"Personal Information Protection Act" and to promptly and smoothly address related complaints.
The Company processes personal information for the following purposes.
The processed personal information will not be used for purposes other than the following,
and if the purpose of use is changed, the Company will take necessary measures,
such as obtaining separate consent in accordance with Article 18 of the "Personal Information Protection Act".
① Website membership registration and management
Processing personal information for purposes such as confirming the intention to join as a member,
verifying and authenticating the member‘s identity for the provision of member-only services,
maintaining and managing membership qualifications, preventing service abuse,
confirming the consent of the legal representative when processing personal information of children under 14 years of age,
sending various notices, handling complaints, etc.
② Provision of goods or services
Processing personal information for purposes such as delivering goods,
providing services, sending contracts and invoices, providing content, providing personalized services,
verifying identity and age, processing payment and settlement of fees, debt collection.
③ Utilization for marketing and advertising
Processing personal information for purposes such as developing new services or products,
providing customized services, providing information and opportunities for participation
in events and promotional activities, confirming the effectiveness of services,
analyzing the frequency of access, and generating statistics on member‘s service usage.
The Company processes the following personal information:
- ① Provision of inquiry services
1. Required items: Name, email, company/affiliation, department
- ② Utilization for marketing and advertising
Required items: Name, email, company/affiliation, department
- ① The Company processes and retains personal information within the period specified by law for retention and use of personal information or the period agreed upon with the data subject at the time of collecting personal information.
- ② The processing and retention period of personal information obtained with consent from the data subject at the time of collecting personal information is as follows.
|Sortation||Reasons for retention||Period of use
|Introduction Inquiry||Receiving deployment inquiries and providing services||1 year after inquiry processing|
|Technical/support inquiries||Receive technical/support inquiries and provide services||1 year after inquiry processing|
|Affiliate Inquiry||Receive Affiliate Enquiries||1 year after inquiry processing|
|Recruitment Inquiry||Receiving recruitment inquiries and providing services||1 year after inquiry processing|
※ In this regard, if there are special provisions under the law, they will be kept in accordance with the provisions under the law.
- ③ The personal information retained and the retention period according to the relevant laws and regulations are as follows.
|Classification of personal information||Statute of limitations||Retention period|
|Records on contract or subscription withdrawal, etc.||Act on Consumer Protection in Electronic Commerce, Etc.||5 years|
|Records on payment and supply of goods, etc.||5 years|
|Records on payment and supply of goods, etc.||3 years|
|Records on indications and advertisements||6 months|
|Books and evidential documents for all transactions stipulated by the tax law||Basic National Tax Act, Corporate Tax Act||5 years|
|Records of electronic financial transactions||Electronic Financial Transaction Act||5 years|
|Records on identity verification||Act on Promotion of Information and Communications Network Utilization and Information Protection||6 months|
|6 months||Protection of Communications Secrets Act||3 months|
- ① The company processes personal information only within the scope specified in Article 1 (Purpose of processing personal information),
and only in cases falling under Articles 17 and 18 of the 「Personal Information Protection Act」,
such as consent of the information subject and special provisions of the law. We provide personal information to third parties.
- ② Based on the customer‘s prior consent, the company provides personal information to third parties as follows.
1. Use cloud service
|Recipient||Provided items||Purpose of use||Retention and use period|
|Email, mobile phone number, login ID, date of birth, name,
Credit card information, bank account information, service use records, access logs, cookies,
Access IP information, payment record, subscription route, personal information provided by the customer with consent
|Customer‘s service use period|
2. Send event prizes
|Recipient||Provided items||Purpose of use||Retention and use period|
|Mobile phone number, personal information provided by the customer with consent||Delivery of goods, sending text messages, Consultation work related to other services||Until the user achieves the purpose of use|
① The company entrusts the following personal information processing tasks for smooth personal information processing.
|Recipient||Contents of entrusted business||Consignment period|
|AWS||Purchasing and payment, delivery of goods or sending invoices,
identity verification (financial transaction, financial service),
fee collection, identity verification according to the use of membership service,
handling civil complaints such as complaint handling,
delivery of notices, development of new services (products),
and Provision of customized services, provision of event and advertisement information and opportunities
to participate, and other service-related consultations
|User‘s service use period or
dispute handling period
User‘s service use period or dispute handling period
③ If the contents of the entrusted business or the consignee are changed, we will disclose it through this personal information processing policy without delay.
- ① The information subject can exercise the rights such as viewing, correcting, deleting, and requesting suspension of processing of personal information at any time against the company.
- ② The exercise of rights pursuant to Paragraph 1 can be done in writing, e-mail or fax (FAX) in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the 「Personal Information Protection Act」, and the company will take action without delay.
- ③ The exercise of rights pursuant to Paragraph 1 can be done through an agent, such as a legal representative of the information subject or a person who has been delegated.
In this case, you must submit a power of attorney in accordance with the “Public Notice on Personal Information Processing Methods (No. 2020-7)” Annex No. 11.
- ④ The information subject‘s request to view and suspend processing of personal information may be restricted in accordance with Article 35 Paragraph 4 and Article 37 Paragraph 2 of the 「Personal Information Protection Act」.
- ⑤ In the case of a request for correction or deletion of personal information, if the personal information subject to the request for correction or deletion is specified as the subject of collection in other laws and regulations, the request for correction or deletion of the personal information cannot be made.
- ⑥ The company verifies whether the person who made the request for access, correction or deletion, or suspension of processing according to the rights of the information subject is the information subject himself or a legitimate agent of the information subject.
① The company destroys the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing.
② Even if the personal information retention period agreed to by the information subject has elapsed or the purpose of personal information processing has been achieved, if personal information must be kept in accordance with the relevant laws and regulations in Article 3, Paragraph 3 of these Guidelines, the personal information It is preserved by moving to a separate database (DB) or in a different storage location.
③ Paragraph 2 Personal information will not be used for any purpose other than the purpose for which it is retained, except as required by law.
④ The procedure and method of destroying personal information are as follows.
- 1. Destruction procedure
The company selects the personal information for which the reason for destruction occurred and destroys
the personal information with the approval of the person in charge of personal information protection of the company.
- 2. Destruction method
Information in the form of electronic files uses a technical method that cannot reproduce the record.
Personal information printed on paper is shredded with a shredder or destroyed by incineration.
The company takes the following measures to ensure the safety of personal information.
① Regular self-audit
In order to secure stability related to personal information handling, we conduct regular self-audits (once a quarter).
② Minimization and training of staff handling personal information
We are implementing measures to manage personal information by designating employees who handle personal information and limiting those who handle personal information to those in charge, minimizing the number of employees who handle personal information.
③ Establishment and implementation of internal management plan
We establish and implement an internal management plan for the safe handling of personal information.
④ Technical measures against hacking
The company installs a security program to prevent leakage and damage of personal information
caused by hacking or computer viruses, and periodically updates and inspects it.
We install a personal information processing system in an area where access from outside is controlled,
technically and physically monitor it, and block unauthorized access to the personal information processing system.
⑤ Encryption of personal information
Of the user‘s personal information, the password is encrypted and stored and managed so that only the user can know it,
and important data encrypts or encrypts files and transmission data.
Separate security features such as file locking are used.
⑥ Storage of access records and prevention of forgery/falsification
Records of access to the personal information processing system are kept and managed for at least six months,
and security functions are used to prevent forgery, alteration, theft, or loss of access records.
⑦ Restriction of access to personal information
Necessary measures are being taken to control access to personal information by granting, changing, or canceling
access to the database system that handles personal information.
We use an intrusion prevention system to control unauthorized access from outside.
⑧ Use locking device for document security
Documents and auxiliary storage media containing personal information are stored in a safe place with a lock.
⑨ Access control for unauthorized persons
We set up a separate physical storage location for storing personal information, and establish and operate access control procedures for it.
- ① The company uses ‘cookies‘ that store and retrieve user information from time to time in order to provide personalized services to users.
- ② Cookies are a small amount of information that the server (http) used to run the website sends to the user‘s computer browser, and is sometimes stored on the hard disk of the user‘s PC computer.
1. Purpose of using cookies: It is used to provide optimized information to users by identifying the types of visits and usage of each service and website visited by the user, popular search keywords, secure access, etc.
2. Installation/Operation and Rejection of Cookies: You can refuse to save cookies by setting options in the Tools < Internet Options> Personal Information menu at the top of the web browser.
3. If you refuse to save cookies, you may experience difficulties in using customized services.
- ① The company is responsible for overall handling of personal information processing,
and for handling complaints and damage relief of information subjects related to personal information processing
The person in charge of personal information protection and the person in charge of personal information protection are designated as follows.
|Personal Information Protection Officer||Personal Information Protection Officer|
|Name||Jin-woo Seo||Name||Sung-wong Jo|
|Phone number||+82-2-3486-5896||Phone number||+82-2-3486-5896|
② The information subject may inquire about all personal information protection related inquiries,
complaint handling, damage relief, etc. that occurred while using the company‘s service (or business)
to the person in charge of personal information protection and the person in charge of personal information protection
and the department in charge. The company will respond to and process inquiries from information subjects without delay.
The information subject may request the viewing of personal information in accordance with Article 35 of the Personal Information Protection Act to the following departments. The company will make every effort to promptly process the personal information access request of the information subject.
|Personal information viewing request reception/processing department|
The information subject can apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee and the Personal Information Infringement Reporting Center of the Korea Internet & Security Agency in order to receive relief from personal information infringement.
- In addition, please contact the following organizations for reporting or consulting of other personal information infringement.
1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
2. Personal information infringement reporting center: (without area code) 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors‘ Office: (without area code) 1301 (www.spo.go.kr)
4. National Police Agency: (without area code) 182 (cyberbureau.police.go.kr)
If there is any addition, deletion or modification of the contents of the current personal information processing policy, it will be notified at least 7 days before the revision.
However, if there is a significant change in user rights, such as collection and use of personal information and provision to a third party, it will be notified at least 30 days in advance.