※ This policy will take effect from March 4, 2019.
Article 1 (purpose of processing personal information)
1. The company processes personal information for the following purposes. The processed personal information is not used for purposes other than the following purposes, and prior consent will be sought when the purpose of the use is changed.
2. Homepage membership registration and management
Personal information is processed for the purpose of confirming the intention to sign up as a member, identification, and authentication according to the provision of membership services, maintenance, and management of member qualifications, prevention of unauthorized use of services, various notices and notifications, handling of grievances, and preservation of records for dispute resolution.
3. Provision of goods or services
Personal information is processed for the purpose of providing services, providing content, providing customized services, and authenticating users.
4. Use for marketing and advertising
Development of new services (products) and provision of customized services, provision of event and advertisement information and opportunities for participation, provision of services and advertisements according to demographic characteristics, validation of services, identification of access frequency, or statistics on members' use of services, etc. We process personal information for the purpose of.
Article 2 (Status of personal information files)
1. Personal information file name: Openbooth’s member information
2. Personal information items: email, mobile phone number, password, login ID, gender, name, company phone number, position, department, company name, occupation, service use record, access log, cookie, access IP information, payment record
3. Collection method: Provided by the website and affiliates
4. Ground for retention: consent of the information subject
Article 3 (processing and retention period of personal information)
1. The company processes and retains personal information within the period of retention and use of personal information in accordance with laws or the period of retention and use of personal information agreed upon when collecting personal information from the information subject.
2. Each personal information processing and retention period is as follows, and personal information related to membership registration and management on the website is collected. It is retained and used for the above purpose of use for up to 3 years from the date of consent for use.
The basis for retention: consent of the information subject
Records on collection/processing and use of credit information: 3 years
Records on consumer complaints or dispute settlement: 3 years
Records on payment and supply of goods: 5 years
Exception reason: Matters contrary to the consent of the information subject
Article 4 (Matters concerning the provision of personal information to a third party)
1. The company provides personal information to third parties only when it falls under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the information subject and special provisions of the law.
2. The company provides personal information to third parties as follows.
Article 5 (consignment of personal information processing)
1. The company entrusts personal information processing tasks as follows for smooth personal information processing.
2. When signing a consignment contract, the Company shall, in accordance with Article 25 of the Personal Information Protection Act, prohibit the processing of personal information other than the purpose of performing the consignment, technical and administrative protective measures, restrictions on re-consignment, management, and supervision of the consignee, and liability for damages. It is specified in documents such as contracts and supervises whether the trustee handles personal information safely.
3. If the contents of the consignment business or the consignee change, we will disclose it through this personal information processing policy without delay.
4. Rights and obligations of the information subject and legal representative, and how to exercise the user As a personal information subject, the user can exercise the following rights.
- The subject may exercise the right to access, correct, delete, and stop processing personal information at any time with respect to the open booth.
- exercising of the rights pursuant to paragraphs can be made through writing, e-mail, fax, etc. in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act for open booths, and the company will take action without delay.
- The exercise of rights pursuant to Paragraph 1 can be done through the legal representative of the information subject or through an agent such as a person who has been delegated. In this case, you must submit a power of attorney in accordance with the form of Attachment 11 of the Enforcement Regulations of the Personal Information Protection Act.
- The rights of the information subject may be restricted according to Article 35 (5) and Article 37 (2) of the Personal Information Protection Act for requests to view and suspend information.
- Requests for correction and deletion of information cannot be requested if the personal information is specified as the object of the collection in other laws.
- The company verifies whether the person who made the request, such as a request for access according to the rights of the information subject, a request for correction or deletion, or a request for suspension of processing, is the person who made the request or a legitimate agent.
Article 6 (Preparation of items of personal information to be processed)
1. The company processes the following personal information items.
2. Required items: Email, password, login ID, name, company phone number, title, department, company name, occupation, service use record, access log, cookie, access IP information, payment record
3. Optional items: mobile phone number, home address, home phone number, password question and answer, date of birth, hobbies
Article 7 (destruction of personal information)
In principle, the company destroys personal information without delay when the purpose of processing personal information is achieved. The procedure, deadline, and method of destruction are as follows.
1. Destruction procedure
The information entered by the user is transferred to a separate DB (separate documents in the case of paper) after the purpose is achieved, and is stored for a certain period of time or immediately destroyed according to internal policies and other related laws. At this time, the personal information transferred to the DB is not used for other purposes unless it is required by law.
2. Deadline for destruction
When the personal information of the user has elapsed, within 5 days from the end of the retention period, when the personal information becomes unnecessary, such as achievement of the purpose of processing personal information, the abolition of the service, termination of business, etc. The personal information will be destroyed within 5 days from the date it is recognized as unnecessary to process.
3. Destruction method
Information in the form of electronic files uses a technical method that cannot reproduce the record. Personal information printed on paper is destroyed by shredding or incineration.
Article 8 (Installation, Operation and Refusal of Automatic Personal Information Collection Device)
1. The company uses ‘cookies’ that store and retrieve usage information from time to time to provide individually customized services.
2. Cookies are a small amount of information sent to the user’s computer browser by the server (Http) used to operate the website and may be stored on the hard disk of the user’s PC.
4. Installation, operation, and rejection of cookies: You can refuse to store cookies by setting options in the Tools>Internet Options>Personal Information menu at the top of the web browser. All. If you refuse to store cookies, you may experience difficulties in using customized services.
Article 9 (Preparation of Personal Information Protection Officer)
The company is responsible for the handling of personal information and appoints a person in charge of personal information protection as follows for the handling of complaints and relief of damages related to personal information processing.
Personal Information Protection Officer
Contact: 070-4100-1022, firstname.lastname@example.org
1. The information subject can inquire to the person in charge of personal information protection and the department in charge of all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the company’s service (or business). The company will respond and handle inquiries from the information subject without delay.
Article 10 (change of personal information processing policy)
This personal information processing policy will be applied from the effective date, and if there is any addition, deletion, or correction of changes in accordance with laws and policies, we will notify you through notice from 7 days before the enforcement of the changes.
Article 11 (measures to ensure the safety of personal information)
In accordance with Article 29 of the Personal Information Protection Act, the company takes technical/administrative and physical measures necessary to secure safety as follows.
1. Conduct regular self-audit
We conduct our audits on a regular basis (quarterly) to ensure the safety of handling personal information.
2. Minimization and training of personnel handling personal information
We are implementing measures to manage personal information by designating employees who handle personal information and minimizing them by limiting them to the person in charge.
3. Establishment and implementation of an internal management plan
We have established and implemented an internal management plan for safe handling of personal information.
4. Technical measures against hacking, etc.
The company installs a security program to prevent leakage and damage of personal information due to hacking or computer viruses, periodically updates and checks, installs a system in an area where access is controlled from outside, and monitors and blocks technically and physically.
5. Encryption of personal information
The user’s personal information is encrypted and stored and managed, so only the person can know it, and for important data, separate security functions such as encrypting files and transmission data or using the file lock function are used.
6. Storage of access records and prevention of forgery
The records of access to the personal information processing system are kept and managed for at least 6 months, and the security function is used to prevent forgery, theft, and loss of access records.
7. Restricted access to personal information
Necessary measures are taken to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and unauthorized access from outside is controlled using an intrusion prevention system.