Equis collects personal information from data subjects such as investors, contract counterparties, and advisors. The items of personal information processed by Equis are as follows. Personal information will not be used for any purpose other than the purpose outlined below. If the purpose of processing such personal information is altered, Equis plans to undertake necessary actions, including the procurement of separate consent from the data subjects.
|Item||Purpose of Collection and Use||Item of Person Information Collected and Used||Period of Retention and Use|
|Essential Item||In order to comply with the policies and procedures of Equis and the requirements under the applicable laws and regulations (E.g. Equis’ corporate policy on Anti-Money Laundering and Sanctions; Equis’ corporate policy on Anti-Bribery and Anti-Corruption)||Name, gender, date of birth, nationality and place of birth; mailing address, telephone number, email address and other contact information||Until the purpose of collection and use is achieved (however, if the relevant laws and regulations prescribe a certain period during which an item of personal information is required to be maintained, such item of personal information will be maintained until the expiration of such period.)|
As noted in the previous section, Equis processes data subjects’ personal information strictly in accordance with the specified scope of the purpose of processing such information, and may not provide such personal information to third parties unless explicitly permitted under Articles 17 and 18 of the PIPA (e.g. upon procurement of prior consent from the data subject, or pursuant to special provisions in relevant laws and regulations).
Equis provides data subjects’ personal information to its affiliates as follows:
|Third Party Recipient||Purpose of Use of Information Provided||Items of Personal Information to be Provided||Period of Retention and Use of Information Provided|
|Equis Development Pte. Ltd.,
Equis Central Services (Korea) Pte. Ltd.,
Equis Central Services (Singapore) Pte. Ltd.
|In order to comply with the policies and procedures of Equis and the requirements under the applicable laws and regulations (E.g. Equis’ corporate policy on Anti-Money Laundering and Sanctions ; Equis’ corporate policy on Anti-Bribery and Anti-Corruption)||Identical to the “Items of Personal Information Collected and Used” as provided above in Section 1||Until the purpose of collection and use is achieved (however, if the relevant laws and regulations prescribe a certain period during which an item of personal information is required to be preserved, such item of personal information will be maintained until the expiration of such period.)|
A data subject (or if the data subject is under 14 years or old, his/her legal representative, i.e., a parent who has the parental right) may at any time exercise his/her right by, among other means, requesting to access and view, modify, delete, and/or suspend the processing of his/her personal information retained by Equis.
A data subject may make the above requests in writing or by e-mail or facsimile in accordance with Article 41(2) of the Enforcement Decree of the PIPA, and Equis will take measures thereon without delay.
A data subject may exercise the above right through his/her proxy such as his/her legal representative or an otherwise delegated person. In such case, however, a power of attorney in the form of Exhibit 11 of the Public Notice on Methods of Personal Information Management must be submitted to Equis.
The right of a data subject to request to review his/her personal information and to suspend the processing of his/her personal information may be restricted in accordance with Articles 35(4) and 37(2) of the PIPA.
Equis may reject a data subject’s request for rectification and/or deletion of his/her personal information if Equis is required under relevant laws and regulations to collect such data subject’s personal information.
Upon receipt of a request to view, rectify, delete or suspend the processing of a data subject’s personal information, Equis shall verify, prior to acting upon such request, whether the requesting person is the data subject or a legitimate representative.
Equis shall immediately destroy personal information when the relevant personal information becomes unnecessary, including when the retention period of such personal information expires, or where the purpose of processing such personal information is achieved.
If Equis is required pursuant to relevant laws and regulations to continuously preserve certain unnecessary personal information, Equis will store and manage such personal information in a separate storage space or a separate database (DB).
Procedures and methods for the destruction of personal information are as follows:
Equis selects the personal information to be destroyed, and destroys such personal information after obtaining approval from Equis’ privacy officer.
Equis destroys any personal information recorded or stored in electronic form in an irreproducible manner; Equis destroys any personal information recorded or stored in physical form by using a paper shredder or incinerating such information.
Equis undertakes the administrative, technical and physical security measures, in order to ensure that the personal information it processes is secure, including, but not limited to the following:
Regular monitoring by the Equis’ Legal & Compliance department, establishment and implementation of an internal policy, and training of the employees who handle personal information.
Storage of any digitalized personal information in a secure folder within Equis’ IT system, management of access right to such information and the operation of an access control system., adoption of encryption technology to safely store and transmit personal information, retaining login records and technical measures to prevent the forgery and falsification, installation and upgrade of security programs to protect personal information.
Separate maintenance of any physical copies of personal information in a secure filing cabinet and restriction of access to sites, offices, and data rooms.
Equis does not use “cookies” or any other automatic collection technologies for the purpose of storing, tracking and accessing data subjects’ usage information.
Equis designates a privacy officer as follows who will handle complaints and remedy damages of the data subjects related to the processing of personal information.
Name: Richard Kramer
Department and Position: Legal & Compliance Department, General Counsel
Data subjects may contact the privacy officer and the personal information protection department to, among others, inquire about matters in connection with the protection of personal information, the handling of complaints, and damage relief.
Data subjects may contact the following organizations in order to seek damage relief or request consultation with respect to the infringement of personal information.
Responsibilities: Receiving reports with respect to the infringement of personal information and applications for consultation
Website address: privacy.kisa.or.kr
Telephone No.: (without exchange number) 118
Address: Korea Internet & Security Agency, 9, Jinheung-gil, Naju-si, Jeollanam-do, Korea
Responsibilities: Receiving Applications for personal information dispute mediation and collective dispute mediation (civil solution)
Website address: www.kopico.go.kr
Telephone No.: 1833-6972
Address: 12F, Seoul Government Complex, 209, Sejong-daero, Jongno-gu, Seoul, Korea
(without exchange number) 182 (cyberbureau.police.go.kr)
This Policy is effective as of [01/11, 2023].
Previous versions of this Policy may be accessed at www.equis.com.