POSCO E&C practices ethical management that complies with the values of integrity, fairness, and trust.
This code of ethics establishes the ethical values and behavioral standards that must be preserved and developed by all POSCO Group employees by inheriting the foundational spirit of patriotism in steelmaking based on sacrifice and service while reflecting the new spirit of the times.
It is our unchanging value to establish a corporate image that can be trusted by all stakeholders with the highly prioritized value criteria of integrity, fairness, and honesty.
As a result, POSCO enacted the code of ethics in 2003 that must be adhered to by all employees, and explicitly included US Human Rights that proclaims support and respect for human life and dignity in 2014. At this time, POSCO has amended the code of ethics with tighter ethical standards according to the intent of management innovation that places the highest value on ethics in management.
All employees of POSCO Group must strictly comply with the principles of ethics and uphold the guidelines set forth by this code of ethics in all aspects of business.
This is how we all can proudly preserve the credibility of POSCO as we know it today, built on the blood, sweat, and tears of our founding members.
Principles of Ethics
Duty of Compliance with the Code of Ethics
- We must comply with related rules and regulations in all areas of the world where POSCO is conducting business operations.
- We must retain our dignity as POSCO employees and make efforts to maintain the company's reputation.
- We must preserve integrity, fairness, and trust throughout all jobs and business relations.
- We must not become engaged in activities in which there are conflicts of interests between the company and individuals.
- We must not irrationally discriminate against other employees or stakeholders based on race, nationality, gender, age, educational background, religion, region, disability, marital status, and sexual orientation, and must respect the dignity and diversity of each individual.
- We must make efforts to create a safe workplace and protect the environment.
- We must be devoted to establishing an ethical culture by taking responsibility and upholding ethical conduct.
Role and Responsibility of Employees
Employees must understand and practice all aspects of the code of ethics, and comply with domestic and international laws regarding anti-corruption as members of a global company.
1. Understanding and Complying with the Code of Ethics.
- - We must fully understand and faithfully comply with all aspects of the code of ethics.
- - Regarding situations in which there are conflicts concerning the code of ethics, decisions must be made after consulting with the department head or the Ethics Management Office.
- - We must take responsibility for unethical conduct.
2. Reporting and Consulting Unethical Conduct
- - If we find out that our or others' behavior conflicts with the code of ethics, we must immediately report to and consult with the department head or the Corporate Audit Department.
- - We must be aware of various methods to report or consult about cases in which there are conflicts over the code of ethics.
3. Role and Responsibility of the Leader
- The leader must perform a key role in enhancing the competitiveness of the company by preventing and eradicating unethical conduct through ethical compliance.
- - Decision-making : The leader has the obligation to make decisions with ethics being the top priority whenever the company's benefits conflict with ethics
- - Operational accountability : The leader possesses unlimited liability in unethical conduct, and must take supervisory responsibility in case of unethical conduct by his or her subordinates
- - Job performance : The leader strictly abides by the law, does not pursue private interests, is devoted to creating corporate values, and does not deal with corrupt stakeholders.
- - Elimination of favors and solicitations :The leader aims to eliminate all forms of favors and solicitations and eliminates business influence in relation to outsiders.
- - Respect for humans : The leader strives to eliminate conduct that impairs respect for fellow humans such as sexual harassment and verbal abuse in the organization.
- - Practical activities : The leader is devoted to increasing the level of ethical practice to that of world-class levels by taking the initiative in operating the 'Ethical Practice Programs'.
The leader must also prevent unethical conduct of members, and take the following measures in case of such conduct.
- - Training and counseling on ethics
- (1) The leader must provide training and counseling on ethics for relevant staff.
- (2) The leader must have relevant staff understand the importance of compliance with the code of conduct and practice of ethical conduct.
- - Precautions for unethical conduct
- (1) In case of unethical conduct that occurs habitually, the leader must isolate the cause, improve the process, and fundamentally take preventive measures.
- (2) The leader must report to or consult with the Corporate Audit Department immediately after receiving a report that a member has violated the code of ethics
Penalty for Violation of the Code of Ethics
Employees violating the code of ethics may receive certain penalties including dismissal according to related regulations. Penalties against violating the code of ethics will apply to all related parties, and if the violation also violates the law, the parties will be reported to the competent authority. In particular, the zero tolerance policy is applied to unethical conduct such as accepting bribes, embezzlement, fabrication of information, and violation of sexual ethics.
Conduct Subject to Penalty
- - If one has violated the code of ethics or demanded others to do so
- - If one has not immediately reported a violation of the code of ethics that he or she is aware of or is skeptical about
- - If one does not cooperate with the investigation of the Corporate Audit Department regarding matters that may have violated the code of ethics
- - If one takes retaliatory action against other employees who reported an issue regarding ethical management
1. Practice of Ethics and Compliance with Law
As a global enterprise, we will nurture ethical corporate culture by performing management activities faithful to basic principles and complying with laws and ethics.
① Money and Other Valuables
- 1. Money and other valuables mean money (e.g. cash, gift certificates, and memberships) and things that can bring economic benefits.
- 2. By all means, employees must not demand or receive money and valuables from stakeholders. However, this does not include gifts for promotion or publicity that do not exceed 50,000 KRW, souvenirs with the company's logo, and souvenirs generally provided by all participants of the events hosted by stakeholders.
- 3. If employees had no choice but to receive a gift or souvenir with a value exceeding KRW 50,000, they must return it immediately. If it is difficult to return it, they must report it to the Corporate Audit Department. The Corporate Audit Department must process the received gift and souvenir according to a method specified separately.
- 4. If money and other valuables were received unknowingly or involuntarily, such money and valuables should be returned, or if not returnable, should be reported to the Corporate Audit Department.
- 1. Entertainment means a variety of activities carried out for the purpose of business networking and business meetings including meals, drinks, golf, shows and games.
- 2. Employees must not exchange in forms of entertainment with stakeholders that exceed 100,000 KRW per person. If this is required due to the nature of the business, employees must obtain approval from their department head in advance. If they have inevitably participated in a form of entertainment that exceeds 100,000 KRW, they must report to the Corporate Audit Department. Entertainment at drinking places with hosts/hostesses is prohibited regardless of the amount.
- 1. Convenience means provision or receipt of benefits such as transportation, accommodation, sight-seeing and support for an event.
- 2. Employees may participate in any event that is held by a stakeholder or paid, whether in part or all, by a stakeholder only after obtaining prior approval of their department head
- 3. The department head must decide whether to approve participation by considering the business case, including consideration of interests and costs.
- 4. Provision or receipt of convenience exceeding customary level whether transportation or accommodation is prohibited, except for the convenience generally provided to all participants in the event.
- 5. When employees take a business trip, they must not receive any convenience accompanying the financial burden of a stakeholder, including transport and accommodation. However, employees may receive conveniences, such as a stakeholder's corporate vehicle or accommodation, provided that it is difficult to use public transportation or they are not familiar with the area.
- 6. In the event that entertainment exceeding customary level was received or provided unavoidably, such activity should be reported to the Corporate Audit Department.
④ Congratulatory or Condolatory Money
- 1. Employee should not notify his or his co-worker's congratulatory or condolatory event to interested parties. Notification through a third party will be deemed notification by the employee himself/herself.
- 2. Information on congratulatory or condolatory event should be provided through the congratulatory/condolatory bulletin board, and use of work e-mail or sending out a written notice (wedding invitation or obituary notice) for such purpose is prohibited. The permitted scope of the relatives for the purpose of notification of congratulatory or condolatory event is limited to the employees (except inside and outside director of board members) or their spouses' grandparents, parents and children.
- 3. Employees are encouraged not to spend more than 50,000 KRW, which is a generally accepted amount based on social customs, as expenditure for congratulations and condolences among employees.
- 4. In no event employees may receive any congratulatory or condolatory money from an interested party. In the event that any congratulatory or condolatory money was received unavoidably, the money should be returned to the provider or forwarded to the Corporate Audit Department.
- 5. Upon the request of the Corporate Audit Department, employees and executives should submit a record relating to the congratulatory or condolatory money received from and returned to the interested party.
- 6. One should not receive congratulatory or condolatory wreath from the interested party. In the event that the wreath was received unavoidably, it should not be displayed.
- 7. Executives and employees will not throw an extravagant wedding at an expensive venue such as a five star hotel.
- · Request for special favors in equipment/material purchasing and various contracts
- · Request for preferential treatment and special favors in various personnel affairs such as employment, promotions, rewards and punishment, and change of assignment
- · Request for preferential treatment such as excessive conveniences and favors beyond conventional procedures
- · Request for negligence in management and supervision such as inspection or repair
⑥ Flower and Wreath
- 1. Flowers and wreathes mean a flower product made from ornamental plants or from artificial or real flowers, and which are used as gifts to celebrate promotions and transfers.
- 2. Any flower or wreath provided by an internal or external stakeholder with regard to personnel appointments such as promotion and transfer must be returned immediately with a letter attached.
- 3. If a stakeholder notifies an employee of their intention to send a flower/wreath in advance, they must actively strive to prevent the stakeholder from sending it by, for example by expressing a rejection.
- 4. If it is difficult to return the flower/wreath, the employee must report it to the head of their department, and the case must be transferred to and handled by the Corporate Audit Department.
- 5. Employees may receive a flower/wreath sent from friends and acquaintances other than stakeholders.
- 6. The competent department to which a flower/wreath was transferred must process it depending on the situation, including donations, public use and sales by auction, and send a letter to the sender of the flower/wreath.
⑦ Lecture Fee
- 1. A lecture fee means the money employees have received as a reward for lecturing at a company, institution, or group other than our company.
- 2. If a lecture utilizes knowledge obtained in line of duty or is held outside the company during business hours, employees must accept a request for such lecturing only after obtaining prior approval from the department related to the content of the lecture.
- 3. It is to utilize the asset of company when employees give a work related lecture as part of business. For this reason, if they receive any such lecture fee, they shall report it to the head of their department, and 50% of the lecture fee shall be recognized as personal income of the lecturer and the remaining 50% shall be sent to the Corporate Audit Department.
- 4. The entire amount of a lecture fee from any lecture conducted personally on a non-business day, unrelated to their company duties shall be recognized as personal income.
- 5. The sent lecture fee will be donated by the Corporate Audit Department to a social welfare group in the name of the lecturer.
⑧ Pecuniary Transactions
- 1. One should not engage in pecuniary transactions with an interested party such as lending or borrowing of money, providing a guarantee, or leasing of a real estate.
- 2. In the event one had to enter into a pecuniary transactions with an interested party unavoidably, it should be reported to the Corporate Audit Department.
⑨ Support for Events
- 1. One should not receive any support from an interested party, whether money or other valuables, in relation to any event organized by the department or as company extracurricular activities.
- 2. Any form of convenience received from an interested party such as transportation, venue or services in relation to such event will be deemed receipt of money or other valuables for the event.
- 3. In the event that the interested party's support to an event was received unavoidably, it should be reported to the Corporate Audit Department.
⑩ Inappropriate Use of Budget Resources
- 1. One should not use budget resources (such as meeting expenses and business promotion expenses) for personal purposes.
- 2. As a general rule, company expenditure should be paid by a corporate credit card in accordance with the purpose of the budget and the guidelines prescribed by law.
⑪ Protection of Information and Assets
- 1. One should strictly protect confidential or important information of the company.
- 2. One should relay important information that comes to one's attention promptly to the person who needs to know such information for performance of his job.
- 3. One should not fabricate information or disseminate false information.
- 4. One should refrain from using company supplies and facilities for purposes not directly related to work.
⑫ Compliance with Antitrust Laws
- 1. One should comply with relevant international and local antitrust laws and not engage in anti-competitive practices such as collusion with competitors with respect to production, prices, bidding or market segmentation.
- 2. One should not demand any form of compensation or make inappropriate request to customers or business partners using one's dominant position.
- 3. One should respect the rights and property of others including their intellectual property rights, and should not try to enter into transactions or make profits by infringing upon such rights.
- 4. One should legitimately obtain and use other company information including competitor's information.
2. Employees and Executives' Work Life Balance
We will pursue personal growth and corporate development by maintaining work and life balance, and create a happy workplace by establishing a corporate culture of mutual respect.
① Pursuit of Work Life Balance
- 1. We will try to improve the quality of life of the executives and employees by providing benefits helpful for maintaining stable life.
- 2. We will support executives and employees to achieve their individual visions, and allow them flexibility in terms of the time, places and methods in performing the work.
② Provision of Opportunity for Education and Growth
- 1. We will organize work environment and systems where creativity can be enhanced.
- 2. We will support executives'and employee's education and participation in development programs such that they can fully develop their potentials.
③ Fair Evaluation and Compensation
- - We will make impartial and systematic evaluation system of the executives and employees based on their individual competency and performance and provide appropriate compensation therefor.
④ Creation of Healthy Organizational Culture
- 1. Executives and employees will work for open corporate culture through open communication.
- 2. Executives and employees will remove barriers between departments and pursue cooperative atmosphere.
3. Creation of Customer Value and Building Trust
Recognizing that customers' trust and success is the future for us, we will always respect customers' opinions, understand customers and create values that are helpful for customers' growth.
① Realization of Customer Satisfaction
- 1. We will perform customer-oriented work where the voice of customers is heard and respected.
- 2. We will actively accommodate customer's legitimate demand and reasonable suggestions.
② Creation of Customer Value
- 1. We will satisfy customer's needs by providing the best products through continuous technology development.
- 2. Executives and employees will try to understand the domestic and overseas market situation and develop service mind that respects customers' culture and practices.
③ Obtaining Customer Trust
- 1. We will pay due attention to the safety and health issue of the customers in our management activities, and not provide any product or service that might threaten customer's safety and health.
- 2. We will protect customer information and comply with relevant laws and regulations.
- 3. We will provide accurate information to customers on a timely basis.
4. Duty of Good Faith and Fair Dealings Toward Investors
We will maximize investors' values by realizing legitimate profits through transparent decision making and effective management activities.
① Pursuit of Increased Shareholder Value
- - We will make profits through transparent decision making and efficient management, and increase corporate and shareholder value at the same time.
② Impartial Provision of Investment Information
- 1. We will not provide information that might affect the decision making of investors to only certain investors, nor provide partial information.
- 2. We will not directly trade stocks or securities nor recommend trading to others using insider information obtained while working for the company.
③ Transparent Calculation and Provision of Financial Information.
- 1. We will process all financial information based on accurate transactions records implementing appropriate process and control.
- 2. We will prepare financial reports in accordance with generally accepted accounting standards.
- 3. We will provide sufficient and accurate information regarding management of the company to investors so that investors may freely make investment decisions at its own responsibility.
5. Building Win-Win Relations with Business Partners
We will establish fair trade system based on mutual trust and build a corporate eco-system where interested parties co-exist and grow together.
① Building Mutual Trust
- 1. We will pursue fair dealings with our business partners on equal footing and based on mutual respect.
- 2. We will strictly protect information received from transactions with business partners in accordance with the terms of the relevant contract and the relevant laws.
- 3. We will support business partners to comply with anti-competition related laws and regulations.
② Pursuing Mutual Growth with Business Partners
- 1. We will pursue mutual benefits by sharing fruitful outcome with business partners.
- 2. We will cooperate and communicate openly with business partners such that business partners may provide high quality products and services.
- 3. We will provide fair opportunities and reasonable transaction terms to business partners so that they could grow as our long term business partner.
③ Support for Continuing Development of Business Partners
- 1. We will endeavor to build a stable supply chain by providing technical and financial supports to business partners.
- 2. We will endeavor to expand the potential pool of business partners that can grow with us in harmonious development of overall corporate eco-system.
6. Contribution to the Country and Society
We will contribute to the growth of the country and society by fulfilling our responsibilities and duties as a global corporate citizen.
① Roles and Attitude as a Corporate Citizen
- 1. We will respect the laws and the regulations of the local laws and regulations as well as local culture and tradition, and endeavor for mutual development with the country and society.
- 2. We will encourage participation of and endeavor to communicate with interested parties in performing management activities that may affect country and society.
- 3. We will encourage business partners to participate in activities for the development of the country and the society.
② Contribution to the Development of the Country and the Society
- 1. We will discharge our obligations in the community by creating and maintaining stable jobs and paying taxes in time.
- 2. We will actively participate in social service activities, such as volunteer works and disaster relief work, and initiate non profit activities in various fields including culture, arts, sports and education.
- 3. We will provide support for residents' effort to improve quality of their lives and pursuit of happy life.
7. Protection of Environment and Preservation of Eco-system
We will establish an environmental management system, strengthen our ability to deal with environmental risks and implement environment-friendly management through open communication.
① Implementation of Environmental Management System
- 1. We will effectively implement environmental management system, evaluate impacts and risk of business activities on environment and analyze and manage the results of environmental management.
- 2. We will share benefits and issues with various interested parties, and jointly carry out environmental protection activities.
- 3. We will convince business partners to believe that protection of environment is fundamental social responsibility of a company, and support business partners to comply with laws and regulations related to environmental protection.
- 4. We will support business partners to manufacture products and provide services while protecting the public health and minimizing adverse effects on the environment and the natural resources of the community.
② Complying with Environmental Laws and Improvement on Environmental Impacts
- 1. We will endeavor to comply with environmental laws and to improve impacts on the environment in the overall process of developing, producing and using products.
- 2. We will minimize discharge of pollutants by introducing environment-friendly manufacturing process and applying technologies optimized for prevention of pollution.
③ Dealing with Climate Changes
- 1. We will endeavor to reduce consumption of fossil fuels or materials, and to minimize discharge of greenhouse gas by improving energy efficiency.
- 2. We will enhance competitiveness by developing innovative low-carbon technology.
④ Protection of Environment and Eco-system
- - We will endeavor to restore the eco-system and preserve biological diversity through effective use of natural resources and by-products.
8. Protection of and Respect for Human Rights
We will respect human rights, support international standards for human rights and strengthen dignity of all interested parties by improving freedom, safety and quality of life.
① Respect for International Standards Regarding Human Rights
- 1. We will support and respect internationally recognized standards on human rights, such as Universal Declaration of Human Rights, Guiding Principles on Business and Human Rights, UN Global Compact, and OECD Guidelines for Multinational Enterprises.
- 2. We will establish clear policy and system for protection of human rights and endeavor not to violate human rights in our management activities.
- 3. We will support business partners to comply with internationally recognized human rights standards and regulations, protect their employees'human rights and treat them fairly.
② Due diligence in Relation to Human Rights
- 1. We may, at our discretion, conduct due diligence on management activities that might violate human rights or cause complaints.
- 2. We will endeavor to find reasonable resolutions if, upon conclusion of the human rights due diligence, we believe our management activities have violated human rights or caused complaints.
- 3. We will communicate with the relevant interested parties regarding human rights related activities and results thereof.
③ Protection of Executives and Employees
- 1. We will not engage in verbal, physical or demonstrative acts that may offend others or infringes other's human rights such as sexual harassment.
- 2. We will respect privacy of executives and employees, will not slander or defame others, and will protect personal information.- We will not compel works through mental or physical coercion.
- 3. We will comply with local labor laws and international standards with respect to the age and labor conditions of minors.
- 4. We will strictly comply with safety regulations, and will take appropriate actions upon discovery of risk factors.
④ Respect and Equality
- 1. We will not discriminate or harass for reasons of race, nationality, gender, age, educational background, religion, regional origin, disability, marital status, and sexual orientation.
- 2. We will provide equal employment opportunity to those who possess necessary qualification and capability.
- 3. We will maintain work environment that respects cultural diversity.
⑤ Assurance for Legitimate and Humane Employment Terms
- 1. We will take prompt actions for human rights issues raised by executives and employees through the company grievance procedure.
- 2. We will offer adequate employment terms such as guaranteeing proper working hours to enable the employees to maintain life with dignity.
⑥ Efforts to Respect Community Human Rights
- - We will endeavor to listen to the opinions of the community and resolve issues of violation of human rights caused by our management activities in the community.
POSCO E&C operates the Reporting Consultation Center where employees can report unethical behaviors done by executives and staff members, under the motto of "Doing the Right Things Right."Reporting Consultation Center
POSCO E&C has established and is operating a variety of ethics-related policies to help employees be accustomed to ethical practices.
POSCO E&C is contributing greatly to the establishment of an ethical corporate culture through various channels of ethics education.
Creating a corporate culture with "no solicitation" by recording and managing all recommendations and requests
Works as a preventive device against unethical behavior
- The executive or staff member who received the solicitation. can justify their refusal due to company’s registration policy and
- the person who made the solicitation feels the psychological burden of leaving a solicitation record. This prevents unreasonable solicitations in the future.
Practicing whistle blower spirit
- Creating an honest and transparent atmosphere in the company by executives and staff members who received the solicitation by conscientiously registering
- Solicitation registration is regarded as a voluntary report. Executives and staff members are protected and exempt from any future problems or responsibilities.
- All executives and staff members related to recommendation/solicitation, including recipients, deliverer, and related persons in charge
How to register
- Executives and staff members who received recommendation/solicitation should register what happened in accordance with 5W1H principle.
- Solicitor is informed with the registration fact along with his/her personal information (name, company name, position, etc.)
- Recommendation/solicitation should be registered within 24 hours after it occurs
- However, if there is a special reason such as business trip, registration should be made immediately after the reason has ended.
Process for recommendation/solicitation registration
Recommendation/Solicitation should be registered it in the system in accordance with 5W1H principle
Company Audit Department receives and reviews the content
The information is delivered to the relevant department (HR Office, Equipment & Materials Purchasing Office, etc.)
If necessary, Investigation is carried out by the Company Audit Department and necessary measures are taken in case of problems
Definition of solicitation
- Solicitation refers to any expression of intention by the solicitor, such as a request that may influence the performance of duties and decision-making of executives and staff members, for the purpose of the solicitor him/herself or others
Standards for judging fairness about the influence on job performance or decision-making (* Regulations of the Anti-Corruption & Civil Rights Commission)
- An act that creates an interest to the executive or staff member who received the solicitation if he/she accepts or rejects the solicitation
- An act (request of the solicitor) that is psychologically burdensome on the person when conducting fair business
Scope of recommendation/solicitation to be registered
- Clean POSCO system is to prevent the occurrence of misconduct by solicitation in advance. Thus, the scope of solicitation is wider than what is defined by the law. All expressions of intention that can undermine fairness should be registered.
- If it is unclear whether it is a solicitation or a normal business, they should be registered in the system
- Executives and staff members who do not register the recommendation/solicitation despite being aware will be severely sanctioned.
- Request for preferential treatment for equipment/material purchase and various contracts
- Request for special and preferential treatment in various personnel matters, such as recruitment, promotion, reward, punishment, and position transfer
- Request for special treatment, such as providing convenience/benefits that breaches standards and principles
- Request to neglect management/supervision tasks such as inspection
- In case where the solicitor withdraws the solicitation facing a refusal in fear of identity exposure due to solicitation registration
- Request for cooperation through official documents
- Acts of requesting cooperation, such as simple confirmation, inquiry, complaint, etc. for doing business in related institutions or departments
How recommendation/solicitation registration is processed
- Recommendation/solicitation results are handled by relevant departments such as HR and the Procurement Department, and penalties may be imposed to related executives and staff members or companies.
CCTV Operation policy
CCTV Policy for the Protection of Personal Information
CHAPTER I GENERAL PROVISIONS
Article 1 (Purpose)
The purpose of this Policy is to fulfill appropriate duties and comply with applicable laws by setting matters POSCO E&C Ltd. (the “Company”) must comply with in relation to the installation and operation of closed-circuit televisions and protection of footages.
Article 2 (Definitions)
The terms used in this Policy shall be defined as follows:
- 1. The term closed-circuit television (“CCTV”) is a type of communication network, in which the footages recorded from the CCTVs located in specific sites are collected and transmitted to exclusive receivers through wired/wireless closed-circuit channels.
- 2. The term “footage” refers to CCTV recordings of which the recorded subject can be identified.
- 3. The term “data subject” refers to an individual who can be identified from the footage; that is, the subject of footage.
- 4. The term “processing” refers to the act of handling data collected through CCTVs, such as inputting, saving, editing, deleting, playing, and other similar acts, excluding the collection of such data.
Article 3 (Scope of Application)
- (1) In relation to the installation and operation of CCTVs needed for crime prevention, facility security, and fire safety, as well as the protection of footages that are collected and processed by the aforementioned reasons, the provisions of this Policy shall be observed, unless special provisions are stipulated in other laws.
- (2) Use of auxiliary cameras for CCTVs installed and operated by the Company shall also comply with this Policy, regardless of the fact whether their recordings are treated as actual footages or not.
Article 4 (Protection of Footages)
- (1) The Company shall collect minimum scope of footages that meets the purpose of CCTV installation.
- (2) The Company must have the data subject clearly aware of the installation purpose as mentioned in paragraph (1) of this Article. The footages shall not be used for other purposes than the said purpose.
- (3) The Company shall secure accurate and the latest footages and manage them in a safe manner.
- (4) The Company shall disclose general matters in relation to the handling of footages and protect the rights of data subjects.
CHAPTER II REQUIREMENTS FOR CCTV INSTALLATION
Article 5 (Notification of Installation Plans, etc.)
In the event of installing a CCTV, the Company shall prepare a CCTV installation and operation plan (“Plan”) that includes the following items:
- 1. Purpose of CCTV installation;
- 2. Division in charge of CCTV control: Handling officer and contact details;
- 3. Number of cameras, locations, performance, and scope of recording of the CCTV to be installed and operated;
- 4. Standard of the caution sign to be installed and the installation location in accordance with Article 7(1);
- 5. Contents, procedures, and methods regarding the data subject's exercise of rights and means of objection;
- 6. CCTV recording time, retention period of footages, methods of storage, management, and deletion of footages, and storage location of footages;
- 7. Actual location where footages transmitted from CCTVs are accessed and played, and access control to the said location;
- 8. Grounds, procedures, and methods of providing or granting access to footages to a third party; and
- 9. Other matters recognized to be necessary for the protection of footages
Article 6 (Designation of CCTV Managers)
- (1) The head of the division in charge of the installation and operation of CCTVs shall be designated as the CCTV General Manager, while his or her staff shall be designated as CCTV Operation Manager(s) (“CCTV Manager(s)”).
- (2) The CCTV Manager shall take charge of duties in relation to the installation and operation of CCTVs, reception and handling of complaints, and collection and processing of footages.
- (3) The CCTV Manager shall designate and manage a separate Personal Information Handler and inform the CCTV General Manager of relevant information in the event of CCTV installation and/or other changes.
Article 7 (Installation of Caution Signs)
- (1) In the event of installing a CCTV, the Company shall put up caution signs regarding CCTV operation and the collection of footages for the recognition of data subjects.
- (2) The signs in relation to paragraph (1) of this Article shall mention the following items:
- 1. Purpose of CCTV installation;
- 2. Recording scope and time; and
- 3. Information on the CCTV handling division, CCTV Manager, and contact details
- (3) The signs in relation to Paragraph (1) of this Article shall be installed within the recording scope where they are easily visible and understood by data subjects.
- (4) Notwithstanding Paragraph (2), in the event of installing several CCTVs in the Company’s building, the sign that complies with Paragraph (1) may mention that the whole building is within the recording scope and can be attached only on the building exits.
CHAPTER III REQUIREMENTS FOR HANDLING FOOTAGES
Article 8 (Limitation on Collection)
- (1) CCTVs shall not be arbitrarily manipulated or shoot other places beyond the purpose of their installation during collection of footages.
- (2) Footage rotation and zooming features that have no relation to the purpose of CCTV installation may not be used during collection of footages.
Article 9 (Limitation on Processing)
Footages of a data subject may not be used for other purposes than the CCTV installation purpose or be granted access or provided to a person who has no access authority: Provided, That this shall not apply in any of the following circumstances:
- 1. Where consent is obtained from the data subject;
- 2. Where the data is given access or provided to the data subject;
- 3. Where special provisions exist in other laws;
- 4. Where the data is provided in a pseudonymized manner when it is required for the purposes of reporting by the media through newspapers or broadcasting;
- 5. Where there is an urgent reason for not obtaining the data subject's consent when the risk that the rights and interests of the data subject may be infringed is clear and present;
- 6. Where it is necessary for the investigation of a crime, indictment, and/or prosecution; or
- 7. Where it is necessary for the enforcement of punishment, probation, and custody.
Article 10 (Safeguards, etc.)
- The Company shall designate a place where footages transmitted by CCTVs are actually accessed and played (“Control Center”) as a restricted zone and strictly limit the access of individuals apart from those who have been granted the authority.
- (2) The Company shall limit the authority to access footages to CCTV Managers and the minimum number of designated personnel.
- (3) The Company shall regularly inspect and check the normal operation of CCTVs and keep an accurate record regarding the matters.
- (4) The Company shall seek for technical and managerial safety measures in response to illegal access, alteration, leakage, and damage of footages.
- (5) The Company shall prepare a training course on the personal information protection of data subjects for those who are granted authority to access footages.
Article 11 (Request for Access, etc.)
- (1) A data subject may request to confirm the existence, access, and/or delete footages to the Company.
- (2) In relation to the request as mentioned in the paragraph (1) of this Article, the Company shall take immediate action in accordance with Article 5(5).
- (3) Notwithstanding Paragraph (2) of this Article, the Company may refuse to take action in the event of any of the following circumstances. In this case, the grounds for refusal and objection method shall be informed (including information and communications networks) to the data subject within seven (7) days.
- 1. Where it may cause grave difficulties in performing investigation of crimes, prosecution, and conduct of trials;
- 2. Where deleting only the footages of a specific data subject is extremely difficult in technical manner;
- 3. Where taking appropriate action as prescribed in Paragraph (1) of this Article may infringe upon other's privacy rights; or
- 4. Where there are appropriate grounds to refuse the request for access, etc., that meet the public interest.
Article 12 (Retention and Deletion)
Footages collected through CCTVs shall be deleted without delay once the data retention period mentioned in the Plan expires: Provided, That when it is difficult to determine the minimum period of time required to achieve the purpose of data retention due to the nature of a division, the retention period shall be within thirty (30) days after the collection of footages.
CHAPTER IV SUPPLEMENTARY PROVISIONS
Article 13 (Consignment of Duties)
- (1) In the event of consigning the duties in relation to the installation, operation, and management of CCTVs, the Company shall take necessary safety measures to prevent the abuse of footages and supervise the consignee.
- (2) The consignee who is granted authority to access footages in relation to paragraph (1) of this Article shall undergo a training course as mentioned in Article 10(5).[lh1]
Article 14 (Confidentiality)
Those who handle or have handled footages shall not use the obtained data for inappropriate purposes, such as revealing, processing without authority, and/or providing for the use of another person.
Article 15 (Exclusion)
This Policy shall not be applied to CCTVs installed and operated to supervise the duties of individuals who are with the military regardless of their duties.