KDfinechem Co., Ltd. (hereinafter referred to as the 'Company') has established the following Personal Information Policy to ensure that the users’ personal information and rights are protected and the users’ complaints related to personal information are smoothly processed in accordance with the Personal Information Protection Act.
If the Company revises the personal information policy, the revised policy will be notified on the Company’s website (or individually notified).
This policy takes effect from January 1, 2023.
1. Purpose of processing personal information
The Company processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following purposes. If the purpose of use is changed, prior consent will be sought
A. Website Membership Registration and Management
Personal information will be processed for such purposes as the identification and authentication of the member according to the provision of membership services, identification of the member according to the implementation of the limited identification system, and prevention of illegal use of services.
B. User Complaint Handling
Personal information will be processed for such purposes as the verification of the identity of the complainant and complaint, contacting and notifying for fact-finding, and notifying the processing result.
C. Provision of Goods or Services
Personal information will be processed for providing services, etc.
D. Use for Marketing and Advertising
Personal information will be processed for checking the validity of the service, checking the frequency of access, or statistics on the use of the service by the members.
2. Personal Information File
A. Personal information file name: Personal Information
B. Personal information items : Email address, mobile phone number, company phone number, position, department, company name, access log, access IP information, legal representative
C. Collection method : Website
D. Basis for retention : Consent to the use of personal information
E. Retention period : 3 years
F. Relevant regulations : Records on the collection/processing and use of credit information: 3 years, records of consumer complaints or disputes : 3 years, records of contract or subscription withdrawal, etc. : 5 years
3. Processing and Retention Period of Personal Information
A. The Company retains the personal information within the period of retention and use of the personal information that is allowed under the relevant laws or that was agreed upon when collecting personal information from the information provider.
B. Each personal information processing and retention period is as follows:
- Records on the processing of consumer complaints or dispute resolution : 3 years
- Records on contracts or subscription withdrawals : 5 years
4. Matters concerning the provision of personal information to third parties
A. The Company provides personal information to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act, including the consent of the information provider and special provisions of the law.
B. The Company provides personal information to third parties as follows:
- Recipient of personal information : Company
- Purpose of use of personal information by the recipient : E-mail, mobile phone number, gender, date of birth, name, company phone number, position, department, company name, legal representative's name, legal representative's mobile phone number
- Period of retention/use : 3 years
5. Rights and obligations of information provider and legal representatives and how to exercise them : As the provider of personal information, a user can exercise the following rights:
A. The information provider may exercise the right to request access, correction, deletion, and suspension of the processing of his/her personal information at any time against the Company.
B. The exercise of the rights pursuant to Paragraph 1 above may be done in writing, e-mail, or facsimile in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and if there is such a request, the company will take action without delay.
C. The exercise of the rights pursuant to Paragraph 1 above may be done through an agent such as the legal representative of the information provider or a person who has been delegated. In this case, you must submit a power of attorney to the Company in accordance with Form 11 of the Enforcement Decree of the Personal Information Protection Act.
D. The rights of the information provider to request access to and suspension of processing of personal information may be restricted in accordance with Article 35 (5) and Article 37 (2) of the Personal Information Protection Act.
E. The request for correction and deletion of personal information may not be accepted if the personal information is specified as the collection target in other laws and regulations.
F. The Company checks whether the person who made a request for access, correction or deletion, or suspension of processing under the rights of the information provider is the information provider or his/her legitimate agent.
6. Completion of personal information items to be processed
A. The Company processes the following personal information items:
- Required items : E-mail address, mobile phone number, company phone number, position, department, company name, legal representative name, legal representative mobile phone number
7. Destruction of personal information: When the purpose of personal information processing is achieved, the Company, in principle, destroys the personal information without delay. The procedures, deadlines and methods of destruction are as follows:
A. Destruction procedure
The information entered by the user is transferred to a separate DB (in the case of paper, a separate document) after the purpose is achieved and stored for a certain period or immediately destroyed in accordance with internal policies and other related laws.
At this time, the personal information transferred to the DB will not be used for any other purpose unless it is in accordance with the law.
B. Destruction deadline
When the retention period of the personal information has elapsed, the user's personal information will be destructed within 5 days from the end of the retention period,
and when the personal information becomes unnecessary due to reasons such as the achievement of the purpose of processing personal information, the abolition of the service, and the termination of the business, the personal information will be destroyed within 5 days from the date the processing is deemed unnecessary.
C. Destruction method
For the information in the form of electronic files, a technical method that cannot reproduce records is used.
8. Matters concerning the installation, operation and rejection of the automatic personal information collection system
The Company does not use 'cookies' that store and retrieve the information provider's usage information from time to time.
9. Personal information protection manager
A. The Company designates a personal information protection manager who oversees the work related to personal information processing, and handles complaints of information providers related to personal information processing, et* Personal information protection manager
- Affiliation : KDfinechem Co., Ltd.
- Name : Cheon Soo-min
- Contact : 031-680-0518
B. The information provider may inquire about all personal information protection-related inquiries, complaint handling, damage relief, etc. that occurred while using the Company's service (or business) to the personal information protection manager or the department in charge.
The Company will answer and process such inquiries of the information provider without delay.
10. Changes to the Personal Information Policy
This Personal Information Policy takes effect from the Effective Date, and if there are additions, deletions or corrections to the Policy according to the relevant laws and regulations, the Company will provide notification through a notice seven days before the enforcement of such changes.
11. Measures to secure the safety of personal information: In accordance with Article 29 of the Personal Information Protection Act, the Company takes the following technical, administrative and physical measures necessary to ensure safety.
A. Streamlining and education of personnel in charge of personal information
The Company designates the personnel in charge of processing personal information and limits the number of such personnel to a minimum to protect personal information.
B. Technical measures against hacking, etc.
In order to prevent leakage and damage of personal information caused by hacking or computer viruses, the Company installs security programs, periodically updates and inspects them, and installs systems in areas where access is controlled from outside to perform technical/physical monitoring and blocking.
C. Encryption of personal information
As the user’s password is encrypted for storage and management, only the user can know his/her password, and in the case of important data, a separate security function is used, such as the encryption of the file and transmission data or the use of the file lock function.
D. Storage of access records and prevention of forgery
The Company keeps and manages the records of access to the personal information processing system for at least 6 months, and uses security functions to prevent forgery, theft, or loss of access records.
E. Access control for unauthorized persons
The Company has a separate physical storage place to store personal information, and established and operates access control procedures for it.