(Relevant Grounds)
Personal Information Protection Act, Article 30 (Establishment and Disclosure of Privacy Policies) and its Enforcement Decree,
Article 31 (Contents and Disclosure Methods, Etc. of Privacy Policy)
Article 30 (Establishment and Disclosure of Privacy Policies)
(1) A personal information manager shall establish privacy policies containing the following matters (hereinafter referred to as "Privacy Policies"). In such cases,
a public institution shall establish such Privacy Policies for personal information files to be registered pursuant to Article 32:
1. Purpose for which personal information is managed;
2. Period for which personal information is held and used;
3. Matters concerning providing a third person with personal information (where applicable);
4. Matters concerning entrusting the management of personal information (where applicable);
5. Matters concerning the rights and duties of a subject of information, and how to exercise them;
6. Other matters prescribed by Presidential Decree concerning the management of personal information.
(2) Where a personal information manager establishes or amends the Privacy Policies, he/she shall disclose them in accordance with methods prescribed by Presidential Decree so that a subject of information can readily use them.
(3) Where the details of the Privacy policies are inconsistent with those of a contract entered into between a personal information manager and a subject of information, whichever is more advantageous to the subject of information shall govern.
(4) The Minister of Security and Public Administration may draw up a guideline for preparing the Privacy Policies and recommend a personal information manager to comply therewith. [Amended on Mar. 23, 2013, Nov 19, 2014]
Enforcement Decree Article 31 (Contents and Disclosure Methods, Etc. of Privacy Policies)
(1) “Other matters as stated in the Presidential Decree” in Article 30(1)(6) shall mean the matters of following Subparagraphs:
1. Items of personal information to be processed;
2. Matters in relation to destruction of personal information; and
3. Matters in relation to safety measures of personal information subject to Article 30.
(2) The personal information processor shall post continuously the Privacy Policy established or modified pursuant to Article 30(2) of the Act on its website.
(3) If it is not possible to post on the website pursuant to Paragraph (2), the personal information processor shall make public the Privacy Policy established or modified in a way of more than one of the following Subparagraphs:
1. Posting at easily noticeable places of the personal information processor’s workplace, etc.;
2. Publishing at the Official Gazette (only in case the personal information processor is the public institution), or general daily newspaper, weekly newsmagazine or internet media subject to Articles 2 (1) a. and c. and (2) of the Act for the Promotion of
Newspapers, etc. circulating mainly in over the City and Province where the personal information processor’s workplace is located; 3. Publishing at a periodical, newsletter, PR magazine or invoice to be published under the same title at least twice a year and distributed to data subjects on a continual basis; and/or
4. Delivering to the data subject the paper-based agreement entered into between the personal information processor and the data subject so as to supply goods and/or services.
Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.,
Article 27-2 (Public Disclosure of Privacy Policy) and its Enforcement Decree,
Article 14 (Public Disclosure Methods of Privacy Policy, Etc.)
Article 27-2 (Public Disclosure of Privacy Policy)
(1) Every provider of information and communications services or similar shall, when it handles personal information of users, establish and disclose its privacy policy to the public in a manner specified by Presidential Decree so that users become aware of the policy easily at any time.
(2) Privacy policy under paragraph (1) shall include descriptions of all the following matters: [Amended on Feb. 17, 2012]
1. Purposes of collection and use of personal information, items of personal information collected, and methods of collection;
2. The name of the person (referring to the name of a legal entity, if the person is a legal entity) to whom personal information is furnished, if the personal information is furnished to a third party, purposes of use of the person to whom the personal information is furnished, and items of the personal information furnished;
3. The period of time during which the personal information is possessed
and used, and the procedure and method for destruction of the personal information (including the ground for preservation and items of preserved personal information, if it is required to preserve the personal information in accordance with the proviso to the part above subparagraphs of Article 29 (1));
4. Details of business affairs subject to the entrusted handling of personal information and the trustee (they shall be included in the policy on handling, only where this subparagraph is applicable);
5. Rights of users and their legal representatives and methods for the exercise of such rights;
6. Matters concerning installation, operation, and denial of a device that collects personal information automatically, such as an information file for access to internet; and
7. The name and address of the person responsible for management of personal information or the department responsible for business affairs related to the protection of personal information and processing related complaints and other contact information of such person or department.
(3) Every provider of information and communications services or similar shall, when it revises the privacy policy under paragraph (1), give public notice of the reasons for and details of such revision without delay in a manner specified by Presidential Decree, and take measures to make users aware of the details of the revision easily at any time.[Wholly amended on June 13, 2008]
Enforcement Decree, Article 14 (Public Disclosure Methods of Privacy Policy, Etc.)
① Pursuant to Article 27 -2(1) of the Act, information communication service provider, etc. shall public privacy policy via at least one of the methods stated in the following paragraphs by taking into consideration personal information collection location and medium, etc., and it shall be designated as “Privacy Policy.” [Amended on Jan 28, 2009]
1. The method in which a user can see the matters stipulated in the subparagraphs of Article 27-2(2) of the Act on the first screen page of the internet homepage or its connected screen page. In this case, the information communication service provider shall utilize character size, color, etc., to enable a user to easily identify Privacy Policy;
2. The method in which Privacy Policy is attached or provided for the reading in an easily ascertainable place inside of the store or office;
3. The method in which Privacy Policy is continuously published for no less than twice per year and consistently published in periodicals, information booklet, PR material, or request form distributed to a user
② Any change and its specifics relating to Privacy Policy in accordance with Article 27-2(3) of the Act shall be published via any one of the methods in the following subparagraphs [Amended on Jan 28, 2009]
1. Notice of the first screen page of the internet homepage operated by information communication service provider or additional page disclosure;
2. Notification to a user via writing, facsimile, e-mail or other similar manner; or
3. Attachment or provision in the easily identifiable place inside of the store or office
③ Deleted [2014.11.28]
Privacy Policy
Cosmojin Tour deems personal information protection as very important as follows. Thus, Cosmojin Tour hereby publishes privacy policy as below for the protection of personal information.
The purpose of this Privacy policy is to notify the purpose and methods of the use of personal information provided by you in
accordance with the relevant laws, such as, "Personal Information Protection Act", and "Act on Promotion of Information and
Communications Network Utilization and Information Protection, Etc." as well as the measures taken for the protection of personal information.
This Policy may be revised pursuant to the policy change of Cosmojin Tour, and thus, you are well advised to visit here on a regular basis and check whether there is any change.
The Privacy Policy of Cosmojin Tour is as follows.
Definitions
1) "Cosmojin Tour" shall mean the virtual business premises where goods or services are traded by using information communication equipment, such as computer, so that Cosmojin Tour provides goods or services to a user, or it shall mean the company that operates Cosmojin Tour.
2) "User" shall mean every user that receives the service provided by "Cosmojin Tour" in accordance with the Terms and Conditions herein by accessing to "Cosmojin Tour."
3) "Third Party" shall mean a natural person, company, public institution, government investment institution and others other than user, service provider that collects personal information with the consent from the said user, or entrustment party to which personal information handling is entrusted by service provider.
1. Personal Information Collection Items and Purposes
•
o Items
o Purposes
•
o E-mail address, ID, password, name, date of birth
o Cosmojin Tour member service subscription, log-in, service use benefits, service provision, etc.
•
o Name, e-mail address, contact information
o Product purchase and reservation within Cosmojin Tour
•
o Card number
o Product payment within Cosmojin Tour
Personal Information Collection Methods
Cosmojin Tour collects personal information via methods, such as, member subscription or reservation by a user via the website,
product purchase, event participation, or generated information collection tool upon homepage use, etc.
3. Personal Information Retention and Use Period
1) Cosmojin Tour shall keep and use personal information of a customer during his/her service use period, and in the case that a
member cancels subscription or the expiry of personal information is due as a member does not utilize the service for a certain
period, the collected personal information shall be destructed so that it cannot be read or utilized. Notwithstanding the
foregoing, if the pertinent information is needed to be preserved in accordance with the relevant laws and regulations, it shall be kept.
2) If the information is needed to be preserved in accordance with the relevant laws and regulations, such as Commercial Act and Act on the Consumer Protection in Electronic Commerce, Etc. (hereinafter as “Electronic Commerce Act”), Electronic Financial
Transactions Act, Specialized Credit Finance Business Act, Framework Act on National Taxes, Corporate Tax Act, and Value-Added Tax
Act, the company shall keep member information during the period set forth in the applicable laws and regulations. The Company shall use the kept information only for the designated purpose and the retention period shall be as follows:
A. Preservation period promised individually upon consumer consent
B. Subscriber electronic communication date, which is necessary for the provision of the verification data concerning
communication, beginning and termination time for electronic communication, subscriber number, such as communication number, and
position tracking data of information communication device accessed to the network: 12 months (Protection of Communications Secrets Act)
C. Log record data, necessary for the provision of the verification data concerning communication, IP address, etc.: 3 months (Protection of Communications Secrets Act)
D. Record on designation and advertisement: 6 months (Electronic Commerce Act)
E. Record on contract or subscription revocation, etc.: 5 years (Electronic Commerce Act)
F. Record on payment settlement and supply of goods: 5 years (Electronic Commerce Act)
G. Record on consumer complaint or dispute handling: 3 years (Electronic Commerce Act)
H. Record on credit information collection, processing, and use, etc.: 3 years (Use and Protection of Credit Information Act)
4. Personal Information Entrustment Management
1) In order to facilitate the provision of customer services, the company appoints a professional company to entrust a partial portion of the work.
2) To be fully committed to the protection of personal information, the Company shall stipulate, in clear terms, proper handling process on personal information entrustment
by service provider, security instructions, confidentiality, restriction on the use beyond the stated purpose or scope, and
prohibition on re-entrustment, thereby giving rise to no confusion on the liability of the responsible party upon the occurrence of an accident , and the pertinent contractual relationship shall be made in writing or in an electronic form and kept in strict management and supervision.
3) Any change of the specifics of entrusted work or the entrustment company shall be disclosed without any delay via this Privacy Policy.
4) The status of personal information of a customer entrusted by the company shall be as follows:
•
o Entrustment Company Name
o Entrustment Specifics
•
o KG Inicis Co., Ltd.
o Settlement agency work for product payment
(Relevant Grounds)
Personal Information Protection Act, Article 30 (Establishment and Disclosure of Privacy Policies) and its Enforcement Decree,
Article 31 (Contents and Disclosure Methods, Etc. of Privacy Policy)
Article 30 (Establishment and Disclosure of Privacy Policies)
(1) A personal information manager shall establish privacy policies containing the following matters (hereinafter referred to as "Privacy Policies"). In such cases, a public institution shall establish such Privacy Policies for personal information files to be registered pursuant to Article 32:
1. Purpose for which personal information is managed;
2. Period for which personal information is held and used;
3. Matters concerning providing a third person with personal information (where applicable);
4. Matters concerning entrusting the management of personal information (where applicable);
5. Matters concerning the rights and duties of a subject of information, and how to exercise them;
6. Other matters prescribed by Presidential Decree concerning the management of personal information.
(2) Where a personal information manager establishes or amends the Privacy Policies, he/she shall disclose them in accordance with methods prescribed by Presidential Decree so that a subject of information can readily use them.
(3) Where the details of the Privacy policies are inconsistent with those of a contract entered into between a personal information manager and a subject of information, whichever is more advantageous to the subject of information shall govern.
(4) The Minister of Security and Public Administration may draw up a guideline for preparing the Privacy Policies and recommend a personal information manager to comply therewith. [Amended on Mar. 23, 2013, Nov 19, 2014]
Enforcement Decree Article 31 (Contents and Disclosure Methods, Etc. of Privacy Policies)
(1) “Other matters as stated in the Presidential Decree” in Article 30(1)(6) shall mean the matters of following Subparagraphs:
1. Items of personal information to be processed;
2. Matters in relation to destruction of personal information; and
3. Matters in relation to safety measures of personal information subject to Article 30.
(2) The personal information processor shall post continuously the Privacy Policy established or modified pursuant to Article 30(2) of the Act on its website.
(3) If it is not possible to post on the website pursuant to Paragraph (2), the personal information processor shall make public the Privacy Policy established or modified in a way of more than one of the following Subparagraphs:
1. Posting at easily noticeable places of the personal information processor’s workplace, etc.;
2. Publishing at the Official Gazette (only in case the personal information processor is the public institution), or general daily newspaper, weekly newsmagazine or internet media subject to Articles 2 (1) a. and c. and (2) of the Act for the Promotion of Newspapers, etc. circulating mainly in over the City and Province where the personal information processor’s workplace is located;
3. Publishing at a periodical, newsletter, PR magazine or invoice to be published under the same title at least twice a year and distributed to data subjects on a continual basis; and/or
4. Delivering to the data subject the paper-based agreement entered into between the personal information processor and the data subject so as to supply goods and/or services.
Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., Article 27-2 (Public
Disclosure of Privacy Policy) and its Enforcement Decree, Article 14 (Public Disclosure Methods of Privacy Policy, Etc.)
Article 27-2 (Public Disclosure of Privacy Policy)
(1) Every provider of information and communications services or similar shall, when it handles personal information of users,
establish and disclose its privacy policy to the public in a manner specified by Presidential Decree so that users become aware of the policy easily at any time.
(2) Privacy policy under paragraph (1) shall include descriptions of all the following matters: [Amended on Feb. 17, 2012]
1. Purposes of collection and use of personal information, items of personal information collected, and methods of collection;
2. The name of the person (referring to the name of a legal entity, if the person is a legal entity) to whom personal information is furnished, if the personal information is furnished to a third party, purposes of use of the person to whom the personal
information is furnished, and items of the personal information furnished;
3. The period of time during which the personal information is possessed and used, and the procedure and method for destruction of the personal information (including the ground for preservation and items of preserved personal information, if it is required to preserve the personal information in accordance with the proviso to the part above subparagraphs of Article 29 (1));
4. Details of business affairs subject to the entrusted handling of personal information and the trustee (they shall be included in the policy on handling, only where this subparagraph is applicable);
5. Rights of users and their legal representatives and methods for the exercise of such rights;
6. Matters concerning installation, operation, and denial of a device that collects personal information automatically, such as an information file for access to internet; and
7. The name and address of the person responsible for management of personal information or the department responsible for business affairs related to the protection of personal information and processing related complaints and other contact information of such person or department.
(3) Every provider of information and communications services or similar shall, when it revises the privacy policy under paragraph
(1), give public notice of the reasons for and details of such revision without delay in a manner specified by Presidential Decree, and take measures to make users aware of the details of the revision easily at any time.[Wholly amended on June 13, 2008]
Enforcement Decree, Article 14 (Public Disclosure Methods of Privacy Policy, Etc.)
① Pursuant to Article 27 -2(1) of the Act, information communication service provider, etc. shall public privacy policy via at least one of the methods stated in the following paragraphs by taking into consideration personal information collection location and
medium, etc., and it shall be designated as “Privacy Policy.” [Amended on Jan 28, 2009]
1. The method in which a user can see the matters stipulated in the subparagraphs of Article 27-2(2) of the Act on the first screen page of the internet homepage or its connected screen page. In this case, the information communication service provider shall utilize character size, color, etc., to enable a user to easily identify Privacy Policy;
2. The method in which Privacy Policy is attached or provided for the reading in an easily ascertainable place inside of the store or office;
3. The method in which Privacy Policy is continuously published for no less than twice per year and consistently published in periodicals, information booklet, PR material, or request form distributed to a user
② Any change and its specifics relating to Privacy Policy in accordance with Article 27-2(3) of the Act shall be published via any one of the methods in the following subparagraphs [Amended on Jan 28, 2009]
1. Notice of the first screen page of the internet homepage operated by information communication service provider or additional page disclosure;
2. Notification to a user via writing, facsimile, e-mail or other similar manner; or
3. Attachment or provision in the easily identifiable place inside of the store or office
③ Deleted [2014.11.28]
Privacy Policy
Cosmojin Tour deems personal information protection as very important as follows. Thus, Cosmojin Tour hereby publishes privacy policy as below for the protection of personal information.
The purpose of this Privacy policy is to notify the purpose and methods of the use of personal information provided by you in
accordance with the relevant laws, such as, "Personal Information Protection Act", and "Act on Promotion of Information and
Communications Network Utilization and Information Protection, Etc." as well as the measures taken for the protection of personal information.
This Policy may be revised pursuant to the policy change of Cosmojin Tour, and thus, you are well advised to visit here on a regular basis and check whether there is any change.
The Privacy Policy of Cosmojin Tour is as follows.
Definitions
1) "Cosmojin Tour" shall mean the virtual business premises where goods or services are traded by using information communication equipment, such as computer, so that Cosmojin Tour provides goods or services to a user, or it shall mean the company that operates Cosmojin Tour.
2) "User" shall mean every user that receives the service provided by "Cosmojin Tour" in accordance with the Terms and Conditions herein by accessing to "Cosmojin Tour."
3) "Third Party" shall mean a natural person, company, public institution, government investment institution and others other than user, service provider that collects personal information with the consent from the said user, or entrustment party to which personal information handling is entrusted by service provider.
1. Personal Information Collection Items and Purposes Items
Purposes
E-mail address, ID, password, name, date of birth
Cosmojin Tour member service subscription, log-in, service use benefits, service provision, etc.
Name, e-mail address, contact information
Product purchase and reservation within Cosmojin Tour
Card number
Product payment within Cosmojin Tour
2. Personal Information Collection Methods
Cosmojin Tour collects personal information via methods, such as, member subscription or reservation by a user via the website,
product purchase, event participation, or generated information collection tool upon homepage use, etc.
3. Personal Information Retention and Use Period
1) Cosmojin Tour shall keep and use personal information of a customer during his/her service use period, and in the case that a
member cancels subscription or the expiry of personal information is due as a member does not utilize the service for a certain period, the collected personal information shall be destructed so that it cannot be read or utilized. Notwithstanding the foregoing, if the pertinent information is needed to be preserved in accordance with the relevant laws and regulations, it shall be kept.
2) If the information is needed to be preserved in accordance with the relevant laws and regulations, such as Commercial Act and Act on the Consumer Protection in Electronic Commerce, Etc. (hereinafter as “Electronic Commerce Act”), Electronic Financial Transactions Act, Specialized Credit Finance Business Act, Framework Act on National Taxes, Corporate Tax Act, and Value-Added Tax Act, the company shall keep member information during the period set forth in the applicable laws and regulations. The Company shall use the kept information only for the designated purpose and the retention period shall be as follows:
A. Preservation period promised individually upon consumer consent
B. Subscriber electronic communication date, which is necessary for the provision of the verification data concerning
communication, beginning and termination time for electronic communication, subscriber number, such as communication number, and position tracking data of information communication device accessed to the network: 12 months (Protection of Communications Secrets Act)
C. Log record data, necessary for the provision of the verification data concerning communication, IP address, etc.: 3 months (Protection of Communications Secrets Act)
D. Record on designation and advertisement: 6 months (Electronic Commerce Act)
E. Record on contract or subscription revocation, etc.: 5 years (Electronic Commerce Act)
F. Record on payment settlement and supply of goods: 5 years (Electronic Commerce Act)
G. Record on consumer complaint or dispute handling: 3 years (Electronic Commerce Act)
H. Record on credit information collection, processing, and use, etc.: 3 years (Use and Protection of Credit Information Act)
4. Personal Information Entrustment Management
1) In order to facilitate the provision of customer services, the company appoints a professional company to entrust a partial portion of the work.
2) To be fully committed to the protection of personal information, the Company shall stipulate, in clear terms, proper handling process on personal information entrustment by service provider, security instructions, confidentiality, restriction on the use beyond the stated purpose or scope, and prohibition on re-entrustment, thereby giving rise to no confusion on the liability of the responsible party upon the occurrence of an accident , and the pertinent contractual relationship shall be made in writing or in an electronic form and kept in strict management and supervision.
3) Any change of the specifics of entrusted work or the entrustment company shall be disclosed without any delay via this Privacy Policy.
4) The status of personal information of a customer entrusted by the company shall be as follows:
Entrustment Company Name
Entrustment Specifics
KG Inicis Co., Ltd.
Settlement agency work for product payment
5. Provision of Personal Information to a Third Party
1) Excluding the cases in which member or customer consent is procured or the relevant laws and regulations are permitted, the company shall not use or provide information to another company/institution beyond the scope notified at ‘Personal Information Collection and Use Purpose’ or not relating to member service area.
2) Notwithstanding the foregoing, for the provision of better services, personal information may need to be provided to or shared with affiliates, and in such case, customer consent shall be obtained by notifying information categories to be provided or shared, affiliate name, purpose or period, etc., regarding the personal information. If the member refuses to give a consent, the pertinent information shall not be provide to or shared with a third party.
3) Personal information may be provided without customer consent as exceptional cases (No. 3 category is added / exceptional cases): A. Upon the demand from the relevant authorities for the investigation purpose, pursuant to the relevant laws and regulations, such as Criminal Procedure Act, Act on Real Name Financial Transactions and Confidentiality, Use and Protection of Credit Information Act, Local Tax Act, Consumer Protection Act, Bank of Korea Act;
B. For the provision to advertisers, partners, or research groups in a form in which a specific individual cannot be identified for statistical research academic study or market research;
C. Upon the request from the relevant institutions concerning excellent products approved by the Ministry of Culture and Tourism; D. If it is necessary for the fee settlement in line with service provision; and
E. When user information (name, address, and phone number) is provided, to the minimum extent that is necessary for the delivery to the delivery service provider, for the delivery relating to more convenient website use by Cosmojin Tour user
6. Matters on Application and Rejection of Automatic Personal Information Collection Device
In order to provide customized user service, Cosmojin Tour may use ‘cookie.’ ‘cookie' is a small data file transmitted from the HTTP server to a customer’s browser, saved on the hard disk of the customer’s computer. Once a customer accesses to the company website, the company computer reads the contents of a cookie of customer browser and collects and stores IP log record, which is equivalent to customer’s personal information.
Cookies shall be used for the following purposes:
1) Once a member is registered, a cookie shall be set up upon the first log-in and it shall be deleted upon the log-out. The use of a cookie in relation to member log-in is to check the current log-in status.
2) Cookie shall be used for user environment setting, etc. It shall be used for the personalized environment setting that a user desires by letting an individual’s personally opted setting be stored.
3) It shall be used for target marketing by identifying the use pattern of a user, such as the access frequency difference between member and non-member or frequent use degree, etc.
4) Cookies are utilized to check the customer participation frequency for various promotional events, such as those held by Cosmojin Tour.
5) User has the right to permit/reject all cookies or require personal confirmation whenever a cookie is saved by adjusting the options on their web browser. The specifics are as follows:
A. The method for selecting cookie installation (for Internet Explorer) is as follows
- Select [Internet Option] from [Tools].
- Click the [Personal Information Tab].
- Adjust user preference at personal information setting.
B. The method for selecting cookie installation (for Netscape) is as follows
- Select [Environment Setting] from [Editing].
- Click [Cookie] from [Personal Information and Security] category.
- Select the desired cookie allowance phase.
7. Technological/Managerial Safety Measures for Personal Information Protection
1). Technological measure – Personal information of a member is protected via password, files and transmitted data is encrypted or file lock function is utilized so that important data is protected through an additional security function.
A. The company utilizes a vaccine program and takes the measure that prevents the damage via computer virus. Vaccine program is updated on a regular basis, and upon the emergence of a sudden virus, the vaccine program is provided at once, thereby preventing any breach of personal information.
B. The company uses password algorithm and adopts security device (SSL or SET) so that personal information under the network is transmitted in a safe manner.
C. The company makes its best efforts to improve security, such as using unauthorized access block system and defect analysis system for every server in preparation against any unauthorized access attempt, for instance, hacking.
2). Managerial measure – the company limits the number of persons who have the access authority to personal information of members to the minimum. Such minimum personnel shall be as follows:
A. Marketing personnel who directly deal with users;
B. Personal information management personnel, such as personal information management supervisor or manager;
C. Personnel whose job inevitably entails the handling of personal information
3). The company provides regular internal training or outside entrustment training to the personal information personnel so that they can acquire new security technology and personal information protection duties. The company requests every employee to sign the confidentiality agreement prior to hiring so that information disclosure via an employee is prevented and the employees’ execution of and compliance with the privacy policy is to be monitored through the internal company procedure.
4). The work orientation of the personal information personnel is strictly carried out while the relevant security is maintained and the responsibility on personal information violation accident is clearly stipulated, whether it is before or after the pertinent employee has joined the company.
5). Personal information and ordinary data is not mingled; rather, they are kept in separation via an additional server.
6). IT room and data storage, etc. are designated as special safety zones to which the access is restricted.
7). The company shall not be held liable for any event arising from a user’s mistake or basic internet risk. Every member shall manage his/her own ID and password in order to protect his/her own personal information and be held liable for that.
8). The company shall immediately notify you of any loss, disclosure, modification or damage with respect to personal information due to the mistake of the company manager or the technology management accident and provide proper measures and compensation.
8. Rights and Obligations of Subject of Personal Information
Subject of personal information may exercise with respect to the company any of the personal information protection related rights listed in the following paragraphs:
1) Right to read personal information (reading of source, handling purpose, and use details of personal information collected from subject of personal information and others
2) Right to correct an error, if any;
3) Right to delete personal information; and
4) Right to request to put a halt on handling
The rights stated in the above paragraphs may be exercised with respect to the company in writing, via phone, electronic mail or facsimile (FAX) and the company shall take the relevant measure without any delay.
Subject of personal information shall be obligated to make sure that the company does not violate personal information and privacy of subject of personal information and others being handled by the company, to the extent that the relevant laws and regulations, such as Personal Information Protection Act, are not violated.
9. Personal Information Destruction Procedures and Methods¡
Cosmojin Tour shall destruct the collected personal information without any delay after the related purpose is achieved, depending on the use and retention period, and the destruction procedure and method shall be as follows.
1) Destruction Procedure
Personal information uploaded by member for member subscription and travel service use shall be deleted or destroyed after preservation for some time as the use purpose is achieved in accordance with internal policy and information protection ground (refer to the Use and Retention Period) set forth in other relevant laws and regulations.
2) Destruction Method
A. Personal information printed in paper format: destructed through document shredder
B. Personal information stored in an electronic file format: personal information shall be deleted completely, and its record shall be erased via the method with which such record cannot be recovered
3) Destruction Period
A. Member subscription information: when member cancels subscription or his/her membership is revoked
B. Fund payment information: upon payment completion date or the expiry of a payable bond
C. Information collected for the purpose of a questionnaire or an event: upon the completion of the said questionnaire or event Notwithstanding the foregoing, member’s personal information may be retained if it is required to be preserved pursuant to the applicable laws and regulations, such as Commercial Act, even if the purpose with which the information is collected or provided is achieved.
10. Personal Information Protection for Child whose Age is Younger than 14 Years
Cosmojin Tour does not collect/utilize the personal information of a child whose age is younger than 14 years old.
11. Handling of Complaints Concerning Personal Information
If you need to report or consult concerning privacy violation, please contact Personal Information Violation Report Center of Korea Internet & Security Agency. In addition, if you have incurred any monetary or psychological damage, you may file a petition for damage relief to Personal Information Dispute Mediation Committee.
A. Personal Information Violation Report Center of Korea Internet & Security Agency: (without area code) 118 (privacy.kisa.or.kr)
B. The Cyber Crime Investigation Team of the Supreme Prosecutors’ Office: 02-3480-3571 (
[email protected])
C. The Cyber Terrorism Response Center of the National Police Agency: 1566-0112 (www.netan.go.kr)
12. Personal Information Management Supervisor and Manager Contact Information
Cosmojin Tour appoints a personal information management supervisor for the purpose of personal information protection of a user. If you have any complaint or suggestion in relation to personal information, please send an email to
[email protected] or contact via phone (+82-2-318-0345). We will process it as soon as we receive it and inform you of the outcome.
2) Personal Information Management Supervisor
Name : Chuck Shin
Association : Cosmojin Tour Manager
Contact Information : 02-318-0345
E-Mail :
[email protected]
[Supplementary Provisions]
Effective date of Privacy Policy
Example sentence) [Supplementary Provision] 1. (Effective Date) This Privacy Policy shall take effect starting from 6 month 1 day, 2004z