Privacy & Information Processing Policy items
Article 1 General provision
“Personal information” refers to such information about a living individual that can identify said individual, such as name and resident registration number (including information which alone cannot identify a certain individual, but can be easily combined with other information to be used to identify that individual).
“Information principal” refers to a person who can be identified by the processed information and is the principal of that information.
Article 2 Personal information items collected and the purposes of using them
The Company processes the minimum personal information necessary for service provision.
1. Personal information items
Name, phone number(cell phone number), e-mail, connection IP information, service use record, access log, cookie, MAC address
2. Purpose of processing
- - Responding to user inquiries
- - Dealing with civil complaints including suggestions, complaints and service requests
- - Providing stable service and improving quality by analyzing connection frequency, collecting service use statistics, and analyzing users’ service use
Article 3 Processing and retention period of personal information
The Company will destroy any personal information collected immediately after the purpose of collecting and using the personal information has been achieved. However, the following information will be retained for the following reasons for a specified period of time and, if necessary, the consent of the information principal will be obtained.
1. Personal information items collected on the website
- - Retained items : Name, phone number(cell phone number), e-mail
- - Retention period: 1 year (until the consent is withdrawn, however, if the consent of the information principal was obtained for the purpose of marketing or advertising)
- - Retention reasons : user identification, responding to user inquiries, dealing with civil complaints including suggestions, complaints and service requests
2. Items that are automatically generated and can be collected in the process of using the website
- - Retained items: connection IP information, service use record, access log, cookie, MAC address
- - Retention period: 3 months or less
- - Reason for retention: checking connection frequency and collecting service use statistics
Article 4 Destruction of personal information
The Company will immediately destroy any personal information collected once the personal information retention period expires or else the purpose of processing thereof has been achieved.
In the event that personal information needs to be retained pursuant to other laws even if the personal information retention period, to which the information principal consented, has expired, or the purpose of processing thereof has been achieved, the personal information will be moved to a separate database (DB) or storage space.
Methods of destroying personal information are as follows:
- 1. Personal information recorded and stored in the form of electronic files must be deleted using a technical method ensuring that the records cannot be reproduced.
- 2. Personal information recorded and stored on paper documents must be shredded on the paper shredder or incinerated.
Article 5 Provision of personal information to a third party
The Company will use personal information within the purview of the purposes of collecting personal information, and will not use personal information outside the purview thereof, or provide it to or share it with a third party. However, exceptions will be made in the following events:
- 1. in the event that the consent of the information principal was obtained;
- 2. in the event that there are special provisions in other laws;
- 3. in the event that prior consent cannot be obtained because the information principal or his/her legal guardian cannot express his/her intention, or his/her address is unknown, and it is clearly deemed urgently necessary for the life, body or pecuniary benefit of the information principal or a third party; and
- 4. in the event that it is necessary for statistics and academic research, and personal information is provide in a way that cannot identify individuals
Article 6 Consignment of personal information processing
The Company consigns personal information processing as follows for the sake of efficiency, and if a consignment agreement is entered into according to related laws, matters necessary for safe management of personal information are stipulated.
1. Website operations
- - Consignee: Nautilus Hyosung
- - Details of consignment: homepage maintenance, system management, etc.
Article 7 Rights and obligations of the information principal and how to exercise these rights
The information principal may exercise the following rights related to personal information against the Company at any time:
- 1. Demanding to view personal information
- 2. Demanding that errors be corrected if any
- 3. Demanding deletion
- 4. Demanding that processing be stopped
Information principals may exercise their rights related to personal information protection by writing, e-mailing or faxing to the Company, and the Company will take necessary measures immediately. [Download form]
If an information principal demands that errors in personal information be corrected or deleted, the Company will not use or provide that personal information until the correction or deletion has been completed.
Information principals may exercise their rights through their agents like legal guardians or consignees. In this event, the power of attorney must be submitted. [Download form]
Article 8 Measures to ensure the safety of personal information
The company applies the following measures to ensure the safety of the personal information it retains.
- 1. Administrative measures: establishment and enforcement of internal control plans, regular employee education, etc.
- 2. Technical measures: installation of access control systems, encryption of important information, using vaccine programs to prevent damages from computer viruses, personal information transmission security systems (SSL) on the network based on encryption algorithms, operation of intrusion prevention systems, etc.
- 3. Physical measures: restriction of access to the computer room, data storage room, etc.
Article 9 Chief Privacy Officer
To protect and process personal information, and deal with complaints related the personal information, the Company has the Chief Privacy Officer and the Department in charge of personal information.
1. Chief Privacy Officer
- - Name: Yeon-ho Kim
- - Position: Manager
- - Contact info: +82-2-3477-6392, firstname.lastname@example.org
(※ You will be connected to the department in charge of personal information.)
2. Department in charge of personal information
- - Department name : Sales Support Team
- - Person in charge : Kyung-young Kwon
- - Phone : +82-2-3477-6395
- - e-mail : email@example.com
Information principals may direct all inquiries, complaints and requests for damages related to personal information protection in using the Company’s service to the chief privacy officer ands department in charge. The Company will provide prompt and sufficient answers to your inquiries.
If you need to report personal information intrusion or need consultation, you may contact the following agencies:
This personal information will go into effect on August 25, 2014.