<KAF>(hereinafter, “the company”) has implemented the following privacy policy with the goal of protecting users’ personal information and rights and facilitating the processing of users’ complaints in relation to personal information according to the personal information protection acts.
Any revision to this policy will be posted on the website’s notices section(or as an individual notice).
○ The policy becomes effective on September 1, 2020.
1. Goals of personal information processing
The company processes personal information for the following goals. The processed personal information will not be used for any purposes other than the reason for which it was collected. If the purpose of use is changed, then the company will obtain the consent of its customers in advance.
A. Homepage member signup and management
As the restricted identification system is enforced, personal information is processed for various goals such as self-identification, prevention of misuse of the service, confirmation of consent by a legal guardian when collecting personal information from a person below 14 years of age, various notices/notifications, and record preservation for handling of disputes, etc.
B. Civil appeals handling
Personal information is processed to identify a person with complaints, check details of complaints, make contact/notice of fact investigations, and report the processing results.
C. Material or service supply
Personal information is processed for product delivery, service supply, bill delivery, contents supply, customized service supply, self identification, age authentication, bills payment, and bond collection and so on.
D. Marketing and ads applications
Personal information is processed to develop new services(products), provide customized services, provide event and ads information and participation opportunities, provide services and post ads based on demography, check the validity of services, assess the frequency of access and analyze the statistics of members’ service use.
E. Personal video information
Personal information is processed to secure facility safety, prevent fire accidents and so on.
2. Personal information file status
The company registers or discloses the personal information files according to Article 32 of personal information protection acts for the following purposes.
Personal information filename : Privacy policy
Personal information items : email, mobile phone number, name, service usage records, access logs, cookies, access IP address.
Collection methods : home page, paper, tel/fax
Reasons for retainment : Service quality improvement
Retainment period : 10 years
Relevant laws : Customer inquiry processing record : 3 years
※ ETC
To check the person’s information file registration disclosed by the company: go to the personal information protection support portal of the personal information protection committee(www.privacy.go.kr) → Personal information civil appeals → Personal information disclosure requests → Personal information file list search menu.
3. Personal information processing and retention period
①The company processes and retains the personal information set forth by the laws during the period of use. The company also processes and retains the personal information for which it has received consent from the information subject during the period of use for which it has received consent from the information subject.
②The various personal information use/retention periods are shown as follows.
<Home page member signup and management>
Personal information related to <homepage member signup and management> is retained and used for the above purposes of use for 10 years since the date of acceptance.
Reason for retention : Service quality improvement
Relevant laws
Customer complaints handling records: 3 years
4. Items related to supply of personal information to a third party
①The company can supply the personal information to a third party only if the information subject gives its consent, or it falls under Article 17/18 of the personal information protection act or any other special provisions in the law.
②The company provides the personal information to a third party in the following cases only.
1) If the information subject consents
2) If required under special provisions in the law
3) If the information subject or its legal guardians cannot express an opinion, or cannot give consent due to the absence of contact address,
or if it is obvious that the information subject or third party’s life, physical condition or property profits requires it
4) If it is necessary for statistics studies and research as long as specific individual identities are hidden when personal information is provided
5. Personal information processing consignment
①The company consigns the processing of personal information to facilitate the personal information business as follows.
<Website operation>
Consignee : New river
Details of consigned business : Homepage repair and maintenance, etc.
Consignment period : Until explicitly stated retainment period or reasons are expired.
<Server/system managemen>
Consignee : Kolon Benet Co.
Details of consigned business: Server and system management, etc.
Consignment period : Until explicitly stated retainment period or reasons are expired
②When establishing a consignment contract, according to Article 25 of the personal information protection act, the company will state the responsibility-related items in the contract such as prohibition of personal information processing for other than the consignment business, technical/managerial protection measures, restricted reconsignment, supervision/management of consignees, and damage compensation, and also supervise to ensure that the consignee safely processes the personal information.
③ If there is a change in the details of consignment business or the consignee, then the company will immediately announce it in the privacy policy section.
6. An information subject and its legal guardians’ rights and duties exercisers can exercise the following rights as the owner of personal information.
①An information subject can exercise the right to view, modify or delete their personal information, or demand the suspension of personal information processing at any time.
②The rights in ① can be exercised by contacting the company through letter, email or fax as per Article 41 Paragraph 1 of the enforcement order of the personal information protection act. The company will immediately respond to such requests.
③The rights in ① can be exercised by the information subject’s legal guardian or a person who is appointed by the information subject. In this case, you must submit a letter of appointment filled out on a form no. 11 in the appendix of the enforcement order of the personal information protection act.
④The information subject’s rights to demand viewing or suspended processing of personal information can be restricted according to Article 35, Paragraph 5 and Article 37, Paragraph 2 of the personal information protection act.
⑤You cannot demand the deletion of personal information if it is specified as personal information to be collected under different laws.
⑥When the information subject demands disclosure, modification/deletion, or suspension of the processing of personal information, the company will check whether they are the information subject themselves or an agent who can represent them.
7. Preparation of personal information items to be processed
①The company processes the following personal information items.
<Homepage management>
Required items : email address, mobile phone number, name, service use records, access log, access IP address information
8. Disposal of personal information
The company will immediately dispose of personal information once the goals of its collection have been achieved. The following disposal procedures, deadline and methods are used.
Disposal procedures
After achieving the goals of its collection, the information entered by the user will be moved to a DB(to another doc where stored on paper) and will be stored for some period and then disposed of according to the internal policy or other relevant laws. Personal information moved to a DB cannot be used for other purposes unless otherwise provided by the law.
Disposal period
이When the personal information retention period has expired, the user’s personal information should be disposed of within 5 days after the termination date. If the personal information is no longer needed due to the goals of its collection having been fulfilled, termination of the service, or termination of the business, the personal information should be disposed of within 5 days since the date when it is deemed to be unnecessary to process the personal information.
Disposal method
Data in the form of an electronic file should be disposed of using a technical method that ensures that the process is not reversible. Paper-based personal information should be destroyed by a shredder or incinerated.
9. Personal information auto collection device installation/operation and rejection items
The company does not use cookies that can save and frequently retrieve the information subject’s record of use.
10. Personal information protection officer preparation
①The company appoints a personal information protection officer who is comprehensively responsible for handling personal information and handling complains and damages of the information subjects as follows.
▶Personal information protection officer
Name : Jeremy Kim
Rank : CFO
Position : Senior Director
Contact : 054-420-3012, Jeremy@advancedfiber.co.kr, 054-420-3096
※ Connected to the personal information protection department.
▶Department in charge of personal information protection
Department name : Management support team
In charge : Assistant manager Seo Il Jun
Contact : 054-420-3032, Iljun_seo@advancedfiber.co.kr, 054-420-3096
②An information subject can ask the personal information protection officer or the department in charge about all items related to personal information protection inquiries, complaints and damage compensation arising while using the company’s service or business. The company will immediately provide answers and solutions to any inquiries submitted by information subjects.
11. Changes in the privacy policy
①The privacy policy becomes effective on the date of its enforcement. If there is any addition, deletion or change due to a new laws or policy, it will be posted 7 days before the date of its enforcement.
12. Securing the safety of personal information The company enforces the following technical, managerial and physical countermeasures to secure the safety of personal information according to Article 29 of the personal information protection act.
1. Periodic self monitoring
To ensure stability in the handling of personal information, self inspection is performed periodically(once per quarter).
2. Minimization and training of employees handling personal information
A minimal number of employees are designated for handling personal information according to the personal information management policy.
3. Establishment and enforcement of internal management plans
For the safe handling of personal information, internal management plans are established and enforced.
4. Technical measures against hacking and so on
To prevent personal information leakages or damages by hacking or virus, the company installs security programs, which it periodically renews and inspects. It also installs systems in the restricted access areas and provides physical/technical monitoring and surveillance.
5. Encryption of personal information
A user’s personal information such as passwords are encrypted, saved and managed, and are known only to the user. Additional security functions such as file or transmission data encryption or file locking are applied to critical data.
6. Access record storage and falsification prevention
Records of access to the personal information processing system are stored and managed for a minimum of 6 months. Security functions are applied to ensure that access records are not falsified, stolen or lost.
7. Restricted access to personal information
Necessary actions are taken to control access to the personal information by implementing access right assignment, change or disposal to the DB that processes the personal information. Unauthorized access is prevented using an intrusion blocking system
8. Use of locking device for document security
Documents or storage media containing personal information are stored in a safe location with a lock device.
9. Controlled access by unauthorized persons
Physical storage containing personal information is separately made available so that entry/exit procedures can be established and applied.
13. Personal information viewing request
①An information subject can demand the following department to disclose their personal information to them according to Article 35 of the personal information protection act. The company will make the best efforts to make sure that the information subject’s personal information can be disclosed to them immediately.
▶Personal information viewing request handling/registering department
Name : Management support team
In charge : Assistant manager Seo Il Jun
Contact : 054-420-3032, Iljun_seo@advancedfiber.co.kr, 054-420-3096
②Other than the viewing request registering/handling department in 1), the information subject can use the personal information protection support website under the personal information protection committee(www.privacy.go.kr) to request the viewing of personal information.
▶Personal information protection support website under the personal information protection committee(www.privacy.go.kr) → Personal information civil appeals → Personal information viewing requests (self identification requires an iPin.)