• HMM (Europe) Limited (HMM / we / us) collect and process personal information relating to customers and suppliers to manage inquiries and requests and to enable HMM to provide its products and services.
• We are committed to protecting the privacy and security of personal information, to providing clear information about how your personal information is processed and to complying with our data protection obligations.
• This Privacy Notice applies to current and former customers and suppliers, and third party customers and suppliers where personal information is processed to enable HMM to provide its products and services.
• This website is provided and controlled by HMM, Hyundai Group Building, 194 Yulgok-Ro, Jongno-Gu, Seoul Republic of Korea.

A. About us HMM (Europe) Limited, a company registered in England and Wales with company number 03220919, with its registered office address at Fourth Floor City Reach, 5 Greenwich View Place, Mill Harbour, London, E14 9NN. HMM acts as data controller in respect of the personal information that we process. This means that we are responsible for deciding how we hold and use personal information about you.
Our obligations in relation to processing your personal information are set out in this Privacy Notice. We have appointed a Data Protection Officer (DPO) Jaewon Lee to oversee compliance with data protection laws.
If you have any questions about this Privacy Notice, how we handle your personal information or you would like to update the information we hold about you, please contact the HR team on +44 (0) 207 477 7177 who will refer you to the Data Protection Officer (DPO) as needed. We recognise and respect the importance of the privacy of the users of our website. This Privacy Notice accounts for the personal information used / collected via this website. If you do not agree with the terms herein, please do not use this website and delete the cookies placed by the website.

B. About this Privacy Policy This Privacy Notice was last updated in October 2020 and we reserve the right in our sole discretion to amend and / or delete this Privacy Notice at any time without providing prior notice to you. We therefore encourage you to review our Privacy Notice when you visit the website from time to time to stay informed of how we are using your personal information. This Privacy Policy tells you what personal information we collect and why we need it, how we use it during and after your dealings with us and what protections are in place to keep your personal information secure. It also sets out your rights in relation to your personal information.
It is important that you read this Privacy Policy, and any Privacy Policy that we may subsequently provide to you, so that you are aware of how and why we are processing your personal information.

A. What is 'personal information', or 'personal data'? Your 'personal information' or 'personal data' means any information about you from which you can be identified - either by reference to an identifier (for example your name, location data or online identifier (IP address)) or from factors specific to your physical, cultural or social identity (for example your social background, outside interests, etc.). It does not include data where the identity has been removed (such as anonymous information).

B. What personal information do we process? HMM collects and uses personal information that you provide including:

• name
• address
• contact telephone number(s)
• email address
• membership login ID
• membership password
• IP address

A. Where do we collect your personal information from? Customers and suppliers: We collect your personal information:

• From you: we typically collect your personal information directly from you through the customer/supplier 'new registration' process; and / or
• from HMM group companies (the Group): we may need to obtain information from our head office in Korea, in particular in relation to existing customers and / or suppliers of HMM.

Third party customers and suppliers:

We collect your personal information:

• From our existing customers and suppliers for the purposes of determining product collection / delivery sites.

A. What is the legal basis for using your personal information? United Kingdom The General Data Protection Regulation (GDPR) came into force on 25 May 2018. Under GDPR, we need to be clear about your legal basis for collecting personal information. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR and is the UK's implementation of the General Data Protection Regulation (GDPR). We will ensure that we will treat all personal information in accordance with data protection legislation, including the General Data Protection Regulation and Data Protection Act 2018.

EU Countries The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) that was implemented May 25, 2018 and requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory.
Although we process the personal data of EU citizens or residents, or we offer services to such people, the GDPR applies to you even if you are not in the EU. GDPR Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.

Russia HMM website is also targeting customers in Russia and the GDPR’s requirements and this policy do not contradict Russian data privacy regulations, as such this policy is to be followed also by this country customers and visitors.
This is because the GDPR covers not only data controllers in the EU, but also businesses in any country that target individuals who are in the EU. The GDPR does not require the adoption of relevant regulations at the national level and applies directly to data controllers. We will only process your personal information when the law allows us to. In most cases, we will process your personal information where it is necessary:

• To perform the contract we have entered into with you (e.g. addresses to determine product collection / delivery sites and bank details in order to pay suppliers) (basis 1); or for our legitimate interests as a business (e.g. membership management and identification) (basis 2).

Where we rely on basis 2 as a reason for processing personal information, we have considered whether those interests are overridden by data subjects' rights and freedoms and have concluded that they are not. We may also process your personal information in the following circumstances, but this is likely to be rare:

• with your specific consent; or
• where it is needed in the public interest.

B. What is the purpose for processing your personal information? We need all the personal information listed in 2B above. We process your personal information for a number of purposes, including but not limited to the following (in relation to each, we have also identified the legal basis for processing your personal information by reference to each legal basis set out in 4A above):

• to manage inquiries and requests (1, 2);
• to provide HMM products and services (1); and
• to deal with legal disputes (2).; and
• health & safety compliance (1, 2); and
• customs and excise (1, 2)

Some of the grounds for processing will overlap, and in some cases, there will be several grounds which justify our use of your personal information.

C. Change of purpose We will only use your personal information for the purposes for which we collected it, unless we reasonably consider we need to use it for another purpose that is compatible with the original purpose.
If we need to use your personal information for an unrelated purpose, we will notify you and explain the basis upon which that is necessary.

A. Our Company would like to send you information about products and services of ours that we think you might like. If you have agreed to receive marketing, you may always opt out at a later date. You have the right at any time to stop Our Company from contacting you for marketing purposes or giving your data to other members of the Our Company Group. If you no longer wish to be contacted for marketing purposes, please click here or do use the email address at the bottom of this policy.

A. When might we need your consent? We will only seek and rely on your consent where you are fully informed and your consent can be freely given.
There may be limited circumstances where we will approach you to obtain your explicit consent to allow us to process certain particularly sensitive data, or other personal information.
If so, we will provide you with full details of the information that we require and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that you do not have to provide your consent and it will not impact on your contract with us if you do not consent.

B. What is your data protection rights? Our Company would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

C. Your right to withdraw consent If you do provide your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for that purpose. If you wish to withdraw your consent, please do apply the form at the end of this policy.

A. How do we secure your personal information? We have security measures in place to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, or inappropriately altered or disclosed. In addition, we limit access to your personal information to those who need to process that information for business reasons. They will only process your personal information on our instructions and are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach as appropriate and in accordance with our legal obligations.

A. Sharing your personal information within HMM Where this is necessary to perform the contract, we have entered into with you or for the purposes of membership management and identification, our personnel and agency personnel will have access to some of your personal information.

B. What is the legal basis for sharing your personal information with third parties? We may share your personal information with third parties, including third party service providers and other entities in the Group, in the following situations:

• where required by law.
• where it is necessary to perform the contract, we have entered into with you; or
• where we have another legitimate interest in doing so as a business.

In these circumstances, we require third parties to respect the security of your data and to treat it in accordance with the law.

C. What protections are in place? Where third parties process data on our behalf, they do so on the basis of our written instructions; they are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. We do not permit our third-party service providers to use your personal information for their own purposes – they may only process your personal information for specified purposes and in accordance with our instructions.

D. Which third parties process your personal information? We may disclose your personal information to the third parties listed below where relevant to the purposes described in this Privacy Notice. This might include other companies within the Group as part of our regular reporting activities on company performance, in the context of a business reorganization or Group restructuring exercise, for system maintenance support and hosting of data, in order to provide services to you.

• agents, contractors that provide services to us (e.g. IT services and our logistics suppliers);
• regulatory authorities including but not limited to Customs;
• security providers; and
• professional advisers.

Further details can be obtained from the Data Protection Officer (DPO) whose details are set out in 1B above.

A. International data transfers Your personal information may be disclosed to members of the Group outside the EEA.
In EU we operate in many countries as listed in our website www.hmm21.com

B. What protections are in place? HMM has an intra-group data transfer agreement in place which regulates cross-border transfers of your personal information within the Group. You have a right to request a copy of any data transfer agreement under which your personal information is transferred (which may have sections redacted for reasons of commercial sensitivity), or to otherwise have access to information about the safeguards in place. If you require further information about this, you can request it from the Data Protection Officer (DPO) whose details are set out in 1B above.

A. Data retention We will retain your personal information only for as long as is reasonably necessary to satisfy the purposes for which it was collected, and for the purposes of satisfying any legal, accounting or reporting and regulatory requirements. These legal and other requirements mean we must retain certain records for a set period of time. In addition, we retain certain records in order to resolve queries and disputes that may arise from time to time. When your personal information is no longer required for the purposes for which it was collected and processed, we will securely destroy or anonymise your personal information in accordance with our Data Retention Policy.

A. Inform us of changes Please ensure you inform us if your personal information changes. It is important that the personal information we hold about you is accurate and current.

B. Your rights in relation to your personal information You have a number of rights in relation to the personal information we hold about you, including the right:

• to request access to any personal information we hold about you - or in some cases, to obtain a portable copy of it or to have it transferred to a third party.
• to ask to have inaccurate data amended.
• to erase your personal information, or to restrict or challenge the processing of your personal information in limited circumstances.
• the right to withdraw your consent to the processing of your personal information at any time where such processing is based on your consent; and
• to lodge a complaint with the Information Commissioner’s Office (ICO) (the UK supervisory authority for data protection issues).

If you want to make one of these requests, please contact the Data Protection Officer (DPO) whose details are set out below, in writing and we will give you a copy of the data we hold about you as soon as possible, and within 1 month at most. In certain circumstances, on particularly complex or multiple requests, the organisation can take a further 2 months to provide data. In this case, we will tell you within 1 month of your request why there is a delay.

C. When information can be withheld There are some situations when HMM is allowed to withhold information, for example if the information is about:

• the prevention, detection, or investigation of a crime
• national security or the armed forces
• the assessment or collection of tax
• judicial or ministerial appointments

You are entitled to request us to erase any personal data we hold about you under EU General Data Protection Regulation (GDPR). We will do our best to respond promptly and, in any event, possibly within one month of the following:

• Our receipt of your written request; or
• Our receipt of any further information we may ask you to provide to enable us to comply with your request, whichever happens to be later.

The information you supply in this form will only be used for the purposes of identifying the personal data you are requesting that we erase and responding to your request. You are not obliged to complete this form to make a request but doing so will make it easier for us to process your request quickly.

SECTION 1: Details of the person requesting information Full name:
Address:
Contact telephone number:
Email address:

SECTION 2: Are you the data subject Please tick the appropriate box and read the instructions which follow it.

• YES: I am the data subject. I enclose proof of my identity (see below).(Please go to Section 4)
• NO: I am acting on behalf of the data subject. I have enclosed the data subject’s written authority and proof of the data subject’s identity and my own identity (see below). (Please go to Section 3)

To ensure we are erasing data of the right person we require you to provide us with proof of your identity and of your address. Please supply us with a photocopy or scanned image (do not send the originals) of one or both of the following:

• 1)
  Proof of Identity
  Passport, photo driver’s license, national identity card, birth certificate.
• 2)
  Proof of Address
  Utility bill, bank statement, credit card statement (no more than 3 months old); current driver’s license. If we are not satisfied you are who you claim to be, we reserve the right to refuse to grant your request.

SECTION 3: Details of the data subject (if different from section 1) Full name:
Address:
Contact telephone number:
Email address:

SECTION 4: Reason for erasure request Given the sensitive nature of erasing personal data, GDPR Article 17(1) requires certain conditions to be met before a request may be considered. Please supply us with the reason you wish your data to be erased and please attach any justifying documents to this one.

• □
  You feel your personal data is no longer necessary for the purposes for which we originally collected it.
• □
  You no longer consent to our processing of your personal data.
• □
  You object to our processing of your personal data as is your right under Article 21 of the GDPR.
• □
  You feel your personal data has been unlawfully processed.
• □
  You feel we are subject to a legal obligation of the EU or Member State that requires the erasure of your personal data.
• □
  You are a child, you represent a child, or you were a child at the time of the data processing and you feel your personal data was used to offer you information society services.

SECTION 5: What information do you wish to erase? Please describe the information you wish to erase. Please provide any relevant details you think will help us to identify the information. Providing the URL for each link you wish to be removed would be helpful. Also, please explain, if it is not abundantly clear, why the linked page is about you or the person you are representing on this form. Please note that. In certain circumstances, where erasure would adversely affect the freedom of expression, contradict a legal obligation, act against the public interest in the area of public health, act against the public interest in the area of scientific or historical research, or prohibit the establishment of a legal defense or exercise of other legal claims, we may not be able to erase the information you requested in accordance with article 17(3) of the GDPR. In such cases you will be informed promptly and given full reasons for that decision. While in most cases we will be happy to erase the personal data you request, we nevertheless reserve the right, in accordance with Article 12(5) of the GDPR, to charge a fee or refuse the request if it is considered to be “manifestly unfounded or excessive.” However, we will make every effort to provide you with the erasure of your personal data if suitable.

SECTION 6: Declaration Please note that any attempt to mislead may result in prosecution. I confirm that I have read and understood the terms of this subject access form and certify that the information given in this application to ___________________ is true. I understand that it is necessary for_______to confirm my/the data subject’s identity and it may be necessary to obtain more detailed information in order to locate the correct personal data. Signed: ................................................ Date: ................. Documents which must accompany this application:

• Evidence of your identity (see section 2)
• Evidence of the data subject’s identity (if different from above)
• Authorization from the data subject to act on their behalf (if applicable)
• Justification for erasure of data (see section 4)

Please do send the filled form at ehqhr@hmm21.com or via post at this address. HMM Data Protection Officer 6th floor 2 Harbour Exchange,
Harbour Exchange Square,
London, E14 9GE