SPHERE AX Co., Ltd. (hereinafter called ‘the company’ or ‘SPHERE AX’) protects users’ privacy and rights and establishes personal information handling policy in order to deal with users’ complaints smoothly. If the company revises the personal information policy, the revision is posted on the Notice of the website.
This policy comes into effect from May 13, 2019.
1. Purpose of personal information handling
The company handles personal information for the purposes described below. The handled information is not used for other purposes than the following ones. If the purposes of use are changed, consent will be given to users in advance.
A. Handling of the inquiry of product and estimate
Personal information is handled for the purpose of checking a customer’s identity, making contact and notice for fact inspection, and notifying a customer of results after handling.B. Utilization for marketing
Personal information is handled for finding access frequency or statistics of customer service use.C. Service improvement
Personal information is used as the communication path for improving customer responses and other services.2. Personal information files
The company guides the main personal information files collected and retained through the website operated by the department described below.
| Department | File name of personal information | Items of personal information | A ground for retention |
A purpose of retention |
A period of retention |
Making public the personal information handling policy |
|---|---|---|---|---|---|---|
| Marketing part | Inquiry information DB | Name, Email address, etc. | Consent of information subject | The purpose of securing a smooth communication path | 2 years (re-consent) or until membership withdrawal | http://www.sphereax.com |
| Research institute of information protection | Video export, Website, Member information | Name, Department, Email address, Contact info., etc. | Consent of information subject | Membership management and Video export management | 2 years (re-consent) or until membership withdrawal | http://www.secuwatcher.com |
※ For detailed personal information retention items, refer to the personal information processing policy of the site.
3. Personal information handling and retention periods
The company processes and retains personal information within the personal information retention and use periods set forth in laws, or the personal information
retention and use periods agreed by information subjects at the time of personal information collection.
Personal information handling and retention periods each are as follows:
[ Treatment of civil petitions ]
The personal information pertain to treatment of civil petitions is retained and used for the above use purposes until three years from the date of consent on the collection and use of personal information.- A ground for retention: Article 13 of Civil Petitions Treatment Act
- Related legal provision: Record of credit information collection/processing and use, etc.: three years
[ Utilization for marketing and advertising ]
The personal information pertain to the utilization for marketing and advertising is retained and use for the above use purposes until three years from the date of consent on the collection and use of personal information.- A ground for retention: Article 13 of Civil Petitions Treatment Act
- Related legal provision: Record of consumers’ complains or dispute settlement: three years
Offering of personal information to third parties
The company neither uses nor discloses personal information of information subjects beyond the notified use and collection purposes of personal information in any circumstances unless information subjects make any consent or related legal provisions are set forth.Consignment of personal information handling
The company does not entrust any external company to operate users’ personal information. If personal information is operated through consignment, the company will give a notice to users and will obtain their consent.4. Rights and obligations of information subjects and legal representatives and the method of exercising the rights and obligations
As personal information subjects, users are entitled to exercise the following rights:
- Information subjects are entitled to exercise their right to request SPHERE AX to open, correct, delete, and stop processing personal information anytime.
- It is possible to exercise the right prescribed in the above paragraph 1 in a written way, by e-mail or by FAX in accordance with Article 41(1) of the Enforcement Degree of the Personal Information Protection Act. SPHERE AX will respond to the exercise without delay.
- The right prescribed in the above paragraph 1 can be exercised by the legal representatives of information subjects or persons entrusted with powers. In this case, it is required to submit a commission of powers in accordance with the Appendix No. 11 of Enforcement Rules of Personal Information Protection Act.
- Information subjects’ right to make the request of opening and/or stop processing personal information can be restricted in accordance with Article 35(5) and Article 37 (2) of Personal Information Protection Act.
- It is impossible to make the request of correcting and/or deleting personal information if the collection of the personal information is set forth in a different legal provision.
- The company check if the request of opening, correcting, deleting, and/or stop processing personal information is made by an information subject or his/her legitimate representative.
5. Personal information items to handle
The company handles the following personal information items:
- Management of the information for customer identification and responses
- Required: name, e-mail
- Optional: contact information (telephone number)
- In the course of service use, it is possible to generate automatically and collect the following personal information items.
- IP address, cookies, MAC address, service use record, visit record, etc.
6. Destruction of personal information
In principle, the company destructs related personal information without delay when the purpose for handling personal information is achieved. The procedure, period, and method of destruction are as follows:
- A procedure of destruction A user’s input information is first moved to separate DB (separate storage in case of paper) after a purpose is achieved, and then is destructed right away after being saved for a certain period in accordance with the internal policy of the company and other related laws. At this time, the personal information moved to the DB is not used for other purposes than original ones unless any legal provision is set forth.
- A period of destruction A user’s personal information is destructed within five days from the end date of retention in the case where the retention period of the personal information expires, and from the date of acceptance that there is no need of handling personal information in the case where it is unnecessary to handle personal information for such reasons as the achievement of the purpose for handling personal information, the cancellation of related service, and the end of business.
- A method of destruction The personal information saved in a digital file form is deleted with the use of the technique to prevent the recorded files from being played, and the one printed in paper is shredded or incinerated for destruction.
7. Matters to the installation, operation and refusal of the automatic collection system of personal information
In order for customized services, the company can use ‘cookies’ to save and load use information often. A cookie is a small amount of information that the server (http) for operating a website sends to a user’s computer Web browser. It can be saved into the hard disk of a user’s PC.
The company can use cookies for the following purposes:
A. Use purpose of cookies
Cookies are used to find information on the services and websites users visited, including visits, use types, popular search words, and whether or not they have security access, and thereby to provide optimized information.B. Cookie installation, operation and refusal
Users can block cookies by setting in Tools > Internet Options > Advanced Privacy Settings of a web browser (Internet Explorer). In this case, if users block cookies, it is possible to have services restricted.8. Chief manager of personal information protection
The company designates the following chief manager of personal information protection in order to deal with information subjects’ complains about personal information handling and damage relief.
· Chief manager of personal information protection
Name and position : Pi Jae-seong, Director
Tel : 1588-5105
9. Remedy for infringement of rights and interests
If there is any need of report or consultation of personal information violation, please contact any of the following organizations:
- Personal Information Infringement Report Center(privacy.kisa.or.kr) : 118 (without area code)
- Personal Information Dispute Mediation Committee(www.kopico.go.kr) : 1833-6972
- Internet Crime Investigation Center of Supreme Prosecutors Office(www.spo.go.kr) : 1301
- Cyber Bureau of National Police Agency(cyberbureau.police.go.kr) : 182
10. Measures for securing safety of personal information
SPHERE AX takes the following technical, managerial and physical measures for securing safety of personal information in accordance with Article 29 of Personal Information Protection Act.
· Minimum number of personal information handling staff and education
The company minimizes the number of staff handling personal information by designating them in order for the restriction to the handling of personal information.· Encryption of personal information
Users’ personal information is saved and managed after being encrypted. In order for important files and data to send, separate security functions, such as file locking and encryption, are applied.· Storage of access logs
The access logs in personal information handling system are kept and managed at least six months.· Installation and regular inspection & update of security program
The company installs and regularly inspects and updates a security program in order to prevent personal information leak and damage made by hacking or computer virus.· Access limit to personal information
The company controls access to personal information by granting, changing, and cancelling the right of access to the database system to handle personal information. An intrusion prevention system is applied to block unauthorized access.11. Change in the personal information handling policy
This personal information handling policy comes into effect on the enforcement date (May 15, 2019). If there is any addition, deletion, or correction in accordance with related laws and rules, a notice will be given seven days before the enforcement of any changed matters.
Date of notification : May 13, 2019
Date of enforcement : May 13, 2019
