('gpcert.org' hereinafter'GPC Certification Center') is the following to protect users' personal information and rights and interests in accordance with the Personal Information Protection Act, and to smoothly handle user grievances related to personal information. We have the same treatment policy.
• This policy will take effect from January 1, 2008.
1. Purpose of processing personal information
('gpcert.org' hereinafter'GPC Certification Center') processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following purposes, and prior consent will be sought if the purpose of use is changed.
1) Homepage membership registration and management
Membership intention, identification and authentication according to the provision of membership service, maintenance and management of member qualifications, identification according to the enforcement of the limited identification system, prevention of illegal use of services, confirmation of consent from the legal representative when collecting personal information of children under the age of 14, We process personal information for the purposes of various notices and notifications, handling grievances, and preserving records for dispute resolution.
2)Civil affairs processing
Personal information is processed for the purpose of confirming the identity of the complainant, confirming the complaints, contacting and notifying for fact-finding, and notifying the processing result.
3)Use in marketing and advertising
Development of new services (products) and provision of customized services, provision of event and advertisement information and opportunities for participation, provision of services and advertisements according to demographic characteristics, validation of services, identification of access frequency, or statistics on members' use of services, etc. We process personal information for the purpose of.
4)Personal image information
Personal information is processed for the purpose of crime prevention and investigation, facility safety and fire prevention, traffic control, collection, analysis, and provision of traffic information.
2. Personal information file status
1)Personal information file name: Personal information processing policy
- Personal information items: email, mobile phone number, home address, password question and answer, password, login ID, gender, name, company phone number, position, department, company name, occupation, physical information, education, social security number, credit card Information, bank account information, service use record, access log, cookie, access IP information
- Collection method: website, written form, phone/fax, giveaway event, provided by affiliates, collection through generated information collection tool
- Retention basis: customer management
- Retention period: 5 years
- Relevant laws: Records on collection/processing and use of credit information: 3 years, Records on consumer complaints or dispute settlement: 3 years, Records on payment and supply of goods: 5 years, withdrawal of contract or subscription Records on etc.: 5 years, Records on labeling/advertising: 6 months
3. Processing and retention period of personal information
① ('GPC Certification Center') shall process and retain personal information within the period of retention and use of personal information in accordance with the law or the retention and use period of personal information agreed upon when collecting personal information from the information subject. Do it.
② Each personal information processing and retention period is as follows.
Personal information related to 1) is retained and used for the above purpose of use from the date of consent for collection and use.
- Retention basis: customer management
- Related laws:
1) Records on collection/processing and use of credit information: 3 years
2) Records on consumer complaints or dispute settlement: 3 years
3) Records on payment and supply of goods: 5 years
4) Records on contract or subscription withdrawal: 5 years
5) Records on display/advertisement: 6 months
4. Matters concerning the provision of personal information to a third party
① ('gpcert.org' hereinafter'GPC Certification Institute') will only transfer personal information to third parties in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the information subject and special provisions of the law. Give it to you.
② ('gpcert.org') provides personal information to third parties as follows.
- Person who receives personal information: GPC Certification Center
- Purpose of using personal information of the recipient: email, mobile phone number, home address, password question and answer, password, login ID, gender, date of birth, name, company phone number, position, department, company name, occupation, education, social security number , Service use record, access log, cookie, access IP information
- Retention and use period of the recipient: 3 years
5. Consignment of personal information processing
① ('GPC Certification Center') entrusts the following personal information processing tasks for smooth personal information processing.
- Entrusted person (trustee): Information provision
- Contents of consignment service: Identity verification according to membership service use, complaint handling such as complaint handling, notification delivery, new service (product) development and customized service provision, event and advertisement information provision and participation opportunity, video information processing device operation
- Consignment period: 3 years
② ('gpcert.org' hereinafter' Certification Institute') is prohibited from processing personal information other than the purpose of consignment according to Article 25 of the Personal Information Protection Act when consigning contracts, technical and administrative protection measures, and re-consignment Restrictions, management and supervision of trustees, and liability for damages are specified in documents such as contracts, and supervised whether the trustee handles personal information safely.
③ If the contents of the consignment business or the consignee change, we will disclose it through this personal information processing policy without delay.
6. Rights and obligations of the information subject and the legal representative, and how to exercise the user As a personal information subject, the user can exercise the following rights.
① The information subject can exercise the right to view, correct, delete, and request suspension of processing of personal information at any time with GPCGIC Certification Center.
② The exercise of the rights pursuant to Paragraph 1 can be done through writing, e-mail, fax, etc. to GPC Certification Center in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act. Will take action without delay.
③ The exercise of rights pursuant to Paragraph 1 can be done through the legal representative of the information subject or through an agent such as a person who has been delegated. In this case, you must submit a power of attorney in accordance with the form of Attachment 11 of the Enforcement Regulations of the Personal Information Protection Act.
④ The rights of the information subject may be restricted according to Article 35 (5) and Article 37 (2) of the Personal Information Protection Act for requests to view and stop processing personal information.
⑤ Request for correction and deletion of personal information cannot be requested if the personal information is specified as the object of collection in other laws.
⑥ GPC Certification Center confirms whether the person who made the request, such as a request for access according to the rights of the information subject, request for correction or deletion, or request for access to a request for suspension of processing, is the person or a legitimate agent.
7. Create items of personal information to be processed
① ('gpcert.org' hereinafter'GPC Certification Center') processes the following personal information items.
- Required items: email, mobile phone number, password, login ID, service usage record, access log, cookie, access IP information
- Optional items: email, mobile phone number, home address, home phone number, password Q&A, password, login ID, gender, date of birth, name, company phone number, position, department, company name, occupation
8. Destruction of personal information
('GPC Certification Center') in principle destroys the personal information without delay when the purpose of processing personal information is achieved. The procedure, deadline and method of destruction are as follows.
The information entered by the user is transferred to a separate DB (separate documents in the case of paper) after the purpose is achieved, and is stored for a certain period of time or immediately destroyed in accordance with internal policies and other related laws. At this time, the personal information transferred to the DB is not used for other purposes unless it is required by law.
The personal information of users shall be within 5 days from the end of the retention period, if the retention period of personal information has elapsed, and when the personal information becomes unnecessary, such as achieving the purpose of processing personal information, abolition of the service, or the end of the business, etc. The personal information will be destroyed within 5 days from the date it is recognized as unnecessary to process.
-How to destroy
Information in the form of electronic files uses a technical method that cannot reproduce the record.
Personal information printed on paper is destroyed by shredding or incineration.
9. Matters concerning the installation, operation and rejection of automatic personal information collection devices
① In order to provide personalized services, GPC Certification Center uses ‘cookies’ that store and retrieve usage information from time to time.
② Cookies are a small amount of information sent to the user's computer browser by the server (http) used to operate the website, and may be stored on the hard disk in the user's PC computer.
- Installation, operation and rejection of cookies: You can refuse to store cookies by setting options in the Tools< Internet Options> Personal Information menu at the top of the web browser.
- If you refuse to store cookies, you may experience difficulties in using customized services.
10. Personal information protection manager
① GPC Certification Center ('gpcert.org' hereinafter ``GPC Certification Center'') is responsible for handling personal information processing and handling complaints and damages of information subjects related to personal information processing. For relief, etc., a person in charge of personal information protection is designated as follows.
[Personal Information Protection Officer]
Name: Lee Chun-gon
Contact : 02)6749-0723, email@example.com, 02-6749-0711
※ It is connected to the department in charge of personal information protection.
[ Department in charge of personal information protection]
Department Name: Certification Department
Person in charge: Lee Chun-gon
Contact : 02)6749-0723, firstname.lastname@example.org, 02-6749-0711
② Information subject matters regarding all personal information protection related inquiries, complaints, damage relief, etc. that occurred while using the service (or business) of GPC Certification Center ('gpcert.org' hereinafter'GPC Certification Center) You can contact the person in charge of personal information protection and the department in charge. GPC Certification Center Co., Ltd. (“gpcert.org” hereinafter ‘GPC Certification Center Co., Ltd.) will respond to and process inquiries from the information subject without delay.
①This personal information processing policy is applied from the effective date, and if there is addition, deletion, or correction of changes in accordance with laws and policies, it will be notified through notice from 7 days before the enforcement of the changes.
12. Measures to secure the safety of personal information
('GPC Certification Center') is taking technical/administrative and physical measures necessary to secure safety as follows in accordance with Article 29 of the Personal Information Protection Act.
1. Conduct regular self-audit
We conduct our own audits on a regular basis (quarterly) to ensure the safety of handling personal information.
2. Minimization and training of personnel handling personal information
We are implementing measures to manage personal information by designating employees who handle personal information and minimizing them by limiting them to the person in charge.
3. Establishment and implementation of an internal management plan
We have established and implemented an internal management plan for safe handling of personal information.
4. Technical measures against hacking, etc.
('GPC Certification Center') installs a security program to prevent leakage and damage of personal information by hacking or computer viruses, and periodically updates and checks, and access is controlled from outside. The system is installed in the designated area and is technically and physically monitored and blocked.
5. Encryption of personal information
The user's personal information is encrypted and stored and managed, so only the person can know it, and for important data, separate security functions such as encrypting files and transmission data or using the file lock function are used.
6. Storage of access records and prevention of forgery
The records of access to the personal information processing system are kept and managed for at least 6 months, and the security function is used to prevent forgery, theft, and loss of access records.
7. Restriction of access to personal information
Necessary measures are taken to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and unauthorized access from outside is controlled using an intrusion prevention system.
8. Use of locking device for document security
Documents containing personal information and auxiliary storage media are stored in a safe place with a lock.
9. Access control for unauthorized persons
A separate physical storage place where personal information is stored is established and access control procedures are established and operated.