Article 1. Purpose of Processing the Personal Information
① The Company collects and manages the personal information for the following purposes. The processed personal information shall not be used for purposes other than the following and, in the case of change in such purposes, the Company shall take necessary actions, such as obtaining a separate consent in accordance with Article 18 of the Personal Information Protection Act.
- Membership: Confirmation of intention to sign up as a member, verification of qualification for granting access to membership services, retention and maintenance of membership qualification, compliance with the enforced limited identification, prevention of unauthorized use of services, verification of legal representative for processing of personal information of children under the age of 14, notification of important matters regarding services and management of claims.
- Services: Providing services, delivering agreement and invoices, verifying identity, settling payments.
- Supports: Verification of claimant’s identity, confirmation of the claims, communication and notification of verification purposes, and notification of processing status.
Article 2. Processing and Retention Period of the Personal Information
① When collecting the personal information from the Users or during the retention period of the personal information in accordance with the Personal Information Protection Act, the Company shall process and retain the personal information within the processing and retention period consented by the Users.
② The processing and retention period of the personal information shall be as follows:
- Personal information regarding registration and management of the membership: Until the termination of the membership. However, the personal information shall be retained until the circumstances are resolved for the following cases:
A. Investigation in association with violation of laws: Until the investigation is completed
B. Accounts payable outstanding from use of the services: Until the outstanding amounts are paid in entirety
- Personal information regarding use of the services: Until the payment for the services are settled and the services are provided. However, the personal information shall be retained until the circumstances are resolved for the following cases:
A. Records related to transactions at the homepage including representations, advertisements, terms and conditions of the transactions, and performance of such terms and conditions in accordance with the Consumer Protection Act in Electronic Commerce.
- Records on representations and advertisements: Six(6) months
- Record on agreements, withdrawal, payment, relevant services associated with the transactions: Five(5) years
- Records on user complaints or dispute settlements: Three(3) years
B. Records related to verification of communications in accordance with Article 41 of the Communication Secret Protection Act
- Records on date and time of telecommunication of the members, counterparty’s registration number, frequency of use, location tracking data of distribution station: One(1) year
- Records on communications by computers, internet log data, access point tracking data: Three(3) months
Article 3. Providing the Personal Information to the Third Party
The Company processes the personal information of the User in accordance with Article 1 hereof, and provides the personal information of the User to the third party only in accordance with Article 17 of the Personal Information Protection Act.
Article 4. Entrustment of the Personal Information Processing
① The Company entrusts processing of the personal information to third parties for enhanced usability as follows:
② The Company specifies certain conditions in the entrustment agreements including prohibition of processing the personal information for the purposed other than entrustment, technical and administrative protection measures, restriction on re-entrustment, management protocol of the trustee and responsibility of indemnification, and supervises the trustee accordingly.
Article 5. Rights and Duties of the Users Providing the Personal Information
① The User providing the personal information can exercise the following rights in association with the protection of the personal information at any time:
- Inspection of the personal information provided
- Correction, modification or deletion of the personal information provided
- Deletion of the personal information provided
- Suspension of processing the personal information provided
② The User providing the personal information can exercise its rights in accordance with Section 1 above by way of submitting the requesting document via mail, email or fax, and the Company shall take necessary actions without delay.
③ If the User providing the personal information requests correction, modification or deletion of the personal information provided, the Company shall not use or provide the personal information to third parties until such correction, modification or deletion is completed.
④ The User providing the personal information may delegate the exercise of its rights provided in Section 1 above to a legal representative or an agent. In this case, the power of attorney, in accordance with Annex 11 of the Enforcement Ordinance of the Personal Information Protection Act, shall be submitted.
⑤ The information subject shall not infringe on the personal information and privacy of the person or other person handled by the Company in violation of related laws such as the Personal Information Protection Act.
Article 6. Items for Processing the Personal Information
① The Company processes the following items of the personal information:
- Registration and management of the membership
A. Required items: name, date of birth, ID, password, address, phone number, gender, email address
B. Optional items: marital status, area of interest
- Delivery of the services
A. Required items: name, date of birth, ID, password, address, phone number, gender, email address, payment information such as credit card number or bank account information
B. Optional items: area of interest, previous purchase history
② The following personal information may be automatically produced and collected during the use of internet browser:
- IP address, cookies, MAC address, record of services used, visit log and defective usage record
Article 7. Procedures and Methods of Destroying the Personal Information
① The Company, in principle, shall delete the personal information without delay, if the purpose of processing the personal information is achieved.
② Nevertheless, if the personal information needs to be preserved pursuant to relevant laws and regulations, the Company shall transfer such information to a separate storage space for preservation.
③ The procedures and methods of destroying the personal information are as follows:
- Procedures: The Company shall destroy any unnecessary personal information under the responsibility of the person in charge of the personal information.
- Methods: Electronic data shall be destroyed through technical methods making it impossible to be restored. Paper documents containing the personal information shall be shredded or incinerated.
Article 8. Measures to Secure Safety of the Personal Information
① The Company is taking the following measures to ensure the safety of personal information:
- Administrative measures: Establishment of an administrative manual and education of the staff with the manual
- Technical measures: Restriction of access to the personal information, encryption of the personal information, and installation and maintenance of computer security software
- Physical measures: Control of physical access to the storage facility
Article 9. Installation, Operating or Rejection of Automatic Data Collecting System
② A cookie is a fragmented piece of data sent from an organization’s web server to the User’s web browser, and can be stored in the User’s computer hard drive.
Article 10. Personnel Responsible for Protecting the Personal Information
① The Company designated the following person as the information security officer taking charge of protecting the personal information and communicating with the Users regarding relevant matters:
Information Security Officer
Name: Sang-Hoon Jin
* Directed to the Department of Information Security.
② The Users providing the personal information may contact the Information Security Officer or Department of Information Security for any question, claim and/or indemnification in association with matters related to the personal information in using the services provided by the Company.
Article 11. Request for Inspection of the Personal Information
① Pursuant to Article 35 of the Personal Information Protection Act, the User providing the personal information may request inspection of the personal information provided directly to the following contact of the Company. The Company shall handle the request without delay.
Article 12. Remedies for Infringed Rights or Interests
① The User providing the personal information may consult with the following organizations for remedies regarding the infringement of the personal information:
- Personal Information Infringement Report Center
A. Scope: Report infringement on the personal information and request for consultation to resolve infringement
B. Website: privacy.kisa.or.kr
C. Phone: +82-118 (without area code)
D. Address: 3F Personal Information Infringement Notification Center, 9 Jinheung-gil, Naju, Jeollanan-do, Republic of Korea 58324
- Personal Information Dispute Mediation Committee
A. Scope: Mediate the personal information dispute or collective disputes
B. Website: www.kopico.go.kr
C. Phone: +82-1833-6972
D. Address: 3F, Government Complex in Seoul, 209 Sejong-daero, Jongno-gu, Seoul, Republic of Korea 03171
- Supreme Prosecutors’ Office, Cybercrime Investigation Department: +82-2-3480-3573 (www.spo.go.kr)
- Korean National Police Agency, Cyber Security Bureau: +82-182 (cyberbureau.police.go.kr)
Article 13. Effective Date