1. Collection of Personal Information

• ① Principles of personal information collection
• ·   The <Company> categorizes essential and optional items to collect only the minimal amount of personal information required for provision of the services and makes sure to request consent from the user prior to collection.
• ※ Essential Items and Optional Items
• -   Essential Items: Information required to carry out the essential functions of the services
• -   Optional Items: Information collected additionally to provide added values, which does not limit the use of the services even if not inputted
• ·   The <Company>processes and retains personal information for the retention period of personal information according to the laws, or for the retention period of personal information, which was given consent by the user at the time of collection of personal information.
• ·   Pursuant to Article 31 (Rights of Legal Representatives) of 「INFORMATION AND COMMUNICATION NETWORK ACT」, we obtain consent of the legal representative in order to collect personal information of a child under 14 years of age to collection.
• ·   The <Company> does not collect any information on ideologies, beliefs, joining/withdrawal from a labor union and/or a political party, political views, health,sex life, etc. as well as other sensitive personal information which may significantly infringe the user’s privacy.

• ② Methods of Personal Information Collection
• ·   The <Company> collects the user’s personal information via its website.
• ·   Information generated through device information and log analysis programs may be automatically generated and collected in the process of use of a PC web and a mobile web.

• ③ Purposes and items of personal information collection

▶ Information collected at the time of need

▶ Information Generated in the Course of Service Use

• ④ Right of the user to refuse installation and operation of cookies
• ·   Cookies refer to a small quantity of information that servers used to operate a website sends to the computer browser of the user and are stored in the PC of the user.
• ·   Purpose of use of cookies
•   -  Maintain the environment of the service use set by the user and provide more convenient use of the Internet services when the user revisits the website
•   -  Analyze information on visit services, access time and frequency, and the information generated or inputted during the use and provide services and advertisements specialized for the preferences and interests of the user
• ·   The user has the right to make a choice on provision of cookies and can select Enable cookies / Checking when saving cookies / Deny cookies on settings on the web browser.
•   -  Internet Explorer: Tools at the top of the web browser > Internet Options > Privacy > Settings
•   -  Chrome: Settings on the right side of the web browser > Advanced at the bottom > Content settings > Cookies

2. Use of Collected Personal Information

The <Company> processes personal information for the following purposes. Personal information being processed is not used for purposes other than the following purposes and, in the event of change to the purpose of the use, we will take the necessary measures including obtaining consent of the user in advance.

3. Provision and Consignment of Personal Information

• ① Provision of personal information to a third party
• ·   In principle, The <Company> processes the user’s personal information within the range specified under ‘2. Use of collected personal information’ and shall not process it beyond the original range or provide it to a third party.
• ·   For better provision of services, in the event of providing or sharing any personal information to or with a third party, we will specify the recipient, items of personal information to be provided, the purpose for which the recipient of personal information uses such information, and the period for which the recipient retains personal information. We will obtain consent of the user in advance and will not provide and/or share any information to and/or with a third party if the user does not consent.
• ·   However, personal information will be provided to a third party if a situation applies to special regulations of law such as Article 17 of the PERSONAL INFORMATION PROTECTION ACT.
• ② Consignment of personal information processing
• ·   The <Company> does not consign any personal information processing tasks.

4. Destruction of Personal Information

• ① Destruction of personal information
• ·   The <Company> destroys the information the corresponding personal information without delay when purposes of collection and use of personal information have been fulfilled. However, in the event of imposition of obligations for information preservation under the applicable laws and in the event of having obtained separate consent of the user for the retention period, personal information will be safely kept for the corresponding period.
• ·   Information that needs to be preserved in accordance with the following relevant laws will be destroyed after being retained for the period stipulated under the corresponding laws.

• ② Processes and methods of destroying personal information
• ·   Information printed on paper: Shred with a paper shredder or incinerate
• ·   Information in electronic format: Delete by using a technical method that prevents recovery of records

5. Operation of an Organization Responsible for Personal Information

• ① Chief privacy officer and the department in charge
• ·   The <Company> has designated a chief privacy officer and is operating the department of personal information protection in order to take responsibility for tasks on the user’s personal information processing, answer the user’s inquires, and settle complaints.

• ·   The user may contact the chief privacy officer or the department to inquire or report any issues relevant to protection of personal information, settlement of complaints, damage relief, etc.
• ② Remedy for infringement of rights and benefits
• ·   If you need to relieve damage, report issues, or get counseling with respect to infringement of personal information, you may seek assistance by contacting the following institutions.
• ·   These institutions are irrelevant to the <Company>

6. Method of Exercising Rights and Obligations of Legal Representatives

• ① Method of exercising rights
• ·   The user can exercise rights related to protection of personal information on the <Company> at any time in the following methods.

• ·   In the event of requests for correction/deletion of the user’s personal information, the corresponding personal information will not be used or provided until completion of processing of the corresponding request to ensure accuracy of personal information. However, if the erroneous personal information has already been provided to a third party, we will notify the recipient of the errors without delay so that the errors can be corrected.
• ·   The user’s rights can be exercised through representatives including the legal representative and the delegatee. In such case, the user needs to submit the power of attorney in accordance with the Attached Form No. 11 in the ENFORCEMENT RULE OF THE PERSONAL INFORMATION PROTECTION ACT.
• ·   With respect to the access request for personal information and the request for suspension of processing personal information, the rights of the data subject may be restricted according to Article 35 (5) and Article 37 (2).
• ·   Requests for correction and deletion of personal information cannot be processed if the personal information is stipulated as the subject of collection under other laws.
• ·   The <Company> confirms whether the person who has requested access to, correction/deletion and suspension of processing of personal information is the principal or the duly authorized representative.
• ② User obligations
• ·   The user must not infringe any personal information and privacy of the principal the data subject or others that the <Company> is processing in violation of the relevant laws including the PERSONAL INFORMATION PROTECTION ACT.

7. Measures to Secure Safety of Personal Information

The <Company> highly values the user’s personal information and is putting in the following efforts in personal information processing.

• ① Establishment of internal control plan
• ·   We have established and implemented an internal control plan as the standard for safe personal information processing.
• ② Minimization of personnel involved in handling of personal information
• ·   We are reducing the possibility of disclosure of personal information by minimizing the number of the personnel handling personal information and separating the external Internet network from the internal network of the PCs of the personnel. Also, we have systematically prepared the standards for controlling access to the database and the personal information protection system, and are conducting continuous monitoring.
• ③ Regular education
• ·   We are emphasizing the importance of personal information by conducting a regular training for personal information handlers and by propagating personal information issues to all employees of the Company.
• ④ Protection from hacking or viruses
• ·   Our system has been installed in the controlled access zone from the outside to protect personal information from being disclosed or damaged. Also, we regularly back up the database in preparation for damages to personal information and preventing disclosure and damages to the database by using vaccination programs.
• ⑤ Encryption of personal information
• ·   We are using encrypted telecommunication sectors when transmitting personal information of users, and key information including passwords, etc. is encrypted by using safe encryption algorithms.
• ⑥ Physical control
• ·   Systems related to personal information processing are located within a controlled zone with access restrictions. Also, any documents and auxiliary storage media that contain personal information are stored in a safe place with locking devices.

8. Obligation of Notification

This Privacy Policy will be effective from MAY/19/2020
·   In case of any addition, deletion and revision to the contents of the Privacy Policy, such will be notified 7 days prior to the enforcement date through the notice, etc. In case of any changes to the contents important to the rights or obligations of the user, they will be notified at least 30 days in advance.