You may refuse to consent to the collection and use of personal information, and you may be restricted from membership if you decline.
Article 1: Collection and use of personal information
The Company does not collect personal information that may be of a breach of basic human rights such as race, ideology, creed, or health status, family and relatives, academic background, and other social activities. The items collected by the Company are as follows:
1. Membership registration: telephone number, name, E-mail address, password
2. Generated information: Log data, Cookie, IP address, history of use
B. Purpose of use
The Company will only use your personal information for the following purposes and will not use it for any purpose other than for the purpose of prior disclosure or consent.
1. Membership service provision: Personal identification, personal identification, provision of age-restricted services, confirmation of the applicant's identity, confirmation of membership, restriction of re-entry, record of inquiries and dispute settlement, confirmation of membership withdrawal
2. Development of new services and utilization in marketing · advertising: Providing new services and providing customized services, providing services according to statistical characteristics, advertising, verifying the validity of services, providing event and advertisement information and participation opportunities, statistics on member's service use.
C. The Company collects personal information
The Company collects personal information with the consent of the member in the following way.
A. Web page, mobile application, written form, fax, telephone, e-mail
B. Collection through generated information collection tool
Article 2: Details of provision of personal information to 3rd party
The Company uses the personal information of the user only to the extent notified in Article 1 (collection and use of personal information), and will not use beyond the scope or provide it to a third party without the user's prior consent. However, exceptions are as follows:
A. When it is difficult to obtain the usual consent for economic and technical reasons as personal information required to carry out the contract for the provision of information and telecommunication services on a regular basis
B. When necessary for the settlement of charges according to the service provision
C. If there are special provisions in this or any other law.
Article 3 Terms on Consignment of Personal Information Processing
A. The Company consigns the following minimum personal information processing procedures to enable external professional companies to carry out some of the tasks required to provide smooth and improved services to its users.
- consignee: WiseM Co., Ltd. (commissioned for sending messages)
- consignee: Amazon Web Services Inc. (commissioned for data archiving, E-mail delivery)
B. The Company provides only a minimum amount of personal information to carry out the service of the commissioned contract. The contract stipulates matters such as prohibition of personal information processing for purposes other than commissioned service, limitation of re-commissioning without consent of service providers, management and supervision of consignees, and compensation for damages. In commissioning process of personal information, in order to secure safety of personal information , the Company supervises and ensure to expressly state in the agreement with subcontractors so that those subcontractors will safely process personal information by strictly complying with directions regarding personal information protection, keeping personal information secret, not disclosing it to a 3rd party and being liable for accidents and returning or destructing personal information upon termination of the commission or process.
Article 4 Period for retention and use of personal information
A. Personal information data collected with your consent is stored and destroyed as shown below.
1. Request for membership withdrawal
B. The company has the obligation to preserve records of transactions in e-commerce and mail-order sales for a considerable period and keeps the following information for the period set by the law to confirm transaction-related rights and obligations
1. Record of subscription withdrawal, etc.: 5 years (Consumer Protection Act in Electronic Commerce etc.)
2. Record of payment and goods supply: 5 years (Consumer Protection Act in Electronic Commerce etc.)
3. Record of dissatisfaction or dispute of consumer: 3 years (Consumer protection law in electronic commerce etc.)
4. Information related to the use of the service (login record, etc.): 3 months (Communication Privacy Protection Act)
Article 5 Deletion of Personal Information
In principle, the Company destructs the information immediately after the purposes of its collection and use have been achieved without delay: Provided that, if any information is to be retained as required by relevant laws and regulations, the Company retain it for the period as required by those laws and regulations before destruction and, in such event, the personal information which is stored and managed separately will never be used for other purposes.
The Company destructs:
hard copies of personal information by shredding with a pulverizer or incinerating it;
and delete personal information stored in the form of electric file by using technological method making that information not restored.
Article 6 Technical and Administrative Measures for Personal Information Protection
The following technical and administrative measures are being taken to ensure safety to prevent personal information from being lost, stolen, leaked, tampered with or corrupted in the handling of users' personal information.
A. We establish and implement an internal management plan for the safe handling of personal information.
B. We take the following measures in connection with the installation and operation of access control devices such as an intrusion prevention system to prevent unauthorized access to personal information.
1. Establishing and enforcing standards for granting, modifying, and revoking access rights to database systems that are systematically organized to process personal information (hereinafter referred to as "personal information processing system")
2. Installation and operation of intrusion prevention system and intrusion detection system for personal information processing system
3. Establish and operate standards such as password generation method and change cycle
C. We take the following measures to prevent forgery and alteration of connection record.
1. When a personal information handler accesses personal information processing system and processes personal information,
2. Keeping a history of access to your personal information processing system in a separate storage device
D. We take the following measures as a security measure using encryption technology to securely store and transmit personal information.
1. One-way encryption storage of password
2. Measures to securely transmit user's personal information and authentication information through encrypted communication (SSL / TLS)
E. We install anti-virus software that periodically checks and treats the infiltration of malicious programs such as computer viruses and spyware on the personal information processing system and information devices that personal information handlers use to process personal information and periodically updates and checks them.
F. The Company regularly educates employees who process personal information.
G. The minimum personal information handler is designated and operated.
Article 7 User’s Rights
A. The user may revoke the consent of the company to collect, use, or provide personal information at any time, or exercise the right to protect personal information such as viewing and correcting personal information and usage status.
B. Personal information protection rights can be exercised through written, telephone, e-mail, fax, etc., and the company will take action without delay.
C. If a user requests correction of errors in personal information, we will not use or provide the personal information until the correction is completed. In addition, if wrong personal information is already provided to a third party, we will notify the third party of the result of the correction, and the correction will be made.
D. The company allows registration for members aged 19 and over.
Article 8 Terms on Cookie Management
A. Cookie is a string of information that a web server sends to a web browser for storage and then sends back to the server when there is an additional request from the server. The Company operates a cookie for the convenience and personalized service of the user and collects information only for the user's ID.
1. When a user uses a service or an additional service,
2. Enhanced protection of information
3. Save user's preference and provide convenient service that is optimized for the user
4. Service improvement by analyzing the usage patterns of users
C. You have a right to collect cookies and if you want to deny this, you can do the following:
1) Internet Explorer
- Tools > Internet Option > Privacy > Custom Setup
- Right Top Setting Icon > Setting > Advanced Setting > Privacy > Content Setting > Cookie
However, there may be some difficulties in providing services when declining cookie collection
D. If you refuse to store all cookies, some of the services provided by your company through cookies may be difficult to use.
Article 9 Staff responsible for managing personal information
1. The company is doing its best to ensure that users can use the service safely. Members may report all personal information related complaints that may arise in the process of using the service to the dedicated department, and the company will promptly respond to the user's report. The contact information of the department are as follows:
Staff responsible for managing personal information
Name: Sang Hyun Lee (CTO)
Division: Laboratory Lead / Engine
Name: Park Geon Yong (manager)
Division: APP development team
Department: Management Team
Article 10 Addendum
The contents of this personal information processing policy may be subject to change such as addition, deletion and amendment of contents according to the related laws, government guidelines and company policy, and in which case, will notify via the website. However, if significant changes are made to the user's rights, such as the types of personal information to be collected, the purpose of use, etc., at least 30 days’ notice shall be provided.
1. Date of announcement: 2018.09.01
2. Effective date: 2018.09.01