SDR Co., Ltd. (hereinafter referred to as "the Company") values your personal information and complies with the "Act on Promotion of Information and Communications Network Utilization and Information Protection."
Through this privacy policy, the Company informs you of the purposes and methods of using the personal information you provide, as well as the measures taken to protect your personal information.
If there are any changes to this policy, the Company will announce it through the website notice (or individual notice).
1. Collection Items and Methods of Personal Information
(1) Collection Items
ID, password, nickname, phone number, email
(2) Collection Methods
Website (membership registration), telephone and online counseling through customer center, participation in prize events
2. Purposes and Usage of Personal Information
The Company utilizes the collected personal information for the following purposes:
(1) Contract fulfillment and fee settlement related to service provision
Providing content, purchasing and fee payment, reservation/guidance for service provision
(2) Member management
Verification for membership service usage, personal identification, prevention of misuse by malicious members and unauthorized use, complaint handling, notification of important matters
(3) Utilization in marketing and advertising
Advertising information delivery for new services (products) development and specialization, events, etc., providing services and advertising based on demographic characteristics, statistical analysis of access frequency, or statistics on member service usage
3. Retention and Use Period of Personal Information
Generally, your personal information will be promptly discarded after achieving the purpose of collecting or providing, as specified in the privacy policy. However, in cases where preservation is necessary under related laws, the Company retains member information for a specified period.
4. Procedure and Method of Personal Information Disposal
(1) Disposal Procedure
Information you provided for membership registration will be transferred to a separate database (or paper documents) after the purpose is achieved, and it will be stored for a certain period based on internal policies and related laws (refer to retention and use period). After that, it will be promptly disposed.
(2) Disposal Method
Personal information printed on paper will be shredded or incinerated.
Personal information stored in electronic file format will be deleted using a method that cannot reproduce the record.
5. Provision of Personal Information to Third Parties
The company does not use or provide your personal information for purposes other than those related to the services provided by the company. However, there may be cases where personal information is provided without your consent in accordance with the regulations of related laws. Please be aware of the following cases:
When the user has disclosed or agreed to the third-party provision in advance.
When there is a request from investigative agencies through the procedures and methods prescribed by law for investigation purposes, in accordance with relevant laws and regulations.
6. Handling of Personal Information Outsourcing
The company may, for the improvement of services, collect, handle, and manage your personal information by outsourcing it to external entities, obtaining necessary consent and meeting legal requirements. The company is currently outsourcing the following tasks related to personal information processing, and the outsourcing contracts include provisions to ensure the secure management of personal information in accordance with relevant laws.
Outsourced Entity: Emtoonet Co., Ltd.
Outsourcing Scope: Electronic payment processing
The company does not use your personal information for purposes other than the internet services provided by the company, and it does not provide your personal information to third parties without your consent. In cases where provision to third parties is necessary, you will be informed and asked for separate consent. However, exceptions apply in the following cases:
(1) When it is deemed necessary to disclose personal information to take legal action against individuals who have violated the company's terms of service or engaged in illegal activities causing harm to others or damaging public morals.
(2) When there is a request from investigative agencies through the procedures and methods prescribed by law for investigation purposes.
(3) When it is unavoidable to provide information for the provision of "paid services" purchased by the user.
(4) In cases such as statistical analysis, academic research, market research, and sending informational and notice emails, where information is provided in a form that cannot identify specific individuals to achieve the intended purpose.
7. Responsibility for Linked Sites
The company may provide links to websites or materials of other companies. In such cases, the company has no control over external sites and materials, so it cannot be held responsible or guarantee the usefulness of the services or materials obtained from them. If you click on links included by the company and move to pages of other sites, please review the privacy policy of the visited site, as it is unrelated to the company.
8. Rights and Methods of Users and Legal Representatives
(1) Users and legal representatives can access or modify their registered personal information at any time and request termination.
(2) For accessing or modifying personal information, click on 'Change Personal Information' or 'Modify Membership Information.' To request termination, click on "Withdrawal" after going through the identity verification process.
(3) Alternatively, contact the personal information management officer in writing or by phone, and prompt action will be taken.
(4) If you request the correction of personal information errors, the information will not be used or provided until the correction is complete.
(5) Personal information that has been terminated or deleted at the request of the user will be processed in accordance with the "Retention and Use Period of Personal Information" specified by the company and will not be used or accessed for purposes other than the designated purpose.
9. Installation, Operation, and Rejection of Personal Information Automatic Collection Devices
The company operates cookies and similar devices to continuously store and retrieve your information. Cookies are very small text files sent by a website to your computer browser and stored on your computer's hard drive. The company uses cookies for the following purposes:
(1) Purposes of using cookies:
Analyzing the frequency and visit time of Icon members and non-members.
Understanding the preferences and areas of interest of users and tracking their activities.
Targeted marketing and providing personalized services based on event participation, visit frequency, etc.
You have the option to refuse the installation of cookies. Therefore, you can choose to allow all cookies, confirm each time a cookie is stored, or refuse all cookies by setting the options in your web browser.
10. Technical/Managerial Measures for Personal Information Protection
The company takes technical and managerial measures to ensure the security of user personal information, preventing loss, theft, leakage, alteration, or damage:
(1) Encryption of Personal Information:
User passwords are stored and managed using one-way encryption, and confirmation and modification of personal information are possible only by the user who knows the password.
Sensitive personal information, such as resident registration numbers, foreigner registration numbers (within the scope required by customs procedures), and bank account numbers, is encrypted using secure encryption algorithms.
(2) Measures Against Hacking:
The company operates intrusion detection and prevention systems 24 hours a day to prevent the leakage of user personal information due to hacking.
All intrusion detection and prevention systems are configured in duplicate to prepare for emergencies. Sensitive personal information is transmitted securely over the network through encrypted communication.
(3) Minimization and Education of Personal Information Handlers:
The company restricts the number of individuals handling personal information to a minimum and raises awareness of the importance of personal information protection through educational measures.
11. Complaint Service for Personal Information
The company has designated the following departments and a personal information management officer to protect customer personal information and handle complaints related to personal information:
Personal Information Management Officer: Lee Junghoon
Phone Number: 02-2088-9155
Email: developsdr@gmail.com
Personal Information Management Department: Customer Satisfaction Team
Phone Number: 02-2088-9155
Email: developsdr@gmail.com
(1) You can report any complaints related to the protection of personal information while using the company's services to the personal information management officer or the relevant department.
(2) The company will respond promptly with sufficient answers to user-reported issues.
(3) If you need to report or consult on other personal information breaches, please contact the following organizations:
Personal Information Dispute Mediation Committee (www.1336.or.kr/1336)
Information Protection Mark Certification Committee (www.eprivacy.or.kr/02-580-0533~4)
Cyber Crime Investigation Center, Supreme Prosecutors' Office (http://icic.sppo.go.kr/02-3480-3600)
Cyber Terrorism Response Center, National Police Agency (www.ctrc.go.kr/02-392-0330)
12. Amendment of the Personal Information Handling Policy and Notice
This policy is effective from January 2, 2023. If there are any additions, deletions, or modifications to the content of the personal information handling policy, the company will notify users at least 7 days before the effective date through the website's announcements (customer center) or via email. However, if there are changes that are disadvantageous to users' rights, such as the collection and use of personal information, provision to third parties, etc., notice will be given at least 7 days in advance.
Announcement Date: January 2, 2023
Effective Date: January 9, 2023