* This policy enforced from January 1, 2017.
1. Purposes of Processing Personal Information
The Company processes personal information for the following purposes.
The processed personal information will not be used for purposes other than the below mentioned purposes and noticed in advance as per Article 18 of the Personal Information Protection Law.
– Request treatment: The personal information is processed for the purpose of identification, request check, contact and notification of fact-finding, and notification of process results.
2. Current state of personal information file
– Name of personal information file: Communication
① Items of personal information: Name, contact info, email
② Collection method: website
④ Retention period: 3 years
3. Rights and obligations of the principal and method of exercise thereof
– The user can exercise the following rights as the Principal of the personal information.
①The Principal may exercise the following personal information related rights to the Company at any time.
A. Request of personal information reading
B. Request of correction if necessary
C. Request of deletion
D. Request of discontinuance
② You may exercise the rights according to the above clause ① via document, e-mail, and fax under Form No. 8 of the Enforcement Rules of the Personal Information Protection Law, and the Company shall take action for it immediately.
③ When the Principal requests correction or deletion of any error in the personal information, the Company shall not use or provide the relevant information until its correction or deletion is completed.
④ The rights under the clause ① may be exercised via a legal representative or designee of the Principal. In this case, the Power of Attorney under Form No. 11 of the Enforcement Rules of the Personal Information Protection Law should be submitted.
4. The Company processes following personal information.
– Treatment of requested matters
① Essential items: Phone number, name, email
5. Destruction of personal information
In principal, the company destroys personal information immediately when the purpose of personal information processing is accomplished. Procedures, time limits and method of destruction are as follows.
The information input by the user is either destroyed immediately or transferred to a separate DB after accomplishment of its purpose (separate document in case of paper document) and kept for a certain period under internal policy or other related regulations before destruction. The personal information transferred to the DB shall not be used for purposes other than a request by law.
② Destruction time
The personal information will be destroyed within 5 days from the termination of retention period when the retention period is terminated and within 5 days from acknowledgement of the uselessness of the information processing when the information becomes unnecessary because of accomplishment of the processing purpose, service deletion and/or business termination.
③ Destruction method
For information in the form of an electronic file, a technical method whereby the record cannot be regenerated shall be used.
6. Actions to secure safety of personal information
The company shall take technical/managerial and physical actions necessary for securing the safety of the information under Article 29 of the Personal Information Protection Law.
① Minimization and Training of Staff dealing with the personal information
② Regular self-audit execution
For securing the safety of personal information processing, the company shall conduct regular self-audits on a quarterly basis.
③ Establishment and execution of the internal management plan
For safe processing of the personal information, the company has established an internal management plan.
④ Technical measures against attack such as hacking
The company installs security programs to prevent leaking and damage of personal information by hacking or computer virus, performs regular updates and inspection, installs the system in a public access controlled section, and monitors and blocks via technical/physical measures.
⑤ Access restriction to personal information
Through grant, change, and cancelation of access rights to the database system to process personal information, the Company takes actions necessary to restrict access and controls unauthorized access from the outside using an intrusion blocking system.
⑥ Keeping log data and forgery prevention
The log data to the personal information system is kept and managed for at least 6 months and a security function is used to prevent forgery, theft and loss of the access log data.
⑦ Access Control to unauthorized person
The physical storage room keeping the personal information is isolated and the access control procedure to this is established and operated.
7. Assignment of personnel in charge of personal information protection
– The Company has assigned the personnel to be in charge of handling personal information protection. They are comprehensively responsible for all tasks related to the processing of personal information, damage recovery and handling complaints thereof.
Department: ESG Management Division. Jong Chul Lee Chief of Dept. e-mail: firstname.lastname@example.org
If you need to report an instance of personal information abuse or if you need advice, please inquire the following institutes.
(1) Individual Dispute Adjustment Committee (www.1366.or.kr/1366)
(2) Korea Internet & Security Agency (www.kisa.or.kr)
(3) National Police Agency Cyber Terror Response Center (www.ctrc.go.kr/02-392-0330)
The Principal may inquire any personal information related questions, submit a complaint, or request damage incurred during use of the service of the Company to be recovered to the personnel and department in charge of personal information protection. The Company will answer and address the inquiry immediately.
Date of notification: 01.01.2017
Date of execution: 01.01.2017