<Graphene Lab> (hereinafter referred to as "Company") establishes and discloses personal information processing guidelines as follows to protect personal information of information subjects and to handle related grievances quickly and smoothly under Article 30 of the Personal Information Protection Act.
Article 1 (Purpose of Processing Personal Information)
The company processes personal information for the following purposes. The personal information being processed will not be used for any of the following purposes, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent under Article 18 of the Personal Information Protection Act.
- Sign up and manage homepage membership
- Personal information is processed for the purpose of confirming membership intention, identifying and certifying oneself according to the provision of membership services, maintaining and managing membership qualifications, preventing illegal use of services, checking consent of legal representatives when processing personal information for children under the age of 14.
- Provision of Services
- Personal information is processed for the purpose of providing services, providing content, providing customized services, identity authentication, and age authentication.
- Complaint handling
- Personal information is processed for the purpose of identifying the complainant, checking the complaint, contacting and notifying the results of the processing, etc.
Article 2 (Processing and Holding Period of Personal Information)
The company processes and holds personal information within the period of holding and using personal information or the period of holding and using personal information agreed to collect personal information from the data subject according to the law. Each personal information processing and holding period is as follows.
- Membership and management of the website : Until withdrawal from the website of the business operator/organization.
However, in cases falling under the following grounds, until the end of the relevant grounds.
- Where an investigation, investigation, etc. due to a violation of the relevant statutes is in progress, until the conclusion of the relevant investigation and investigation.
- Where the bond/debt relationship remains due to the use of the website, until the settlement of the relevant bond/debt relationship.
-
Provision of goods or services : until the supply of goods and services is completed and the payment and settlement of charges is completed.
However, if it falls under the following reasons, until the end of the relevant period.
- Records on transactions, such as indication, advertisement, contract details, and performance, etc. under the Act on 「Consumer Protection in Electronic Commerce」, etc.
- Records of indications and advertisements : 6 months
- Record of supply of contracts or subscription withdrawals, payment, goods, etc. : 5 years
- Records on the handling of consumer complaints or disputes : 3 years
- Keeping data on confirmation of communication facts under Article 41 of the 「Communications Secret Protection Act」
- Date and time of subscriber telecommunication, start and end time, counterparty subscriber number, frequency of use, and location tracking data of the originating station : 1 year
- Computer communication, Internet log record data, access destination tracking data : 3 months
Article 3 (Rights and Obligations of Information Subjects and Method of Exercise)
- The information subject may exercise the following rights related to personal information protection against the company at any time.
- Request for access to personal information
- Request correction if there is an error, etc
- Delete request
- Processing stop request
- The exercise of rights under paragraph (1) can be made in writing, by phone, e-mail, facsimile (FAX), etc. to the company, and the company will take action without delay.
- If the information subject requests correction or deletion of personal information errors, etc., the company will not use or provide the personal information until the correction or deletion is completed.
- The exercise of rights under paragraph (1) may be conducted through an agent, such as a legal representative of the information subject or a person entrusted. In this case, you must submit a power of attorney under attached Form 11 of the Enforcement Rules of the Personal Information Protection Act.
- The information subject shall not infringe on the personal information and privacy of the information subject himself or others being processed by the company in violation of relevant laws such as the Personal Information Protection Act.
Article 4 (Personal Information Items to be Processed)
The company is processing the following personal information items.
-
Sign up and manage homepage membership
- Required items : Name, ID, password, address, phone number, e-mail address.
- Selections :
-
Provision of goods or services
- Required items : Name, ID, password, address, phone number, e-mail address.
- Selections :
-
In the process of using the Internet service, the following personal information items can be automatically generated and collected.
- IP address, cookie, MAC address, service usage record, visit record, defect usage record, etc.
Article 5 (Destruction of Personal Information)
- The company shall destroy the personal information without delay when personal information becomes unnecessary, such as the lapse of the personal information retention period and the achievement of the purpose of processing.
- If the personal information retention period agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or stored in a different storage place.
-
The procedure and method of destroying personal information are as follows.
- Revocation procedure
- The company selects personal information that causes destruction and destroys personal information with the approval of the company's personal Information protection manager.
- Destruction method
- The company destroys personal information recorded and stored in the form of an electronic file by using methods such as Low Level Format so that records cannot be reproduced, and destroys personal information recorded and stored in paper documents by shredder or incinerator.
Article 6 (Measures to secure the safety of personal information)
The company is taking the following measures to ensure the safety of personal information.
- Management measures : Establishment and implementation of internal management plans, regular
- Technical measures : Management of access rights such as personal information processing systems, installation of access control systems, encryption of unique identification information, and installation of security programs.
- Physical measures : Control access to computer rooms, data storage rooms, etc.
Article 7 (Matters concerning the installation, operation, and rejection of an automatic
personal information collection device.)
- In order to provide individual customized services to users, the company stores usage information and uses 'cookie' that comes in from time to time.
-
Cookies are a small amount of information sent by the server (http) used to run the website to the user's computer browser and are sometimes stored on the hard disk in the user's PC computer.
- Purpose of use of cookies : It is used to provide optimized information to users by identifying the type of visit and use of each service and website visited by users, popular search terms, security access, etc.
- Installation, operation, and rejection of cookies : You can refuse to save cookies by setting options in the Tools > Internet Options > Privacy menu at the top of the web browser.
- Refusing to save cookies can cause difficulty in using customized services.
Article 8 (Personal Information Protection Manager)
-
The company is in charge of handling personal information, and designates a person in charge of personal information protection as follows to handle complaints and remedy damages by the information subject related to personal information processing.
- Person in charge of personal information protection
- Name : Kim Hyun Woo
- Position : Director
- Contact : hwkim@graphenelab.co.kr
- Personal Information Protection Department
- Name Of Team : Management Support
- Name : Kim Hyun Woo
- Contact : hwkim@graphenelab.co.kr
- The information subject can contact the personal information protection manager and the department in charge for all personal information protection inquiries, complaints, and damage relief that have occurred while using the company's service (or business). The company will answer and process the information subject's inquiries without delay.
Article 9 (Request for access to personal information)
The information subject may request the following departments to view personal information under Article 35 of the Personal Information Protection Act. The company will try to expedite the request for access to personal information by the information subject.
- Personal Information Access Request Receipt and Processing Department
- Name Of Team : Management Support
- Name : Kim Hyun Woo
- Contact : hwkim@graphenelab.co.kr
Article 10 (Method of remedy for infringement of rights and interests)
The information subject can inquire about damage relief and counseling for personal information infringement to the following institutions.
<The organization below is separate from the company, so please contact us if you are not satisfied with the company's own personal information complaint handling and damage relief results, or if you need further help>
- Personal Information Infringement Reporting Center (operated by the Korea Internet & Security Agency)
- Responsible duties : reporting personal information infringement and applying for counseling
- Homepage : privacy.kisa.or.kr
- Phone : (without country code) 118
- Address : (58324) Personal Information Infringement Report Center on the 3rd floor of Jinheung-gil 9 (Bitgaram-dong 301-2), Naju-si, Jeollanam-do.
- Personal Information Dispute Mediation Committee
- Responsible affairs : Application for dispute settlement of personal information, collective dispute settlement (civil resolution).
- Homepage : www.kopico.go.kr
- Phone : (without country number) 1833-6972
- Address : (03171) 4th floor of the Seoul Government Complex, 209, Sejong-daero, Jongno-gu, Seoul.
- Cyber Crime Investigation Team of the Supreme Prosecutors' Office
- Homepage : www.spo.go.kr
- Phone : 02-3480-3573
- National Police Agency Cyber Safety Administration
- Homepage : http://cyberbureau.police.go.kr
- Phone : 182
Article 11 (Change of Personal Information Processing Policy)
- This personal information processing policy will be applied from March 11th, 2021.
- You can check the previous personal information processing policy in the notice.