Personal Information Processing Policy
Privacy Policy of How to Machine (revised on April 15, 2021)
How to Machine (hereinafter called “the Company) establishes and discloses the following Privacy Policy in accordance with Article 30 of the Personal Information Protection Act in order to protect personal information of “individuals who are identifiable by the information processed hereby to become the subject of that information” (hereinafter called “data subject(s)”) and to make prompt and appropriate responses to any grievances about personal information.
[Article 1] Purposes of Processing Personal Information
① The Company collects and processes personal information for the following purposes. The personal information processed will not be used for other purposes than the specified, and any change in the specified purposes will require necessary steps under Article 18 of the Personal Information Protection Act, such as prior consent by data subjects
② Personal information is processed for the following purposes.
- To handle customers’ email inquiries
- To handle the inquiries reported through the Ethics Helpline
- To keep records on contracts, payments or consumer disputes
[Article 2] Period of Personal Information Processing and Retention
The personal information processed is retained until a customer’s email inquiry, report through the Ethics Helpline or proposal of new partnership is completely settled. Other records including those on contracts, payments and consumer disputes, however, are stored separately in accordance with applicable laws.
[Article 3] Sharing of Personal Information with Third Parties
The personal information collected pursuant to the Privacy Policy is processed only for the purposes and scopes specified in Article 1, but may be shared with third parties in the cases under Article 17 of the Personal Information Protection Act, such as cases agreed upon by data subjects or stipulated by applicable laws.
[Article 4] Outsourcing of Personal Information Processing
The Company will not outsource to third parties the processing of personal information without data subjects’ consent. In cases there arises a necessity to outsource the processing of personal information, the entity to which the processing is outsourced and the details of processing will be notified to data subjects to obtain their prior consent.
[Article 5] Rights and Obligations of Data Subjects, and How to Exercise the Rights
① A data subject (his/her legal representative in the case of a minor aged under 14) may at any time exercise his/her right by making a request to the Company regarding any of the following matters.
- Request to view personal information
- Request to correct inaccurate personal information
- Request to delete personal information
- Request to suspend processing personal information
② A data subject may exercise the right under Paragraph 1 by making a request to the Company in writing or by telephone, e-mail or fax, and the Company will take prompt steps upon receiving such a request.
③ The Company, when requested from a data subject to correct or delete personal information for its inaccuracy or other reasons, will not use or provide such information until the correction or deletion is completed.
④ The right under Paragraph 1 may be exercised by a data subject’s legal representative or other agents authorized to act for the data subject. In this case, the representative or agent shall submit a designated power of attorney (Form 11 attached to the Enforcement Decree of the Personal Information Protection Act).
⑤ A data subject shall not infringe on the privacy of the subject whose information is processed by the Company or other people by violating the Personal Information Protection Act or other relevant laws.
[Article 6] Installation and Operation of Personal Information Automatic Collection Tools, and Refusal thereof
① The Company may install and operate web cookies to store and search the information of customers who use the services on the Company’s website. A web cookie is a string of data that a server sends to the user’s web browser, and the browser may store it and send it back with the next request to the same server. The cookies stored in the user’s browser allow the user to use the services on the website without entering additional information like user’s name.
② The information the Company collects through web cookies includes user’s name, e-mail address and contact numbers, but other data than such information is not to be collected. The information collected through cookies by the Company may be used for the following purposes.
- To search the contents visited by the user in order to provide the user with customized services when he/she logs on to the website later
- To analyze the patterns of users so as to make improvements in services
- To use the data in updating the website
③ The user may configure the browser to accept all cookies, reject all cookies, or notify the user when a cookie is sent. The configuration can be checked, at the top of the browser, in Tools > Internet Options > Privacy > Advanced. Disabling cookies, however, may affect the user’s ability to use the services or the scope of the services provided by the Company.
④ Cookies expire when the browser is closed.
[Article 7] Items of Personal Information to be Processed
The items to be collected and processed by the Company are as follows.
① To handle customer inquiries
- Name
- Contact information
- E-mail address
② To handle inquiries reported through the Ethics Helpline
- Name
- E-mail address
[Article 8] Destruction of Personal Information
① The Company destroys personal information forthwith when it becomes unnecessary to retain the personal information, such cases as expiration of the retention period thereof or fulfillment of the purpose for which the information has been processed.
② Where personal information needs to be retained by law, regardless of the expiration of the retention period thereof or fulfillment of the purpose for which the information has been processed, the personal information will be moved to separate database or stored in other separate locations.
③ Personal information is destroyed in the following way.
- Procedure for destruction
– The Company selects the personal information that needs to be destroyed and within five days from the selection, destroys the information approved by the privacy officer specified in Article 10 of the Privacy Policy. - Method for destruction
– The personal information recorded and stored in electronic form is destroyed in ways that make it impossible to reproduce the record, such a method as low level formatting, while paper documents on personal information is destroyed with a shredder or by incineration.
[Article 9] Measures to Ensure Safety of Personal Information
The Company takes the following measures to ensure safety of personal information.
① Administrative measure : Formulating and implementing internal management plans, and periodic training for employees
② Technical measure : Managing access rights to the personal information processing system, installing an access control system, encrypting unique identification information, and installing security programs
③ Physical measure : Controlling the access to the computer rooms, archives and other such locations
[Article 10] The Company appoints a privacy officer who takes the overall responsibility for processing personal information, handling complaints filed by the subjects in connection with the information processed, dealing with compensations for damages, and other related works.
① The Company destroys personal information forthwith when it becomes unnecessary to retain the personal information, such cases as expiration of the retention period thereof or fulfillment of the purpose for which the information has been processed.
Privacy Officer
- Name : Son Hyun-seung
- Position : CEO
Team in Charge of Personal Information Protection
- Officer : CEO, Son Hyun-seung
② A data subject may contact the privacy officer or team in charge for inquiries about personal information protection, complaints, compensation for damages, or other matters regarding personal information in connection with the services (or businesses) of the Company.
The Company will make prompt responses to such inquiries.
[Article 11] Measures to Ensure Safety of Personal Information
A data subject may file a request with the following team to view personal information according to Article 35 of the Personal Information Protection Act. The Company will do its utmost to process such a request without delay.
Team Responsible for Receiving and Handling Requests to View Personal Information
- Officer : CEO, Son Hyun-seung
[Article 12] Measures to Ensure Safety of Personal Information
A data subject may inquire to any of the following agencies about a remedy for infringement or for consultation regarding personal information.
The agencies below are independent from the Company. If you are not satisfied with the Company’s handling of complaints about processing of personal information or compensation for damages, or need further assistance in connection with personal information, please contact the agencies.
Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Matters to be Covered : Receipt of reports or consultation about infringement on a right to personal information
- Website : privacy.kisa.or.kr
- Address : Personal Information Infringement Report Center, 3F, 9, Jinheung-gil, Naju-si, Jeollanam-do, 58324, Korea
Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency)
- Matters to be Covered : Application for personal information dispute mediation, settlement of collective dispute (civil remedy)
- Website : www.kopico.go.kr
- Address : 4F, Government Complex Seoul, 209, Sejong-daero, Jongno-gu, Seoul, 03171, Korea
Cyber Crime Investigation Division of Supreme Prosecutors’ Office
- Website : http://spo.go.kr
Cyber Safety Bureau of Korean National Police Agency
- Website : http://cyberbureau.police.go.kr
