1. Purpose of Handling Personal Information
The Company will handle/manage personal information for the following purposes. No personal information handled shall be used for any purpose other than the following purposes, and the Company will obtain prior consent before the purpose of use is changed.
1) Handling Service Complaints The Company will handle personal information for the purposes of communication/notification to report the identity of a complaining client and investigate the facts, and if necessary, give a notice of result.
2. Period of Handling/Retention of Personal Information
① The Company will handle and retain personal information during the term of handling/retention of personal information stipulated in the relevant laws or the term of handling/retention of personal information to which the information subject has consented when collecting personal information.
② The periods of handling/retention of personal information shall be as follows: 1) Handling complaints: Up to three (3) years from the date of consent on collection/use - Relevant law: Record on consumer complaint and dispute resolution: Three (3) years
3. Matters Related to the Outsourcing of Personal Information Management
① The Company outsources the management of personal information to enable smooth management, as follows: 1) Homepage System Operation Support -. Outsourcing Service Provider: Dongwon CNS -. Details of Outsourced Operations: Support for operation/management of Homepage
② When entering into an outsourcing service agreement, the Company shall specifically prohibit the handling of personal information for purposes other than performing outsourcing operations, technical/managerial protection, restriction on re-consignment, management/supervision of outsourced service provider, and shall specify liability, such as compensation for damage, etc. in the relevant document, such as a contract, in accordance with Article 25 of the Act on Protection of Personal Information, and shall supervise to ensure that the Outsourcing Service Provider manages personal information in a safe manner.
4. Rights/Obligations of Information Subject & Method of Exercise
① At any time, the information subject may exercise the rights related to the protection of personal information set forth in the following items:
1) Request for inspection of personal information 2) Request for correction, if there is any error 3) Request for deletion 4) Request for suspension of handling
② The rights under Section 1 may be exercised by giving the Company a written document, e-mail or fax in accordance with the form provided in Attachment 8 to the Enforcement Rule of the Act on Protection of Personal Information, and the Company shall take necessary measures without delay.
③ In the event that the information subject requests the correction or deletion of any error in personal information, the Company will not use or provide the applicable personal information until correction or deletion is completed.
④ The rights under Section 1 may be exercised by any representative, such as a legal representative of the information subject or a person authorized by the information subject. In such case, a power of attorney shall be submitted in accordance with the form provided in Attachment 11 to the Enforcement Rule of Act on Protection of Personal Information.
5. Items of personal information handled
① The Company manages and handles the following items of personal information:
1) Handling complaints - Mandatory information: Name, contact information and e-mail address
2) The following items of personal information may be generated and collected during the use of the Internet service: - Browser type and OS, search term and visit history of a user - IP address, date of visit, erroneous use record, cookies, etc
6. Matters Related to the Destruction of Personal Information
① The Company shall destroy the applicable personal information without delay when such personal information becomes unnecessary, due to the expiration of the term of retention of personal information or the accomplishment of the purpose of its handling.
② If it is necessary to continue to retain personal information in accordance with other relevant laws and regulations, even if the term of retention of personal information whose information subject has consented has expired or the purpose of handling has been accomplished, the applicable personal information shall be transferred to a separate database or preserved in a different place of storage.
③ The procedure and method of destruction of personal information shall be as follows: 1) Procedure for destruction The Company shall select personal information that should be destroyed, and destroy such personal information with the approval of the person in charge of the Personal Information Management Department of the Company. 2) Method of Destruction Any personal information recorded and saved in the form of electronic files shall be unrecoverably destroyed, and any personal information recorded and saved on paper shall be destroyed by shredding or burning.
7. Matters Related to Securing the Stability of Personal Information
The Company takes the following measures to secure the stability of personal information: 1) Managerial Measures: Establishing/implementing internal management plans, regular education/training for employees, etc. 2) Technical Measures: Managing access authority to the Personal Information Management System, installing the access control system, encryption of unique identification information, installing security programs, etc. 3) Physical Measures: Access control to computer room, archive room, etc.
8. Matters Related to the Personal Information Manager
① For the purpose of supervising the management of personal information and handling complaints of and damage compensation for information subjects in connection with the management of personal information, the Company designates the Personal Information Manager as follows:
▶ Personal Information Manager Name: SEO Jeong-Dong Position: Head of Office Contact Information: 82-2-589-3211, firstname.lastname@example.org ※ Connected to the Department of Personal Information Protection Management ▶ Department of Personal Information Protection Management
Department Name: Public Affairs Office Person in charge: Deputy Manager, KIM Il-kyu Contact Information: 82-2-589-3412, email@example.com
② Information subjects may contact the Personal Information Manager and the Department in charge about matters regarding personal information protection, claim resolution, remedy for damage, etc. arising out of the use of the Company’s service. The Company will respond to and handle the inquiries of any information subject without delay.
9. Remedy for Infringement of Rights
The information subject may contact the following institutes to seek remedy for damage of personal information infringement, consultation, etc.:
▶ Personal information Infringement Reporting Center (Operated by Korea Internet & Security Agency) -.Main Jobs: Reporting personal information infringements, and providing consultation service -.URL: privacy.kisa.or.kr -.Telephone Number: (No local area code) 118 -.Address: Personal information Infringement Reporting Center, KISA, 135 Jungdae-ro, Songpa-gu, Seoul (Postal Code: 138-950) ▶ Personal Information Dispute Mediation Committee (Operated by Korea Internet & Security Agency) -.Main Jobs: Application for personal information dispute mediation, class action mediation (Civil resolution) -.URL: privacy.kisa.or.kr -.Telephone Number: (No local area code) 118 -.Address: Personal information Infringement Reporting Center, KISA, 135 Jungdae-ro, Songpa-gu, Seoul (Postal Code: 138-950) ▶ Cyber Crime Investigation Center of Supreme Prosecutors’ Office: 82-2-3480-3573 (www.spo.go.kr) ▶ Cyber Crime Investigation Center of National Police Agency: 1566-0112 (www.netan.go.kr)