ECI Co., Ltd. (hereinafter referred to as the “Company”) has implemented the following privacy policy to ensure that users’ personal information and rights are protected and that complaints related to privacy information can be handled effectively.
If the Company revises its privacy policy, such will be announced through the website (or notified to individual users separately).
○ This policy will take effect beginning January 1, 2024.
1. Purpose of Processing Personal InformationThe Company will process personal information for the following purposes: Once processed, personal information will not be used for purposes other than what is described below. If the purpose of using the information changes, we will obtain your prior consent.
A. Handling of complaints
We will process personal information to verify the identity of the complainants, verify the content of the complaint, contact them to verify facts and give notices, and inform them of the result of handling the case.
B. Provision of goods and services
We process personal information in order to provide services, etc.
C. Utilizing the information for marketing and advertising
We process personal information in order to verify the effectiveness of services, check the frequency of access, obtain statistics on the use of services by members, etc.
2. Current status of personal information files
1. Name of the personal information file: Personal Information
Personal information items: email address, mobile phone number, work phone number, position, department, company name, access log, access IP information, and name of legal representative.
Method of collecting: Website
Basis of holding personal information: User consent concerning personal information
Period of holding the personal information: 3 years
Related laws and regulations: Records on the gathering, processing, and use of credit information: three years; Records on the processing of consumer complaints and handling of disputes: three years; Records on contract signing or withdrawal of application, etc.: five years
3. Period of processing and holding personal information
① The Company processes and holds personal information during the period of holding and using personal information as per related laws or the personal information holding and use period agreed to by the owner of such personal information at the time of gathering personal information.
② The period of processing and holding personal information in each scenario is as follows:
1.<Handling a complaint>
The personal information related to the <handling of complaints> is held for <three years> from the date of giving consent to the gathering and use of personal information, for the purpose of using such information as mentioned above.
Basis of holding the information: User consent concerning personal information
Related laws: 1) Records on the handling of customer complaints and disputes: three years
2) Records on contract signing or withdrawal of application: five years
Exceptions:
4. Items related to the provision of personal information to third parties
① We provide personal information to third parties only in accordance with Articles 17 and 18 of the Personal Information Protection Act, including regulations on the consent by the owners of the information and other specific regulations in the law.
② The Company provides personal information to third parties as shown below.
1. “Company”
Party provided with personal information: “Company”
Purposes of personal information to be provided: email, mobile phone number, gender, date of birth, name, work phone number, position, department, company name, legal representative’s name, mobile phone number of the legal representative
Period of use and holding of the information by the party provided with the information: 3 years
5. Rights and obligations of the information owner and the legal representative and how to exercise such rights As the owner of the personal information, the user may exercise the following rights.
① The owner of the information may make demands for accessing, correcting, deleting, and suspending the processing of personal information to the Company anytime.
② The rights in Paragraph 1 can be exercised by making a demand to the Company in writing or via email or fax transmission in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will respond to such demand without delay.
③ The rights in Paragraph 1 can be exercised by the legal representative of the information owner or other agents, such as a delegated person, etc. In such case, it is required to submit a power of attorney in accordance with Form No. 11 of the Enforcement Rules of the Personal Information Protection Act.
④ The demands for accessing personal information or suspending the processing of personal information may restrict the rights of the owner of the information in accordance with Article 35 Paragraph 5 and Article 37 Paragraph 2 of the Personal Information Protection Act.
⑤ As for the demands for making corrections to or deleting personal information, the deletion of personal information may not be demanded if the personal information is required to be gathered by other laws.
⑥ The Company will verify whether a party making demands for accessing, correcting, deleting, or suspending the processing of personal information in accordance with the rights of the owner of the information is the owner of the information or his/her authorized representative.
6. Documentation of personal information items to be processed
① The Company processes the following personal information items:
1<Handling a complaint>
Required items: email, mobile phone number, work phone number, position, department, company name, legal representative’s name, mobile phone number of the legal representative
- Optional items:
7. Disposal of personal information In principle, the Company will dispose of the applicable personal information as soon as the purpose of processing such information is fulfilled. The process, due date, and method of disposal are as follows:
-Process of disposal
The information inputted by a user will be transferred to a database after serving its purpose (or to a separate file in case of printed documents), where the information will be stored in accordance with the internal policies and other related laws and regulations for a certain period, after which it will be disposed of immediately. At this time, the information moved to a DB will not be used for purposes other than those set forth in the law.
- Due date for disposal
Once the storage period has lapsed, the personal information of the user will be disposed of within five days of the end of the storage period. If the information is no longer needed due to the fulfillment of purpose of processing personal information or termination of the service, or the information is no longer needed otherwise, the personal information will be disposed of within five days when it is recognized that the processing of the personal information in question is no longer needed.
- Method of disposal
For the information in electronic file format, we use technical methods that will render displaying the information impossible.
8. Issues related to the installation, operation, and refusal of mechanisms to gather personal information automatically
The Company does not use “cookies,” which store and load the usage information by the information owner from time to time.
9. Documentation by the personal information protection officer
① The Company has designated a personal information protection officer as follows for the purpose of overseeing and assuming responsibilities for the processing of personal information and handling and remedying complaints of information owners related to the processing of personal information:
▶ Personal Information Protection Officer
Name: Lee Jeonggwan
Position: Team Leader, Administrations Team
Paygrade: Senior Staff
Contact: +82-31-431-2152
② Information owners may contact the personal information protection officer or the responsible department with regard to any inquiries concerning personal information protection, complaints handling, or remedies for damages suffered in the course of using our services (or businesses). The Company will answer and address the questions of the information owner without delay.
10. Amendment of the privacy policy
① This privacy policy takes effect from the date of its implementation. If there are any items to be added, deleted, or updated in accordance with the laws and policies, we will make an announcement to inform you of such changes seven days prior to the implementation of such change.
11. Securing Personal Information In accordance with Article 29 of the Personal Information Protection Act, the Company has introduced the necessary technical and administrative measures as well as physical measures to secure the information as follows:
1. Minimizing the number of employees handling personal information and providing training
We designate and minimize the number of employees who handle personal information to limit them to the responsible staff for managing personal information.
2. Technical measures to address hacking threats, etc.
To prevent personal information theft and damage through hacking, computer viruses, etc., we installed security programs that are regularly updated and inspected. We also installed our systems in a place with controlled access, monitoring and isolating them technically and physically.
3. Encryption of personal information
The personal information and passwords of users are stored and managed in encrypted form. The information is legible only to the owner of the information. Important data in the form of files or transmitted data are encrypted or locked as additional security measures.
4. Storage of access log and prevention of tampering
Records of accessing the personal information processing system are stored for at least six months, and we have implemented security functions to prevent tampering, loss, or theft of such access records.
5. Controlling unauthorized access
We have a separate physical location to store personal information, to which an access control procedure has been applied.
