Neosapience, Inc. (hereinafter “Company”) has established and announces its personal information handling policy in accordance with relevant statutes, including the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. and the Personal Information Protection Act as follows.
1. Purpose of Handling Personal Information
The Company handles personal information for the following purposes only. It does not use such information for any purpose other than the following.
Verification of users’ intention to subscribe to services, the provision of services for users and resultant verification and authentication of their identity, maintenance and management of members’ qualification, prevention of illegal uses of services, payments, settlement, supply and delivery of goods or services, demographic analysis, analyses of visits to service sites and user logs, formation of relationships between users (based on their personal information and interests), new service development and existing service improvement (including the provision of tailor-made services based on users’ acquaintances and interests), use of marketing and ads, handling of users’ complaints (verification of the identity of users filing complaints, verification of complaints, contacting and notifying users for factual surveys, notification, and notification of survey results)
2. Period of Handling and Retaining Personal Information
A. The Company shall handle and retain personal information for a certain period. The Company obtains consent from users in collecting and using their personal information or under statutes.
B. The detailed periods of handling and retaining personal information are as follows:
User subscription and management: Until the termination of a service user agreement or a user agreement, until fulfilling the purpose of preventing confusion in the use of services and illegal use of services (abnormal use of services, such as illicit subscription), including resolution of complaints and disputes, and until the settlement of remaining claims and obligations
Records on contracts, withdrawal of offers, payments, and goods purchased on electronic commercial transactions: five (5) years; Records on customers’ complaints or dispute-resolution: three (3) years; Records on indication and advertisements: six (6) months
3. Rights and Obligations of Users and their Legal Representatives and Methods for Exercising Such Rights and Obligations
A. Users and their legal representatives may exercise the following rights regarding the protection of their personal information against the Company at any time:
i. Right to demand access to their personal information
ii. Right to demand correction of errors and others
iii. Right to delete their personal information
iv. Right to suspend their personal information handling
B. Users may check or revise their personal information at [Company’s Website] [Members’ Information] at any time or exercise the above rights by contacting a Privacy Officer in writing, by phone, or by e-mail.
4. Collected Personal Information Items and Collection Methods
A. The Company collects the following personal information items:
Mandatory items: e-mail, password question and answer, password, login ID, gender, date of birth, name, service user logs, access logs, cookies, access IP information, payment records, name of user’s legal representative, legal representative’s telephone no., user’s voices, photos, and video clips.
B. The Company shall collect personal information through the following methods:
i. If users agree on the collection of their personal information and enter such information by themselves in the course of obtaining membership and using services, then the Company collects such information.
ii. Users’ personal information may be collected during consultation with the Company’s customer center via website, mail, fax or phone.
iii. Users’ personal information may be collected in writing during events and seminars which are held offline.
iv. The Company may be provided with personal information by its affiliated companies or organizations.
v. Information, such as device information, may be automatically created and collected in the course of using PC websites/mobile websites/applications.
5. Destruction of Personal Information
In principle, if the purpose of handling personal information has been fulfilled, then the Company shall immediately destroy personal information.
The destruction procedure, deadline, and methods are as follows:
Once the purpose of collecting personal information has been fulfilled, the information inputted by users shall be transferred to a separate DB (separate documents in case of paper). After being stored for a certain period of time under the Company’s internal guideline and other relevant statutes or immediately, this information will be destroyed. The personal information transferred to the database may not be used for any other purposes, unless permitted or required under law.
When the prescribed period of retaining personal information has passed, the purpose of handling personal information has been fulfilled, or the personal information has become unnecessary due to the revocation of pertinent services and cessation of a business, such information shall be immediately destroyed on the date when the personal information handling is acknowledged to be unnecessary. However, if statutes prescribe that the Company has an obligation to retain personal information for a certain period of time, then the Company shall keep such personal information secure during such a period of time.
6. Matters on Installation, Operation, and Rejection of Cookies
B. A cookie is a small piece of data, which a server uses for operating a website. The server sends the cookie to a computer browser, and it is stored on the hard disk on users’ computers.
i. Purpose of using cookies: The Company gathers and uses information regarding users’ visits, type(s) and use of each service and website that users use, popular search words, and whether users are using secure access, in order to provide users with optimized information.
ii. Installation, operation, and rejection of cookies: Users may reject the storing cookies on their computers by clicking Tools > Internet Options > Personal Information Menu > Option Settings. If users reject the storing of cookies, they may have difficulty in using tailor-made services.
7. Privacy Officer
A. The Company appoints a Privacy Officer who is in charge of personal information handling, handling users’ complaints regarding their personal information, and remedying damage.
▶ Privacy Officer
Name: Taesu Kim
Title: Representative Director
Position: Representative Director
Contact point: firstname.lastname@example.org,
※ This is connected to the department in charge of protecting personal information.
▶ Department in Charge of Protecting Personal Information
Department name: Operation Team
Person-in-charge: Juncheol, Cho
Contact point: email@example.com
B. Users may contact the Privacy Officer and Personal Information Handling Department to make inquiries about matters regarding the protection of personal information, handling their complaints, and remedying damage, which arise during their use of the Company’s services (or business). The Company shall answer and deal with users’ inquiries without any delay.
8. Measures for Ensuring the Security of Personal Information
The Company takes technological, administrative, and physical measures required for ensuring the security of personal information in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. and Personal Information Protection Act.
A. Conducting regular and internal audits
The Company conducts its own audit regularly (quarterly) to ensure the security of personal information handling.
B. Keeping the number of personal information handling employees at a minimum and training such employees
The Company appoints employees who handle personal information and keeps the number of the employees at a minimum.
C. Establishing and implementing an internal management plan
The Company establishes and implements an internal management plan for the secure handling of personal information.
D. Technological measures against data breach
The Company installs security programs, regularly updates and checks those programs, installs systems in access-controlled areas from the outside, and technologically and physically monitors or blocks the systems in order to prevent the leakage and damage of personal information due to data breaches or computer viruses.
E. Encryption of personal information
Users’ personal information is stored and managed with their passwords protected by encryption. The Company uses separate security features for data that only users themselves can know and is considered important. These security features include encryption of files and transmitted data and file-locking.
F. Retaining access logs and preventing their counterfeit and falsification
The Company retains and manages logs on accessing the Personal Information Handling System for at least more than six (6) months. It uses a security feature designed to prevent the access logs from being counterfeited, altered, stolen, or lost.
G. Limiting access to personal information
The Company takes necessary measures for controlling access to users’ personal information by granting, revising, or deleting the right to access a personal information processing database system. It denies unauthorized access from the outside through an intrusion blocking system.
This Personal Information Handling Policy shall take effect on its effective date. Any addition, deletion, and amendment in these terms and conditions under the statutes and this Policy shall be announced via notices seven (7) days prior to the effectuation of the amended terms and conditions.