Neodigm Co., Ltd. (hereinafter “We”) respects your personal data and strives to protect the personal data you provide to us.
This Policy takes effect on February 2015.
- General provisions
- Types of personal data we collect and how it is collected
- Purposes of collection and use of personal data
- Period of retention and use of personal data
- Procedure and method of destroying personal data
- Provision of personal data to a third party
- Rights of the user and their legal representative and how to exercise them
- Matters concerning the installation and operation of devices that automatically collect personal data and its refusal
- Other policies regarding the handling of personal data
- Chief Privacy Officer (CPO) and customer support team
1. General provisions
“Personal data” refers to any information relating to a living person, which contains data by which the person can be identified, such as name and/or resident registration number (including any information that cannot identify a specific person by itself but can do so when combined with other information).
We take our users’ privacy very seriously, and we comply with applicable law, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Personal Information Protection Act, and the Personal Information Protection Guidelines established by the Ministry of Safety and Public Administration.
2. Types of personal data we collect and how it is collected
(1) Types of personal data we collect
We may collect the following personal data from customers who participate in our marketing activities and from users when they use our service.
- We collect data required for personal verification and identification, including name, position, company name, email address, mobile number, and postal address.
- You might need to log in with a password to access certain web pages, services, products, and activities. We may collect and retain your login and password information required to do so. You are responsible for keeping your login and password information confidential
- Some information, such as records on service use, access log, cookies, and IP addresses, may be generated, collected, and retained in the process of service use or business processing. In many cases, you can visit our website without exposing your identity. When you visit our website, we record your IP address (the internet address of your computer) to see which section of our website you visited and when. We do not connect your IP address with your personal data, unless you log in with the profile you have registered to us.
- We do not collect any sensitive information that could noticeably infringe your privacy (e.g., thoughts, beliefs, joining or quitting a labor union or political party, political opinion, health, sex life, etc.).
- In principle, we do not offer services to users younger than 14 years of age, and thus do not collect their personal data. Where unavoidably we collect personal data of any user under the age of 14 for service use, we will ask for the prior consent of their legal representative and destroy such data as soon as the relevant service is finished, while strictly managing such data during the service.
(2) How we collect personal data
We may collect the personal data of customers and users in the following ways.
- We may collect your personal data via our website. For example, when you request information or content, apply for our email and/or newsletter service, download content, apply for or participate in events, request a consultation, or request our services via our website, we may collect your personal data for personal verification and identification.
- When you register or participate in our offline events, we may collect your personal data via our corresponding employee, telephone, email, or fax.
- When you use our service via a browser, mobile device, app, social service, etc., we may collect your personal data using data collection tools via social media.
- We provide you with a process through which you can choose between “I Agree” and “I Don’t Agree” concerning the Consent to the Collection and Use of Personal Data.
3. Purposes of collection and use of personal data
We use the personal data we collect for various purposes, including:
(1) Customer management
- Personal verification, identification, and the prevention of illegal or unauthorized use by undesirable members with regard to our business and services.
- Personal verification, identification, and the prevention of illegal or unauthorized use by undesirable members with regard to our business and services.
- Complaint processing and notification - statistics about members’ access frequency or service use.
(2) Provision of services
- Provision of our services and any information you might be interested in, newsletters, and/or various other content; applications for events and the delivery of event prizes.
(3) For marketing and advertising purposes
- Delivery of marketing information, such as events - posting and delivering marketing information tailored based on demographical characteristics and customer preferences.
We will always provide notification and explain the purposes of collection before we collect your personal data. We will ask for your prior consent to the use or sharing of your personal data for any purpose other than as specified at the time when you provide the information to us. To understand your preferences regarding this, we will request your consent in such a way as to allow you to express your intention by marking the appropriate choice.
4. Period of retention and use of personal data
In principle, we destroy personal data without delay once the purpose of collecting and using it is fulfilled.
However, where such data is required to be retained according to an applicable law, we retain your membership information for a certain period as prescribed by law. In this case, we move it to a separate database or retain it in a different storage location.
- Records on contracts or withdrawal from subscription (5 years): Act on Consumer Protection in Electronic Commerce
- Records on the payment and supply of goods, etc. (5 years): Act on Consumer Protection in Electronic Commerce
- Records on the processing of consumer complaints or disputes (3 years): Act on Consumer Protection in Electronic Commerce
- Records on the collection/processing and use of credit information (3 years): Credit Information Use and Protection Act
- Records on labeling and advertising (6 months): Act on Consumer Protection in Electronic Commerce
- Logs, such as user internet logs / access tracking records, other communication confirmation data (6 months): Protection of Communications Secrets Act
5. Procedure and method of destroying personal data
In principle, we destroy personal data without delay once the purpose of collecting and using it is fulfilled. The destruction procedure and method are as follows:
(1) Destruction procedure
Once the purpose is fulfilled, your personal data is moved onto a separate database (for paper, a separate filing cabinet), retained for a certain period depending on the reason for data protection according to our internal policy and/or any other applicable law (See the Retention and Use Period section), and then destroyed. Your personal data when moved onto a separate database is not used for any purposes other than retention, unless as otherwise prescribed by law.
(2) Destruction method
For any personal data stored in electronic file format, we delete such personal data by using a technical method that prevents data recovery. Personal data printed on paper is destroyed by pulverization or incineration.
6. Provision of personal data to a third party
In principle, we do not provide your personal data to any third party, unless:
- It is required by law or requested by a law enforcement agency for an investigation in accordance with a procedure or method as set by law.
- It is required for the settlement of service fees if any.
- It is provided in non-personally identifiable format for statistics or academic or market research.
- Prior user consent has been obtained
7. Rights of the user and their legal representative and how to exercise them
The user, or the legal representative of a user under the age of 14, may request to access, modify, delete, or stop the processing of their personal data, or to opt-out of their consent, at any time. We may refuse your request to access or modify or delete all or part of your personal data if:
- It is prohibited or limited according to law.
- There is any concern regarding harming the life or body of others or unduly infringing upon their property and/or other interests.
Where you request to correct any incorrect part of your personal data, we do not use or provide a third party with that information until such correction is completed. Where we have already provided such incorrect personal data to a third party, we will notify that third party of said correction without delay. For personal data that has been deleted or the processing of which has been stopped according to a request made by a user or legal representative, we process it as set forth in “4. Period of retention and use of personal data” and process it so as not to be accessed or used for any other purposes.
Please enter your personal data accurately and keep it updated. Responsibility for any incident resulting from your entering of incorrect information is borne by you, and you may lose your membership if you enter false information, such as another person's data. You have the right to have your personal data protected, but at the same time, you also have the obligation to protect yourself and not to infringe on the personal data of others. Please make sure that your personal data, including your password, is not leaked, and be careful not to damage any personal data of others, including posts. If you fail to fulfill such responsibility leading to the damage of any personal data and/or dignity of others, you may be punished according to the applicable law, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection.
8. Matters concerning the installation and operation of devices that automatically collect personal data and its refusal
Like many other websites, we also use some methods, such as cookies, to provide personalized services and to make it simpler, more efficient, and more valuable for you to visit our website by using a function that allows us to remember you when you return. Based on cookies, etc., we may save and retrieve your information at any time. A cookie is a tiny text file our website server sends to your browser, which is stored in your computer hard disk.
In general, cookies are classified as “temporary” cookies and “permanent” cookies.
Temporary cookies are not left on your computer once you close your browser.
Permanent cookies remain on your computer until you delete them, or they expire.
(2) Uses of cookies, etc.
9. Other policies regarding the handling of personal data
We take the following technical, and managerial measures to secure stability to prevent loss, theft, exposure, falsification, or damage of your personal data when we process it.
- Establishment and execution of an internal management plan
- To process your personal data safely, we establish and execute an internal management plan.
- We operate a dedicated privacy team to check the progress and staff compliance of our privacy measures and take corrective action as soon as any problem is detected.
- Installation and operation of access control devices
- We use intrusion prevention systems to control unauthorized access and strive to have technical devices in place to ensure systematic security.
- Measures to prevent falsification of access records
- We retain and manage records on access to our personal data processing systems, with security functions in place to prevent falsification of access records.
- Encryption of personal data
- Your personal data is protected by password and saved and managed by encrypting files or data in transit or by using a file lock function. Critical data is also further protected through separate security functions.
- Countermeasures against hacking, etc.
- We take measures to prevent damage caused by computer viruses using vaccine programs. Such vaccine programs are updated periodically, and in the event of a sudden advent of a new virus, we implement its vaccine as soon as it is made available to prevent any infringement on your personal data.
- We pay extra attention to our security in preparation for intrusions, such as hacking, by using intrusion prevention and vulnerability analysis systems for each server.
- We do not store personal data or general data in one place but instead store it on a separate server.
- Minimizing the number of employees authorized to manage personal data and providing them with training.
- We grant access to personal data only to those who perform marketing business directly with users, those in charge of personal data management, such as the Chief Privacy Officer and relevant personnel, and those who have no choice but to manage personal data due to the nature of their duty.
- We provide our employees who manage personal data with education and training regarding new security technologies, privacy duties, etc.
- Transfer of duties of those who manage personal data is made carefully under security, and we clarify their responsibility for any privacy incident that occurs before and after they resign.
- We control access to our computer rooms and archive rooms as special security areas.
(2) Provision of links to other sites
(3) Operation of posts
We cherish your posts and strive to protect them so as not to be falsified, damaged, or deleted, unless they fall under:
- Spam posts.
- Posts that spread false information to slander others, causing defamation.
- Posts that expose the personal information of others without their consent.
- Posts that contain any content that infringes on our or a third party’s rights, such as intellectual property rights.
- Posts not relevant to the topic of the message board.
To promote a desirable message board culture, we may delete certain parts of posts that expose the personal data of others or replace it with a symbol, etc., and when we move a post to another message board that matches its topic, we disclose the relocation path on the post to ensure that there is no misunderstanding.
In some cases, we may delete posts after an explicit or individual warning.
(4) Refusal of unauthorized email collection
We refuse any unauthorized collection of posted email address by email collection programs or other technical devices. In violation of this, you may be punished according to applicable law, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection.
(5) Transmission of marketing information
We do not send any profit-seeking marketing information to you against your explicit refusal.
- The subject of an email may not contain a symbol that represents advertising but it can contain some highlights of the content of the email.
- In the text of an email, we specify the name, email address and telephone number of the sender to whom you can request to opt-out of marketing communication with information provided on how to do so with ease.
- Where we send profit-seeking marketing information via media other than email, such as fax or mobile text message, we take the necessary action, such as indicating a symbol that represents advertising at the top of the content.
10. Chief Privacy Officer (CPO) and customer support team
To protect personal data and process possible complaints about personal data, we have designated the person below as our Chief Privacy Officer.
(1) Chief Privacy Officer
- Name: Lee Sang-ok
- Position: President
- Contact: +82-2-598-9898
(2) Other agencies
You may report any complaint concerning privacy that occurs while using our service to our Chief Privacy Officer or team in charge. We will respond quickly and sufficiently to your report. If you need to report a privacy infringement or receive a consultation, please contact the following agencies.