Kandan (hereinafter referred to as "the Company") has established and published the following Personal Information Processing Guidelines to protect the personal information of data subjects and to handle related complaints swiftly and smoothly, in accordance with Article 30 of the Personal Information Protection Act.
Article 1 (Purpose of Personal Information Processing)
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those specified below, and in the case of changes to the purpose of use, necessary measures will be implemented, including obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
Membership Registration and Management: To confirm the intention to join, identify and authenticate individuals for member-only services, maintain and manage membership qualifications, verify identity under the Limited Real-Name Verification System, prevent unauthorized use of services, check the consent of legal guardians when processing personal information of children under 14 years old, and handle various notifications and complaints.
Provision of Goods or Services: To deliver goods, provide services, send contracts and invoices, offer content, provide customized services, verify identity and age, process payments and settlements, and collect debts.
Complaint Handling: To verify the identity of complainants, confirm complaint details, contact and notify for fact-finding, and inform about the results of processing.
Here’s the translation of the provided text:
Article 2 (Processing and Retention Period of Personal Information)
① The Company processes and retains personal information within the retention and use periods prescribed by laws or the periods for which consent was obtained from the data subjects when collecting personal information.
② The processing and retention periods for each type of personal information are as follows:
Membership Registration and Management: Until withdrawal from the business or organization’s website; however, in the following cases, until the reason for retention is resolved:
Records related to transactions under the Act on Consumer Protection in Electronic Commerce:
Retention of Communication Records under Article 41 of the Act on the Protection of Communications Secrets:
Article 3 (Provision of Personal Information to Third Parties)
① The Company processes the personal information of data subjects only within the scope specified in Article 1 (Purpose of Personal Information Processing) and provides personal information to third parties only with the consent of the data subject, or in cases specified by law, such as under Article 17 of the Personal Information Protection Act.
② The Company provides personal information to third parties as follows:
Article 4 (Outsourcing of Personal Information Processing)
① The Company outsources the following personal information processing tasks to ensure smooth operations:
Operation of Call Center:
Operation of A/S Center:
② When entering into outsourcing contracts, the Company specifies in writing the prohibition of processing personal information outside the purpose of the outsourcing, technical and managerial protective measures, restrictions on re-outsourcing, management and supervision of the outsourcing entity, and liability for damages, in accordance with Article 25 of the Personal Information Protection Act. The Company also supervises whether the outsourcing entity processes personal information safely.
③ If the content of the outsourced work or the outsourcing entity changes, the Company will promptly disclose this through the personal information processing policy.
Article 5 (Rights of Users and Legal Representatives and Methods of Exercising Those Rights)
① Data subjects may exercise the following rights regarding personal information at any time with respect to the Company:
② The rights specified in paragraph 1 can be exercised through written requests, phone calls, emails, or facsimiles (FAX) to the Company, and the Company will respond without delay.
③ If a data subject requests correction or deletion of errors in their personal information, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
④ The rights specified in paragraph 1 can also be exercised through a legal representative or an authorized agent. In this case, a power of attorney in accordance with the form prescribed in Article 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
⑤ Data subjects must not infringe upon the personal information or privacy of themselves or others when the Company processes personal information in violation of the Personal Information Protection Act or related laws.
Article 6 (Personal Information Items Processed)
The Company processes the following personal information items:
Article 7 (Destruction of Personal Information)
① The Company will promptly destroy personal information when it is no longer necessary due to the expiration of the retention period or the achievement of the purpose of processing.
② If the retention period of personal information consented to by the data subject has expired or the purpose of processing has been achieved, but the personal information must be retained according to other laws, the Company will move the relevant personal information to a separate database (DB) or store it in a different location.
③ The procedures and methods for destroying personal information are as follows:
Destruction Procedure: The Company will select the personal information to be destroyed based on the reason for destruction and obtain approval from the Company’s Personal Information Protection Officer before proceeding with the destruction.
Destruction Method: Personal information recorded and stored in electronic file format will be destroyed using methods such as low-level formatting to ensure that the records cannot be recovered, and personal information recorded and stored in paper documents will be shredded or incinerated.
Article 8 (Measures to Ensure the Security of Personal Information)
The Company takes the following measures to ensure the security of personal information:
Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.
Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs.
Physical Measures: Access control for computer rooms and data storage rooms.
Article 9 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)
① The Company uses "cookies" to store user information and retrieve it as needed to provide personalized services.
② Cookies are small pieces of information sent from the server (http) operating the website to the user’s computer browser and can be stored on the user’s computer hard drive.
a. Purpose of Cookie Usage: Cookies are used to understand the visit and usage patterns of each service and website visited by users, popular search terms, security access status, etc., in order to provide optimized information to users.
b. Installation, Operation, and Refusal of Cookies: Users can refuse cookie storage through the settings in their web browser under Tools > Internet Options > Privacy menu.
c. Consequences of Refusing Cookie Storage: If cookie storage is refused, there may be difficulties in using personalized services.
Article 10 (Personal Information Protection Officer)
① The Company designates a Personal Information Protection Officer as follows to oversee personal information processing, handle complaints from data subjects, and provide remedies for any issues related to personal information processing.
▶ Personal Information Protection Officer
Name: Lee Woo-seok
Position: CEO
Contact: 010-7296-1992, proiim.official@gmail.com
② Data subjects may contact the Personal Information Protection Officer and the relevant department regarding any inquiries, complaints, or remedies related to personal information protection that arise while using the Company’s services (or business). The Company will respond to and address the inquiries of data subjects without delay.
Article 11 (Request for Access to Personal Information)
Data subjects may request access to their personal information under Article 35 of the Personal Information Protection Act to the department specified below. The Company will strive to process requests for access to personal information promptly.
▶ Personal Information Access Request Reception and Processing Department
Contact Person: Lee Woo-seok
Contact: 010-7296-1992, proiim.official@gmail.com
Article 12 (Methods of Redress for Rights Infringement)
Data subjects may contact the following organizations for redress or consultation regarding personal information infringement:
▶ Personal Information Infringement Reporting Center (operated by the Korea Internet & Security Agency)
Responsibilities: Reporting personal information infringements, requesting consultations
Website: privacy.kisa.or.kr
Phone: 118 (no area code required)
Address: 3rd Floor, 301-2, Bitgaram-dong, 9, Jinheung-gil, Naju, Jeonnam, 58324, Korea
▶ Personal Information Dispute Mediation Committee
Responsibilities: Application for personal information dispute mediation, collective dispute mediation (civil resolution)
Website: www.kopico.go.kr
Phone: 1833-6972 (no area code required)
Address: 4th Floor, Government Seoul Building, 209, Sejong-daero, Jongno-gu, Seoul, 03171, Korea
▶ Cyber Crime Investigation Division, Supreme Prosecutors' Office: 02-3480-3573 (www.spo.go.kr)
▶ Cyber Safety Bureau, National Police Agency: 182 (http://cyberbureau.police.go.kr)
Article 13 (Implementation and Changes of the Privacy Policy)
This Privacy Policy will take effect from November 1, 2024.