Notice on the collection and use of personal information
Hermestong Co., Ltd. (hereinafter referred to as the "Company") establishes and discloses the following personal information processing policies to protect personal information of individuals and to handle related issues quickly and smoothly, pursuant to Article 30 of the Personal Information Protection Act.
Article 1 (Purpose of Processing Personal Information)
The "Company" processes personal information for the following purposes, and the personal information being processed is not used for any other purpose than the following. If the purpose of use is changed, necessary measures such as obtaining separate consent under Article 18 of the Personal Information Protection Act will be implemented.
1. Application membership registration and management
Personal information is processed for the purposes of confirming membership intention, identification, and certification according to the provision of membership services, maintaining and managing membership, preventing illegal use of services, and documenting illegal users.
2. Handling of civil issues
Personal information is processed for the purpose of checking the identity of the civil petitioner, checking the issue, contacting, and notifying the results of the fact investigation, and notifying the results of the processing.
3. Provision of goods or services
Personal information is processed for the purpose of providing content and processing payments.
Article 2 (Processing and Retaining Period of Personal Information)
The "Company" processes the following personal information:
a. The "Company" processes and holds personal information within the period of holding and using personal information or the period of holding and using personal information agreed upon when collecting personal information from the individual under the Act.
b. Each personal information processing and holding period is as follows.
1. <App membership registration and management>
Collection of personal information related to <App membership registration and management> is held for the above purpose of use from the date of consent for use to <3 years>.
Basis of retention: Purpose of identifying and managing member information
Related Acts and subordinate statutes: Records on the collection/processing, use, etc. of credit information: <3 years>
2. <Civil petition processing>
Collection of personal information related to <Civil petition processing> is held for the above purpose of use from the date of consent for use to <3 years>.
Basis of retention: Purpose of identifying member information and handling issues
Related Acts and subordinate statutes:
1) Records on the collection/processing, use, etc. of credit information: 3 years
2) Records on the handling of consumer issues or disputes: 3 years
3.<Provide goods or services>
Collection of personal information related to the provision of goods or services is held for the above purpose of use from the date of consent for use to <3 years>.
Basis of retention: Purpose of identifying and granting permission to use member information
Related Acts and subordinate statutes:
1) Records on the collection/processing, use, etc. of credit information: 3 years
2) Records on payment and supply of goods, etc.: 5 years
3) Records on withdrawal of contracts or subscriptions: 5 years
Article 3 (Items of personal information to be processed)
The "Company" processes and holds personal information within the period of holding and using personal information or the period of holding and using personal information agreed upon when collecting personal information from the individual under the Act.
Each personal information processing and holding period is as follows.
1. Application membership registration and management
Required items: login ID, login password, email
2. Handling of civil petitions
Required items: Access device ID information, service usage records, and e-mail
3. Provision of goods or services
Required items: Access device ID information, service usage record
Choices: Photo, Audio
① In accordance with the terms and conditions and policies, fraudulent use records are kept for one year and deleted after this period has elapsed.
② Personal information is held for a certain period of time to confirm transaction relations in accordance with the provisions of related laws and regulations such as the Consumer Protection Act in e-commerce, etc.
Article 4 (Provision of Personal Information to a Third Party)
The "Company" does not provide personal information to third parties.
All items in Article 3 are collected and managed by the "Company" and are used for user verification purposes only.
Article 5 (Procedure and Method of Destruction of Personal Information)
1. The "Company" shall remove the personal information without delay when personal information becomes unnecessary, such as the lapse of the personal information retention period and the achievement of the purpose of processing.
2. Even if the personal information retention period agreed by the individual has elapsed or the purpose of processing has been achieved, the personal information may be transferred to a separate database (DB) or stored in a different storage place if required by a certain law.
3. The procedures and methods of removing personal information are as follows:
▶ Process of removal
The "Company" selects personal information on which the reason for removal occurred and removes personal information with the approval of the personal information protection manager of the "Company".
All information about the user account is managed by the database and personal information selected as removal items is permanently removed.
▶ Removal method
Electronic file-type information uses a technical method that cannot be recorded, and personal information printed on paper is shredded with a shredder or destroyed by incineration.
Article 6 (Matters concerning the rights and obligations of the individual and legal representative, and the method of exercising them)
1. The individual may exercise the right to view, correct, delete, and request suspension of processing of personal information to the "Company" at any time.
2. The exercise of rights under paragraph (1) may be made in writing, e-mail, facsimile (FAX) in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the "Company" will take action without delay.
3. The exercise of rights under paragraph (1) may be conducted through an agent, such as a legal representative of the individual or a person entrusted. In such cases, "Public Notice on the Method of Processing Personal Information (No. 2020-7)" You must submit a power of attorney in attached Form 11.
4. Requests for access to personal information and suspension of processing may be restricted under Articles 35 (4) and 37 (2) of the Personal Information Protection Act.
5. A request for correction and deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.
6. The "Company" verifies whether the person who made the request for perusal, correction or deletion, or suspension of processing, etc. according to the right of the individual is himself/herself or a legitimate agent.
Article 7 (Matters concerning measures to secure the safety of personal information)
The "Company" is taking the following measures to ensure the safety of personal information.
1. Conduct regular self-audits
In order to ensure safety related to personal information handling, we conduct regular (once a fiscal year quarter) audits.
2. Educating and minimizing employees handling personal information
We are implementing measures to manage personal information by designating minimal employees who handle personal information by limiting them to those in charge.
3. Establishing and implementing an internal management plan
For the safe processing of personal information, an internal management plan is established and implemented.
4. Technical countermeasures against hacking, etc
"Company" installs security programs, periodically updates and inspects, installs systems in areas with controlled access from outside, and monitors and blocks them technically and physically to prevent personal information leakage and damage caused by hacking or computer viruses.
5. Encryption of personal information
The user's personal information is stored and managed by encrypting the password, so only you can know it, and important data uses separate security functions such as encrypting file and transfer data or using a file lock function.
6. Storage of access records and prevention of forgery and alteration
Records accessed to the personal information processing system are kept and managed for at least one year, but if personal information is added to more than 50,000 individuals or unique identification information or sensitive information is processed, it is stored and managed for more than two years.
In addition, we use a security function to prevent forgery, theft, or loss of connection records.
7. Restriction of access to personal information
The “Company” takes necessary measures to control access to personal information by granting, changing, and canceling access to the database system that processes personal information, and controls unauthorized access from outside using an intrusion prevention system.
8. Use locks for document security
Documents containing personal information and auxiliary storage media are stored in a safe place with a lock.
9. Access control for unauthorized persons
We have established and operated access control procedures for separately storing personal information.
Article 8 (Matters concerning the installation and operation of devices that automatically collect personal information and their refusal)
The "Company" does not use "cookie(s)" that store or collect information regularly on individuals.
Article 9 (Matters concerning the collection, use, provision, rejection, etc. of behavioral information)
The "Company" does not collect, use, or provide behavioral information for online customized advertisements.
In order to generate account information, "Company" automatically collects a device’s user unique identification numbers (device UIDs) when users run "Company" services. If the user refuses to automatically collect device identification unique numbers, the service provided by the "Company" will not be available. User unique identification device numbers do not include ad identifiers (ADIDs, IDFAs, etc.) for advertising.
Article 10 (Matters concerning the person in charge of personal information protection)
① The "Company" is in charge of handling personal information, and designates a person in charge of personal information protection as follows to handle issues and remedy damages to individuals related to personal information processing.
▶ Person in charge of personal information protection
Name: Kyungmin Kwon
Position: Developer
Contact point: +82)10-7209-0159, hello@alphatong.com
Article 11 (Department that receives and processes requests for access to personal information)
The individual may request the following departments for access to personal information under Article 35 of the [Personal Information Protection Act].
The "Company" is in charge of handling personal information and designates a person in charge of personal information protection as follows to handle issues and remedy damages to individuals related to personal information processing.
The "Company" will try to expedite the request for access to personal information from the individual.
▶ Personal Information Access Request Receipt and Processing Department
Name: Kyungmin Kwon
Position: Developer
Contact point: +82) 10-7209-0159, hello@alphatong.com
※ You will be connected to the department responsible for privacy.
Article 12 (Method of remedy for infringement of rights and interests of individuals)
In order to receive relief from personal information infringement, information entities can apply for dispute resolution or counseling to the Personal Information Dispute Mediation Committee and the Korea Internet & Security Agency's Personal Information Infringement Reporting Center. In addition, please contact the institution below for other reports and consultations on personal information infringement.
1. Personal Information Dispute Mediation Committee: (without national number) 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Reporting Center: 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
4. National Police Agency: 182 (ecrm.cyber.go.kr)
A person who has been infringed on his/her rights or interests due to disposition or omission by the head of a public institution in response to a request under Articles 35 (Personal Information Access), 36 (Correction or Deletion of Personal Information, etc.) of the Personal Information Protection Act may request an administrative trial as prescribed by the Administrative Appeals Act.
※ For more information on administrative trials, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).
Article 13 (Change of Personal Information Processing Policy)
The personal information processing policy will take effect from the effective date, and if there is an addition, deletion, or correction of changes in accordance with laws and policies, it will be notified through the notice seven days before the implementation of the changes.
Announcement date: August 1, 2022
Enforcement date: August 03, 2022