NeoLFN Corporation (the “Company”) collects, retains, and manages personal information by obtaining the consent of a subject of information or complying with the related laws and statutes.
This policy shall take effect as of February 17, 2014.
In order to properly perform public service and protect rights and interest of a subject of information, the Company shall lawfully and appropriately handle personal information that is collected and retained in accordance with the related law and statutes. The Company shall respect rights and interests of a subject of information including requests for inspection and correction of personal information that the Company retains pursuant to the related law, and regarding any infringement of the rights under such legislation, you shall be entitled to seek an administrative trial as prescribed by the Administrative Appeals Act, or request a resolution or consultation from the Personal Information Dispute Mediation Committee, or the Privacy Information Center. The Company’s personal information management policy is based upon the Personal Information Protection Act that is currently enforced. This policy shall be applied to all websites run by the Company unless otherwise stated. Provided, That in case any separate personal information management policy is stipulated and enforced by the Company’s personal information manager (or division, team, department, etc.) for the purpose of dealing with matters related to the Act on the Promotion of Information and Communication Network Utilization and Information Protection, the Company shall comply with and notify such policy on its website.
- 1. 개인정보의 수집목적 및 이용목적
- 2. 목적외 사용 및 제3자에 대한 제공 및 공유
- 3. 개인정보 수집에 대한 동의
- 4. 개인정보관리책임자 및 개인정보관리담당자
- 5. 개인정보의 수집
- 6. 쿠키에 의한 개인정보 수집
- 7. 개인정보의 열람ㆍ정정
- 8. 동의철회(회원탈퇴)
- 9. 개인정보의 보유기간 및 이용기간
- 10. 만14세 미만의 아동의 개인정보보호
- 11. 개인정보침해 관련 상담 및 신고
- 12. 정책 변경에 따른 공지의무
1. Purpose of Personal Information Management
The Company shall not use personal information other than for the purposes specified below, and we shall obtain your consent in case such purposes are amended or revised.
- 1. To provide service
- Personal information is collected and used for the purposes of providing services including verification, issuance of a certificate (course competition), registration of a country domain, filing a grievance about spam, handling a grievance about stolen resident registration number (SSN), or consultation on overseas expansion.
- 2. To handle grievances or complaints
- Personal information is collected and used for the purposes of taking care of grievances or complaints including an inspection, correction and deletion of personal information, request for suspending the management of personal information, reporting a personal information leakage accident, receiving and dealing with a personal information infringement accident, dealing with grievances about spam, or reporting a hacking accident.
2. Period of Retention and Use of Personal Information
The Company shall use and retain personal information based on the related law or to the extent of the consent obtained from a subject of information.
Personal information shall be used and retained during the warranty period of NEOLFN Corporation.
3. Disclosure of Personal Information to a Third Party
Personal information that the Company collects and retains shall not be disclosed to any third party without the consent of a subject of information, except for any of the following cases:
- 1. Where the consent is obtained from a subject of information
- 2. Where any special provision exists in the law or it is inevitable to fulfill an obligation under any statute
- 3. Where it is obviously deemed necessary for life, physical safety and property interests of a subject of information or a third party, when the subject of information or his/her legal representative cannot give prior consent by reason of his/her unidentified address or his/her being unable to express one’s intention
- 4. Where personal information is necessary for the purpose of compiling statistics or scientific research personal information is provided in a form by which a specific individual cannot be identified
The Company shall notify a subject of information of the following items before obtaining his/her consent if the Company provides such personal information to a third party.
Name (name of a corporation or organization, if the third party is a corporate body), contact information
Purposes of using personal information, items of personal information to provide
Period of holding and using personal information to be provided
Fact that a subject of information has a right to reject to give his/her consent, and details of a disadvantage, if any, due to such rejection of giving his/her consent.
4. Entrustment of Personal Information Management
The Company, in principle, shall not entrust any third person with the management of personal information without the consent of a subject of information. Notwithstanding, if the Company entrusts a third party with the affairs of personal information management, the Company shall do so in accordance with Article 26 (Restrictions on Management of Personal Information Following Entrustment of Affairs) of the Personal Information Protection Act and provide documents containing the following matters and shall disclose the details of entrusted services and a trustee on the Company’s website.
- 1. Matters concerning prohibiting a third party from handling personal information for any purpose other than for performance of entrusted services.
- 2. Matters concerning technical and administrative protection measures of personal information
- 3. Other matters stipulated by Presidential Decree for the safe management of personal information
Purpose and Scope of Entrustment
Matters concerning prohibiting re-entrustment
Matters concerning measures that secure safety including limiting access to personal information
Matters concerning supervision including inspection of current status of personal information that is held by a trustee in connection with the entrusted services
Matters concerning liability for damages if a trustee is in violation of obligations under Article 26(2)
5. How to Exercise Rights and Obligations of a Subject of Information
You shall be entitled to exercise the following rights as a subject of information.
- 1. Request for inspection of personal information: Pursuant to Article 35 (Inspection of Personal Information) of the Personal Information Protection Act, a subject of information shall have the right to request inspection of personal information file held by the Company. Notwithstanding, such request for inspection of personal information may be restricted in any of the following cases as specified in Article 35(5).
- A. Where an inspection is prohibited or restricted by law
- B. Where it is apprehended that a third person’s life and body may be harmed or a third person’s property and other interests may be unreasonably infringed upon
C. Where a public institution causes serious inconvenience in the course of performing any of the followings
Affairs concerning tests of academic ability, functions, and employment, and qualification examination
Affairs concerning an assessment or judgment in progress in connection with the calculation of compensation or benefits
Affairs concerning an audit and an investigation in progress under other laws
- 2. Request for correction and deletion of personal information: With respect to personal information file held by the Company, a subject of information shall have the right to request correction and deletion of his/her personal information pursuant to Article 36 of the Personal Information Protection Act. Provided, That the subject of information shall not request deletion thereof if such personal information is stipulated to be collected by other laws.
- 3. Request for suspension of handling personal information: With respect to personal information file held by the Company, a subject of information shall have the right to request that the Company suspend the handling of his/her personal information pursuant to Article 37 (Suspension of Managing Personal Information) of the Personal Information Protection Act. In addition, a legal representative of a child under the age of 14 years shall have the right to request the inspection, correction and deletion of such child’s personal information and request that the Company suspend the handling of such information. Provided, That, a request from a subject of information to suspend the handling of his/her information may be rejected in any of the following cases under the Article 37(2) of the Personal Information Protection Act.
- A. Where any special provision exists in the law or it is inevitable to fulfill obligations under any statute
- B. Where it is apprehended that any third person’s life and body may be harmed or any third person’s property and other interests may be unreasonably infringed upon
- C. Where a public institution is unable to perform its affairs and services stipulated by other laws unless it manages personal information
- D. Where it is impractical to perform a contract including a failure to provide a subject of information with agreed services unless personal information is not managed, and the subject of information fails to clearly express his/her intention to terminate the contract
- 4. Regarding requests for an inspection, correction and deletion, and suspension of management of personal information made by a subject of information, the Company shall notify its measures related to the matters within ten (10) days. A request of the inspection, correction and deletion, and suspension shall be made at the Company’s personal information manager, and a request form is attached in [Annex 1.]
- 5. A subject of information may exercise the foregoing rights by means of a representative including his/her legal representative or delegate. In such case, a power of attorney shall be submitted as attached to [Annex 2.]
6. Items of Personal Information to be Used and Collected
The Company shall collect and retain personal information only by obtaining the consent of a subject of information and by complying with the law and statutes. The information file collected and held by the Company under the law and statutes is as follows.
< Company name, customer name, telephone number, e-mail address, website address >
7. Destruction of Personal Information
When the period of retaining personal information expires or the purpose of managing personal information is achieved, the Company, in principle, shall destroy such personal information. Provided, That, this shall not apply if the personal information must be preserved pursuant to other laws. Destruction procedure, deadline, and methods shall be as follows.
- 1. Destruction procedure
- When the holding period of personal information a subject of information provided expires or the management purpose thereof is achieved, such information shall be destroyed in accordance with the Company’s internal policy and relevant statute
- 2. Destruction deadline
- If the holding period of personal information expires, such personal information shall be destroyed within five (5) days after the holding period thereof expires, or if the purpose of personal information management is achieved, such personal information shall be destroyed within five (5) days from the date when the management of such information is deemed unnecessary.
- 3. Method of destruction
- The Company shall destroy personal information by means of the followings. For materials in an electronic form: permanently delete a file in an irreparable way For material in recording media including documents, prints, and writing, other than electronic files: shred or incinerate
8. Measures for Securing Safety of Personal Information
In compliance with Article 29 of the Personal Information Protection Act, the Company takes technical, administrative, and physical measures necessary for securing the safety of personal information as follows.
- 1. Establishment and implementation of an internal management plan
- The Company establishes and implements an internal management plan (January 6, 2014) pursuant to ‘the guidelines for measures to secure the safety of personal information (Notification No.2011-43 of the Ministry of Public Administration and Security)
- 2. Designation and training of personal information management manager
- The Company minimizes the designation of a personal information management manager and conducts a training session on a regular basis.
- 3. Restriction of access to personal information
- The Company controls access to personal information by granting, changing, cancelling an authority with its personal information manager to access data base system that manages personal information, prevents any unauthorized access from outside by using a firewall system and intrusion defense system, and uses Virtual Private Network (VPN) to allow its personal information manager to access to the data system from outside via communications network. In addition, the Company records details of granting, changing, or cancelling an authority, and keeps records for no less than three (3) years.
- 4. Keeping access records and preventing forgery
- The Company keeps and manages access records including weblog and summary information for no less than six (6) months, and makes sure that any of such access records are not forged, falsified, stolen, or missed.
- 5. Encryption of personal information
- Personal information is encrypted for storage and management. The Company also has a separate security program where important data is encrypted for storage and transmission.
- 6. Technical measures against hacking attack
- The Company installs, runs, renews, and monitors a security program on a regular basis, to prevent personal information leakage and damage caused by a hacking attack or computer virus, and places such system in a restricted area for technical and physical monitoring and protection.
- 7. Prohibition of access by an unauthorized person
- The Company establishes and operates the procedure for entrance control to prohibit an unauthorized person to access the system by separately placing a personal information system in a restricted area.
9. Personal Information Management Officier
If you have any inquiry about personal information protection or about reporting personal information infringement, please visit Privacy Information Center, an affiliate of the Korean Internet and Security Agency.
* You can reach the Center by calling 118 without area code (ARS extension number 2) or by email email@example.com
For any inquiry about personal information held by the Company, please refer to the contact information below.
|Personal Information Management Officer|
|Personal Information Protection Manager|
10. Amendment of Personal Information Management Policy
This personal information management policy shall take effect as of April 28, 2016.
You can check the previous version of policy below.
11. Remedies for Infringement of Rights and Interests
A subject of information shall have the right to seek remedies in the event of any infringement of personal information by requesting a resolution or consultation at the Personal Information Dispute Mediation Committee or the Privacy Information Center. For more information regarding any other matters related to privacy information, please contact the following agencies.
ㆍPrivacy Information Center
- 1. Personal Information Dispute Mediation Committee : (without area code) 118 (extension number 2)
- 2. Supreme Prosecutors’ Office Cybercrime Investigation Division : 02-3480-3571 (http://www.spo.go.kr)
- 3. National Police Agency Center for Cyberterrorism Defense : 1566-0112 (http://www.netan.go.kr)
- A person whose rights or interests are infringed upon arising from any measure or non-performance taken by a chief of a public institution as required by the provisions – Article 35 (Inspection of Personal Information), Article 36 (Correction and Deletion of Personal Information), Article 37 (Suspension of Personal Information Management) of the Personal Information Protection Act – shall be entitled to seek an administrative trial as prescribed by the Administrative Appeals Act.
- ※ For more information about an administrative trial, please visit the website of the Ministry of Government Legislation. (http://www.moleg.go.kr)