'EXEM Co., Ltd.' (hereinafter referred to as the 'Company') values customers' personal information and complies with the 「Personal Information Protection Act」 and the 「Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.」.
Through the personal information processing policy, the company informs you of the purpose and method of using the personal information provided by customers and what measures are being taken to protect personal information.
When the company revises the personal information processing policy, it will be notified through the website notice (or individual notice).
Article 1. Items of Personal Information Collected
The company collects the following personal information for service application, consultation, and inquiry.
a. Items to be Collected
Name, company name, phone number or mobile phone number, e-mail address, department name, position, field of business
b. How Personal Information is collected
Limited to service application and consultation through the website
Article 2. Purpose of Collection and Use of Personal Information
The company uses the collected personal information for the following purposes.
a. Service inquiry
Identify and check the exact contents of inquiries, respond to inquiries, send answers, and communicate smoothly with customers
b. Use for Marketing and Advertising
Delivery of advertising information such as services, products, seminars, events, etc., provision of services and advertisements according to demographic
characteristics, webzine mailing
Article 3. Retention and Use Period of Personal Information
After the purpose of collection and use of personal information is achieved, the company destroys the information without delay. However, the following information is retained for the specified period for the following reasons.
[Reason for information retention according to relevant laws and regulations]
If it is necessary to preserve it in accordance with the provisions of laws such as the Consumer Protection Act in Electronic Commerce, Commercial Act, etc., the company keeps personal information for a certain period of time as stipulated by the relevant laws and regulations. It is used only and the retention period is as follows.
[Records on responding to consumer inquiries]
- Reason for preservation: Act on Consumer Protection in Electronic Commerce, etc.
- Retention period: 3 years
Article 4. Personal Information Destruction Procedure and Method
In principle, the company destroys the information without delay after the purpose of collecting and using personal information is achieved. The destruction procedure and method are as follows.
a. Destruction Procedure
After the purpose is achieved, the entered information is moved to a separate DB (in the case of paper, a separate filing cabinet) and stored for a certain
period of time according to internal policies and other reasons for information protection pursuant to relevant laws and regulations (see retention and use
period), and then destroyed. Personal information transferred to a separate DB is not used for any purpose other than retention unless otherwise required
by law.
b. Destruction Method
Personal information stored in the form of electronic files is deleted using a technical method that cannot reproduce the record.
Article 5. Provision of Personal Information
1. The personal information collected by the company is limited to the minimum required to provide the service, but if necessary, detailed information may be
requested.
2. The company may provide personal information to a third party with the user's consent. Even in this case, the provision of personal information to a third
party is made only with the consent of the user, and if you do not want personal information to be provided, you may not be able to use a specific service
or participate in a specific type of promotion or event (however, this will be notified separately).
Article 6. Consignment of Collected Personal Information
If the company entrusts the provision of the above specific services to an external company (hereinafter referred to as the 'consigned company'), the member's personal information necessary for service provision may be provided to the consigned company with the consent of the member. In this case, Indicate the fact of service entrustment. The consigned company does not use or provide it to a third party for purposes other than the consigned purpose in collecting, handling, and managing the personal information of the members provided.
Article 7. Rights of Users and legal Representatives and How to Exercise Them
1. In order to protect customers' personal information and handle complaints related to personal information, the company appoints the relevant department
and personal information manager as in Article 10.
a. Users may request to view, modify, or delete personal information by contacting the company's personal information manager in writing, by phone or
e-mail.
b. If a user requests correction of an error in personal information, the personal information will not be used or provided until the correction is completed. In
addition, if wrong personal information has already been provided to a third party, the result of the correction process will be notified to the third party
without delay so that the correction can be made.
c. The company handles personal information that has been terminated or deleted at the user's request in accordance with Article 3, and prevents it from
being viewed or used for any other purpose.
2. Users must enter their personal information accurately and up-to-date. Users are responsible for accidents caused by inaccurate information entered by
users, and membership may be lost if false information is entered, such as stealing other people's information.
3. Users have the right to have their personal information protected, as well as the duty to protect themselves and not infringe others' information. You must
be careful not to leak your personal information and be careful not to damage the personal information of others, including posts. If you fail to fulfill these
responsibilities and damage the information and dignity of others, you may be punished under the 「Act on Promotion of Information and Communications
Network Utilization and Information Protection」.
Article 8. Matters Concerning the Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
The company does not operate 'cookies' that frequently store and find user information.
Article 9. Other Personal Information Handling Policies
1. Technical and administrative measures for personal information protection
In handling personal information of users, the company is taking the following technical measures to ensure safety so that personal information is not lost, stolen, leaked, falsified or damaged.
a. Users' personal information is protected by a password, and important data is protected through a separate security function by encrypting files and
transmission data or using a file lock function.
b. The company uses a vaccine program to take measures to prevent damage caused by computer viruses. Vaccine programs are regularly updated, and in
the event of a sudden virus outbreak, vaccines are provided as soon as they become available to prevent invasion of personal information.
c. In preparation for external intrusions such as hacking, each server uses an intrusion prevention system and vulnerability analysis system to ensure
security.
d. The company restricts access to personal information to those who carry out marketing tasks directly targeting users, those who carry out personal
information protection tasks such as personal information protection managers, and those who are unavoidable to handle personal information for other
business purposes.
e. For employees who handle personal information, we conduct in-house training on new security technology acquisition and personal information protection
obligations.
f. The transfer of duties of personal information handlers is carried out thoroughly while security is maintained, and responsibilities for personal information
accidents after joining or leaving the company are clarified.
g. The company is not responsible for what happens to users due to personal mistakes or basic Internet risks.
h. In addition, if personal information is lost, leaked, falsified, or damaged due to an internal manager's mistake or an accident in technical management, the
company will immediately inform the user of the fact and devise appropriate measures and compensation.
2. Link Site Provision Policy
The company may provide users with links to other companies' websites or materials. In this case, the company has no control over external sites and materials, so it is not responsible for the usefulness of the services or materials provided therefrom. If you move to a page on another site by clicking on a link included by the company, you should review the policy of the site you are newly visiting, as the privacy policy of that site is irrelevant to the company.
3. Post Operation Policy
The company values users' posts and does its best to protect them from being tampered with, damaged, or deleted. However, this is not the case in the following cases.
a. Spam-like posts (e.g. letter of luck, 800 million mails, advertisements on specific sites, etc.)
b. Posts that defame others by spreading false information for the purpose of slandering others
c. Posts that reveal the identity of others without consent
d. Posts that violate the intellectual property rights of the company or a third party
e. Posts with different contents from other bulletin board topics
f. In order to activate a desirable bulletin board culture, the company may delete certain parts or modify them with symbols when disclosing the identity of
others without consent, and if the content can be moved to a bulletin board of another topic, the route of movement in the post will be disclosed to avoid
misunderstandings.
g. In other cases, deletion may be effected after an explicit or individual warning.
h. Fundamentally, all rights and responsibilities related to the postings belong to the individual author. In addition, since information disclosed voluntarily
through postings is difficult to be protected, please consider carefully before disclosing information.
4. The company rejects unauthorized collection of posted e-mail addresses using e-mail collection programs or other technical devices. In case of violation, you may be punished by 「Act on Promotion of Information and Communications Network Utilization and Information Protection」.
5. Transmission of advertising information
The company does not transmit advertising information for commercial purposes against the user's explicit intention to refuse receiving. If the user consents to the transmission of e-mail, such as product information and newsletters, the company takes measures to ensure that the user can easily recognize the following items in the subject line and body of the e-mail.
a. Subject line of the e-mail
The phrase ’Advertisement’ might be omitted in the subject line and displayed in the body of the e-mail.
b. Body of the e-mail
Specify the name and e-mail address of the sender to whom the user can express his or her intention to unsubscribe.
Specify how users can easily express their intention to unsubscribe from us.
Article 10. Complaints Service Related to Personal Information
In order to protect customers' personal information and handle complaints related to personal information, the company appoints the relevant department and personal information manager as follows. You can report all complaints related to personal information protection that occur while using the company's services to the person in charge of personal information protection or the department in charge. The company will promptly respond to users' reports.
Person in charge of personal information protection: Koh Pyoungseok (EXEM CEO)
Phone number: 02-6203-6300
Email: privacy@ex-em.com
Article 11. Duty of Notice
If there is any addition, deletion, or modification of the contents of the personal information processing policy, it will be notified through the website at least 7 days before the revision. If there is a significant change in user rights, such as the collection and use of personal information and the provision of third parties, it will be notified at least 30 days in advance.