Wonil
Food (hereinafter the “Company”) has established the following privacy policy
in accordance with the Personal Information Protection Act to protect and
ensure the privacy and rights of users and to smoothly handle user complaints
related to personal information. In the event of any revisions to this Privacy
Policy, the Company shall notify users through a notice via its website (or
individual notice).
This
policy is effective as of January 1, 2021.
1.
Purpose of Processing Personal Information
The
Company processes personal information for the following purposes. Processed
personal information will not be used for purposes other than the following,
and in the event of a change in the purpose of use, prior consent will be
sought.
A. Membership
registration and management on the website
In its
provision of membership services, the Company processes personal information
for the purpose of self-verification and authentication, self-identification
due to limited enforcement of the Self-Identification System, and prevention of
misuse of services.
B. HHandling
of complaints
Personal
information is processed for the purpose of confirming the identity of the
complainant, verifying the details of the complaint, contacting and notifying
for fact-finding, and informing the results of processing.
C. Provision
of goods or services
Personal
information is processed for the purpose of providing services.
D. Utilization
in marketing and advertising
Personal
information is processed for the purpose of confirming the effectiveness of
services, understanding the frequency of access, or conducting statistics on
members’ use of services.
2. Status
of Personal Information Files
(1)
Personal Information File Name: Personal Information
Personal
Information Items: Email, mobile phone number, company phone number, position,
department, company name, access logs, access IP information, legal representative’s
name
Collection
Method: Website
Legal
Basis for Retention: Consent for the collection of personal information
Retention
Period: 3 years
Relevant
Laws and Regulations: Record of collecting/processing and using credit
information: 3 years, Record of handling consumer complaints or disputes: 3
years, Record of contracts or withdrawal of subscriptions: 5 years
3.
Processing and Retention Period of Personal Information
(1)
The Company processes and retains personal information for the retention and
usage period as required by law or as consented by the information subject at
the time of the collection of his/her personal information.
(2)
The processing and retention periods for personal information are as follows:
<Handling
of Complaints>
Personal
information related to the <handling of complaints> is retained and used up
to <3 years> from the date of consent for the collection and usage of
personal information.
Basis
for Retention: Consent for the collection of personal information
Relevant
Laws and Regulations:
1)
Record of handling consumer complaints or disputes: 3 years
2)
Record of contracts or withdrawal of subscriptions: 5 years
Exception:
4. Matters
Regarding Provision of Personal Information to Third Parties
(1)
The Company provides personal information to third parties only when there is
consent from the information subject or when there are special provisions in
the law, as stipulated in Articles 17 and 18 of the Personal Information
Protection Act.
(2)
The Company provides personal information to the following third party:
1.
Company
Recipient
of Personal Information: Company
Purpose
of Use by the Recipient: Email, mobile phone number, gender, date of birth,
name, company phone number, position, department, company name,
name and mobile
phone number of legal representative
Retention
and Usage Period by the Recipient: 3 years
5. Rights, Obligations, and Exercise Methods of Information Subjects and
Legal Representatives
As an
information subject, users may exercise the following rights.
(1) An
information subject may exercise the right to access, correct, delete, and
request the cessation of processing of personal information against the
Company.
(2)
The exercise of rights under Paragraph (1) may be done in writing, by e-mail, fax,
etc., in accordance with Article 41(1) of the Enforcement Decree of the
Personal Information Protection Act, and the Company will promptly take
measures accordingly.
(3)
The exercise of rights under Paragraph (1) may also be done through a legal
representative or a delegated person. In this case, a power of attorney
according to the format specified in Annex 11 of the Enforcement Rules of the
Personal Information Protection Act must be submitted.
(4) An
information subject’s right to access and request the cessation of processing
may be restricted under Articles 35(5) and 37(2) of the Personal Information
Protection Act.
(5) In
the case of personal information explicitly stated as subjects of collection
under other laws, requests for deletion of such information may not be made.
(6)
The Company verifies whether the requester of access, correction, deletion, or
cessation of processing is the individual concerned or a legitimate representative
when such requests are made.
6. Items of Processed Personal Information
(1)
The Company processes the following personal information:
<Handling
of Customer Complaints>
Required
Items: Email, mobile phone number, company phone number, position, department,
company name, legal representative’s name and mobile phone number
-
Optional Items:
7.
Destruction of Personal Information
The
Company, in principle, destroys personal information without delay once the
purpose of processing is achieved. The procedures, periods, and methods for
destruction are as follows:
-
Destruction Procedure
Information
provided by users is transferred to a separate database (or paper documents are
stored separately) after the purpose is achieved, being stored for a certain
period according to internal policies and other relevant laws and regulations or
destroyed immediately. The transferred personal information is not used for any
other purpose unless required by law.
-
Destruction Period
Once
the retention period has expired, the personal information is destroyed within
5 days from the end of the retention period. If the personal information
becomes unnecessary due to the achievement of the processing purpose, discontinuation
of services, or termination of the business, the information is destroyed
within 5 days from the date on which it is considered unnecessary.
-
Destruction Method
Electronic
files are destroyed using technology that makes data recovery impossible.
8.
Information on the Installation, Operation, and Rejection of Automatic
Collection Devices for Personal Information
The Company does not use “cookies” which store and retrieve user
information periodically, on its website.
9. Personal Information
Protection Manager
(1) The Company is
responsible for overseeing personal information processing and has designated a
personal information protection manager to handle complaints, remedies, and
other matters related to personal information processing by information subjects,
as follows:
▶ Personal Information Protection Manager
Name:
Title:
Position:
Contact Information:
(2) If
an information subject has any inquiries, complaints, or requests for remedies
related to personal information protection arising from his/her use of the
Company’s services (or business), he/she may contact the personal information
protection manager and the relevant department. The Company will respond
promptly to inquiries from information subjects and handle them accordingly.
10.
Changes to the Privacy Policy
(1)
This privacy policy takes effect from the date of enforcement, and in the event
of additions, deletions, or modifications in accordance with laws and policies,
the changes will be notified 7 days prior to the enforcement of the revised
content.
11.
Measures to Ensure the Security of Personal Information
In
accordance with Article29 of the Personal Information Protection Act, the
Company takes technical, managerial, and physical measures to ensure the
security of personal information as follows:
a. Minimization and Education of Personnel
Handling Personal Information
We
designate specific personnel to handle personal information and limit access to
designated individuals to minimize and manage the handling of personal
information.
b.
Technical Measures to Prepare for Hacking
To
prevent leakage and damage of personal information due to hacking, computer
viruses, etc., the Company installs security programs, conducts regular updates
and checks, and establishes systems in areas with controlled access, monitoring
and blocking access both technically and physically.
c.
Encryption of Personal Information
User
passwords are encrypted for storage and management, ensuring that only the
individual knows the information. For critical data, the Company uses
additional security features such as encryption of files and transmitted data
or file locking.
d.
Retention of Access Logs and Prevention of Tampering
The
Company retains and manages access logs to the personal information processing
system for a minimum of 6 months, and security features are employed to prevent
tampering, theft, or loss of access logs.
e.
Access Control for Unauthorized Persons
The
Company maintains a separate physical storage location for storing personal
information, in addition to establishing and operating access control
procedures for such storage location.