<Company name> (hereinafter “Company”) has
the following processing policy in order to protect the personal information,
rights and interests of users and to handle complaints related to personal
information smoothly in accordance with the Personal Information Protection
Act.
Revisions to the “Company's” Privacy Policy will be
notified through announcements on the website (or individual notification).
○ This policy is effective as of January 1, 2021.
1. Purpose of Personal Information Processing. The
“Company” utilizes the personal information collected for the purposes
described below. The collected personal
information will not be used for any purpose other than as stipulated below,
and if there are any changes to the purpose, the Company shall obtain prior
consent from the users.
A. Website membership registration and management
Personal information is processed for the purpose
of identification and authentication according to the provision of the
membership service, identification according to the implementation of the
limited identification system, and prevention of illegal use of the service.
B. Processing of civil complaints
Personal information is processed for the purpose
of verifying the identity of the complainant, checking the complaint,
contacting the complainant for fact checking, and notifying the results.
C. Provision of goods and services
Personal information may be used for service
provision purposes.
D. Utilization of marketing and advertising
activities
Personal information may be used for the purpose of
checking the validity of services, determining the access frequency, and
statistical reference of members’ service use.
2. Status of Privacy Files
1. Personal information file name : Personal information
Personal information items: E-mail, mobile phone
No., company telephone No., title, department, company name, access log, access
IP info., and legal representative’s name
Collection method: Website
Reason for retention : Consent to use of personal
information
Retention period : 3 years
Related laws : Records regarding the collection,
processing, and use of credit information : 3 years, Records of consumer
complaints or dispute settlements : 3 years, Records of contracts or
application withdrawal : 5 years
3. Period of personal information processing and
retention
① The “Company” processes and retains the personal
information during the designated period of use as agreed upon with the
information object and according to laws concerning the retention and use
period of personal information.
② The period of personal information processing and
retention according to the service type is as follows :
1.<Processing of civil complaints>
Personal information related to <processing of
civil complaints> is retained and used for the aforesaid purposes for 3
years from the date of agreement to the collection and use of personal
information.
Reason for retention : Consent to use of personal
information
Related laws : 1) Records of consumer complaints or
dispute settlements : 3 years
2) Records of contracts or application withdrawal :
5 years
Exceptions :
4. Provision of personal information to third party
① The “Company” may provide a third party with the
personal information only when falling under Articles 17 and 18 of the Personal
Information Protection Act, such as the consent of the personal information
subject and special provisions of the law.
② The “Company” provides personal information to a
third party as follows :
1. Company
Those who are provided with personal information :
“Company”
Purpose of the receiver’s use of personal
information: E-mail, mobile phone No., company telephone No., title,
department, company name, and legal representative’s name and mobile phone No.
Receiver’s retention and use period : 3 years
5. Rights and obligations of the information
subject and legal representative and how to exercise such rights. As a personal
information subject, a user may exercise the following rights :
① An information subject may exercise the right to
request the “Company” for opening, correcting, deleting, and suspending the use
of personal information anytime.
② The act of exercising the rights stated in
Paragraph 1 above may be implemented in writing or via e-mail or fax in
accordance with Article 41-1 of the Enforcement Ordinance of the Personal
Information Protection Act. In response, the “Company” shall take measures
accordingly without delay.
③ An information subject may exercise the rights
stated in Paragraph 1 above through a legal representative or an entrusted
individual. In this case, the user shall
submit a letter of attorney using Annex Form No. 11 of the Enforcement
Regulations of the Personal Information Protection Act.
④ The information subject’s right to request
opening or suspending the of use of personal information may be restricted in
accordance with Article 35, Paragraph 5 and Article 37, Paragraph 2 of the
Personal Information Protection Act.
⑤ As for the correction and deletion of certain
personal information items, in case the relevant law specifies such items as a
basic requirement, the request for deletion may not be accepted.
⑥ The “Company” shall confirm whether the person
who made the request, such as a request for opening, correcting/deleting, or
suspending the use according to the right of the information subject, is the
information subject or a legitimate agent.
6. Personal information items to be handled
① The “Company” handles the following personal
information items:
1<Processing of civil complaint>
Required items: E-mail, mobile phone No., company
telephone No., title, department, company name, and legal representative’s name
and mobile phone No.
- Optional items :
7. Once the purpose of handling the personal
information is fulfilled, the “Company” destroys the personal information
without delay in principle. The procedures, deadlines and methods of
destruction are as follows.
-Destruction procedure
Information that is entered by a user is
transferred to a separate database once its purpose is fulfilled (in the case
of paper, a separate filing cabinet), and then destroyed after the designated
period in accordance with internal directions or related laws on privacy
protection. Personal information transferred to a DB is not used for any other
purpose unless required by law.
-Destruction deadline
The personal information of the user is destroyed
within 5 days of the final date of retention if the retention period expires
and within 5 days of the date when the handling of personal information is
judged as unnecessary for reasons such as fulfillment of handling personal
information, termination of service, completion of business, etc.
-Destruction method
Personal information saved in electronic file
format is deleted by means of a technical method that makes opening the file
impossible.
8. Installation, operation, and denial of devices
automatically collecting personal information
The “Company” does not use “cookies” that save and
frequently load the usage logs of the information object.
9. Person in charge of protecting personal
information
① The “Company” is responsible for overall personal
information processing, and designates a person in charge of personal
information protection as follows to handle complaints and damage relief from
information subjects related to personal information processing.
▶ Person in charge of protecting personal information
Name :
Title :
Position :
Contact info :
② An information subject may inquire with the
personal information protection manager and responsible department about
personal information protection, unsatisfactory service, remedies for damage,
etc. regarding the service (business) offered by the “Company.” The “Company”
will reply to such inquiries without delay.
10. Change to Privacy Policy
①The present privacy policy comes into effect on
the enforcement date. When there are any additions, deletions, or corrections
of a provision according to related laws or regulations, such shall be notified
at least 7 days before its application.
11. According to Article 29 of the Personal
Information Protection Act, the “Company” takes technical, managerial, and
physical measures for information security as follows:
1. Minimization and training of personnel handling
personal information
The “Company” designates the minimal number of
employees in charge of handling personal information so that the personal
information is handled only by the designated individual(s) in charge
2. Technical measures for hacking, etc.
In order to prevent leakage and damage of personal
information caused by hacking or computer viruses, the “Company” installs
security programs, regularly updates and performs checks, installs systems in
areas where access is controlled externally, monitors and blocks technically
and physically.
3. Personal information encryption
A user’s password is encrypted when stored and
managed and is known only to the user. For files including vital data,
additional security functions such as encryption and file locking are applied.
4. Retention of access logs and forgery prevention
The logs of access to the personal information
processing system are stored and managed for at least six months, and security
functions are used to prevent forgery, theft, or loss of access logs.
5. Control of unauthorized individuals’ access
Personal information is stored in a physically
separate location, and access control procedures are established and operated.
Korean
Chinese
Home
