CERAGEM

Private Information Treatment Policy

■ Purpose
This treatment policy of CERAGEM Co. Ltd. (hereinafter, called ‘the company’) aims to determine a treatment policy for the protection of private information and rights and interests of users in accordance with the Personal Information Protection Act.

■ Scope
The company will announce a newly revised policy through Website Notice (or individual notice) in case of revising Private Information Treatment Policy.

1. Items of private information to be collected and collecting methods
2. Purpose of treating private information
3. Period of treatment and holding of private information
4. Entrustment of private information
5. Matters concerning rights, duties of information principals and regal representatives and methods of enforcement
6. Matters concerning installation, operation and denial of a private information automatic collecting mechanism
7. Destruction of private information
8. Measures to secure safety of private information
9. Person in charge of the protection of private information
10. Changes of private information treatment policy


1. Items of Private Information to be collected and Collecting Methods
Free access to this site is available without additional procedure of joining. However, only to the cases of accessing contents for members, some of private information will be collected through the membership application. The private information to be collected by the company is as the followings;

(1) Items to be collected
① Application of Rental Service
- Required Items: Name, Phone Number, E-mail Address
② In the process of using internet service, the following private information items may be automatically generated and collected;
- IP Address, Cookies, MAC Address, Service Usage Recordings, Visit Recordings, Misbehaving Recordings, etc.
(2) Methods of Collection
The company collects private information in the following methods;
- Home Page (Membership Application), Modification of Member Information, A/S Application, Reception of Customer Feedback, Phone Number, Inquiry for Usage


2. Purpose of Treating Private Information
The company treats private information for the following purpose. Private information being treated will not be used for purpose except the followings and if there is any change in usage purpose, required actions such as obtaining a consent in accordance with the Personal Information Protection Act, Article 18 will be taken.
(1) Membership Application and Management of Home Page
Private information will be treated for the purpose of; confirmation of the intention of joining of the applicant, identification and certification of the applicant according to the provision of membership system service, confirmation of identification according to the execution of maintenance and management of membership qualification and prevention of wrongful use of service, etc.
(2) Treatment of Appeal Service
Private information will be treated for the purpose of contact and announcement for fact investigation, notice of treatment results, etc.
(3) Provision of Goods and Services
Private information will be treated for the purpose of delivery of goods, provision of customized service, payment and settlement of charge, collection of claims, etc.


3. Period of Treatment and Holding of Private Information
In principle, after achieving the purpose of collection and usage of private information, corresponding information will be destructed without delay. However the following information will be held for specified period by reason of the followings;
<Reason to hold Information according to internal policy>
● Member ID
- Reason of Holding: Prevention of confusion in using service
- Directions: In case removal of private information is wanted by a member, corresponding information will be removed without delay.
<Causes to hold Information according to Related Laws>
If there is a necessity of holding private information according to the regulations of related laws such as the Commercial Law and the Act concerning Customer Protection in Electronic Commerce, the company will hold member information for certain period designated by related laws. In this case the company uses the information for the purpose of the holding only, and holding periods are as follows
● Recordings of Contract and Subscription Withdrawal
- Reason of Holding: the Act concerning Customer Protection in Electronic Commerce
- Holding Period: 5 years
● Recordings of Payment and Supply of Goods, etc.
- Reason of Holding: the Act concerning Customer Protection in Electronic Commerce
- Holding Period: 5 years
● Recordings of customer complaints and treatment of conflicts
- Reason of Holding: the Act concerning Customer Protection in Electronic Commerce
- Holding Period: 3 years
● Recordings of Identification
- Reason of Holding: the Law concerning Information and Communications Usage Promotion and Information Protection
- Holding Period: 6 months
● Recordings of Visiting
- Reason of Holding: Protection of Communications Secrets Act
- Holding Period: 3 months


4. Entrustment of Private Information
(1) The company entrusts private information treatment business as the followings for smooth treatment of the business.
● Operation of A/S Center
- Consignee (Trustee): Unies
- Contents of the business trusted: Provision of Product A/S, etc. for customers
(2) The company specifies matters concerning responsibilities of prohibition of private information treatment, technical and managerial protection measures, limitation of re-entrustment, management and supervision of trustee, compensation for damages, etc. in addition to the purpose of entrustment business execution in documents such as contract agreements and supervises whether the trustee safely treats private information in accordance with the Personal Information Protection Act, Article 25.
(3) In case the contents of entrustment business or the trustee is changed, the company will immediately disclose it in accordance with this private information treatment policy.


5. Matters concerning rights, duties of information principals and regal representatives and methods of enforcement
(1) Matters concerning rights, duties of information principals and regal representatives and methods of enforcement
① Request of Reading Private Information
② Request of Modification in case of Error
③ Request of Removal
④ Request of Suspension of Treatment
(2) A member can exert his rights specified in paragraph (1) in accordance with the Personal Information Protection Act, Enforcement Ordinance, Article 41, Clause 1 through letters, e-mails, facsimile (FAX), etc. to the company and the company will take actions for it without delay.
(3) A member can exert his rights specified in paragraph (1) through a proxy such as a legal representative of information principal or a person who is entrusted. In this case a power of attorney in accordance with forms of the Personal Information Protection Act, Enforcement Ordinance, Article 11 shall be submitted.
(4) In case of requesting a reading of private information and suspension of treatment may limit rights of an information principal in accordance with the Personal Information Protection Act, Article 35, Clause 5 and Article 37, Clause 2.
(5) In case of requesting a modification or removal of private information, the removal cannot be requested if the private information is specified as the target of collection in other law. The company may refuse reading/modification or removal of all or a part of the private information when
- When a reading is prohibited or limited by the law
- When there is worry of damaging life or body of other person or when there is worry of unduly infringing property or profit of other person
(6) The company identifies whether a person who makes a request of a reading, etc., a request of modification and removal, or a request of suspension of treatment according to the rights of an information principal is a member himself or a valid proxy.


6. Matters concerning installation, operation and denial of a private information automatic collecting mechanism
(1) Purpose of Using Cookie
The company uses Cookie, etc. to save and frequently import information in use to provide users individual customized service. Cookie refers to small amount of information sent to a computer browser of a user by the server (http) which is used to operate company website. Cookie is also saved in a computer hard disk of users. Afterwards, the website server is used for reading the contents of Cookie stored in hard disk of the user to maintain environment setting and provide a customized service when the user visits website.
(2) Method to deny Cookie Setting
A user has an option in installation of Cookie. Accordingly, by setting the option in web browser, the user may allow all Cookies, make a check every time Cookie is saved, or deny saving of all Cookies. However, when the user denies installation of Cookie, it may be difficult to provide service.
- Cookie Setting Method (In case of using Internet Explorer 8.0): Click 「Internet Option」 in 「Tools」 menu. Select 「Private Info Tab」. Set a Cookie setting level appropriate to you using 「Setting」.
- Cookie Reading Method (In case of using Internet Explorer 8.0): Select 「Internet Option」 in 「Tools」 menu. Click on 「General」 tab to enter 「Setting」 of ‘Searching Record’ to confirm Cookie through 「File Reading」.
- Cookie Setting Denying Method (In case of using Internet Explorer 8.0): Click 「Internet Option」 in 「Tools」 menu. Click on 「Private Info Tab」. Using 「Setting」 set to “Block All Cookies” in higher level.


7. Destruction of Private Information
In principle, the company immediately destroys corresponding private information when the purpose of private information treatment is achieved. Procedures, time limit and methods of the destruction are as the followings;
(1) Procedures of Destruction
After achieving the purpose, information entered by a user will be destroyed immediately or after storing for certain period according to internal policy and other related laws by being transferred to additional DB (in case of papers, additional document). At this time, private information transferred to the DB will not be used for other purpose except the cases designated by laws.
(2) Time Limit of Destruction
Information of a user will be destroyed within 5 days from the closing date of holding period if holding period is elapsed, and within 5 days from the day when the private information is recognized as being unnecessary if the private information becomes unnecessary due to the achievement of the purpose of private information treatment, abolishment of corresponding service, closing of the business, etc.
(3) Method of Destruction
In case of information of electronic file type, a technological method which cannot reproduce recording is used. Private information printed on papers will be destroyed by grinding with a grinder or incinerating.


8. Measures to secure Safety of Private Information
The company takes technological/managerial and physical actions required to the securement of safety in accordance with the Personal Information Protection Act, Article 29.
(1) Minimization of staffs to treat Private Information and Education
The company executes countermeasures to manage private information by designating staffs to treat private information and limiting to persons in charge of the affair.
(2) Establishment of Execution of Internal Management Plan
For safe treatment of private information, an internal management plan is established and executed.
(3) Encryption of Password
User passwords are stored and managed through the encryption.
(4) Limitation of Access to Private Information
The company takes actions required to control access to private information through assignment, change and cancellation of access right to the database system which treats private information.
(5) Countermeasures against Hacking, etc.
The company makes its best in preventing outflow or damage of private information of members by hacking or computer virus, etc. In preparation against damage of private information, the company executes back up of data from time to time, and prevents outflow or damage of private information or data of users using newest vaccine programs. In addition, the company prohibits unauthorized access from outside using a Firewall, and tries to equip all technological devices in order to systematically secure security.


9. Persons in charge of the protection of private information
The company designates staffs in charge of the protection of private information as the followings who will assume the responsibility of consolidated business concerning private information treatment and complaints treatment and damage recovery of information principals relating private information treatment.
● A person in charge of the protection of private information
Production Section, Head of Section Part, Jang Sung Tae
Contact Number : 041-529-4403
Facsimile Number : 041-565-2560
E-mail : privacy@ceragem.co.kr

● A person who treats the protection of private information
Customer Support Team, Team Leader, Min In Gi
Contact Number : 041-529-4280
Facsimile Number : 041-565-2560
E-mail : privacy@ceragem.co.kr
An information principal may contact a staff in charge of the protection of private information and responsible department about all private information related inquiry, complaints treatment, damage recovery, etc. generated during the use of service of the company (or business). The company will immediately answer and treat to inquiry of the information principal. If any report or consultation about private information infringement is required, please contact the following organizations;
● Personal Information Infringement Report Center ( http://www.118.or.kr / 118 )
● Data Protection Mark Authentication Committee ( http://www.eprivacy.or.kr / 02-580-0533~4 )
● Supreme Prosecutors’ Office High-Tech and Financial Crimes Investigation ( http://www.spo.go.kr / 02-3480-2000 )
● National Police Agency Cyber Terror Response Center ( http://www.ctrc.go.kr / 02-392-0330 )


10. Changes of Private Information Treatment Policy
Private information treatment policy shall be applied from the execution day. If there is any addition, removal or modification of changes according to regulations and policy, it will be announced through notices before 7 days from the execution of changes.
● Execution Day: November 22, 2018