PRIVACY POLICY FOR USER (Installer and End-user) (AU)

 

■ General

LG Energy Solution, Ltd. (hereinafter referred to as “The Company”, “we”, or “us” interchangeably) cares about your privacy. The Company provides many products and services. This privacy policy applies specifically to LG RESU HOME Monitor website (https://www.lgresuhomemonitor.com) and Mobile Application (LG RESU HOME Monitor). This privacy policy does not apply to any other LG Energy Solution branded products or services.

The purpose of this Privacy Policy is to explain why we may collect your private information, how we collect personal information, what we collect personal information, how we use and process personal information, how we may share personal information, and what controls and rights you have. Your personal information may only be used for the enhancement of product quality of the Company, including the provision of proper aftersales service.

By using the Services, you consent to the terms of this Privacy Policy.

The Company may amend this Privacy Policy as required by relevant laws or Company’s internal regulation.

 

■ Purpose, and the kinds of personal information that we may collect

 

1. Purpose

For the purposes of providing battery maintenance, monitoring the status of LG RESU HOME products, and providing warranty services.

 

2. Personal information we may collect and hold

1)     Required Information which will be collected when creating an account:

- ID in form of E-mail address

2)     Required Information which will be collected when the installed system is registered into the created account as 1) above:

- Inverter Serial Number

- Installation Address (Street/Zip Code/City/State·Territory)

- Inverter Data of the installed product (Power, Voltage, Current, PV Generation records, Fault records)

- BMS Data of installed product (Voltage, Current, Temperature, SOC, SOH, Serial Number, System Status, Version, Type)

- Periodic Data of Product

 

3. Method of Collection

Website: www.lgresuhomemonitor.com

Mobile Application: LG RESU HOME Monitor

Through installed inverters at users’ houses

 

4. Legal grounds of processing personal information

1) The Company processes personal information for purposes related to the performance of a contract, i.e. for the purposes necessary to perform the contract – this concerns customers who are natural persons and are parties to the contract with the Company.

2) Personal information is also processed in order to comply with obligations resulting from legal provisions, e.g. tax regulations and other provisions that apply to the Company

3) The Company may process personal information for administrative purposes, conducting internal policies, financial planning, debt collection, processing inquiries and complaints, pursuing claims and defending against claims, verification of compliance with internal procedures, marketing of Company’s products and services i.e. for purposes of the legitimate interest of the Company.

 

4) In other cases, the Company may process personal information based on a voluntary consent to the processing of data and for the purposes indicated in such consent. Then a legal basis for processing is the customer’s consent.

 

You are not legally obliged to provide your personal information. However, if you don’t provide personal information to the Company, you may be restricted from entry into the contract, performance of the contract including remittance of payment, which means that collection of data is necessary for the purposes herein. The provision of personal information in order to fulfil the legitimate interest of the Company is voluntary, but necessary for the achievement of the above objectives. In the case of consent, providing personal information by the customer is voluntary, and not giving such consent has no negative consequences.

 

 

■ Retention period

The Company retains the personal information for the period as required by relevant laws. The Company may retain the data which may be used for proving the existence of the contract and the performance of such contract for the period of the contract and by the time all the rights or obligations under the contract are terminated or may retain data until the expiration of the claim limitation period, whichever is longer. - in accordance with the data retention policies applied by the Company. And the Company will destruct personal information without delay when the customer requests or Purpose has been completed.

You may obtain the data retention policies by contacting the Company. Your personal information will be retained in servers located within the Commonwealth of Australia.

 

■ Recipients

Except for the following cases, the Company will not disclose personal information with a third party.

Your use of our Platform may require the transfer, storage, and processing of your personal information within and outside of your country of residence consistent with this policy. In particular, your personal information could be transferred to third parties residing in regions outside of the Commonwealth of Australia.. For the places where the personal information is transmitted, retained or processed, the Company will take reasonable measures to protect your personal information.

Scope	Regions (of data subjects)	Recipient	Purpose
Personal information	Republic  of Korea (South Korea), People’s Republic of China.	-       Installers, -       The third parties of the Installer -       The third parties contracted by the Company such as service providers and auxiliary agents for RMA(Return Material Authorization) and truck roll reimbursement.	Product Installation, Monitoring, Maintenance

 

Furthermore, depending on the circumstances, the personal information may be transferred to other entities, e.g. entities providing services to the Company, such as IT service providers, advisers, auditors, and to the extent that it is necessary to fulfill obligations resulting from legal regulations, e.g. to the government authorities.

 

■ Deletion of personal information

1. The Company will delete the personal information without delay, when the purpose of personal information processing is achieved or the retention period is expired unless the personal information is necessary or mandatory by the laws or the contract with the third party.

2. In case of the personal information in the form of the paper, the Company uses the paper shredder to dispose of such data or incinerate the paper, and in case of the personal information in the form of the electronic files, the Company deletes the data by using the means which preclude any restoration of such data.

 

■ Your Rights

1. The Company has obligation and responsibility to ensure your rights with regard to personal information in the Company retained in any form such as electronic files, papers.

2. You have the right to access personal information about you and seek the correction of such information;

3. You may exercise its rights under this Privacy Policy by contacting the personal information protection department/team as specified below and upon receiving your request, the Company will promptly respond. The Company may request that you provide a copy of any identification so that we can verify your identity.

4. The Company may request the Power of Attorney and the copy of identification by which the Company can verify the existence of legitimate delegation to your representative, should you choose to exercise your rights through your representative.

5. You may withdraw your consent at any time without prejudice to the lawfulness of personal information processing before your withdrawal of consent.

 

■ Automated decision making, including profiling

The Company does not adopt any automated decision making including profiling which produces legal effects concerning you or similarly significantly affects you. The Company will give prior notice to you about the logic, necessity, expected results of the automated decision making system, if the Company expects to adopt any automated decision making system.

 

■ Processing of personal information

Personal information shall be processed to the extent of “Purpose and legal grounds of processing personal information” and, without prior notice, shall not be processed beyond such scope and purpose.

The personal information are transferred through secured cable or VPN and Company adopts technical and organizational measures necessary to ensure transferred personal information not to be lost, stolen, disclosed, altered or destructed. If you need further information regarding technical and organizational measures to be adopted, you can always contact us via our personal information protection department/team, upon which we will promptly respond to your inquiry.

 

■ Technical and Organizational Measures

 

The Company shall take the following technical and organizational security measures to protect personal information:

 

1. Organizational management and dedicated staff responsible for the development, implementation, and maintenance of the Company’s information security program.

2. Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to the the Company organization, monitoring and maintaining compliance with the Company policies and procedures, and reporting the condition of its information security and compliance to senior internal management.

3. Maintain Information security policies and make sure that policies and measures are regularly reviewed and where necessary, improve them.

4. Communication with the Company applications utilizes cryptographic protocols such as TLS to protect information in transit over public networks. At the network edge, stateful firewalls, web application firewalls, and DDoS protection are used to filter attacks.

5. Data security controls which include logical segregation of data, restricted (e.g. role-based) access and monitoring, and where applicable, utilization of commercially available and industry-standard encryption technologies.

6. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g. granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access promptly when employment terminates or changes in job functions occur).

7. Password controls designed to manage and control password strength, and usage including prohibiting users from sharing passwords.

8. System audit or event logging and related monitoring procedures to proactively record user access and system activity for routine review.

9. Physical and environmental security of data center, server room facilities and other areas containing client confidential information designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor and log movement of persons into and out of the Company facilities, and (iii) guard against environmental hazards such as heat, fire and water damage.

10. Operational procedures and controls to provide for configuration, monitoring, and maintenance of technology and information systems according to prescribed internal and adopted industry standards, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from the Company possession.

11. Change management procedures and tracking mechanisms to designed to test, approve and monitor all changes to the Company technology and information assets.

12. Incident / problem management procedures design to allow the Company investigate, respond to, mitigate and notify of events related to the Company technology and information assets.

13. Network security controls that provide for the use of enterprise firewalls and layered DMZ architectures, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.

14. Vulnerability assessment, patch management, and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.

15. Business resiliency/continuity and disaster recovery procedures, as appropriate, designed to maintain service and/or recovery from foreseeable emergency situations or disasters.

 

■ Personal Information Protection Management Director

Department Name: LG Energy Solution Information Security Department

 

■ Personal Information Protection Management Department

① Department Name: LG Energy Solution Security Policy Team

② Tel: +82-2-3773-3340

③ Email: privacy.es@lgensol.com  

 

■ AU Representative
① LG Energy Solution Australia Pty Ltd

② Tel: 1300 178 064

③ Email: essserviceau@lgensol.com

 

 

■ Personal Information Handlers

① Department Name: LG Energy Solution Residential Team

② Tel: +82-2-3773-6236

③ Email: bowow@lgensol.com

 

■ Right to lodge a complaint with a supervisory authority

You have a right to lodge a complaint against the Company or the Office of the Australian Information Governor (OAIG) should you believe that there is a breach of the Privacy Act of 1988, the Australian Privacy Principles (APP) or relevant laws and/or regulations. However, we strongly recommend that you lodge a complaint against us first before lodging a complaint against OAIG so that we can promptly respond to your concerns and rectify any possible breaches.

 

■ Your obligation                                                                                                

If you provide to the Company personal information of your employees, agents, directors, partners, associates, business partners, suppliers and others, you must inform them that the Company is the data controller of their personal information and that it processes their personal information in accordance with the principles set out above, and if requested by the Company, you are obliged to provide the Company with confirmation of the provision of such information.

 

■ Protection of personal information of children

The Company does not collect any information from the children under 13 or equivalent minimum age as prescribed in the laws in relevant jurisdiction.

 

■ Selling of personal information

The Company does not and will not sell any personal information.

 

■ Enforcement of Privacy Policy

This Privacy Policy shall enter into force on the date you consent to the use of your personal information on our website (www.lgresuhomemonitor.com) or our mobile application (LG RESU HOME Monitor). We may update our Privacy Policy from time to time in order to comply with changes in relevant regulations, and such updated Privacy Policy shall be in effect from the date the updated Privacy Policy is uploaded on our website.