The company will notify how we use the personal information provided by users and what kind of measures we take to protect their privacy. The company will post notices via the website in case of changes to the privacy policy.
This privacy policy applies to the transmission of mobile phone public key certificate and electronic signature service
• Purpose for which personal data is collected and used
• Processing and retention of personal information
• Provision of personal information to a third party
• Consignment of personal information handling
• Rights and obligations of the user and how to exercise those rights
• Disposal of personal information
• Measures to ensure the safety of personal information
• Staff in charge of personal information
• Rectification of infringement on rights and interests
• Duty of notification
• Processing and retention of personal information
• Provision of personal information to a third party
• Consignment of personal information handling
• Rights and obligations of the user and how to exercise those rights
• Disposal of personal information
• Measures to ensure the safety of personal information
• Staff in charge of personal information
• Rectification of infringement on rights and interests
• Duty of notification
Article 1 Purpose for which personal data is collected and used
The company processes personal information for the following purposes. The collected data will not be used in ways unrelated to the specified purposes and if the purpose changes, we will implement the necessary measures including receiving separate agreements in accordance with Article 18 of the “Personal Information Protection Act.”
A) Items of personal information collection
• [Usage of services]
- Mobile carrier, mobile phone number, mobile phone model, service usage history
- IP address, date and time of service access, history of service usage, history of SMS delivery
• [Customer service via website]
- Mobile carrier, mobile phone number, name of the customer, email address, inquiry details
B) How to collect personal information
• The company collects personal information via the following methods.
- PC and mobile phone applications, Q&A board on the website, phone calls, email
- Data from partner companies
C) Purpose
• Data use, dispute mediation, handling complaints, implementing the legal obligations in order to provide, maintain, manage, and analyze the mobile phone public key certificate system, or UBIKEY (hereafter referred to as “the service”)
D) Personal information process of the company
• Upon termination of the service, the collection and use of personal information will be withdrawn.
※ We do not use cookies that automatically collect information.
.
Article 2 Processing and retention of personal information
The company will process and retain personal information within the period agreed upon by the user or the period stipulated by law.The details of processing and retention are as below.
(Retained items/details, Retention period, The basis of and reasons for retention)
- Five (5) years for the books and documents regarding transactions in accordance with the Framework Act on National Taxes, Corporate Tax Act, Value-added Tax Act, etc.
- Five (5) years for the record of payment and supply of goods in accordance with the Consumer Protection Act
- Six (6) months for identification records in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
- Five (5) years for contracts and withdrawal in accordance with the Act on the Protection of Consumers in Electronic Commerce, etc.
- Three (3) years for the complaints handling and disputes settling of consumers in accordance with the Act on the Protection of Consumers in Electronic Commerce, etc.
※ In addition, we follow the personal information retention period stipulated by other laws.
Article 3 Provision of personal information to a third party
The company only processes the users’ information for the purposes stated in Article 1 (Purpose of personal information processing) and provides the data to a third party only for the cases stated in Articles 17 and 18 of the Personal Information Protection Act and with the agreement of users.
The company provides personal information to a third party as follows.
The provided party : Mobile carriers (SKT, KT, LG U+)
Purpose of provision : Subscription/termination of extra services, service provision, calculated based on the monthly usage of service
Provided item : Mobile phone number
Retention period : After cancel the service until the payment of the amount calculated based on the monthly usage of service (However, a retention period stipulated by law shall supersede)
Article 4 Consignment of personal information handling
The company consigns personal information handling to other companies to smoothly process data.
The consigned company : SK Planet
Details of consignment : Inquiry of subscription/termination of service, adjustment work
The company states the details of responsibilities when entering into consignment contracts, including prohibition of personal information processing for other purposes in accordance with Article 25 of the Personal Information Protection Act, protection measures in terms of technology and management, restrictions on re-consignment, supervision of consignment companies, and compensation for damages, etc., and ensures that the consigned companies are safely handling personal information.
We will disclose any changes regarding the details and consigned companies in this Privacy Policy immediately.
Article 5 Rights and obligations of the user and how to exercise those rights
The users can exercise their rights regarding personal information at all times via the following:
A) Requests to review personal information
B) Requests to correct errors
C) Requests to delete personal information
D) Requests to stop processing of personal information
The user is able to exercise rights according to Article 1 against the company by the form of Article 8 of the appendix of the Rules of the Personal Information Protection Act via letters, email, or fax, and the company shall immediately respond.
When the user requests deletion of or correction of errors in personal information, the company shall not use or provide the data until that request is completed. The exercise of rights in Article 1 is available by the legal deputy or the agent. In this case, the user shall submit a power of attorney in the form in Article 11 of the appendix of the Rules of the Personal Information Protection Act.
Article 6 Disposal of personal information
The company shall immediately dispose of personal information if the personal information is no longer necessary because the retention period has ended or the purposes have been achieved.However, if the personal information needs to be preserved despite the above cases, the data shall be moved to a separate database or other location.
The procedures and methods for discarding personal information are as follows.
A. Procedures
Personal information is discarded according to strict rules under the permission of the person in charge of data protection, pursuant to the Privacy Rules of the company when the period expires or purposes are accomplished.
B. Methods
The company shall destroy the history of personal information that is recorded and stored in electronic files in a way that it cannot be recovered. Personal information recorded or stored in paper documents will be shredded or burned.
Article 7 Measures to ensure the safety of personal information
The company takes technical, management, and physical measures to ensure the safety of data in accordance with Article 29 of the Personal Information Protection Act.
A. Establishment and implementation of internal management plans
•The company established and implements internal management plans in line with Personal Information Protection Rules and plans to protect personal information thoroughly.
- Appointment of staff in charge of personal information
- Roles and responsibilities of staff in charge of personal information protection and handling
- Measures to ensure safety of personal information
- Education for the staff handling personal information
- Other requirements to protect personal information
B. Access control
• A minimal number of staff can have differential access to the personal information handling system with a minimal scope of data.
• When the staff member in charge of personal information changes because of transfer or retirement or other personnel matters, the access control is changed or terminated and the history of authority changes will be stored for a certain period of time.
• A minimal number of staff can have differential access to the personal information handling system with a minimal scope of data.
C. Encryption of personal information
• Personal information is safely stored and managed by encryption, etc. Also, important data is managed by DRM or use lock features, applied with separate security features.
D. Storage of access history and prevention of falsification
• Staff in charge of personal information shall keep a history of access to the personal information processing system for at least six (6) months, and shall ensure its safety in order to prevent falsification, theft, or loss.
E. Installation and operation of security programs
• Installation and operation of security programs such as vaccine software to prevent and remove malicious programs
F. Restriction of physical access
• The company has separate physical spaces to keep personal information, such as a computing room and data storage room, and access control is established and maintained.
Article 8 Staff in charge of personal information
The company is responsible for personal information handling and has designated staff in charge of personal information protection in order to deal with complaints and damages of users.
The user can contact the staff in charge of personal information protection or related departments for any inquiries, complaints, or compensation for damage. We will immediately respond to your inquiries.
- Staff responsible for personal information protection
A. Department in charge of personal information: Technology Research Center
B. Person responsible for management of personal information: Director Kim Jae-soo
C. Phone number: 02)3775-3366 (130)
D. Fax: 02)718-1620
E. Email: jaesoo@infovine.co.kr
- Staff in charge of personal information
A. Department in charge of personal information: Technology Research Center
B. Person responsible for management of personal information: Team manager Kim Jeong-tae
C. Phone number: 02)3775-3366(131)
D. Fax: 02)718-1620
E. Email : kjt@infovine.co.kr
- Service grievance counseling
Phone number: (02)718-1860
Article 9 Rectification of infringement on rights and interests
The user can contact the below institutions to make inquiries about personal information infringement, rectification, etc.
The below institutions are standalone organizations. If you are not satisfied with the company’s response to the complaints or rectification regarding personal information, please contact these institutions.
| Center | Phone number | Website |
|---|---|---|
| Personal Information Protection Center |
(Without a telephone exchange number)118 | http://privacy.kisa.or.kr |
| Personal Information Dispute Mediation Center |
(Without a telephone exchange number)118 | http://privacy.kisa.or.kr |
| Cybercrime Investigation Department of the Supreme Public Prosecutors’ Office |
02)3480-3571 | http://cybercid.spo.go.kr |
| Cyber Bureau of the National Police Agency |
1566-0112 | http://netan.go.kr |
Article 10 Duty of notification
The current Privacy Policy was established on April 15, 2014 and notification will be provided via the website at least seven (7) days before amendment if there are any additions, deletions, or revisions of the content according to changes of information policies or security technologies.