General Provisions

1. 1. HYUNDAI WIA MEXICO S DE RL DE CV (hereinafter referred to as ‘the Company’) put great amount of importance on Personal Identity Information (PII), abide by the Personal Information Protection Act (PIPA) and any other legislations related to the personal information protection and notify to customers at the Company’s visit reservation request website: visit.hyundaiwia.mx (hereinafter referred to as ‘Website’) notification channel or specially designed pop-up windows when there is revision of the policy.
2. 2. Personal Information which visitors registered at the Website will be gathered and used only by the customers’ visiting company’s personal information managers.

The purpose of personal information gathering and the use of it.

1. 1. Information collection for visit reservation : Customers’ identification, visiting company’s verification at check-in procedure, Confirmation of customers’ destination department’s visit reservation history
2. 2. Past facto management : Personal information is preserved for the Company’s Information protection after customers’ visit.

Personal information collecting detail and method

1. 1. Collecting categories

   Collecting categories

   	Essential information	Additional information
   Website	Name, DOB, mobile no. Company’s name / address	Vehicle information (vehicle type, plate number)

   ※ The Company is collecting information mentioned above to the minimum extent to operate Website.
2. 2. Personal information collecting method: via Website, written paper, email, telephone, etc.
   ※ Personal information mentioned above includes not only personal information at the time of colleting but also personal information collected and modified afterwards with customers’ consent.

Personal Information possession and usage period

• The Company preserves customers’ personal information when it’s necessary for its information protection.
• In this case, the Company uses the stored personal information for its original purpose and the preservation period is below:
  • ㆍPreserving information : Visiting history information
  • ㆍPreserving evidence : Access record management and the Company’s security policy
  • ㆍPreserving period : the last day of the year after 5 years

Agreement veto and disadvantages

1. 1. Customers are entitled to disagree to the Company’s collecting their personal information.
2. 2. The Company notifies customers’ restriction to entering into a building when customer disagreed to the Company’s personal information collection.
   ※ To customers with a vehicle, the vehicle’s entrance is prohibited when vehicle’s information is not reported.

Personal information provision to the third party

• The Company does not provide customers’ personal information to the third
• party that collected when customers make a visit reservation request, except
  1. 1) Under circumstances to the extent required by laws
  2. 2) Under circumstances of investigative agency’s request for the purpose of investigation by prearranged procedures and manners by laws

Personal information’s destruction procedures and method

Unless preservation of personal information is necessary by other laws, the Company makes it a rule to destruct the information immediately after achieving the purpose of collecting and usage of personal information.

1. 1. Destruction procedure
   • Personal information customer provided to the Company is transferred to special DBs after achieving the purpose of its collecting and usage (in case of paper, to special document boxes) and destructed after certain period of time based on the Company’s internal policy or related laws.
   • Personal information transferred to special DBs will not be used for any other purposes except to the extent required by any other laws.
2. 2. Destruction method
   • Personal information stored electronically should be destructed by the special technology that precludes the possibilities of restoring.
   • Personal information printed on papers should be destructed by shredding machine or incinerating.

Customer’s right / obligation and its exercise

1. 1. A customer and a legal representative (in case of children under 14 years old) is entitled to request of read, modification, destruction, etc. of personal information that the Company handles.
2. 2. A customer and a legal representative is entitled to request of read, modification, etc. mentioned in previous clause to CIO or personal information handling manager and the Company should take proper actions immediately in case customers make the request. But if there is an reasonable excuse, company takes proper actions and notifies the result of customers’ request within 10 days after the day of request and does not provide or use the information until the proper action taken.
3. 3. A customer and a legal representative should not provide false information to company and infringe on the third person’s personal information such as collecting, disclosing or making a fraudulent use of the third person’s personal information. If violating, a customer or a legal representative bears civil / criminal liabilities according to related laws.

Personal information safety securing measures

1. With regard to the Company’s dealing with customers’ personal information, the Company prepares technical and managerial measures to secure safety in order not to be stolen, modified, damaged, lost or leaked of the information.
2. 1. Personal information collected is stored and managed in encrypted form by encryption program.
3. 2. It is thoroughly controlled by the Company to access the personal information and it is possible to access and process the information only by the system manager.
4. 3. The Company establishes, implements privacy policy and conducts regular personal information protection education to the personnel related.
5. 4. The Company takes every possible technical action such as installing security programs in preparation for hackings or virus invasion.
6. 5. The Company will notify personal information’s violation accidents such as its leakage, damage, etc. to customers and take every necessary action to minimize the intensity of the accidents.

Personal information manager and dissatisfaction of its handling.

The Company protects customers’ personal information and designates a chief of personal information manager and responsible department as below to deal with dissatisfactions related to personal information handling.

Chief of personal information manager

• Name: Candido Enrique Osuna Medina
• Team: IT
• Position: Head Of Department
• Tel.: 81-1646-5222

Personal information manager

• Name: Marco Antonio Castillo Garcia
• Team: IT
• Position: Assistant Manager
• Tel.: 81-1646-5238

Personal facilities and physical security part manager

• Name: Marcelino Cervantes Gonzalez
• Team: Facilities and Security
• Position: Manager
• Tel.: 81-1646-5241

Personal facilities and physical security part assistant

• Name: German Rodriguez Hernandez
• Team: Facilities and Security
• Position: Senior specialist
• Tel.: 81-1646-5308

1. The Company is willing to make the best effort to resolve situation when customers report opinions or complaints to personal information managers mentioned above in regards to the Company’s personal information management.

Updates for Personal Information Handling Policy

1. The Company shall notify the reasons of revision and revised contents of personal information handling policy at the Website notification channel or specially designed pop-up windows at least 7 days prior to its application.
2. This policy is effective as of 1^st June 2017.