Privacy Policy
<Felix Korea Co., Ltd.> (hereinafter, the
"Company") has the following policy to protect personal information
and rights of users in accordance with personal information-related laws such
as the Personal Information Protection Act. The Company’s Personal Information
Processing Policy informs you of the purpose and manner in which your personal information
is being and will be used and type measures that are being taken to protect
your personal information.
In the event that the Company revises this personal information
policy, it will make it public through its website (or individual notification)
○
This policy will take effect from January 1, 2021.
Article
1. Purpose of personal information management
The Company processes personal information for the following
purposes. The processed personal data will not be used for any purpose other
than the following purposes, and if the purpose of the use is revised, it will
make it public through its website (or individual notification)
A. Membership signup and management
The Company processes personal information for the purposes of identifying and
certifying members to provide membership services, maintaining and managing
member qualifications, preventing illegal use of services, and various notices
and notifications.
B. Customer Inquiry
Personal information is processed for the purposes
of verifying the identity of those who submit complaints, confirming the
details of complaint, and contacting/notifying for investigating facts and
notification results.
C. Provision of goods or services
Personal information is processed for the purposes of delivering goods,
providing services, contents and customized services.
D. Utilization for marketing and advertising
Personal information is processed for the purposes of developing new services
(products) and offering customized services, providing events, advertising
information and participation opportunities, identifying access frequencies, or
statistics on members' use of services etc.
Article 2. Personal information items collected
1. Personal information file name: Personal information
- Personal information
items: Email, phone number, mobile phone, affiliation, department name,
position, access log, cookie, access IP information, name of the legal
representative
- Collection method: Webpage
- Grounds for retention:
Consent of the information subject
- Retention period: 3 years
- Relevant laws: Records on
collecting/processing of credit information: 3 years, records on handling
consumer complaints or disputes: 3 years, records on contract or subscription
withdrawal, etc.: 5 years
Article 3. Retention period of personal
information items
① The Company manages and retains personal information within a
specific time period according to laws or as agreed by information objects when
collecting personal information.
② The period of managing and retaining each
personal information is as follows.
1.
<Customer Inquiry>
Personal information
related to <Customer Inquiry> is retained and used for the above purpose
of use for <3 years> from the date of consent for collection.
Grounds of retention:
Consent to personal information
Relevant laws: 1) Records related
to consumer complaints or dispute handling: 3 years
2) Records related to
contract or withdrawal of subscription: 5 years
Exception:
Article 4. Provision of personal information to a
third party
In principle, the Company processes users’ personal information
within the scope of the purposes specified in Article 1, and will not process
or provide it to a third party beyond the original scope without users’ prior
consent.
① The Company shall provide personal data to a third party only in
the cases which fall under Articles 17 and 18 of the Personal Data Protection
Act, such as where a consent is obtained from the Data Subject or where special
provisions in laws so require.
② Currently, we provide personal information
to third parties as follows:
1. ‘Company’
Parties to which we
provide personal information: ‘Company’
Purpose of
use of personal information: Name, gender, date of birth, email, mobile
phone, company phone number, affiliation, department name, position, name of
the legal representative, mobile phone number of legal representative.
Period of retention/use of
personal information provided: 3 years
Article 5. Rights
and obligations of the information principal and how to exercise these rights
The
Information Subject and Legal representative may exercise the following rights
related to personal information against the Company at any time:
① The Information Subject may exercise the right to access, amend,
delete, and stop processing personal information at any time for the Company.
② The exercise of ZZ rights under Paragraph 1 may be carried out
in writing or through e-mail, facsimile, etc., according to Article 41
(1) of the Enforcement Rules of the Personal Data Protection Act, and the
Company will immediately take a measure for this
③ The exercise of the rights under Paragraph 1 may be carried out
through an agent such as the Information Subject’s statutory agent or delegated
person. In this case, the power of attorney in the attached Form No. 11 of the
Enforcement Rules of the Personal Data Protection Act shall be submitted.
④ In the case of the
request for access to personal data or the request for suspension of
processing, the Information Subject’s rights may be restricted under Articles
35 (4) and 37 (2) of the Personal Information Protection Act.
⑤ The request for correction and deletion of personal information
cannot be requested if the personal information is specified as subject for
collection in other laws.
⑥ The Company verifies whether the person who has made the request
for access, the request for correction or deletion, or the request for
suspension of processing based on the Information Subject’s rights is the
Information Subject itself or its legitimate agent.
Article 6. Personal
Information Items Subject to Processing
① The Company processes the
following personal information items.
- Required items: Email,
mobile phone number, company phone number, position, department, company name,
legal representative name, legal representative mobile phone number
- Optional items:
Article 7. Destruction of personal information
In principle, the Company will destroy personal information
without delay when achieving the purpose of management of said personal
information. The procedure, period and method of destruction are as follows.
1) Destruction procedure: Information entered by users will be
moved to a separate database (in the case of paper, a separate document) after
achieving the purpose, and will be destroyed after being saved for a certain
period according to the internal policy and other relevant laws or immediately.
In this case, the personal information moved to the database will not be used
for other purposes unless specified by law.
2) Destruction period: Users’ personal information will be
destroyed within 5 days after the date when the retention period of personal
information expires or within 5 days after the date when the personal
information becomes unnecessary due to achieving the purpose of management,
closing services, terminating business etc.
3) Destruction method: Personal information printed on paper will
be destroyed by shredding with a shredder or incinerating. Information in
electronic files will be destroyed by using a technological method making
records impossible to be reclaimed.
Article 8. Matters
concerning the installation, operation and rejection of a personal information
automatic collecting device
The Company does not use a ‘cookie’ which saves information of
users and retrieves it at any time in order to provide individually customized
services.
Article 9. Persons
in charge of personal information protection
The Company has designated a person responsible for personal
information protection and a staff member managing personal information as
below in order to protect personal information and process personal
information-related complaints.
▶Person responsible for
personal information protection
Name:
Position:
Contact info:
The Information Subjects
may direct all inquiries, complaints and requests for damages related to
personal information protection in using the Company’s service to the
person/department in charge. The Company will provide prompt and sufficient
answers to your inquiries.
Article 10. Change
of the personal information policy
This personal information policy shall apply from the date of
enforcement, and in case of adding, deleting or modifying the contents
according to law and policy, the Company will make it public through
notification from 7 days before such changes take effect.
Article 11. How to
seek remedy for violation of rights
In accordance with Article 29 of the Personal Information
Protection Act, the Company takes technical/administrative and physical
measures necessary to ensure safety as follows.
1. Minimization and training
of employees handling personal information We are implementing measures to
manage personal information by designating employees who handle personal
information and minimizing them by limiting them to the person in charge.
2. Technical measures against
hacking, etc.
A security program is installed and periodic updates are made to prevent
leakage and damage of personal information due to hacking or computer viruses,
and technically/physically monitored and blocked by installing systems in an
area where access is controlled from outside.
3. Encryption of personal
information
The user's personal information is stored and managed with an encrypted
password, so only the user can know it. For important information, a separate
security system is used, such as encrypting files and transmission data or
using a file lock function.
4. Storage of access records
and prevention of forgery
The records of access to the personal information processing system are kept
and managed for at least 6 months, and security functions are used to prevent
forgery, theft, or loss of access records.
5. Access control for
unauthorized persons
Physical storage for personal information is separately located
and established and access control procedures for operation.
