The term "personal information" means information about a living individual, such as symbols, characters, text, voice, sound, image, etc., that can identify the individual by matters such as name, date of birth, etc. contained in such information (including information that can be easily combined with other information to identify a specific individual, even if such information alone cannot identify the specific individual).
Customers can freely access most of the content offered on the Website without any registration process. If you wish to use the Company's customer inquiry service, you must consent to the collection of the following personal information by the Company, and your refusal to consent to the collection will not prevent you from using other services.
Items to be collected Collection methods Name, e-mail address, and additional information generated by using the services After obtaining the Customers' consent to the collection of personal information items, collect the data by having the Customers fill out the form directly
The Company collects and uses Customers' personal information for the following limited purposes. The collected personal information will not be used for any other purpose, and consent will be obtained in advance if the purpose of use changes.
- Purpose of use of personal information collected when using the customer inquiry service
Purpose of collection and use Use for identity verification procedures, consultation/inquiries, confirmation of complaints, contact/notification for fact-finding, response to Customers, and notification of processing results
(1) The Company shall destroy the personal information of the Customers when the purpose of collecting and using the personal information is achieved, when the period of retention and use of the personal information consented to by the Customers expires, or when the Customers withdraw their consent to the collection of personal information by the Company.
(2) The Company shall immediately destroy the personal information of Customers who have not used the services provided by the Company for a period of three (3) years (if a separate period is stipulated by other laws and regulations or if a different period is stipulated at the request of Customers) or store and manage the personal information separately from other Customers' personal information. In this case, the Company shall notify the Customers of the fact that the personal information is destroyed or stored and managed separately, the date of expiration of the period, and the items of such personal information by any of the following methods: e-mail, writing, telephone, or similar methods, at least thirty (30) days before the expiration of the above period.
(3) Notwithstanding Paragraphs (1) and (2), if it is necessary to preserve the personal information of Customers for a certain period of time in accordance with the provisions of relevant laws and regulations, the Company may exceptionally retain all or part of the personal information collected for a certain period of time as stipulated by the relevant laws and regulations as follows:
Items to be retained Retention period Legal basis Log records of computer communications or the Internet, tracking data of accessed users 3 months Article 15 (2) of the Protection of Communications Secrets Act and Article 41 (2) of the Enforcement Decree of the Protection of Communications Secrets Act Other data for verification of communication facts 12 months
(1) The Company will use the personal information of Customers within the scope notified in Article 2 and will not use it beyond the scope or provide it to external parties in principle.
(2) Only with the consent of the Customers, if the Customers' consultation or complaint relates to another affiliated company of the SeAH Group, the Company may provide the Customers' personal information to that affiliated company for the purpose of providing smooth services to the Customers.
(3) The Company may also provide personal information to third parties in the following cases:
- Where there are special provisions in other laws, such as the Protection Of Communications Secrets Act, the Framework Act On National Taxes, the Act On Promotion Of Information And Communications Network Utilization And Information Protection, the Act On Real Name Financial Transactions And Confidentiality, the Credit Information Use And Protection Act, the Framework Act On Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act On Consumers, the Bank Of Korea Act, the Criminal Procedure Act, etc. However, in the case of "special provisions in the law", the Company will not unconditionally provide Customers' personal information even if it is requested by an administrative or investigative agency for administrative or investigative purposes and will provide it in accordance with due process, such as through a warrant or a written document bearing the seal of the head of the agency as prescribed by law.
- In other cases, personal information may be provided to third parties in accordance with Articles 17 and 18 of the Personal Information Protection Act
- Even under this exception, the Company operates in principle to notify customers when information is provided pursuant to applicable laws or at the request of an investigative agency. However, it may not be possible to notify Customers due to legal grounds. The Company will make every effort to ensure that information is not provided indiscriminately contrary to the original purpose of collection and use.
(1) The Company values the opinions of its customers very much, and Customers have the right to receive sincere answers to their questions at all times.
(2) Customers may exercise the following rights regarding the protection of their personal information at any time:
- Request for access to personal information
- Request for correction of any errors, etc.
- Request for deletion
- Request for suspension of processing.
(3) The rights under Paragraph (2) can be exercised via e-mail or telephone, and the Company will take immediate action.
(4) If the Customers request correction or deletion of errors in the personal information, the Company will not use or provide the personal information until the correction or deletion is completed.
(5) The exercise of the rights under Paragraph (2) may be done through an agent, such as a legal representative or delegated persons of the Customers. In this case, a power of attorney in Form 11 of the Notification on the Method of Handling Personal Information shall be submitted.
(6) Customers shall not infringe on the personal information and privacy of themselves or others whose personal information is being processed by the Company in violation of relevant laws and regulations, such as the Personal Information Protection Act.
In principle, the Company destroys the personal information immediately after the purpose of processing the collected personal information is achieved or after the storage and use periods, except in cases where storage is required under relevant laws and regulations. The procedures, deadlines, and destruction methods are as follows:
(1) Destruction procedures and deadlines
The information entered by Customers is transferred to a separate database (separate documents in the case of paper) after achieving the purpose and is stored for a certain period of time in accordance with internal policies and other relevant laws, or destroyed immediately. At this time, the personal information transferred to the database will not be used for any other purpose except in accordance with the law.
(2) Destruction methods
- Personal information in the form of electronic files will be destroyed using technical methods that do not allow the records to be reproduced.
- Personal information printed on paper will be destroyed by shredding or incineration.
The Company implements technical, administrative, and physical measures necessary to ensure the safety required by relevant laws and regulations to prevent the loss, theft, leakage, alteration, or damage of personal information in the processing of personal information, including the following, and is committed to protecting personal information
(1) Technical protective measures
- Tighten controls on access to personal information processing systems to the minimum necessary to perform business functions
- Install and operate an access control system for personal information processing systems
- Encrypt and store personal information for safe storage
- Encrypt or use a file lock function when transmitting/receiving through information and communication networks or transferring through auxiliary storage media (USB, HDD, etc.)
- Comply with secure password creation rules and periodically change passwords
- Install and operate security programmes to protect handlers and systems when processing personal information
- Keep records of access to personal information processing systems and apply measures to prevent falsification and alteration
(2) Administrative protective measures
- Develop and implement an internal management plan for the safe processing of personal information
- Limit the number of employees involved in the processing of personal information to a minimum number of employees
- Appoint a privacy officer and periodic personal information protection training
- Supervise and train outsourced business processors on the protection of personal information
(3) Physical protective measures
- Establish and operate access control procedures for places where personal information is stored, such as computer rooms, data storage rooms, etc.
- Store documents, auxiliary storage media, etc. containing personal information in a locked and secure location
- Install CCTV to protect personal information, and store personal image information in a safe place with a lock
(1) The Company has designated a privacy officer as follows to take overall responsibility for the processing of personal information and to handle complaints and damage relief from Customers regarding the processing of personal information.
(2) Customers may contact the privacy officer for all personal information protection-related inquiries, complaints, damage relief, etc. that occurred while using the Company's services (or business). The Company will respond to and handle inquiries from Customers promptly.
(3) The Company takes the protection of Customers' personal information very seriously and does its best to ensure that Customers' personal information is not damaged, infringed upon, or leaked. However, despite the Company's technical complementary measures, the Company is not responsible for any damage to information due to unexpected accidents caused by basic network risks such as hacking or for any disputes caused by posts made by Customers.
Privacy officer SeAH Besteel Lee Seungeun Executive Director / Head of IT Telephone number +82-2-6970-2180 email@example.com
If Customers need to consult or report a personal information infringement, please contact the Company's privacy officer or the department in charge of personal information management, or contact the following organisations:
Personal Information Protection General Support Portal www.privacy.co.kr (+82-2-2100-3394)
Personal Information Infringement Reporting Centre www.118.or.kr (118 without the area code)
Cybercrime Investigation Unit of the Supreme Prosecutors' Office www.spo.go.kr (+82-2-3480-3571)
National Police Agency Cyber Terrorism Response Centre www.ctrc.go.kr (1566-0112)
Date of notification 13 February 2023
Enforcement date 13 February 2023