Privacy Policy
Policy for Personal Information Processing
and Protection
KOLON ENP strives our best to protect and manage customers’ personal information.
KOLON ENP Co., Ltd. Personal Information Processing Policy
KOLON ENP (hereinafter referred to as the "Company") establishes and discloses the following personal information processing policy to protect the personal information of information subjects and to swiftly and smoothly handle related grievances following Article 30 of the 「Personal Information Protection Act」 (hereinafter referred to as the "Act").
Article 1 Purpose of Personal Information Processing
- The Company processes personal information for the following purposes.
-
Personal information being processed will not be used for purposes other than those listed below, and if the purpose is changed, separate consent will be obtained in accordance with Article 18 of the Act.
Classification Purpose Provision of Goods or Services Processing personal information to provide goods or services, including delivery of goods, service provision, issuance of contracts∙invoices, content provision, personalized service provision, identity verification, age verification, fee payment∙settlement, debt collection, etc. Customer Inquiries Processing personal information to verify the identity of the inquirer, confirm inquiry details, and notify processing results. Employee Personal Information Processing personal information to receive suitable labor provisions from employees and improve the working environment. Recruitment Processing personal information to identify job applicants, guide recruitment process/inquiries, assess suitability for recruitment, and manage future recruitment possibilities (using talent databases), etc.
Article 2 Processing and Retention Period of Personal Information
- The Company processes and retains personal information within the period specified following laws or the period agreed upon when collecting personal information from the information subject.
-
The processing and retention periods for each category of personal information are as follows.
-
1) Provision of Goods or Services: Until completion of goods·services supply and payment·settlement completion (however, until the end of the following period if applicable reasons exist)
-
Records related to indication·advertisement, contract details, and performance, etc., following the 「Act on Consumer Protection in Electronic Commerce」.
Records related to indication·advertisement: 6 months
Contract or subscription withdrawal, payment records, supply records of goods, etc.: 5 years
Records related to consumer complaints or dispute resolution: 3 years -
Retention of telecommunications fact confirmation data according to Article 41 of the 「Telecommunications Secrets Protection Act」
Subscriber's telecommunications date, start·end time, counterpart's subscriber number, usage frequency, and base station location tracking data: 1 year
Computer communications, internet log data, access location tracking data: 3 months
-
Records related to indication·advertisement, contract details, and performance, etc., following the 「Act on Consumer Protection in Electronic Commerce」.
- 2) Customer inquiries: Up to 3 months after inquiry receipt
- 3) Employee personal information: From the date of resignation, for 3 years unless otherwise agreed
-
4) Recruitment
- Job application information: Until the end of the recruitment process (however, immediate destruction upon the information subject's deletion request)
- Registered information in the talent database: 5 years from the registration date (however, immediate destruction upon the information subject's deletion request)
-
1) Provision of Goods or Services: Until completion of goods·services supply and payment·settlement completion (however, until the end of the following period if applicable reasons exist)
- The Company promptly destroys personal information when the retention or use period of personal information expires or when the purpose of use is achieved, except in cases where “it is necessary to retain personal information under other laws” or “when individual consent has been obtained from the information subject.”
Article 3 Provision of Personal Information to Third Parties
- The Company processes the personal information of information subjects within the scope specified for personal information processing and provides personal information to third parties only when the information subject consents or when there are special provisions of the law, such as Articles 17 and 18 of the 「Personal Information Protection Act」. Otherwise, the Company does not provide personal information of the subjects to third parties.
- In emergency situations such as disasters, infectious diseases, urgent risks to life or body, urgent property loss, etc., the Company may provide personal information to relevant institutions without the consent of the information subject.
Article 4 Outsourcing of Personal Information Processing
-
To facilitate smooth personal information processing, the Company outsources the following personal information processing tasks.
Classification Outsourced Entity (Delegatee) Outsourced Tasks ERP System Outsourcing KOLON Benit Co., Ltd. Operation and improvement of the ERP system - When entering into outsourcing contracts, the Company specifies matters such as the prohibition of personal information processing beyond the outsourcing purpose, technical∙managerial protective measures, restrictions on re-outsourcing, management∙supervision of delegates, liability for damages, etc., in documents such as contracts following Article 25 of the 「Personal Information Protection Act」. The Company also supervises whether the delegate safely processes personal information.
- If the content of the outsourced tasks or the delegate is changed, we will promptly disclose it through this Privacy Policy.
Article 5 Rights∙Obligations of Information Subjects and Legal Representatives and Methods of Exercise
- Information subjects may exercise their rights, such as the right to access·correct·delete or request suspension of personal information processing, against the Company at any time.
- The exercise of rights can be done in writing, via electronic mail, etc., to the Company, and the Company will promptly take measures in response following Article 41, Paragraph 1 of the 「Personal Information Protection Act」.
- The exercise of rights under Paragraph 2 may also be done through a legal representative of the information subject or a delegate. In this case, a proxy, according to Form No. 11 of the “Guidelines for Personal Information Processing Methods”, must be submitted.
- The right to access and request suspension of processing may be restricted under Article 35, Paragraph 4 and Article 37, Paragraph 2 of the 「Personal Information Protection Act」.
- Requests for correction and deletion of personal information may not be made if the personal information is specified as a collection target by other laws.
- The Company verifies whether the requester of requests such as access, correction, deletion, or suspension of processing under information subject rights is the information subject themselves or their lawful representative.
Article 6 Personal Information Items Being Processed
-
The Company may process the following personal information items.
Classification Required Items Optional Items Provision of Goods or Services Name, Phone Number, Email Address Employee Personal Information Photo, Name, Date of Birth, Gender, Home Phone Number, Mobile Phone Number, Email, Emergency Contact, Current Address, Education, Career, Qualifications, Language Proficiency, Military Service Family, Hobbies, Special Skills, Marital Status, Marriage Anniversary Recruitment Photo, Name, Date of Birth, Gender, Email, Mobile Phone Number, Current Address, Education, Password
※ Sensitive Information: Disability, Disability Grade, Veterans, Veteran Number, Results of Health Checkups conducted during the recruitment processCareer, Qualifications, Language Proficiency, Military Service, Experience, Overseas Experience, Awards, Activities related to Publications, Other Preferential Information, Self-introduction related information provided by the individual for recruitment purposes
Article 7 Procedures and Methods for Destruction of Personal Information
- The Company promptly destroys personal information when it becomes unnecessary due to the expiration of the retention period or achievement of the processing purpose.
- If personal information must be retained under other laws even after the expiration of the agreed retention period or achievement of the processing purpose, the Company moves such personal information to a separate database (DB) or stores it in a different location.
-
The procedure and method for the destruction of personal information are as follows.
-
1) Destruction Procedure
The company selects personal information for disposal when the disposal reason arises and obtains approval from the company's personal information protection manager before disposing of the personal information. -
2) Destruction Method
Personal information recorded and stored in electronic file format is destroyed using methods such as low-level formatting to make the records irretrievable. Personal information recorded and stored in paper documents is shredded or incinerated for disposal.
-
1) Destruction Procedure
Article 8 Measures for Ensuring the Security of Personal Information
-
To ensure the security of personal information, the following measures are taken.
- 1)Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.
- 2)Technical Measures: Access control management of personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs.
- 3)Physical Measures: Access control of computer rooms and data storage rooms.
Article 9 Personal Information Protection Manager
-
The company is responsible for overseeing tasks related to the processing of personal information and has designated a personal information protection manager to handle complaints and remedies related to the processing of personal information as follows.
Personal Information Protection Manager Personal Information Protection Department Name Kim Mintae Department HR team Position Division Director of Management Support Contact Person Kim Minsun, Senior Manager Contact +82) 2-3677-3610 Contact +82) 2-3677-3588 - Information subjects can contact the personal information protection manager and the responsible department for any inquiries, complaints, or remedies related to personal information protection that arise while using the company's services (or business).
The company will promptly respond to and address inquiries from information subjects.
Article 10 Remedies for Violation of Rights
-
Information subjects can inquire about remedies, consultations, etc., for personal information breaches from the following institutions.
- ‣ Personal Information Infringement Report Center : 118 (no area code required) (https://privacy.kisa.or.kr)
- ‣ Personal Information Dispute Resolution Committee : 1833-6972 (no area code required) ( https://www.kopico.go.kr)
- ‣ Supreme Prosecutors' Office : 1301 (no area code required) +82) 2-3480-3573 (https://www.spo.go.kr)
- ‣ Korean National Police Agency : (no area code required) 182 (https://ecrm.cyber.go.kr)
Article 11 Request for Access to Personal Information
-
Information subjects can request access to their personal information following Article 35 of the 「Personal Information Protection Act」 to the department below. The company will make efforts to promptly process information subjects' requests for access to personal information.
Department for Receiving and Processing Requests for Access to Personal Information Department HR Team Contact Person Kim Minsun, Senior Manager Contact +82) 2-3677-3588