All personal information handled by GitiScience (hereinafter referred to as "Company") is collected, held and processed in accordance with the related laws or with the consent of the information subject.
This policy takes effect on October 23, 2017.
1. Purpose of processing personal information
The Company will not use personal information for purposes other than the following purposes, and if the purpose of use is changed, it will be processed with consent.
1. Service provided
Personal information is processed for the purpose of providing services such as identity verification, certificate issuance (education certificate), national domain registration, spam complaint, social security number theft complaint handling, and overseas consultation.
2. Complaint processing
Personal information is processed for the purpose of handling civil complaints such as viewing personal information, correcting and deleting personal information, requesting suspension of personal information processing, reporting personal information leakage incidents, receiving and processing personal information infringement reports, handling complaints of spam, and reporting hacking.
2. Processing and retention period of personal information
The company processes and retains personal information based on the law or within the consent of the information subject.
Processing and Retention during the term of the GT Science Service.
3. Third party provision of personal information
Personal information collected and held by the Company will not be provided to third parties without the consent of the user.In the following cases, personal information may be provided to third parties.
1.In case of separate consent from the information subject
2. Where there are special provisions in the law or it is inevitable to comply with statutory obligations;
3. If the information subject or his / her legal representative is in a state where he / she cannot express his / her opinion or cannot obtain prior consent due to an unknown address, etc., it is clearly necessary for the immediate life, body and property of the information subject or third party. If accepted
4. When personal information is provided in a form that does not recognize a specific individual as necessary for the purpose of statistical writing and academic research, etc.
If the company provides personal information to a third party, we will inform the subject of the following items and obtain consent.
The name of the recipient (or name if it is a corporation or organization) and contact information
Purpose of using personal information of recipients, items of personal information provided
Period of possession and use of personal information of the person receiving the personal information
The fact that you have the right to refuse consent and, if there is a disadvantage resulting from your refusal,
4. Consignment of personal information processing
In principle, the Company will not entrust the processing of such personal information to others without the consent of the user. However, if the company entrusts the processing of personal information to a third party, it shall entrust it in accordance with Article 26 of the Personal Information Protection Act (Restriction on the processing of personal information in accordance with entrusted business). We will post the consignment contents and trustees on the company homepage.
1. Matters concerning the prohibition of the processing of personal information for the purpose of performing commissioned business;
2. Matters concerning the technical and administrative protection measures of personal information;
3. Other matters prescribed by Presidential Decree for the safe management of personal information:
Purpose and scope of consignment service
Matters Restrictions on Reassignment
Matters concerning safety measures, such as restriction of access to personal information
Matters concerning supervision, such as inspection of the management status of personal information held in connection with the consignment service
Matters concerning liability for damages, etc. in case of breach of the obligations of the trustee under Article 26 (2) of the Act;
5. Rights, duties and exercise of information subjects
As a data subject, you can exercise the following rights.
1. Request for viewing of personal information: Personal information files held by the Company may be requested to be viewed in accordance with Article 35 (Inspection of Personal Information) of the Personal Information Protection Act. However, the request for access to personal information may be restricted as follows under Article 35 (5) of the Personal Information Protection Act:
end. When viewing is prohibited or restricted by law
I. When there is a risk of harming another person's life or body or unjustly infringing another's property or other interests
All. In case of causing serious obstacles when performing any of the following tasks
On-going evaluation or judgment on compensation and benefit calculation
Ongoing audits and investigations under other laws
2. Request for correction and deletion of personal information: Personal information files held by the company may be required to correct or delete personal information in accordance with Article 36 (Personal Information Correction and Deletion) of the Personal Information Protection Act. However, if the personal information is specified for collection in other legislation, the deletion cannot be requested.
3. Request for suspension of processing of personal information: For personal information files held by the company, the Company may request the suspension of processing of personal information in accordance with Article 37 (Stop Processing of Personal Information, etc.) of the Personal Information Protection Act. In addition, legal representatives of children under the age of 14 may request the Company to view, correct, delete or suspend processing of their personal information. However, the request for suspension of processing of personal information may be rejected under Article 37 (2) of the Personal Information Protection Act.
end. When a law has special provisions or is inevitable to comply with statutory obligations
I. When there is a risk of harming another person's life or body or unjustly infringing another's property or other interests
All. If a public institution does not process personal information, it cannot perform its duties under other laws
la. When the personal information is not processed, it is difficult to fulfill the contract, such as failing to provide the service with the information subject, and the information subject does not clearly indicate the intention to terminate the contract.
4. The Company shall notify the Company of the relevant matters within 10 days for the request to view, correct, delete or stop the processing of personal information. Requests for viewing, correction, deletion, and suspension of personal information can be made through the relevant department. The request form is shown in [Appendix 1].
5. The exercise of rights under the above items can be done through the legal representative of the data subject or the representative. In this case, you must submit a power of attorney according to form [Annex 2].
6. Personal information items processed
The Company collects and retains personal information only with the provisions of laws and the consent of the information subject. The main personal information files collected and held by the Company in accordance with the provisions of the law are as follows.
7. Destruction of Personal Information
In principle, the company will destroy the personal information without delay if the retention period of the personal information has passed or the purpose of processing has been achieved. However, this is not the case when it must be preserved under other laws. The procedures, deadlines and methods of destruction are as follows:
1. Destruction procedure
The information entered by the user shall be destroyed in accordance with internal policies and related laws after the retention period has elapsed or the purpose of processing has been achieved.
The personal information of the user shall be within 5 days of the end of the retention period if the retention period of the personal information has elapsed, or from the date when the processing of the personal information is considered unnecessary when the personal information becomes unnecessary, for example, attaining the purpose of processing the personal information. Destroy that personal information within days.
3. How to destroy
When destroying personal information processed by the company, it shall be destroyed by the following method. In the form of an electronic file: permanently deleted in a way that cannot be restored. Records, prints, written or other recording media other than the form of an electronic file: shredding or incineration
8. Measures to ensure the safety of personal information
In accordance with Article 29 of the Personal Information Protection Act, the Company takes the technical, administrative and physical measures necessary to secure safety as follows.
1. Establishment and implementation of internal management plan
The Company establishes and implements an internal management plan ('14 .1.6) in accordance with 'Safety Measures for Personal Information' (2011-43).
2. Minimization and training of personal information handler designation
We minimize the designation of personal information handlers and conduct regular training.
3. Restricting Access to Personal Information
Access to personal information is controlled by granting, modifying and erasing access to the database system that handles personal information, and controlling unauthorized access from outside by using intrusion prevention system and intrusion prevention system. When accessing a personal information processing system through a self-information communication network, we use a virtual private network (VPN). We also record any authorizations, changes, or terminations and keep them for at least three years.
4. Storage of access records and prevention of forgery and alteration
We maintain and manage records (web logs, summary information, etc.) that have been accessed to the personal information processing system for at least six months, and prevent access records from being forged, stolen or lost.
5. Encryption of Personal Information
Your personal information is encrypted and stored and managed. In addition, we use a separate security function, such as encrypting sensitive data for storage and transmission.
6. Technical measures against hacking
The Company installs security programs, periodically updates and checks the system, and installs the system in areas where access is controlled from outside and protects and technically and physically prevents the leakage and damage of personal information caused by hacking or computer viruses.
7. Controlling Access to Unauthorized Persons
We have set up a separate physical storage area for personal information system that stores personal information, and have established and operated access control procedures.
9. Personal Information Protection Officer
If you have any questions related to personal information protection or inquiries regarding personal information infringement, please contact us using the Personal Information Infringement Report Center operated by the Korea Internet & Security Agency.
* Telephone 118 (ARS ext. 2) without phone number, e-mail inquiry firstname.lastname@example.org
Please contact the following to process matters related to personal information held by the company.
Responsible department: CEO
Name: Kang Yeon Kyun
Department in charge: Marketing Team
Name: Hyun Gon Kim
11. Infringement Remedies
The information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Korea Internet Security Agency's Personal Information Infringement Report Center in order to obtain relief from personal information infringement. In addition, please contact the following organizations for notification and consultation of other personal information infringement.
Personal Information Infringement Report Center
1. Personal Information Dispute Mediation Committee: (without station number) 118 (extension number 2)
2. Supreme Prosecutors' Office Cyber Crime Investigation Division: 02-3480-3571 (http://www.spo.go.kr)
3. National Police Agency Cyber Terror Response Center: 1566-0112 (http://www.netan.go.kr)
The head of a public agency shall respond to the requests under the provisions of Articles 35 (access of personal information), 36 (correction and deletion of personal information), and 37 (suspension of processing of personal information). A person who has been infringed on his or her rights or interests due to a disposition or omission may request an administrative trial as prescribed by the Administrative Tribunal Law.
※ Please refer to the homepage of the Legal Affairs Office (http://www.moleg.go.kr) for details on administrative trial.