Privacy Policy


NETAND Privacy Policy
NETAND Co., Ltd. (hereinafter referred to as the “Company”) has the following processing policies to protect users' personal information and rights and interests in accordance with the Personal Information Protection Act and to smoothly handle user complaints related to personal information. When the “Company” revises the personal information processing policy, it will be notified through website notice (or individual notice).
* This policy will take effect from October 10, 2018.
1. Purpose of processing personal information
The “company” processes personal information for the following purposes. The processed personal information is not used for purposes other than the following purposes, and prior consent will be sought when the purpose of use is changed.
a. Using the website
- In case of various inquiries and requests, personal information is processed for the purpose of self-authentication according to the enforcement of the limited identity verification system.
b. Civil affairs processing
- Personal information is processed for the purpose of notification of processing results.
c. Provision of goods or services
- Personal information is processed for the purpose of providing services, providing contents, and authenticating users.
2. The purpose of processing personal information files registered and disclosed in accordance with act32 of the Personal Information Protection law is as follows.
-Personal information items: service use records, access logs, cookies, access IP information
-Collection method: Collection through generated information collection tool
-Basis for retention: Identity verification for service use
-Retention period: 3 years
-Related laws: Records on collection/processing and use of credit information: 3 years
3. Processing and retention period of personal information
① The “Company” processes and retains personal information within the period of retention and use of personal information in accordance with laws or the period of retention and use of personal information agreed upon when collecting personal information from the information subject.
-Personal information items: service use records, access logs, cookies, access IP information
② Each personal information processing and retention period is as follows.
-Basis for retention: User authentication for service
-Related laws: Records on collection/processing and use of credit information: 3 years
4. Rights and obligations of the information subject and legal representative and how to exercise the user as a personal information subject, the user can exercise the following rights.
① The information subject can exercise the right to view, correct, delete, and stop processing personal information at any time with respect to the “company”.
② The exercise of the rights pursuant to Paragraph 1 may be performed by writing, e-mail, fax, etc. in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act for the “Company”, and the “Company” will take action without delay.
③ The exercise of rights pursuant to Paragraph 1 can be done through the legal representative of the information subject or through an agent such as a person who has been delegated. In this case, you must submit a power of attorney in accordance with the form of Attachment 11 of the Enforcement Regulations of the Personal Information Protection Act.
④ The rights of the information subject may be restricted according to Article 35 (5) and Article 37 (2) of the Personal Information Protection Act for requests to view and suspend personal information.
⑤ Request for correction and deletion of personal information cannot be requested if the personal information is specified as the object of collection in other laws.
⑥ The “Company” verifies whether the person who made the request for access according to the rights of the information subject, request for correction or deletion, or request for access to the request for suspension of processing is the person or a legitimate agent.
5. Create items of personal information to be processed>
The “company” processes the following personal information items.
-Required items: service use record, access log, cookie, access IP information
6. Destruction of personal information
In principle, the ”Company” destroys the personal information without delay when the purpose of processing personal information is achieved. The procedure, deadline and method of destruction are as follows.
① Destruction procedure
The information entered by the user is transferred to a separate DB after the purpose is achieved and stored for a certain period of time or immediately destroyed in accordance with internal policies and other related laws. At this time, the personal information transferred to the DB is not used for other purposes unless it is required by law.
② Deadline for destruction
The personal information of users shall be within 5 days from the end of the retention period, if the retention period of personal information has elapsed, and when the personal information becomes unnecessary, such as achieving the purpose of processing personal information, abolition of the service, termination of business, etc. The personal information will be destroyed within 5 days from the date it is recognized as unnecessary to process.
③ Destruction method
Information in the form of electronic files uses a technical method that cannot reproduce the record.
7. Personal information protection manager>
① The “Company” is responsible for the handling of personal information, and has designated the person in charge of personal information protection as follows for handling complaints and remedies for damages related to personal information processing.
▶ Personal Information Protection Officer
-Name: Jin-Hyeok Choi
-Position: Vice-President
-Contact: 02-2661-1410
② The information subject may inquire to the person in charge of personal information protection and the department in charge of all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the service (or business) of the “Company”.
The “Company” will respond and handle inquiries from the information subject without delay.
8. Change of personal information processing policy
This personal information processing policy is applied from the effective date, and if there is any addition, deletion, or correction of changes in accordance with laws and policies, we will notify you through the notice from 7 days before the enforcement of the changes.
9. Measures to ensure the safety of personal information
In accordance with Article 29 of the Personal Information Protection Act, the “Company” takes technical/administrative and physical measures necessary to ensure safety as follows.
① Conduct regular self-audit
We conduct our own audits on a regular basis (quarterly) to ensure the safety of handling personal information.
② Minimization and training of employees handling personal information
We are implementing measures to manage personal information by designating employees who handle personal information and minimizing them by limiting them to the person in charge.
③ Establishment and implementation of an internal management plan
We have established and implemented an internal management plan for safe handling of personal information.
④ Technical measures against hacking, etc.
The “Company” installs a security program to prevent leakage and damage of personal information by hacking or computer viruses, periodically updates and checks, installs a system in an area where access from outside is controlled, and monitors and blocks technical/physical side.
⑤ Encryption of personal information
User's personal information is encrypted and stored and managed, so only the owner can know it, and important data is using separate security functions such as encrypting files and transmission data or using a file lock function.
⑥ Storage of access records and prevention of forgery
The records of access to the personal information processing system are stored and managed for at least 6 months, and security functions are used to prevent forgery, theft, and loss of access records.
⑦ Restriction of access to personal information
We are taking necessary measures to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and we use an intrusion prevention system to control unauthorized access from outside.
⑧ Use of locking device for document security
Documents containing personal information and auxiliary storage media are stored in a safe place with a lock.
⑨ Access control for unauthorized persons
A separate physical storage place where personal information is stored is established and access control procedures are established and operated.
10. Matters concerning the installation, operation and rejection of automatic personal information collection devices
“Company” does not use “cookies” that store and retrieve information about the subject's use from time to time.