Article 1 (General rules)
① “Personal information” refers to the information on a living individual and refers to the identifiable information of the relevant individual (including those identifiable in combination with other information although it cannot identify the individual on its own) such as name and resident registration number.
② “Information entity” refers to the personnel identifiable by information handled by Curaco and the personnel that becomes the entity of the information.
③ Curaco highly values personal information protection of the information entity, and complies with personal information protection regulation of the “Personal Information Protection Act” and “Standard Personal Information Protection Guidelines” enacted by the Ministry of Security and Public Administration. Through this policy, Curaco notifies how personal information provided by the information entity is used and what measures are taken to protect personal information.
④ To consistently improve this policy, Curaco states necessary procedures to amend this policy. When this policy is amended, the version number will be issued so that the information entity can easily identify amendments.
Article 2 (Collected personal information item and collection method)
① Curaco provides diverse and convenient service to the information entity and collects personal information in the following methods for personal identification of information entity.
1) Personal information item collected
– Collected information: Name, Email, Telephone Number, Address
– Information created and collected in the process of using services: Cookies, IP Address, Service Use Record, Appliance and Location Information
2) Personal information collection method
Access via homepage from available system
Curaco provides a procedure for the information entity to “agree” or “disagree” with each content of a personal information collection agreement or agreement of utilization of Curaco, and regards that the collection of personal information is agreed to if “Agree” is selected.
3) Personal information collection range
The above collection item and collection method are subject to change according to service purpose and type.
② However, sensitive personal information that may breach basic human rights of the information entity (race and ethnic group, belief and ideology, place of origin and legal domicile, political tendencies and criminal record, health state and sexual life) will not be collected.
Article 3 (Collecting purpose, and processing and possessing period of personal information)
① Curaco collects personal information for the following purpose within the minimum range required for provision of satisfactory service.
Handling personal information, viewing, correcting, deleting and suspending process of personal information, civil processes such as submitting and processing reports on breach of personal information, cancelling customer agreements and replies to customer inquiries
② Processing and possessing period: Until agreement is cancelled
Article 4 (Provision and sharing personal information)
① Curaco shall not utilize personal information of the information entity over the notified range in “Article 3” or provide to others or other companies/institutions except in cases according to related laws and regulations or with consent of the information entity. However, personal information is utilized and provided with care.
In case of fully transferring and succeeding the rights and obligations of the service provider due to dispositions and mergers, the valid reason and procedure will be announced in detail in advance and the right to choose to cancel the agreement on personal information shall be granted.
In case of providing and sharing personal information of the entity, the right to refuse agreement to provide or share personal information to the personnel provided to or shared with shall be notified in writing or email including any disadvantages for refusal of agreement and the consent on this shall be asked.
② In the following cases, personal information can be provided without consent of the information entity according to related laws.
Execution of contract on service provision
In case of request by investigative institution according to legal procedure and method based on regulations of related laws or for purpose of investigation
In case of providing in format not identifiable of a specific individual for statistical purposes, academic research or market research.
Article 5 (Consignment of handling collected personal information)
① Curaco does not have any external partner for consigning personal information,
② To protect personal information, the compliance of instructions related with personal information protection, confidentiality of personal information, prohibition of provision to third party, liability in case of an accident, and return and disposal of personal information after completion of process shall be clearly defined and the relevant contract term shall be stored in writing or electronically.
Article 6 (Possession and utilization period and disposal of personal information)
① Curaco shall dispose personal information of the entity without delay when the entity cancels an agreement or the purpose of collecting and receiving personal information has been fulfilled. The handling, processing and possessing period of personal information of a customer are as below.
Type Period for handling, management and retention
Personal information collected and used when inevitable according to special regulations of laws or legal obligations For the retention period required by the relevant laws
Personal information collected and used according to individual consent (via email) until the purpose of its collection and use is fulfilled
② However, in case it needs to be possessed for a certain period of time for identification of rights and obligations related to transaction according to related laws such as commercial law, it shall be possessed for a certain period of time.
※ Possess information based on related laws (commercial law, national tax basic law, corporate tax law, consumer protection from electronic commerce transaction act, etc.)
③ Disposal procedure and method
Personal information of the entity in the disposal procedure shall be moved to a separate DB after the entity cancels an agreement or the collection purpose is fulfilled, and shall be disposed after storing for a certain period of time according to internal policy or other related laws (refer to possessing and utilization period). This personal information will not be used for any other purposes than possessing according to law.
Cancellation of agreement can be done by a set procedure by contacting the personal information protection manager (Article 8).
Disposal method: Personal information printed on paper shall be disposed by shredding with a document shredder or burning. Personal information in an electronic file will be deleted by using the technical method to prevent regeneration.
Article 7 (Rights and obligations of user and legal deputy and method of action)
① The information entity may view or request for correction, deletion, suspension of processing and cancel agreements on registered personal information. To view, correct, delete, suspend processing and cancel agreement of personal information, contact the representative phone (02-2145-6444) or the personal information protection manager in writing, by phone or email to take action without delay through the personal identification procedure.
② In case the information entity requests for correction of error in personal information, the relevant personal information shall not be utilized or provided until correction is completed.
③ Curaco shall process personal information requested for deletion by entity according to the possession and utilization period of collected personal information and other laws and shall prohibit viewing and utilization for other purposes.
④ Please prevent inevitable accidents by accurately entering the latest personal information. The entity shall be responsible for accidents from entering incorrect information and may also face legal breach for illegally using information of others or entering false information.
⑤ The information entity has the right to be protected of personal information as well as obligations to protect itself and not to breach information of others. Be careful not to leak personal information of the entity or damage personal information of others including postings. In case of failing to comply with these responsibilities and damaging the personal information and dignities of others, the personnel may be punished by related laws.
⑥ The user and legal deputy may view personal information of itself or a child under 14 and request for deletion. To view and correct personal information of oneself and the child under 14, contact the personal information manager in writing or by phone or email to take measure without delay after the personal identification procedure (“Article 8”). In case the user or legal deputy requested for correction of error in personal information, the relevant information shall not be utilized or provided until correction is made. The company processes cancelled or deleted personal information by request of the user or legal deputy as stated in “Possession and utilization period of personal information collected by the company” and prohibits viewing and utilization for any other purposes.
Article 8 (Personal information protection manager)
① To protect personal information of the entity and process complaints and inquiries regarding personal information, Curaco appoints related personal information protection manager as below.
Personal information protection manager
Name: Julian Chae
Article 9 (Measures to secure safety to protect personal information)
When handling personal information of the entity, to prevent loss, theft, leakage, forgery or damage of personal information, Curaco is taking the following technical, administrative and physical measures.
① Curaco stores and manages encoded personal information.
② Measures against hacking
To prevent leakage or damage of personal information of the entity from hacking and computer viruses, Curaco is taking the best efforts.
To deal with damage to personal information, data is frequently backed up, personal information or data is prevented from leakage or damage using the latest vaccine programs and personal information is securely sent on a network through encoded communication.
An invasion blocking system is used, illegal access from outside is controlled and all possible technical measures are equipped to secure system security.
③ Minimization and education of handling employees
Employees of Curaco handling personal information is limited to manager, separate passwords are granted and regularly renewed, and through frequent training of the manager, personal information is safely managed.
Transferring duties of an employee handling personal information is conducted under strict security, and responsibility on accidents involving personal information after entering and exiting the company is ensured.
The computing room and data archive are designated as special protected zones and strictly controlled.
④ Operation of exclusive organizations for personal information protection
Through exclusive organizations for personal information protection in the company, execution of personal information protection measures and compliance of the manager shall be confirmed, and immediate correction shall be taken on the discovery of the problem. However, a problem occurring from leakage of personal information due to negligence of an individual or internet problem shall not be responsible by Curaco.
Cookies are installed and operated and users can deny them.
– What’ is cookie? : Cookie is a very small text file sent to your browser by a server used to run a website and stored on your computer.
– Reasons for using cookies : By storing the preferences of users through cookies, we provide faster web environment for users and utilize them to improve service for convenient use. This makes it easier for users to use the service. We also analyze the frequency of visits to various services, the duration of visits, the degree of participation in various events, and the number of visits, to identify the user’s interests and areas of interest. Based on this, we provide personalized services including advertising..
– You have the option of installing cookies. As a result, you can allow all cookies by setting options in your web browser, check each time a cookie is saved, or refuse to save all cookies. However, if you refuse to install cookies, you will not be able to use the web.
– Set up examples
i) Internet Explorer : Menu > Internet option > Privacy > Advanced
ii) Google Chrome : Menu > Advanced > Contents setting button in Personal information > Cookies
Article 10 (Terms)
This policy takes effect on September 6th, 2018.