POSCO

This Privacy Policy describes POSCO Co., Ltd. (¡°Company¡±, ¡°we¡±, ¡°our¡± or ¡°us¡±)¡¯s privacy practices and the possible uses of information that is made available to us when you visit posco.co.kr (¡°Website¡±).

In accordance with Article 30 of the Personal Information Protection Act in Korea, the Company discloses its privacy policy aimed at protecting your personal information and quickly and efficiently handling privacy-related complaints.

Consent to data collection

We present the Terms of Use for this Website and requests your consent by displaying "Consent" and "Do not consent" buttons. If you click the "Consent" button, it will be considered that you have granted consent for the collection of personal information ("Personal Information").

* This Website does not collect any Personal Information of children under 14, or post or provide harmful information to children.

Purposes of collecting and using data

When you register to become a member of the Website, the Company collects only the minimum Personal Information necessary to provide online services on the Website(¡°Services¡±). Collected information will be used solely for the purposes stated below. If any change is made to the purposes, we will take necessary measures, e.g. obtaining separate consent to the change(s) in accordance with Article 18 of the Personal Information Protection Act.

Member Registration

When you register to become a member of the Website to use certain Services, you are required to provide user ID, password, full name, cell phone number, E-mail address, date of birth and i-PIN data. However, you may choose to leave optional fields, e.g. phone number and relationship with POSCO, as blank in your registration form, which will not limit your use of the Services. The following are types of Personal Information that we may collect from you, and the purposes of collection and use.

• Your full name, user ID, password, date of birth, and i-PIN data: for identification purposes to provide membership-only Services.
• Your E-mail address, cell phone number, and (optional) phone number: for efficient announcement and delivery of information, including but not limited to announcements, responses to formal grievances, service launch, news and event.
• Your cell phone number and (optional) phone number: for ob-taining and confirming addresses for gift delivery
• (optional) other information: to provide customized service

To report ethical misconduct

You are required to provide your full name, phone number, E-mail and password.

To report unfair trade practices

You are required to provide your full name, phone number, E-mail address and password.

To report abuse of power

You are required to provide your full name, phone number, E-mail address and password.

To report hostile workplace/sexual harassment

You are required to provide your full name, phone number, E-mail address and password.

To report ethical dilemmas

You are required to provide your full name, phone number, E-mail address and password.

Ethics Counseling Center

You are required to provide your full name, phone number, E-mail address, gender, employment status, confidentiality

Reporting Center for Unethical Behavior

You are required to provide your full name, phone number, E-mail address and password

Contact Us

You are required to provide your full name, e-mail address and country of residence

Right to accessing or correcting Personal Information

You may access or correct any Personal Information we maintain about you at any time. To do so, you may log in and click 'Update personal information', or contact the system manager in writing, by phone or by E-mail. Your request will be handled promptly.

Once a request to correct Personal Information is made, the Company will not use the information until correction is completed. If Personal Information has already been provided to a third party, we will immediately notify the third party of the request and demand correction.

If your request to access, correct, erase or suspend the processing of Personal Information is denied, you have the right to appeal the decision. Here is the appeal process.

• ¨ç When the Company decides to postpone the handling of or reject your request regarding Personal Information, we will inform you of our reason for declining to take action and provide instructions for how to appeal the decision within 10 days of receipt of the request.
• ¨è You can file an appeal in writing, by phone or by E-mail.
• ¨é The appropriate system manager, in conjunction with the Chief Privacy Officer, makes the determination about whether to grant or deny the appeal.
• ¨ê We will inform you of such determination.

Right to withdraw consent to collection, use or provision of Personal Information

You have the right to withdraw your consent to collect, use or provide your Personal Information at any time. To withdraw your consent, click ¡°Withdraw consent (delete account)¡± in the main page of the Website, or contact the system manager in writing, by phone or E-mail. Then, we will take immediate action, e.g. erasure of personal information.

Data retention

We store your Personal Information for a designated period of time. The Personal Information you provided during member registration will be immediately removed upon account deletion. If you do not log in for 1 year, your account will be considered as inactive and your Personal Information will be isolated to be deleted in 3 years. Personal Information collected through non-member services (inquiry and reporting) will be deleted 5 years after inquiry or reporting.

When the retention period comes to an end, the Website immediately and irreversibly destroys Personal Information (if Personal Information has been provided to a third party, the third party will be requested to delete it). In any of the following events, however, Personal Information will be retained for the respective periods as specified in each clause.

• ¨ç When we are obligated to retain Personal Information in compliance with legal requirements, such as the Commercial Act, the transaction records and minimum information will be maintained for the duration as defined in the applicable law.
• ¨è We retain Personal Information for the standard retention period as announced to you in advance or an extended period when agreed upon by you.

Purpose limitation and third-party data sharing

The Website collects, processes and uses the Personal Information only for purposes specified explicitly. We do not process your Personal Information for other purposes or share your Personal Information with third parties without your prior consent unless:

• ¨ç you grant a separate consent
• ¨è there are legal requirements

Outsourcing the processing of Personal Information

• ¨ç To ensure efficient processing of Personal Information, the Website outsources the following tasks:

  Service Provider	Task	Personal Information is retained and processed upon
  POSCO DX	Service operations	Account deletion or the termination/expiry of the outsourcing contract
  POSCO Humans	Planning and executing arts and culture events in Pohang and Gwangyang	Termination/expiry of the outsourcing contract

• ¨è In compliance with Article 25 of the Personal Information Protection Act, our outsourcing contracts specify duties and responsibilities, such as prohibition of Personal Information processing for purposes other than the entrusted tasks; technical and administrative protection measures; limitations on re-outsourcing; management and supervision of the service provider; and compensation for damages. Afterwards, we monitor the service provider¡¯s Personal Information processing activities to ensure privacy protection.
• ¨é If any change is made to the foregoing tasks or we hire a new service provider, we will immediately incorporate such changes to this privacy policy.

Technical measures to protect Personal Information

To prevent any loss, theft, leakage, alteration or damage of Personal Information during processing, the Website has in place the following technical measures:

• ¨ç Your Personal Information is protected by a password. For important data, additional safeguards, such as file and data encryption and file locking, are used.
• ¨è The Website employs antivirus software to safeguard against computer viruses. The software undergoes regular updates, and, is updated immediately when a new version is released to address a novel virus to prevent theft of Personal Information.
• ¨é The Website uses a security protocol, e.g. SSL or SET, that encrypts Personal Information in the network to ensure safe transmission.
• ¨ê To safeguard against the leakage of Personal Information resulting from hacking or other types of security breaches, we employ security measures to prevent intrusions. Additionally, we have built an intrusion detection system in each server that continuously monitors and detects signs of any unauthorized access .

Personal Information collected from cookies

The Website uses ¡°cookies¡± to identify and collect your data. The data collected through the cookies is limited to certain items, e.g. your ID and page views, only and no other information is collected. Such data will be used for the following purposes:

To develop targeted advertisements and improve Services by analyzing the Website members and non-members¡¯ page visits and visit durations and by understanding user preferences and interests; track interactions with and visits to the Website to apply different winning probabilities for giveaway campaigns; and provide customized information tailored to individual interests.

You can manage cookie preferences. Select [Tool] > [Internet options] > [Security] > [User-defined level] in the web browser and choose to enable all cookies, to receive a notification each time a cookie is saved, or to disable all cookies.

Chief Privacy Officer & grievance handling

To protect your Personal Information and handle related grievances, we have personal information manager who manages Personal Information, and allow users to leave feedback and submit grievances on the Website. If you have any inquiries or grievances with regard to your Personal Information, please use the information below to contact the personal information manager. We will get back to you immediately.