moblieBtn

Scandia Co., Ltd. Privacy Policy

1. General rules

Scandia Co., Ltd. (hereinafter referred to as “Company”) actively protects the personal information of information subjects handled by the Company, protects the personal information and rights of information subjects in accordance with the Personal Information Protection Act, and resolves complaints of information subjects related to personal information. To ensure smooth processing, we have established and implemented this personal information handling policy and are complying with it. The Company's personal information handling policy may be changed in accordance with relevant laws, guidelines, and the Company's internal operating policy, and if the personal information handling policy changes, it is disclosed in accordance with the method prescribed by relevant laws.

This personal information handling policy will be implemented from July 01, 2023, and contains the following:

  • -

    Purpose of handling personal information and items of personal information to be handled

    -

    Personal information handling, retention period and destruction

    -

    Matters concerning the rights and obligations of information subjects and how to exercise

    -

    The right of a legal representative of children under the age of 14

    -

    Measures to secure safety of personal information

    -

    Opinion collection and complaint handling

2. Purpose of handling personal information and items of personal information to be handled

[General Personal Information]

  • 1.

    Essentials

    (1) Items of personal information handled

    – Name, e-mail, mobile phone number, Company name

    (2) Purpose of handling personal information

    – Purpose of use for service provided, customer management, sales and marketing

    (3) Application for automatic email subscription

    – Purpose for notice, guidance and marketing

  • 2.

    Selection

    (1) Items of personal information handled

    – ​Name, e-mail, mobile phone number, Company name

    (2) Purpose of handling personal information

    – Purpose of use for service provided, customer management, sales and marketing

3. Personal information handling, retention period and destruction

  • A.

    Personal information handling and holding period

    The Company will destroy the information without delay if personal information is no longer necessary by achieving the purpose of handling personal information. However, if the information subject has been consent from the information subject in advance or the personal information of the information subject must be preserved in accordance with other laws such as commercial law, the Company may preserve the personal information.

  • B.

    Destruction of personal information

    (1) When the Company destroys personal information, measures are taken to ensure that it cannot be recovered or reproduced.

    (2) If the Company must preserve without destroying personal information, the relevant personal information or personal information files will be separated and managed separately from other personal information.

    (3) The Company, if the personal information to be destroyed is in the form of an electronic file, will issue a deletion order in a way that cannot be restored through the program. If the entire personal information must be destroyed, it will be permanently deleted using a physical method that cannot be restored.

    (4) The Company, if the personal information to be destroyed is a record, print, paper, or other recording medium other than in the form of an electronic file, will shred or incinerate it..

4. Matters concerning the rights and obligations of the information subject and methods of exercising them

  • A.

    Viewing personal information

    (1) The information subject may request to view his or her personal information handled by the Company. In this case, the information subject, as prescribed by Ordinance of the Ministry of Public Administration, must submit a personal information viewing request form or request viewing by means of a means that can prove the information subject's identity, such as email with (i) Items and contents of personal information; (ii) Purpose of collection and use of personal information, (iii) Retention and use period of personal information; (iv) Status of provision of personal information to third parties; (v) Indicate the fact that you have agreed to the handling of personal information and the details you wish to view

    (2) When the Company receives a request for viewing from the information subject, the Company allows the information subject to view the relevant personal information within 10 days. In this case, if there is a justifiable reason why the information cannot be viewed within the relevant period, the information subject may be notified of the reason and the inspection may be postponed. When the reason no longer exists, the inspection may be made without delay.

    (3) In any of the following cases, the Company may inform the information subject of the reason and grant or deny permission to view the information.

    1) When viewing is prohibited or restricted by law
    2) When there is a risk of harming another person's life or body or unfairly infringing on another person's property or other interests.
  • B.

    Correction and deletion of personal information

    (1) The information subject who has viewed his or her personal information may request the Company to correct or delete the personal information. In this case, the information subject submits a request for correction/deletion of personal information prescribed by Ordinance of the Ministry of Public Administration and Security to the Company or requests correction/deletion of personal information by means of proving the identity of the information subject.

    (2) The Company investigates the personal information within 10 days from the date of receiving a request for correction or deletion of personal information in accordance with legal procedures, takes necessary actions such as correction or deletion according to the request of the information subject, and then discloses the fact that the action was taken, other information, etc. If the personal information is specified as subject to collection in the law and the information subject's request for deletion is not complied with, the fact, reason, and method of raising an objection will be notified to the information subject.

    (3) When the Company deletes personal information at the request of the information subject, measures are taken to prevent it from being recovered or reproduced.

  • C.

    Suspension of handling of personal information

    (1) The information subject shall submit a request for suspension of personal information, prescribed by the Ordinance of the Ministry of Public Administration and Security, if he wants to suspend the handling of personal information.

    (2) The Company may refuse to suspend the handling of the information subject if it falls under any of the following

    (i) If there is a special provision in the law or inevitable to comply with the obligations of laws.
    (ii) If there is a risk of harming others 'lives and body, or there is a risk of unfairly violating others' property and other interests.
    (iii) If the performance of the contract is difficult, such as not being able to provide the service agreed upon with the information subject if personal information is not handled, and the information subject does not clearly indicate his/her intention to terminate the contract.

    (3) If the Company suspends all or part of the handling of personal information within 10 days from the date of receiving a request to suspend the handling of personal information, the Company will notify you of the fact and the facts and reasons if the Company does not comply with the information subject's request to suspend handling of personal information. The information subject will be notified of how to raise an objection.

    (4) The Company shall take necessary measures such as destroying the personal information without delay on personal information that has been suspended at the request of the information subject.

  • D.

    The method and procedure of the exercise of rights

    (1) Requests for viewing, correction, deletion, and suspension of handling of personal information may be made by the information subject, the information subject's legal representative, or a person authorized by the information subject. However, when the information subject's legal representative, a person authorized by the information subject, etc. acts on behalf of the information subject, the information subject's power of attorney prescribed by Ordinance of the Ministry of Public Administration and Security must be submitted to the Company.

    (2) Persons who request to view, correct, delete, or suspend handling of personal information may be charged fees and postage fees as determined by the Company.

    (3) When the Company receives a request from the information subject to view, correct, delete, or suspend handling, the Company stores the personal information viewing request form or means of verifying the information subject's identity for 90 days and discards it thereafter

5. Rights of legal representatives of children under the age of 14

A legal representative of children under the age of 14 may request access, correction, deletion, processing or suspension of the child's personal information.

6. Measures to secure safety of personal information

The Company is taking technical, managerial and physical measures necessary to ensure safety as follows to prevent personal information from being lost, stolen, leaked, altered or damaged.

  • A.

    Establishment and implementation of internal management plans for safe handling of personal information

    The Company is establishing and implementing an internal management plan that includes the following.

    (1) Matters concerning the designation of the personal information handling manager

    (2) Matters concerning the roles and responsibilities of the personal information handling manager and personal information handler

    (3) Matters concerning the measures necessary to secure the safety of personal information

    (4) Matters concerning education on personal information handlers

    (5) Other matters necessary for handling personal information

  • B.

    Measures to control access to personal information and limit access rights

    (1) The Company grants access to the personal information handling system differently depending on the person in charge, to the minimum extent necessary to perform the job, and if the personal information handler changes due to a personnel change such as transfer or retirement, the personal information handler is changed without delay. Access rights to the information handling system are being changed or canceled. Furthermore, the Company records the details of granting, changing or canceling the above permissions and stores the records as necessary. 나아가 회사는 위의 권한 부여, 변경 또는 말소에 대한 내역을 기록하고, 그 기록을 필요에 따라 보관하고 있습니다.

    (2) When the Company issues a user account to access the personal information handling system, it issues one user account for each personal information handler and ensures that it is not shared with other personal information handlers.

    (3) The Company has established and applied password creation rules.

    (4) In order to prevent illegal access and infringement accidents through information and communication networks, the Company (i) restricts unauthorized access to the personal information handling system by limiting access rights to IP addresses, etc.

  • C.

    Application or corresponding measures of encryption technology that can safely store and transmit personal information

    (1) The Company encrypts personal identification information and passwords when transmitting or receiving them through information and communications networks or transmitting them through auxiliary storage media.

    (2) The Company encrypts and stores the password, and when the password is stored, one -way encryption is stored so as not to be decrypted.

  • D.

    Measures to store access records and prevent forgery and alteration in response to personal information infringement incidents

    (1) The Company safely stores the access records of personal information handlers to prevent them from being forged, altered, stolen or lost.

  • E.

    Installation and renewal of security programs for personal information

    The Company installs and operates security programs such as anti-virus software that can prevent and treat malicious programs on the personal information handling system or work computer, and complies with the following.

    (1) Use automatic update function of security program or update at least once a day

    (2) If an alarm related to malicious programs is issued or if there is a security update notice in the manufacturer of the application or operating system software, immediately update accordingly.

  • F.

    Physical measures such as preparing storage facilities for safe storage of personal information and installation of locks

    (1) The Company has a separate physical storage site for personal information and establishes and operates access control procedures for it.

    (2) The Company stores documents and auxiliary storage media containing personal information in a safe place with a lock.

7. Opinion collection and complaint handling

The information subject may file any complaint related to the handling of personal information to the person in charge of personal information handling or the department in charge. The Company will provide a prompt and sufficient response to the information subject's complaints.

[Personal Information Handling Manager]

  • -

    Name : Lee Soon-Ryel

    -

    Tel. : +82-31-477-7113

    -

    e-mail : policy@scandiamoss.com