Personal Information Handling Policy

The Company highly values Users’ personal information and complies with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. and other applicable laws and regulations. By this Personal Information Handling Policy, the Company informs you of for what purpose and in what way we use the personal information provided by you and what measures we take to protect your personal information.

1. Purpose of Collection and Utilization of Personal Information

Management : member management, identification, communication, improvement of existing services, to detect and deter unauthorized or fraudulent use of or abuse of the Service and complaint handling.
Development of Service : new service development, provision of various services, inquiry, delivery of notifications, analysis of log-in record and subscription path.

2. Personal Information Collected

The following minimum personal information is collected when the user signs up for the service or while the user uses the Services, through the home page, individual applications and programs, and etc.

Required
1. Profile name, password : Member management and identification.
2. Email : Identification, Communication, Improvement of existing services.
3. IP Address : To detect and deter unauthorized or fraudulent use of or abuse of the Service.
Optional
1. Additional information which needs to be collected to provide more specialized services.

3. Personal Information Storage and Utilization Period

The Company will keep and utilize Users’ personal information until the Company achieves the foregoing Purpose of Collection and Utilization of Personal Information.

4. Rights and Obligations of users or its Legal Representative and How to Exercise Thereof

The User who has perused his/her personal information may request the Company for its correction or removal if it is not correct or identifiable; provided, however, that such information shall not be removed if collection of such information is required by other laws or regulations.
If the Company corrects or removes the personal information, it shall inform the User thereof, or if the Company does not comply with the request for removal, it shall inform the User of the fact, the reason therefor and how to raise an objection thereto, within ten (10) days from the receipt of the request for correction or removal under Paragraph (a) from the User.
The User may request the Company to stop handling his/her personal information; provided, however, that in any of the following cases or if there is other justifiable reason, the Company may inform the User of such reason and refuse to comply with such request:
1. In case where there are specific law provisions or it is unavoidable to comply with statutory obligations;
2. In case where another person’s life or body is threatened to be hurt or another person’s property and other interests are threatened to be unfairly infringed; or
3. In case where it is difficult for the Company to execute the agreement such as that the Company is unable to provide the services agreed with the User if the Company does not handle personal information and the User does not expressly notify his/her intention to terminate the agreement.
If the Company takes a measure to stop handling of personal information, it shall inform the User of such measure, and if the Company fails to comply with such request for stop handling personal information, it shall inform the User of the fact, the reason therefor and how to raise an objection thereto, within ten (10) days from the receipt of such request under Paragraph (c) from the User.

5. Method and Procedure for Destruction of Personal Information

The Company shall, in principle, destroy personal information in accordance with the following method and procedure for destruction of personal information.

Destruction Procedure
After the foregoing Purpose of Collection and Utilization of Personal Information is achieved, Users’ information shall be transferred to a separate database and destroyed after being kept based on the information protection reasons under internal policies and other applicable laws and regulations.
The personal information transferred to the separate database shall not be used for any purpose other than the storage unless otherwise required by law.
Destruction Method
Electronically stored personal information shall be destroyed by a technical method which makes it impossible to reproduce the personal information.
Printed personal information shall be shredded by a paper shredder or destroyed by incineration.
Exception
The following information is destroyed after being kept for one year from the date of the user’s improper usage of the service.
- Improper usage records

6. Measures to Secure Safety of Personal Information

The Company takes the following technical, managerial and physical measures necessary to secure safety of personal information:

Establishment and Implementation of Internal Management Plan
The Company establishes and implements an internal management plan for safe handling of personal information.
Control of Access and Authority to Access
The Company takes measures necessary to control access to Users’ personal information by granting, modifying and removing the authority to access the database system which handles Users’ personal information, and prevent unauthorized access from outside by employing an intrusion prevention system. In addition, the Company manages Users’ personal information by designating an employee who is in charge of the handling of Users’ personal information and minimizing the relevant personnel.
Maintenance of Access Records and Prevention of Forgery and Falsification
The Company keeps and manages the records of access to the personal information handling system which handles Users’ personal information for not short than six (6) months and employs security functions to prevent forgery, falsification, theft and loss of the access records.
Installation and Operation of Security Programs
The Company installs and regularly renews and examines security programs in order to prevent leak of and damage to Users’ personal information by hacking or computer viruses, etc., installs systems in an area to which access from outside is controlled and conducts technical/physical monitoring and blocking.
Physical Access Prevention
The Company keeps the documents and ancillary storage media containing Users’ personal information in a safe place which has locking devices.

7. Provision of Personal Information to Third Parties

The Company shall not, in principle, disclose Users’ personal information to outside parties except for the following cases:

In case where the User agrees in advance; or
In case where it is required by law or requested by an investigative institution in accordance with the procedure and method prescribed by laws and regulations.

8. Delegation of Handling of Collected Personal Information

The Company delegates handling of Users’ personal information to an outside company specializing in such business as follows:

- Company name:
- Delegation period: Personal information will be destroyed immediately after [ (*)] days have passed since the termination of this Agreement

9. Amendment of Personal Information Handling Policy

If the Company amends this Personal Information Handling Policy, the Company shall continue to disclose the amendment date, effective date and the amended contents.

10. Person and Department in Charge of Personal Information Management and Protection

The following person is in charge of the personal information management and protection in the Company:

- Person in charge of personal information management and protection:

Matamorp Privacy policy