1. 수집하는 개인정보의 처리목적
회사는 고객의 개인정보를 보호하고 개인정보와 관련한 불만을 처리하기위해 아래와 같이 관련 부서 및 개인정보관리책임자를 지정하여 운영하고 있습니다.
1. Purpose for Collecting and Processing Personal Data
The Company uses the personal data listed below for the following purposes:
1) Providing of Services
The Company handles personal data for the purposes of customer consultation, execution/performance of contract, service fee payments/settlements, sending of documents (e.g., invoices), collection of bills, etc.
2) Customer Service/Handling Complaints
The Company handles personal data for the purposes of identification of the enquirer and his/her request and of contact and notification with the enquirer to investigate the request and inform him/her of the results, etc.
3) Marketing and Advertisement
The Company handles personal data for the purposes of providing information and/or invitation to the customers for the Company’s trade fairs, webinars, events, white papers, newsletters, updates, case studies, market studies and promotions related to our product and services (hereinafter “Marketing Information”); of identifying the frequency of access of the Company’s website; and of collecting statistical data of the customers’ uses of the service, etc.
2. Items of Personal Data to be Collected
The Company collects and processes the following personal data:
1) Providing of Services
2) Customer Service/Handling Complaints
3) Marketing and Advertisement
4) The following items might be automatically collected while using the internet service.
3. Processing Personal Data
3) In accordance with the Article 15.2 of the Personal Information Protection Act, when obtaining consent from the customers for collection and use of personal data, the Company will inform the customers of ① purposes for which personal data is collected and used; ② items of personal data to be collected; ③ period for which personal data is retained and used; and ④ the customers’ rights to reject to give his/her consent and details of a disadvantage, if any, due to his/her rejection to give consent. If any of the aforementioned information changes, the Company shall obtain another consent to such changes from the customers in advance.
4. Third-Party Sharing of Personal Data
1) The Company currently does not share personal data of the customers with a third party. However, the Company may exceptionally share personal data with a third party if:
① the Company obtained prior consent from the customers; or
② required by the Relevant Rule(s) or requested by an investigative authority as provided by the laws and procedures.
2) In accordance with the Article 17.2 of the Personal Information Protection Act, when obtaining consent from the customers for third-party sharing of personal data, the Company will inform the customers of ① a recipient of personal data; ② purposes for which a recipient of personal data uses such information; ③ items of personal data to provide; ④ period for which a recipient of personal data holds and uses such personal data; and ⑤ the customers’ rights to reject give his/her consent and details of a disadvantage, if any, due to his/her rejection to give consent. If any of the aforementioned information changes, the company shall obtain another consent to such changes from the customers in advance.
3) In accordance with the Article 17.3 of the Personal Information Protection Act, when providing a third party at any overseas location with personal data, the Company shall also inform the customers of the aforementioned information and obtain another consent from the customers.
5. Entrustment of Handling of the Collected Personal Data
The Company does not entrust external companies to process personal data of the customers unless otherwise consented by the data subject in advance. When the business demands it, the Company will notify the customers of such entrustment and obtain a prior consent.
If the company enters into any agreement with an external company to process personal data of the customers, in accordance with the Article 26 of the Personal Information Protection Act, the Company will specifically set forth the matters including, without limitation, prohibition of handling personal data for any purpose other than performing the entrusted services, technical and administrative protection measures, restriction of re-entrustment, management and supervision over the entrusted company and compensation for damages in connection to such entrustment, and will supervise the entrusted company to ensure the safe handling of personal data.
6. Period for retention and use of Personal Data
The Company will process and retain personal data within the period set forth in any applicable law or within the period agreed by the customers when collecting the personal data.
The retention and usage period for retention is as follows:
1) Providing of Services: until the completion of the service agreement
2) Customer Service/Handling Complaints: until the completion of processing the enquiries/requests
3) Marketing and Advertisement: until the purpose has been achieved or for the period consented with the data subject
4)The information to be retained as required by relevant laws and regulations are as follows:
7. Procedures and Methods for Destruction of Personal Data
1) The Company shall, without delay, destroy the personal data concerned when the consented period expires or after the achievement of the purpose for the collection and use of personal data. Provided, however, that if any personal data is to be retained as required by Relevant Rule(s), the Company retains the personal data for the period as required by the Relevant Rule(s) before destruction and, in such event, such personal data will be stored and managed separately.
2) The procedures and methods for destruction are as follows:
① Destruction Procedures
Any personal data subject to destruction will be scheduled and destroyed by the Company upon approval by the responsible manager of the Company.
② Destruction Methods
Personal data stored in electronic file format shall be deleted by technical means that would render the records unrecyclable (e.g., by using Low Level Format). The personal data as written or printed out on paper shall be destroyed by shredding using a document shredder or by incinerating it.
8. Technical, Managerial, and Physical Measures for Protection of Personal Data
The Company takes technical, managerial and physical measures for protection of personal data as follows:
1) Managerial Measures
2) Technical Measures
3) Physical Measures
Perform access control for the facilities for storing personal data.
9. Rights of the Customers and Their Legal Representatives and Methods of Exercising Such Rights
1) The customers can exercise their rights to personal data by themselves or their legal representatives, such as:
① Access to Personal Data
② Correction of Personal Data
③ Deletion of Personal Data
④ Cessation of Processing Personal Data
⑤ Restriction of Processing Personal Data
⑥ Receiving/Transmitting Personal Data of the data subject’s own (“Data Portability”)
2) The customers who would like to exercise above rights can make a request to the Company to do so (via letter, phone call, e-mail, fax etc), and the Company will take prompt action.
3) The customers who would like to exercise above rights through their legal representatives shall submit a power of attorney in accordance with the Form 11 of the Enforcement Rules of the Personal Information Protection Act.
4) However, such request may be restricted based upon the Article 35.5 and 37.2 of the Personal Information Protection Act.
5) Requests for correction and deletion of personal data may not be accepted if the personal data is an object of collection under relevant law.
6) The customers' rights to data portability are limited to which the processing is based on consent or contractual necessity and which the processing is carried out by automated means. In addition, to the extent permitted by applicable law, the Company may refuse the customers' requests for data portability where processing personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company; or where such customer requests adversely affect the rights and freedoms of others.
7) The Company may verify the requester’s identification to check whether the requester is the legitimate person to make such request.
10. Installation and Operation of the device for Automatic Collection of Personal Data and on Refusal Thereof
The Company operates automatic data collection tools including cookies. Cookies are very small text files to be sent to the browser of the customers by the server used for operation of the websites of the Company and will be stored in hard-disks of the customers’ computers.
1) Purpose of using automatic data collection tools
The Company operates data collection tools to analyze the access frequency/patterns and visiting time of the customers for the purpose of finding out customer preferences and interests. This helps the Company provide the customers with customized services and measure service improvement.
2) Items to be collected through automatic data collection tools and retention period
3) Methods to refuse collecting cookies
The customers have options to manage cookies: block cookies, allow cookies only upon user’s confirmation, or allow all cookies in settings of their web browsers.
Please note that it might be difficult for the customers who blocked cookies to use part of the Company’s customized services.
11. Person in Charge of Managing the Personal Data and Handling Complaints
The Company designates the following department and person in charge of personal data in order to protect personal data and handle with complaints from the customers regarding thereof.
12. Prohibition to Unauthorized Collection of E-mail Addresses
The Company refuses the unauthorized collection of E-mail addresses posted on this website using e-mail address collection programs or other technical devices. Please note that such infringement may face penalty of law according to the Act on Promotion of Information and Communications Network Utilization and Information Protection Etc and the Personal Information Protection Act.
13. Installation and Operation of Visual Data Processing Devices
The Company has installed and operated visual data processing devices as follows:
1) Reasons for and purpose of installation visual data processing devices: Safety of Company facilities and assets, Crime prevention and detection, Collection of evidence etc.
2) Place and number of installations and locations filmed: Inside of the Company facilities including entrances and corridors: Seoul (8 cameras), Guro (2), Suwon (6), Busan (2)
3) Management officer, department in charge and the person who has right to access visual data: Bum-Suk Kim, IT Manager & System Administrator
4) Operating time, retention period, storage place and methods of handling visual data
5) How and where to review visual data
Upon the final approval of the manager in charge, the relevant visual data shall be shown via ADT CAPS online web monitoring center.
6) Measures to be taken in relation to the customers’ requests for access to visual data
The customers shall make a request to access/confirm existence of personal visual data, and access is allowed only when the customer is filmed or if evidently necessary for interests of life, body and properties of the customer.
7) Technical, managerial and physical measures to protect visual data
① Technical Measures: encrypt filmed data and implement a data circulation system (Data will be overwritten in accordance with the Company’s procedure)
② Managerial Measures: restrict and control of access to CCTV and relevant equipment
③ Physical Measures: secure CCTV set-top box and storage device in a safe place (e.g., inside the server room)