• Treatment of the Personal Information
• Operational Management for the Video Information Processing Devices

Section 1. General Provisions

Article 1. (Purpose) The purpose of this Management Regulations (hereinafter “This Regulation”) is to stipulate detailed matters related to operation and management of Video Information Processing Devices pursuant to Article 25 of the Personal Information Act.

Article 2. (Definition) The definitions of terms used in This Regulation are as follows:

• ① The term “video information processing devices” means a device pursuant to Article 2(7) of the Personal Information Protection Act.
• ② The term “Closed Circuit Television (hereafter CCTV)” refers to a system that transmits imagery information collected by a photographing device installed in a certain space (area) only to a designated recipient through a closed wired or wireless transmission circuit.
• ③ The term “imagery information” refers to information that can confirm the identity of the individual by means of an image photographed by CCTV.
• ④ The term “Data Subject” refers to a natural person who is the subject of the relevant imagery information as a person identified by imagery information.
• ⑤ The term “processing” means inputting imagery information collected by CCTV and refers to the treatment of imagery information excluding collection by storing, transmitting, editing, deleting, and/or similar acts.
• ⑥ The term “Digital Video Recorder (hereafter DVR)” refers to a device that compresses and converts imagery data input to analog and digital cameras and stores them on a hard disk.

Article 3. (Scope of Application) This Regulation is applicable to imagery information collected and processed through CCTVs and DVRs installed and operated in the premises of Mottrol Co., Ltd.

Section 2. Installation and Operation of Video Information Processing Devices

Article 4. (Basis for Installation) CCTV shall be installed and operated as per the grounds of each paragraph below.

• ① Article 25(1) of the Personal Information Protection Act
• ② Presidential Directive No. 28 of Integrated Defense Guidelines (Integrated Defense Div.-1196)
• ③ Security Service Directive for Defense Industry (Ministry of Defense Directive No. 1276 “Section 4. Facility Security”)

Article 5. (Purpose of Installation) CCTV is installed and operated for the purpose of each of the following paragraphs.

• ① Control of access to company facilities, prevention of unauthorized intrusion by unauthorized persons, reinforcement of boundaries in outer areas, and protection of company property.
• ② Prevention of fire and safety accidents, crime detection in major areas of the Company, etc.

Article 6. (Installation Status) CCTV installation status is shown in the table below, and if necessary, it can be additionally installed in accordance with the relevant laws.

No. of CCTV	Location	CCTV Shooting Area
7	Fenced area	Area around the fence
1	Information Officer at the main gate	The entrance to the main gate
1	The exterior wall of the main building	The roadside of the entrance to the main gate in the premises
2	The front of the warehouse	Product loading/unloading area around the distribution warehouse
1	The exterior wall of the 5th Factory	The roadside of shipment area
1	Hydraulics Quality Audit Room	Inside the Audit Room
1	Inside the entrance to the driving technology laboratory	Entrance to the laboratory (inside)
13 in total

Article 7. (Management Team) The managing team in charge of CCTV installation and operation are as follows:

• ① Manager in charge : Head of the Management Department
• ② Department in charge : Security Team
• ③ Authorized Person to access to video information: head of the management team, staff of department in charge, and access-approved person by the head of the management department

Article 8. (Filming Time, Retention Period, etc. )

• ① CCTV does not use a recording function and is filmed 24 hours a day, and in principle, the retention period of video data stored in DVR, etc. is for one month, but it necessary, a separate space can be secured to extend the period.
• ② Integrated control is implemented in the information office at the main gate, which maintains a 24-hour working system for some CCTVs.

Article 9. (Retention and Disposal)

• ① The recorded video data is retained at the main gate where the device is installed, and the data from the driving test laboratory and the hydraulics quality Audit Room are stored separately on the computer room server.
• ② The disposal of recorded footage is automatically set up and operates accordingly as soon as the retention period expires.

Section 3. Measures for Requests such as Perusing Video Information by the Data Subject

Article 10. (Measures for Requests such as Perusing Video Information by the Data Subject)

• ① Access to video information shall be made in accordance with Article 5 (Purpose of Installation), and shall not be viewed or provided to anyone other than those who make the request for video information and not used for any other purposes or viewed by persons without the authorization to access.
• ② When the Data Subject requests perusing of video information, etc., they must submit an application for viewing to the preliminary management manager for approval who will disclose the video information to the Data Subject within the necessary scope. However, video information that may request perusing, etc., is clearly limited to imagery information and only necessary for the benefit of the Data Subject’s urgent life, body, and/or property.
• Request Form for Video Information

Article 11. (Place for Peruse and Playback) Perusing after approval for viewing pursuant to Article 10(2). The playback place is the place where the DVR is installed, and if necessary, the perusing place can be changed depending on types of data such as screen capture data.

Section 4. Measures to Protect Video Information

Article 12. (Managerial and Technical Measures)

• ① Actual place for perusing and playback of video information transmitted by CCTV is designated as an access restricted area, and access to personnel other than those granted access is strictly monitored.
• ② In operating the DVR, the head of management department shall deal with the video information by applying ID and password in preparation for illegal access, modulation, leakage, and/or damage.
• ③ The person in charge of management through CCTV monitoring should take necessary measures, such as training of security guards, to prevent any leakage of the captured images, and/or related matters identified between work shifts.

Article 13. (Physical Measures)

• ① For real-time recording and safe retention of stored data, lead bars should be mounted on a device equipped with DVRs so that they cannot be opened arbitrarily.
• ② The opening of the DVR equipment shall be executed only for legitimate reasons such as approval or repair of the equipment under Article 10(2).

Section 5. Other Matters Related to Installation, Operation, and Management

Article 14. (Restrictions on the Collection and the Processing of Imagery Information) When imagery information is collected by CCTV, the camera shall not be operated to change the direction of filming elsewhere beyond the purpose of installation.

Article 15. (Duty of Confidentiality)

• ① A person who is processing or has processed video information shall not use it for improper purposes, such as leaking information learned in their duties, processing it without authority, and/or providing it to others.
• ② In order to protect video information, the head of the management department executes a pledge to security guards and video information applicants to comply with the protection of imagery information.

Article 16. (Maintenance of CCTV)

• ① CCTV equipment must be inspected monthly by the head of the management department to maintain the normal operation of the equipment.
• ② For repair and maintenance of recording equipment, the damaged equipment can be taken out to an external location with the approval of the head of the management department. When taking out the damaged equipment, the act of separating the hard disk or backing up the storage contents on a separate storage medium, deleting, and taking out the contents stored on the hard disk, etc., shall be taken under security measures.

Article 17. (Others) Matters nor prescribed in This Regulation shall be handled in accordance with the Personal Information Protection Act or in compliance with security regulations (including information security) and the Company regulations.

Bylaws

Article 1. (Enforcement Date) This Regulation takes effect on July 16, 2012.