Article 1. Purpose of processing personal information

The Company processes personal information for the purposes specified below. Personal information shall not be used for any purpose other than the following and, if the purposes specified change, the Company will take the necessary measures such as seeking separate consent as per the relevant regulations, e.g., Personal Information Protection Act.

1. Manage buyer services

Identify buyers signing up as buyer members and provide customized services
  • - Purchased car info, customized manual download, car diagnosis report, and consumables exchange history Warranty repair, car check-up, service and maintenance,
emergency assistance service, and workmanship defect correction service
  • - Membership sign-up and points information. Customized benefits for buyers and benefits usage history
  • - Event participation and gift/DM delivery, service satisfaction survey
  • - Regular car check-up and service merchandise and event info
  • - Membership shoppingmall (Genesis Owner’s mall) Service

2. Provide services for leads

Test drive service and consulting for leads
  • - Professional agents contact leads, identify them, and make arrangements for a test drive
  • - Identify leads and potential buyers, professional agents contact leads and help them participate in events and benefit from consultation, send gifts/DM, and service satisfaction surveys

3. Provide services for Genesis Center visitors

Provide visitors to Genesis Centers an opportunity to experience the products and test-drive
  • - Arrange visits to Genesis Centers and test drives and conduct service satisfaction survey

Article 2. Personal Information Items

1. Items collected

  1. 1. The Company processes the following personal information items:
    • ① Genesis website member (for managing buyer services)
    • - Information for mandatory collection and usage: ID, password, mobile phone number, e-mail address, purchased car information, name, sex, date of birth, national/foreigner classification, service use history, access logs, cookies, access IP info, home address, name and relation of the legal guardian for members younger than 14 years, credit assessment institution’s identification number (I-Pin/mobile phone verification number)
    • - Optional items: Service description, service requests, service date
    • ② Customers requesting test drives/consulting/other events (service for leads)
    • - Information for mandatory collection/usage: Name, mobile phone number, e-mail
    • ③ Information for mandatory collection/usage from Genesis Center visitors: Name, phone number, e-mail, car model of interest, number of visitors
    • - Optional items: Special requests
  2. 2. If any event and additional personal information should be collected/used, the items of information collected shall be marked mandatory/optional, and the purpose of collection and duration of storage of personal information shall be communicated to the customers on the relevant page or in writing for consent.

2. During Internet service use, the following personal information items may be automatically created and collected:

IP address, cookies, service use history, visit history

3. Method of collecting personal information

  1. 1. Membership sign-up on the homepage (www.genesis.com) and service use, writing, e-mail, phone, test drive/consulting and participation in other events, etc.
  2. 2. ※ The aforementioned information includes the personal information collected as well as information updated later.

Article 3. Duration of personal information storage and use

1. The company stores and uses the personal information of the customers from the time it is collected to the time the purpose of collection and use is accomplished and destroys the same information as soon as the purpose of collection and use is accomplished.

2. Note, however, that the Company shall store the personal information of the customers if relevant regulations including the Commercial Act so require. In this case, the Company shall store the information for the purpose it is stored, and the duration of storage shall be as follows:

  • - Records of agreement or cancellation thereof: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
  • - Records of payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
  • - Records of resolving consumer complaints or disputes: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
  • - Records of collection/processing and use of credit information: 3 years (Credit Information Use and Protection Act)
  • - Records of service use, access logs, access IP information: 3 months (Protection of Communications Secrets Act)
  • ※ Based on the "personal information validity system," the personal information of members with no history of use for 1 year is separately stored.

Article 4. Providing third parties with personal information

The Company does not provide third parties with personal information of the members signing up on our website. Note, however, that exceptions apply in any of the following situations:

1. The customer has given prior consent;

2. There are special legal regulations allowing it; or

3. The investigation authorities so require as per the procedures and methods specified in the laws for investigation purposes

Article 5. Entrusting the processing of personal information

The Company entrusts part of the business required to provide services to external service providers with which the Company signs a trust agreement to ensure that they comply with privacy-related laws, protect privacy, refrain from sharing the information with third parties, assume appropriate responsibility if an incident occurs, manage the information for a set term, and return or destroy the information after the term.

※ The list of service providers may be updated as the services and agreement terms concerned change, and such will be communicated by the Company whenever this happens.

Personal information of the website members

홈페이지 회원의 개인 정보 - 위탁받는 자(수탁자), 위탁하는 업무의 내용 정보를 제공한 표입니다
Trustee Description of tasks entrusted
Nice Evaluation Information Co.,Ltd Mobile phone identity verification
Hyundai Autoever Co.,Ltd, Innocean Worldwide Co.,Ltd System maintenance/repair/development/customer data management
Hyosung ITX Co., Ltd Customer interactions
Hyundai Motor dealership Car purchase consulting
Salesforce.com,inc. , GMCom Co., Ltd Genesis Gangnam test drive/appointment DB server management, event SMS messaging
Premium Pass International Co., Ltd Winner selection and information service, e.g. guides, etc.
Hyundai Autoever SMS messaging assignment
Q Plan Event and gift sending
Markbe Corp Printout delivery
Mog Communications, Innocean Worldwide Co.,Ltd, Q Plan, Markbe Corp., Premium Pass International, GMCom Co.,Ltd, Avex Co., Ltd, Mog Communications Co., Ltd Customer event operations and information TM, mail and gift sending/delivery, event gifts (electronic), event operation
Hyundai Autoever, Dooribun Co., Ltd Participating customer event identity verification system development and operation, and DB server management and SMS delivery
auto& Genesis Owner’s mall operation in general, product inquiry response,delivery of items, event participation and winner confirmation and award provision, customer care etc.
Affiliated stores of Blue Hands, Hyundai Hicar Co., Ltd., Yeolsoekol Warranty repair, urgent service, vehicle management service and agency service for production defects correction, warranty repair on special equipment of special equipment vehicles
SKY NETWORKS Co., Ltd. Home-to-home service agent

Article 6. Personal information destruction procedure and method

In principle, the Company shall destroy any personal information whose purpose of collection and use is accomplished,
unless laws require that such information be stored.
The information destruction procedure and method are as follows:

1. Destruction procedure

  • - The personal information provided by the customer is transferred to a separate DB once the purpose of its collection and use is accomplished (separate document compartment for paper documents) and stored for the specified period of storage as per the privacy protection grounds based on internal policies and other relevant regulations and destroyed thereafter.
  • - The personal information transferred to a separate DB shall not be used for purposes other than those specified by laws.

2. Destruction method

  • - The personal information stored in electronic files shall be deleted by means of a technical method that does not allow reversal.
  • - Paper containing personal information shall be shredded or incinerated.

Article 7. Customers’ and legal representatives’ rights and exercise thereof

1. The customer or his/her legal representative (for members under 14 years of age) may withdraw consent to the Company’s collection, use, and provision of personal information at any time.

2. The customer or his/her representative may require the Company to provide access to provide and correct any error found in the representative’s or the minor’s (under 14 years of age) personal information.

3. The Customer may exercise the aforementioned right by accessing the Company’s website, verifying his/her identity and using the online personal information management menu, or offline via contacting the customer center or the Company’s personal information manager in writing or by phone or e-mail.

4. If the Customer asks the Company to correct any error found in his/her personal information, the Company shall stop using and providing the personal information concerned until the error is corrected. If such information has already been provided for any third party, the Company shall notify the third party without delay to make the necessary correction.

5. If the Customer or his/her legal representative withdraws consent (cancels sign-up), the Company shall, in principle, destroy the personal information without delay. If the relevant laws require that the information be stored, the information shall be handled as per "4. Duration of personal information storage and use" of this Privacy Policy, and the Company shall ensure that it is accessed or used only when necessary.

Article 8. Measures to ensure the security of personal information

※ Technical/Managerial security measures for personal information

To prevent loss, theft, disclosure, alteration, or damage of the customer’s personal information, the Company shall take the following technical/managerial measures:

1. Technical measures

  • ① Encryption of personal information

    The valuable personal information of our customers is encrypted in the DB so that any information disclosed due to an outside attack may not be utilized.

  • ② Communication section encryption

    When a customer signs up for membership on the website, the section of communication through which the customer information passes is protected by SSL to ensure that the customer information is secured.

  • ③ Installation of security solutions

    To ensure that our services are provided and customer information is managed in a secure manner, the Company installs anti-virus programs for the personal information processing system and regularly updates and maintains it, and applies DB encryption solutions and screen capture prevention solutions. In addition, the Company installs an intrusion blocking/detection system to protect against intrusion, e.g., hacking, and uses the integrated security management center to monitor for hacking and other intrusions.

2. Managerial measures

  • ① Establishing the personal information management system

    The Company has in place an internal personal information management system to ensure that personal information is securely managed.

  • ② Operation of the personal information protection committee

    The Company operates the personal information protection committee, which holds at least 2 meetings yearly to discuss and resolve issues related to the operation of the personal information management system and privacy.

  • ③ Responsibility of the personal information manager

    The Company has a personal information manager for the processing of personal information, who signs the personal information protection agreement and trains staff on privacy to highlight the importance of customer privacy and ensure security. In addition, the Company manages the privileges of the personal information manager to minimize access to and disclosure of customers’ personal information.

Article 9. Provisions on the installation, operation, and opt-out of the automatic personal information collector

The Company uses “cookies” to store and identify customer information frequently. Cookies are very small text files sent by the server for the Company’s website to the customer’s browser and are stored on the hard drive of the customer. The Company uses cookies for the following purposes:

1. Purpose of using cookies

  • - The Company uses cookies to analyze the customer’s website access frequency and the visit time slot as well as the customer’s interests and frequency of event participation and visit for target marketing and customized services. The customer may accept or opt out of the storage of cookies. Therefore, the customer may use the web browser options to accept all cookies or be asked about acceptance each time a cookie is stored, or opt out of all cookies.

2. How to opt out of cookies

  • - To accept or opt out of cookies, the Customer may select the corresponding web browser option to accept all cookies, be asked about acceptance each time a cookie is stored, or opt out of all cookies.
  • - If, however, the customer opts out of cookies, some services requiring log-in may become unavailable.
  • ※ Setup example (for Internet Explorer): Upper part of the web browser Tools > Internet Options > Personal Information > Advanced > Select Option

Article 10. Resolution of complaints regarding the Privacy Officer and privacy

1. To protect the customer’s personal information and resolve complaints regarding privacy, the Company has designated the following department and Privacy Officer:

Privacy Officer

  • - Name: JaeHa Park
  • - Department: Genesis Business Strategy Group
  • - Position: Director Designate
  • - Telephone: 080-700-6000

Privacy Manager

  • - Name: Soyoun Lee
  • - Department: Genesis Communication Team
  • - Position: Assistant Manager
  • - Telephone: 080-700-6000

2. The Company shall, if any customer gives input or files a complaint regarding the Company’s Privacy Policy to the customer service department or the Privacy Officer above, ensure that the issue is resolved promptly and thoroughly.

Article 11. Breach relief

In case of any personal information breach, the information subject may contact the organizations below for relief and counseling. The organizations below are independent from the Company. If you are not satisfied with the Company’s solution to the personal information-related grievances or relief measures, you may contact the following organizations:

1. Privacy Breach Report Center : privacy.kisa.or.kr / (no local code)118

2. Internet Crime Investigation Center, Supreme Prosecutors’ Office : www.spo.go.kr / 02-2480-3570

3. Cyber Security Bureau, Korean National Police Agency : cyberbureau.police.go.kr / 1566-0112

Article 12. Change of the Privacy Policy

If any part of this Privacy Policy is changed, the Company shall notify the public of the reason and description of the change in the Announcements section or on a separate window on the home page of the Company website at least 7 days in advance.

This Privacy Policy is effective as of July 2, 2019.