POSCO SP Website Privacy Policy
POSCO SP Co., Ltd. (hereinafter referred to as the “Company”) establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act, to protect the personal information and interests of its executives and employees and to facilitate the smooth handling of their grievances related to personal information.
Through this Privacy Policy, POSCO SP Co., Ltd. informs you of the purposes and methods by which the personal information you provide is used, as well as the measures taken to protect that personal information.
Consent to Collection of Personal Data
The Company provides a procedure on the POSCO SP website (www.poscosp.com) by which you may click either the “I Agree” or “I Disagree” button regarding the Terms of Use. Clicking the “I Agree” button shall be deemed to constitute your consent to the collection of personal data.
1. Purposes of Processing and Categories of Personal Data Processed
The Company processes personal data for the following purposes. Personal data that has been processed will not be used for any purpose other than those set out below, and if the purpose of use changes, the Company will obtain prior consent.
-
Online Report Center (Named/Anonymous)
① Categories of Personal Data
[Required Items]
- Name, password
[Optional Items]
- Phone number, email, cookies
② Purpose of Collection and Use
[Required Items]
- Name, password: Identity verification
[Optional Items]
- Phone number, email: To secure a means of communication for delivering notices, handling complaints, and other related matters
- Cookies: The personal data collected from users through cookies is limited to matters such as the number of visits by individually authenticated users and the number of general visits; no other information is collected.
2. Processing and Retention Period of Personal Data
The Company processes and retains personal data within the retention/use period prescribed by applicable laws, or within the retention/use period consented to by the data subject at the time the personal data was collected.
The processing and retention periods for each category of personal data are as follows:
Online Report Center (Named/Anonymous)
- Personal data related to the processing of online cyber reports is retained and used for the above purposes for up to 5 years from the date of consent to its collection and use.
3. Provision of Personal Data to Third Parties
The Company processes data subjects' personal data only within the scope specified for the purposes of processing personal data, and provides personal data to third parties only in cases falling under Article 17 and Article 18 of the “Personal Information Protection Act,” such as the data subject's consent or special provisions of law; in all other cases, the Company does not provide data subjects' personal data to third parties.
To ensure the smooth provision of its services, the Company provides personal data in the following cases, in accordance with Article 17(1)(i) of the Personal Information Protection Act, only to the minimum extent necessary and only after obtaining the data subject's consent.
- Recipient: Intermajor Co., Ltd.
- Items provided: Name, password, phone number, email
- Retention period: Until expiration of the personal data retention period or use period, or until termination of the entrustment contract
4. Entrustment of Personal Data Processing
The Company entrusts the processing of personal data as follows to ensure the smooth handling of personal data-related tasks.
When concluding an entrustment contract, the Company specifies, in the contract or other relevant documents, matters concerning the prohibition on processing personal data for purposes other than the performance of the entrusted task, technical and managerial protective measures, restrictions on re-entrustment, management and supervision of the data processor, and liability for damages, in accordance with Article 26 of the Personal Information Protection Act, and supervises whether the data processor handles personal data safely.
If the content of the entrusted task or the data processor changes, the Company will disclose such changes without delay in accordance with this Privacy Policy.
- Entrusted party: Intermajor Co., Ltd.
- Description of entrusted task: Website operation
5. Procedures and Methods for the Destruction of Personal Data
When personal data becomes unnecessary, such as upon expiration of the retention period or achievement of the purpose of processing, the Company destroys the relevant personal data without delay. The procedures and methods for the destruction of personal data are as follows.
① Destruction procedure: Unnecessary personal data and personal data files are processed as follows in accordance with internal guidelines.
- Destruction of personal data: Personal data for which the retention period has expired is destroyed without delay from the expiration date.
② Destruction method
- Electronic files: Destroyed using methods that make the recorded information irrecoverable.
- Paper documents and printouts: Destroyed by shredding or incineration.
6. Measures to Ensure the Safety of Personal Data
In accordance with Article 29 of the Personal Information Protection Act, the Company implements the following technical, managerial, and physical measures to ensure the security of personal data.
① Minimization and training of employees handling personal data
- The Company designates employees who handle personal data, limits access to such data to the relevant personnel, and implements measures to manage personal data on a minimized basis.
② Establishment and implementation of an internal management plan
- The Company has established and implements an internal management plan for the safe processing of personal data.
③ Encryption of personal data
- Users' personal data passwords are encrypted for storage and management such that only the user can know them, and important data is protected through separate security functions, such as encrypting files and transmitted data or using file-locking functions.
④ Technical measures against hacking and similar threats
- To prevent the leakage or damage of personal data caused by hacking, computer viruses, or similar threats, the Company installs security programs, updates and inspects them on a regular basis, and installs systems in areas where external access is controlled, monitoring and blocking such access through both technical and physical means.
⑤ Restriction of access to personal data
- The Company takes the measures necessary to control access to personal data by granting, changing, and revoking access privileges to the database systems that process personal data, and controls unauthorized access from outside through intrusion prevention systems, firewalls, and web firewalls.
⑥ Use of locking devices for document security
- Documents and auxiliary storage media containing personal data are kept in a secure location with a locking device.
⑦ Access control against unauthorized persons
- The Company maintains a separate physical storage location for personal data and has established and operates access control procedures for that location.
7. Installation/Operation of Devices for the Automatic Collection of Personal Data, and the Right to Refuse
① The Company operates “cookies,” which periodically store and retrieve your information. The personal data that the POSCO SP website collects from you through cookies is limited to matters such as the number of visits by individually authenticated users and the number of general visits; no other information is collected. The personal data collected from you by the POSCO SP website through cookies is used for the following purposes.
② To analyze users' visit frequency, time spent on the website, and similar data, and to identify users' preferences and areas of interest, for use as a basis for targeted marketing and service improvements, among other purposes.
③ You have a choice regarding cookies. You may set your web browser to allow all cookies, to require confirmation each time a cookie is saved, or to refuse the storage of all cookies.
How to Allow/Block Cookies
Allowing/Blocking Cookies in a Web Browser
- Chrome: Browser Settings > Privacy and Security > Clear Browsing Data
- Edge: Browser Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data
Allowing/Blocking Cookies in a Mobile Browser
- Chrome: Mobile Browser Settings > Privacy and Security > Clear Browsing Data
- Safari: Mobile Device Settings > Safari > Advanced > Block All Cookies
- Samsung Internet: Mobile Browser Settings > Browsing Data > Clear Browsing Data
8. Rights and Obligations of Data Subjects and Their Legal Representatives, and the Method of Exercising Them
Rights and Obligations of Data Subjects and Their Legal Representatives, and the Method of Exercising Them
① The data subject may, at any time, exercise rights such as the right to request access to, correction of, deletion of, suspension of processing of, or withdrawal of consent for personal data, with respect to the POSCO SP website.
② Such rights may be exercised with respect to the POSCO SP website in writing, by email, by fax, or through other means, in accordance with Article 41(1) of the Enforcement Decree of the “Personal Information Protection Act,” and the POSCO SP website will take action on such requests without delay.
③ Such rights may also be exercised through a representative, such as the data subject's legal representative or a person delegated authority to act on the data subject's behalf. In such cases, a power of attorney in the form prescribed in Attached Form No. 11 of the “Notice on Methods of Processing Personal Data (Notice No. 2023-12)” must be submitted.
④ The data subject's right to request access to or suspension of processing of personal data may be restricted pursuant to Article 35(4) and Article 37(2) of the “Personal Information Protection Act.”
⑤ If another statute specifically designates certain personal data as information that must be collected, the data subject may not request that such data be deleted.
⑥ When a request for access, correction, deletion, suspension of processing, or withdrawal of consent is made pursuant to a data subject's rights, the POSCO SP website verifies whether the person making the request is the data subject or a legitimate representative.
Request to Access Personal Data
A data subject may submit a request to access personal data under Article 35 of the “Personal Information Protection Act” to the department listed below. The POSCO SP website will make every effort to ensure that data subjects' requests to access personal data are processed promptly.
Department for Receiving and Processing Requests to Access Personal Data
- Department: Management Planning Division
- Contact person: Gyeongdeok Gong
- Title: Team Leader
- Contact (email): gonggd@poscosp.com
9. Personal Data Protection Officer
① Personal Data Protection Officer
- Department: Management Planning Division
- Contact person: Suyeon Choi
- Title: Team Leader
- Contact: csy2002@poscosp.com
② Personal Data Protection Manager
- Department: Management Planning Division
- Contact person: Jeongmin Yang
- Title: Manager
- Contact: yjm1234@poscosp.com
10. Remedies for Infringement of Data Subject Rights
To obtain remedies for personal data infringement, a data subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center of the Korea Internet & Security Agency (KISA), or similar institutions. For other matters concerning the reporting of or consultation on personal data infringement, please contact the institutions listed below.
① Personal Information Dispute Mediation Committee
Phone: 1833-6972 (no area code)
Website: www.kopico.go.kr
② Personal Information Infringement Report Center
Phone: 118 (no area code)
Website: privacy.kisa.or.kr
③ Supreme Prosecutors' Office
Phone: 1301 (no area code)
Website: www.spo.go.kr
④ National Police Agency
Phone: 182 (no area code)
Website: ecrm.cyber.go.kr
11. Installation/Operation of Video Information Processing Devices
The Company installs and operates video information processing devices (CCTV) as follows.
① Grounds/Purpose for Installing Video Information Processing Devices
- Facility safety and fire prevention
- Crime prevention for safety purposes
② Number of Devices Installed, Installation Locations, and Filming Range
- Number of devices installed
·Ansan site:
·Pohang site:
·Busan site:
- Installation locations: The Company's perimeter, etc., and the exterior of major facilities
- Filming range: The entire area of major facilities
③ Manager in Charge, Responsible Department, and Persons Authorized to Access Video Information
- Manager in charge:
- Staff member in charge:
- Entrusted company: S-1
④ Filming Time, Retention Period, Storage Location, and Processing Method for Video Information
- Filming time: 24 hours
- Retention period: 1 month from the time of filming
- Storage location and processing method: Stored and processed in the server room
⑤ Method and Location for Viewing Video Information
- Request to the manager in charge or the staff member in charge
⑥ Measures for Handling a Data Subject's Request to View Video Information, etc.
- A request must be submitted using a Request to View/Confirm the Existence of Personal Video Information form, and access will be permitted only where the data subject is the person filmed, or where access is clearly necessary to protect the data subject's life, body, or property.
⑦ Technical, Managerial, and Physical Measures for the Protection of Video Information
- The video information processed by the Company is securely managed through measures such as encryption.
In addition, as a managerial measure to protect personal video information, the Company grants tiered access privileges to personal data, and to prevent the forgery or alteration of personal video information, records and manages information such as the date and time the personal video information was created and, when accessed, the purpose of access, the person who accessed it, and the date and time of access.
The Company has also installed locking devices to ensure the safe physical storage of personal video information.
12. Changes to the Privacy Policy
- Privacy Policy version number: v1.0
- Privacy Policy effective date: 2026-07-15
- Previous version of the Privacy Policy: 2026-07-15
- Date of last revision to the Privacy Policy: 2026-07-15