Purpose of handling personal information and items of personal information to be handled
-Personal information handling, retention period and destruction
-Matters concerning the rights and obligations of information subjects and how to exercise
-The right of a legal representative of children under the age of 14
-Measures to secure safety of personal information
-Opinion collection and complaint handling
Essentials
(1) Items of personal information handled
– Name, e-mail, mobile phone number, Company name
(2) Purpose of handling personal information
– Purpose of use for service provided, customer management, sales and marketing
(3) Application for automatic email subscription
– Purpose for notice, guidance and marketing
Selection
(1) Items of personal information handled
– Name, e-mail, mobile phone number, Company name
(2) Purpose of handling personal information
– Purpose of use for service provided, customer management, sales and marketing
Personal information handling and holding period
The Company will destroy the information without delay if personal information is no longer necessary by achieving the purpose of handling personal information. However, if the information subject has been consent from the information subject in advance or the personal information of the information subject must be preserved in accordance with other laws such as commercial law, the Company may preserve the personal information.
Destruction of personal information
(1) When the Company destroys personal information, measures are taken to ensure that it cannot be recovered or reproduced.
(2) If the Company must preserve without destroying personal information, the relevant personal information or personal information files will be separated and managed separately from other personal information.
(3) The Company, if the personal information to be destroyed is in the form of an electronic file, will issue a deletion order in a way that cannot be restored through the program. If the entire personal information must be destroyed, it will be permanently deleted using a physical method that cannot be restored.
(4) The Company, if the personal information to be destroyed is a record, print, paper, or other recording medium other than in the form of an electronic file, will shred or incinerate it..
Viewing personal information
(1) The information subject may request to view his or her personal information handled by the Company. In this case, the information subject, as prescribed by Ordinance of the Ministry of Public Administration, must submit a personal information viewing request form or request viewing by means of a means that can prove the information subject's identity, such as email with (i) Items and contents of personal information; (ii) Purpose of collection and use of personal information, (iii) Retention and use period of personal information; (iv) Status of provision of personal information to third parties; (v) Indicate the fact that you have agreed to the handling of personal information and the details you wish to view
(2) When the Company receives a request for viewing from the information subject, the Company allows the information subject to view the relevant personal information within 10 days. In this case, if there is a justifiable reason why the information cannot be viewed within the relevant period, the information subject may be notified of the reason and the inspection may be postponed. When the reason no longer exists, the inspection may be made without delay.
(3) In any of the following cases, the Company may inform the information subject of the reason and grant or deny permission to view the information.
Correction and deletion of personal information
(1) The information subject who has viewed his or her personal information may request the Company to correct or delete the personal information. In this case, the information subject submits a request for correction/deletion of personal information prescribed by Ordinance of the Ministry of Public Administration and Security to the Company or requests correction/deletion of personal information by means of proving the identity of the information subject.
(2) The Company investigates the personal information within 10 days from the date of receiving a request for correction or deletion of personal information in accordance with legal procedures, takes necessary actions such as correction or deletion according to the request of the information subject, and then discloses the fact that the action was taken, other information, etc. If the personal information is specified as subject to collection in the law and the information subject's request for deletion is not complied with, the fact, reason, and method of raising an objection will be notified to the information subject.
(3) When the Company deletes personal information at the request of the information subject, measures are taken to prevent it from being recovered or reproduced.
Suspension of handling of personal information
(1) The information subject shall submit a request for suspension of personal information, prescribed by the Ordinance of the Ministry of Public Administration and Security, if he wants to suspend the handling of personal information.
(2) The Company may refuse to suspend the handling of the information subject if it falls under any of the following
(3) If the Company suspends all or part of the handling of personal information within 10 days from the date of receiving a request to suspend the handling of personal information, the Company will notify you of the fact and the facts and reasons if the Company does not comply with the information subject's request to suspend handling of personal information. The information subject will be notified of how to raise an objection.
(4) The Company shall take necessary measures such as destroying the personal information without delay on personal information that has been suspended at the request of the information subject.
The method and procedure of the exercise of rights
(1) Requests for viewing, correction, deletion, and suspension of handling of personal information may be made by the information subject, the information subject's legal representative, or a person authorized by the information subject. However, when the information subject's legal representative, a person authorized by the information subject, etc. acts on behalf of the information subject, the information subject's power of attorney prescribed by Ordinance of the Ministry of Public Administration and Security must be submitted to the Company.
(2) Persons who request to view, correct, delete, or suspend handling of personal information may be charged fees and postage fees as determined by the Company.
(3) When the Company receives a request from the information subject to view, correct, delete, or suspend handling, the Company stores the personal information viewing request form or means of verifying the information subject's identity for 90 days and discards it thereafter
Establishment and implementation of internal management plans for safe handling of personal information
The Company is establishing and implementing an internal management plan that includes the following.
(1) Matters concerning the designation of the personal information handling manager
(2) Matters concerning the roles and responsibilities of the personal information handling manager and personal information handler
(3) Matters concerning the measures necessary to secure the safety of personal information
(4) Matters concerning education on personal information handlers
(5) Other matters necessary for handling personal information
Measures to control access to personal information and limit access rights
(1) The Company grants access to the personal information handling system differently depending on the person in charge, to the minimum extent necessary to perform the job, and if the personal information handler changes due to a personnel change such as transfer or retirement, the personal information handler is changed without delay. Access rights to the information handling system are being changed or canceled. Furthermore, the Company records the details of granting, changing or canceling the above permissions and stores the records as necessary. 나아가 회사는 위의 권한 부여, 변경 또는 말소에 대한 내역을 기록하고, 그 기록을 필요에 따라 보관하고 있습니다.
(2) When the Company issues a user account to access the personal information handling system, it issues one user account for each personal information handler and ensures that it is not shared with other personal information handlers.
(3) The Company has established and applied password creation rules.
(4) In order to prevent illegal access and infringement accidents through information and communication networks, the Company (i) restricts unauthorized access to the personal information handling system by limiting access rights to IP addresses, etc.
Application or corresponding measures of encryption technology that can safely store and transmit personal information
(1) The Company encrypts personal identification information and passwords when transmitting or receiving them through information and communications networks or transmitting them through auxiliary storage media.
(2) The Company encrypts and stores the password, and when the password is stored, one -way encryption is stored so as not to be decrypted.
Measures to store access records and prevent forgery and alteration in response to personal information infringement incidents
(1) The Company safely stores the access records of personal information handlers to prevent them from being forged, altered, stolen or lost.
Installation and renewal of security programs for personal information
The Company installs and operates security programs such as anti-virus software that can prevent and treat malicious programs on the personal information handling system or work computer, and complies with the following.
(1) Use automatic update function of security program or update at least once a day
(2) If an alarm related to malicious programs is issued or if there is a security update notice in the manufacturer of the application or operating system software, immediately update accordingly.
Physical measures such as preparing storage facilities for safe storage of personal information and installation of locks
(1) The Company has a separate physical storage site for personal information and establishes and operates access control procedures for it.
(2) The Company stores documents and auxiliary storage media containing personal information in a safe place with a lock.
Name : Lee Soon-Ryel
-Tel. : +82-31-477-7113
-e-mail : policy@scandiamoss.com