PRIVACY POLICY
OVIO Co., Ltd. (hereinafter referred to as the “Company”) is committed to protecting users’ personal information in accordance with the relevant laws and regulations, including the Act on Promotion of Information and Communications Network Utilization and Information Protection and the Personal Information Protection Act. To this end, the Company has established the following Privacy Policy.
Through this Privacy Policy, the Company informs users about the purposes and methods of collecting and using their personal information, as well as the measures taken to safeguard their personal information. As this Privacy Policy is subject to change due to amendments to relevant laws or modifications to the Company’s internal policies, users are encouraged to review the Privacy Policy regularly when visiting the Company’s website.
Through this Privacy Policy, the Company informs users about the purposes and methods of collecting and using their personal information, as well as the measures taken to safeguard their personal information. As this Privacy Policy is subject to change due to amendments to relevant laws or modifications to the Company’s internal policies, users are encouraged to review the Privacy Policy regularly when visiting the Company’s website.
-
Article 1Items and Purposes of Personal Information Processing
-
Article 2Processing and Retention Term of Personal Information
-
Article 3Destruction of Personal Information
-
Article 4Disclosure of Personal Information to Third Parties
-
Article 5Outsourcing of Personal Information Processing
-
Article 6Measures to Ensure the Security of Personal Information
-
Article 7Rights and Obligations of Information Subjects and Legal Representatives, and How to Exercise Them
-
Article 8Installation and Operation of Automatic Personal Information Collection Devices, such as Internet Access Logs, and the Right to Reject
-
Article 9Personal Information Protection Officer and Department for Handling Access Requests
-
Article 10Remedies for Infringement of Information Subject's Rights
-
Article 11Changes to the Privacy Policy
-
Article 1 Items and Purposes of Personal Information ProcessingThe Company processes personal information for the following purposes and does not use it for any other purposes.
-
Items Processed and Collected
When submitting an inquiry
- Required items: Company name, Personal name, Contact information, Email address -
Purposes of Processing
- To provide responses to business inquiries and secure a channel for seamless communication -
Collection Method
Collected when users fill in the company name, personal name, contact information, and email address through inquiry form
-
Items Processed and Collected
-
Article 2 Processing and Retention Term of Personal InformationThe Company destroys collected personal information without delay once the retention term, as notified to and agreed upon by the user, has expired. However, if it is necessary to retain personal information for a certain period due to regulations under relevant laws, such as the Commercial Act, Framework Act on National Taxes, and Act on the Consumer Protection in Electronic Commerce, the information will be retained for the period specified by those laws.Business inquiry response processing and record management
- Retention Period: 3 years -
Article 3 Destruction of Personal InformationUnless the retention of personal information is required by other applicable laws, the Company shall promptly destroy personal information when the retention period expires or when the processing purposes have been achieved and the information is no longer necessary.
-
Destruction Procedure
Personal information collected for service use is promptly destroyed once the intended purpose is achieved. However, if retention is required by internal policies or other applicable laws, the information will be transferred to a separate database (DB), stored for a designated period, and then destroyed. -
Destruction Method
Personal information printed on paper is destroyed by shredding or incineration. Personal information stored in electronic file format is deleted using technical methods that render the records irrecoverable.
-
Destruction Procedure
-
Article 4 Disclosure of Personal Information to Third PartiesThe Company never uses or provides users' personal information to third parties beyond the scope notified in the “2. Items and Purposes of Personal Information Processing” of this Privacy Policy, except when the user has given consent or when required by relevant laws and regulations.
However, the following cases are exceptions:- When required by relevant laws and regulations, or in cases where law enforcement agencies request personal information in accordance with legally established procedures and methods for investigative purposes;
- When necessary for billing and payment related to the delivery of services;
- When required for the fulfillment of a contract;
- When there is sufficient evidence to believe that disclosing the user's information is necessary to take legal action against another party causing mental or material harm;
- When personal information is processed into a form that cannot identify specific individuals and is provided to external organizations or agencies, etc. for statistical analysis, marketing research, or market surveys; and
- When personal information is necessary for the performance of a service contract, and it is significantly difficult to obtain conventional consent due to economic or technical reasons.
-
Article 5 Outsourcing of Personal Information ProcessingThe Company outsources certain personal information processing tasks to external professional service providers to fulfill the service requirements, as outlined below. When entering into outsourcing contracts, the Company ensures that necessary provisions are made to safeguard personal information and complies with relevant laws and regulations. The Company also monitors these arrangements to ensure compliance. If there are any changes in the content of the outsourced tasks or the service providers, the Company will promptly disclose the changes through this Privacy Policy.
-
Article 6 Measures to Ensure the Security of Personal Information
-
Technical Safeguards
- The Company has adopted a SSL security mechanism that can securely transmit personal information over the network.
- Authentication information (passwords) is stored in a way that prevents decryption, using one-way encryption. Additionally, encryption technology that meets the standards required by relevant laws is applied when storing or transmitting personal information, depending on the type of personal information.
- To protect against external intrusions such as hacking attempts, the Company installs and regularly updates security programs. It also uses network security products such as intrusion detection/prevention systems to prevent personal information breaches.
- The Company monitors unauthorized access to personal information and implements access control measures. Logs of access to personal information processing systems are retained for at least six months, and access control is enforced through account/permission management to prevent unauthorized access.
-
Managerial Safeguards
- Access to personal information is limited to the minimum number of personnel, and regular training is conducted for those handling personal information.
- In the event of personnel changes, such as transfers or retirements, the access rights to the personal information processing system are promptly updated or revoked.
- The Company has established internal procedures to prevent information leaks by employees in advance through non-disclosure agreements from all executives/employees and personal information handlers, and to monitor compliance with the personal information protection policy.
- The handover of duties for personal information handlers is conducted securely, ensuring that confidentiality is maintained. Clear responsibilities for personal information incidents are outlined both during employment and after departure.
-
Physical Safeguards
- Access to the IT room and personal information document storage areas is controlled to ensure the secure storage of personal information.
-
Technical Safeguards
-
Article 7 Rights and Obligations of Information Subjects and Legal Representatives, and How to Exercise ThemInformation subjects and their legal representatives may exercise the following personal information protection rights against the Company in accordance with the provisions of the Personal Information Protection Act and other applicable laws and regulations:
-
Right to Request Access to, Correction, or Deletion of Personal Information
Information subjects have the right to request access to, correction, or deletion of their personal information, or suspension of the processing of their personal information at any time. If an information subject wishes to access, correct, delete, or suspend the processing of their personal information, he/she may contact the personal information protection officer in writing, by phone, or via email, and the Company will take immediate action. -
Right to Withdraw Consent for the Collection, Use, and Provision of Personal Information
Information subjects have the right to withdraw their consent for the collection, use, provision, and storage of their personal information provided for service use. To withdraw consent, an information subject may contact the personal information protection officer in writing, by phone, or via email. After confirming the identity of the information subject, the necessary actions, including the deletion of personal information, will be taken. -
Right to Request Suspension of Personal Information Processing
Users and their legal representatives have the right to request the suspension of the processing of their own or the personal information of minor users at any time. To request the suspension of personal information processing, the information subject or legal representative can contact the Company’s personal information protection officer or designated staff in writing or via email, and the Company will take immediate action. However, the Company may continue processing personal information despite the request for suspension in accordance with relevant laws. In such cases, the Company will promptly inform the user or legal representative of the circumstances. The user or legal representative has the right to raise objections to the personal information protection officer or designated staff via written communication or email, etc.
-
Right to Request Access to, Correction, or Deletion of Personal Information
-
Article 8 Installation and Operation of Automatic Personal Information Collection Devices, such as Internet Access Logs, and the Right to RejectThe Company uses "cookies" to store and retrieve information about users from time to time. Cookies are text files sent from the server hosting the website to the user's browser, which are then stored on the user's computer's hard drive.
Users have the option to choose whether to accept the installation of cookies. They can set their web browser options to allow all cookies, prompt for confirmation each time a cookie is stored, or refuse to store any cookies. However, refusing cookies may result in difficulties in using the service.-
Installation, Operation, and Rejection of Cookies : Users can adjust their web browser settings to allow or block cookies, etc. through the following options:
- Edge: Settings menu at the top right of the browser > Cookies and site permissions > Manage and delete cookies and site data
- Chrome: Settings menu at the top right of the browser > Privacy and security > Cookies and other site data
-
Installation, Operation, and Rejection of Cookies : Users can adjust their web browser settings to allow or block cookies, etc. through the following options:
-
Article 9 Personal Information Protection Officer and Department for Handling Access RequestsThe Company has designated the following department and personal information management officer to protect customers' personal information and address any related concerns:
- Personal Information Management Officer : Lee Hyun-tak
- Phone Number : +82-31-357-7075
- Email : market@ovio.com
-
Article 10 Remedies for Infringement of Information Subject's RightsIf consultation regarding personal information is needed, the information subject can contact the following organizations:
- Personal Information Dispute Mediation Committee: (No area code) 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Reporting Center: (No area code) 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office Internet Crime Investigation Center: 02-3480 (www.icic.sppo.go.kr)
- Cyber Crime Investigation Bureau, National Police Agency: (No area code) 182 (ecrm.police.go.kr)
- Information Protection Mark Certification Committee: +82-2-580-0533-4 (www.eprivacy.or.kr)
-
Article 11 Changes to the Privacy PolicyThis Privacy Policy enters into effect on November 25, 2024.