1. Personal data that we collect
Tata Daewoo collects your name, email address, company name, country you located, country of business interests and inquiry details (attachments if any) to understand who you are as you inquire about our services through this website or by contacting us by phone, email or other electronic means, or in writing.
2. How we use your personal data
We can only use your personal data if we have the legal basis to do so. We only use your data for one or more of these reasons:
· To fulfil a contract we have with you, or
· If we have a legal duty to use your data for a particular reason, or
· When we get your consent to use it.
· To respond to your inquiries;
· To provide services to you including customer services issues;
· To manage users for our services, analyze, develop, provide and improve our services;
· Legal obligations: We may be required to use and retain personal data for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud. We may also use personal data to meet our internal and external audit requirements and for information security purposes, and to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.
We endeavor to collect only such information that is reasonably necessary to perform services for you or to respond to your inquiries. You are responsible for ensuring that the information you provide is accurate, complete and current.
3. With whom we share personal data and why
Tata Daewoo shares or discloses personal data when necessary to provide services or conduct our business operations. Tata Daewoo may, with your consent, disclose information about you to third-parties – affiliated and unaffiliated. For example-
a) With affiliate companies: Our businesses around the world are supported by a variety of affiliate teams and functions, and personal data will be made available to them if necessary for the provision of services, sales and marketing, customer and technical support, and business and product development. All of our employees and contractors are required to follow our data protection and security policies when handling personal data.
c) Third parties: We collaborate with third parties around the world who are our distributors in the countries of your inquiry for any support needed. (Information on our distributors is available at https://daewootruck.com/globalnetwork/). We may share your personal data with third parties upon your explicit consent to share your data as such or upon your request for such sharing. We share all contents of your inquiry, including your name, email address, company name, countries of business interests, and the specific details of your inquiry, which will be transferred via network at the time of service use, for the purpose of ensuring that you are assisted with the necessary, detailed consultation. We destroy your personal data without delay once this purpose is achieved.
d) Service providers: We may share your personal data with companies that provide services on our behalf, such as, by developing and operating systems for our website. Personal data may be made available to these entities only when necessary to fulfil the services they provide to us. Service providers are not permitted to share or use personal data we make available to them for any other purpose than to provide services to us.
e) Third parties for legal reasons: We will share personal data when we are legally obligated to share your information, such as under:
· Legally binding requests from government agencies, including law enforcement and other public authorities, which may include such authorities outside your country of residence;
· Obligation to transfer your information in the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
4. How we secure personal data
Tata Daewoo uses appropriate technologies and procedures to protect your personal data in accordance with PIPA. Our information security policies and procedures are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. For example,
- We protect users' personal data using a password, and employs a security device (SSL Secure Socket Layer) that can safely transmit personal data on the network using an encryption algorithm. - We are equipped with a firewall and intrusion detection/blocking system in preparation for external intrusions such as hacking, and through this, unauthorized access from outside is controlled. - We use a virtual private network (VPN) separated from the public network in exchanging personal data in different locations (Gunsan, Seoul, India). - We have a separate user authentication server, and all passwords are one-way encrypted and stored. - We are taking measures to prevent forgery and falsification, such as keeping access records to the personal data processing system and taking backup measures in order to respond to incidents of personal data infringement. - We specify the purpose of outputting personal data (printing, screen display, file creation, etc.) in the personal data processing system, and minimizes the output items according to the purpose. In addition, personal data is masked to block unauthorized access by employees. - When an authorized employee prints personal data on paper or copies it to a removable storage device such as a diskette or compact disk, we take measures to obtain prior approval from the person in charge of management. The same applies to printing, reprinting or copying from a copy.
We also have in place administrative and managerial measures to further secure your personal data:
- We limit access to users' personal data to a minimum number of people and control access to storage of personal data, such as data processing room and data room . - We will change or cancel the access right of the personal data processing system without delay when the personal data handler is changed. In this case, a record of the authorization, change or termination is recorded, and the record is kept for at least 5 years. - We set up the personal data processing system and personal data handler's PC, in order not to disclosed to unauthorized persons through the Internet homepage, P2P, sharing settings, etc. - When we collect, use, and destroy personal data, it leaves the basis for the purpose of collection, period of use, items of information used, and destruction according to the standards recommended by relevant laws and regulations. In this regard, internal processes are stipulated. - We conduct regular in-house and outsourced training for employees who handle personal data on acquisition of new security technologies and obligations to protect personal data. - We prepare internal procedures to prevent information leakage by humans through the security pledge of all executives and employees and to monitor the implementation of the personal data protection policy and the compliance of the employees. - When personal data handlers' joining and leaving the company, we take over the duties of personal data handlers thoroughly while maintaining security, and clarifies responsibility for personal data - We do not mix and store personal data and general data, but separates them through a separate server
6. Children under 13 years of age
No parts of our products or services are directed to or designed to attract anyone under the age of thirteen (13). We do not knowingly collect or maintain personal data from any person under the age of thirteen. If you are under the age of thirteen, please do not provide us with your personal data. If you are a parent of someone under the age of thirteen, please do not provide us with their personal data.
7. Your rights and your personal data
We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal data. Your rights can be directly exercised through telephone, email, or by post.
In such cases, we may need you to respond with proof of your identity before you can exercise these rights.
· The right to access information: At any point you can contact us to request the information we hold on you.
· The right to correct and update the information: If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.
· The right to have your information erased: If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request, we will confirm whether the data has been deleted or the reason why it cannot be deleted (for example because we need it to comply with our legal obligations).
· The right to object to processing: You have the right to request that we stop processing your data. Upon receiving the request, we will contact you and let you know if we are able to comply or if we have legal grounds to continue to process your data. Upon such legal grounds, we may continue to hold your data even after you exercise your right to object. · The right to withdraw your consent to the processing at any time for any processing of data to which consent was sought.
· The right to lodge a complaint with the Chief Privacy Officer.
8. How long do we keep your personal data?
We retain personal data for as long as we reasonably require it for legal or business purposes. In determining data retention periods, Tata Daewoo takes into consideration applicable laws, contractual obligations, and the expectations and requirements of our customers. When we no longer need personal data, we delete or destroy it without delay in an irreversible manner.
Under legal obligations, personal data may be retained in some cases as follows, even after the relevant business purpose has been achieved:
- Records on transactions (i.e., contractual history, order cancellations/refunds, payments, and supply of its product) with users: 5 years
- Records on the processing of consumer complaints/dispute resolution with consumers: 3 years
- Records of the subscriber’s (i.e., users’) telecommunications in any means (i.e., date/time, duration, frequency of telecommunications): 12 months
- Logs on the users’ use of the Internet (e.g., web/app): 3 months.
Effective Date: [2022.10.31]