- General Provisions
- Items of PI to be Collected and Method of collection
1) Item to be collected
For membership, consultation, service application, the Company collects the following PI.
In the course of service use and business processing, the following information may be created and collected.
- Required items : account ID, Email address, password, name, company name, nationality, wired or wireless telephone number
The following information may be created and collected in the course of using the service or business handling.
- Information of user status, other service ID for service interworking, service use record, connection log, connection IP information, device unique number (device ID or IMEI), payment record and use suspension record
In the course of charged service, the following payment information may be collected.
- When payment is made with a credit card: name of credit card company
- When a tax invoice is issued: name of entity/corporate body, name of representative, business license number, business place address, business type, business condition, name of person in charge, telephone number of person in charge, mail for receiving a tax invoice, and a copy of business license, etc.
2) Method of collection
- Collection from the consent procedure of PI collection through the homepage of the Company, written form, telephone/fax, e-mail, and entry for event, collection from the partner companies through the consent procedure for the provision and use of PI
- Collection of information which is automatically collected and generated in the course of general service provision including the details and history of consultation, payment record and use record
- Purpose of Use of PI to be Collected
The Company utilizes the PI collected for the following purposes.
_① Performance of agreement for service provision and charging and accounting for service provision
_② Member management
_③ Provision of various services and delivery of notice
_④ Utilization for delivery of information, marketing and advertisement in case of new service development and holding of events
- Retention and Period of Use of PI
The Company collects the following PI for membership, consultation, and service application.
1) The Company uses customers’ PI for the period from the date of service subscription to withdraw the application of join-in termination thereof and retains it up to 6 months after the termination of service subscription in preparation for charging and accounting dispute: Provided that, in case of default and payment in excess and dispute on payment, the Company will retain the PI until that dispute will be resolved.
- Item to be retained (individual): name, billing address, resident registration number, wired/wireless telephone number and e-mail, details of payment of charges (amount of billing, amount of payment, payment date and method of payment)
- Item to be retained (company): name of company, name of business licensee, name of representative, business license number, corporate registration number, and details of payment of charges (amount of billing, amount of payment, payment date and method of payment)
- Ground of retention: Article 85-3 of the Framework Act on National Taxes
- Period of retention: 5 years
2) If it has to retain the PI as required by applicable law and regulations, the Company will retain it for certain period as follows.
- Record on conclusion and termination of contract or subscriptions: 5 years (Act on Consumer Protection in E-commerce)
- Record on payment and supply of goods: 5 years (Act on Consumer Protection in E-commerce)
- Record on consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in E-commerce)
- Record on collection/treatment and use of credit information: 3 years (Act on Use and Protection of Credit Information)
- Procedure and Method of Destruction of PI
1) Procedure of destruction
- After achievement of the purpose of collection and use of it, customers’ PI is retained for certain period under the internal policy and other requirements of applicable laws and regulations for information protection (See. retention and use period) and destructed.
- Item subject to destruction: customers’ information the retention period of which expires in accordance of applicable laws and regulations.
2) Method of destruction
- The Company deletes any PI stored in an electronic file by using a technical method under which such PI cannot be reproduced.
- The Company destructs hard copies of PI by shredding them with a paper shredder or incinerating.
- Provision of PI to a 3rd Party
The Company uses the PI within the scope as informed in the ‘purpose of use of PI’ of its PP or stated in the ‘service use agreement’ and will not use the PI beyond the scope or provide it to a 3rd party: Provided that this will not apply to the cases where the customers consent or the following cases.
_① When it is necessary for charging and accounting from provision of service;
_② When the PI is necessary for performing the agreement of service provision, but it is strikingly difficult to obtain general consent due to economic or technical reasons;
_③ When it is required by special provision of applicable regulations: Provided that the PI is to be provided under a due procedure as prescribed in the law;
- Rights and Method of Exercise of Users and Legal Representative
1) The users will have rights to change or check entered personal information and apply to withdraw the application of join-in. We won’t use or provide the relevant personal information before completing modification when you put up request for changing mistake for personal information.
2) In order to view or edit personal information, users may log into the site using ID and password on the menu of My account.
3) Please contact us for withdraw the application of join-in. Provided that, in case of default and payment in excess and dispute on payment, the Company may suspend to accept.
4) In collecting the PI of a child under 14 (the “Child”), the Company seeks for consent from his/her legal representative. In order to obtain such consent, the Company may request the Child to provide minimum information such as name of legal representative and contact, and the legal representative may request the Company to give access, correct and delete the PI of Child through a letter, telephone call, e-mail and Fax, and upon this request, the Company will take necessary measures without delay.
- Installment and Operation of Automatic Collection Equipment for PI and Refusal
The Company does not use Cookie which frequently stores and brings out the use information of users in order to provide an individually-customized service to the users.
- Technical and Managerial Protective Measures of PI
In order to secure the stability of PI collected, the Company seeks for the following technical and managerial measures.
1) Technical measures
- In order to prevent leakage of customers’ PI by hacking, the Company carries out the blockage of invasion and monitoring by using separate security equipment (including firewall, IPS and server security) for the network and system which will block an invasion from outside.
- By using the program for automatic installation of vaccine and patch, the Company takes measures against the damage caused by computer viruses. Such program is updated on a regular basis, and upon sudden appearance of a virus, the Company prevents an infringement on the PI by applying the patch.
- The Company adopts security equipment (including encryption protocol such as SSL) which can securely transmit the PI in networks by using the encryption algorithm.
2) Managerial measures
- The Company limits the number of the following persons authorized to access to customers’ PI to the minimum.
_① Person carrying out marketing duties directly targeting the users
_② Person carrying out the duties managing the PI including person responsible and in charge of PI management
_③ Person who has no choice but to handle with the PI in his or her duties
- The Company continues to provide the education for awareness-raising so that the PI will not be lost, stolen or leaked by the person handling it.
- The transfer of the duties of the person handling the PI is made in strict security, and the Company clarifies the responsibility for the accident related to the PI occurring after employment and resignation.
- The Company sets and limits access to the computer room and the data storage room as special protection zone.
- The Company is not responsible for the event arising out of individual error of users or danger of basic internet. In order to protect their own PI, the members of the service must properly manage their own ID and password and be responsible there for.
- If any PI is lost, leaked, altered or damaged arising out of the fault or technical management of an internal administrator, the Company will immediately inform to the customers and seek for proper measures and compensation.
- Civil Service on PI
In order to protect the PI of customers and handle the complaint related to the PI, the Company designates the person responsible for privacy protection as follow.
[Person responsible for privacy protection]
- Name: Seongmin Ahn
- Department: PallyCon Team
- E-mail: firstname.lastname@example.org
Customers may report any complaint arising out of using the service of the Company to the person responsible for privacy protection or the department in charge thereof. In response to the report, the Company will promptly give sufficient answer thereto.
For further report or consultation, please contact the following institutions.
- Report Center of Personal Data Infringement (www.1336.or.kr, 1336)
- Information Protection Mark Authentication Committee (www.eprivacy.or.kr, 02-580-0533)
- Cyber Crime Investigation Team of the Supreme Prosecutor’s Office (icic.sppo.go.kr, 02-3480-3600)
- Cyber Terror Response Center of the National Police Agency (www.ctrc.go.kr, 02-392-0330)
Please be informed that this PP does not apply to the activities collecting the PI by other websites linked to the Company.
- Obligation of Notification
Upon addition, deletion and modification of details of current PP, the Company will inform through e-mail at least 7 days prior to revision thereof.
This PP was revised on 10/19/2017 and shall apply from 11/03/2017.