Privacy Policy
December 19, 2022
  • December 19, 2022
  • October 28, 2022

RaonWhitehat(“Company”) strictly complies with all domestic laws and regulations, including the Personal Information Protection Act, to protect users’ personal information and rights and interests. The Company has established the following privacy policy to smoothly handle users’ grievances related to personal information.

 

Article 1 (Personal Information Processes and Retention Period)

The Company has processed the following personal information list.

Segment

Sub-segment

Personal Information

Purpose

Retention period

Inquiries and consultation

Contact the website (estimate)

[Required] Name, Rank, Department/Team, Email address, Contact (phone number, mobile phone number)

Respond to inquiries

Destruct immediately once responding to inquiries

Use service

Raon CTF service

[Required] Name, Organization, Department/Team, Student ID/Employee ID, Email address, classification(position), Grade level, Passwords

Provide and operate security training service

Destruct once service is deregistered

USIM simple authentication service

[Required] Name, Gender, BOD, Mobile carrier, Mobile phone number, USIM serial code, OS information

Provide personal authentication

Destruct after 6-month of storage

USIM smart authentication service

[When register service]
[Required] Mobile phone number, Device name and serial number, USIM model name and serial number, OS type, Service registration (registration / deregistration)

Save and use joint certificate mobile phine USIM

Destruct after 6-month of storage

[when download the app]
[Required] Mobile phone number

Send the URL for app installation

Delete after sending URL

Smart sign service

[Required] Mobile phone number, OS type, Service registration (registration / deregistration)

Save joint certificate on the cloud and use it

Destruct after 6-month of storage

[when download the app]
[Required] Mobile phone number

Send the URL for app installation

Delete after sending URL

Smart anti-phishing

[Required] Mobile phone number

Link with financial companies, e-commerce business and government institutes and provide notice service to prevent telecommunications financial fraud such as voice phishing

Store for 1year from the service termination

OmniOne

[Required] Name, Mobile phone number, Native/Foreigner information, BOD, Gender, Connected Information, Duplication information(DI)

Registration

Until the service is deregistered

OmniOne mobile ID

[Required] Name, Rank, Department, Employee ID, School, Major, Student ID, Connected information(CI), Duplication information(DI)

Issue certificate and manage access control

Until the service is deregistered

OmniOne digital certificate

[Required] Name, Mobile phone number, BOD, Mobile carrier, Student ID, Connected information(CI), Duplication information(DI)

Issue and submit certificate

Until the service is deregistered

OmniOne NFT

[Required] Wallet address

Provide service usage history

Until the service is deregistered

OmniOne NFT marketplace

[Required] DID, Name, Mobile phone number, BOD, Email address, Gender, Profile image, Nickname, Wallet address, NFT transmission records, Connected information(CI), Duplication information(DI)

Provide registration and service

Until the service is deregistered

[Required] Name, Recipient, Contact (phone number or mobile phone number), Delivery address

Deliver a real product

Until the service is deregistered

Others

The following personal information will be automatically generated and collected while using internet service.
- IP address, cookies, MAC address, record of service use, visit history

 

App provided by the Company requires the following access control of mobile device.

Service / App

App Access Control

Purpose

Retention Period

USIM Smartcertification

QUERY_ALL_PACKAGES (Required)

Detect malicious apps and rooting

When running the app

Smart anti-phishing

Contact (Required)

Check whether the number is saved

When running the app

Call (Required)

Identify incoming/outgoing and number

When running the app

Phone log (Required)

Check whether it is voice phishing and utilize for protection activities

When running the app

SMS (Required)

Check whether it is smishing and utilize for protection activities

When running the app

Access pass to usage information (Required)

Monitor malicious apps and check using data regarding voice phishing

When running the app

Notice access (Optional)

Detect and notify voice phishing and smishing

When running the app

Draw on the top of the other apps (Optional)

Notify with a pop-up when detecting risky voice phishing while using other apps

When running the app

OmniOne

Internet and WIFI status (Required)

Whether to use internet (download and update pattern)

When running the app

Notice access (Required)

Notification for the information of certificate issuance

When running the app

Notice access, access pass to usage information (Required)

View, change and collect the above items

When running the app

Camera(Required)

Submit certificates by scanning QR code

When running the app

Common(External) storage (Required)

Backup and restore certificates

When running the app

 

  • ① Records on display, advertisement and contracts according to 「the Act on the Consumer Protection, in Electronic Commerce, Etc.」

    •    a) Records on display and advertisement: stored for 6 months

    •    b) Records on the contract or subscription withdrawal, payment and the supply of goods: stored for 5 years

    •    c) Records on the consumer complaints or dispute settlement: stored for 3 years

  • ② Records on materials for checking for communication facts according to 「the Protection of Communications Secrets Act」

    •    a) Subscriber’s telecommunication date, opening/end time, counterpart’s directory number, frequency, location of the originating base stations: 1 year

    •    b) Computer communication, internet log records material, connection spot: 3 months

 

Article 2 (Destruction of Personal Information)

  • ① The Company strictly and immediately destroys personal information that fully serve its purpose of process and/or expiration of the retention period.

  • ② If the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database or stored in a different storage place in the case where the personal information shall be stored according to other related acts.

  • ③ The procedures and methods of destructing personal information are as follows.

    •    a) Procedure: The company selects personal information that causes destruction and destroys personal information with the approval of the company's personal information protection manager.

    •    b) Method: The company destroys personal information recorded and stored in the form of an electronic file so that the record cannot be reproduced, and the personal information recorded and stored in a paper document is crushed or incinerated with a shredder.

 

Article 3 (Provide Personal Information to a Third Party)

① The company processes the personal information of information subject within the specified scope in accordance with Article 1 (the purpose of processing personal information). The company provides personal information to the 3rd party only when it is applied to the consent of information subject and special provisions of the act in accordance with Articles 17 and 18 of 『the Personal Information Protection Act』.

② The company provides personal information to the 3rd party as follows.

Recipient

Provided Personal Information

Purpose

Retention Period

Korean National Police Agency

Mobile phone number, BOD, Gender, any suspected information related to voice phishing (phishing detection information including call log of unsaved number, incoming/outgoing messages and messenger information, history of app installation and running)

Prevent voice phishing, counseling for preventive activity and on site processing

Destruct within 6months

shinhan bank

Prevent voice phishing and counseling for preventive activity

Destruct within 3months

Infinigru, shinhan card, SBI Savings Bank, kobit, BNK capital, Korea Credit Bureeau, shinhan savings bank, nonghyup card, hana savings bank

Destruct within 6months

SK telecom

Mobile phone number

Check service registration status

Until the service is deregistered

Guardian (Smart anti-phishing service user appoints as a service guardian)

Mobile phone number, Call log, message and messenger information, phishing detection information

Provide the guardian service

Until the service is deregistered

KG mobilians

Name, BOD, Mobile phone number, Gender

Check service registration status

Until the service is deregistered

NFT creator

Name, recipient, Contact (phone number or mobile phone number), delivery address, NFT transaction history

Deliver real product of NFT and respond to telephone counseling from buyer

Until the service is deregistered

 

Article 4 (Entrustment of Personal Information Processing)

① The Company entrusts personal information processing work to the outside.

Entrusted Company

Entrusted Operations

Retention and Usage Period

HANKOOK Cloud

Respond to telephone counseling from complaining customers

Until the entrustment work is terminated

Amazon Web Service Inc.(Korea)

Provide infrastructure

Until the entrustment work is terminated

RaonSecure

Manage and operate infrastructure (joint management and operation), provide card-based identification service

Until the entrustment work is terminated

Danal

Provide phone-based personal authentication service

Until the entrustment work is terminated

galaxia MONEYTREE

Payment Gateway service, buying commissions and selling price of creator’s work

Until the entrustment work is terminated

 

② When the company signs an entrustment contract, the company specifies responsibilities regarding processing information only for entrusted work, technical/managerial protection measures, the restriction of re-entrustment, managing and monitoring entrusted companies and compensation for damages in the contract in accordance with 「the Personal Information Protection Act」. The company carries out supervision to ensure for the entrusted party to safely process personal information.

③ If the details of the entrusted work or the trustee changes, we will disclose it through this personal information processing policy without delay.

 

Article 5 (Rights of the Subject of Personal Information and Legal Representatives and Exercising Those Rights)

① The subject of information can exercise rights of viewing, updating, deleting, stopping processing his/her personal information at any time.

② The exercise of rights under Article 1 can be made in written mail, email, fax and others in accordance with Protocol41 Protocol1, of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.

③ The exercise of rights under Article 1 may be conducted through an agent, such as a legal representative of the information subject or a person entrusted.

④ Requests for access to personal information and suspension of processing may be restricted by Articles 35 and 37 of the Personal Information Protection Act.

⑤ A request for correction and deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.

⑥ The company checks whether the person who made the request for perusal, correction and deletion, or suspension of processing is the person who made the request or a legitimate agent.

 

Article 6 (Safety Measures for Personal Information)

The Company is taking the following measures to ensure the safety of personal information.

 

  • ① Managerial measures

    •    a) Establish and execute the plan of internal management, minimize the number of people in charge of handling personal information, conduct regular staff training

         b) Control access by granting, changing and canceling access control to personal information processing system

         c) Comply with security pledge (all employees)

  • ② Technical measures

    •    a) Access control management for the personal information processing system

         b) Adopt and operate anti-virus programs and various security solutions

         c) Protect user’s personal information with password and encode file and transmission data

         d) Store access records and prevent tamper

  • ③ Physical measures

    •    a) Decide retention area as a restricted/limited area

         b) Forbid unauthorized people to enter/leave office rooms and computer rooms

         c) Monitor via surveillance cameras

 

Article 7 (Installation, Operation, and Rejection of an Automatic Personal Information Collection Device)

  • ① The Company uses ‘cookie’ which saves and reads use information to provide customized services to users.

  • ② A cookie is a very small amount of information sent by a server (http) to a user’s browser. Cookie can be saved in user’s PC hard disc.

    •    a) Purpose: In order to provide optimized services to users by understanding service and website information visited by a user, popular search words and secure connection

         b) Install, run and refuse cookie: the user sets options in his/her web browser to refuse to save any cookies at all.

         c) If the user refuses to save cookies, he/she may experience some difficulty in using customized services

 

Article 8 (Chief Privacy Officer)

① The Company has designated the following persons as the Chief Privacy Officer and Personal Information Manager to remain responsible for responding to inquiries from the subject of personal information regarding personal information and damage relief.

Division

Chief Privacy Officer

Personal Information Manager

Affiliation

Yoon Won-seok, Executive Director of WhiteHat center

Kim In-su, IT Planning/Operation Team leader

Email

privacy@raoncorp.com

② If the subject of personal information has any inquiries regarding personal information protection, related complaints and damage relief while using the Company’s services, please contact the above officer and manager. The Company will answer and process it without delay.

 

Article 9 (Remedy for Infringement of Rights and Interests)

  • The subject of information can request dispute resolution or consult on personal information infringement to institutions including Personal Information Dispute Mediation Committee and KISA Personal Information Infringement Report Center. If you need to report or consult on other privacy infringement, please contact the following institutions.

    • ① Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

    • ② KISA Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)

    • ③ Prosecution Service: 1301 (www.spo.go.kr)

    • ④ Korean National Police Agency: 182 (https://ecrm.police.go.kr)

 

Article 10 (Installation/Operation of Image Information Processing Device)

The Company has installed and operated image information processor.

① Basis of installation and purpose: infrastructure safety and fire prevention

② The number of processor, location, range: install 15 processors in total at major facilities, film all areas of the major facilities

③ Person in charge of manager, responsible office and person with access to image information: Park Jong-won, Management Planning Division

  • ④ Shooting time, retention period, storage location, processing method

    •    a) Shooting time: 24 hours

         b) Retention period: 60 days from the time of filming

         c) Storage location and processing: store and process it in the control room of image information processor (Management Support Team)

⑤ How and where to check image information: request inquire to the manager (Management Support Team)

⑥ Actions for information subject’s request for reading image information: Apply for an invoice for viewing and verifying the existence of personal image information. Access is allowed only when the information subject itself is photographed or clearly necessary for the life, body, and property interests of the information subject

⑦ Technical, managerial and physical measures for protecting image information: establish internal management plan, access control, access right, safety technologies for saving and transmitting image information, processing records storage, forgery prevention measures and locking device

 

Additional Clause

Users will be immediately notified of any addition, deletion, and/or modification in this Privacy Policy and personal information operation policy through the webpage.

 

Privacy Policy version: 3.4

Effective date: 2022. 12. 19

RaonWhitehat(“Company”) strictly complies with all domestic laws and regulations, including the Personal Information Protection Act, to protect users’ personal information and rights and interests. The Company has established the following privacy policy to smoothly handle users’ grievances related to personal information.

 

Article 1 (Personal Information Processes and Retention Period)

The Company has processed the following personal information list.

Segment

Sub-segment

Personal Information

Purpose

Retention period

Inquiries and consultation

Contact the website (estimate)

[Required] Name, Rank, Department/Team, Email address, Contact (phone number, mobile phone number)

Respond to inquiries

Destruct immediately once responding to inquiries

Use service

Raon CTF service

[Required] Name, Organization, Department/Team, Student ID/Employee ID, Email address, classification(position), Grade level, Passwords

Provide and operate security training service

Destruct once service is deregistered

USIM simple authentication service

[Required] Name, Gender, BOD, Mobile carrier, Mobile phone number, USIM serial code, OS information

Provide personal authentication

Destruct after 6-month of storage

USIM smart authentication service

[When register service]
[Required] Mobile phone number, Device name and serial number, USIM model name and serial number, OS type, Service registration (registration / deregistration)

Save and use joint certificate mobile phine USIM

Destruct after 6-month of storage

[when download the app]
[Required] Mobile phone number

Send the URL for app installation

Delete after sending URL

Smart sign service

[Required] Mobile phone number, OS type, Service registration (registration / deregistration)

Save joint certificate on the cloud and use it

Destruct after 6-month of storage

[when download the app]
[Required] Mobile phone number

Send the URL for app installation

Delete after sending URL

Smart credit

[Required] Mobile phone number

Check credit information

Store for 6months from the date of service withdrawal

Smart anti-phishing

[Required] Mobile phone number

Link with financial companies, e-commerce business and government institutes and provide notice service to prevent telecommunications financial fraud such as voice phishing

Store for 1year from the service termination

OmniOne

[Required] Name, Mobile phone number, Native/Foreigner information, BOD, Gender, Connected Information, Duplication information(DI)

Registration

Until the service is deregistered

OmniOne mobile ID

[Required] Name, Rank, Department, Employee ID, School, Major, Student ID, Connected information(CI), Duplication information(DI)

Issue certificate and manage access control

Until the service is deregistered

OmniOne digital certificate

[Required] Name, Mobile phone number, BOD, Mobile carrier, Student ID, Connected information(CI), Duplication information(DI)

Issue and submit certificate

Until the service is deregistered

OmniOne NFT

[Required] Wallet address

Provide service usage history

Until the service is deregistered

OmniOne NFT marketplace

[Required] DID, Name, Mobile phone number, BOD, Email address, Gender, Profile image, Nickname, Wallet address, NFT transmission records, Connected information(CI), Duplication information(DI)

Provide registration and service

Until the service is deregistered

[Required] Name, Recipient, Contact (phone number or mobile phone number), Delivery address

Deliver a real product

Until the service is deregistered

Others

The following personal information will be automatically generated and collected while using internet service.
- IP address, cookies, MAC address, record of service use, visit history

 

App provided by the Company requires the following access control of mobile device.

Service / App

App Access Control

Purpose

Retention Period

Smart anti-phishing

Contact (Required)

Check whether the number is saved

When running the app

Call (Required)

Identify incoming/outgoing and number

When running the app

Phone log (Required)

Check whether it is voice phishing and utilize for protection activities

When running the app

SMS (Required)

Check whether it is smishing and utilize for protection activities

When running the app

Access pass to usage information (Required)

Monitor malicious apps and check using data regarding voice phishing

When running the app

Notice access (Optional)

Detect and notify voice phishing and smishing

When running the app

Draw on the top of the other apps (Optional)

Notify with a pop-up when detecting risky voice phishing while using other apps

When running the app

OmniOne

Internet and WIFI status (Required)

Whether to use internet (download and update pattern)

When running the app

Notice access (Required)

Notification for the information of certificate issuance

When running the app

Notice access, access pass to usage information (Required)

View, change and collect the above items

When running the app

Camera(Required)

Submit certificates by scanning QR code

When running the app

Common(External) storage (Required)

Backup and restore certificates

When running the app

 

  • ① Records on display, advertisement and contracts according to 「the Act on the Consumer Protection, in Electronic Commerce, Etc.」

    •    a) Records on display and advertisement: stored for 6 months

    •    b) Records on the contract or subscription withdrawal, payment and the supply of goods: stored for 5 years

    •    c) Records on the consumer complaints or dispute settlement: stored for 3 years

  • ② Records on materials for checking for communication facts according to 「the Protection of Communications Secrets Act」

    •    a) Subscriber’s telecommunication date, opening/end time, counterpart’s directory number, frequency, location of the originating base stations: 1 year

    •    b) Computer communication, internet log records material, connection spot: 3 months

 

Article 2 (Destruction of Personal Information)

  • ① The Company strictly and immediately destroys personal information that fully serve its purpose of process and/or expiration of the retention period.

  • ② If the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database or stored in a different storage place in the case where the personal information shall be stored according to other related acts.

  • ③ The procedures and methods of destructing personal information are as follows.

    •    a) Procedure: The company selects personal information that causes destruction and destroys personal information with the approval of the company's personal information protection manager.

    •    b) Method: The company destroys personal information recorded and stored in the form of an electronic file so that the record cannot be reproduced, and the personal information recorded and stored in a paper document is crushed or incinerated with a shredder.

 

Article 3 (Provide Personal Information to a Third Party)

① The company processes the personal information of information subject within the specified scope in accordance with Article 1 (the purpose of processing personal information). The company provides personal information to the 3rd party only when it is applied to the consent of information subject and special provisions of the act in accordance with Articles 17 and 18 of 『the Personal Information Protection Act』.

② The company provides personal information to the 3rd party as follows.

Recipient

Provided Personal Information

Purpose

Retention Period

Korean National Police Agency

Mobile phone number, BOD, Gender, any suspected information related to voice phishing (phishing detection information including call log of unsaved number, incoming/outgoing messages and messenger information, history of app installation and running)

Prevent voice phishing, counseling for preventive activity and on site processing

Destruct within 6months

shinhan bank

Prevent voice phishing and counseling for preventive activity

Destruct within 3months

Infinigru, shinhan card, SBI Savings Bank, kobit, BNK capital, Korea Credit Bureeau, shinhan savings bank, nonghyup card, hana savings bank

Destruct within 6months

SK telecom

Mobile phone number

Check service registration status

Until the service is deregistered

Guardian (Smart anti-phishing service user appoints as a service guardian)

Mobile phone number, Call log, message and messenger information, phishing detection information

Provide the guardian service

Until the service is deregistered

KG mobilians

Name, BOD, Mobile phone number, Gender

Check service registration status

Until the service is deregistered

NFT creator

Name, recipient, Contact (phone number or mobile phone number), delivery address, NFT transaction history

Deliver real product of NFT and respond to telephone counseling from buyer

Until the service is deregistered

 

Article 4 (Entrustment of Personal Information Processing)

① The Company entrusts personal information processing work to the outside.

Entrusted Company

Entrusted Operations

Retention and Usage Period

SCI Information Service

Check whether smart credit user registers in the service

Until the entrustment work is terminated

HANKOOK Cloud

Respond to telephone counseling from complaining customers

Until the entrustment work is terminated

Amazon Web Service Inc.(Korea)

Provide infrastructure

Until the entrustment work is terminated

RaonSecure

Manage and operate infrastructure (joint management and operation), provide card-based identification service

Until the entrustment work is terminated

Danal

Provide phone-based personal authentication service

Until the entrustment work is terminated

galaxia MONEYTREE

Payment Gateway service, buying commissions and selling price of creator’s work

Until the entrustment work is terminated

 

② When the company signs an entrustment contract, the company specifies responsibilities regarding processing information only for entrusted work, technical/managerial protection measures, the restriction of re-entrustment, managing and monitoring entrusted companies and compensation for damages in the contract in accordance with 「the Personal Information Protection Act」. The company carries out supervision to ensure for the entrusted party to safely process personal information.

③ If the details of the entrusted work or the trustee changes, we will disclose it through this personal information processing policy without delay.

 

Article 5 (Rights of the Subject of Personal Information and Legal Representatives and Exercising Those Rights)

① The subject of information can exercise rights of viewing, updating, deleting, stopping processing his/her personal information at any time.

② The exercise of rights under Article 1 can be made in written mail, email, fax and others in accordance with Protocol41 Protocol1, of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.

③ The exercise of rights under Article 1 may be conducted through an agent, such as a legal representative of the information subject or a person entrusted.

④ Requests for access to personal information and suspension of processing may be restricted by Articles 35 and 37 of the Personal Information Protection Act.

⑤ A request for correction and deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.

⑥ The company checks whether the person who made the request for perusal, correction and deletion, or suspension of processing is the person who made the request or a legitimate agent.

 

Article 6 (Safety Measures for Personal Information)

The Company is taking the following measures to ensure the safety of personal information.

 

  • ① Managerial measures

    •    a) Establish and execute the plan of internal management, minimize the number of people in charge of handling personal information, conduct regular staff training

         b) Control access by granting, changing and canceling access control to personal information processing system

         c) Comply with security pledge (all employees)

  • ② Technical measures

    •    a) Access control management for the personal information processing system

         b) Adopt and operate anti-virus programs and various security solutions

         c) Protect user’s personal information with password and encode file and transmission data

         d) Store access records and prevent tamper

  • ③ Physical measures

    •    a) Decide retention area as a restricted/limited area

         b) Forbid unauthorized people to enter/leave office rooms and computer rooms

         c) Monitor via surveillance cameras

 

Article 7 (Installation, Operation, and Rejection of an Automatic Personal Information Collection Device)

  • ① The Company uses ‘cookie’ which saves and reads use information to provide customized services to users.

  • ② A cookie is a very small amount of information sent by a server (http) to a user’s browser. Cookie can be saved in user’s PC hard disc.

    •    a) Purpose: In order to provide optimized services to users by understanding service and website information visited by a user, popular search words and secure connection

         b) Install, run and refuse cookie: the user sets options in his/her web browser to refuse to save any cookies at all.

         c) If the user refuses to save cookies, he/she may experience some difficulty in using customized services

 

Article 8 (Chief Privacy Officer)

① The Company has designated the following persons as the Chief Privacy Officer and Personal Information Manager to remain responsible for responding to inquiries from the subject of personal information regarding personal information and damage relief.

Division

Chief Privacy Officer

Personal Information Manager

Affiliation

Yoon Won-seok, Executive Director of WhiteHat center

Kim In-su, IT Planning/Operation Team leader

Email

privacy@raoncorp.com

② If the subject of personal information has any inquiries regarding personal information protection, related complaints and damage relief while using the Company’s services, please contact the above officer and manager. The Company will answer and process it without delay.

 

Article 9 (Remedy for Infringement of Rights and Interests)

  • The subject of information can request dispute resolution or consult on personal information infringement to institutions including Personal Information Dispute Mediation Committee and KISA Personal Information Infringement Report Center. If you need to report or consult on other privacy infringement, please contact the following institutions.

    • ① Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

    • ② KISA Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)

    • ③ Prosecution Service: 1301 (www.spo.go.kr)

    • ④ Korean National Police Agency: 182 (https://ecrm.police.go.kr)

 

Article 10 (Installation/Operation of Image Information Processing Device)

The Company has installed and operated image information processor.

① Basis of installation and purpose: infrastructure safety and fire prevention

② The number of processor, location, range: install 15 processors in total at major facilities, film all areas of the major facilities

③ Person in charge of manager, responsible office and person with access to image information: Park Jong-won, Management Planning Division

  • ④ Shooting time, retention period, storage location, processing method

    •    a) Shooting time: 24 hours

         b) Retention period: 60 days from the time of filming

         c) Storage location and processing: store and process it in the control room of image information processor (Management Support Team)

⑤ How and where to check image information: request inquire to the manager (Management Support Team)

⑥ Actions for information subject’s request for reading image information: Apply for an invoice for viewing and verifying the existence of personal image information. Access is allowed only when the information subject itself is photographed or clearly necessary for the life, body, and property interests of the information subject

⑦ Technical, managerial and physical measures for protecting image information: establish internal management plan, access control, access right, safety technologies for saving and transmitting image information, processing records storage, forgery prevention measures and locking device

 

Additional Clause

Users will be immediately notified of any addition, deletion, and/or modification in this Privacy Policy and personal information operation policy through the webpage.

 

Privacy Policy version: 3.3

Effective date: 2022. 10. 28