HEBAT Co., Ltd. (hereinafter referred to as "our company") complies with the laws and regulations related to personal information such as the information communication network use promotion and information protection law, Injobo protection law etc. The company has enacted its personal information protection policy and is doing its utmost to protect the interests of users. The company announces what kind of measures the company will take in order to protect personal information by using the personal information of the user through the handling policy of personal information in what use and method. When revising the personal information protection policy, the company will make public notice via web site notice (or individually known).
1. Items of personal information to be collected and collection method.
A. The company collects the following personal information to prevent membership registration, non-members purchase, consultation, and use of defective products.
- Required items: Name, ID, password, e-mail, phone number, address, IP Address, billing record
- Selection item: Information required by the company to provide personal service.
B. Collection method
The company collects personal information in the following way.
The company receives essential information for providing services online when users join the membership to use the member service. The essential information you receive when you sign up is your name, e-mail address, phone number, and address, and you will be able to enter additional information to provide us with high quality services. Also, at the time of questionnaire survey or event in the service, you can request selective input of personal information for local such as statistical analysis and prize offering. However, sensitive personal information (racial and ethnic, ideological and dogma, origin and place of origin, political inclination and criminal records, health status, and sex life, etc.) that may be at risk of users violating basic human rights is not collected. In the event of inevitable collection, the users ' prior consent will be sought. In any case, the information you enter will not be used for anything other than the purpose for which it was previously disclosed to you, and will not be leaked externally.
2. Purpose of collection and use of personal information
The company uses the collected personal information for the following purposes.
A. Fulfillment of contracts related to the provision of services and settlement of fees due to the provision of services, Content provision, Purchase and payment settlement, Delivery of goods or dispatch of invoices etc., Financial transaction principal authentication and financial services.
B. Membership management
Identity verification by using membership service, Personal identification, Prevention of unauthorized use of defective members and prevention of unauthorized use, Confirmation of registration, Age verification, Complaint handling such as complaints, Notification delivery
C. Use for marketing and advertising
Statistics about events such as events, advertising information transmission, frequency of access or use of services by members
3. Retention and utilization period of personal information
In principle, after collecting and collecting personal information, the company will discard the information without delay. Provided, however, that if there is a reason for having to hold for a certain period on the grounds of confirmation of transaction-related management obligation relationship, as described below, according to the provisions of the "Commercial Code" and "Law Concerning Protection of Consumer in Electronic Commerce" , Keep personal information for a certain period of time.
- Record concerning contract or withdrawal of contract: 5 years (Law concerning consumer protection such as electronic commerce)
- Record concerning supply of price settlement and goods etc.: 5 years (Law concerning consumer protection such as electronic commerce)
- Record concerning consumer dissatisfaction or dispute resolution: 3 years (Law concerning consumer protection such as electronic commerce)
- When collected for temporary purposes, such as surveys or events : At the end of the questionnaire, event, etc.
- Record concerning identity verification: 6 months (Act on Promotion of Information Communication Network and Information Protection, etc.)
- Record on visit (log): 3 months (communication secret protection law)
4. Procedure and method for discarding personal information
In principle, after collecting and collecting personal information, the company will discard the information without delay. Disposal procedures and methods are as follows.
A. Destruction procedure
The information entered by the user for the use of the service is transferred to a separate DB after the purpose has been accomplished (in the case of paper, separate document box). According to the internal policy and other relevant laws and regulations, Period is saved and destroyed. Personal information transferred to a separate DB can not be used for any other purpose other than in the case of law.
B. Discard method
- Personal information printed on paper: crushed by incinerator or grinding with a grinder
- Personal information stored in the form of an electronic file: delete using a technical method that can not play the record
5. Provision of personal information to third parties
The personal information of the user is used within the range agreed for the purpose of collecting personal information and using it, and does not use it beyond the scope without prior consent of the user. As a rule, we will not disclose your personal information to the outside. However, except in the following cases.
- When the user agree in advance
- In accordance with the provisions of laws or ordinances, or if there is a request from an investigative agency pursuant to procedures and methods prescribed by laws and regulations for investigation purposes
6. Consignment of personal information
In order to smoothly process your personal information, you must notify the person who is entrusted with personal information processing beforehand (hereinafter referred to as the "trustee") and the contents of the work entrusted with personal information processing entrustment. At present, the contents of the personal information processing trustee and its work are as follows.
Person to be entrusted (trustee) : Contents of consignment work (consignment work)
Paypal : Payment related
7. Rights of users and legal representatives and how they are exercised
A. The user and the legal representative can refer to or change the personal information of the person registered at any time or the child under the age of 14, and can also request cancellation of subscription (consent withdrawal).
B. In order to cancel (subscribe withdraw) "change personal information" (or "member information change") in order to inquire or revise personal information of users or children under 14 years of age, After clicking on, you can directly view, correct or withdraw from the process of identity verification after the change.
C. Alternatively, if you contact the personal information manager with written, telephone or e-mail, we will take action without delay.
D. 이If you request correction of errors in your personal information, we will not use or provide your personal information until you have completed the correction. In addition, if the wrong personal information has already been provided to a third party, we will notify the correction result to the third party without delay so that the correction can be made.
E. Personal information canceled or deleted at the request of the user or the legal representative is processed as described in "3. Personal Information Holding and Use Period", so that the company can not browse or use it for other purposes We are processing it.
8. Matters concerning the management of cookie
A. Purpose of using cookie
Analyze connection frequency and visit time of members and non-members, track customer's preferences and interests, trace traces, provide target marketing and personal services through grasping the degree of participation in various events and the number of visits.
You have the right to choose cookie installation. You may therefore allow all cookies, check each time they are saved, or refuse to save all cookies by setting up options in your web browser.
B. How to decline cookie settings
By selecting the option of the Web browser to be used, the user selects to permit all cookies each time the user saves the cookie, after confirming it, or refuses to save all the cookies can do.
- Example of setting up method (for Internet Explorer) : Tools at the top of your web browser > Internet Option > Personal Information
- However, if the customer refuses to install the cookie, it is difficult to provide the service.
9. Technical / administrative measures for protecting personal information
A. The Company takes the following technical measures to ensure the safety of personal information in order to prevent personal information from being lost, stolen, leaked, altered, or damaged in handling personal information of users.
- User's personal information is encrypted and protected. However, despite the fact that the company protects the personal information of the user by encrypting it, there is a possibility of unintentional loss or theft or leakage to others in the process of Internet use in public places. Therefore, the users shall not disclose personal information to others, such as leakage, lending, or providing information. The users shall manage their personal information responsibly from the illegal collection of personal information using social engineering methods such as phishing. The Company shall not be liable for any loss, theft, phishing or disclosure of such Personal Information.
- User's personal information is basically protected by password, and file and transmission data are encrypted and important data is protected by separate security function.
- The company constantly uses a vaccine that automatically updates new information, and 24-hour workers are stationed and taking protective measures to prevent damage by computer virus. If a virus is infiltrated, it automatically sends a virus infiltration alarm to a worker and automatically heals it.
- The company employs a security device (SSL or SET) that can securely transmit personal information on the network using an encryption algorithm.
- The company operates an intrusion detection and intrusion prevention system from the outside for 24 hours in order to prevent leakage of user's personal information by intrusion of corporate information communication network such as hacking.
B. The company recognizes the importance of protecting the personal information of the user, and in order to protect the personal information of the user, take the following administrative measures such as limiting the staff of handling personal information to a minimum It is.
- We regularly conduct internal education and outsourced education on employees dealing with personal information about acquisition of new security technologies and obligation to protect personal information.
- Personal information and general data are stored separately through separate servers without storing them as a mixture.
- We set computer room and document storage room etc as special protected area, and control entry and exit.
- The company is not responsible for what happens due to user's personal mistake or basic Internet hazard. In order to protect personal information of each user, each user appropriately manages his / her username (ID) and password and takes responsibility for it.
10. Obligation of notice
This policy will be enforced from: May/21/2018.