'The Company' values the protection of members' personal information and complies with applicable laws and regulations, including the “Act on Promotion of Information and Communications Network Utilization and Information Protection”, the “Personal Information Protection Act”, the “Act on the Protection and Use of Location Information”, and guidelines established by relevant authorities.
'The Company' provides this Privacy Policy to inform members of how their personal information is used and managed, and what measures the Company takes to protect members' personal information.
1. Items of Personal Information Collected/Used and Methods of Collection
The items of personal information collected/used by the Company and the methods of collection are as follows.
1) Items of personal information collected/used :
- Customer name, email, contact information, vehicle model, place of residence, inquiry details
2) Method of collection of personal information : Provided through the customer inquiry form
Members may refuse to provide the above personal information. However, if the provision of personal information is refused, the use of some or all services may be restricted.
2. Purpose of Collection and Use of Personal Information
For the personal information collected/provided, the Company distinguishes between items that require the data subject’s consent and those that do not when processing such information. The purposes of use for each item are as follows.
[Items Requiring the Member’s Consent]
① Member ID : Personal identification for providing content
② Member Name : Personal identification for providing content
③ Password : User authentication
[Items Not Requiring the Member’s Consent]
① Access records (visit date and time, etc.) : Service quality improvement, contract fulfillment, and dispute resolution
3. Retention and Use Period of Personal Information
Personal information collected with the member’s consent will be retained and used while the membership is maintained. If a request for termination is made, the information will be completely deleted from the disk using a method that cannot be restored, making it impossible to access or use thereafter.
However, in the event of damages caused by personal information theft, the Company may temporarily retain the member’s website ID for up to 14 days from the date of termination in order to recover damages and protect the victim. After this period, it will be completely deleted using a non-recoverable method. Exceptions apply in the following cases.
First, in cases where retention is required by laws such as the Commercial Act
Records regarding contracts or withdrawal of subscription
Reason for retention : Act on the Consumer Protection in Electronic Commerce, etc.
Retention period : 5 years
Records regarding payment and supply of goods, etc.
Reason for retention : Act on the Consumer Protection in Electronic Commerce, etc.
Retention period : 5 years
Records regarding consumer complaints or dispute resolution
Reason for retention : Act on the Consumer Protection in Electronic Commerce, etc.
Retention period : 3 years
Access logs, access IP information, service usage records
Reason for retention : Protection of Communications Secrets Act
Retention period : 3 months
Second, in cases where the member has individually given consent
4. Sharing and Provision of Personal Information
The Company uses members’ personal information within the scope notified at the time of collection, and in principle does not disclose members’ personal information to external parties without prior consent. However, exceptions are made in the following cases.
First, when the member has given prior consent to disclosure
Second, when the member violates the Terms of Use or other policies of the website or related member services
Third, when there is sufficient reason to believe that disclosure of personal information is necessary in order to take legal action against a person who has caused mental or material damage to others through the use of the service
Fourth, when it is reasonably deemed necessary in good faith under applicable laws
Example) When the provision of information is required by relevant laws, or when there is a request from a court, investigative agency, or other administrative authority in accordance with lawful procedures
5. Procedures and Methods for Destruction of Personal Information
Members’ personal information will be destroyed without delay once the purpose of collection and use has been achieved. The procedures and methods of destruction are managed according to the following standards.
1) Destruction Procedures
Information collected/used by the Company, including information entered by members during registration, will be stored for a certain period in accordance with internal policies and relevant laws after the purpose of use has been fulfilled, and will then be destroyed.
2) Destruction Methods
① Personal information printed on paper is destroyed by shredding or incineration.
② Personal information stored in electronic file form is deleted using technical methods that make the records impossible to recover.
6. Rights of Members and Legal Representatives and Methods of Exercising Them
Members and their legal representatives may withdraw their consent to the provision of personal information (membership withdrawal) at any time. To withdraw consent, members may click “Membership Withdrawal” or “Delete Account” within the service. In addition, members may view or modify their registered personal information, or the personal information of children under the age of 14 (in the case of legal representatives).
If a member requests correction of an error in personal information, the Company will not use or provide the relevant personal information until the correction has been completed. If incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction without delay so that the correction can be made.
Personal information terminated or deleted at the request of the member or legal representative will be processed in accordance with “3. Retention and Use Period of Personal Information” and will not be viewed or used for any other purpose.
7. Technical and Administrative Measures for the Protection of Personal Information
In handling members’ personal information, the Company takes the following technical and administrative measures to ensure that personal information is not lost, stolen, leaked, altered, or damaged.
The Company makes its best efforts to prevent members’ personal information from being leaked or damaged by hacking or computer viruses. To prepare for possible damage to personal information, the Company regularly backs up data and uses up-to-date antivirus programs to prevent personal information or data from being leaked or damaged. The Company also ensures that personal information can be transmitted safely over the network through the use of encryption algorithms. In addition, the Company controls unauthorized access from external sources by using intrusion prevention systems and strives to implement all possible technical measures to secure system stability.
The Company limits access to members’ personal information to designated personnel and assigns separate passwords for such personnel, which are regularly updated. The Company also provides ongoing training to employees responsible for handling personal information to ensure compliance with the Company’s Privacy Policy.
Furthermore, through internal dedicated departments or similar organizational structures, the Company regularly checks the implementation of its Privacy Policy and the compliance of responsible personnel. If any issues are identified, the Company will make immediate corrections and take necessary measures to address them.
8. Contact Information of the Personal Information Protection Officer
Personal Information Protection Officer
Name : Kim Ok-su
Organization : Hand in Hand
Position : Manager
Phone : +82-2-422-0745
9. Personal Information Complaint Service
The Company collects opinions from members regarding their personal information and has established procedures and methods to handle complaints.
Members may report complaints through designated procedures such as telephone or 1:1 inquiries by referring to the section above titled “Contact Information of the Company’s Personal Information Protection Officer and Responsible Personnel.” The Company will provide prompt and sufficient responses to members’ reports.
Alternatively, members may submit complaints to the following organizations:
(Information Security Mark Certification Committee : www.eprivacy.or.kr FAX 02-580-0529), (Korea Internet & Security Agency Personal Information Infringement Report Center : www.kopico.or.kr Phone 02-1336)
10. Miscellaneous
The Company’s Privacy Policy may be changed due to amendments to relevant laws and guidelines or changes in the Company’s internal policies. In such cases, the Company will notify members of the changes through the main page of the service or other methods by which members can easily review the updated policy. Any additions, deletions, or modifications to the Privacy Policy will be announced at least 7 days prior to the revision.
11. Supplementary Provision
This policy shall take effect on September 1, 2015.
