- New Technology Software(NTS)(‘the company’ hereinafter) highly value the users’ personal information. The company complies with the provisions concerning protection of personal information under statutes related to personal information, including the Act on Promotion of Information Network and Protection of Information and ‘guidelines for protection of personal information’ enacted by Korea Communications Commission.
- The company informs you that it always exerts to actively protect personal information the users provide, including what purposes and how such information is used for, through its policy concerning protection of personal information.
- This policy will go into force on 1 July 2012.
- 1. Items of personal information collected by the company
- The company collects the below-listed personal information from individual and business users for membership subscription, smooth customer counseling, and provision of various services. There will be no restrictions on your service even if you do not enter optional information. The company does not collect sensitive personal information that can possibly infringe basic human rights of the users (race, ideology, credo, political orientation, criminal or medical records or information).
- 1) Items collected
Individual members : Name, date of birth, gender, login ID, password, home phone number, address, mobile phone number, e-mail address and resident registration number
Business/group members : Company name, department, position, office phone number, e-mail address, tax-payer registration number, business line, date founded, login ID, password, CEO or representative’s name, representative phone number, e-mail address, and business address
All members : The below-listed information can be automatically generated and collected in the process of using the service or providing the service :
- Service use record, access log, cookies, access IP information, and record of delinquent use
- 2) How personal information is collected
Membership subscription through the Website, application for event participation, collection of generated information, revision of member information, fax, phone, or inquiry to customer center
- 2. Collection and applications of personal information
- The company uses personal information it collects for the following purposes: The company does not use all information the users provide for purposes other than those required to provide the service. The company will seek the users’ advance consent when such purpose changes.
- 1) Performing the contract obligations concerning service provision, billing, contents provision, purchase or payment, goods delivery or invoice mailing, authentication for banking and other financial services.
- 2) Member management
Authentication for membership-based service, user identification, prevention of illegal use by delinquent members or unauthorized use, confirmation of subscription, checking age, consent by legal custodian or agent when collecting personal information from minors below 14 years of age, complaint or suggestion handling, and publishing announcements
- 3) Use for marketing or advertisement
Developing new services, delivering information concerning events, providing customized services, services based on demographic features, displaying advertisement, measuring access frequency, and statistics concerning service use by the members
- 3. Period for Holding and Using Personal Information
- The company holds and uses the users’ personal information in the period it provides the service from the date the members subscribe for the service.
The company destroys the user’s personal information without delay when the user requests for withdrawal, or revokes his consent to collection and use of his personal information, or when the purpose of their collection or use is accomplished, or when the period for holding or using the information expires.
However, the following information is archived for a given period for specified reasons :
Items archived : Name, date of birth, gender, login ID, home phone number, address, mobile phone number, and resident registration number
Ground for archiving : Prevention of confusion in using service and cooperation to investigation by government authorities concerning illegal users
Period archived : 1 year
When it is required to archive under provisions of relevant statutes, the company archive members’ information for the following period as provided under relevant statutes :
Items archived : Service use record, access log, and access IP information
Ground for archiving : Act on Protection of Communication Secret
Period archived : 3 months
Records concerning marking/advertisement : 6 months (Act on Protection of Consumers in e-Commerce)
Records concerning contracts or subscription withdrawal : 5 years (Act on Protection of Consumers in e-Commerce)
Records concerning payment or supply of goods : 5 years (Act on Protection of Consumers in e-Commerce)
Records concerning consumer complaints or dispute settlement : 3 years (Act on Protection of Consumers in e-Commerce)
- 4. Procedure and Methods of Destroying Personal Information
- The company destroys the information as a rule when the purpose of collecting or using personal information is accomplished. Destroying procedure and methods are as follows :
- 1) Destroying procedure
- Information the users enter for membership subscription is destroyed after being transferred to a separate database (a separate filing cabinet in case of paper documents) when the purpose is accomplished and then saved for a given period pursuant to the internal policy or reason for protection of information under relevant statutes (refer the period for holding or using information).
- Personal information transferred to a separate database is not used for other purposes unless it is so dictated by the law.
- 2) Destroying methods
- Personal information saved in digital file format is deleted using technical methods where records cannot be restored.
- Personal information output on paper is destroyed by shredding or incinerating
- 5. Provision of personal information
- The company uses the users’ personal information within the extent notified under ‘2. Purpose of collecting or using personal information’. The company does not use the users’ personal information beyond the extent or disclose to outside parties without their consent, as a rule. In the below-listed cases, however, the company can provide personal information exercising attention :
- 1) When the users agree to disclosure in advance
- Details of service provision
- Details of event provision (information)
- 2) Personal information that are required to discharge the contract obligations for providing service for which it is remarkably difficult to obtain usual consent because of a financial or technical cause
- 3) Personal information disclosed pursuant to a statute provision, or requested by law enforcement authorities by procedures or methods provided under relevant statutes
- 6. Rights of Users or Legal Agents and Their Exercising Methods
- The users or legal agents can always inquire or revise the personal information belonging to them to the minor below 14 years of age, or request for termination of membership. For inquiry or revision of the personal information belonging to the user or to the minor below 14 years of age, you can personally view or revise the personal information by undergoing user authentication procedures by clicking ‘Revise personal information’ (‘Correct member information’) or to terminate the membership by clicking ‘Membership termination’.
Or, if you request by letter, phone or e-mail to the person in charge of personal information management, the company will take actions without delay.
When a user request for correction of any errors in his personal information, the company does not use or provide the relevant information until such correction is completed. Further, if wrong personal information has already been provided to a third party, the company will effect correction by notifying the third party of the correction without delay. The company treats personal information terminated or deleted based on a request by the user or legal agent as provided in ‘Period for holding or using personal information’ to ensure the personal information is not viewed or used for other purposes.
- 7. Installation, operation or refusal of devices collecting personal information automatically
- 1) Purposes of using cookies
Target marketing or provision of individually customized services by analyzing access frequency or visit hours of members and non-member users, capturing their tastes or areas of interest, tracking traces, measuring degree of participation in or frequency of visits to various events
The users are given an option to cookie installation. Therefore, the users can allow all cookies, have them undergo the user’s confirmation whenever they are saved, or refuse saving of all cookies, by setting up such options on their Web browser.
Example of setup (in case of Internet Explorer): Web browser top menu Tools > Internet Options > Personal Information
If you refuse cookie installation, you can experience difficulties in using some services that require login
- 8. Technical or administrative protection measures of personal information
- The company adopts the below-listed technical or administrative protection measures in order to secure security so that the user’s personal information is not lost, stolen, leaked, tempered or damaged while using the user’s personal information :
- 1) Encryption of personal information
The user’s personal information is protected by password. Critical data are encrypted for filing or transmission. They are protected using additional security functions, including those locking files.
- 2) Technical measures against hacking
The company installs or monitors its systems in a zone to which access from outside is controlled in order to prevent leakage or damage of the user’s personal information by hacking or computer viruses.
The company also prevents the personal information from being infringed by updating vaccine programs periodically and applying new vaccine programs immediately whenever a new virus outbreaks.
- 3) Restriction of access to personal information handling systems
The company has established criteria for granting, changing or deleting access privileges to database systems that are configured systematically to handle the personal information. The company also implements rules concerning the method of password generation and update intervals. The company takes all measures necessary to control access to the personal information.
- 4) Education of employees on handling personal information
The company implements various administrative measures, including minimizing the employees who handle the user’s personal information, periodic education programs to acquire new security technologies or to understand responsibility for protecting the personal information, and controlling their access to the personal information by granting separate passwords.
- 5) Management of individual ID and password
Only the user can use his ID and password, as a rule. The company is not responsible for problems arising from leakage of personal information such as ID, password or resident registration number, due to negligence of the user, or for consequences arising due to the inherent risk of the Internet. The users are requested to frequently update their passwords with a keen security mind of the password and to pay extraordinary attention to prevent their personal information from being leaked while logging in using PCs shared by general public.
- 9. User complaints concerning personal information
- The company has appointed persons in charge of managing personal information as follows in order to protect the customers’ personal information and to handle complaints related to personal information :
The users can report all complaints related to personal information protection that can arise while using the company’s service to the persons in charge of managing personal information. The company will provide speedy and sufficient response to such user reports.
Person in charge of personal information management
Name in full : Jaehong Kim
Tel. : 82-(0)52-245-9551
email : firstname.lastname@example.org
Please contact the following agencies for reporting personal information infringement or for counseling:
Personal Information Mediation Committee (1336)
Supreme Prosecutors Office Internet Crime Investigation Center (82-(0)2-3480-3600)
National Police Agency Cyber Terror Center (82-(0)2-392-0330)
- 10. Addenda