4Grit (collectively, "Company") values personal information of customers and does best to protect customers’ personal information.
Company observes regulations that information and communication service providers shall observe including ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC., PERSONAL INFORMATION PROTECTION ACT, and ENFORCEMENT DECREE OF THE PERSONAL INFORMATION PROTECTION ACT.
This Policy shall take effect on September 29, 2016.
Article 1. Agreement on Collection and Use of Personal Information
Article 2. Personal Information Collected and Collection Method
Company collects the following personal information to provide services including signup, consultation, and service selection and implementation of contracts.
- Collected information: email, encrypted password, phone number, company name
Company may collect the following information required in payment on the payment period if customers attempt to use paid services.
- Collected information: Information (name) of customers with payment method, credit card Information, payment approval number
Company collects the following information to provide customers with consultation on service use inquiries.
- Collected information: name, company name (optional), email
The following information may be collected during using the service.
- cookies, service use record, visit history record, access log, access IP address, domain, name of website, event of page activity, etc.
Company collects personal information in the following way.
- Use of the home page and filling out of a form, consultation
- Information is collected automatically when customers install or use scripts related to services provided by Company.
- Company does not require personal information which may infringe basic human rights (race and ethnicity, ideology and doctrine, hometown and legal domicile, political orientation and criminal record, health status and sex life, etc.) and informs customers that Company shall not collect and use such information for any other purposes.
Article 3. Collection of Personal Information and Use Purpose
Company uses the collected personal information for the following purposes.
Provide services, calculate fees for paid services, provide contents, verify customer’s identity, send contracts and bills, and collect fees.
Identify sign-up intent, verify customer’s identity for receiving membership service, identify individual customers, prohibit bad customers from illegal and unpermitted service use, verify individual’s identity upon limited implementation of verification system, keep records to be used for dispute settlement, resolve inquiries including complaints, and deliver notifications.
Do marketing and commercials
Develop new services and provide customized services, provide event and promotional information as well as provide opportunity to engage in events, check efficiency of service, figure out access frequency, provide service and upload advertisement based on statistical features, and draw statistics on customers’ service use.
Article 4. Retention of Personal Information and Use Period
- User’s personal information shall be deleted after being used for its purpose.
User’s personal information is retained and used for services until users withdraw the membership (terminate service use contract). However, Company may retain collected information for the following prescribed purposes and period and shall not use for other purposes.
- If there is any ongoing investigation · examination due to violation of related laws, Company retains the information until the ongoing investigation · examination is ended.
- If Company has a debtor/debtee relationship with customers, Company retains the information until such relationship is completely cleared up.
Records on trades including mark · commercials, contracts and implementation of contracts based on [ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC.]
- Records on mark · commercials: 6 months
- Records on resolving customer complaints or disputes: 3 years
- Records on contract or subscription withdrawal: 5 years
- Record on making payment and providing goods and others: 5 years
- Records on electronic financial transactions based on [ELECTRONIC FINANCIAL TRANSACTIONS ACT]: 5 years
- Records on visiting the website based on [PROTECTION OF COMMUNICATIONS SECRETS ACT]: 3 months
- Records on verifying individual identities based on [ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC.]: 6 months
Article 5. Onward Transfer of Personal Information to Third Parties
- Company shall collect personal information of customers only within the range stated in collection and use of personal information. Company shall provide third parties with customers' personal information only in cases applied to Article 17 and 18 of PERSONAL INFORMATION PROTECTION ACT including consent of information subject and special regulations in law.
Article 6. Right · Responsibility of Customer and Method of Exerting Right
- Customers may search or modify their registered personal information and may request cancellation of subscription whenever necessary.
- For exercise of right according to Paragraph 1 of Article 6, customers may exercise to Company based on Form 8 of Addendum of Enforcement Rules to Personal Information Protection Act via in writing, email, or facsimile (FAX) and Company will take immediate measure for the exercised rights by customers.
- If customers want to search or revise their personal information, they need to click the button of "change personal information." Click "membership withdrawal" to cancel subscription. Ccustomers may search, revise, or withdraw after user authentication.
Company shall not use or provide applicable personal information until Company completes correction after there are request for correction on error in personal information. However, exceptionally for the following cases, Company may open and correct personal information.
- In a case that it has concern for damaging life, body, asset, or rights and interests of customers themselves or the third party
- In a case that it has concern for having considerable impact on business of the related service providers
- In a case that it violates laws
- Customers may exercise their rights based on Paragraph 1 of Article 6 via their legal or entrusted representative. In the abovementioned case, customers shall submit a power of attorney according to Form 11 of Addendum of Enforcement Rules to Personal Information Protection Act.
Article 7. Installation, Operation, and Refusal to Automatic Personal Information Collecting Device
- Cookies are character-string information (text files) stored in a web browser by a web server and sent back to the server when there are additional requests. After requests made, cookies are stored in the computer hard disk of customers.
- Company installs and runs cookies storing and searching information of customers via the internet service.
Information that Company collects via cookies is limited to unique number of customers and Company does not collect other information. The unqiue numbers collected via cookies may be used for the following purposes.
- Provide customized service based on areas of interest of each customer.
- Use for a targeted marketing by grasping tastes and areas of interest of users by analyzing access frequency or duration of both members and non-members.
- Use for standards of service restructuring and others by tracking and analyzing which services that customers used.
- Customers can choose whether to accept cookies or not. Customers may allow to place all cookies on their computers by setting options in a web browser or going through confirmation whenever cookies are stored or may reject all cookies. If customers reject cookies, some services by Company may become unavailable.
Article 8. Onward Transfers of Personal Information
Company transfers personal information as follows to improve service. In case of onward transfer according to related laws, Company sets required items to safely manage personal information.Details on agency and content for transfer are as follows.
|KG INICIS CO.,LTD.||agency for credit card payment||until the transfer contract ends.|
|Agency||KG INICIS CO.,LTD.|
|Content||agency for credit card payment|
|Period||until the transfer contract ends.|
Article 9. How Company Deletes Personal Information
Company immediately deletes the collected information after using for its purpose based on its storage and use period. The information to delete, deletion procedures, and methods are as follows.
- Company stores and retains the personal information collected to provide applicable services for a certain period (refer to Article 4 Retention of Personal Information and Use Period) based on internal policy and other related laws for information protection and deletes after being used for its sole purpose.
- Company shred written forms or printed materials with personal information and technically delete electronic files which can never be replayed.
Article 10. Measurement of Securing Stability of Personal Information
Company takes technical/administrative and physical measures required to secure stability according to Article 29 of PERSONAL INFORMATION PROTECTION ACT.
Encryption of Personal Information
Company takes necessary measures to control access to personal information by provision, change, and deletion of access right to the database system processing personal information and controls unauthorized external access by using an infringement blocking system.
Stroage of Access Record and Prevention of Forgery
Company retains and manages records of access to the personal information process system at least 6 months. Company uses security function to protect the access record from being forged, stolen, or lost.
Use of Locking System for Document Security
Company keeps documents and auxiliary storage devices with personal information in a safe place with locking system.
Article 12. How to Recover Infringed Rights
Customers may ask consultation to the following agencies on remedy for damage. As independent agencies to Company, if customers are not satisfied with Company's dealing with complaints or remedies, they may ask for much detailed help.
- Personal Information Dispute Mediation Committee (www.kopico.go.kr / 82-1833-6972)
- Personal Information Infringement Report Center of Korea Internet & Security Agency (KISA) (privacy.kisa.or.kr / 82-118)
- Cybercrime Investigation Division at Supreme Prosecutors' Office (SPO) (www.spo.go.kr / 82-2-3480-2000)
- Cyber Terror Investigation Section (www.netan.go.kr / 82-2-392-0330)
- Personal Information Protection Mark Accreditation Committee (www.eprivacy.or.kr / 82-2-580-0533~4)
Article 13. Manager Responsible for Personal Information
Company appoints managers responsible for overall personal information protection as follows to process and resolve complaints and damages of subjects of information in relation to process of personal information.
Manager Responsible for Personal Information
Name: Taejoon Park
Manager Responsible for Personal Information
Name: Inho Jung