DK Lab Co., Ltd. (hereinafter referred to as "the Company") establishes this Privacy Policy in accordance with the Personal Information Protection Act to protect the personal information of users and their rights, and to smoothly address user complaints related to personal information. The Company will announce any amendments to this Privacy Policy through website notices (or individual notifications).
○ This policy is effective from September 9, 2024.
1. Purpose of Processing Personal Information
The Company processes personal information for the following purposes. Personal information will not be used for purposes other than those specified below, and prior consent will be sought in the event of any changes to the intended use.
Membership Registration and Management: To confirm the intent of membership registration, provide member-exclusive services, identify and authenticate members, maintain and manage membership status, implement restricted verification systems, prevent service misuse, and verify consent of legal representatives for users under 14 years of age.
Provision of Goods or Services: To provide services and customized content.
Marketing and Advertising: To develop new services/products, provide customized services, offer event and promotional opportunities, evaluate service effectiveness, analyze visit frequency, or generate service usage statistics.
2. Status of Personal Information Files
File Name: Website Personal Information File
Personal Information Items: Email, mobile phone number, password hints and answers, password, login ID, name, company phone number, position, department, company name, service usage records, access logs, cookies, IP address, legal guardian's name, home phone number, address, and mobile phone number.
Collection Methods: Website, written forms, phone/fax.
Retention Basis: User consent.
Retention Period: 3 years.
Relevant Laws:
Records related to the collection/processing/use of credit information: 3 years.
Records on display/advertisement: 6 months.
3. Processing and Retention Period of Personal Information
The Company retains and processes personal information within the period specified by law or agreed upon by users at the time of collection.
Retention and processing periods for specific purposes:
Membership Registration and Management: Information is retained for 3 years from the date of consent.
Retention Basis: User consent.
Relevant Laws:
Records related to the collection/processing/use of credit information: 3 years.
Exceptions: Upon user request.
4. Rights and Responsibilities of Users and Legal Representatives
Users have the right to request access, correction, deletion, or suspension of processing of their personal information at any time.
Users may exercise their rights by submitting a written request, email, or fax in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will respond without delay.
Legal representatives or authorized agents may exercise these rights on behalf of users by submitting a power of attorney in accordance with Form 11 of the Personal Information Protection Act.
Access or suspension requests may be restricted under Article 35, Paragraph 5, and Article 37, Paragraph 2 of the Personal Information Protection Act.
Correction and deletion requests cannot be made for personal information specified by other laws as mandatory collection items.
The Company verifies the identity of users or their representatives when requests for access, correction, deletion, or suspension are made.
5. Items of Personal Information Processed
Membership Registration and Management:
Required Items: Email, mobile phone number, password hints and answers, password, login ID, name, company phone number, position, department, company name, service usage records, access logs, cookies, IP address.
Optional Items: Legal guardian's name, home phone number, address, and mobile phone number.
6. Destruction of Personal Information
The Company destroys personal information without delay once the processing purpose is achieved. Destruction procedures, timelines, and methods are as follows:
Destruction Procedure: Information entered by users is moved to a separate database (or separate storage for paper records) after achieving its purpose and retained for a certain period as per internal policies or legal requirements, after which it is destroyed. Personal information in the database is not used for other purposes unless required by law.
Destruction Timeline: Personal information is destroyed within 5 days after the retention period expires or is deemed unnecessary (e.g., upon service discontinuation).
Destruction Method: Electronic files are deleted using technical methods that make the data irretrievable. Paper records are shredded or incinerated.
7. Installation, Operation, and Rejection of Automatic Data Collection Devices
The Company uses cookies to provide customized services by storing and retrieving user information.
Cookies are small text files sent by a website's server to the user's computer and stored on the user's hard drive. They help optimize service by analyzing user preferences and usage patterns.
Purpose: To analyze usage patterns for service optimization.
Settings: Users can reject cookie storage via browser settings (Tools > Internet Options > Privacy).
Effects of Rejection: Users may experience difficulties with customized services.
8. Personal Information Protection Officer
The Company designates a Personal Information Protection Officer to oversee and ensure compliance with this policy.
Officer: Go Jung Seok
Position: CEO
Contact: 070-4354-0782, mjsk@dklab.kr
For inquiries or complaints regarding personal information, users can contact the protection officer or department in charge.
9. Amendments to Privacy Policy
This policy is effective from the date of implementation. Changes will be notified at least 7 days before taking effect.
10. Measures to Ensure Security
The Company implements the following measures to ensure the security of personal information:
Regular Internal Audits
To ensure the security of personal information handling, the Company conducts regular internal audits (quarterly).
Minimization and Training of Personnel Handling Personal Information
Personal information handling is limited to designated personnel, and the Company provides training to these individuals to enhance security measures.
Establishment and Implementation of Internal Management Plans
The Company establishes and implements internal management plans to process personal information securely.
Technical Measures Against Hacking and Cyber Threats
To prevent personal information from being leaked or damaged by hacking or computer viruses, the Company installs security programs, updates and inspects them regularly, and installs systems in areas with restricted external access to monitor and block unauthorized access.
Encryption of Personal Information
User passwords are encrypted for storage and management, allowing access only to the user. Additionally, sensitive data is encrypted or stored using separate security measures, such as file locking.
Retention and Prevention of Tampering of Access Logs
The Company stores access logs to personal information systems for at least six months and implements security measures to prevent tampering, theft, or loss.
Access Control for Personal Information
Access to personal information databases is controlled through authorization changes, and unauthorized external access is blocked using firewalls and intrusion prevention systems.
Locking Devices for Document Security
Documents and storage media containing personal information are stored securely in locked facilities.
Restriction of Access to Physical Storage Locations
Physical storage locations for personal information are secured with restricted access protocols.