MENU CONTENTS

Privacy Policy

Privacy Policy

Privacy Policy

MEDIPOST Co., Ltd. (hereafter, the “Company”) establishes and discloses its privacy policy in order to protect the personal information and rights of users and address their concerns associated with the use of personal information in accordance with Article 30 of the Personal Information Protection Law.* This policy enforced from January 1, 2015.

  1. 1. Purposes of Processing Personal Information

    The Company processes personal information for the following purposes.
    The processed personal information will not be used for purposes other than the below mentioned purposes and noticed in advance as per Article 18 of the Personal Information Protection Law. – Request treatment: The personal information is processed for the purpose of identification, request check, contact and notification of fact-finding, and notification of process results.
  2. 2. Current state of personal information file

    – Name of personal information file: Reservation for Experience Center Tour Program
    1. ① Items of personal information: Name, contact info, email
    2. ② Collection method: website
    3. ③ Grounds of retention: as per the Privacy Policy
    4. ④ Retention period: 3 years
  3. 3. Rights and obligations of the principal and method of exercise thereof

    – The user can exercise the following rights as the Principal of the personal information.
    1. ①The Principal may exercise the following personal information related rights to the Company at any time.
      1. A. Request of personal information reading
      2. B. Request of correction if necessary
      3. C. Request of deletion
      4. D. Request of discontinuance
    2. ② You may exercise the rights according to the above clause ① via document, e-mail, and fax under Form No. 8 of the Enforcement Rules of the Personal Information Protection Law, and the Company shall take action for it immediately.
    3. ③ When the Principal requests correction or deletion of any error in the personal information, the Company shall not use or provide the relevant information until its correction or deletion is completed.
    4. ④ The rights under the clause ① may be exercised via a legal representative or designee of the Principal. In this case, the Power of Attorney under Form No. 11 of the Enforcement Rules of the Personal Information Protection Law should be submitted.
  4. 4. The Company processes following personal information.

    – Treatment of requested matters
    1. ① Essential items: Mobile phone number, name, email
    2. ② Selective items: Job, age, gender
  5. 5. Destruction of personal information

    In principal, the company destroys personal information immediately when the purpose of personal information processing is accomplished. Procedures, time limits and method of destruction are as follows.
    1. ①Destruction procedure
      The information input by the user is either destroyed immediately or transferred to a separate DB after accomplishment of its purpose (separate document in case of paper document) and kept for a certain period under internal policy or other related regulations before destruction. The personal information transferred to the DB shall not be used for purposes other than a request by law.
    2. ② Destruction time
      The personal information will be destroyed within 5 days from the termination of retention period when the retention period is terminated and within 5 days from acknowledgement of the uselessness of the information processing when the information becomes unnecessary because of accomplishment of the processing purpose, service deletion and/or business termination.
    3. ③ Destruction method
      For information in the form of an electronic file, a technical method whereby the record cannot be regenerated shall be used.
  6. 6. Actions to secure safety of personal information

    The company shall take technical/managerial and physical actions necessary for securing the safety of the information under Article 29 of the Personal Information Protection Law.
    1. ① Minimization and Training of Staff dealing with the personal information
    2. ② Regular self-audit execution
      For securing the safety of personal information processing, the company shall conduct regular self-audits on a quarterly basis.
    3. ③ Establishment and execution of the internal management plan
      For safe processing of the personal information, the company has established an internal management plan.
    4. ④ Technical measures against attack such as hacking
      The company installs security programs to prevent leaking and damage of personal information by hacking or computer virus, performs regular updates and inspection, installs the system in a public access controlled section, and monitors and blocks via technical/physical measures.
    5. ⑤ Access restriction to personal information
      Through grant, change, and cancelation of access rights to the database system to process personal information, the Company takes actions necessary to restrict access and controls unauthorized access from the outside using an intrusion blocking system.
    6. ⑥ Keeping log data and forgery prevention
      The log data to the personal information system is kept and managed for at least 6 months and a security function is used to prevent forgery, theft and loss of the access log data.
    7. ⑦ Access Control to unauthorized person
      The physical storage room keeping the personal information is isolated and the access control procedure to this is established and operated.
  7. 7. Assignment of personnel in charge of personal information protection

    – The Company has assigned the personnel to be in charge of handling personal information protection. They are comprehensively responsible for all tasks related to the processing of personal information, damage recovery and handling complaints thereof.
    • Department: Division of Management Support, Strategy and Planning Dept. Seong-Ho Lee Chief of Dept. 02)3465-6628 e-mail: shlee@medi-post.co.kr
    If you need to report an instance of personal information abuse or if you need advice, please inquire the following institutes.
    1. (1) Individual Dispute Adjustment Committee (www.1366.or.kr/1366)
    2. (2) Korea Internet & Security Agency (www.kisa.or.kr)
    3. (3) National Police Agency Cyber Terror Response Center (www.ctrc.go.kr/02-392-0330)
    The Principal may inquire any personal information related questions, submit a complaint, or request damage incurred during use of the service of the Company to be recovered to the personnel and department in charge of personal information protection. The Company will answer and address the inquiry immediately.
  8. 8. Revision of the Privacy Policy

    1. ① This privacy policy is enforced from the date of execution and any addition, deletion and correction under legislation and policy will be notified through notification at least 7 days before the execution of the revision.

Date of notification: 01.01.2015

Date of execution: 01.01.15

상단으로