1. The Purpose of Collecting and Using Personal Information
The Company shall use the collected personal information of the Members only for the purpose as follows: The collected personal information shall not be used for other purpose or purposes than one specified below and the Company shall acquire prior consent from the Members before changing the purpose of the collection and use of personal information.
1) The Provision of Service(s)
The Company may manage (process) personal information for providing and improving contents; providing requested or/and customized information and service; contacting, informing, and/or notifying the results of a civil complaint, requests, and finding a fact.
The Company collects the following personal information through the Website.
Items to Collect: personal information, access IP, cookies, access log, and Internet tag
2. The Retention and Use Period of Personal Information
The Company shall destroy the personal information of a Member when he or she withdraws from his/her consent to the collection and use of personal information. When the purpose of collection and use of personal information has been achieved, the Company, in principle, shall destroy the personal information without delay. However, the following personal information shall be preserved for the specified period as below.
3. Provision of Personal Information to a Third Party
1) The Company may manage the personal information to fulfill the intended purpose(s) of collection and use, in principle, as specified in Article 1 of this Agreement and may not handle it beyond the intended purpose(s) nor provide it to a third party.
4. Entrustment of Management Affairs of Personal Information
The Company is entrusting to a third party the tasks for the effective operation of the Website and smooth management of personal information as specified below.
• Entrusted Company: Hanjin Co. Ltd.
• Entrusted Task: Gifts and merchandise delivery
• Period: until the set objective is fulfilled or as long as the applicable law specifies for use and retention.
The Company, when singing on the contract with the foregoing third party, shall comply with the applicable law (s) related to personal information protection, specify in the contract the prohibition of the Company from disclosing personal information to the third party and resultant responsibilities, and preserve the contract keep the contents of the contract in a written form. When changing the entrusted third party, the Company shall inform the fact to the Members in the form of a notice or the Policy, for which a letter or a post, e-mail, telephone, text message or the equivalent to it will be used.
5. Consent to the Use and Provision of Personal Information
B. Withdrawal from Consent
A User can withdraw from the consent to the collection, use, and use, and provision of his or her personal information and in this case, the service(s) to the User may be limited. In case a User withdraws from the consent to the collection, use, and use, and provision of his or her personal information, the Company shall take a proper measure for his/her personal information including disposing of or destroying it.
6. Matters Concerning Rights and Duties of a Subject of Information, and How to Exercise Them
A Member or his/her representative for those under age 14 can request for inspection, correction, deletion, and/or withdraw from the consent to the collection and use of his/her personal information at any time. In any of the cases above, the Company shall take a proper measure after identifying the requester. A Member can exercise, as a subject of information, the rights as follows.
1) Request for Inspection of his/her (a child under 14) Personal Information
2) Request for Correction and deletion of Personal Information
3) When access, correction or deletion, and suspension of the processing of information is requested based on the rights of a subject of information, the person requesting access should be verified as a relevant party or a lawful representative.
4) When a Member requests an error in personal information be corrected or deleted, etc., the personal information shall not be used or provided until the correction or deletion, etc. has been completed. Nonetheless, if wrong information was already used or provided, it shall be corrected immediately.
[Personal Information Protection Manager]
• Name: Hyeyeon Choi
• Title: Section Manager
• Contact No.: 02-3453-6101 E-mail: email@example.com
7. Personal Information Destruction
The Company, when the purpose of collection and use of personal information has been achieved, shall in principle destroy the personal information without delay. The procedures for and methods for destructing personal information are as follows.
1) Destruction Method
Information used and saved in the form of an electronic file shall be destroyed via technical methods so as to prevent its recycling. Printed or hardcopy versions of personal information shall be shredded or incinerated.
2) Destruction Procedure
The Company shall select out personal information for which the cause of destruction arises and dispose of it under the approval and supervision of a personal information protection manager of the Company. Despite the fact that the retention period of personal information collected as agreed by a Member has expired or/and the purpose has been achieved, it shall be moved to a separate database or a different place for storage if it is bound to continuous retention by the applicable law.
8. Measures to Secure Safety of Personal Information
The technical and managerial measures are being taken as follows by the Company to secure safety for personal information against loss, theft, forgery, or/and damage.
• Managerial Measures: The Company establishes an internal management plan and provides the staff with regular training necessary.
• Technical Measures: The Company takes necessary measures to control access to personal information by granting, revising, and eliminating access rights to the database system that manages personal information, encrypting identifiable unique information, and building security programs.
• Physical Measures: The Company controls access to the computer room, data storage room, etc.
9. Resolution for Infringement on Rights and Interests
A subject of information may apply for conflict resolution or consultation for damage relief against personal information violation(s) at the agencies listed below.
Privacy Violation Reporting Center: (operated under Korea Internet & Security Agency) / privacy.kisa.or.kr (without a telephone exchange number) 118
Personal Information Dispute Mediation Committee / www.kopico.go.kr (without a telephone exchange number) 1833-6972
Cyber Criminal Investigation Division of the Supreme Prosecutors’ Office / www.spo.go.kr / 02-3480-3573
Korean National Police Agency Cyber Bureau. / http://cyberbureau.police.go.kr / (without a telephone exchange number) 182
10. Use and Application of Cookies/Google Analytics
The Company uses 'Cookies" and ‘Google Analytics’ to save and retrieve Members' personal information often, which is aimed to provide them with personalized and customized service. Cookies are very small-sized text files that are stored on the PC through the web browser whenever a user accesses a website.
1) Installation, Operation, and Refusal of Cookies
A Member has the right of choice regarding cookies. He/she can refuse to save cookies by setting options at the top of his/her web browser [Tool >Internet Options>Personal Inf. Menu. A Member, by setting options in the web browser, can allow all cookies, check whenever they are stored, or reject all cookies from being saved. However, preventing cookies from being saved to the computer may lead to inconveniences during the use of certain services of the Website that require login.
11. Obligation of Notification
The Policy shall Policy goes into effect from August 1, 2019. The Company, when a need arises to add, delete, and modify some of the Policy due to a change in the applicable law(s), the Company's internal policy, or security method, shall notify the reason for the change and revised contents of the Policy on the Website before the revised Policy goes into effect.