close

개인정보취급방침

Personal Data Handling Policy

Personal Data Handling Policy

line

Personal Data Handling Policy

YM Tech Co., Ltd. (hereinafter referred to as “the company”) handles all personal data based on laws and collects, retains and processes based on consent of the data subject.

This policy shall start on August 1, 2018.

The company will legitimately and properly handle personal data collected, retained and processed based on laws to ensure appropriate public duty fulfillment and protection of rights of data subjects.
Also, the company respects the rights of use of data retained by the company based on laws through the right to peruse or correct personal data. Data subjects may file for administrative trials if there is an infringement on the legal rights. Also, you may request Personal Data Conflict Mediation Committee or Personal Data Infringement Report Center for conflict resolution or consultation.
The company’s personal data processing policy is based on the current 「Personal Data Protection Act」.
If the company establishes and implements a separate personal data processing policy within a relevant organization within the company to execute related laws such as the 「Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc.」, this shall be observed and appear on the website of the organization.

1. Purpose of Personal Data Processing
The company shall not use any personal data for a purpose other than the following and will secure consent if the purpose of use is modified.

Service provision: Personal data will be processed for purposes of service provision such as inquiries to purchase products and customers’ inquiries.

2. Security Measure Maintained on the Website
The company runs various security programs to monitor network traffic and detect illegal data change for website security or continued services.

3. Link and Banner
If you transfer to other website by clicking on the company-run link or banner, the website will be subject to personal data processing policy suggested by the operator. Therefore, please check the personal data processing policy on the relevant website you visit.

4. Collection and Retaining of Personal Data
The company collects and retains personal data only based on laws and upon consent of a data subject. Major personal data files collected and retained by the company based on laws are as follows:

Division Reason for Retaining Purpose of Retaining Major Item Retaining Period
Inquiry to Purchase Product
Customer Inquiry
Consent of Data Subject Answer to Inquiries Name, Email,
Mobile Phone Number, etc.
3 Years
Personal Data
Report Leak
The Personal Data Protection Act
Article 15
Execution of Duties of Public Institutions Name, Contact Details,
Email
3 Years
Request for consultation for collection and use of order number Korea Internet & Security Agency
Regulations on Complaint Processing
Complaint Processing Necessary Information: Name, Email and content of complaint
Selection Item: Telephone, Mobile Phone Number
3 Years

– Matters pertaining to provision of personal data to a third party

1) Consented by a data subject separately
2) Unavoidable based on laws or to comply with legal duties
3) Clearly recognized to be necessary to urgently protect life, body and property of a data subject or a third party when a data subject or his/her legal agent cannot present opinions or consent cannot be secured due to address issues
4) If pertaining to any of the following, except for when it is likely that interest of a data subject or a third party can be illegitimately infringed on, user’s personal data may not be used for a purpose other than prescribed or transferred to a third party.
a. If separately consented by a data subject
b. If laid out separately in other laws
c. Clearly recognized to be necessary to urgently protect life, body and property of a data subject or a third party when a data subject or his/her legal agent cannot present opinions or consent cannot be secured due to address issues
d. If providing personal data in a way that makes it impossible to recognize a specific individual as necessary to fulfill the purposes such as statistics preparation or academic research
e. If reviewed and resolved by the Data Protection Committee when it is not possible to fulfill required affairs based on other laws unless personal data are used for a purpose other than prescribed or offered to a third party
f. As necessary to provide to a foreign government or an international institution to implement a treaty or other international agreement
g. As necessary to investigate into a crime, prosecute a case or maintain such a status
h. As necessary to fulfill a court’s ruling affairs
i. As necessary for imprisonment, custody or protective disposition

5. Matters pertaining to commissioning of personal data

The company does not commission a customer’s data to an external source without the customer’s consent.
If it becomes necessary in the future, commissioned affairs will be notified to the customer and his/her advance consent will be sought as necessary.

5. Matters pertaining to commissioning of personal data

A user, as a data subject, may execute the following rights:
1) Request to peruse personal data: You may request to peruse personal data files retained by the company based on Article 35 (Perusal of Personal Data) of the 「Personal Data Protection Act」. However, such a request may be limited as follows based on Article 35-5 of the 「Personal Data Protection Act」.
a. Prohibited or restricted to peruse based on the laws
b. Is likely to harm other person’s life and/or body or unfairly infringe on other person’s property or other interest
c. If a significant problem occurs when a public institution conducts any of the following:
i. Matters pertaining to imposition, collection and return of taxes
ii. Matters pertaining to performance assessment or recruitment at various levels of schools based on the 「Elementary and Middle School Education Act」 and the 「Higher Education Act」 and lifetime education based on the 「Lifetime Education Act」, Other affairs necessary for performance assessment or recruitment at higher education institutions established based on other laws and regulations
iii. Matters pertaining to education, technologies, employment and qualification screening
iv. Matters pertaining to assessment or judgment relevant to estimation of compensation or benefit
v. Matters pertaining to inspection and investigation under way based on other laws
2) Request to revise and/or delete personal data: You may ask the company to revise and/or delete your personal data, as retained by the company, based on Article 36 (Revision and Deletion of Personal Data) of the 「Personal Data Protection Act」.
However, if relevant personal data are prescribed to be a subject of collection in other laws, you may not request to delete the personal data.
3) Request to suspend processing of personal data: You may request the company to suspend processing of personal data based on Article 37 (Suspension of Processing of Personal Data) of the 「Personal Data Protection Act」.
Also, legal representatives of children under 14 may request the company to allow perusal of the child’s personal data, revise, delete or suspend processing of the data.
However, a request to suspend processing of personal data may be rejected based on Article 37-2 of the 「Personal Data Protection Act」.
a. If laid out separately in the laws or unavoidable to comply with legal duties
b. If it is likely to harm other person’s life and/or body or infringe on other person’s property or interest unfairly
c. If it is not possible to fulfill legal duties unless a public institution does not process personal data
d. If a data subject does not clearly present his/her intent to cancel the contract when it is difficult to implement the contract, such as disability to provide services arranged with the data subject unless personal data is processed
4) The company’s measure shall be notified to any request to peruse, revise, delete or suspend processing of personal data within 10 days. Any request to peruse, revise, delete or suspend processing of personal data can be processed by a relevant department.
5) Departments to peruse, revise, delete or suspend processing of personal data are as follows:

Person responsible to protect personal data
Name: Hong-gi Kim
Position: Representative Director
Contact Detail: +82-43-212-6651
Person Responsible to protect personal data
Responsible person: Gang-seok Yoon
Contact Detail: +82-43-212-6651 (Extension: 228), yks@goodymt.com
There will be constant guidance and supervision to ensure that personal data collected based on the laws are used for a purpose prescribed for collection and processing.

7. Matters Pertaining to Destruction of Personal Data

The company will destroy relevant personal data immediately if the period to keep the data has passed or the purpose of processing has been fulfilled.
However, this shall not apply when it is necessary to preserve the data based on the laws. Procedure, time limit and method of destruction are as follows:
1) Destruction Procedure
Any data entered by a user shall be destroyed based on internal regulations or related laws as the keeping period has passed or the purpose of processing has been fulfilled.
2) Time Limit for Destruction
A user’s personal data will be destroyed within 5 days from the end date of a keeping period if the keeping period has passed. It may be destroyed within 5 days from the date when processing of personal data is recognized to be unnecessary as the purpose of use has been fulfilled and such data has become unnecessary.
3) Method of Destruction
The following method shall be applied when the company destroys personal data:
– Electronic file: permanent deletion in a way disabling recovery
– Records, printed materials, written materials and other recorded media other than electronic files: shredding or burning

8. Security of Personal Data Safety

The company takes technological, administrative or physical measures necessary to secure safety based on Article 29 of the 「Personal Data Protection Act」.
1) Establishment and implementation of internal management plan
The company will establish and implement the Internal Management Plan (Sep. 30, 2011) based on the ‘Standards for Security of Personal Data Safety’ (Ministry of Administration and Safety Notice No. 2011 – 43).
2) Minimization and Training of Persons Handling Personal Data
The company minimizes designation of persons handling personal data and offer regular training.
3) Restriction on access to personal data
The company controls access to personal data through access rights to database system processing personal data, modification and erasure. It controls unauthorized access from external sources via invasion block system and detection system. If a person handling personal data accesses to personal data processing system from an external source, it uses virtual private network (VPN). Also, the company records authorization, change or erasure and maintains such records for at least 3 years.
4) Keeping of Access Records and Prevention of Forgery or Falsification
Records pertaining to access to personal data processing system (web log, summary, etc.) are kept and managed for at least 6 months. The company ensures that there is no forgery, falsification, theft or loss.
5) Codification of Personal Data
A user’s personal data is saved and managed as codified.
Also, as for important data, separate functions are applied, such as codification upon saving and transmission.
6) Technological Measures to Hacking, etc.
In order to prevent leak or damage of personal data such as hacking or computer virus, the company installs a security program, regularly renews and inspects it, installs it in the area where access from external sources is controlled, and technologically and physically monitor and block such an attempt.
7) Control of Access by Unauthorized Persons
There is a separate physical keeping place for personal data system that keeps personal data and the company has established and run access control procedure.

9. Remedy from Infringement on Interest

A data subject, in order for a remedy of infringement on personal data, may ask the Personal Information Dispute Mediation Committee and the Korea Internet & Security Agency Personal Data Infringement Reporting Center for conflict resolution or consultation. As for other reporting and consultation related to infringement on personal data, contact the following institutions:

Personal Information Dispute Mediation Committee
– Duty: Personal data conflict mediation, collective conflict mediation (civil case solution)
– Website: www.kopico.go.kr
– Telephone: 1833-6972
– Address: 4th Floor, Government Complex, 209 Sejongdae-ro, Jongno-gu, Seoul, Korea
Supreme Prosecutors’ Office Cyber Crime Investigation Unit: 1301, cid@spo.go.kr (www.spo.go.kr)
Korean National Police Agency Cyber Bureau: 182 (cyberbureau.police.go.kr)
Information Protection Mark Certification Committee: +82-2-580-0533~4 (http://eprivacy.or.kr)

Anyone whose right or interest has been infringed due to measures or omissions conducted by head of a public institution at the request of a data subject such as perusal, revision, deletion or suspension of processing may seek administrative trials as prescribed under the Administrative Trial Act.

10. Civil Services for Personal Data

The company has designated a related department as follows to protect a customer’s personal data and process complaints related to personal data:
Customer Service Department: Overseas Marketing Telephone: +82-43-212-6651 Email: ymtech@goodymt.com

11. Change of Personal Data Processing Policy

This personal data processing policy shall take effect on the enforcement date. If there shall be addition, deletion or revision out of related laws and policies, such a change shall be notified seven days prior to implementation of the change.
– Date of implementation: August 1, 2018
If you need to report or consult in relation to infringement on personal data, contact the following institution:
1. Personal Conflict Mediation Committee (www.1336.or.kr/1336)
2. Information Protection Mark Certification Committee (www.eprivacy.or.kr/02-580-0533~4)
3. Supreme Prosecutors’ Office Internet Crime Investigation Center (http://icic.sppo.go.kr/02-3480-3600)
4. Korean National Police Agency Cyber Bureau (www.ctrc.go.kr/02-392-0330)

This post is also available in: KOREAN CHINEESE