The personal information collected by the Company will be collected and used for the following purposes only. Personal information will not be used for any purpose other than the following. However, in the event the purpose of use has changed, necessary measures will be taken by the Company such as separately obtaining advance consent from the user.
As a principle, the Company does not provide the personal information of users to third parties or disclose such information externally. However, the following cases are exceptions:
In the event the Company uses or provides personal information without the consent of the information subject, the personal information protection officer will determine whether additional use or provision of personal information is being made based on the following criteria:
As the personal information subject, the user may exercise the following rights.
[The Act on the Consumer Protection in Electronic Commerce, etc.]
[Electronic Financial Transactions Act]
[Framework Act on National Taxes]
[Protection of Communications Secrets Act]
[Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.]
The personal information subject may contact the following institutions if the personal information subject needs to report any other infringement of personal information or requires related consultation.
[Personal Information Infringement Report Center]
[Cyber Investigations Division of the Supreme Prosecutor’s Office]
[Korean National Police Agency Cyber Bureau]
The Company takes the following technical/administrative, and physical measures necessary to ensure the security of personal information pursuant to the relevant laws.
① Minimizing the number of employees processing personal information and training such employees
② Establishment and implementation of the internal management plan
An internal management plan has been established and implemented for the safe processing of personal information.
① Technical measures against hacking
To prevent personal information from being leaked or damaged as a result of hacking, computer viruses and others, the Company has installed security programs, regularly conducts updates/inspections, and frequently performs data backups.
② Use of firewall system
The Company controls unauthorized external access by installing a firewall system in areas where external access is restricted. The Company monitors and restricts such unauthorized access through technical/physical means.
③ Encryption of personal information
The Company stores and manages important personal information of users by encrypting such information, and utilizes separate security functions such as encryption of files and transmitted data or use of file locking functions.
④ Retention of access records and prevention of falsification/alteration
The Company retains and manages the access records of the personal information processing system for a minimum of 6 months. The Company utilizes security measures to prevent the access records from being falsified, altered, lost or stolen.
① Restrictions on access to personal information
The Company is taking necessary measures to control personal information access by granting, changing and terminating access rights to the database system that processes personal information. The Company uses an intrusion prevention system physically to restrict unauthorized external access.