CTR Co., Ltd. (hereinafter referred to as "CTR") highly values the personal information of all users and makes its utmost efforts to manage and protect such information safely and effectively.
CTR complies with the Personal Information Protection Act and other relevant laws and regulations. CTR has established and discloses the following privacy policy to protect personal information and ensure smooth and prompt handling of complaints related to it.
1. “Personal information” refers to any data related to a living individual that can identify the person using identifiers such as names or emails, including codes, characters, sounds, images, and biometric data (including cases where a specific individual can be identified easily by combining such data with other information).
2. CTR values users’ personal information and adheres to all laws and regulations regarding personal information protection.
3. Through this privacy policy, CTR informs users how their information is collected, used, and protected.
4. This policy may change according to legal amendments or internal operational changes. Any changes will be immediately notified on the website along with the reason and details of the change.
CTR processes personal information for the following purposes. The collected personal information will not be used for any purpose other than those stated below. If the purpose changes, CTR will obtain separate consent in accordance with Article 18 of the Personal Information Protection Act.
1. CONTACT US : Personal information is collected for identification, verification of complaints, communication for factual investigation, and notification of results.
2. Cyber Whistleblower Center: Personal information is collected for the identification of the whistleblower, communication for factual investigation, and result notification.
CTR collects only the minimum necessary personal information to provide its services. CTR does not collect sensitive information such as race, ideology, political orientation, health status, or criminal record. If additional information is requested through surveys or promotional events, prior consent will be obtained.
1.Personal Information Items Collected
1) Personal information items
① CONTACT US : Name, address, contact number, fax number, email, company name, department
② Cyber Whistleblower Center: Name, contact number, email
2) Automatically collected during service use or business processing
- Service usage time/history, access logs, content used, cookies, IP addresses, payment history
2. Methods of Collection
1) Through the website, event applications, and user input
2) Automatically generated during service use, provided by affiliates, or collected via information tools
Personal information is promptly destroyed once the purpose of collection has been achieved, or retained only within the agreed retention period. However, the following information is retained for specified periods for the following reasons.
1. Internal Policy
1) Retained Items: Name, service usage history
2) Reason: To prevent confusion with identity theft or misuse
3) Period
- Records related to complaints and disputes: 3 years (Act on Consumer Protection in E-commerce)
- Identity verification records: 6 months (Act on Promotion of Information and Communications Network Utilization)
CTR shall use users’ personal information only within the scope specified in this Privacy Policy and shall not share or provide such information to third parties beyond that scope. However, personal information may be provided to third parties in the following cases.
1. Where the data subject has given separate consent
2. Where it is unavoidable in order to comply with special provisions of the law or legal obligations under applicable statutes
3. Where it is clearly necessary for the urgent benefit of the data subject or a third party’s life, body, or property, and prior consent cannot be obtained due to the data subject or their legal representative being unable to express intention or being unreachable
4. Where the personal data is provided in a form that makes it impossible to identify a specific individual, for purposes such as statistics compilation or academic research
5. Where failure to use personal data for purposes other than the intended ones, or to provide such data to a third party, would make it impossible to perform duties prescribed by other laws, and such use or provision has been deliberated and resolved by the Protection Commission
6. Where it is necessary to provide personal data to a foreign government or international organization for the implementation of treaties or other international agreements
7. Where it is necessary for the investigation of crimes, the prosecution, and the maintenance of criminal proceedings
8. Where it is necessary for the performance of judicial affairs by a court
9. Where it is necessary for the execution of criminal punishment, custody, or protective dispositions
CTR does not transfer personal information overseas. If such transfer becomes necessary, CTR will specify the purpose, country, method, and recipient in accordance with Article 28-8 of the Personal Information Protection Act and obtain prior consent.
CTR may outsource personal information processing for service provision. Information such as the trustee, the nature of the outsourced task, and contact information will be disclosed through the website or individual notices.
CTR promptly destroys personal information after the purpose of use is fulfilled. If retention is required by law, the data is stored in a separate database or kept in a different storage location.
1. Destruction procedure: Personal data identified for destruction is reviewed and approved by the privacy officer before disposal.
2.Destruction Method: Electronic data is irreversibly deleted. Paper documents are shredded or incinerated.
Destruction Timeline: Within 10 days after the retention period ends or within 10 days from the day the data becomes unnecessary.
CTR ensures data safety with the following measures.
1. Administrative Measures: Internal management plans, regular staff training
2. Technical Measures: Access control, encryption of unique identifiers, security software
3. Physical Measures: Controlled access to data storage rooms and computer rooms
If any automated decision-making (e.g., AI assessments) occurs, the data subject has the right to request an explanation or file an objection.
Users can request to view, correct, delete, suspend, or transfer their data at any time through written request or email. CTR will respond within 10 days of receipt.
CTR has designated a privacy officer to handle overall personal data management, user complaints, and damage relief.
Users can direct inquiries, complaints, or damage claims to the privacy officer. CTR will respond promptly.
| Privacy Officer | Privacy Manager |
|---|---|
| Name: Donghwan Yang | Name: Dong-eon Kim |
| Department : Information Security Team | Department : Information Security Team |
| Position : CISO/CPO | Position : Manager |
| E-mail : donghwan.yang@ctr.co.kr | E-mail : dongeon.kim@ctr.co.kr |
Users can inquire about damage relief and consultation for personal information infringement to the following organizations.
The organizations below are independent from CTR. If you are not satisfied with the results of personal information complaint handling and damage relief by CTR, or if you need more detailed help, please contact us.
1. Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
- Homepage : privacy.kisa.or.kr
- Phone : (without area code) 118
- Address: (138-950) Korea Internet & Security Agency Personal Information Infringement Report Center, 135 Jungdae-ro, Songpa-gu, Seoul
2. Personal Information Dispute Mediation Committee (operated by Korea Internet & Security Agency)
- Jurisdiction: personal information dispute mediation application, collective dispute mediation (civil settlement)
- Homepage : privacy.kisa.or.kr
- Phone : (without area code) 118
- Address : (138-950) Korea Internet & Security Agency Personal Information Infringement Report Center, 135 Jungdae-ro, Songpa-gu, Seoul
3. Supreme Prosecutor's Office Cybercrime Investigation Team : 02-3480-3573 (www.spo.go.kr)
4. National Police Agency Cyber Terror Response Center : 1566-0112 (www.netan.go.kr)
This policy is effective from the date of implementation. Any additions, deletions, or changes due to legal or policy updates will be announced at least 7 days in advance.
Announcement Date: April 1, 2025
Effective Date: April 8, 2025
Version: REV04
