In accordance with Article 30 of the Personal Information Protection Act, KOTRAS (hereinafter referred to as the “Company”) establishes and discloses the following personal information processing guidelines in order to protect the personal information of the information subject and to promptly and smoothly process complaints related thereto.
Article 1 (Purpose of personal information processing)
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act will be implemented.
1. Website membership registration and management
Personal information is processed for the following purposes: confirmation of intent to register as a member, self-identification and authentication in accordance with the provision of membership services, maintenance and management of membership qualifications, self-verification in accordance with the implementation of the limited self-verification system, prevention of unauthorized use of services, confirmation of consent of legal representatives when processing personal information of children under the age of 14, various notifications and notices, handling complaints, etc. 2. Provision of goods or services
Personal information is processed for the purposes of delivering goods, providing services, sending contracts and bills, providing content, providing customized services, verifying identity, verifying age, paying and settling fees, and collecting debts.
3. Handling complaints
Personal information is processed for the purposes of verifying the identity of the complainant, confirming complaints, contacting and notifying for fact-finding, and notifying the results of processing.
Article 2 (Processing and retention period of personal information)
① The company processes and retains personal information within the retention and use period of personal information stipulated by law or the retention and use period of personal information agreed upon by the information subject when collecting personal information.
② The processing and retention periods of each personal information are as follows. 1. Website membership registration and management: Until withdrawal from the business/organization website
However, in the following cases, until the end of the reason
1) In the case of an investigation or inquiry due to violation of relevant laws and regulations, until the end of the investigation or inquiry
2) In the case of remaining creditors and debtors due to website use, until the settlement of the creditors and debtors
2. Provision of goods or services: Until the completion of the supply of goods and services and the completion of payment and settlement
However, in the following cases, until the end of the relevant period
1) Records of transactions such as display and advertisement, contract contents and performance in accordance with the 「Act on Consumer Protection in E-commerce, etc.」
- Records of display and advertisement: 6 months
- Records of contract or subscription withdrawal, payment, supply of goods, etc.: 5 years
- Records of consumer complaints or dispute resolution: 3 years
2) Retention of communication fact confirmation data in accordance with Article 41 of the 「Communications Secrets Protection Act」
- Subscriber telecommunication date and time, start and end time, other party subscriber number, number of uses, base station of transmission Location tracking data: 1 year
- Computer communication, Internet log records, access tracking data: 3 months
Article 3 (Provision of personal information to third parties)
① The company processes the personal information of the information subject only within the scope specified in Article 1 (Purpose of processing personal information), and provides personal information to third parties only in cases corresponding to Article 17 of the Personal Information Protection Act, such as consent of the information subject or special provisions of the law.
② The company provides personal information to third parties as follows.
- Recipient of personal information:
- Purpose of use of personal information by the recipient:
- Personal information items provided:
- Retention and use period by the recipient:
Article 4 (Entrustment of personal information processing)
① In order to smoothly process personal information, the company entrusts the processing of personal information as follows. 1. Operation of telephone consultation center
- Person entrusted (consignee): OOO CS Center
- Contents of entrusted work: Responding to telephone consultations, guiding departments and employees, etc.
2. Operation of A/S center
- Person entrusted (consignee): OOO Electronics
- Contents of entrusted work: Providing product A/S to customers
② When concluding an entrustment contract, the company states in a contract or other document matters related to responsibilities such as prohibition of processing personal information other than the purpose of performing the entrusted work, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the consignee, and compensation for damages in accordance with Article 25 of the Personal Information Protection Act, and supervises whether the consignee safely processes personal information.
③ In the event of changes in the content of the entrusted work or the consignee, we will disclose such changes without delay through this personal information processing policy.
Article 5 (Rights of users and legal representatives and methods of exercising them)
① The information subject may exercise the following personal information protection rights against the company at any time. 1. Request to view personal information
2. Request for correction in case of errors, etc.
3. Request for deletion
4. Request for suspension of processing
② If the information subject requests correction or deletion of personal information due to errors, etc., the company will not use or provide the personal information until the correction or deletion is completed.
③ If the information subject requests correction or deletion of personal information due to errors, etc., the company will not use or provide the personal information until the correction or deletion is completed.
④ The rights under Paragraph 1 may be exercised through an agent such as the information subject's legal representative or authorized person. In this case, a power of attorney in the format of Appendix 11 of the Enforcement Decree of the Personal Information Protection Act must be submitted.
⑤ The information subject shall not infringe upon the personal information or privacy of the information subject or others that the company is processing in violation of the Personal Information Protection Act or other related laws.
Article 6 (Items of personal information processed)
The company is processing the following personal information items.
1. Website membership registration and management
- Required items:
- Optional items:
2. Provision of goods or services
- Required items:
- Optional items:
3. The following personal information items may be automatically generated and collected during the use of Internet services.
IP address, cookies, MAC address, service usage history, visit history, bad usage history, etc.
Article 7 (Destruction of personal information)
① When personal information becomes unnecessary due to the expiration of the personal information retention period, achievement of the processing purpose, etc., the company destroys the relevant personal information without delay. ② In cases where the retention period of personal information agreed upon by the information subject has expired or the purpose of processing has been achieved, but personal information must be retained in accordance with other laws and regulations, the personal information shall be transferred to a separate database (DB) or stored in a different location.
③ The procedures and methods for destroying personal information are as follows.
1. Destruction Procedure
The company selects personal information for which a reason for destruction has arisen and destroys the personal information with the approval of the company's personal information protection officer.
2. Destruction Method
The company destroys personal information recorded and stored in electronic file formats using methods such as low-level formatting so that the records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredding or incineration.
Article 8 (Measures to Ensure the Security of Personal Information)
The company is taking the following measures to ensure the security of personal information.
1. Administrative measures
Establishment and implementation of internal management plan, regular employee training, etc.
2. Technical measures
Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs
3. Physical measures
Access control to computer rooms, data storage rooms, etc.
Article 9 (Matters related to installation/operation and refusal of automatic personal information collection devices)
① The company uses ‘cookies’ to store and retrieve usage information from time to time in order to provide customized services to users.
② Cookies are small amounts of information that the server (http) used to operate the website sends to the user’s computer browser and may be stored on the hard disk of the user’s computer.
- Purpose of cookie use: Used to provide optimized information to users by identifying the visit and usage patterns, popular search terms, and whether or not the user has accessed each service and website visited.
- Installation/operation and refusal of cookies: You can refuse cookie storage by setting options in the Tools>Internet Options>Privacy menu at the top of the web browser. - If you refuse to store cookies, you may experience difficulties in using customized services.
Article 10 (Personal Information Protection Officer)
① The company is responsible for the overall management of personal information processing, and has designated a personal information protection officer as follows to handle complaints and provide remedies for damages related to personal information processing.
▶ Personal Information Protection Officer
- Name: Kim Hak-byeong
- Position: CEO
- Contact: <010-3820-0104>, , <053-942-8116>
※ Connected to the personal information protection department. ▶ Personal Information Protection Department
- Department Name: Development Team
- Person in Charge: Choi Da-in
- Contact: <070-4296-7365>, , <053-942-8116>
② The information subject may inquire about all personal information protection-related inquiries, complaint handling, damage relief, etc. that arise while using the company's services (or business) to the personal information protection manager and the department in charge. The company will promptly respond to and process the information subject's inquiries.
Article 11 (Request to View Personal Information)
The information subject may request to view personal information in accordance with Article 35 of the Personal Information Protection Act to the department below. The company will endeavor to promptly process the information subject's request to view personal information.
▶ Department for receiving and processing personal information access requests
- Department name: Development Team
- Person in charge: Choi Da-in
- Contact information: <070-4296-7365>, , <053-942-8116>
Article 12 (Methods of redressing infringement of rights)
The data subject may inquire about redress for damages and consultations regarding personal information infringement to the following organizations.
▶ Personal Information Infringement Reporting Center (operated by Korea Internet & Security Agency)
- Responsibilities: Reporting personal information infringement, requesting consultation
- Website: acy.kisa.or.kr
- Phone: (without area code) 118
- Address: (58324) 3rd floor, Personal Information Infringement Report Center, 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong)
▶ Personal Information Dispute Mediation Committee
- Responsibilities: Personal information dispute mediation application, collective dispute mediation (civil resolution)
- Website: www.kopico.go.kr
- Phone: (without area code) 1833-6972
- Address: (03171) 4th floor, Government Seoul Complex, 209 Sejong-daero, Jongno-gu, Seoul
▶ Supreme Prosecutors' Office Cyber Crime Investigation Division: 02-3480-3573 (www.spo.go.kr)
▶ National Police Agency Cyber Safety Bureau: 182 (cyberbureau.police.go.kr)
Article 13 (Implementation and Change of Personal Information Processing Policy)
This personal information processing policy Effective from 2025.03.10.