Privacy policy

Privacy Statement (2019.12.31)

1. Purpose of collection, use, and retention of personal information

Woori Financial Holdings Co., Ltd. (hereinafter referred to as "Woori Financial Holdings") collects, uses and retains personal information based on the purpose of business affairs recognized by relevant laws and regulations, and consent by the data subject. In case of change in the purpose of collection, use, or retention, necessary measures shall be implemented in accordance with the Personal Information Protection Act by, for example, obtaining separate consent from the corresponding data subject, etc.

2. Collection, use, and retention period of personal information

Woori Financial Holdings collects, uses, and retains personal information only within the period permitted by law to collect, use and retain by us in accordance with the terms and relevant laws based on the consent obtained from the data subject.

3. Provision of personal information to third parties

Personal information retained by Woori Financial Holdings shall be provided to companies under Woori Financial Group only when allowed by relevant laws and regulations, such as the Financial Holding Companies Act.

4. Consignment of personal information processing

In regard to the consignment of personal information processing, Woori Financial Holdings clearly stipulates compliance with relevant laws and regulations on the protection of personal information, prohibition of provision of personal information to third parties, and scope of liability when providing it to the third parties. At the time of signing a consignment contract on personal information processing, the commissioned party, details of consignment, etc. are disclosed on our webpage.

5. Data subject's rights, obligations and their execution methods

① The data subject may exercise their rights to view, correct, delete, or suspend processing of the personal information of Woori Financial Holding at any time. ② The rights stated in the foregoing paragraph can be exercised against Woori Financial Holdings in written form, electronic mail, facsimile, etc., according to the template specified in Attachment No. 8 of the Enforcement Regulations of the Personal Information Protection Act. ③ If the data subject requests the correction of errors, or deletion of personal information, etc., Woori Financial Holdings shall not use or provide the personal information until the personal information of the corresponding data subject is corrected or deleted. ④ The exercise of rights pursuant to Paragraph (1) shall be achieved through the legal representative of the data subject or who has been delegated by the data subject.
In this case, it is required to submit a power of attorney using the template specified in Attachment No. 11 of the Enforcement Regulations of the Personal Information Protection Act.
⑤ Notwithstanding Paragraph (1), in any of the cases in the following subparagraphs, Woori Financial Holdings may notify the corresponding data subject of it, and may refuse the request for viewing and suspension of processing, etc.
1. If there is a special provision in the law or no other option but to comply with the statutory obligations; 2. If there is a risk of causing harm to the life or body of another person or of unjustifiable infringement of the property or other interests of other people; 3. Where it is difficult to implement the contract terms, such as failure to provide the contracted service to the data subject unless the personal information is processed, and the data subject has not clearly stated his/her intent to terminate the contract

6. Personal information items subject to processing

Woori Financial Holdings handles a customer's name, date of birth, address information, and contact information for business purposes such as personnel management of the executives and employees of Woori Financial Group.

7. Disposal of personal information

The personal information of the data subject retained and used by Woori Financial Holdings is deleted, destroyed or burned when the purpose of retention is achieved or the retention period expires according to relevant laws.

8. Measures to ensure the security of personal information

Woori Financial Holdings has taken the following measures to ensure the security of personal information. • Administrative measures: Establishment and implementation of internal management rules, regular staff training, inspection, etc. • Technical measures: Management of access rights such as personal information processing systems, installation of access control systems, installation of security programs, etc. • Physical measures: Access control for computer room, data archives, etc.

9. Amendment of the personal information processing policy, etc.

In case of modifications with the 'Privacy Policy,' Woori Financial Holdings shall disclose the execution period and the details of the change, and every detail before and after the change so that the data subject can easily confirm it.

10. Damage remedies such as infringement of personal information, etc.

Woori Financial Holdings shall do its best to guarantee damage remedies and rights in case of leaks and rights infringement of personal information. In case of information leakage and infringement of rights, please contact the department below.

11. Details of person responsible for personal information protection

The person responsible for personal information protection at Woori Financial Holdings in accordance with Article 31 of the Personal Information Protection Act shall be as follows:
Category Person responsible for personal information protection Person in charge of personal information protection
Name Nor Jin Ho Yang Kyung Cheol
Department Information Security Department
Contact Info. 82+2-2002-3270
* Connects to the relevant department.
* Privacy Policy Version No.: V2.0
* Privacy Policy effective date: December 31, 2019