone, email Until membership withdrawal or consent withdrawal
Education support - Required: Main business manager's name, mobile phone, email
- Optional: Position, department, office phone, address, application type, certificate issuance status
Service subscription period
JaDE/PO HR/Payroll outsourcing service provision - Required
ID, password, employee number, name (Korean), company name, social security number, department, position, date of joining, date of resignation
- Optional
Mobile phone number, office phone number, landline number, email, name (English, Chinese characters), gender, photo, date of birth, marital status, marriage anniversary, home address, position, title, family information, educational background, language proficiency, certification, work experience, promotion history, reward and punishment history, military service information, attendance information, location information, salary information, account information, welfare information, evaluation information, education information, recruitment information
Service subscription period
Performance Plus Performance management service provision - Required : Email, password, company name, department, manager, service usage information Service subscription period
Article 4. (Delegation of Personal Information Processing)
① HCG outsources personal information processing tasks as follows for smooth operation:
Service name Outsourced Entity Task
JaDE HR Service OCI (Chuncheon Region) Cloud service usage
PO Payroll OCI (Chuncheon Region),
KT Cloud (Mokdong Zone)
Cloud service usage
Performance Plus AWS (Seoul Region) Cloud service usage
Common Bespin Global Managed Service Provider (MSP)
S1 (SecuM) Office CCTV security
② HCG specifies in writing the prohibition of personal information processing for purposes other than the outsourced tasks, technical and administrative protection measures, re-outsourcing restrictions, supervision over the outsourced entity, and liability in case of damage as per Article 26 of the Personal Information Protection Act. HCG supervises the safe processing of personal information by the outsourced entities.
③ If there are any changes in the outsourced tasks or entities, HCG will disclose such changes through this Privacy Policy without delay.
Article 5. (Procedures and Methods of Personal Information Destruction)
① HCG destroys personal information without delay when the retention period has expired, or the purpose of processing has been achieved.
② However, in cases where personal information is required to be retained by other laws, it will be stored separately.
③ The destruction procedures and methods are as follows:
  • 1. Destruction procedures: HCG selects the personal information to be destroyed and obtains approval from the personal information protection officer before destruction. However, in the case of HR/payroll outsourcing services, the internal processing standards of the customer company apply.
  • 2. Destruction methods: Personal information recorded and stored in electronic files is destroyed to prevent recovery, and personal information recorded and stored on paper is shredded or incinerated.
Article 6. (Rights and Obligations of Data Subjects and Methods of Exercise)
① Data subjects can exercise the following personal information protection rights at any time:
  • 1. Request to access personal information.
  • 2. Request correction if there are errors.
  • 3. Request deletion.
  • 4. Request suspension of processing
② Requests for access, correction, deletion, and suspension of processing can be made to HCG in writing, via email, or fax in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act. HCG will act without delay.
③ Requests can be made through a legal representative or a designated agent. In this case, a power of attorney as per Form No. 11 of the “Public Notice on Personal Information Processing Methods (No. 2020-7)” must be submitted.
④ Requests for access and suspension of processing may be restricted as per Articles 35(4) and 37(2) of the Personal Information Protection Act.
⑤ Requests for correction and deletion cannot be made if other laws specify that the personal information must be collected.
⑥ HCG verifies the identity of the requester or the legitimacy of their representation when requests for access, correction, deletion, or suspension of processing are made.
Article 7. (Measures to Ensure the Safety of Personal Information)
① HCG takes the following measures to ensure the safety of personal information:
  • 1. Administrative measures: Establishment and implementation of internal management plans, operation of dedicated organizations, regular employee training
  • 2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and updating of security programs.
  • 3. Physical measures: Access control to computer rooms, data storage rooms, etc.
Article 8. (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)
① HCG uses cookies to provide individualized services to users. Cookies are small pieces of information sent by the server (HTTP) used to operate websites to the user's computer browser, which may be stored on the user's PC.
  • 1. Purpose of using cookies: To provide optimized information to users by identifying their visit and usage patterns on each service and website, popular search terms, and secure connection status.
  • 2. Installation, operation, and refusal of cookies: You can refuse to store cookies by setting options in the "Privacy" menu under "Tools > Internet Options" on the web browser toolbar. Refusing to store cookies may cause difficulties in using customized services.
Article 9. (Collection, Use, Provision, and Refusal of Behavioral Information)
① HCG does not collect, use, or provide behavioral information for online customized advertising.
Article 10. (Personal Information Protection Officer)
① HCG designates a Personal Information Protection Officer who is responsible for overseeing personal information processing, handling complaints, and providing remedies for data subjects. The details are as follows:
  • ▶ Personal Information Protection Officer
  • ▶ Personal Information Protection Department
② Data subjects can contact the Personal Information Protection Officer or the department in charge regarding all personal information protection inquiries, complaints, and damage relief while using HCG's services. HCG will respond and process inquiries without delay.
Article 11. (Request for Access to Personal Information)
① Data subjects can request access to their personal information under Article 35 of the Personal Information Protection Act to the following department. HCG will strive to promptly process access requests.
  • ▶ Personal Information Protection Department
Article 12. (Remedies for Infringement of Rights)
① Data subjects can inquire about remedies for personal information infringement and seek consultation from the following institutions. These institutions are separate from HCG, so if you are not satisfied with HCG's handling of complaints or need more detailed assistance, please contact them.
  • 1. Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
  • 2. Supreme Prosecutors' Office Cyber Crime Investigation Department: 1301 (www.spo.go.kr)
  • 3. Cyber Bureau of the National Police Agency: 182 (ecrm.cyber.go.kr/minwon/main)
Article 13. (Installation and Operation of Video Information Processing Devices)
① HCG installs and operates video information processing devices as follows:
  • 1. Basis and purpose of installation: Safety of HCG's facilities and fire prevention
  • 2. Number of installations, location, and shooting range: 2 cameras installed in the office of the Pangyo Center, covering entrance and office spaces.
  • 3. Manager, department, and person with access to video information: Park Young Sook, Manager, BSS Center, Pangyo Center
  • 4. Shooting time, retention period, storage location, and processing method: The video information can be requested from the center manager.
  • 5. Measures for video information protection: Establishment of internal management plans, access control, and restriction of access rights, application of safe storage and transmission technologies, storage of processing records, and prevention of forgery and alteration.
  • 6. Actions for Requests to Access Video Information by Data Subjects: Requests must be made by submitting an application for the access and confirmation of the existence of personal video information. Access is granted only if the video information involves the data subject themselves or if it is clearly necessary for the protection of the data subject's life, body, or property.
  • 7. Technical, Administrative, and Physical Measures for the Protection of Video Information: Establishment of internal management plans, access control and access rights restrictions, application of secure storage and transmission technologies for video information, storage of processing records and prevention of forgery and tampering, provision of storage facilities, and installation of locking devices.
Article 14. (Changes to the Privacy Policy)
① This Privacy Policy was revised on May 23, 2024, and will be notified at least 7 days in advance on the website in case of any additions, deletions, or modifications due to changes in government policies or security technologies.
  • - Announcement Date: May 23, 2024
  • - Implementation date: June 6, 2024