O'SUM Personal Information Treatment Policies
O'SUM (hereinafter referred to as “Company”) very seriously takes into consideration protection of customers’ personal information, and complies with the Act Relating to Promotion of Information Communications Network and Personal Information Protection. The Company hereby notifies customers for what uses and in what ways we use the personal information provided by customers and what measures we take to protect the personal information. When the personal information treatment policies are amended, the Company will notify customers thereof through the website notifications (or individual notifications).
■ Items of Personal Information to be Collected and Collection Methods
The Company collects the following personal information for purposes of providing membership services, including membership subscriptions, consultations, prevention of wrongful uses:
* Required items : names, IDs, passwords, e-mail addresses, addresses, mobile phone numbers, telephone numbers, IP addresses, payment records,
* Selective items : Information required by the Company to provide customized services.
■ Purpose of Collection and Use of Personal Information
The Company uses the collected personal information for the following purposes:
- Payment of costs incurred as a result of performing agreements on provisions of services or providing services, Provisions of the contents, purchases or cost payments, deliveries of goods or sending bills, etc., verifying identifications for financial transactions, and financial services
- Control of Members
To verify identifications for uses of membership services, to identify individuals, to prevent wrongful uses of bad members or unauthorized uses, to verify intents for subscriptions, to verify ages, to verify the consent of a legal representative for collecting personal information of children of not more than fourteen (14) years old, to handle civil complaints including handling grievances, to convey notifications
- Use for Marketing and Advertisements
To convey information for advertisements including events, to figure out contact frequencies, to obtain statistics on service uses by members
■ Retention and Use Period for Personal Information
In principle, after the purposes of collecting and using personal information have been fulfilled, the Company shall without delay destroy relevant information; provided, however, that the Company shall retain personal information for a certain period of time where it is required to do so for purposes of confirming transactions related management and rights under the provisions of relevant laws including the Commercial Code and the Act Relating to Consumer Protection in Electronic Commercial Transactions as follows:
- Records on agreements or withdrawals of offers : five (5) years (the Act Relating to Consumer Protection in Electronic Commercial Transactions, etc.)
- Records on payments and supplies of goods : five (5) years (the Act Relating to Consumer Protection in Electronic Commercial Transactions, etc.)
- Records on complaints of consumers or dispute resolutions : three (3) years (the Act Relating to Protection of Consumers in Electronic Commercial Transactions, etc.)
- Where personal information has been collected for temporary purposes, such as questionnaires, events : at the time of completion of a particular questionnaire or event
- Records on verification of identification: six (6) months (the Act Relating to Information Communication Network Promotion and Personal Information Protection)
- Records on visits (log-ins) : three (3) months (the Communication Secret Protection Act)
■ Destruction Procedures and Methods for Personal Information
The Company in principle shall without delay destroy relevant information after the purposes of collecting or using personal information have been fulfilled. The destruction procedures and methods shall be as follows:
- Destruction Procedures
The information entered by users for use of the services is moved to a separate database after the purposes have been fulfilled (a separate document in the case of a sheet), and destroyed after the information has been saved for a certain period of time according to the information protection reasons under the internal policies or other relevant laws (for your reference, see the retention and use period for personal information). The personal information separately moved to a database is not used for purposes other than the purpose of being preserved unless it is so required by laws.
- Destruction Methods
* The personal information printed out in sheets shall be shredded by paper shredders or destroyed by way of incineration.
* The personal information saved in an electronic file format shall be deleted with the use of technical methods in which records cannot be regenerated
■ Provisions of Personal Information to Third Parties
The Company uses the personal information of users within the scope that users have consented to the “Purpose of Collecting and Using Personal Information,” but does not use the personal information of users in excess of the scope without prior consent of users or in principle does not disclose the personal information of users to the outside; provided, however, that exceptions are made in the following cases:
- Where users have given a prior consent thereto; or
■ Delegation of Handling Personal Information
In the event that the Company handles the personal information of users by delegation to ensure smooth handling of duties, it must give users a prior notice of the persons delegated to handle the personal information (hereinafter referred to as “Delegatees”) and the content of duties delegated to handle the personal information. Currently, the Company’s delegatees to handle personal information and the content of duties shall be as follows:
■ Rights of Users and Legal Representatives and the Exercise Methods
- Users and their legal representatives may at any time inquire or change their registered personal information, and also may request terminations of applications (withdrawals of consents).
- Otherwise, if a user contacts the personal information control manager in writing, by phone or e-mail, the Company shall take measures without delay.
- Where a user has requested corrections of errors in the personal information, the Company does not use or provide the personal information until the corrections are completed. Also where the wrong personal information has been previously provided to a third party, the Company will make corrections by notifying a third party without delay of the results of corrections.
- The Company handles the personal information terminated or deleted upon request of users or their legal representatives as specified in the “Retention and Use Period of Personal Information,” and take measures to ensure that the personal information is not read or used for any other purposes.
■ Matters on Operation of Cookies
- The purpose of using cookies, etc.
You have the option to install cookies. Therefore, by selecting an option in your web browser, you may allow all cookies, pass confirmations whenever cookies are saved, or otherwise refuse the savings of all cookies.
- How to Refuse Installation of Cookies
By selecting options in your web browser, you may allow all cookies, pass through confirmations whenever cookies are saved, or otherwise refuse the savings of all cookies.
- How to Install Cookies (In case of the Internet Explorer) : Tool on the top of the web browser > Internet Option > Personal Information
■ Contact Information of Personal Information Control Manager and Authorized Person
The company has designated the authorized relevant department and the personal information control manager in order to protect personal information of customers and handle personal information related complaints as follows:
- You may report to the personal information control manger or the relevant department any complaints regarding all personal information protection incurred in using the Services of the Company.
- The Company will promptly give sufficient answers as to the reports of users.
- If you need other reports or consultations for personal information infringements, please ask inquiries to the following institutions.
* Personal Information Dispute Mediation Committee (www.1336.or.kr / 1336)
* Information Protection Mark Certification Committee (www.eprivacy.or.kr / 02-580-0533~4)
* Internet Crime Investigation Center of Supreme Prosecutors’ Office (http://icic.sppo.go.kr / 02-3480-3600)
* Cyber Crime Investigative Service of National Police Agency (www.ctrc.go.kr / 02-392-0330)
■ Duty to Notify
The current personal information treatment policies shall be applicable from 01/04/2015. When there is an addition, deletion, or amendment of the content, it shall be publicly announced through notifications of the homepage from at least seven (7) days before the amendment. Also the Company has made it easy to check amendments by giving the version numbers and the date of amendment to the personal information treatment policies.
These policies shall be implemented from 01/04/2015.