Next Technology System (hereinafter referred to as the “Company”) establishes and discloses its Privacy Policy in order to protect the personal data of data subjects and handle their grievances swiftly under Article 30 of the Personal Information Protection Act.
Article 1 (Purposes of Personal Data Processing)
The Company processes personal data for the following purposes.
Personal data is not used for any other purposes than the intended ones sated below. In case of any change to the purposes of the use of personal data, the Company shall take necessary measures, such as obtaining additional consent from the data subject, in accordance with Article 18 of the Personal Information Protection Act.
1. Management of members
The Company processes personal data to verify the identification of the member when providing membership services, to maintain the membership status, to identify the member in accordance with the implementation of the real-name system, to prevent the wrongful use of the services, to check consent of a legal representative when personal data of a child under 14 years old is processed, and to handle notifications, notices, and grievances.
2. Provision of goods or services
The Company processes personal data to deliver products; provide services, contents, and customized services; and send written contracts or bills; and for identification, age verification, payment, settlement, debt collection, and other tasks.
3. Handling of grievances
The Company processes personal data to identify civil petitioners, check their grievances, contact them for a fact check, notify them of the result, etc.
Article 2 (Period of Personal Data Use and Retention)
(1) The Company processes and retains personal data within the legal period of the retention and use of personal data or the period of the retention and use of personal data consented by the data subject during personal data collection.
(2) The period for the processing and retention of personal data is as shown below.
1. Management of members: The Company shall immediately destroy personal data as soon as the purposes of its collection and use are achieved.
However, personal data may be retained until the intended period if falling under any of the following circumstances:
i. If an investigation or examination is in progress due to the violation of any relevant act, the retention period of personal data shall be extended until the investigation or examination ends; or
ii. If any relationship of a claim or obligation exists in regard to the use of the website, the retention period of personal data shall be extended until the relationship is settled.
2. Provision of goods or services: The Company shall retain personal data until the product or service is completely provided or the payment is made and settled.
However, personal data may be retained until the intended period if falling under any of the following circumstances:
i. The records on transactions, such as marks, advertisements, and contents of the contracts and execution thereof, in accordance with the Act on the Consumer Protection in Electronic Commerce
- The records on marks and advertisements: 6 months
- The records on the cancellation of a contract or an order, payment, and provision of goods: 5 years; or
- The records on consumers’ complaints or disputes: 3 years.
ii. The preservation of data for confirmation of the fact of communications in accordance with Article 41 of the Enforcement Decree of the Protection of Communications Secrets Acts
- The date of telecommunications by subscribers, the time that the telecommunications commence and end, the subscriber number of the counterparty, the frequency of use, and the data on tracing a location of information communications apparatus: 1 year; or
- The computer communications or internet log records and the data on tracing the access location of connectors: 3 months.
Article 3 (Users’ and Their Legal Representatives’ Rights and Methods of Exercising Such Rights)
(1) A data subject may exercise their rights related to personal data protection, shown in the following subparagraphs, to the Company:
1. The right to request access their personal data;
2. The right to request correction of errors, etc.;
3. The right to request deletion of personal data; and
4. The right to suspend the processing of personal data.
(2) A data subject can exercise their rights described in paragraph (1) by making a request in writing or by e-mail or fax, and the Company shall take necessary measures without delay.
(3) When a data subject requests correction or deletion of an error in personal data, the Company shall not use the personal data until it is corrected or deleted.
(4) Regarding paragraph (1), a data subject may exercise their rights through their representative such as a legal representative or a person delegated by them. In such a case, a power of attorney, Attached Form 11 of the Enforcement Rule of the Personal Information Protection Act, shall be submitted.
(5) A data subject shall not leak their or other person’s personal data, processed by the Company, or infringe their or other persons’ privacy, in violation of the relevant statutes, including the Personal Information Protection Act.
Article 4 (Personal Data Items to be Processed)
The Company processes the following personal data items:
1. Management of members
Items collected: Name, date of birth, sex, ID, password, password question and answer, e-mail address, service use history, access log, cookies, access IP information, and payment records
Method of collecting personal data: Company website (Inquiry)
2. The following personal data items may be automatically created and collected while using the internet services.
IP address, cookies, MAC address, service use history, website visit history, abnormal use history, etc.
Article 5 (Destruction of Personal Data)
(1) The Company shall destroy personal data without delay when such data becomes unnecessary owing to the expiry of the retention period, the attainment of the purposes of the personal data processing, and other reasons.
(2) If personal data must be retained in accordance with other statutes even though the retention period of such data consented by the data subject expires or the purposes of personal data processing are attained, the personal data shall be moved to a separate database or stored in a separate place.
(3) The personal data destruction procedure and method are as shown below:
1. Destruction procedure
The Company shall select personal data subject to destruction and destruct the data after obtaining approval from the privacy officer.
2. Destruction method
The Company shall destruct personal data recorded or saved in electronic files using tools like low-level formatting so that it cannot be restored. Personal data recorded or saved in hard copies shall be destroyed through shredding or incineration.
Article 6 (Measures to Ensure Safety of Personal Data)
The Company takes the following measures to ensure the safety of personal data:
1. Managerial measures: The Company establishes and implements an internal management plan, and provides employee training on a regular basis.
2. Technical measures: The Company manages the authority to access the personal data processing system, installs an access control system, encrypts personally identifiable information, and installs antivirus software.
3. Physical measures: The Company controls access to the computer room, data storage room, etc.
Article 7 (Installation and Operation of Personal Data Automatic Collection Tool and the Denial Thereof)
(1) The Company uses cookies used to save and import data frequently, in order to provide customized services for users.
(2) Cookies refer to small pieces of data sent to the user’s computer browser from the server (http) used for the operation of the website. Cookies are stored on the hard disk of the user’s computer.
a. Purpose of use of cookies: Cookies are used to provide optimized information for the user by analyzing the services used by the user, the websites visited by the user, their use patterns, popular search terms, whether to use security access, etc.
b. Installation and operation of cookies and denial thereof: The user can block cookies in Tools (in the browser tool bar at the top) > Internet Options > Privacy.
c. If cookies are blocked, the user may not be able to use customized services.
Article 8 (Privacy Officer)
(1) The Company has designated a privacy officer, as shown below, who comprehensively takes charge of personal data processing and handle grievances and remedial compensation in relation to personal data processing.
▶ Privacy officer
Name: Yu Hye-ran
E-mail: ntek@nteksys.com
Contact: +82-70-8789-8735
* Users will be connected to the department responsible for personal data protection.
(2) A data subject may contact the privacy officer and relevant department when they have any questions about personal data protection, handling of grievances, remedies, etc. while they are using the Company’s service (or business).
The Company shall reply to and take care of their inquiries without delay.
Article 9 (Request for Access to Personal Data)
A data subject may request access to their personal data from the department shown below, under Article 35 of the Personal Information Protection Act.
The Company shall do its best to take care of their request for access to personal data swiftly.
▶ Department responsible for receiving and handling request for access to personal data
Department: Strategic Planning Office
Person in charge: Yu Hye-ran
E-mail: ntek@nteksys.com
Contact: +82-70-8789-8735
Fax: +82-70-8789-0000
Article 10 (Remedies)
A data subject may contact the following institutions to discuss remedies for infringement on personal data.
▶ Personal Information Infringement Report Center (operated by the Korea Internet & Security Agency)
- Duties: Receipt of personal data infringement reports and provision of counseling service
- Website: privacy.kisa.or.kr
- Contact: 118 (without area code)
- Address: 3F, 9 Jinheung-gil, Naju-si, Jeollanam-do, 58324, Republic of Korea
▶ Personal Information Dispute Mediation Committee
- Duties: Personal data dispute mediation and group dispute mediation (civil settlement)
- Website: kopico.go.kr
- Contact: 1833-6972 (without area code)
- Address: 4F, 209 Sejong-daero, Jongno-gu, Seoul, 03171, Republic of Korea
▶ Cybercrime Investigation Division, Supreme Prosecutors’ Office: +82-2-3480-3573 (spo.go.kr)
▶ Korean National Police Agency Cyber Bureau: 182 (cyberbureau.police.go.kr)
Article 11 (Implementation of and Change in Privacy Policy)
This Privacy Policy shall take effect on August 17, 2022.