HRM Co., Ltd. (hereinafter referred to as the ‘Company’) protects users’ personal information in accordance with relevant laws such as the 『Personal Information Protection Act』 and has established the following personal information processing policy to smoothly handle complaints related to this. established and published.
Article 1 (Collection and Use of Personal Information)
The company does not use the user’s personal information beyond the scope notified in this article, except with the consent of the user or in accordance with the provisions of the law, and the purpose of using the collected personal information is as follows.
① Individual/corporate member registration and management
Identification according to membership registration and use, personal identification, prevention of fraudulent use by bad members and prevention of unauthorized use, confirmation of intent to sign up, restriction on sign-up and number of times of sign-up, identification of legal representative in the future, record preservation for dispute mediation, age verification, complaints Handling of civil complaints and consultations, delivery of latest information such as notices
② Completion of information use contract and settlement of fees according to service provision
Personal information is used for purposes such as fulfillment of contracts for service provision, settlement of fees according to service provision, identification of financial transactions and payment of charges, transportation of goods or delivery of invoices, provision of contents, provision of customized services, age verification, collection of charges, settlement, etc. process.
③ Handling civil affairs
Personal information is processed for the purpose of identity verification, confirmation of civil complaints, contact for fact-finding, notification, and notification of processing results.
④ Marketing and advertising (if you agree to receive marketing information)
Personal information is processed for the purpose of developing new services and providing customized services, providing event and advertising information and opportunities to participate, identifying access frequency or statistics on service use.
Article 2 (Personal Information Items and Methods to be Collected)
① The company collects the following personal information within the period of retention and use of personal information according to the law or within the period of retention and use of personal information consented to when collecting personal information from the information subject.
| Individual member | name, address, resident registration number, contact number, e-mail address, vehicle information, business registration number, account number, etc. / For foreigners, including nationality, English name, alien registration number, passport number, legal representative information |
| Corporate member | Corporate name, representative name, business registration number, business location, representative phone number, representative email address, password, contact person name/phone number/position/department/email/fax number, account number, etc. |
② The following information may be automatically generated and collected during service use or business processing.
: IP address, cookie, date and time of visit, service use record, access log, payment record, bad use record (record of usage restriction, etc.), location information including background status, etc.
③ The following information may be additionally collected during the member’s use of the service and the company’s work process.
go. When using wired or online counseling services: Consultation details (service use details, wired/online counseling recordings, etc.)
me. When using a refund through account transfer: account information (account holder, bank name, account number)
Article 3 (Retention and Use Period of Personal Information)
① The company may retain and use the collected personal information of users while maintaining user qualifications, and in the event of withdrawal or loss of qualifications, the collected member information will be deleted and destroyed even without a separate request from the user. However, in the case of members who have not used for more than one year, it is separately managed, and if it is necessary to preserve it according to the internal policy of the company or the provisions of related laws, etc., the company keeps the member information for a certain period of time as follows and suspends the processing of users. , are not subject to the right to request deletion.
| Classification | Retention ∙ Purpose of use | Retained items | Retained ∙ Period of use |
| Company internal policy | Prevent re-registration immediately after withdrawal | Member ID (ID) / Encrypted Personal Identifiable Information (CI) / Duplicate Registration Confirmation Information (DI) | 3 years after withdrawal |
| Record of fraudulent use | Prevention of fraudulent use of members with loss of membership and recurrence of malicious service use | Member ID (ID) / Encrypted Personal Identifiable Information (CI) / Duplicate Registration Confirmation Information (DI) / Records of fraudulent use and date | permanent |
| Partnership application information | Negotiation according to partnership application | Company name, mobile phone number, general phone number, e-mail | 1 month |
② Retention of information in accordance with relevant laws and regulations
| legally | held items | ∙ Period of use |
| Protection of Communications Secrets Act | Log records, access point information, etc. | 3 months |
| Records on display/advertising | under the Consumer Protection Act in e-commerce, etc. | 6 months |
| Records on contract or subscription withdrawal, etc. | 5 years | |
| Records on payment and supply of goods, etc. | 5 years | |
| Records on handling consumer complaints or disputes | 3 years | |
| Books and evidential documents for all transactions stipulated by | the Tax Actof the Framework Act on National Taxes | 5 years |
| Electronic Financial Transaction Act | Records on electronic financial transactions | 5 years |
| Act on Use and Protection of Credit Information Act | on Collection/Processing and Use of Credit Information | 3 years |
Article 4 (Provision of Personal Information to Third Parties)
① The company processes the user’s personal information within the scope notified in Article 1, and does not use the user’s personal information beyond the scope of consent or disclose the user’s personal information to the outside world in principle without the user’s prior consent. However, the following cases are exceptions.
go. In case the user has agreed to the provision to a third party in advance
me. If it is necessary for matching between service users (in this case, minimum information is provided)
all. When it is necessary to settle charges for service provision
la. In case there is a request from an investigative agency or supervisory authority according to the provisions of the law or according to the procedures and methods set forth in the law for the purpose of investigation or investigation
mind. When it is necessary for statistical writing, academic research or market research, it is processed and provided in a form in which a specific individual cannot be identified
In addition, if it is necessary to provide personal information to a third party in order to provide better service, the company will notify the person to whom the personal information is provided in advance, the purpose of using the personal information of the person to whom the personal information is provided, the items of personal information provided, and the personal information. The period of retention and use of personal information of the recipient, the fact that they have the right to refuse consent to the provision of information, and the disadvantages of refusal of consent are specified to obtain consent from users.
Article 5 (Consignment of personal information processing)
The company outsources some of the tasks necessary for the collection and processing of personal information included in Article 1 to outside companies.
- IT system operation: Kakao Enterprise Co., Ltd.
- Service maintenance and repair: Exxon2 Co., Ltd.
Article 6 (Rights, Obligations and Exercising Methods of Data Subjects)
① Users and their legal representatives can view, correct, delete, suspend processing, and withdraw consent at any time of the registered user’s personal information. you can request.
② In order to view and modify personal information, click ‘Edit member information’, and in order to terminate subscription (withdrawal of consent), users and their legal representatives directly click ‘membership withdrawal’ through the homepage (APP/WEB) and go through the identification process. You can directly view, correct, or delete (withdrawal). If a request is made to the department in charge of personal information protection in writing, by phone, or by e-mail, action will be taken without delay if there is no violation of Article 3, Item 1 of these Terms and Conditions.
③ When users and their legal representatives request correction of errors in personal information, the company will not use or provide the personal information until the correction is completed. If wrong personal information has already been provided to a third party, the result of correction processing will be notified to the third party without delay.
④ The company handles personal information that has been terminated or deleted at the request of users and their legal representatives as specified in Article 3 of this policy, and prevents it from being viewed or used for any other purpose.
⑤ When the company receives a request pursuant to Paragraph 1, the company suspends all or part of the processing of personal information according to the request of the information subject without delay, but refuses the information subject’s request to suspend processing in any of the following cases. You can. When the company rejects a request to suspend processing of personal information, the information subject is notified of the reason without delay.
go. When there are special provisions in the law or it is unavoidable to comply with legal obligations
me. If there is a risk of harming the life or body of another person or of unreasonably infringing on the property or other interests of another person
all. If public institutions do not process personal information, they cannot perform their duties as stipulated by other laws
la. In cases where it is difficult to fulfill the contract, such as failure to provide services agreed upon with the data subject if personal information is not processed, and the information subject has not clearly stated their intention to terminate the contract
Article 7 (Personal information destruction procedure and method)
In principle, the company destroys the information without delay after the purpose of collecting and using personal information is achieved. However, if personal information must be preserved in accordance with relevant laws and regulations, it will be destroyed in a non-renewable way without delay after the relevant period, and the company’s personal information destruction procedure and method are as follows.
① Personal Information Destruction Procedure After the purpose of collection and use is achieved, the information entered by the user is transferred to a separate DB (in the case of paper, a separate filing cabinet) and stored for a certain period of time or immediately destroyed in accordance with internal regulations and other related laws. At this time, the personal information transferred to the DB will not be used for any other purpose unless permitted by law.
② Personal information destruction period and destruction method
: When the retention period has expired, the personal information processing purpose has been achieved, or the relevant business has been abolished, the personal information is destroyed without delay. Information in the form of electronic files uses a technical method that cannot reproduce records. Personal information printed on paper is shredded with a shredder or destroyed by incineration.
Article 8 (Matters Regarding Installation/Operation and Rejection of Automatic Personal Information Collection Device)
① The company uses ‘cookies’ that frequently store and find user information. A ‘cookie’ is a very small text file that the server used to operate the company’s ‘website’ and ‘mobile service’ sends to the web browser and is stored on the terminal used by the user. However, this information is stored only when the user provides the information, and the ‘website’ cannot obtain information not provided by the user, and cannot access other files stored on the device. The purpose of use of ‘cookies’ and the method of rejecting ‘cookies’ settings are as follows.
go. Purpose of use It is used to provide targeted marketing and personalized service by analyzing the user’s access frequency or visit time, identifying the user’s tastes and areas of interest, tracking traces, and identifying the degree of participation in various events and the number of visits.
me. How to deny settings
- Users have the option to install ‘cookies’. Therefore, the user may allow all ‘cookies’ by setting options in the web browser, go through confirmation whenever ‘cookies’ are saved, or refuse to save all ‘cookies’. However, if the user refuses to install ‘cookies’, there may be difficulties in using some services that require login and customized services.
all. Here’s how to set whether or not to allow ‘cookies’ to be installed.
- Internet Explorer: Tools> internet options> Privacy> Advanced (advanced privacy settings)
- Google Chrome: Settings> Privacy and Security> Cookies and other site data
Article 9 (Technical/Administrative Protection Measures for Personal Information)
In handling personal information of members, the company is taking the following technical/administrative measures to ensure safety so that personal information is not lost, stolen, leaked, falsified or damaged. However, despite the company fulfilling its obligations to protect personal information, the company does not take any responsibility for problems caused by leakage of personal information such as ID and password due to the user’s carelessness or Internet or communication problems.
① The password is encrypted and stored and managed, so only the user knows it, and confirmation and change of personal information can only be done by the person who knows the password.
② The company installs the system in an area where access from outside is controlled to prevent leakage or damage of users’ personal information due to hacking or computer viruses. In addition, data is frequently backed up in preparation for personal information damage, the latest vaccine program is used to prevent leakage or damage of member’s personal information or data, and personal information is safely transmitted over the network through encrypted communication. are doing
③ The company limits the person in charge of personal information processing, assigns a separate password for this, and regularly updates it, and always emphasizes compliance with the personal information processing policy through regular training for the person in charge.
Article 10 (Consultation service regarding personal information)
① The company is responsible for overall handling of personal information, and has designated the person in charge of personal information protection and the department in charge as follows to handle user complaints and damage relief related to personal information processing.
go. Privacy Officer
◌ Name: Seongchan Ahn
◌ Email: sungchanahn@hanvitcorp.com
me. Customer Service Department
◌ Department Name: Platform Operation Department
◌ Email: service@ecoya.kr
◌ Phone number: 070-7780-0371
Article 11 (Remedy for Infringement of Rights and Interests)
If you need to report or consult about other personal information infringement, please contact the organizations below.
| Personal Information Infringement Report Center | website: http://privacy.kisa.or.kr Phone number: (without area code) 118 |
| Personal Information Dispute Mediation Committee | website: https://www.kopico.go.kr Phone number: 1833-6972 |
| Supreme Prosecutor’s Office Cyber Investigation Division | Website: http://www.spo.go.kr Phone: (without area code) 1301 |
| National Police Agency Cyber Security Bureau | Website: http://cyberbureau.police.go.kr Phone: (without area code) 182 |
Article 12 (Duty to Revision and Notification of Personal Information Processing Policy)
① The current privacy policy needs to be added, deleted, or modified according to changes in the operating policy or security technology, so when there is a revision of the privacy policy, the Internet website (or app) notice (or individual notice) ) will be notified at least 7 days in advance.
② The current privacy policy will be applied from August 1, 2022.