회사명

Ethical Management Cyber Shinmungo

Ethical Management Cyber Shinmungo

Personal information processing policy

Kwangjin Chemical (hereinafter referred to as the “Company”)
establishes and discloses the Privacy Policy below to protect the personal information of data subjects and handle related grievances promptly and smoothly in accordance with Article 30 of the Personal Information Protection Act.

Article 1. Collected Personal Information
The Company collects the following personal information for membership registration, consultation, and service applications:
1. Website membership registration and management
1) Required items: name, date of birth, ID, password, phone number, gender, address
2) Optional items: whether to receive e-mails or short text messages (SMS)
2. The following personal information items may be automatically created and collected during the process of using the Internet service:
1) Method of collecting personal information: The Company has prepared a procedure where users click the 'Agree' button for each item of the Personal Information Protection Policy and the Terms of Use, and if the user agrees, the user shall be deemed to agree to the collection of their personal information.
2) Actions of the Company when false information is entered: Customers must enter accurate information, and if false information is entered in violation of this by a customer, such as by stealing another person‘s information, the customer may be reported in accordance with related laws and regulations, and may be subject to compulsory withdrawal.

Article 2. Period of retention and use of personal information
1. The Company destroys personal information without delay after the purpose of collecting and using the information is achieved.
The Company will retain and use the user's personal information only for the period of the provision of services from the date of membership registration. After requesting membership withdrawal or achieving the purpose of collection and use of personal information, the information shall be destroyed without delay and without exception.
2. The processing and retention period of personal information is as follows:
1) Items to be preserved: Website member registration information (name, date of birth, gender, login ID, phone number, address)
2) Grounds for preservation: Prevention of confusion in service use, cooperation with related agencies in the investigation of illegal users
3) Retention period: Until leaving the website

1) Retention items: Service use records, access logs, access IP information
2) Grounds for retention: Protection of Communications Secrets Act
3) Retention period: 3 months
3. In the following cases, the Company may keep all or part of the member information collected for a certain period of time:
1) In the case of membership registration information: Collected member information shall be retained for 30 days after membership withdrawal.
2) In the case of delivery information: Until goods or services are delivered or provided
3) In the case of collection for the purpose of a survey or event: Until the survey or event is completed
4. When a member who has withdrawn membership requests the deletion of his/her posts, such request will be processed immediately.

Article 3. Matters concerning the provision of personal information to third parties
1. The Company shall not provide the personal information of data subjects to the outside, except in the following cases:
1) In the case that the data subject agrees (at the time of membership registration)
2) In accordance with the provisions of laws and regulations or when there is a request from an investigation agency in accordance with the procedures and methods stipulated in the laws and regulations for the purpose of investigation

Article 4. Matters concerning the entrustment of personal information processing
1. The Company may entrust the collection, handling, management, etc., of your personal information to an external party for service improvement.
1) When entrusting the processing of personal information, we will notify you in advance through the website of the entrusted institution.
2) In order to ensure the safety of personal information protection in an entrustment contract, strict compliance with instructions related to the protection of personal information, prohibition of leakage of personal information and liabilities in the case of an accident, etc., will be clearly stipulated and the contents of the contract will be stored in writing or electronically.

Article 5. Matters concerning the rights and obligations of data subjects and methods of exercising them
1. Data subjects may exercise the following rights the concerning protection of personal information with the Company at any time:
1) Request to access personal information
2) Request for correction if there is an error, etc.
3) Request for deletion
4) Request to stop processing
2. The exercise of the rights pursuant to Paragraph 1 may be requested to the Company in writing or by phone, e-mail, fax, etc., and the Company will take any action without delay.
3. If a data subject requests to correct or delete errors in personal information, the Company will not use or provide the personal information until the correction or deletion is completed.
4. The exercise of rights pursuant to Paragraph 1 may be done through the data subject’s legal representative or a delegated person, and in this case, a power of attorney in accordance with Attached Form No. 11 of the Enforcement Rule of the Personal Information Protection Act must be submitted.
5. No data subject shall infringe on his or her own or another person’s privacy or personal information processed by the Company in violation of related laws and regulations such as the Personal Information Protection Act.

Article 6. Matters concerning the destruction of personal information (guidelines)
1. The Company shall destroy personal information immediately if the personal information becomes unnecessary, such as after the expiration of the period of retention of personal information or the achievement of the purpose of processing.
2. If the period of the retention of personal information agreed to the data subject has elapsed or the personal information needs to be kept in accordance with other laws and regulations despite the achievement of the purpose of processing, the personal information shall be moved to a separate database or stored at a different storage place.
3. The procedure and method of destroying personal information are as follows:
1) Destruction procedure
The Company selects the personal information for which the reason for destruction has occurred, and destroys the personal information with the approval of the Company's personal information protection manager.
2) Destruction method
The Company shall destroy personal information recorded and stored in the form of electronic files using a low level format, etc., and shred or incinerate personal information recorded and stored in paper documents to destroy the information.

Article 7. Matters concerning the personal information protection manager
1. The Company shall be responsible for processing personal information and designate a personal information protection manger as shown below to handle the complaints of data subjects and remedy damages in relation to processing personal information.
▶ Personal information protection manger
Name : ㅇㅇㅇ
Position : ㅇㅇㅇ
Contact : ㅇㅇㅇ
▶ Division in charge of the protection of personal information
Division name : ㅇㅇㅇ
Person in charge : ㅇㅇㅇ
Contact : ㅇㅇㅇ
2. Data subjects may inquire about all matters related to the protection of personal information, handling of complaints, remedying of damages, etc., arising from the use of the Company’s services (or business) with the personal information protection manger and the division in charge.
The Company will respond to and handle any inquiry of a data subject immediately.

Article 8. Matters concerning change to the Privacy Policy
-. This Privacy Policy will take effect on June 25, 2018.

Article 9. Matters concerning measures to ensure the safety of personal information
-. The Company is taking the following measures to ensure the safety of personal information:
1. Administrative measures: Establishment and implementation of an internal management plan, regular employee training, etc.
2. Technical measures: Management of access rights of the personal information processing system, etc., installation of an access control system, encryption of unique identification information, installation of security programs
3. Physical measures: Control access to computer rooms, data storage rooms, etc.