Article 3 (Procedures and Methods for Destruction of Personal Information)

 

① The Company will destroy personal information without delay when it becomes unnecessary, such as when the retention period for personal information has expired or the processing purpose has been achieved.

 

② Even after the retention period agreed upon by the data subject has expired or the processing purpose has been achieved, personal information may be retained in accordance with the Commercial Act and other laws.

 

③ The procedures and methods for destroying personal information are as follows:

​

   1. Destruction Procedures

       - The Company selects personal information for which reasons for destruction have arisen and destroys the information with the approval of the Company's Personal Information Protection Officer.

​

   2. Destruction Methods

       - Information in electronic file format will be destroyed using a technical method that renders the records unrecoverable.

       - Personal information printed on paper will be destroyed by shredding or incineration.

 

Article 4 (Rights and Obligations of the Data Subject and Legal Representative and How to Exercise Them)

 

① The data subject may exercise his or her rights to the Company, including requesting access to, correction of, deletion of, or suspension of processing of personal information, at any time.

 

② The rights under Paragraph 1 may be exercised against the Company in writing, by email, or by facsimile, pursuant to Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act. The Company will take action without delay.

 

③ The rights under Paragraph 1 may be exercised through a representative, such as the data subject's legal representative or authorized representative.

 

④ Requests for correction or deletion of personal information may not be made if the personal information is specifically designated as a subject of collection under other laws.

 

⑤ The Company will verify whether the person making the request, including requests for access, correction/deletion, or suspension of processing, is the data subject or a legitimate representative.

 

Article 5 (Matters Concerning Measures to Ensure the Security of Personal Information)

 

The Company takes the following measures to ensure the security of personal information:

 

 

1. Regular Internal Audits

  To ensure the security of personal information handling, the Company conducts internal audits on a regular basis (quarterly) to ensure the security of personal information.

​

2. Minimizing and Training Personal Information Handling Staff

  We designate and limit personal information handling staff to those in charge, minimizing the number of staff handling personal information, and implement measures to manage personal information.

 

3. Encryption of Personal Information

  Users' personal information is accessible only to the user, and separate security features, such as file and transmission encryption and file locking, are used for important data.

 

4. Restricted Access to Personal Information

  We take necessary measures to control access to personal information by granting, modifying, and revoking access rights to the database system that processes personal information. We also use an intrusion prevention system to prevent unauthorized access from outside sources.

 

 

Article 6 (Installation and Operation of Devices That Automatically Collect Personal Information and Refusal Thereof)

 

The Company does not use "cookies," which store and periodically retrieve user information.

 

Article 7 (Collection, Use, Provision, and Refusal of Behavioral Information)

 

Collection, Use, Provision, and Refusal of Behavioral Information

 

The Company does not collect, use, or provide behavioral information for online customized advertising, etc.

 

Article 8 (Criteria for Determining Additional Use and Provision)

 

The Company may additionally use and provide personal information without the consent of the data subject, taking into account the provisions of Article 14-2 of the Enforcement Decree of the Personal Information Protection Act, pursuant to Article 15, Paragraph 3 and Article 17, Paragraph 4 of the Personal Information Protection Act.

 

Accordingly, the Company has considered the following factors in order to permit additional use and provision without the consent of the data subject.

  - Whether the purpose of additional use/provision of personal information is related to the original purpose of collection.

  - Whether additional use/provision is foreseeable, given the circumstances of personal information collection or processing practices.

  - Whether additional use/provision of personal information unfairly infringes upon the interests of the data subject.

​

※ The criteria for determining considerations for additional use/provision are determined by the business/organization itself and are prepared and disclosed.

​

Article 9 (Matters Regarding the Personal Information Protection Officer)

 

① The Company designates a Personal Information Protection Officer as follows to oversee all personal information processing and to handle complaints and provide remedies to data subjects related to personal information processing.

 

1. Personal Information Protection Officer

   - Name: Park Seon-Kyeong

   - Position: Director

   - Contact: 033-552-9029

   - Email: themg@themg.co.kr

​

2. Personal Information Protection Officer

   - Department: IT Team

   - Contact: Kim Yong-Sam

   - Contact: 033-552-9029

   - Email: themg@themg.co.kr

​

② Data subjects may contact the Personal Information Protection Officer or the responsible department regarding any inquiries, complaints, or remedies related to personal information protection that may arise while using the company's services (or business). The company will respond and process such inquiries without delay.

 

Article 10 (Department Receiving and Processing Requests for Access to Personal Information)

​

 

Data subjects may request access to their personal information pursuant to Article 35 of the Personal Information Protection Act to the department below.

​

The Company will endeavor to promptly process requests for access to personal information.

​

1. Department Receiving and Processing Requests for Access to Personal Information

   - Department Name: IT Team

   - Contact Person: Kim Yong-Sam

   - Contact Number: 033-552-9029

   - Email: themg@themg.co.kr

 

Article 11 (Remedies for Infringement of the Rights of Data Subjects)

 

Data subjects may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center of the Korea Internet & Security Agency to seek redress for personal information infringement. For other inquiries or reports of personal information infringement, please contact the following organizations.

 

1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

2. Personal Information Infringement Reporting Center: 118 (privacy.kisa.or.kr)

3. Supreme Prosecutors' Office: 1301 (www.spo.go.kr)

4. National Police Agency: 182 (ecrm.cyber.go.kr)

​

Any person whose rights or interests have been infringed upon by a disposition or inaction by the head of a public institution in response to a request under Article 35 (Access to Personal Information), Article 36 (Correction/Deletion of Personal Information), or Article 37 (Suspension of Processing of Personal Information, etc.) of the Personal Information Protection Act may file an administrative appeal in accordance with the Administrative Appeals Act.

​

※ For detailed information on administrative appeals, please refer to the Central Administrative Appeals Commission (www.simpan.go.kr) website.

​

Article 12 (Changes to the Personal Information Processing Policy)

​

① This Personal Information Processing Policy will be effective from August 3, 2022.

② The previous Personal Information Processing Policy can be found below.

​

   - Effective August 3, 2022