Personal Information Protection Policy

DNF Co., Ltd (hereinafter the 'Company') protects the personal information of the information subject in accordance with Article 30 of the Personal Information Protection Act and establishes and provides the following personal information handling guidelines in order to promptly and smoothly handle related grievances.

Article 1. Items of personal information to be collected

The company collects the following personal information for membership registration, consultation, and service application.

1. Website membership registration and management
  1. Required: E-mail address
  2. Option: Full name, contact

2. In the process of using the Internet service, the following personal information items may be automatically created and collected.
  1. Collection method of personal information: If the company prepares a procedure for the user to click the ‘I agree’ button for each content of the personal information protection policy and the terms of use and agrees to it, it is deemed to have consented to the collection of personal information.
  2. Company action when entering false information: Customers must enter accurate information. If false information is entered in violation of this, such as stealing other people's information, the customer may be reported in accordance with related laws and may be forced to withdraw.

Article 2. Period of retention and use of personal information

1. After the purpose of collecting and using personal information is achieved, the company destroys the information without delay without exception.

The company will retain and use the user's personal information only from the date of membership registration to the period of providing the service. Upon receipt of requesting membership withdrawal or achieving the purpose of collecting and using personal information, the information will be destroyed without delay without exception.

2. Personal information processing and retention period is as follows.
  1. Retention items: website member registration information (name, contact information, e-mail address)
  2. Retention Basis: Prevention of confusion in service use, cooperation with relevant agencies in investigation of illegal users
  3. Retention period: Until the customer leaves the website

  1. Retention items: service use records, access logs, access IP information
  2. Retention Basis: Communication Secret Protection Act
  3. Retention period: 3 months

3. In the following cases, all or part of member information collected exceptionally may be kept for a certain period of time.
  1. In the following cases, all or part of the member information collected exceptionally may be kept for a certain period of time.
  2. In case of shipping information: When goods or services are delivered or provided
  3. In case collected for the purpose of a survey or event: When the survey or event is completed
  4. In case a member who has withdrawn from membership requests deletion of his/her postings, it will be processed accordingly immediately.

Article 3. Matters concerning the provision of personal information to third parties

1. Except for the following, in principle, the company does not provide the personal information of the information subject to the outside.
  1. When the information subject accepts (at the time of membership registration).
  2. In accordance with the provisions of laws and regulations, or when there is a request from the investigation agency in accordance with the procedures and methods stipulated in the laws for the purpose of investigation

Article 4. Matters concerning entrustment of personal information processing

1. The company may consign the collection, handling, management, etc. of your personal information to an external party for service improvement.
  1. When consign the processing of personal information, the company will notify the customer in advance through the website of the entrusted institution and the fact.
  2. In the consignment contract, in order to ensure the safety of personal information protection, the company clearly stipulates strict adherence to personal information protection-related instructions, prohibition of personal information leakage, and responsibility in case of an accident, and will keep the contract details in writing or electronically.

Article 5. Matters concerning the rights and obligations of information subjects and methods of exercising them

1. The information subject may exercise the following personal information protection rights against the company at any time.
  1. Request to read personal information
  2. Request for correction in case of errors, etc.
  3. Request for deletion
  4. Request to stop processing

2. The exercise of the rights pursuant to Paragraph 1 may be made to the company in writing, by phone, e-mail, fax, etc., and the company will take action without delay.
3. If the information subject requests correction or deletion of personal information for errors, the company will not use or provide the personal information until the correction or deletion has been completed.
4. The customer may exercise the rights under Paragraph 1 through the legal representative of the information subject or an agent such as a person who has been delegated.
5. The information subject must not infringe the revised information and privacy of the information subject himself or others processed by the company in violation of related laws such as the Personal Information Protection Act.

Article 6. Matters concerning the destruction of personal information (guidelines)

1. The company destroys the personal information without delay when the personal information becomes no longer necessary, such as the expiration of the personal information retention period or achievement of the purpose of processing.
2. If the retention period of the personal information as agreed by the information subject has elapsed or the personal information must be kept according to other laws despite the achievement of the purpose of processing, the personal information may be moved to a separate database (DB) or stored to be preserved differently.
3. The procedure and method of personal information destruction are as follows.
  1. Destruction procedure: The company selects the personal information for which the reason for destruction occurred, and destroys the personal information with the approval of the company's personal information protection officer.
  2. Destruction method: The company destroys personal information recorded and stored in electronic file format using methods such as Low Level Format so that the record cannot be reproduced, and personal information recorded and stored in paper documents will be shredded or incinerated to destroy it.

Article 7. Matters of the person in charge of personal information protection

1. The company is responsible for handling personal information, and has designated a person in charge of personal information protection as follows to handle complaints and damage relief from information subjects related to personal information processing.
2. The information subject may ask about all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the company's service (or business) to the person in charge of personal information protection and the department in charge.

The company will respond and handle the inquiries of the information subject without delay.

Article 8. Matters concerning measures to ensure the safety of personal information

The company is taking the following measures to ensure the safety of personal information.

  1. Administrative measures: establishment of internal management plan and implementation, regular employee training, etc.
  2. Technical measures: Management of access rights of personal information processing system, etc., installation of access control system, encryption of unique identification information, installation of security program
  3. Physical measures: Control access to computer rooms, data storage rooms, etc.

Article 9. Changes in the personal information processing policy

This Personal Information Processing Policy is effective from September 1, 2019.