This regulation regulates matters related to the handling of personal information in companies in accordance with the Personal Information Protection Law.
Each term is defined as follows.
Information based on name, date of birth and other information contained in the information.
A collection of information that includes personal information that is systematically arranged so that it can be searched and processed using a computer.
Refers to personal information data which is a personal information database managed by the company.
The company has the authority to correct data, add, stop using, delete and provide data to third parties if individuals or other parties can endanger lives or encourage illegal or unfair actions.
Individuals identified from personal information obtained.
The company establishes personal information protection policies internally and externally.
Personal information is protected by the company from dissemination measures on other websites.
The company determines the purpose of using personal information fairly and relevantly.
If the intended use is changed, the company will publicly inform of the change.
The company may not use personal information beyond the scope required before obtaining the consent of the person.
The company may use personal information without individual consent in the following situations:
Companies must determine the intended use in a lawful and appropriate manner.
Personal information is not used if it can cause social discrimination.
The company will not obtain personal information other than that person. Personal information may not be used if:
The company will inform the person if the above conditions occur.
The company immediately informs the person for the purpose of using personal information.
The company may obtain personal information from other people in connection with terminating the contract with that person.
When obtaining personal information from other people, the company will use it for the purposes for which it was previously informed.
The above provisions do not apply if:
The company must always keep the personal data accurate and up to date as necessary to achieve the intended use.
The company will take strict and appropriate measures to prevent leakage, loss or damage to personal data safely.
The company must immediately delete or destroy personal data that is no longer needed to achieve the intended use.
The company supervises the handling of personal data and manages it securely.
The company will provide personal data to third parties without consent in the following situations:
The company must disclose the personal data stored in relation to the person concerned, either in writing or orally after being approved by the person concerned. However personal data cannot be disclosed if:
If the above occurs, the disclosure of personal data must be carried out without delay.
If another person requests correction, addition or deletion of personal data, the company will notify that person in writing with the aim of achieving the purpose of using personal data.
If the person accepts the information notified by the company, the process will continue as notified.
If another person requests the suspension or deletion of personal data, the company will conduct an investigation to achieve the purpose of using personal data and provide information to the person regarding the suspension or deletion of personal data.
If the person receives the notification, the process will continue after being notified.
The company establishes the system necessary to respond to complaints regarding the handling of personal information and will try to respond appropriately and as soon as possible when the complaint is received.
This regulation is enforced from October, 1st 2021.