This policy is effective July 1, 2019.
1. Purpose of processing personal information
The company processes personal information for the following purposes: The personal information processed is not used for purposes other than the following, and if the purpose of use is changed, prior consent will be sought.
A) Membership registration and management of the homepage
Personal information is processed for the purpose of verifying the member's intention to join, identifying and certifying the member as a result of the service provision, maintaining and managing his or her qualification as a result of the limited self-identification system, preventing misuse of service, various notices and notices, handling grievances, and preserving records for dispute settlement.
B) Processing civil affairs
Personal information is processed for the purpose of identification of the petitioner, identification of the petitioner, contact and notification for fact investigation, and notification of the processing result.
C) provide goods or services
Personal information is processed for the purpose of service provision, content delivery, custom service provision, authentication, rate payment and settlement.
D) Use in marketing and advertising
Personal information is processed for the purpose of developing new services (product) and providing customized services, providing event and advertising information and opportunities for participation, providing services according to demographic characteristics and publishing advertisements, validating services, identifying access frequency, or statistics on service use by members.
2. Personal information file status
1. Personal information file name: Infludio member database
- Personal information items: e-mail, name, profile image, belonging, mobile phone number, password, login ID
- Collection method: Information entered by the user in the homepage is collected
- Basis for retention: according to the relevant statutes
- Retention period: 5 years
- Related statutes: Records on Payment and Supply of Goods: 5 years
3. Processing and holding period of personal information
A) The company processes and retains personal information within the period of personal information possession and use in accordance with the Act or within the period of use, which is agreed upon when collecting personal information from the information subject.
B) Each person's personal information processing and retention period is as follows.
1. Membership and management of the website
Personal information related to [home page membership registration and management] is collected. held for the purpose of use above up to [5 years] from the date of agreement on the use. It's used.
- Retention base: according to the relevant statutes
- Related statutes: Records on Payment and Supply of Goods: 5 years
- Exception reason: No
4. Items related to third party provision of personal information
A) The company provides personal information to third parties only when it falls under Article 17 and Article 18 of the Privacy Act, such as the consent of the information subject and the special provisions of the law.
B) The company provides personal information to third parties as follows:
1. Process the work of making Infludio videos
- Person who receives personal information: Influorideo member
- Purpose of personal information use by the recipient: Custom video production and delivery processing
- Obtained by the recipient. Service period: 1 year, destroy without delay when the purpose of use is achieved
5. Information subject and legal representative's rights, duties and methods of exercise
As a personal information subject, the user can exercise the following rights:
A) The information subject can exercise his/her right to access, correct, delete, or suspend personal information at any time.
B) The right under paragraph 1 can be exercised through written, e-mail, or FAX in accordance with Article 41 paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
C) The exercise of rights under paragraph 1 can be conducted through a legal representative of the information subject or through an agent, such as a person who has received a commission. In this case, you must submit a letter of attorney according to the form No. 11 attached to the Enforcement Rules of the Personal Information Protection Act
D) Requests for personal information access and suspension of processing may limit the rights of the information subjects pursuant to Article 35 para 5 and Article 37 para 2.
E) Personal information modification and deletion request cannot be requested to be deleted if the personal information is specified as the target of collection in other statutes.
F) The company checks whether the person who made the request, such as the request for reading, correction or deletion according to the right of the information subject, and the request for suspension of processing, is a principal or a legitimate agent.
6. Creating items of personal information processed
A) The company processes the following personal information items:
1. Membership registration and service management on the website
- Required items: Email, name, belonging, mobile phone number, password, login ID
7. Disposal of personal information
In principle, if the purpose of handling personal information is achieved, the company destroys the personal information without delay. Procedure, time and method for decommissioning is as follows.
- Drop procedure
The information entered by the user is transferred to a separate DB (a separate document for paper) after completion of the purpose and stored for a certain period of time or immediately destroyed according to the internal policy and other related statutes. In this case, personal information transferred to the DB is not used for any other purpose than by law.
If the personal information of the user has expired, the personal information of the user shall be destroyed within five days from the end date of the retention period, and within five days from the date when the personal information is deemed unnecessary, such as the achievement of the purpose of processing the personal information, the abolition of the service or the termination of the business.
- Demolition method
Information in the form of electronic files uses a technical method that does not allow recording to be replayed.
8. Items on the installation, operation, and refusal of the automatic personal information collection device
The company does not use 'cookies' to save and retrieve information from the information subject.
9. Personal Information Protection Officer Preparation
A) The company is responsible for handling personal information and designates a person in charge of personal information protection as follows to deal with complaints and remedy damages by the information subjects related to the processing of personal information.
▶ Personal information protection officer
Name: Tony PARK
▶ Department in charge of personal information protection
Department name: Management Team
Contact: Steven KANG
Contact: 02-6014-8373, firstname.lastname@example.org
B) The information subject can contact the personal information protection manager and the department in charge of personal information protection, complaint handling, damage relief, etc. all inquiries related to personal information protection caused by using the company's services. The company will respond and process inquiries from the information subject without delay.
11. Measures to secure the safety of personal information
In accordance with Article 29 of the Privacy Act, the company carries out technical, administrative and physical measures necessary to secure safety as follows:
1. Conducting regular self-audit
In order to secure stability related to personal information handling, POSCO E&C conducts its own audits on a regular basis (on a quarterly basis).
2. Minimize and educate employees on personal information handling
POSCO E&C implements measures to manage personal information by designating employees who handle personal information and minimizing it to those in charge.
3. Technical measures for hacking, etc.
In order to prevent personal information leakage or damage caused by hacking or computer viruses, the company installs security programs, periodically updates and checks, installs systems in areas with restricted access from outside, and monitors and blocks them technically and physically.
4. Encryption of personal information
The user's personal information is encrypted, stored, and managed, so only he or she can know, and important data uses separate security functions such as encrypting files and transmission data or using file locking.
5. Restrict access to personal information
Through granting, changing, and terminating access authority to database systems that process personal information, the government is taking necessary measures to control access to personal information and controlling unauthorized access from outside using the intrusion prevention system.
Marketing Information Reception
You can use the service even if you do not need to fill out the selected information in accordance with Article 22 paragraph 4 of the Privacy Act.
1 Use in marketing and advertising
– Developing new features and delivering custom services
– Sending newsletters, guiding new features (products)
– Provide advertising information, such as discounts and coupons
2 Various information can be provided to the members through the service screen, SMS, e-mail, etc. in operating the Influorio service, and the information contents and some benefit information, such as payment instructions, are provided regardless of whether or not the reception is mandatory.