Seoyon Co., Ltd (Hereinafter referred to as the “Company”) considers personal information of users very important and complies with personal information protection-related laws such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection.
By disclosing the personal information processing and handling policy on the first page of the Company website or the connecting screen to the first page, the Company takes measures so that customers can easily check the purpose for which the personal information they provide is used and what kind of measures the Company is taking in order to handle the personal information of users safely
When changing this personal information processing policy, the Company shall notify users of the reason and the details of the change by posting on the notification section of the first page of the website or in a separate pop up window.
Purpose of Collection and Use of Personal Information
Article 1 (Provision of Services)
Performance regarding provision of services.
Receiving and handling customer inquiries.
Article 2 (User Management)
Verification and identification of users for service use.
Prevention of illegal or unauthorized use.
Confirmation of consent of legal representatives when collecting personal information of children under fourteen years of age.
Retention of records for dispute resolution, handling customer complaints such as processing customer inquiries, and delivery of notifications.
Article 3 (Use for Marketing/Advertising)
Development of new services and provision of customized services.
Provision of services, display of advertisements, and identification of access frequencies according to statistical characteristics.
Statistics on confirmation of service effectiveness and service usage.
Providing event and promotional information and delivery of prizes and market research.
Providing latest company information.
Personal Information Collection Items and Collection Method
Article 4 (Collection Items)
Required information : Name, e-mail address
Select information : vehicle identification number
Article 5 (Collection Method)
If necessary, in the personal information collection corner of the website, written form, e-mail, phone calls, participation in events, etc.
※ The personal information above includes not only the information at the time of collection but also cases of retaining personal information that has been changed subsequently.
Period of Retention and Use of Personal Information
Article 6 (Collection and Use of Personal Information).
The Company may collect personal information when it falls under any of the following Subparagraphs, and can use the information within the scope of collection purposes.
Where consent from the user has been obtained.
Where there is a special provision in relevant laws or where it’s unavoidable in order to comply with legal obligations.
Where a user or his or her representative is in a state by which he or she is unable to express personal intention or where obtaining prior consent is not possible due to unknown address, if it is deemed clearly necessary for urgent matters of life, body, or interest in property of the user or a third party.
Where it is necessary in order to accomplish the legitimate interests of the company. This is limited to cases by which, clearly taking precedence over the right of users, it is significantly related to the legitimate interests of the company and where it is limited to an extent not exceeding a reasonable range.
Article 7 (Period of Retention and Use of Personal Information)
The company shall retain and use the personal information of users from the time of collection until the company accomplishes the purpose of collection and use, and when the purpose of collection and use of the personal information is accomplished, the corresponding information shall be destroyed without delay. However, if there are obligations to retain personal information pursuant to the provisions of relevant laws and regulations such as the Commercial Act, the Company shall retain the personal information until the corresponding period
Consignment of Personal Information Processing
Article 8 (Consignment of Personal Information Processing)
In order to implement tasks smoothly such as processing user complaints, the Company consigns personal information processing tasks to an outside specialist company as following If that company changes, the Company shall notify users of the changed company name via a notification or through its personal information processing policy.
Provision of Personal Information to Third Parties
Article 9 (Provision of Personal Information to Third Parties)
The Company can provide personal information of users to third parties if the situation falls under any of the following Subparagraphs.
Where consent from users has been obtained.
In cases of providing the personal information collected within the scope of the purpose according to Article 6, Subparagraphs 2 and 3.
Where the Company provides personal information to a third party overseas, the Company must obtain consent from users for matters stipulated by the Personal Information Protection Act, and cannot conclude a contract regarding transfer of personal information overseas in violation of the same Act.
Restrictions on the Processing of Personal Information
Article 10 (Restrictions on Use and Provision of Personal Information)
The Company shall not use personal information for purposes other than the purposes of collection covered in Articles 1, 2 and 3, or provide it to a third party beyond the scope permissible according to Article 9, Paragraphs 1 and 2.
Notwithstanding Paragraph 1, if falling under any of the following Subparagraphs, except where there is concern regarding unfair infringement of the interest of users or a third party, the Company can use the personal information for other purposes or provide it to third parties.
Where separate consent has been obtained from the user.
If there are special regulations stipulated by relevant laws.
Where a user or his or her representative is in a state where he or she is unable to express their personal intention or when obtaining prior consent is not possible due to unknown address, if it is deemed necessary clearly for urgent matter of life, body, or interest in property of the user or a third party.
Where it is necessary for purposes such as preparing statistics and academic research, when providing personal information in a form by which specific individuals cannot be identified.
Procedure and Method of Destruction of Personal Information
Article 11 (Principle of Destruction)
Unless personal information needs to be retained pursuant to relevant laws and regulations, after the purpose of collection and use of the personal information is accomplished, the Company shall destroy the corresponding information without delay.
Article 12 (Destruction Procedure)
The personal information provided by users shall be moved to a separate DB (or separate file box for paper documents) after the purpose of collection and use is accomplished and retained for a period according to the reason for information protection under internal policy and other related laws and regulations, and then destroyed.
The personal information that is moved to a separate DB shall not be used for any other purposes unless in accordance with relevant laws and regulations
Article 13 (Destruction Method)
Personal information stored in a file format shall be deleted in a way that cannot be recovered by a technical method.
Personal information that is printed on paper shall be shredded by a shredder or incinerated.
Rights of Customers and Legal Representatives and How to Exercise Them
Article 14 (Withdrawal of Consent)
Users or legal representatives (for children under fourteen years of age) can withdraw their consent for collection, use, and provision of personal information at any time.
Article 15 (Correction of Information)
The Company can be requested to view, provide, and correct errors in personal information by users, regarding their own personal information, and legal representatives regarding the personal information of children under 14 years of age who they represent.
Article 16 (Correction Method)
After verifying their identity, users can exercise their rights under Articles 14 and 15 by contacting the customer center or the personal information protection officer of the Company in writing, by telephone, or by email.
Article 17 (Confirmation of Correction)
If users request correction of personal information, the Company shall not use or provide the corresponding personal information until such error correction is completed, and if the Company has already provided the personal information to a third party, it shall notify the third party without delay and make the error correction.
Article 18 (Destruction)
Where a user or a legal representative withdraws his or her consent, the Company shall in principle destroy it without delay, but if the Company is duty-bound to retain it under relevant laws and regulations, the Company shall proceed according to “the period of retention and use of personal information” of the personal information processing policy, and it shall take measures so that viewing and use is possible only when absolutely necessary.
Matters Concerning Installation, Operation, and Refusal of Automatic Collection Devices
Article 19 (Installation/Operation of Automatic Collection Devices)
The Company operates cookies that frequently store and identify personal information of users.
A cookie is a small text file sent by the server used to access the Company website to the browser of the user and is stored on the hard disk of the user’s computer.
The Company uses cookies in order to provide target marketing and personalized services through analysis of website access frequency and visiting time, identification and analysis of areas of interest for the user, and participation in various events and number of visits.
Article 20 (Selection of Automatic Collection)
Users have a choice regarding installation of cookies.
Therefore, using web browser setting options, users can allow all cookies, undergo a process of confirmation every time a cookie is saved, or reject saving all cookies.
Article 21 (Rejection of Automatic Collection)
As a way to reject cookies, users can select an option on the web browser to allow all cookies, undergo a process of confirmation every time a cookie is saved, or reject saving all cookies.
(However, if refusing to save cookies, this may cause difficulties when using some services that require logging in.)
※ Example of setting method: (for Internet Explorer): Tools at the top of the web browser → Internet Options → Privacy → Advanced → Select Setting Method
Measures to Secure Safety of Personal Information
Article 22 (Measures to Ensure Safety)
The company is taking technical, administrative, and physical measures necessary to ensure safety in accordance with Article 29 of the Privacy Act.
Article 23 (Encryption of Personal Information)
Personal information and passwords of users are saved and managed via encryption, and separate security functions such as encrypting files, transmission data, or a file locking function are used for important data.
Article 24 (Technical Measures)
In order to prevent leaking or damage of personal information via hacking or computer viruses, a security program is installed and periodic renewal and inspection are carried out, and a system is installed in areas controlled for external access and technical/physical monitoring and blocking performed.
Article 25 (Restrictions of Access to Personal Information Processing System)
Necessary measures are taken related to access control to personal information through granting, changing, and cancelling access rights for the database system that handles personal information, and unauthorized external access is controlled through use of an intrusion prevention system.
Article 26 (Minimization and Training of Employees Handling Personal Information
We take measures to manage personal information by designating the employees in charge of processing personal information and minimizing the number of people with access by limiting it to the persons in charge.
Matters Concerning Personal Information Protection Officer and Processing Complaints Regarding Personal Information
Article 27 (Management of Personal Information)
To protect personal information of users and handle complaints regarding personal information, the Company designates the department in charge and Personal Information Protection Officer and Personal Information Manager as follows.
Personal Information Management Officer : Vice president Oh Binyoung
Personal Information Management Proessor : Manager Lee Yongchul
Personal Information Management Handler : Manager Choi Dongil
Article 28 (Problem Resolution)
When a customer makes a complaint regarding the Company’s personal information processing policy to the customer service department or Personal Information Protection Officer, the Company will take action promptly and faithfully to resolve the problem.
Article 29 (Report of Infringement and Counseling)
If a customer wishes to report any matters or requires consulting on infringement of personal information, the agencies below should be contacted.
Personal Information Dispute Mediation Committee
OPA committee
Supreme Prosecutors Office Internet Crime Investigation Center
Cyber Terror Response Center, Korea National Police Agency
Article 30 (Enforcement Date of Terms and Conditions)
The terms and conditions shall take effect from June 01, 2015.