'EXEM Co., Ltd. ' (hereinafter referred to as the ‘Company’) respects your personal information and complies with the “Personal Information Protection Act” and the " and the "Act on Promotion of Information and Communications Network Utilization and Information Protection”, etc.
Article 1: Personal Information Items Collected
- The Company collects the following personal information for service applications, consultation, inquiries, and the like.
- a. Collected items: name, company name, phone (or mobile) number, email address, department name, job title, business field
- b. Method of collection: limited to service requests and consultations made through the website
Article 2: Purpose of collection and usage of personal information
The Company uses the personal information collected for the following purposes.
a. Service inquiries: To identify and confirm the exact contents of the inquiry, to formulate and send a reply and for smooth communications with the customer making the inquiry
b. Marketing and advertisements: to deliver advertising information regarding items such as services, products, seminars and events and service provision, advertisement posting and webzine mail sending according to demographic characteristics
Article 3: Personal information retention and period of use
Once the purpose of collecting and using personal information is achieved, the Company will destroy it without delay. However, under the following reasons the following information is retained for the period specified.
When information is to be retained under relevant laws
When the information must be preserved in accordance with the provisions of laws and regulations such as the Consumer Protection Act and the commercial laws on e-commerce, the Company shall retain the member information for the period of time stipulated by the related laws and regulations. In this case, the information stored is used only for the purpose of storage under a period of retention as follows.
Records on consumer inquiries
- Reason for preservation: Act on Consumer Protection in Electronic Commerce, etc.
- Retention period: 3 years
Article 4: Procedure and method for destruction of personal information
In principle, once the purpose for collecting and using personal information is achieved, the Company will destroy the information without delay. The procedure and method for destroying the information are as follows.
Once the purpose has been achieved, the information that has been entered is transferred to a separate database (or a separate document repository in case of paper) and stored for a certain period of time according to the reasons for information protection following internal policies and other related laws (refer to period of retention and use) and is then destroyed. Personal information transferred to the separate database is not used for any purpose other than retention, unless otherwise required by law..
Personal information stored as electronic files is deleted using technical methods that make reproduction of the records impossible.
Article 5: Usage of personal information
- 1. While the personal information collected by the Company is the minimum necessary to provide the service, more detailed information may be requested if necessary.
- 2. The Company may provide personal information to third parties with the user's consent. Even in this case, the provision of personal information to a third party is only made with the consent of the user and users that do not wish personal information to be provided will not be able to use certain services or participate in certain types of promotions or events (however, a separate announcement will be made in this case).
Article 6: Consignment of collected personal information
When the Company entrusts the provision of the above-mentioned specific service to an external company (hereinafter referred to as the 'Consigned Company'), the member's personal information necessary to provide the service may be provided to the Consigned Company under the consent of the member and in this case will specify that the service is consigned. The Consigned Company shall not use or provide the information to third parties for purposes other than that found in the consignment, namely the handling and management of the personal information of the member in question.
In order to carry out the service, the Company entrusts and operates in regards to personal information to external companies as follows. The Company's personal information consignment processing agency and consignment work are as follows.
Article 7: User rights and legal representatives and how they are exercised
1. In order to protect customer personal information and handle related complaints, the Company has designated relevant departments and personal information managers as follows.
a. Users may contact the Company's personal information manager via writing, by phone or by email to request viewing, modification or deletion of information.
b. If a user requests a correction of an error in the personal information, the personal information shall not be used or provided until the correction has taken place. In addition, if incorrect personal information has already been provided to a third company, the third party shall be notified without delay of the correction in order for the correction to be made.
c. Personal information that has been canceled or deleted at the request of the user shall be processed by the company in accordance with Article 3 to prevent it from being viewed or used for other purposes.
2. Please enter your personal information accurately to ensure that accidents do not occur. The user is responsible for accidents caused by incorrectly entered information, and if false information is entered via acts such as theft of the information of another person, membership may be terminated.
3. Users have the right to protection of their personal information, along with the duty to protect themselves and to not infringe on the information of others. Please be careful not to leak personal information and be careful not to damage the personal information of others via means such as online posts. A user that fails to fulfill this responsibility and damages the information and/or dignity of others may be punished by laws such as the “Act on Promotion of Information and Communications Network Utilization and Information Protection.”, etc.
Article 8: Matters concerning the installation of automatic personal information collecting devices, operation and refusal
The Company does not make use of 'cookies', an item that continuously stores and seeks out user information.
Article 9: Other handling policies for personal information
1. Technical and administrative measures for protection of personal information
The Company, in the handling of the personal information of users, takes the following technical measures to ensure safety so that personal information is not lost, stolen, leaked, altered, or damaged.
a. The user's personal information is protected by a password, while sensitive data is protected through a separate security function by encrypting file and transmission data or via a file lock function.
b. The Company takes measures to prevent damage from computer viruses by using a vaccine program. This vaccine program is regularly updated, while in the event of a sudden virus outbreak the vaccine is provided as soon as it is released in order to prevent personal information from being compromised.
c. To prepare against external intrusions such as hacking, each server uses an intrusion prevention system and vulnerability analysis system to ensure security.
The Company, in the handling of the personal information of users, takes the following management measures to ensure safety so that personal information is not lost, stolen, leaked, altered, or damaged.
a. The Company limits the handling of personal information to only those engaged in direct marketing tasks for users, those engaged in personal information management such as personal information managers and other managers, and those who by necessity must come into contact with personal information in the execution of other tasks.
b. The Company carries out in-house training for employees who handle personal information on the acquisition of new security technologies and on the obligation to protect personal information.
c. The takeover and training of handlers of personal information is carried out thoroughly while security is maintained, and the Company informs its employees clearly on the responsibility for accidents involving personal information upon joining and leaving the company.
d. The Company is not responsible for any mistakes that are due to the personal errors of the user or basic internet risks.
e. In addition, when personal information is lost, stolen, leaked, altered or damaged through a mistake by an internal manager or technical management accident, the company shall immediately inform the user of the fact and take appropriate measures and provide compensation.
2. Site link provision policy
3. Policy for management of posting
The Company values the posts of its users and does its best to protect them from alteration, damage, and deletion. However, this does not apply in the following cases.
a. Spam posts (e.g., lucky letters, "800 million" emails, ads for specific sites, etc.)
b. Posts falsifying the reputation of others by distributing false information in order to slander others
c. Posts making details of others public without their consent
d. Posts that infringe on the rights of the Company or of third parties such as intellectual property rights
e. Posts that are off-topic from the subject of the bulletin board
f. In order to promote a desirable bulletin board culture, the Company may delete parts of a post or modify it with symbols when the personal identity of an individual is disclosed within it. Also, when a post is moved to another bulletin board on another topic, the movement path of the posting will be indicated to prevent misunderstanding.
g. In other cases, the Company may take action after an explicit or individual warning.
h. As a rule, all rights and responsibilities in posting rest with the author. In addition, information disclosed voluntarily through postings is difficult to protect, so please use consideration before disclosing any information.
4. Policy on rejection of unauthorized e-mail collection
The Company eschews the collection of unauthorized email addresses via e-mail collection programs or other technical devices. Violations of this can result in punishment in accordance with laws such as the “Act on Promotion of Information and Communications Network Utilization and Information Protection,” etc.
5. Transmission of advertising information
The Company does not transmit commercial information for lucrative purposes against the express objection of a user. When a user consents to the sending of e-mails such as product information and newsletters, the Company shall take measures so that the user may easily recognize the subject line and body column of the e-mail as follows.
a. Title of e-mail
- The phrase (advertisement) may not be displayed in the subject line, and the main contents of the e-mail body are displayed.
b. E-mail body
- The sender's name and e-mail address in indicated so that the user can express the intention to opt out.
- A clear method for users to easily express their intention to opt out is specified.
Article 10: Personal information redress service
In order to protect the personal information of customers and to handle complaints related to personal information, the Company has designated the following departments and personal information managers as follows. Any complaints related to the protection of personal information arising from using the Company's services may be reported to the person in charge of personal information management or to the department in charge. The Company will promptly respond in full to any such user reports.
Customer Service Department: Business Planning Team
telephone : 02-6203-6300
Personal Information Manager: Lee Gwan-Seok (team leader)
To make a report or receive consultation about other infringement of personal information, please contact the following organizations.
1. Personal Information Infringement Report Center (http://www.1336.or.kr/ dial 118 nationwide)
2. OPA Privacy (Information Protection Mark Certification Committee) (http://www.eprivacy.or.kr/02-580-0533~4)
3. Internet Crime Investigation Center, Supreme Prosecutors’ Office (http://icic.sppo.go.kr/02-3480-3600)
4. Cyber Terror Response Center, National Police Agency (http://www.ctrc.go.kr/02-392-0330)
Article 11: Obligation of notice
Announcement date: 2015 July 20
Effective date: 2015 July 20