CTR Co., Ltd. (hereinafter referred to as “CTR”) values the personal information of all users and is doing its best to effectively manage and safely protect the personal information of users.
CTR complies with various laws and regulations related to personal information protection, including the 『Personal Information Protection Act』, and enacts a personal information processing policy to protect personal information and to quickly and smoothly handle complaints related to personal information as follows: Establish and disclose treatment policies.
1. Personal information refers to information about a living individual, information such as code, text, voice, sound, video, and biometric characteristics that can identify the individual by name, e-mail, etc. (including those that can be easily identified by combining with other information).
2. CTR values the personal information of users and complies with various laws and regulations related to the protection of personal information.
3. CTR informs you of the purpose and method of using the personal information provided by users through the personal information processing policy and what measures are being taken to protect personal information.
4. CTR's personal information processing policy may change according to changes in related laws and internal operating policies. If the personal information processing policy is changed, the reason and the changed content will be notified through the homepage without delay.
CTR processes personal information for the following purposes. Personal information being processed will not be used for purposes other than the following, and if the purpose of use is changed, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1. CONTACT US : Personal information is collected for the purpose of verifying the identity of the complainant, confirming complaints, contacting and notifying for fact-finding, and notifying processing results.
2. Cyber Report Center: Personal information is collected for the purpose of confirming the identity of the reporter, contacting and notifying for fact-finding, and notifying processing results.
CTR collects only the minimum personal information necessary for membership registration and service provision as follows, and may significantly violate the human rights of users, such as race and ethnicity, ideology and creed, place of birth and domicile, political orientation and criminal record, health condition, etc. We do not collect any personal information of concern. In addition, it may be selectively requested to enter personal information for statistical analysis or provision of prizes during surveys or events within CTR, but prior consent from users will be obtained without fail.
1.Items of personal information collected
1) Personal information items
① CONTACT US : Name, address, contact number, fax, e-mail, company name, workplace department
② Cyber Report Center: Name, contact number, email
2) Information that can be generated and collected in the process of using the service or processing business
- Service use time/use record, access log, content used, cookie, access IP, payment record
2. How personal information is collected
1) Personal information entered by users such as homepage, event application and application, event participation, etc.
2) Generation in the process of using the service or processing work, provision from affiliates, collection through generated information collection tools, etc.
In principle, when the purpose of use is achieved, the user's personal information is destroyed without delay, and if there is a period of retention and use of personal information agreed upon at the time of collection, personal information is processed within this period. However, the following information is retained for the specified period for the following reasons.
1. Reasons for retaining information according to internal policy
1) Preservation items: name, service use record
2) Grounds for retention: Prevention of confusion with theft and use of personal information protection by others other than individuals
3) Retention period
- Records on consumer complaints and dispute handling: 3 years (Act on Consumer Protection in Electronic Commerce, etc.))
- Records on identity verification: 6 months (Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.)
CTR uses the user's personal information within the scope specified in the 'Personal Information Handling Policy', and does not share or provide it to third parties beyond the specified scope. However, in the following cases, personal information may be provided to a third party.
1. When separate consent is obtained from the information subject
2. When there are special provisions in the law or it is unavoidable to comply with legal obligations
3. Cases in which the data subject or his/her legal representative is unable to express his/her intention or obtain prior consent due to unknown address, etc., which is clearly recognized as necessary for the immediate benefit of the life, body, or property of the information subject or a third party case
4. When personal information is provided in a form in which a specific individual cannot be identified as necessary for purposes such as statistical writing and academic research
5. If personal information is used for purposes other than the intended purpose or if it is not provided to a third party, the relevant duties stipulated in other laws cannot be performed, and the protection committee has deliberated and decided
6. Where it is necessary to provide to foreign governments or international organizations for the implementation of treaties and other international agreements
7. Where it is necessary for the investigation of a crime and the filing and maintenance of a public prosecution
8. When it is necessary for the court's trial work
9. When it is necessary for the execution of punishment, probation, and protective disposition
In principle, CTR processes the personal information of the information subject within the scope specified for the purpose of collecting and using it, and processes it beyond the scope of the original purpose or provides it to a third party without the prior consent of the information subject, except in the following cases. Do not.
In principle, CTR destroys the information without delay after the purpose of collecting and using personal information is achieved. The destruction procedure and method are as follows. If personal information must be kept in accordance with other laws and regulations, the personal information is moved to a separate database (DB) or stored in a different storage location.
1. Destruction procedure
CTR selects the personal information for which the reason for destruction occurred and destroys the personal information with the approval of the person in charge of personal information protection of CTR.
2.Destruction method
CTR destroys personal information recorded and stored in electronic file form so that the record cannot be reproduced, and personal information recorded and stored in paper documents is shredded with a shredder or destroyed by incineration.
3. Expiration date
For personal information of users, within 10 days from the end of the retention period when the retention period of personal information has elapsed, or when the personal information becomes unnecessary, such as the achievement of the purpose of processing personal information, 10 days from the date when the processing of personal information is recognized as unnecessary We will destroy that personal information within one day.
CTR takes the following measures to ensure the safety of personal information.
1. Administrative measures: Establishment and execution of internal management plans, regular employee training, etc.
2. Technical measures: Management of access rights such as personal information processing system, installation of access control system, encryption of unique identification information, etc., installation of security program
3. Physical measures: Access control in computer room, data storage room, etc.
CTR is responsible for overall handling of personal information, and has designated the person in charge of personal information protection as follows to handle complaints and damage relief of information subjects related to personal information processing.
Users can inquire about all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using CTR's service to the person in charge of personal information protection and the department in charge. CTR will answer and process inquiries from information subjects without delay.
| Privacy Officer | Privacy Manager |
|---|---|
| Name: Donghwan Yang | Name: Dong-eon Kim |
| Department : Information Security Team | Department : Information Security Team |
| Position : CISO/CPO | Position : Manager |
| E-mail : donghwan.yang@ctr.co.kr | E-mail : dongeon.kim@ctr.co.kr |
Users can inquire about damage relief and consultation for personal information infringement to the following organizations.
The organizations below are independent from CTR. If you are not satisfied with the results of personal information complaint handling and damage relief by CTR, or if you need more detailed help, please contact us.
1. Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Homepage : privacy.kisa.or.kr
- Phone : (without area code) 118
- Address: (138-950) Korea Internet & Security Agency Personal Information Infringement Report Center, 135 Jungdae-ro, Songpa-gu, Seoul
2. Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency)
- Jurisdiction: personal information dispute mediation application, collective dispute mediation (civil settlement)
- Homepage : privacy.kisa.or.kr
- Phone : (without area code) 118
- Address : (138-950) Korea Internet & Security Agency Personal Information Infringement Report Center, 135 Jungdae-ro, Songpa-gu, Seoul
3. Supreme Prosecutor's Office Cybercrime Investigation Team : 02-3480-3573 (www.spo.go.kr)
4. National Police Agency Cyber Terror Response Center : 1566-0112 (www.netan.go.kr)
This Privacy Policy is applied from the enforcement date, and if there is an addition, deletion, or correction of changes in accordance with laws and policies, we will notify you through notices 7 days before the implementation of possible changes.
Date of announcement of privacy policy : 2022. 03. 27
Enforcement date of privacy policy : 2022. 04. 01
Privacy Version : REV03
