Privacy Policy

Seoul Information System Co., Ltd. (hereinafter referred to as the “Company”) establishes and discloses the following personal information processing guidelines to protect the personal information of the information subject (the customer or user) under Article 30 of the Personal Information Protection Act and handle related grievances promptly and smoothly.

Article 1 (Purpose of Processing Personal Information)

The Company processes personal information for the following purposes. The processed personal information will not be used for any purpose other than the following purposes, and if the purpose of use is changed, the Company will take necessary measures such as obtaining separate consent under Article 18 of the Personal Information Protection Act.

• 1. Webpage membership registration and management

  The Company processes personal information for the purpose of confirming the intention to join the membership, identifying and authenticating the identity in accordance with the provision of membership services, maintaining and managing membership, verifying the identity in accordance with the implementation of the restrictive identification system, preventing unauthorized use of the service, confirming the consent of the legal representative when processing personal information of children under the age of 14, sending various notices and notifications, and handling grievances.

• 2. Grievance handling

  Personal information is processed for the purpose of verifying the identity of customers, checking complaints, contacting and notifying customers for fact-finding, and notifying processing results.

Article 2 (Processing and Retention Period of Personal Information)

① The Company shall process and retain personal information within the period of retention and use of personal information under the relevant laws and regulations or the period of retention and use of personal information agreed upon when collecting personal information from the information subject.

② The processing and retention periods for each personal information are as follows.

1. Webpage membership registration and management: Until withdrawal from the business/organization website.

However, it is until the end of the relevant case in the following case

1) Until the end of the investigation, if an investigation is underway due to a violation of the relevant laws and regulations.

Article 3 (Rights and Obligations of the Information Subject and Method of Exercise)

① The information subject may exercise the rights related to personal information protection in each of the following subparagraphs at any time against the Company.

• 1. Request to access personal information
• 2. Request correction if there is an error
• 3. Request for deletion
• 4. Request for suspension of processing

② The exercise of rights under Paragraph 1 may be made in writing or by telephone, e-mail, or fax to the Company, and the Company will take appropriate measures without delay.

③ If the information subject requests correction or deletion of errors in personal information, the Company shall not use or provide the personal information until the correction or deletion is completed.

④ The exercise of the rights under Paragraph 1 may be made through a proxy, such as the legal representative of the information subject or a person who has been delegated. In this case, a power of attorney in accordance with Appendix No. 11 of the Enforcement Decree of the Personal Information Protection Act must be submitted.

⑤ The information subject shall not infringe on the personal information and privacy of the information subject or others processed by the Company in violation of relevant laws such as the Personal Information Protection Act.

Article 4 (Personal Information Items to Be Processed)

The Company processes the following personal information items.

• 1. Webpage membership registration and management

  Required items: Name, ID, password, phone number, email address, and interests

• 2. The following personal information items may be automatically generated and collected in the process of using the Internet service.

  IP address, cookies, MAC address, service usage history, visit history, bad usage history, etc.

Article 5 (Destruction of Personal Information)

① The Company shall destroy personal information without delay when it is no longer needed, such as the expiration of the personal information retention period or the achievement of the purpose of processing.

② If personal information must be kept in accordance with other laws and regulations even though the retention period of the personal information agreed by the information subject has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or preserved in a different storage location.

③ The procedures and methods for destroying personal information are as follows.

• 1. Destruction procedure

  The Company shall select the personal information that has a reason for destruction and destroy it with the approval of the personal information protection officer of the Company.

• 2. Destruction method

  The Company shall delete personal information recorded and stored in the form of electronic files and destroy personal information recorded and stored on paper by shredding or incinerating the paper.

Article 6 (Measures to Ensure the Safety of Personal Information)

The Company takes the following measures to ensure the safety of personal information.

• 1. Administrative measures: Establishment and implementation of internal management plans, regular employee training, etc.
• 2. Technical measures: Management of access rights to the personal information processing system, installation of access control systems, encryption of unique identification information, and installation of security programs.
• 3. Physical measures: Access control to computer rooms, data storage rooms, etc.

Article 7 (Personal Information Protection Officer)

① The Company shall be responsible for the overall handling of personal information and shall designate a person in charge of personal information protection as follows to handle complaints and redress damages of information subjects related to the handling of personal information.

• ▶ Personal information protection officer

  Name: Jin-Gyu Jeong

  Position: Service Team Leader

  Contact: Tel) 02-3465-6100, Fax) 02-3465-6200, email)privacy@nsis.co.kr

  ※ This will connect you to the department in charge of personal information protection.

• ▶ Department in charge of personal information protection

  Department: Service Team

  Person in charge: Jung-Hwan Park

  Contact: Tel)02-3465-6100, Fax)02-3465-6200, email)privacy@nsis.co.kr

② The information subject may contact the personal information protection officer and Service Team for all personal information protection-related inquiries, complaints, and damage relief that occurred while using the Company's services. The Company will respond to and handle inquiries from the information subject without delay.

Article 8 (Request for Access to Personal Information)

The information subject may request access to personal information under Article 35 of the Personal Information Protection Act to the following department. The Company will endeavor to process the information subject's request for access to personal information in a timely manner.

• ▶ Department for receiving and processing requests for access to personal information

  Department: Service Team

  Person in charge: Jung-Hwan Park

  Contact: Tel)02-3465-6100, Fax)02-3465-6200, email)privacy@nsis.co.kr

Article 9 (Remedies for Infringement of Rights and Interests)

The information subject may contact the following organizations for redress and consultation for personal information infringement.

• ▶ KISA
• ▶ KOPICO
• ▶ Cybercrime Investigation Unit of Supreme
• ▶ Korea National Police Agency Cyber Bureau

Article 10 (Changes to the Privacy Policy)

① This Privacy Policy takes effect from October 1, 2023.