In accordance with Article 30 of the Personal Information Protection Act, DEAR U Co., Ltd. (hereinafter referred to as the “Company”) hereby informs of the purpose, methods, and measures taken for the protection and usage of the subject’s personal information. Any revisions made to the personal information processing policy in accordance with the amendment of related legislations or change in Company’s policy will be announced through the Company’s website.
This privacy policy will come into effect on April 1, 2022.
Article 1. Personal information processing and purpose, possession period
The Company shall process personal information for the following purposes. Personal information to be processed shall not be used for purposes other than the following purposes, and if there is any change to the purpose of use, necessary measures such as obtaining separate consent, etc. in accordance with Article 18 of the Personal Information Protection Act, shall be executed
The company processes, retains, and destroys personal information within the retention period in accordance with internal regulations or within the period of retention and use of personal information consented to when collecting from government entities.
In principle, personal information of the subject shall be destroyed immediately when the purpose of collection and processing has been fulfilled
Each personal information processing item, purpose and retention period are as follows.
ITEM | PURPORE | RETENTION PERIOD | |
---|---|---|---|
Business alliance, Partnership Inquiries | Required: Name, Email | Responses to Business alliance, Partnership Inquiries | When the inquiry is answered |
Article 2. Destruction of personal information
When the personal information becomes no longer necessary due to achievement of the processing purpose, the Company shall destroy all relevant personal information immediately. If the personal information has to be retained in accordance with other legislations or to achieve the purpose of collecting personal information despite achievement of the processing purpose, the information will be destroyed after retention for a certain period as specified below.
ITEM | RETENTION PERIOD | |
---|---|---|
Records on consumer complaints or dispute resolution | Act on consumer protection in electronic commerce, etc. | 3 years |
History on service visits | Communication Secret Protection Act | 3 months |
After the purpose of use of the collected personal information is achieved, the company destroys the information without delay according to the period of retention and usage. The information destruction procedure and method shall be as follows.
Destruction procedure and timing
Personal information collected from customers will be deleted or destroyed after the retention period has elapsed in accordance with the internal policy and other relevant regulations after the purpose of use is achieved.
Destruction method
The Company shall destroy the recorded personal information and store it in an electronic file format using a technical method that restricts reproduction of the information. Personal information recorded and stored on paper documents shall be destroyed through shredding or incineration by dissolving with chemicals.
Consignment of personal information processing
For the proper processing of personal information, the Company consigns the personal information processing work as follows.
< Consulting Service Agent >
Consignee: Hyosung ITS
Contents of consignment work: C/S service for users
Consignment Period: At the end of the consignment contract
Upon conclusion of the consignment agreement, the Company specifies responsibility-related matters such as prohibition of personal information processing other than the purpose of consignment work execution, technical / administrative protective measures, restrictions on re-consignment, management / supervision of consignee, compensation, etc. on the contract documents and supervises whether the consignee processes the personal information safely
In the event of any changes to the contents of consignment work or the consignee, the changes would be immediately disclosed through this personal information processing policy.
Article 4. Rights and obligation of subject and legal representative, and the method to exercise
The subject may exercise following personal information protection rights against the Company at any time.
Request to look at personal information
Request correction if there are any errors, etc.
Request deletion
Request suspension of processing
By the enforcement decree, Article 41 paragraph 1 of the Personal Information Protection Act, exercising of rights in accordance with paragraph 1 hereof, may be conducted through writing, telephone, email, facsimile (fax), etc. to the Company, and after identification, the Company would process it without any delay.
Exercising of rights in accordance with paragraph 1 hereunder, may be performed through the subject’s legal representative or a delegated agent, etc. In this case, the power of attorney in accordance with Annex Form No. 11 of the Enforcement Regulation of Personal Information Protection Act shall be submitted.
The rights of the information subject may be restricted in accordance with Article 35 Paragraph 4 and Article 37 Paragraph 2 of the Personal Information Protection Act to request access to and processing of personal information.
The request for correction and deletion of personal information cannot be implemented if the personal information is specified as a collection target in other regulations.
The company confirms whether the person who made the request, such as a request for reading, correction, deletion, or suspension of processing according to the rights of the information subject, is the person or a legitimate agent.
Article 5. Measures to secure the safety of private information
The Company has taken the following measures to secure the safety of personal information.
Conduct periodical self-audits
The company conducts periodical self-audits to ensure the safety of personal information handling.
Minimize and train personal information handling employees
The company implements measures to manage personal information by designating employees who handle personal information and limiting them to the person in charge.
Establishment and implementation of internal management plan
The company has established and implemented an internal management plan to safely handle personal information.
Technical measures against hacking, etc.
n order to prevent leakage and damage of personal information caused by hacking or computer viruses, the company installs security programs, periodically updates and inspects them, installs systems in areas inaccessible from outside, and technically and physically monitors and blocks them.
Encryption of personal information
The user's personal information is stored and managed after being encrypted with a password, so only the user can know it. For important data, a separate security function is used, such as encrypting files and transmission data or using a file lock function.
Measures to store access records and prevent forgery / falsification
he records of access to the personal information processing system are kept and managed for at least one year, however, if personal information is added or unique identification information or sensitive information is processed for more than 50,000 information subjects, it is kept and managed for more than two years. In addition, a security function is used to prevent forgery, theft, and loss of access records.
Restriction and management measures for the rights to access personal information
The company takes necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and use an intrusion prevention system to control unauthorized access from outside.
Lock measures for document security
Documents and auxiliary storage devices containing personal information are stored in a safe place with a lock.
Measures such as installation of a system to suspend unauthorized access to personal information
A separate physical storage place for personal information is established and access control procedures are established and operated.
Article 6. Personal information protection officer
The Company has appointed a personal information protection officer as follows to take overall responsibility on the processing of personal information, as well as to process and handle personal information processing-related complaints from subjects.
Personal information protection officer
Name: Sung-min Jang
Title: CISO
Position: Vice President
Contact: 070-5158-6918, privacy@lysn.com
※ Direct to the department in charge of personal information protection.
▶ Department in charge of personal information protection
Department: Information Protection Team
Person in charge: Jin-hwan Kim
Contact: 070-5158-6918, privacy@lysn.com
The subject may inquire about all matters related to the protection of personal information occurring from the use of the Company’s services (or business), including complaint handling and damage relief, etc. The Company shall reply and process the subject’s inquiries immediately.
Article 7. Request to view personal information
The information subject may file a request for access to personal information in accordance with Article 35 of the Personal Information Protection Act to the following departments. The company will make every effort to promptly process the information subject's request for access to personal information.
▶ Department to receive and process request for personal information access
Department: Strategic Planning Team
Person in charge: Yeon-ah Kim
Contact: 070-5158-6918, help@lysn.com
Article 8. Remedies for the infringement of rights
The subject may inquire about the remedy with the following institutions and ask for consultation regarding the infringement of personal information. In addition, for other personal information infringement reports and consultations, please contact the following organizations.
Personal Information Dispute Mediation Committee: (Without area code) 1833-6972
Personal information infringement report center: (Without area code) 118
Supreme Prosecutors' Office : (Without area code) 1301 (www.spo.go.kr)
Cyber Bureau, National Police Agency : (Without area code) 182 (cyberbureau.police.go.kr)
Disposition taken by the head of a public institution in response to a request pursuant to Article 35 (Perusal of Personal Information),
Article 36 (Correction and deletion of personal information), Article 37 (Suspension of processing of personal information, etc.)
of the Personal Information Protection Act; A person whose rights or interests have been infringed due to omission may file an
administrative appeal as determined by the administrative adjudication.
Please refer to the website of the Central Administrative Adjudication Committee(www.simpan.go.kr) for details on administrative appeals.
Article 9. Modification of personal information processing policy
This regulation will come into effect on April 1, 2022.