Global Hotline

Privacy Notice

 

Data Processing via our Compliance Reporting Platform

“Global Hotline”

 

Compliance with laws and internal regulations is a top priority for us. Hyundai Mobis, including all its affiliates, takes the protection of personal data very seriously. This Privacy Notice explains what personal data we collect from you when you use the compliance reporting platform “Global Hotline”. We ensure compliance with the applicable data protection regulations through technical and organizational measures. All data protection terms used in this privacy notice have the meaning assigned to them in the EU General Data Protection Regulation (“GDPR”), the Turkish Personal Data Protection Law No. 6698 (“KVKK”), the US California Consumer Privacy Act (“CCPA”), or other corresponding national or regional legislation.

 

1. Data Controller and Contact Details

 

The Data Controller responsible for processing your personal data in relation to the Global Hotline is:

 

Hyundai Mobis Co., Ltd. (Headquarter)

203, Teheran-ro, Gangnam-gu

Seoul, 06141, Republic of Korea

E-Mail & Data Protection Officer: goood@mobis.com

 

EU Representative

Mobis Parts Europe N.V.

Frankfurt Office, Frankfurter Straße 60-68

65760 Eschborn, Germany

E-Mail & Data Protection Officer: DPR@mobis.com

 

Mobis Türkiye Representative

Asım Kibar Organize Sanayi Bölgesi 2. Cadde No:4

41310 İzmit-Kocaeli/TÜRKİYE

E-mail & Data Protection Officer: sedathr@mobis.com

 

2. Data Subjects

 

All natural persons that submit a report

All natural persons that may be mentioned in a report

 

3. Categories of Personal Data, Purpose of the Processing, Legal Basis

 

We process the following personal data or categories of personal data for the purposes and according to the legal basis indicated below:

 

Personal Data	Purpose of the Processing	Legal Basis
Reporting Person:   The Reporting Platform can be used without disclosing any personal data – any report can be anonymous.   However, on a voluntary basis, the reporting person can disclose some personal data, such as name, E-Mail-Address, contact details etc.   Persons that are Part of the Report:   Any personal data that the reporting person discloses as part of the report, such as name, E-Mail-Address, contact details, work details, information about the reported incident etc.	Checking the validity and relevance of a report; conducting internal investigations to clarify grievances and violations, including updating and supplementing the data stored in the Global Hotline   Informing the accused, witnesses and other parties involved in the proceedings of the report, giving them the opportunity to comment and fulfilling their duty to provide information   Involvement of external third parties to support internal investigations (e.g., law firms, forensic or other experts)   Information to public bodies, investigative and supervisory authorities (if required, based on the results of the investigation)   Implementation and review of internal follow-up and remedial measures in the event of grievances and violations – in particular defence and minimization of damage, prevention of further violations and consequences as well as repressive and disciplinary sanctions	./.   Consent of the reporting person   Compliance with legal obligations, depending on applicable laws   Legitimate business interests – the protection and safety of Hyundai Mobis, its employees, its contractual partners; the detection of incompliance with legal and societal obligations; the safeguarding of environmental and health standards

 

4. Recipients or Categories of Recipients

 

Incoming information is received by a narrow circle of expressly authorized and specially trained employees and is always treated confidentially. The case handlers examine the facts of the case and, if necessary, carry out further case-related clarification of the facts.

 

When processing a compliance report or conducting an investigation, it may be necessary to share certain information with other authorized employees within the organization, such as relevant affiliates involved in the reported matter.

 

It may also be necessary to involve external third parties to assist with internal investigations (e.g., law firms, forensic experts or other experts) as well as public bodies, investigative and supervisory authorities.

 

We always ensure that the relevant data protection regulations are complied with when passing on information. Every case handler who receives access to the data is obliged to maintain confidentiality.

 

Any disclosure of personal data will be limited to what is strictly necessary for the purposes described above and in accordance with applicable data protection laws. Access to personal data is restricted on a strict need-to-know basis.

 

Where personal data is transferred to recipients in countries outside the country where you are located, we ensure that appropriate safeguards are implemented in accordance with applicable data protection laws, such as the use of standard contractual clauses or other legally accepted transfer mechanisms.

 

5. Retention Periods

 

We only retain personal data for as long as necessary to process your report or for as long as we have a legitimate interest in doing so.

 

In addition, your personal data may be stored for as long as required under applicable laws to fulfil legal obligations, such as statutory retention and documentation requirements, or if relevant authorities mandate (further) retention as part of external investigation proceedings.

 

Once the legal basis for retention no longer applies, all personal data will be deleted, restricted, or anonymized. If we process your data by means of external service providers, we will arrange for their deletion there immediately upon expiry of the retention period.

 

6. Data Security

 

The Global Hotline is technically implemented on our behalf by a specialized company as our service provider, which has been carefully selected and checked.

 

Personal data and information entered into the Global Hotline is stored in a database operated in a high-security data center, to which only we have access. The service provider has no access to personal data. This is guaranteed by comprehensive technical and organizational measures in a well-established process. The service provider processes data only on our behalf and is contractually bound by strict confidentiality and data protection obligations. Access to personal data is limited and subject to appropriate technical and organizational safeguards.

 

All data is encrypted and stored with multi-level password protection, so that access is restricted to a very narrow circle of expressly authorized recipients. In addition, both we and the service provider, maintain further suitable technical and organizational measures to ensure, in particular, the confidentiality, availability and integrity of the data.

 

7. Your Rights

 

As a data subject you have certain rights, which we outline below. Please note, however, that these rights are not absolute and may be limited in each specific case. Consequently, any requests will first be examined by us and then answered in accordance with applicable law and within the legally set period.

 

Please also note that due to the anonymous nature of the reports, the full exercising of all data subject rights cannot be guaranteed in each case.

 

Data Subjects:

 

Right of Access:

You have the right to obtain confirmation from us as to whether or not we are processing personal data about you. Such information includes, but is not limited to, the categories of personal data, the purposes of the processing and the recipients to which the personal data have been or will be disclosed.

 

Right to Rectification:

You have the right to request from us the correction and completion of inaccurate or incomplete personal data. Where applicable under local law, you may also request that such correction be notified to third parties to whom the personal data have been disclosed.

 

Right to Erasure (“Right to be Forgotten”):

In certain circumstances, you have the right to request that we delete your personal data. In this case, we will delete your personal data immediately or arrange for it to be deleted, unless there are legal grounds, which permit or require us to keep the personal data. Where applicable, you may also request that such deletion be notified to third parties to whom the personal data have been disclosed.

 

Right to Restriction of Processing:

Under certain circumstances, you have the right to demand that we restrict the processing of your personal data. In this case, the relevant data will be marked and may only be processed by us for specific purposes.

 

Right to Data Portability:

Under certain circumstances, you have the right to receive the personal data relating to you in a structured, commonly used and machine-readable format. You have the right to have the data transferred or transmitted directly to another controller.

 

Right to Object:

Under certain circumstances, you have the right to object to the processing of your personal data on grounds relating to your personal situation, or where personal data have been used for marketing purposes.

 

Right to Withdraw Consent:

If you have given your consent to the processing of your personal data, you may withdraw this consent at any time and without giving any reasons with effect for the future. However, such a withdrawal does not affect the lawfulness of any prior processing. Where processing is based on another legal ground under applicable law, such processing may continue to the extent permitted by law.

 

Right to Lodge a Complaint:

You also have the right to lodge a complaint with the competent data protection supervisory authority if you believe that we are not processing your personal data in accordance with the GDPR. You may also have the right to seek remedies or compensation for damages suffered as a result of unlawful processing, where provided under applicable law.

 

Additional Rights may apply depending on your country of residence under applicable data protection laws (including but not limited to the GDPR, KVKK or other local regulations).

 

To exercise your rights, please contact us as indicated in section 1.

 

8. Changes to this Privacy Notice

 

This privacy notice may require updating from time to time – for example due to changes in the law or the introduction of new technologies or services. We therefore reserve the right to change or amend this privacy notice at any time. We will immediately publish any changes here.