LG Electronics Inc. (“LGE”) (“we”, “our”, and “us”) respect your privacy.
This Privacy Policy applies to the personal data we collect and process via LGE Internal Reporting System (hereinafter “Internal Reporting System”).
If you submit the Report to LGE, LGE will be considered the sole controller for the purposes outlined in Section 3 herein.
As a part of our duty of transparency, we describe the processing of personal data we may carry out, as controller, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, “GDPR”).
1. Overview
In this Privacy Policy, we describe the types of personal data we collect via the Internal Reporting System for the purpose of investigating potential violations of the law (hereinafter “Investigation”), how we use this information, for how long we keep it and with which parties we share it.
We also explain what rights you have in relation to the use of your personal data, including a right to object to some of the processing we carry out (if provided by applicable law).
We also provide our contact details, so that you can contact us if you have questions about this Privacy Policy and our privacy practices.
This privacy policy also covers personal data that is collected offline or information that is posted or provided by third parties (unless expressly stated otherwise by us).
2. Collected Personal Data
When we refer to personal data in this Privacy Policy, we mean information that relates to an identifiable individual, as defined in GDPR.
When you provide us with your report about acts or omissions that may constitute an infringement of EU laws, local laws or regulations in areas of, including but not limited to, public procurement; financial services, products and markets, and prevention of money laundering and terrorist financing; product safety and conformity; transport safety; environmental protection; radiation protection and nuclear safety; food and feed safety, animal health and animal welfare; public health; consumer protection; and protection of privacy and personal data, and security of networks and information systems (“Report”) via the Internal Reporting System and/or through our Investigation, we may collect personal data about you or persons being reported, e.g. objects of such a Report (“Alleged Wrongdoers”) or witnesses, any third parties, related to and included in the Report.
The use of the Internal Reporting System is voluntary. When you submit a Report via the Internal Reporting System, we collect the following personal data:
- Unless you choose to report anonymously:
o name, e-mail address, Report Verification ID, phone number (including mobile phone number), region, country and content of your Report, including names of Alleged Wrongdoers and personal data of the Alleged Wrongdoers.
o special categories of personal data (e.g. health data) and information about offences or possible criminal offenses;
- Strictly necessary online identifiers (e.g. cookies) to operate the Internal Reporting System.
In case you do not wish to identify yourself, you may submit your Report anonymously and may not provide your personal data to us. In this case, you should be careful not to inadvertently state your name anywhere in your report or list details that could reveal your identity. And if you upload files with the Report, be aware that these contain metadata that may reveal your identity. Consequently, we recommend that you make sure that any compromising metadata is removed from a file before uploading it. Please be informed that even in case of anonymous reporting, we may collect personal data of Alleged Wrongdoer, witness or any third parties which are included or attached in your Report.
3. Use of Data and Legal Basis.
We process your personal data that has been collected through the Internal Reporting System for the following purposes and legal basis:
Processing of the personal data within your Report through the Internal Reporting System with the purpose of carrying out the Investigation is necessary to fulfil a legal obligation (Art. 6 (1) (c) GDPR).
After carrying out the Investigation derived from your Report, if LGE need to initiate and manage legal, administrative or disciplinary actions, the processing of your personal data for this purpose is based on the legitimate interest of our company (Art. 6 (1) (f) GDPR) to protect their legitimate interests of any nature.
4. Sharing and Disclosing Data
We transfer, disclose or otherwise make available personal data about you to third parties as described below:
- Service Providers: we transfer or disclose your information to carefully selected companies and individuals that provide services to us: for example companies that help us develop and operate the Internal Reporting System, providers of IT services, security, and website maintenance. These entities are only authorized to access and use your personal data to the extent this is necessary for them to provide us with their services and they are not allowed to use them for other purposes.
- The judicial authority, the Public Prosecutor's Office or the competent administrative authority: Your identity, as well as the personal data provided by you, may be communicated to the judicial authority, the Public Prosecutor's Office or the competent administrative authority in the context of a criminal, disciplinary or sanctioning investigation.
In all cases, we guarantee that such access will be carried out exclusively for the purposes described in this Privacy Policy, in accordance with the data protection regulations and complying with all the technical and organizational measures necessary to ensure the security and confidentiality of your personal data.
5. Retention
Personal Data will be retained for as long as necessary for the purposes listed in this Privacy Policy and as required by law.
In case personal data included in the Report are not necessary for the Investigation, they will be anonymized. Furthermore, if the Report includes special categories of data (such as health data, biometric data, etc.), they will be also anonymized prior to being processed.
6. Your Rights
To the extent provided by applicable law, you can ask us for a copy of the personal data we hold about you (right of access), and you can ask us to delete the personal data (right to erasure) or correct any inaccuracies (right to rectification). You can also ask us to restrict or limit the processing of your personal data (right to restrict processing), right to withdraw your consent, as well as to provide you with personal data that you provided to in a structured, machine readable format, and to ask us to share (port) this data to another controller (right to data portability).
In addition, to the extent provided by applicable law, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet other legal requirement) (right to object in whole or in part to processing).
However, these rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make.
In any case, the rights of deletion or opposition will be limited, if the Report is investigated, the exercise of judicial or extrajudicial actions has been or is to be enacted, and/or the identity of the Alleged Wrongdoer must be preserved.
To make a request concerning your rights or to make an inquiry, use the contact details under the “Contact Us” section below.
7. Security
We take the protection of your data seriously and we have in place safeguards designed to protect the information we collect through the Investigation in accordance with the applicable laws and regulations. For these purposes, LGE has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
However, please note that although we take reasonable steps to protect your information, no website, Internet transmission, computer system, or wireless connection is completely secure.
8. Non-EEA Transfer
Your use of the Internal Reporting System will involve the transfer, storage, and processing of your personal data within and outside of your country of residence, consistent with this Privacy Policy. In particular, your personal data may be transferred to and located or accessed by service providers located in the Republic of Korea.
Please also be informed that the Republic of Korea has been declared adequate level of protection by the European Commission since last 17 December, 2021.
If you are in the EEA (European Economic Area, that is in the European Union and Iceland, Lichtenstein, Norway), UK or Switzerland, we may transfer your personal information to the Republic of Korea and other countries outside the EEA, UK or Switzerland. European Union law recognizes the Republic of Korea as adequately protecting personal information. However, we will take appropriate measures, in compliance with applicable laws, to ensure that your personal information remains protected. Such measures include for instance the use of EU approved model clauses.
9. Updates to Our Privacy Policy
We will update this Privacy Policy when we change the way we use your personal data, or when we are required to do so under data protection laws. We will bring to your attention any material changes to our Privacy Policy in an appropriate manner (for example, by posting a notice on the webpages).
This Privacy Policy was last updated on 26 November, 2024
10. Contact Us
To exercise your rights, or for further information about how we use your personal data, please contact us to the email address:
ethics@lge.com or via post LG Twin tower, 128 Yeoui—daero, Yeongdeungpo-gu, Seoul, Republic of Korea.
Our Data Protection Officer can be contacted at dpo-eu@lge.com, LG Electronics Deutschland GmbH, Alfred-Herrhausen-Allee 3-5, 65760 Eschborn.
If you are not satisfied with how we use your personal data or believe that this is not in accordance with data protection laws, you have the right to complain to the data protection authority where you live, work or where you believe that an infringement of data protection laws has taken place.
