Article
1 General Provisions
1. Exon
R&D Co., Ltd. values personal information provided by members and is doing
its best to protect members' personal information by complying with the Personal Information Protection Regulations and Guidelines for
Personal Information Protection under the Act on Promotion of Information and
Communication Network Utilization and Information Protection (hereinafter
referred to as the "Information and Communication Network Act"), and
"Technical and Management Protection Measures for Personal Information."
2.
Through the Personal Information Handling Policy (hereinafter referred to as
the "Policy"), the company informs you of the use and method of
personal information provided by members and what measures are being taken to
protect personal information.
3.
This policy may be changed in accordance with the laws and guidelines of the
government, and may be adjusted according to the company's terms and conditions
and policy changes. If the company revises this policy, it will notify the
company's website for seven days.
4.
Members have the right to protect their personal information, as well as the
obligation to protect themselves and not to infringe on other people's
information. Be careful not to leak personal information of members, including
passwords, and be careful not to damage other people's personal information,
including posts. If you fail to fulfill these responsibilities and damage the
information and dignity of others, you may be punished by the Information and
Communication Network Act.
Article
2 Purpose of Collection and Use of Personal Information
1.
"Personal information" refers to information on an individual, such
as a code, text, voice, sound, video, etc. that can identify the individual by
name, resident registration number, etc. Even if that information alone does
not identify a particular individual, it includes something that can easily be
combined with other information to identify.
2.
The company collects personal information of members through the process of
signing up as a member on the company website. The company is preparing a
procedure to "agree" or "cancel" the contents of this
policy when signing up as a member, and if a member selects the
"agree" button, it is considered to have agreed to collect personal
information.
3. The
company uses the collected personal information for the following purposes.
① Identify yourself, identify yourself for
service delivery
② Contract performance and fee settlement for
service provision
③ Provision of service-related information
(e.g., introduction of new services, delivery of advertising information such
as events)
Article
3 Items and methods of collecting personal information
1.
When registering as a member, the company can present essential input items of
member information and request additional information when receiving orders for
the use of some services.
2. If
a member wants to use the company's service, the following information must be
entered.
① Name, ID, password, social security number,
mobile phone number, e-mail address, home address, etc. necessary for member
management
② Name (or company name), type and number of
certificate, phone number, address, e-mail address, etc. necessary for service
application and use
③ Information related to the recipient necessary
for issuing and sending tax invoices
3. A
member who wants to settle the fee for providing the service must enter items
such as bank account information and credit card information within the range
necessary for payment of the fee.
4. If
a person under the age of 14 applies for membership, the company may collect
information such as the name, resident registration number, phone number,
address, etc. of the legal representative (e.g., parents) for membership
registration and service provision
5.
Information such as usage records, access logs, cookies, access IP information,
visit date and time, payment records, and suspension records can be collected
during the service use process.
6.
The company collects personal information by website, written form, phone, fax,
inquiry board, e-mail, event, and delivery request.
Article
4 Period of Retention and Use of Personal Information
1.
While a member maintains his or her qualifications as a member and receives
services from the company, the company continuously retains the member's
personal information and uses it to provide services.
2. In
the event of complaints such as abuse, name theft, etc. of members' rights,
personal information may be held for 30 days from the date of withdrawal of
members to confirm the facts such as handling objection and explanation.
3. In
the case of defective members who use the service unhealthyly, the company can
keep the personal information for one year even after withdrawal for the
purpose of preventing the recurrence of illegal use, requesting investigations
by law enforcement agencies, and protecting other members.
4. Personal information may be retained for a certain
period of time prescribed by the relevant laws and regulations after withdrawal
of membership if necessary due to the confirmation of the relationship of rights
and obligations related to transactions.
① Records of contract or withdrawal of
subscription, etc.
② Records on payment and supply of goods, etc.:
5 years
③ Records of consumer complaints or dispute
settlement: 3 years
Article
5 Procedures and methods for destroying personal information
1.
The personal information of the members collected by the company shall be
destroyed without delay after the purpose has been achieved or the retention
and use period has elapsed. Personal information printed on paper is destroyed
by crushing or incineration with a shredder, and personal information stored in
the form of an electronic file is deleted using a technical method that cannot
be reproduced.
2. If
a member's personal information is held for a certain period of time according
to the company's policy and the reasons for information protection under the
relevant laws and regulations, the personal information is transferred to a
separate database and stored for a certain period of time. Personal information
transferred to a separate database shall not be used for any purpose other than
retention unless by law.
Article
6 Sharing and Provision of Personal Information
1.
The company may not provide and share the personal information of the member to
a third party without the prior consent of the member. Provided, That this
shall not apply to any of the following cases.
① When providing 'Domain Registrar Information
(WHOIS)' inquiry service for domain names
② Where requested by a state agency pursuant to
relevant laws and regulations
③ Where a request is made by an investigative
agency for the purpose of investigating a crime
④ Where it is necessary for information
protection, such as confirmation of fraud, including violation of the terms and
conditions of a member
⑤ Where the information of a member is used for
business contact
⑥ In the case of sharing some information only
on matters related to banking
⑦ Where it is provided in a form in which it is
impossible to identify a specific member, as necessary for statistical
preparation, public relations data, academic research, or market research
2. If
the company seeks the consent of the member in advance to provide or share the
personal information of the member, the following matters shall be notified. In
this case, the company will notify the website for 7 days or obtain consent by
phone, mail, fax, or e-mail.
① Person receiving personal information
② Purpose of use of personal information of a
person receiving personal information
③ Items of personal information you provide
④ Period of retention and use of personal
information of a person receiving personal information
3. If
the company takes over all or part of its business or succeeds to the rights
and obligations of a third party through merger or inheritance, the following
matters shall be notified to the members who have joined the third party. In
this case, the company will notify the company's website for 30 days or by
phone, mail, fax, or e-mail. However, exceptions are made when a third party
notifies the transfer of personal information in advance through the same
procedure and contents.
① Facts of succession of rights and obligations
of a third party and company name
② Name, department, status, phone number, and
other contact information of the person in charge of personal information
management
③ Purpose of use, retention and period of use of
personal information
④ Rights and methods of exercise of members,
such as withdrawal of consent to collection, use, and provision of personal
information
Article
7 Measures for Personal Information Protection
1.
The company takes the following technical measures to ensure safety so that
personal information is not lost, stolen, leaked, tampered with, or damaged in
handling personal information of members.
① The personal information of the member is
thoroughly protected by the password entered at the time of membership
registration.
② The company adopts Secure Sockets Layer (SSL)
that can securely transmit personal information on the network using
cryptographic algorithms.
③ The company takes measures to prevent leakage
or damage of personal information of members by computer viruses using vaccine
programs. In preparation for personal information damage, data is backed up
from time to time and personal information of members is safely transmitted
using the latest vaccine program.
④ The company strives to use intrusion
prevention systems to control unauthorized access from outside and to equip
itself with all other possible technical devices for system security.
2.
The company separately designates employees who handle the member's personal
information to limit the scope of employees who can handle the member's
personal information to a minimum, and the minimum number of employees is as
follows.
① A person who directly conducts customer
support or marketing affairs against a member
② A person who performs personal information
management, such as a person in charge of personal information management
③ Any other person who is inevitable to handle
personal information in his/her duties
3.
The company emphasizes compliance with the personal information handling policy
through occasional training on new security technologies for employees who
handle personal information.
4. If
the personal information handler changes, the company changes or cancels the
access authority of the personal information processing system without delay.
Article
8 Matters concerning the operation of cookies
1. In
order to provide optimized services to members, the company operates a
"cookie (access information file)" that analyzes access frequency,
visit time, etc. and identifies members' tastes and interests.
2.
Members have the option for 'cookie'. By selecting the option in your web
browser, members can accept all cookies, go through verification every time
they are saved, or refuse to save all cookies. However, if you refuse to save
all cookies, you will not be able to use the services provided by your company
through them.
■ How
to specify whether to allow cookies to be installed: if you are using Internet
Explorer
Select
Internet Options from the Tools menu > Click the Privacy tab > Set
Privacy Level
■ How
to View Received Cookies: If you are using Internet Explorer
From
the Tools menu, choose Internet Options > General tab, choose Settings for
Search History > View Files for Temporary Internet Files
Article
9 The rights of members and the method of exercising them
1.
Members should prevent unexpected accidents by accurately entering their
personal information in the latest state. The member is responsible for
accidents caused by inaccurate information entered by the member, and if false
information such as theft of other people's information is entered, the company
may disqualify the member.
2.
Members and legal representatives can view the personal information of members
registered with the company at any time or correct errors. In the case of
personal information viewing and error correction, you can click "My
Information> Information Correction" on the company website to directly
view or correct errors, or ask the person in charge of personal information
management to read or correct them in writing, phone, or e-mail. In this case,
the personal information will not be used or provided until the correction is
completed.
3.
Members and legal representatives may withdraw their consent to collect, use,
and provide personal information at any time. In this case, the member may
request withdrawal of the member by written, telephone, e-mail, etc. If there
is no service in use, the company will destroy the member's personal
information by the procedures and methods specified in Article 5 of this
policy.
Article
10 Personal Information Management Officer
1.
The company designates the department in charge as follows to protect members'
personal information and handle complaints related to personal information.
Department
in charge: Management department
Phone number: 031-362-6833
Manager:
2.
Members may report any complaints related to personal information protection
arising from using the company's services to the department in charge or the
person in charge of personal information management. The company gives a quick
and sufficient response to the member's declaration.
3. If you need to report or consult other personal information infringement, you can contact the following institution.
-
Individual Dispute Mediation Committee (http://www.1336.or.kr/ Without area
code 1336)
-
Information Protection Mark Certification Committee (http://www.eprivacy.or.kr/02-580-0533
~4)
-
Internet Crime Investigation Center of the Supreme Prosecutors' Office (http://www.spo.go.kr/02-3480-2000)
-
National Police Agency Cyber Terror Response Center
(http://www.ctrc.go.kr/02-392-0330)
[Shy]
1.
This policy will take effect on September 1, 2017.