Article 1 (Items and Methods of Personal Information Collection)
The Company collects the following types of information in the following manner:
1 Items of information collected
- Name (trade name),
- Date of Birth,
- ID Number,
- Email address,
- Log records,
- Service use records,
- IP address,
- Information on website visit time.
2 Collection method
- Collection through webpages operated by the Company.
- Automatic collection of automatically generated information in the process of data subjects' use of services.
Article 2 (Purpose of Personal Information Collection/Use)
The Company shall use collected personal information for any of the following purposes. In principle, such personal information shall not be used for any purpose other than those set forth below. In the event of any change in the purpose of use, the Company shall take necessary measures including obtaining prior consent from data subjects:
- Provision of member services, prevention of inappropriate use of service
- Record retention for dispute resolution, response to complaints including handling of dissatisfaction, delivery of notices
- Information notices required in the course of using the services, handling of complaints, etc.
Article 3 (Period of Personal Information Retention and Use)
1 Unless the Company must retain personal information of data subjects according to applicable law, it shall retain and use such information, in principle, until the retention period agreed by data subjects expires or until the purpose of such handling is accomplished. Such information shall be promptly destroyed upon attainment of its purpose. For your reference, personal information may be retained for the following retention periods in accordance with applicable laws.
1) Act on Protection of Consumers in Electronic Commerce, Etc.
- Records on the formation/withdrawal of contracts: 5 years
- Records on payment settlement and supply of goods, etc.: 5 years
- Records on processing of customer disputes and complaints: 3 years
2) Communications Secrecy Protection Act
- Login records: 3 months
2 If data subjects using information and communication services offered by the Company fail to use the Company's services for no less than a year, the Company shall destroy their personal information pursuant to the Cybersecurity Act.
Article 4 (Provision of Personal Information to Third Parties)
Article 5 (Outsourcing of Personal Information Handling)
2 In outsourcing the handling of personal information, the Company explicitly states prohibition of personal information handling for any purpose other than performance of the outsourced affairs, execution of technical and managerial protective measures, restrictions on re-outsourcing, management and supervision of the third parties to whom the handling of personal information has been outsourced (hereinafter, the "outsourced parties"), and liability including damages in documents including contracts, in accordance with PDPA and the Cybersecurity Act. In addition, the Company supervises outsourced parties to ensure their safe handling of personal information.
Article 6 (Data Subjects' Rights and Obligations and Methods of Exercise)
1 Data subjects may exercise their rights related to personal information against the Company, including a request for access to, modification or deletion of, or suspension of handling of, their personal information as provided by applicable law including the PDPA and the Cybersecurity Act.
2 Rights under the foregoing paragraph ① may also be exercised through data subjects' legal representatives or other duly authorized persons.
3 With respect to data subjects' exercise of rights, the Company shall promptly take necessary measures as provided in applicable law including the PDPA and the Cybersecurity Act.
Article 7 (Procedures and Methods of Personal Information Destruction)
1 In principle, the Company shall forthwith destroy personal information when such information is no longer necessary for the purpose of processing such unnecessary information.
2 If the Company must keep personal information under applicable law even though the period of its retention has expired, or the information is ready for processing because it is no longer useful or necessary, the Company shall store and manage such information or information files separately from any other personal information as is required under such law.
3 When the Company destroys personal information, it shall take measures to prevent restoration or recovery of any such information. To be specific, the Company shall permanently delete personal information in electronic file format in a manner that prevents the recovery of any such information. The Company shall shred or incinerate other records, printed materials, documents, and recording media.
4 According to the Cybersecurity Act, the Company shall store and manage personal information of users who failed to use the Company's services for not less than a year separately from other users' personal information.
Article 8 (Installation, Operation of Automatic Personal Information Collection Device and objections thereto)
1 The Company utilizes cookies that store and search your information from time to time. Cookies are small text files that a server used for website operation sends to your browser. They are stored on the hard disk of your computer.
2 You have the right of choice regarding installation of cookies. Accordingly, you may allow or block storage of all cookies or ensure that each cookie will be stored based on your confirmation by using the option menus in your web browser. However, if a data subject rejects installation of cookies, it may limit the ability to use certain online services offered by the Company.
3 Members may allow or block storage of all cookies or require that each cookie will be stored based on their confirmation by using the option menus in their web browser.
Article 9 (Measures to Ensure Safety of Personal Information)
The Company takes the following technical, managerial, and physical measures necessary to ensure safety of personal information according to applicable laws including the PDPA and the Cybersecurity Act:
- Managerial measures: formulation and execution of an internal management plan, regular employee training on personal information protection, etc.
- Technical measures: management of the right of access to the personal information processing system, installation of an access control system, password encryption, installation of a security program, etc.
- Physical measures: Control of access to the places where personal information is stored such as a computer room and data storage room
Article 11 (Opinion Collection and Complaints Handling)
Data subjects may file a complaint related to personal information or a request to view their personal information with the officer or employee listed below. The Company shall provide a prompt and sufficient response to the complaints raised by data subjects. Also, The Company shall use reasonable efforts to ensure that a request for access to personal information will be processed in a timely manner.