The "Herald Corporation" (hereinafter referred to as "the Company") protects the personal information of users and abides by the relevant laws and regulations such as information communication network use, promotion and information protection law, personal information protection law. In order to process the following, personal information processing policy is established.
The Company disclose the personal information processing policy through the initial screening of the service so that it can be easily be accessed by the user at any time. Changes are applied according to the personal information related laws, guidelines, notice or The Investor service (hereinafter referred to as "service”).
1. Collection and use of personal information
"Company" collects personal information of the user as follows. Personal information being processed is not used for purposes other than the following collection and purpose of use
(1) Collection of membership information • Purpose of use, collection items, possession and period of use are as follows.
|Method of collection||Purpose of collection and use||Collection items||Retention and use period
|Input information (necessary)||Membership (Web page)||Access to membership service||Name, e-mail address, password, country of residence||Destroy without delay after completing the purpose (withdrawal of membership, etc.) (except for information that is kept separately according to related laws and company policies)
|Age of users under 14 years||date of birth
|General information (necessary)||Sign up and service||Check service usage and fraud transaction history||Use period, log record, contact information, etc||Kept for three months in accordance with the Communication Confidentiality Protection Act
(2) Collection and use of information in accordance with laws and regulations shall be kept for the following collection and purpose of use.
2. Procedures and methods of disposing personal information
|Law / Internal Policy||Purpose of collection and use||Collection item||Retention and use period
|Communication Confidentiality Protection Act||Provide communication confirmation data||Logging, contact information, etc.||3 months
|Act on Consumer Protection in Pre-commercial Transactions||Indications • Records of advertisements||Display • Ad history||6 months
|Record of payment and goods supply||Supply records of payment settlement / goods||5 years
|Records on contract or withdrawal||Consumer identification information contract / subscription withdrawal record||5 years
|Records of consumer complaints or disputes||Consumer identification information dispute handling record||3 years
(1) In principle, if the personal information is not required, such as the elapse of the period of use, the Company will dispose the information without delay.
(2) The Company shall notify users who have discontinued the Company's services for a year of the storage or disposal of its personal information, based on Article 29 of the Act on Promotion of Information and Communication Network Use and Information Protection.
① Personal information of long-term non-use users will be stored separately and safely, and the notice of the user will be sent to the registered e-mail address at least 30 days prior to the date of storage.
② Long-term non-use users should log in to the website (including 'mobile app') if they want to continue the use the service.
③ Long-term non-use users can restore their accounts according to the user's consent when logging in to the website.
(3) Procedures and methods of disposing personal information are as follows.
① Disposition procedure
- The information entered by the member for membership, etc. is transferred to a separate data base after the purpose has been accomplished (in the case of paper, separate document). According to the internal policy and other related laws and regulations, it is stored for a certain period and then deleted.
- The company disposes the personal information that caused the reason for disposition through the approval process of the personal information manager.
② Disposition method
- The Company deletes personal information stored in the form of an electronic file using a technical method that cannot reproduce the record. Personal information printed on paper is destroyed by shredding or incineration.
3. Provide third party of personal information
The Company shall use the personal information for the purpose of collecting and using the personal information, and shall not use it beyond the purpose of collecting personal information or give it to a third party without prior consent of the user. However, in order to provide customer convenience and high-quality service, except when the user's personal information is required to be affiliated with the partner company, he or she must inform the user of the legal notice and agree with the relevant laws.
(1) In the case where the user has previously disclosed or agreed to provide to a third party
(2) Purpose of investigation, etc. Related laws
If there is a request for personal information from the investigating agency pursuant to the procedures and methods prescribed by relevant laws and regulations such as the Communication Confidentiality Protection Act
4. Personal Information Processing
(1) The company may entrust personal information processing tasks to others for improved service utilization and provision. If the user is commissioned to another person, the user will be notified and consented to the following contents. It is the same with any one of the following changes:
- A person who is entrusted with the processing of personal information (hereinafter referred to as "the trustee")
- Contents of business to entrust personal information processing consignment
(2) If the Company entrusts the processing of personal information to the trustee, the Company shall, in accordance with the relevant provisions such as prohibition of processing of personal information for purposes other than the purpose of entrusted business, to ensure compliance.
(3) In order to provide better services and user convenience, the Company entrusts the following personal information processing services to specialized companies.
5. User and legal representative’s rights and how to exercise them
|Herald Corporation||Customer service, news related information
|EXIMBAY Corporation||Payment processing via credit card, etc.
(1). Users and legal representatives can view or modify their registered personal information at any time, and can request termination or withdrawal of its membership.
(2). To revoke the subscription information of the user and the legal representative, click the “Member withdrawal” button to proceed to identity verification process and choose its desired action. Action can also be taken by contacting the personal information manager via email or phone.
(3) When a correction of errors in a user’s personal information is requested, the user’s personal information will not be provided until the correction is complete. If the wrong personal information has already been provided to a third party, the result of the correction will be notified to the third party without delay to ensure corrective actions.
(4) The Company shall deal with personal information that has been terminated or deleted at the request of the user or legal representative, as described in the "Period of Retention and Use of Personal Information" collected by the Company, and shall not be viewed or accessed for any other purpose.
(5) Users must keep their personal information up-to-date, and the users are responsible for any problems that arise from incorrect information entered.
(6) The personal information is a stolen identity, the user’s membership will become immediately inactive and will be punished according to related personal information protection laws
(7) Users are responsible for maintaining the security of their e-mail address, password, etc. and cannot transfer or lease it to a third party.
6. Protecting children's privacy.
To protect the privacy of children under the age of 14, the Company only accepts users who are 14 years of age or older.
7. Technical and administrative protection measures of personal information
In order to ensure that personal information is not lost, stolen, leaked, altered, or damaged in handling personal information of users, the Company takes the following technical and administrative protection measures
(1) Password encryption
Users’ passwords are stored and managed in one-way encryption, and personal information can be checked or changed only by the person who knows the password.
(2) Measures against hacking
① The company will do its utmost to prevent personal information from being leaked or damaged by intrusion of information network such as hacking and computer virus.
② The latest vaccine program is used to prevent users' personal information or data from being leaked or damaged.
③ . In case of emergency, an intrusion prevention system is applied.
④ Sensitive personal information can be transmitted securely on the network through encrypted communication.
(3) Minimizing and educating personal information processing
The Company restricts personal information processing to a minimum and emphasizes compliance with laws and internal policies through administrative measures such as training personal information processors.
(4) Operating personal information protection
In order to protect personal information, the company operates a department dedicated to the protection of personal information, and confirms compliance with the personal information processing policy and compliance with the person in charge.
8. Installation of automatic collection of personal information / Operation and rejection procedure
The company does not collect user cookies.
9. Complaints about personal information infringement
(1) In order to protect the personal information of the user and to deal with complaints related to personal information, the Company has designated a related department and a manager in charge of personal information protection.
(2) User may report any privacy complaints that arises as a result of using the Company's services as the person responsible for the protection of personal information. The Company will respond promptly and adequately to the reports of users.
Personal information manager
Name : Shin Chang-hoon
Phone number : +82 2 727 0071
Email address : email@example.com
Personal information protection department
Name : Kim Sang-beom
Phone Number : +82 2 727 0078
Email : firstname.lastname@example.org
(3). If you want to report or consult about other privacy infringement, please contact the following organizations.
Privacy complaint center
Web page : http://privacy.kisa.or.kr/kor/main.jsp
Phone number : +82- 118
Private dispute resolution committee
Web page : https://www.kopico.go.kr/
Phone number : +82-2-2100-2499
Cyber investigation department, supreme prosecutors' office
Web page : http://www.spo.go.kr/spo/index.jsp
Phone number : +82-1301
National police agency cyber safety bureau
Web page : http://cyberbureau.police.go.kr/index.do
Phone number : +82-182
10. Obligation of Notice
(1). The current personal information processing policy may be changed according to the necessity of laws, government policies or company’s internal policies. If there is any addition, deletion or modification of the contents, it will be notified the 'Announcement' ill. However, if there is a significant change in user rights, the company will notify you at least 30 days in advance.
(2) The current personal information processing policy will be effective from June 30, 2017, and the personal information processing policy before the change will confirmed through announcements.
(3) History of revision
- Revision date :
2017. 06. 30