1. Purpose of handling personal information
We handle personal information for the following purposes. We do not use personal information for a purpose other than what is stated in the following. We will obtain users’ consent in advance when we need to use it for a different purpose other than what is stated in the following.
1) Website membership subscription and management
We handle personal information for the following purposes: ascertainment of users’ intention of membership subscription, identification of members concerning service provision, management of membership, identification under the restrictive identification system, prevention of dishonest use of services, checking legal agent’s consent to collection of personal information of minors (those under the age of 14), notices, handling of complaints, preservation of records for dispute settlement, etc.
2) Handling civil complaints
We handle personal information to identify parties submitting civil complains, ascertain the content of civil complaints, contact people to survey facts or inform people of results of our handling.
3) Provision of goods or services
We handle personal information to provide services and contents.
4) Use in marketing and advertisement
We handle personal information for the following purposes: development of new services (goods), provision of customized services, provision of event-related/promotional information, provision of participating opportunities, provision of demographic statistics-related services, ascertainment of service effectiveness and connection frequencies, statistics on members’ use of service, etc.
2. Personal information collected by us and period for retention
- 1) Personal information collected by us: names of people, their business, position, email address, password
- 2) Other information: Cookies, IP address, service usage records, records of visiting, device information may be created automatically and collected in the course of using our services.
- 3) Period for retention: We destroy personal information right upon attainment of the purpose of collection and use.
3. Provision of personal information to third parties
We provide personal information to third parties only as consented by subjects of information or as required by the law including the Articles 17 and 18 of the Personal Information Protection Act.
4. Rights of subjects of information and how they can exercise their rights
1) Users may exercise the following rights as subjects of personal information.
- a. Right to access their personal information kept by us
- b. Right to ask to correct errors in their personal information kept by us
- c. Right to delete their personal information kept by us
- d. Right to stop handling personal information
- 2) Users may exercise the rights stated in paragraph 1 by asking us in writing or email or fax, using the form in Schedule 8 of the Enforcement Rules of the Personal Information Protection Act. We will process such requests immediately.
- 3) Where a subject of information asks us for correction of errors in or deletion of their personal information retained by us, we will stop using it until the correction or deletion.
- 4) The rights stated in paragraph 1 may be exercised through a legal agent or a rightfully entrusted one of a subject of information by submitting power of attorney, using the form in Schedule 11 of the Enforcement Rules of the Personal Information Protection Act.
5. Destruction of personal information
We will follow a request for destruction of personal information from a subject of information without delay as follows.
- 1) Destruction procedure
Upon attaining the relevant purpose, we relocate personal information provided by users to separate database (or to a separate document in the case of a paper document) and destroy it immediately or after keeping it for a given period of time under our in-house guidelines or the law. The personal information thus relocated to the database is used only as required by the law.
- 2) Deadline for destruction
We destroy users’ personal information within 5 (five) days of the last day of the safekeeping period or of the day our handling of the personal information is judged to be unnecessary as a result of having attained the purpose of handling it, termination of the service, or termination of the relevant business.
- 3) Methods of destruction
We destroy personal information kept as an electronic file irrecoverably, using a technical method. We destroy personal information contained in printout paper by shredding or incinerating.
6. Steps taken to keep personal information safe
We take technical, administrative, and physical steps including the following to keep personal information safe under Article 29 of the Personal Information Protection Act.
- 1) Minimization of the number of employees handling personal information and education
We have designated and minimized the number of employees handling personal information for efficient and effective management.
- 2) Periodic internal inspection
We conduct internal inspection of the personal information handling procedure once a quarter.
- 3) Operation of the internal management plan
We have established and are operating an internal management plan for safe handling of personal information.
- 4) Encryption of personal information
The personal information and passwords of users are encrypted for storage and handling in which each user’s password is only known to the relevant user. Important data are handled with additional security measures such as using file locking system or encryption.
- 5) Technical countermeasure against hacking
IGAWorks installs security programs and conducts periodic update and inspection to prevent leaking or corruption of personal information due to hacking or computer viruses. The system is installed and managed in a restricted area for technical/physical surveillance and blockage.
- 6) Restriction of access to personal information
Granting, changing, and expiring of access to the personal information database system are being enforced to restrict access to personal information. An intruder detection system is also being operated to block unauthorized access.
- 7) Retention and alteration prevention of access records
We retain access records for more than 6 months and we operate a security system designed to prevent alteration, theft or loss of the records.
- 8) Using a locking device for document security
We keep personal information, relevant documents, and ancillary storage media in a tightly locked place.
- 9) Restricted access of unauthorized personnel
We keep personal information in a physically separated area which is controlled by an access restriction process.
7. The Personal Information Manager
We designate the personal information manager as one responsible for handling personal information, complaints of subject of information about the handling of personal information, and matters about damage relief. Please contact our Personal Information Manager stated in the following and department in charge for inquiries about protection of your personal information handed by us, complaints or matters about remedies about damages. We will respond to your requests promptly.
- Personal Information Manager
- Name: Lee, Sang-soo
- Department: Legal
- Mail: firstname.lastname@example.org
Effective Date: November 1, 2017