RaonWhitehat(“Company”) strictly complies with all domestic laws and regulations, including the Personal Information Protection Act, to protect users’ personal information and rights and interests. The Company has established the following privacy policy to smoothly handle users’ grievances related to personal information.
Article 1 (Personal Information Processes and Retention Period)
The Company has processed the following personal information list.
Segment |
Sub-segment |
Personal Information |
Purpose |
Retention period |
Inquiries and consultation |
Contact the website (estimate) |
[Required] Name, Rank, Department/Team, Email address, Contact (phone number, mobile phone number) |
Respond to inquiries |
Destruct immediately once responding to inquiries |
Use service |
Raon CTF service |
[Required] Name, Organization, Department/Team, Student ID/Employee ID, Email address, classification(position), Grade level, Passwords |
Provide and operate security training service |
Destruct once service is deregistered |
USIM simple authentication service |
[Required] Name, Gender, BOD, Mobile carrier, Mobile phone number, USIM serial code, OS information |
Provide personal authentication |
Destruct after 6-month of storage |
|
USIM smart authentication service |
[When register service]
|
Save and use joint certificate mobile phine USIM |
Destruct after 6-month of storage |
|
[when download the app]
|
Send the URL for app installation |
Delete after sending URL |
||
Smart sign service |
[Required] Mobile phone number, OS type, Service registration (registration / deregistration) |
Save joint certificate on the cloud and use it |
Destruct after 6-month of storage |
|
[when download the app]
|
Send the URL for app installation |
Delete after sending URL |
||
Smart anti-phishing |
[Required] Mobile phone number |
Link with financial companies, e-commerce business and government institutes and provide notice service to prevent telecommunications financial fraud such as voice phishing |
Store for 1year from the service termination |
|
OmniOne |
[Required] Name, Mobile phone number, Native/Foreigner information, BOD, Gender, Connected Information, Duplication information(DI) |
Registration |
Until the service is deregistered |
|
OmniOne mobile ID |
[Required] Name, Rank, Department, Employee ID, School, Major, Student ID, Connected information(CI), Duplication information(DI) |
Issue certificate and manage access control |
Until the service is deregistered |
|
OmniOne digital certificate |
[Required] Name, Mobile phone number, BOD, Mobile carrier, Student ID, Connected information(CI), Duplication information(DI) |
Issue and submit certificate |
Until the service is deregistered |
|
OmniOne NFT |
[Required] Wallet address |
Provide service usage history |
Until the service is deregistered |
|
OmniOne NFT marketplace |
[Required] DID, Name, Mobile phone number, BOD, Email address, Gender, Profile image, Nickname, Wallet address, NFT transmission records, Connected information(CI), Duplication information(DI) |
Provide registration and service |
Until the service is deregistered |
|
[Required] Name, Recipient, Contact (phone number or mobile phone number), Delivery address |
Deliver a real product |
Until the service is deregistered |
||
Raon Metademy |
[Required] Name, BOD, ID, Mobile phone number, Email address, Affiliation(School), Student ID, Major |
Identity verification, Member Management, Respond to inquiries, Statistics on member's service usage |
Until the service is deregistered |
|
Others |
The following personal information will be automatically generated and collected while using internet
service.
|
App provided by the Company requires the following access control of mobile device.
Service / App |
App Access Control |
Purpose |
Retention Period |
USIM Smartcertification |
QUERY_ALL_PACKAGES (Required) |
Detect malicious apps and rooting |
When running the app |
Smart sign |
QUERY_ALL_PACKAGES (Required) |
Detect malicious apps and rooting |
When running the app |
Smart anti-phishing |
Contact (Required) |
Check whether the number is saved |
When running the app |
Call (Required) |
Identify incoming/outgoing and number |
When running the app |
|
Phone log (Required) |
Check whether it is voice phishing and utilize for protection activities |
When running the app |
|
SMS (Required) |
Check whether it is smishing and utilize for protection activities |
When running the app |
|
Access pass to usage information (Required) |
Monitor malicious apps and check using data regarding voice phishing |
When running the app |
|
Notice access (Optional) |
Detect and notify voice phishing and smishing |
When running the app |
|
Draw on the top of the other apps (Optional) |
Notify with a pop-up when detecting risky voice phishing while using other apps |
When running the app |
|
OmniOne |
Internet and WIFI status (Required) |
Whether to use internet (download and update pattern) |
When running the app |
Notice access (Required) |
Notification for the information of certificate issuance |
When running the app |
|
Notice access, access pass to usage information (Required) |
View, change and collect the above items |
When running the app |
|
Camera(Required) |
Submit certificates by scanning QR code |
When running the app |
|
Common(External) storage (Required) |
Backup and restore certificates |
When running the app |
① Records on display, advertisement and contracts according to 「the Act on the Consumer Protection, in Electronic Commerce, Etc.」
a) Records on display and advertisement: stored for 6 months
b) Records on the contract or subscription withdrawal, payment and the supply of goods: stored for 5 years
c) Records on the consumer complaints or dispute settlement: stored for 3 years
② Records on materials for checking for communication facts according to 「the Protection of Communications Secrets Act」
a) Subscriber’s telecommunication date, opening/end time, counterpart’s directory number, frequency, location of the originating base stations: 1 year
b) Computer communication, internet log records material, connection spot: 3 months
Article 2 (Destruction of Personal Information)
① The Company strictly and immediately destroys personal information that fully serve its purpose of process and/or expiration of the retention period.
② If the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database or stored in a different storage place in the case where the personal information shall be stored according to other related acts.
③ The procedures and methods of destructing personal information are as follows.
a) Procedure: The company selects personal information that causes destruction and destroys personal information with the approval of the company's personal information protection manager.
b) Method: The company destroys personal information recorded and stored in the form of an electronic file so that the record cannot be reproduced, and the personal information recorded and stored in a paper document is crushed or incinerated with a shredder.
Article 3 (Provide Personal Information to a Third Party)
① The company processes the personal information of information subject within the specified scope in accordance with Article 1 (the purpose of processing personal information). The company provides personal information to the 3rd party only when it is applied to the consent of information subject and special provisions of the act in accordance with Articles 17 and 18 of 『the Personal Information Protection Act』.
② The company provides personal information to the 3rd party as follows.
Recipient |
Provided Personal Information |
Purpose |
Retention Period |
Korean National Police Agency |
Mobile phone number, BOD, Gender, any suspected information related to voice phishing (phishing detection information including call log of unsaved number, incoming/outgoing messages and messenger information, history of app installation and running) |
Prevent voice phishing, counseling for preventive activity and on site processing |
Destruct within 6months |
shinhan bank |
Prevent voice phishing and counseling for preventive activity |
Destruct within 3months |
|
Infinigru, shinhan card, SBI Savings Bank, kobit, BNK capital, Korea Credit Bureeau, shinhan savings bank, nonghyup card, hana savings bank |
Destruct within 6months |
||
SK telecom, KT, LGU+ |
Mobile phone number |
Check service registration status |
Until the service is deregistered |
Guardian (Smart anti-phishing service user appoints as a service guardian) |
Mobile phone number, Call log, message and messenger information, phishing detection information |
Provide the guardian service |
Until the service is deregistered |
KG mobilians |
Name, BOD, Mobile phone number, Gender |
Check service registration status |
Until the service is deregistered |
NFT creator |
Name, recipient, Contact (phone number or mobile phone number), delivery address, NFT transaction history |
Deliver real product of NFT and respond to telephone counseling from buyer |
Until the service is deregistered |
Article 4 (Entrustment of Personal Information Processing)
① The Company entrusts personal information processing work to the outside.
Entrusted Company |
Entrusted Operations |
Retention and Usage Period |
HANKOOK Cloud |
Respond to telephone counseling from complaining customers |
Until the entrustment work is terminated |
Amazon Web Service Inc.(Korea) |
Provide infrastructure |
Until the entrustment work is terminated |
RaonSecure |
Manage and operate infrastructure (joint management and operation), provide card-based identification service |
Until the entrustment work is terminated |
Danal |
Provide phone-based personal authentication service |
Until the entrustment work is terminated |
galaxia MONEYTREE |
Payment Gateway service, buying commissions and selling price of creator’s work |
Until the entrustment work is terminated |
② When the company signs an entrustment contract, the company specifies responsibilities regarding processing information only for entrusted work, technical/managerial protection measures, the restriction of re-entrustment, managing and monitoring entrusted companies and compensation for damages in the contract in accordance with 「the Personal Information Protection Act」. The company carries out supervision to ensure for the entrusted party to safely process personal information.
③ If the details of the entrusted work or the trustee changes, we will disclose it through this personal information processing policy without delay.
Article 5 (Rights of the Subject of Personal Information and Legal Representatives and Exercising Those Rights)
① The subject of information can exercise rights of viewing, updating, deleting, stopping processing his/her personal information at any time.
② The exercise of rights under Article 1 can be made in written mail, email, fax and others in accordance with Protocol41 Protocol1, of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
③ The exercise of rights under Article 1 may be conducted through an agent, such as a legal representative of the information subject or a person entrusted.
④ Requests for access to personal information and suspension of processing may be restricted by Articles 35 and 37 of the Personal Information Protection Act.
⑤ A request for correction and deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.
⑥ The company checks whether the person who made the request for perusal, correction and deletion, or suspension of processing is the person who made the request or a legitimate agent.
Article 6 (Safety Measures for Personal Information)
The Company is taking the following measures to ensure the safety of personal information.
① Managerial measures
a) Establish and execute the plan of internal management, minimize the number of people in charge of handling personal information, conduct regular staff training
b) Control access by granting, changing and canceling access control to personal information processing system
c) Comply with security pledge (all employees)
② Technical measures
a) Access control management for the personal information processing system
b) Adopt and operate anti-virus programs and various security solutions
c) Protect user’s personal information with password and encode file and transmission data
d) Store access records and prevent tamper
③ Physical measures
a) Decide retention area as a restricted/limited area
b) Forbid unauthorized people to enter/leave office rooms and computer rooms
c) Monitor via surveillance cameras
Article 7 (Installation, Operation, and Rejection of an Automatic Personal Information Collection Device)
① The Company uses ‘cookie’ which saves and reads use information to provide customized services to users.
② A cookie is a very small amount of information sent by a server (http) to a user’s browser. Cookie can be saved in user’s PC hard disc.
a) Purpose: In order to provide optimized services to users by understanding service and website information visited by a user, popular search words and secure connection
b) Install, run and refuse cookie: the user sets options in his/her web browser to refuse to save any cookies at all.
c) If the user refuses to save cookies, he/she may experience some difficulty in using customized services
Article 8 (Chief Privacy Officer)
① The Company has designated the following persons as the Chief Privacy Officer and Personal Information Manager to remain responsible for responding to inquiries from the subject of personal information regarding personal information and damage relief.
Division |
Chief Privacy Officer |
Personal Information Manager |
Affiliation |
Yoon Won-seok, Executive Director of WhiteHat center |
Kim In-su, IT Planning/Operation Team leader |
|
privacy@raoncorp.com |
② If the subject of personal information has any inquiries regarding personal information protection, related complaints and damage relief while using the Company’s services, please contact the above officer and manager. The Company will answer and process it without delay.
Article 9 (Remedy for Infringement of Rights and Interests)
The subject of information can request dispute resolution or consult on personal information infringement to institutions including Personal Information Dispute Mediation Committee and KISA Personal Information Infringement Report Center. If you need to report or consult on other privacy infringement, please contact the following institutions.
① Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
② KISA Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
③ Prosecution Service: 1301 (www.spo.go.kr)
④ Korean National Police Agency: 182 (https://ecrm.police.go.kr)
Article 10 (Installation/Operation of Image Information Processing Device)
The Company has installed and operated image information processor.
① Basis of installation and purpose: infrastructure safety and fire prevention
② The number of processor, location, range: install 15 processors in total at major facilities, film all areas of the major facilities
③ Person in charge of manager, responsible office and person with access to image information: Park Jong-won, Management Planning Division
④ Shooting time, retention period, storage location, processing method
a) Shooting time: 24 hours
b) Retention period: 60 days from the time of filming
c) Storage location and processing: store and process it in the control room of image information processor (Management Support Team)
⑤ How and where to check image information: request inquire to the manager (Management Support Team)
⑥ Actions for information subject’s request for reading image information: Apply for an invoice for viewing and verifying the existence of personal image information. Access is allowed only when the information subject itself is photographed or clearly necessary for the life, body, and property interests of the information subject
⑦ Technical, managerial and physical measures for protecting image information: establish internal management plan, access control, access right, safety technologies for saving and transmitting image information, processing records storage, forgery prevention measures and locking device
Additional Clause
Users will be immediately notified of any addition, deletion, and/or modification in this Privacy Policy and personal information operation policy through the webpage.
Privacy Policy version: 3.6
Effective date: 2023. 09. 21
RaonWhitehat(“Company”) strictly complies with all domestic laws and regulations, including the Personal Information Protection Act, to protect users’ personal information and rights and interests. The Company has established the following privacy policy to smoothly handle users’ grievances related to personal information.
Article 1 (Personal Information Processes and Retention Period)
The Company has processed the following personal information list.
Segment |
Sub-segment |
Personal Information |
Purpose |
Retention period |
Inquiries and consultation |
Contact the website (estimate) |
[Required] Name, Rank, Department/Team, Email address, Contact (phone number, mobile phone number) |
Respond to inquiries |
Destruct immediately once responding to inquiries |
Use service |
Raon CTF service |
[Required] Name, Organization, Department/Team, Student ID/Employee ID, Email address, classification(position), Grade level, Passwords |
Provide and operate security training service |
Destruct once service is deregistered |
USIM simple authentication service |
[Required] Name, Gender, BOD, Mobile carrier, Mobile phone number, USIM serial code, OS information |
Provide personal authentication |
Destruct after 6-month of storage |
|
USIM smart authentication service |
[When register service]
|
Save and use joint certificate mobile phine USIM |
Destruct after 6-month of storage |
|
[when download the app]
|
Send the URL for app installation |
Delete after sending URL |
||
Smart sign service |
[Required] Mobile phone number, OS type, Service registration (registration / deregistration) |
Save joint certificate on the cloud and use it |
Destruct after 6-month of storage |
|
[when download the app]
|
Send the URL for app installation |
Delete after sending URL |
||
Smart anti-phishing |
[Required] Mobile phone number |
Link with financial companies, e-commerce business and government institutes and provide notice service to prevent telecommunications financial fraud such as voice phishing |
Store for 1year from the service termination |
|
OmniOne |
[Required] Name, Mobile phone number, Native/Foreigner information, BOD, Gender, Connected Information, Duplication information(DI) |
Registration |
Until the service is deregistered |
|
OmniOne mobile ID |
[Required] Name, Rank, Department, Employee ID, School, Major, Student ID, Connected information(CI), Duplication information(DI) |
Issue certificate and manage access control |
Until the service is deregistered |
|
OmniOne digital certificate |
[Required] Name, Mobile phone number, BOD, Mobile carrier, Student ID, Connected information(CI), Duplication information(DI) |
Issue and submit certificate |
Until the service is deregistered |
|
OmniOne NFT |
[Required] Wallet address |
Provide service usage history |
Until the service is deregistered |
|
OmniOne NFT marketplace |
[Required] DID, Name, Mobile phone number, BOD, Email address, Gender, Profile image, Nickname, Wallet address, NFT transmission records, Connected information(CI), Duplication information(DI) |
Provide registration and service |
Until the service is deregistered |
|
[Required] Name, Recipient, Contact (phone number or mobile phone number), Delivery address |
Deliver a real product |
Until the service is deregistered |
||
Others |
The following personal information will be automatically generated and collected while using internet
service.
|
App provided by the Company requires the following access control of mobile device.
Service / App |
App Access Control |
Purpose |
Retention Period |
USIM Smartcertification |
QUERY_ALL_PACKAGES (Required) |
Detect malicious apps and rooting |
When running the app |
Smart sign |
QUERY_ALL_PACKAGES (Required) |
Detect malicious apps and rooting |
When running the app |
Smart anti-phishing |
Contact (Required) |
Check whether the number is saved |
When running the app |
Call (Required) |
Identify incoming/outgoing and number |
When running the app |
|
Phone log (Required) |
Check whether it is voice phishing and utilize for protection activities |
When running the app |
|
SMS (Required) |
Check whether it is smishing and utilize for protection activities |
When running the app |
|
Access pass to usage information (Required) |
Monitor malicious apps and check using data regarding voice phishing |
When running the app |
|
Notice access (Optional) |
Detect and notify voice phishing and smishing |
When running the app |
|
Draw on the top of the other apps (Optional) |
Notify with a pop-up when detecting risky voice phishing while using other apps |
When running the app |
|
OmniOne |
Internet and WIFI status (Required) |
Whether to use internet (download and update pattern) |
When running the app |
Notice access (Required) |
Notification for the information of certificate issuance |
When running the app |
|
Notice access, access pass to usage information (Required) |
View, change and collect the above items |
When running the app |
|
Camera(Required) |
Submit certificates by scanning QR code |
When running the app |
|
Common(External) storage (Required) |
Backup and restore certificates |
When running the app |
① Records on display, advertisement and contracts according to 「the Act on the Consumer Protection, in Electronic Commerce, Etc.」
a) Records on display and advertisement: stored for 6 months
b) Records on the contract or subscription withdrawal, payment and the supply of goods: stored for 5 years
c) Records on the consumer complaints or dispute settlement: stored for 3 years
② Records on materials for checking for communication facts according to 「the Protection of Communications Secrets Act」
a) Subscriber’s telecommunication date, opening/end time, counterpart’s directory number, frequency, location of the originating base stations: 1 year
b) Computer communication, internet log records material, connection spot: 3 months
Article 2 (Destruction of Personal Information)
① The Company strictly and immediately destroys personal information that fully serve its purpose of process and/or expiration of the retention period.
② If the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database or stored in a different storage place in the case where the personal information shall be stored according to other related acts.
③ The procedures and methods of destructing personal information are as follows.
a) Procedure: The company selects personal information that causes destruction and destroys personal information with the approval of the company's personal information protection manager.
b) Method: The company destroys personal information recorded and stored in the form of an electronic file so that the record cannot be reproduced, and the personal information recorded and stored in a paper document is crushed or incinerated with a shredder.
Article 3 (Provide Personal Information to a Third Party)
① The company processes the personal information of information subject within the specified scope in accordance with Article 1 (the purpose of processing personal information). The company provides personal information to the 3rd party only when it is applied to the consent of information subject and special provisions of the act in accordance with Articles 17 and 18 of 『the Personal Information Protection Act』.
② The company provides personal information to the 3rd party as follows.
Recipient |
Provided Personal Information |
Purpose |
Retention Period |
Korean National Police Agency |
Mobile phone number, BOD, Gender, any suspected information related to voice phishing (phishing detection information including call log of unsaved number, incoming/outgoing messages and messenger information, history of app installation and running) |
Prevent voice phishing, counseling for preventive activity and on site processing |
Destruct within 6months |
shinhan bank |
Prevent voice phishing and counseling for preventive activity |
Destruct within 3months |
|
Infinigru, shinhan card, SBI Savings Bank, kobit, BNK capital, Korea Credit Bureeau, shinhan savings bank, nonghyup card, hana savings bank |
Destruct within 6months |
||
SK telecom, KT, LGU+ |
Mobile phone number |
Check service registration status |
Until the service is deregistered |
Guardian (Smart anti-phishing service user appoints as a service guardian) |
Mobile phone number, Call log, message and messenger information, phishing detection information |
Provide the guardian service |
Until the service is deregistered |
KG mobilians |
Name, BOD, Mobile phone number, Gender |
Check service registration status |
Until the service is deregistered |
NFT creator |
Name, recipient, Contact (phone number or mobile phone number), delivery address, NFT transaction history |
Deliver real product of NFT and respond to telephone counseling from buyer |
Until the service is deregistered |
Article 4 (Entrustment of Personal Information Processing)
① The Company entrusts personal information processing work to the outside.
Entrusted Company |
Entrusted Operations |
Retention and Usage Period |
HANKOOK Cloud |
Respond to telephone counseling from complaining customers |
Until the entrustment work is terminated |
Amazon Web Service Inc.(Korea) |
Provide infrastructure |
Until the entrustment work is terminated |
RaonSecure |
Manage and operate infrastructure (joint management and operation), provide card-based identification service |
Until the entrustment work is terminated |
Danal |
Provide phone-based personal authentication service |
Until the entrustment work is terminated |
galaxia MONEYTREE |
Payment Gateway service, buying commissions and selling price of creator’s work |
Until the entrustment work is terminated |
② When the company signs an entrustment contract, the company specifies responsibilities regarding processing information only for entrusted work, technical/managerial protection measures, the restriction of re-entrustment, managing and monitoring entrusted companies and compensation for damages in the contract in accordance with 「the Personal Information Protection Act」. The company carries out supervision to ensure for the entrusted party to safely process personal information.
③ If the details of the entrusted work or the trustee changes, we will disclose it through this personal information processing policy without delay.
Article 5 (Rights of the Subject of Personal Information and Legal Representatives and Exercising Those Rights)
① The subject of information can exercise rights of viewing, updating, deleting, stopping processing his/her personal information at any time.
② The exercise of rights under Article 1 can be made in written mail, email, fax and others in accordance with Protocol41 Protocol1, of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
③ The exercise of rights under Article 1 may be conducted through an agent, such as a legal representative of the information subject or a person entrusted.
④ Requests for access to personal information and suspension of processing may be restricted by Articles 35 and 37 of the Personal Information Protection Act.
⑤ A request for correction and deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.
⑥ The company checks whether the person who made the request for perusal, correction and deletion, or suspension of processing is the person who made the request or a legitimate agent.
Article 6 (Safety Measures for Personal Information)
The Company is taking the following measures to ensure the safety of personal information.
① Managerial measures
a) Establish and execute the plan of internal management, minimize the number of people in charge of handling personal information, conduct regular staff training
b) Control access by granting, changing and canceling access control to personal information processing system
c) Comply with security pledge (all employees)
② Technical measures
a) Access control management for the personal information processing system
b) Adopt and operate anti-virus programs and various security solutions
c) Protect user’s personal information with password and encode file and transmission data
d) Store access records and prevent tamper
③ Physical measures
a) Decide retention area as a restricted/limited area
b) Forbid unauthorized people to enter/leave office rooms and computer rooms
c) Monitor via surveillance cameras
Article 7 (Installation, Operation, and Rejection of an Automatic Personal Information Collection Device)
① The Company uses ‘cookie’ which saves and reads use information to provide customized services to users.
② A cookie is a very small amount of information sent by a server (http) to a user’s browser. Cookie can be saved in user’s PC hard disc.
a) Purpose: In order to provide optimized services to users by understanding service and website information visited by a user, popular search words and secure connection
b) Install, run and refuse cookie: the user sets options in his/her web browser to refuse to save any cookies at all.
c) If the user refuses to save cookies, he/she may experience some difficulty in using customized services
Article 8 (Chief Privacy Officer)
① The Company has designated the following persons as the Chief Privacy Officer and Personal Information Manager to remain responsible for responding to inquiries from the subject of personal information regarding personal information and damage relief.
Division |
Chief Privacy Officer |
Personal Information Manager |
Affiliation |
Yoon Won-seok, Executive Director of WhiteHat center |
Kim In-su, IT Planning/Operation Team leader |
|
privacy@raoncorp.com |
② If the subject of personal information has any inquiries regarding personal information protection, related complaints and damage relief while using the Company’s services, please contact the above officer and manager. The Company will answer and process it without delay.
Article 9 (Remedy for Infringement of Rights and Interests)
The subject of information can request dispute resolution or consult on personal information infringement to institutions including Personal Information Dispute Mediation Committee and KISA Personal Information Infringement Report Center. If you need to report or consult on other privacy infringement, please contact the following institutions.
① Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
② KISA Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
③ Prosecution Service: 1301 (www.spo.go.kr)
④ Korean National Police Agency: 182 (https://ecrm.police.go.kr)
Article 10 (Installation/Operation of Image Information Processing Device)
The Company has installed and operated image information processor.
① Basis of installation and purpose: infrastructure safety and fire prevention
② The number of processor, location, range: install 15 processors in total at major facilities, film all areas of the major facilities
③ Person in charge of manager, responsible office and person with access to image information: Park Jong-won, Management Planning Division
④ Shooting time, retention period, storage location, processing method
a) Shooting time: 24 hours
b) Retention period: 60 days from the time of filming
c) Storage location and processing: store and process it in the control room of image information processor (Management Support Team)
⑤ How and where to check image information: request inquire to the manager (Management Support Team)
⑥ Actions for information subject’s request for reading image information: Apply for an invoice for viewing and verifying the existence of personal image information. Access is allowed only when the information subject itself is photographed or clearly necessary for the life, body, and property interests of the information subject
⑦ Technical, managerial and physical measures for protecting image information: establish internal management plan, access control, access right, safety technologies for saving and transmitting image information, processing records storage, forgery prevention measures and locking device
Additional Clause
Users will be immediately notified of any addition, deletion, and/or modification in this Privacy Policy and personal information operation policy through the webpage.
Privacy Policy version: 3.5
Effective date: 2023. 04. 05
RaonWhitehat(“Company”) strictly complies with all domestic laws and regulations, including the Personal Information Protection Act, to protect users’ personal information and rights and interests. The Company has established the following privacy policy to smoothly handle users’ grievances related to personal information.
Article 1 (Personal Information Processes and Retention Period)
The Company has processed the following personal information list.
Segment |
Sub-segment |
Personal Information |
Purpose |
Retention period |
Inquiries and consultation |
Contact the website (estimate) |
[Required] Name, Rank, Department/Team, Email address, Contact (phone number, mobile phone number) |
Respond to inquiries |
Destruct immediately once responding to inquiries |
Use service |
Raon CTF service |
[Required] Name, Organization, Department/Team, Student ID/Employee ID, Email address, classification(position), Grade level, Passwords |
Provide and operate security training service |
Destruct once service is deregistered |
USIM simple authentication service |
[Required] Name, Gender, BOD, Mobile carrier, Mobile phone number, USIM serial code, OS information |
Provide personal authentication |
Destruct after 6-month of storage |
|
USIM smart authentication service |
[When register service]
|
Save and use joint certificate mobile phine USIM |
Destruct after 6-month of storage |
|
[when download the app]
|
Send the URL for app installation |
Delete after sending URL |
||
Smart sign service |
[Required] Mobile phone number, OS type, Service registration (registration / deregistration) |
Save joint certificate on the cloud and use it |
Destruct after 6-month of storage |
|
[when download the app]
|
Send the URL for app installation |
Delete after sending URL |
||
Smart anti-phishing |
[Required] Mobile phone number |
Link with financial companies, e-commerce business and government institutes and provide notice service to prevent telecommunications financial fraud such as voice phishing |
Store for 1year from the service termination |
|
OmniOne |
[Required] Name, Mobile phone number, Native/Foreigner information, BOD, Gender, Connected Information, Duplication information(DI) |
Registration |
Until the service is deregistered |
|
OmniOne mobile ID |
[Required] Name, Rank, Department, Employee ID, School, Major, Student ID, Connected information(CI), Duplication information(DI) |
Issue certificate and manage access control |
Until the service is deregistered |
|
OmniOne digital certificate |
[Required] Name, Mobile phone number, BOD, Mobile carrier, Student ID, Connected information(CI), Duplication information(DI) |
Issue and submit certificate |
Until the service is deregistered |
|
OmniOne NFT |
[Required] Wallet address |
Provide service usage history |
Until the service is deregistered |
|
OmniOne NFT marketplace |
[Required] DID, Name, Mobile phone number, BOD, Email address, Gender, Profile image, Nickname, Wallet address, NFT transmission records, Connected information(CI), Duplication information(DI) |
Provide registration and service |
Until the service is deregistered |
|
[Required] Name, Recipient, Contact (phone number or mobile phone number), Delivery address |
Deliver a real product |
Until the service is deregistered |
||
Others |
The following personal information will be automatically generated and collected while using internet
service.
|
App provided by the Company requires the following access control of mobile device.
Service / App |
App Access Control |
Purpose |
Retention Period |
USIM Smartcertification |
QUERY_ALL_PACKAGES (Required) |
Detect malicious apps and rooting |
When running the app |
Smart anti-phishing |
Contact (Required) |
Check whether the number is saved |
When running the app |
Call (Required) |
Identify incoming/outgoing and number |
When running the app |
|
Phone log (Required) |
Check whether it is voice phishing and utilize for protection activities |
When running the app |
|
SMS (Required) |
Check whether it is smishing and utilize for protection activities |
When running the app |
|
Access pass to usage information (Required) |
Monitor malicious apps and check using data regarding voice phishing |
When running the app |
|
Notice access (Optional) |
Detect and notify voice phishing and smishing |
When running the app |
|
Draw on the top of the other apps (Optional) |
Notify with a pop-up when detecting risky voice phishing while using other apps |
When running the app |
|
OmniOne |
Internet and WIFI status (Required) |
Whether to use internet (download and update pattern) |
When running the app |
Notice access (Required) |
Notification for the information of certificate issuance |
When running the app |
|
Notice access, access pass to usage information (Required) |
View, change and collect the above items |
When running the app |
|
Camera(Required) |
Submit certificates by scanning QR code |
When running the app |
|
Common(External) storage (Required) |
Backup and restore certificates |
When running the app |
① Records on display, advertisement and contracts according to 「the Act on the Consumer Protection, in Electronic Commerce, Etc.」
a) Records on display and advertisement: stored for 6 months
b) Records on the contract or subscription withdrawal, payment and the supply of goods: stored for 5 years
c) Records on the consumer complaints or dispute settlement: stored for 3 years
② Records on materials for checking for communication facts according to 「the Protection of Communications Secrets Act」
a) Subscriber’s telecommunication date, opening/end time, counterpart’s directory number, frequency, location of the originating base stations: 1 year
b) Computer communication, internet log records material, connection spot: 3 months
Article 2 (Destruction of Personal Information)
① The Company strictly and immediately destroys personal information that fully serve its purpose of process and/or expiration of the retention period.
② If the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database or stored in a different storage place in the case where the personal information shall be stored according to other related acts.
③ The procedures and methods of destructing personal information are as follows.
a) Procedure: The company selects personal information that causes destruction and destroys personal information with the approval of the company's personal information protection manager.
b) Method: The company destroys personal information recorded and stored in the form of an electronic file so that the record cannot be reproduced, and the personal information recorded and stored in a paper document is crushed or incinerated with a shredder.
Article 3 (Provide Personal Information to a Third Party)
① The company processes the personal information of information subject within the specified scope in accordance with Article 1 (the purpose of processing personal information). The company provides personal information to the 3rd party only when it is applied to the consent of information subject and special provisions of the act in accordance with Articles 17 and 18 of 『the Personal Information Protection Act』.
② The company provides personal information to the 3rd party as follows.
Recipient |
Provided Personal Information |
Purpose |
Retention Period |
Korean National Police Agency |
Mobile phone number, BOD, Gender, any suspected information related to voice phishing (phishing detection information including call log of unsaved number, incoming/outgoing messages and messenger information, history of app installation and running) |
Prevent voice phishing, counseling for preventive activity and on site processing |
Destruct within 6months |
shinhan bank |
Prevent voice phishing and counseling for preventive activity |
Destruct within 3months |
|
Infinigru, shinhan card, SBI Savings Bank, kobit, BNK capital, Korea Credit Bureeau, shinhan savings bank, nonghyup card, hana savings bank |
Destruct within 6months |
||
SK telecom |
Mobile phone number |
Check service registration status |
Until the service is deregistered |
Guardian (Smart anti-phishing service user appoints as a service guardian) |
Mobile phone number, Call log, message and messenger information, phishing detection information |
Provide the guardian service |
Until the service is deregistered |
KG mobilians |
Name, BOD, Mobile phone number, Gender |
Check service registration status |
Until the service is deregistered |
NFT creator |
Name, recipient, Contact (phone number or mobile phone number), delivery address, NFT transaction history |
Deliver real product of NFT and respond to telephone counseling from buyer |
Until the service is deregistered |
Article 4 (Entrustment of Personal Information Processing)
① The Company entrusts personal information processing work to the outside.
Entrusted Company |
Entrusted Operations |
Retention and Usage Period |
HANKOOK Cloud |
Respond to telephone counseling from complaining customers |
Until the entrustment work is terminated |
Amazon Web Service Inc.(Korea) |
Provide infrastructure |
Until the entrustment work is terminated |
RaonSecure |
Manage and operate infrastructure (joint management and operation), provide card-based identification service |
Until the entrustment work is terminated |
Danal |
Provide phone-based personal authentication service |
Until the entrustment work is terminated |
galaxia MONEYTREE |
Payment Gateway service, buying commissions and selling price of creator’s work |
Until the entrustment work is terminated |
② When the company signs an entrustment contract, the company specifies responsibilities regarding processing information only for entrusted work, technical/managerial protection measures, the restriction of re-entrustment, managing and monitoring entrusted companies and compensation for damages in the contract in accordance with 「the Personal Information Protection Act」. The company carries out supervision to ensure for the entrusted party to safely process personal information.
③ If the details of the entrusted work or the trustee changes, we will disclose it through this personal information processing policy without delay.
Article 5 (Rights of the Subject of Personal Information and Legal Representatives and Exercising Those Rights)
① The subject of information can exercise rights of viewing, updating, deleting, stopping processing his/her personal information at any time.
② The exercise of rights under Article 1 can be made in written mail, email, fax and others in accordance with Protocol41 Protocol1, of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
③ The exercise of rights under Article 1 may be conducted through an agent, such as a legal representative of the information subject or a person entrusted.
④ Requests for access to personal information and suspension of processing may be restricted by Articles 35 and 37 of the Personal Information Protection Act.
⑤ A request for correction and deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.
⑥ The company checks whether the person who made the request for perusal, correction and deletion, or suspension of processing is the person who made the request or a legitimate agent.
Article 6 (Safety Measures for Personal Information)
The Company is taking the following measures to ensure the safety of personal information.
① Managerial measures
a) Establish and execute the plan of internal management, minimize the number of people in charge of handling personal information, conduct regular staff training
b) Control access by granting, changing and canceling access control to personal information processing system
c) Comply with security pledge (all employees)
② Technical measures
a) Access control management for the personal information processing system
b) Adopt and operate anti-virus programs and various security solutions
c) Protect user’s personal information with password and encode file and transmission data
d) Store access records and prevent tamper
③ Physical measures
a) Decide retention area as a restricted/limited area
b) Forbid unauthorized people to enter/leave office rooms and computer rooms
c) Monitor via surveillance cameras
Article 7 (Installation, Operation, and Rejection of an Automatic Personal Information Collection Device)
① The Company uses ‘cookie’ which saves and reads use information to provide customized services to users.
② A cookie is a very small amount of information sent by a server (http) to a user’s browser. Cookie can be saved in user’s PC hard disc.
a) Purpose: In order to provide optimized services to users by understanding service and website information visited by a user, popular search words and secure connection
b) Install, run and refuse cookie: the user sets options in his/her web browser to refuse to save any cookies at all.
c) If the user refuses to save cookies, he/she may experience some difficulty in using customized services
Article 8 (Chief Privacy Officer)
① The Company has designated the following persons as the Chief Privacy Officer and Personal Information Manager to remain responsible for responding to inquiries from the subject of personal information regarding personal information and damage relief.
Division |
Chief Privacy Officer |
Personal Information Manager |
Affiliation |
Yoon Won-seok, Executive Director of WhiteHat center |
Kim In-su, IT Planning/Operation Team leader |
|
privacy@raoncorp.com |
② If the subject of personal information has any inquiries regarding personal information protection, related complaints and damage relief while using the Company’s services, please contact the above officer and manager. The Company will answer and process it without delay.
Article 9 (Remedy for Infringement of Rights and Interests)
The subject of information can request dispute resolution or consult on personal information infringement to institutions including Personal Information Dispute Mediation Committee and KISA Personal Information Infringement Report Center. If you need to report or consult on other privacy infringement, please contact the following institutions.
① Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
② KISA Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
③ Prosecution Service: 1301 (www.spo.go.kr)
④ Korean National Police Agency: 182 (https://ecrm.police.go.kr)
Article 10 (Installation/Operation of Image Information Processing Device)
The Company has installed and operated image information processor.
① Basis of installation and purpose: infrastructure safety and fire prevention
② The number of processor, location, range: install 15 processors in total at major facilities, film all areas of the major facilities
③ Person in charge of manager, responsible office and person with access to image information: Park Jong-won, Management Planning Division
④ Shooting time, retention period, storage location, processing method
a) Shooting time: 24 hours
b) Retention period: 60 days from the time of filming
c) Storage location and processing: store and process it in the control room of image information processor (Management Support Team)
⑤ How and where to check image information: request inquire to the manager (Management Support Team)
⑥ Actions for information subject’s request for reading image information: Apply for an invoice for viewing and verifying the existence of personal image information. Access is allowed only when the information subject itself is photographed or clearly necessary for the life, body, and property interests of the information subject
⑦ Technical, managerial and physical measures for protecting image information: establish internal management plan, access control, access right, safety technologies for saving and transmitting image information, processing records storage, forgery prevention measures and locking device
Additional Clause
Users will be immediately notified of any addition, deletion, and/or modification in this Privacy Policy and personal information operation policy through the webpage.
Privacy Policy version: 3.4
Effective date: 2022. 12. 19
RaonWhitehat(“Company”) strictly complies with all domestic laws and regulations, including the Personal Information Protection Act, to protect users’ personal information and rights and interests. The Company has established the following privacy policy to smoothly handle users’ grievances related to personal information.
Article 1 (Personal Information Processes and Retention Period)
The Company has processed the following personal information list.
Segment |
Sub-segment |
Personal Information |
Purpose |
Retention period |
Inquiries and consultation |
Contact the website (estimate) |
[Required] Name, Rank, Department/Team, Email address, Contact (phone number, mobile phone number) |
Respond to inquiries |
Destruct immediately once responding to inquiries |
Use service |
Raon CTF service |
[Required] Name, Organization, Department/Team, Student ID/Employee ID, Email address, classification(position), Grade level, Passwords |
Provide and operate security training service |
Destruct once service is deregistered |
USIM simple authentication service |
[Required] Name, Gender, BOD, Mobile carrier, Mobile phone number, USIM serial code, OS information |
Provide personal authentication |
Destruct after 6-month of storage |
|
USIM smart authentication service |
[When register service]
|
Save and use joint certificate mobile phine USIM |
Destruct after 6-month of storage |
|
[when download the app]
|
Send the URL for app installation |
Delete after sending URL |
||
Smart sign service |
[Required] Mobile phone number, OS type, Service registration (registration / deregistration) |
Save joint certificate on the cloud and use it |
Destruct after 6-month of storage |
|
[when download the app]
|
Send the URL for app installation |
Delete after sending URL |
||
Smart credit |
[Required] Mobile phone number |
Check credit information |
Store for 6months from the date of service withdrawal |
|
Smart anti-phishing |
[Required] Mobile phone number |
Link with financial companies, e-commerce business and government institutes and provide notice service to prevent telecommunications financial fraud such as voice phishing |
Store for 1year from the service termination |
|
OmniOne |
[Required] Name, Mobile phone number, Native/Foreigner information, BOD, Gender, Connected Information, Duplication information(DI) |
Registration |
Until the service is deregistered |
|
OmniOne mobile ID |
[Required] Name, Rank, Department, Employee ID, School, Major, Student ID, Connected information(CI), Duplication information(DI) |
Issue certificate and manage access control |
Until the service is deregistered |
|
OmniOne digital certificate |
[Required] Name, Mobile phone number, BOD, Mobile carrier, Student ID, Connected information(CI), Duplication information(DI) |
Issue and submit certificate |
Until the service is deregistered |
|
OmniOne NFT |
[Required] Wallet address |
Provide service usage history |
Until the service is deregistered |
|
OmniOne NFT marketplace |
[Required] DID, Name, Mobile phone number, BOD, Email address, Gender, Profile image, Nickname, Wallet address, NFT transmission records, Connected information(CI), Duplication information(DI) |
Provide registration and service |
Until the service is deregistered |
|
[Required] Name, Recipient, Contact (phone number or mobile phone number), Delivery address |
Deliver a real product |
Until the service is deregistered |
||
Others |
The following personal information will be automatically generated and collected while using internet
service.
|
App provided by the Company requires the following access control of mobile device.
Service / App |
App Access Control |
Purpose |
Retention Period |
Smart anti-phishing |
|||
Contact (Required) |
Check whether the number is saved |
When running the app |
|
Call (Required) |
Identify incoming/outgoing and number |
When running the app |
|
Phone log (Required) |
Check whether it is voice phishing and utilize for protection activities |
When running the app |
|
SMS (Required) |
Check whether it is smishing and utilize for protection activities |
When running the app |
|
Access pass to usage information (Required) |
Monitor malicious apps and check using data regarding voice phishing |
When running the app |
|
Notice access (Optional) |
Detect and notify voice phishing and smishing |
When running the app |
|
Draw on the top of the other apps (Optional) |
Notify with a pop-up when detecting risky voice phishing while using other apps |
When running the app |
|
OmniOne |
Internet and WIFI status (Required) |
Whether to use internet (download and update pattern) |
When running the app |
Notice access (Required) |
Notification for the information of certificate issuance |
When running the app |
|
Notice access, access pass to usage information (Required) |
View, change and collect the above items |
When running the app |
|
Camera(Required) |
Submit certificates by scanning QR code |
When running the app |
|
Common(External) storage (Required) |
Backup and restore certificates |
When running the app |
① Records on display, advertisement and contracts according to 「the Act on the Consumer Protection, in Electronic Commerce, Etc.」
a) Records on display and advertisement: stored for 6 months
b) Records on the contract or subscription withdrawal, payment and the supply of goods: stored for 5 years
c) Records on the consumer complaints or dispute settlement: stored for 3 years
② Records on materials for checking for communication facts according to 「the Protection of Communications Secrets Act」
a) Subscriber’s telecommunication date, opening/end time, counterpart’s directory number, frequency, location of the originating base stations: 1 year
b) Computer communication, internet log records material, connection spot: 3 months
Article 2 (Destruction of Personal Information)
① The Company strictly and immediately destroys personal information that fully serve its purpose of process and/or expiration of the retention period.
② If the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database or stored in a different storage place in the case where the personal information shall be stored according to other related acts.
③ The procedures and methods of destructing personal information are as follows.
a) Procedure: The company selects personal information that causes destruction and destroys personal information with the approval of the company's personal information protection manager.
b) Method: The company destroys personal information recorded and stored in the form of an electronic file so that the record cannot be reproduced, and the personal information recorded and stored in a paper document is crushed or incinerated with a shredder.
Article 3 (Provide Personal Information to a Third Party)
① The company processes the personal information of information subject within the specified scope in accordance with Article 1 (the purpose of processing personal information). The company provides personal information to the 3rd party only when it is applied to the consent of information subject and special provisions of the act in accordance with Articles 17 and 18 of 『the Personal Information Protection Act』.
② The company provides personal information to the 3rd party as follows.
Recipient |
Provided Personal Information |
Purpose |
Retention Period |
Korean National Police Agency |
Mobile phone number, BOD, Gender, any suspected information related to voice phishing (phishing detection information including call log of unsaved number, incoming/outgoing messages and messenger information, history of app installation and running) |
Prevent voice phishing, counseling for preventive activity and on site processing |
Destruct within 6months |
shinhan bank |
Prevent voice phishing and counseling for preventive activity |
Destruct within 3months |
|
Infinigru, shinhan card, SBI Savings Bank, kobit, BNK capital, Korea Credit Bureeau, shinhan savings bank, nonghyup card, hana savings bank |
Destruct within 6months |
||
SK telecom |
Mobile phone number |
Check service registration status |
Until the service is deregistered |
Guardian (Smart anti-phishing service user appoints as a service guardian) |
Mobile phone number, Call log, message and messenger information, phishing detection information |
Provide the guardian service |
Until the service is deregistered |
KG mobilians |
Name, BOD, Mobile phone number, Gender |
Check service registration status |
Until the service is deregistered |
NFT creator |
Name, recipient, Contact (phone number or mobile phone number), delivery address, NFT transaction history |
Deliver real product of NFT and respond to telephone counseling from buyer |
Until the service is deregistered |
Article 4 (Entrustment of Personal Information Processing)
① The Company entrusts personal information processing work to the outside.
Entrusted Company |
Entrusted Operations |
Retention and Usage Period |
SCI Information Service |
Check whether smart credit user registers in the service |
Until the entrustment work is terminated |
HANKOOK Cloud |
Respond to telephone counseling from complaining customers |
Until the entrustment work is terminated |
Amazon Web Service Inc.(Korea) |
Provide infrastructure |
Until the entrustment work is terminated |
RaonSecure |
Manage and operate infrastructure (joint management and operation), provide card-based identification service |
Until the entrustment work is terminated |
Danal |
Provide phone-based personal authentication service |
Until the entrustment work is terminated |
galaxia MONEYTREE |
Payment Gateway service, buying commissions and selling price of creator’s work |
Until the entrustment work is terminated |
② When the company signs an entrustment contract, the company specifies responsibilities regarding processing information only for entrusted work, technical/managerial protection measures, the restriction of re-entrustment, managing and monitoring entrusted companies and compensation for damages in the contract in accordance with 「the Personal Information Protection Act」. The company carries out supervision to ensure for the entrusted party to safely process personal information.
③ If the details of the entrusted work or the trustee changes, we will disclose it through this personal information processing policy without delay.
Article 5 (Rights of the Subject of Personal Information and Legal Representatives and Exercising Those Rights)
① The subject of information can exercise rights of viewing, updating, deleting, stopping processing his/her personal information at any time.
② The exercise of rights under Article 1 can be made in written mail, email, fax and others in accordance with Protocol41 Protocol1, of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
③ The exercise of rights under Article 1 may be conducted through an agent, such as a legal representative of the information subject or a person entrusted.
④ Requests for access to personal information and suspension of processing may be restricted by Articles 35 and 37 of the Personal Information Protection Act.
⑤ A request for correction and deletion of personal information cannot be requested if the personal information is specified as the subject of collection in other laws and regulations.
⑥ The company checks whether the person who made the request for perusal, correction and deletion, or suspension of processing is the person who made the request or a legitimate agent.
Article 6 (Safety Measures for Personal Information)
The Company is taking the following measures to ensure the safety of personal information.
① Managerial measures
a) Establish and execute the plan of internal management, minimize the number of people in charge of handling personal information, conduct regular staff training
b) Control access by granting, changing and canceling access control to personal information processing system
c) Comply with security pledge (all employees)
② Technical measures
a) Access control management for the personal information processing system
b) Adopt and operate anti-virus programs and various security solutions
c) Protect user’s personal information with password and encode file and transmission data
d) Store access records and prevent tamper
③ Physical measures
a) Decide retention area as a restricted/limited area
b) Forbid unauthorized people to enter/leave office rooms and computer rooms
c) Monitor via surveillance cameras
Article 7 (Installation, Operation, and Rejection of an Automatic Personal Information Collection Device)
① The Company uses ‘cookie’ which saves and reads use information to provide customized services to users.
② A cookie is a very small amount of information sent by a server (http) to a user’s browser. Cookie can be saved in user’s PC hard disc.
a) Purpose: In order to provide optimized services to users by understanding service and website information visited by a user, popular search words and secure connection
b) Install, run and refuse cookie: the user sets options in his/her web browser to refuse to save any cookies at all.
c) If the user refuses to save cookies, he/she may experience some difficulty in using customized services
Article 8 (Chief Privacy Officer)
① The Company has designated the following persons as the Chief Privacy Officer and Personal Information Manager to remain responsible for responding to inquiries from the subject of personal information regarding personal information and damage relief.
Division |
Chief Privacy Officer |
Personal Information Manager |
Affiliation |
Yoon Won-seok, Executive Director of WhiteHat center |
Kim In-su, IT Planning/Operation Team leader |
|
privacy@raoncorp.com |
② If the subject of personal information has any inquiries regarding personal information protection, related complaints and damage relief while using the Company’s services, please contact the above officer and manager. The Company will answer and process it without delay.
Article 9 (Remedy for Infringement of Rights and Interests)
The subject of information can request dispute resolution or consult on personal information infringement to institutions including Personal Information Dispute Mediation Committee and KISA Personal Information Infringement Report Center. If you need to report or consult on other privacy infringement, please contact the following institutions.
① Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
② KISA Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
③ Prosecution Service: 1301 (www.spo.go.kr)
④ Korean National Police Agency: 182 (https://ecrm.police.go.kr)
Article 10 (Installation/Operation of Image Information Processing Device)
The Company has installed and operated image information processor.
① Basis of installation and purpose: infrastructure safety and fire prevention
② The number of processor, location, range: install 15 processors in total at major facilities, film all areas of the major facilities
③ Person in charge of manager, responsible office and person with access to image information: Park Jong-won, Management Planning Division
④ Shooting time, retention period, storage location, processing method
a) Shooting time: 24 hours
b) Retention period: 60 days from the time of filming
c) Storage location and processing: store and process it in the control room of image information processor (Management Support Team)
⑤ How and where to check image information: request inquire to the manager (Management Support Team)
⑥ Actions for information subject’s request for reading image information: Apply for an invoice for viewing and verifying the existence of personal image information. Access is allowed only when the information subject itself is photographed or clearly necessary for the life, body, and property interests of the information subject
⑦ Technical, managerial and physical measures for protecting image information: establish internal management plan, access control, access right, safety technologies for saving and transmitting image information, processing records storage, forgery prevention measures and locking device
Additional Clause
Users will be immediately notified of any addition, deletion, and/or modification in this Privacy Policy and personal information operation policy through the webpage.
Privacy Policy version: 3.3
Effective date: 2022. 10. 28