Article 1. Purpose of processing personal information
The Company processes personal information for the following purposes. The collected personal information will not be used for purposes other than the following, and if the purpose of use is changed, we will implement necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1.1. Homepage membership and management
Personal information is processed for the following purpose: checking intention to register, identification and approval process for the registration, maintaining membership, identification in accordance with the implementation of limited personal identification checking policy, prevention of unauthorized use of service, checking consent of legal representatives of collecting personal information of children under 14 years old, varieties of notices and notifications, and customer service.
1.2. Customer Inquiry
The Company process personal information for the purposes of verifying the identity of the person who sent the inquiry, and confirming the details of complaint, and contacting/notifying for further investigation.
Article 2. Collected items of personal information and methods of collection
The Company collects personal information in the below when a user initially registers or when a user is using the service.
2.1 Information collected
2.2 Collection of personal information
① Collecting information that users enter directly through the website / e-mail, etc.
② Collecting information which are confirmed in writing / fax / phone etc. during offline/counselling process.
※ The Company provides the user with a privacy agreement document and its details, with which the users can choose “agree” or “disagree.”
Article 3. Personal information processing and retention period
The Company keep the personal information collected until the objective or purpose of use of personal information is achieved. Additionally, The Company may retain personal information in a manner described below, if it is necessary to preserve it by relevant laws and regulations.
Article 4. Procedure and method of disposal of personal information
4.1 The Company destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period and achievement of the purpose of processing.
4.2 In the event where personal information must be retained in accordance with other laws and regulations, even after the retention period of personal information agreed to by the information owner has elapsed or the purpose of processing has been achieved, the personal information should be moved to a separate database (DB) or be preserved at the different storage location.
4.3 The procedure and method of personal information disposal are as follows.
① Disposal procedure
The Company selects the personal information that has the reason for disposal and destroys the personal information with the approval of the Company's Chief Privacy Officer.
② Method of disposal
The Company should destroy personal information in the form of electronic file by using methods such as low level format to avoid reproduction, while personal information in the form of paper should be shredded or incinerated.
Article 5. Information owner and rights/obligation of legal representative of the information owner
5.1 The information owner may exercise the rights related to the protection of personal information of the following items to the Company at any time.
① Request to peruse personal information
② If there is an error, request to rectify personal information
③ Request to delete personal information
④ Request to stop processing
5.2 The exercise of rights pursuant to paragraph (1), such as a request for access to personal information (hereinafter referred to as "request for an access") may be made to the following departments. The Company will endeavor to promptly process requests such as information from information owner.
① Department in charge of dealing with the request to access personal information
- Department: IT Strategy Division
- Representative: Hwang Woo
- Contacts: firstname.lastname@example.org
5.3 The exercise of rights pursuant to paragraph (1) can be done through agents such as those who have been delegated by the information owner. In this case, one must submit a power of attorney in accordance with Appendix 11 of the Enforcement Rules of the Personal Information Protection Act.
5.4 Requests for the suspension of personal information access and processing shall be made by the information owner pursuant to Articles 35(5) and 37(2) of the Personal Information Protection Act. Rights may be restricted.
5.5 If collection of the personal information is required by other statutes, one is not allowed to request for correction or deletion of the personal information.
5.6 The Company verifies that the person who made the request for perusal, correction/deletion, and suspension of processing according to the right of the information owner is either him/herself or his/her legitimate agent.
Article 6. Measures to secure the safety of personal information
The Company takes the following measures to ensure the safety of personal information.
① Administrative measures: the internal management plan and its implementation, regular staff training, etc.
② Technical measures: Management of rights to access the personal information processing system, installation of access control system, encryption of unique identification information, security program installation.
③ Physical measures: Access control in server room, data storage room, etc.
Article 7. Chief Privacy Officer
7.1 The Company has designated the person and the department in charge of personal information protection by handling complaints related to personal information processing, such as complaint handling and damage relief.
① Chief Privacy Officer
- Name: Hwang Woo
- Position: Head of IT Strategy Division
- Email: email@example.com
※ Email will be transferred to the department in charge of personal information protection.
② Department in charge of Privacy Protection and Management
- Department: IT Strategy Division
- Person in Charge: Hwang Woo
- Email: firstname.lastname@example.org
7.2 The information owner can contact Chief Privacy Officer and the department in charge of privacy protection to inquire personal information protection issues, complaint handling, and damage relief that occurred while using the Company's service (or business) to the person and the department in charge of privacy protection and management. The Company will respond and process any inquiries from the information owner without delay.
Article 8. Remedy for infringement of rights and interests
8.1 The information owner can inquire the following organizations for damage relief, consultation, etc. for infringement of personal information.
8.2 The following organizations are separate from the Company. In case that you are not satisfied with the Company's own personal information complaint handling, damage relief results, or need more help, please contact the organizations below.
① Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Services: Privacy infringement notification, consultation application
- Website: privacy.kisa.or.kr
- Phone: (without telephone prefix) 118
② Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency)
- Services: Personal Information Dispute arbitration, Collective Dispute (civil resolution)
- Website: privacy.kisa.or.kr
- Phone: (without telephone prefix) 1833-6972
③ Supreme Prosecutors' Office Cyber Crime Investigation Division: 02-3480-3571 ( www.spo.go.kr )
④ National Police Agency Cyber Terror Response Center: (without telephone prefix) 182 (www.netan.go.kr)
Article 9. Matters concerning the installation, operation and rejection of automatic personal information collection devices
9.1 The Company operates cookies to support the use of the website and to provide related services. Cookies, which are small text files being sent by the server of the website to the browser of the website user, are stored on the computer of the information owner. The information owner may refuse to store cookies. However, in this case, the use of the website may be inconvenient, or some services may be difficult to use.
① Examples of methods to set up web-cookies
1) For Internet Explorer: Web browser Tools menu> Internet Options> Personal Information> Settings
2) For Chrome: Web browser settings menu> Show advanced settings at the bottom of the screen> Content settings for personal information button> Cookie
Article 10. GDPR compliance for residents in the European Economic Community
10.1 The Company respects the rights of persons living within the European Economic Community (EEC) and the rights protected under the General Data Protection Regulation (GDPR). You have the right (subject to certain limitations) to confirm that the Company is processing your Personal Information, to access the Personal Information we keep about you, to restrict or object to the processing of your Personal Information, and to rectify, erase, and port your Personal Information.
10.2 The Company would like to make sure you are fully aware of all of your data protection rights. If you wish to exercise any of these rights, please contact us as set out below. You are entitled to the following:
① The right to access: You have the right to access your information at any time. Please contact the Company if you wish to access the Personal Information the Company holds about you.
② The right to rectification: You have the right to request that the Company correct any information you believe is inaccurate. You also have the right to request the Company to complete information you believe is incomplete.
③ The right to erasure: You have the right to request that the Company erase all your personal data under certain conditions
④ The right to restrict processing: You have the right to ask the Company to restrict how we process your data under certain conditions. This means we are permitted to store the data but not further process it. We will only keep enough data to ensure that we can accommodate any additional requests.
⑤ The right to object to processing: You have the right to object to the Company processing your data even if our processing is due to legitimate purposes as described in our Privacy Notice.
⑥ The right to data portability: You have the right to request that the Company must allow you to transfer the data that we have collected to another organization, or directly to you, under certain conditions. This right only applies to personal data that you have provided to us as a data controller.
10.3 If you make a request, the Company will respond within one month. If you would like to exercise any of these rights, please email via email@example.com and ask to speak to a privacy compliance manager. Please provide enough information to identify yourself (e.g., name, email address, etc.); Provide proof of your identity and address; and provide the information to which your request relates.
Article 11. Residents in the State of California in the U.S.
California residents are entitled to, once a year and free of charge, request and obtain certain information regarding our disclosure of your personal data to third parties for their direct marketing purposes in the immediately preceding calendar year (ex. request made in 2020 will receive information regarding the disclosure made in 2019). The Company complies with this law by giving you an option to object to our disclosure of your personal data to third parties for their direct marketing purposes. To make such a request, free of charge, please send the Company an email to firstname.lastname@example.org. The Company may need additional information to process your request.
The Company reserves the right to amend and update this policy without prior notice in order to reflect legal and regulatory updates, technological advances, and good business practice. If the Company makes any amendment to the Policy, the Company will update the Policy on the website accordingly.
This amendment of the Policy is effective as of May 1, 2020.