Purposes and Items to Manage Personal Information
INFINIQ shall not use personal information for purposes other than those intended; if the purposes change, it shall thereupon obtain the consent of the owner of the relevant information for the new purposes. INFINIQ uses collected personal information for the following purposes: 1. Request for Access to Personal Information: Access to personal information files held by INFINIQ may be requested in accordance with Article 35 (Access to Personal Information) of the Personal Information Protection Act. However, requests for access to personal information may be restricted according to Article 35 (5) of the Personal Information Protection Act. 2. Collected Items (Required): Name, Company Name, Email, Contacts 3. Period of Holding: In principle, after collection and collection purposes of personal information are achieved, the relevant personal information shall be destroyed without delay. Provided, where the personal information must be preserved pursuant to any related statutes, personal information may be preserved for a
certain period set by the related statutes as follows: ◦ The records of transactions, such as marks, advertisements, contents of contracts, and the execution thereof according to the Act on the Consumer Protection in Electronic Commerce, etc. - Records of marks and advertisements: June - Records of consumer complaints and/or settlements of dispute 3 years ◦ Preservation of communication confirmation data pursuant to Article 41 of the Protection of Communications Secrets Act - Computer communication, Internet log records, data on tracing the location of connectors: 3 months Preservation of identity verification information pursuant to Article 29 of the Enforcement Decree of the Act on Promotion of Information and Communications Network Utilization and Information Protection: 6 months after the posting of information on a message board
Methods for the exercise of rights and obligations of an owner of information
A user as an owner of information may exercise the following rights: 1. Request for Access to Personal Information: Access to personal information files held by INFINIQ may be requested in accordance with Article 35 (Access to Personal Information) of the Personal Information Protection Act. However, requests for access to personal information may be restricted according to Article 35 (5) of the Personal Information Protection Act. ◦ Where access to information is prohibited or restricted by Acts; ◦ Where a third party is likely to be physically harmed, or a third party's property or other interests are likely to be unduly infringed upon; ◦ Where access to information substantially hinders a public institution performing any of the following: - Affairs concerning tests for academic achievement, functions and employment, and qualification evaluation; - Affairs concerning an assessment or decision in progress regarding compensation and/or benefits; - Affairs concerning an audit and/or investigation being conducted under other Acts. 2. Request for Correction or Deletion of Personal Information: An owner of information may request the correction or deletion of his/her personal information held by INFINIQ in accordance with Article 36 (Correction or Deletion of Personal Information) of the Personal Information Protection Act: Provided, That if other statutes stipulates the particular personal information be collected, the owner of information shall not request the deletion thereof. 3. Request for Suspension from Managing Personal Information: An owner of information may request the suspension of the management of his/her personal information held by INFINIQ in accordance with Article 37 (Suspension from Managing Personal Information) of the Personal Information Protection Act: In addition, a legal guardian of a child under the age of 14 years may request access to, the correction, deletion, or suspension of the child's personal information from INFINIQ. However, the request for suspension of personal information may be restricted according to Article 37 (2) of the Personal Information Protection Act. ◦ Where there exist special provisions in any Act or it is necessary to fulfill an obligation imposed by or under any statute; ◦ Where a third party is likely to be physically harmed, or a third party's property or other interests are likely to be unduly infringed upon; ◦ Where a public institution is unable to conduct its affairs stipulated by or under other Acts unless it manages personal information; ◦ Where it is impractical to perform a contract, such as a failure to provide an owner of information with stipulated services unless INFINIQ manages their personal information, and the owner of the information fails to clearly express his/her intention to terminate the contract. 4. Regarding the request for access to, correction, deletion, and suspension of management of personal information, INFINIQ shall notify of the relevant affairs within 10 days. Access to, correction, deletion, and suspension of management of personal information may be requested for through the relevant department. 5. The above-mentioned rights may be executed through a legal representative of an owner of information or an agent delegated by the owner of information. In this case, a power of attorney must be submitted.
Destruction of Personal Information
When the holding period of personal information expires, or the management purpose of the personal information is achieved, INFINIQ shall destroy the personal information without delay: Provided, that this shall not apply where the personal information must be preserved pursuant to any other statute. Destruction procedures, periods and methods are as follows: 1. Destruction Procedures: After information entered by users exceeds the holding period or achieves the management purpose, it shall be destroyed pursuant to internal policy or related laws. 2. Destruction Periods: In case that users’ personal information exceeds the holding period, the personal information shall be destroyed within 5 days after the holing period expires. If the purpose of the management of personal information is achieved and the personal information is unnecessary, the personal information shall be destroyed within 5 days after the recognition that the management of the personal information is unnecessary. 3. Destruction Methods: INFINIQ destroys personal information the following methods: ◦ In the case of personal information in electronic form: It shall be permanently and unrecoverably deleted ◦ In the case of records, printouts, paper documents, and media containing personal information, other than electronic forms: They shall be shredded or incinerated
3rd party provision of personal information
INFINIQ provides personal information to third parties on if it falls under Article 17 and 18 of the Personal Information Protection Act, including the consent of the user as an owner of information and special provisions of the law.
Consignment of personal information
INFINIQ consigns the following personal information processing tasks to ensure smooth handling of personal information. Consignment processing company - Name of trustee: Midasit - Address: 17 Pangyo Seven Venture Valley 2 at 228 Pangyo-ro, Bundang-gu, Gyeonggi-do. - Phone: 031-789-1242 - Consignment operation: Selection and management of recruitment-related applicants and handling of civil petitions - consigned items: name, telephone number, and e-mail
Request of Personal information
Receiving and processing department for personal information access Department name: Personnel team Responsible: Kwon Hyun-gu Contact: Phone No. 02-555-8072, Fax No. 02-525-0043
Measures to Ensure Safety of Personal Information
INFINIQ shall take the technical, administrative, and physical measures necessary for ensuring safety pursuant to Article 29 of the Personal Information Protection Act. 1. Establishment and Execution of Internal Management Plans INFINIQ establishes and executes the internal management plan (February 27, 2020) pursuant to the ‘Standard to Secure Safety of Personal Information’ (Notice 2019-47 of the Ministry of Public Administration and Security) 2. Minimization and Education of Designation of Personal Information Managers: INFINIQ shall minimize the designation of personal information managers and conduct regular education programs. 3. Restrictions on Access to Personal Information: INFINIQ controls access to personal information through the granting, changing and cancelation of access rights to database systems to handle personal information, and prevents illegal access from outside using firewall systems and intrusion protection systems. When a personal information manager accesses personal information systems from outside through information network systems, he/she uses VPN (Virtual Private Network). INFINIQ shall record details regarding the granting, changing and cancelation of access rights and store the records for at least 3 years. 4. Encryption of Personal Information: INFINIQ shall encrypt, save, and manage users’ personal information. In addition, INFINIQ uses separate security functions such as encrypting when saving and transferring important data. 5. Technical Measures to Prepare for Hacking and more: INFINIQ installs security programs, conducts regular updates and examinations, installs systems at areas restricted access from outside, and monitors and blocks technically and physically to prevent personal information leakage and damage by hacking or computer viruses. 6. Access Control of Unauthorized Persons: INFINIQ prepares a separate physical storage place for personal information systems storing personal information, and establishes and operates its access control procedures.
Remedy for infringement of rights
The person in charge of information can ask the following agencies for compensation and counseling for personal information infringement.
Personal Information Protection Managers
INFINIQ will make reasonable efforts to respond to queries regarding personal information protection or reporting/handling personal information infringement. (In charge of personal information protection pursuant to Article 31 Paragraph 1 of the Personal Information Protection Act) head of the team responsible for personal information protection : Choi Jung-in, 02-561-7142 a team member in charge of personal information protection : Kim Myung-jin, 02-555-8072
Amendment of Personal Information Management Policies