Personal Information Processing Policy

Pursuant to Article 30 of the Personal Information Protection Act (Republic of Korea), Kyung-In Synthetic Corporation (https://www.kisco.co, hereinafter “KISCO”) establishes and discloses this Personal Information Processing Policy in order to protect personal information of information subjects and handle any related issue in a prompt and smooth manner.

Article 1. Purpose of Processing Personal Information

KISCO processes personal information for the following purposes. Personal information processed will not be used for any purpose other than the following purposes, and in the case where the purpose of use is changed, KISCO is to take necessary measures such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act.
A. Registration and Management of Members for its Website
For confirmation of intention to become a member, identification and authentication for provision of membership services, maintenance and management of membership, prevention of illegal use of services, confirmation of consent of a legal representative when processing personal information of children under 14 years of age, relevant notices and notifications, and handling of complaints.
B. Handling of Requests
For verification of identity of requestors, verification of requests, communication and notification for fact-finding, and notification of process results.
C. Provision of Goods and Services
For delivery of goods, provision of services, dispatch of contracts and invoices, provision of contents, provision of customized services, self-authentication, verification of age, payment and settlement, and collection of debts.
D. Use for Marketing and Advertising
Development of new services (products) and provision of customized services, provision of event and advertising information and offering opportunities for participation, provision of services and advertising based on demographic features, verification of validity of services, survey of access frequencies or statistics on the use of services by members, and so on.

Article 2. Processing and Retention Period of Personal Information

KISCO processes and retains the personal information collected with the consent of information subjects for a period of three (3) years from the date of the consent to collection and use.
Exceptions:
1. If another period of retention and use of personal information is stipulated under any laws, such period shall be applicable.
2. If KISCO and a subject of personal information agree otherwise on a period of retention and use of personal information, such agreed period shall be applicable.

Article 3. Rights and Obligations of Information Subjects and Legal Representatives, and Methods of Exercising Thereof

3.1 A subject of personal information may exercise at any time the right to request for viewing, correction, deletion, and/or suspension of processing of personal information.
3.2 The rights under Article 3.1 above may be exercised in writing, by e-mail, by facsimile, etc. to KISCO pursuant to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and KISCO will take necessary measures without delay.
3.3 The rights under Article 3.1 above may be exercised by an agent, such as a legal representative, authorized person, etc. of information subjects. In such case, a power of attorney shall be submitted in the form of Appendix 11 of the Public Notice on Methods of Processing Personal Information (No. 2020-7).
3.4 Such a request of personal information for viewing or suspension of processing of personal information may be limited pursuant to Articles 35(4) and 37(2) of the Personal Information Protection Act.
3.5 Such a request to correct or delete personal information shall not be allowed if the personal information is specified as an object of collection under any applicable laws.
3.6 KISCO ascertains whether the person who has made a request for access to, correction of, deletion of, and/or suspend processing of personal information, is the personal information subject or its legitimate agent.

Article 4. Items of Personal Information Processed

KISCO processes the following items of personal information:
A. Registration and Management of Members for its Website
Required: e-mail address, name, company name, mobile phone number, company phone number, title, department, occupation
Optional:
B. Handling of Requests
Required: e-mail address, name, company name, mobile phone number, company phone number, title, department, occupation
Optional:
C. Provision of Goods and Services
Required: e-mail address, name, company name, mobile phone number, company phone number, title, department, occupation
Optional:
D. Use for Marketing and Advertising
Required: e-mail address, name, company name, mobile phone number, company phone number, title, department, occupation

Article 5. Destruction of Personal Information

5.1 KISCO destroys personal information without delay at the time when the relevant retention period expires, the purpose of processing is achieved or otherwise such personal information is no longer necessary.
5.2 Where personal information must be continued to be retained under any applicable laws despite (i) expiration of the retention period of personal information agreed by the information subject or (ii) achievement of the purpose for processing, such personal information will be transferred to a separate database (DB) or retained at a different place.
5.3 The procedure and the method of destroying personal information are as follows:
A. Destruction Procedure
KISCO selects the personal information subject to destruction and destroys such personal information with approval of its personal information protection manager.
B. Destruction Method
Personal information stored in an electronic file format is destroyed to the extent preventing data recovery.
Personal information printed on paper is destroyed by shredding or incineration.

Article 6 (Measures to Secure Personal Information)

KISCO takes the following measures to obtain security of personal information:
A. Conducting Regular Internal Audits
KISCO conducts internal audits on a regular basis (quarterly) to ensure security in handling of personal information.
B. Education and Minimizing Number of Personnel with Access to Personal Information
KISCO designates personnel in charge who may have access to personal information and takes measures to manage personal information by those in charge.
C. Establishing and Implementing Internal Management Plan
KISCO has established and implemented an internal management plan to ensure security of personal information.
D. Technical Countermeasures against Hacking, etc.
KISCO installs a security program(s) and conducts regular updates and inspections in order to prevent leakage of or damage to personal information due to hacking, computer viruses, etc.; and KISCO installs a security system in the areas restricted from outside, and technical/physical monitoring and blocking are performed.
E. Encryption of Personal Information
Personal information is encrypted for storage and management purposes, and for important data, separate security functions are used, such as encryption of files and transmission data and file locking function.
F. Keeping Access Logs and Preventing Forgery and Alteration
KISCO keeps and manages access logs to its personal information processing system for at least six (6) months, and applies security functions to prevent forgery, alteration, theft, or loss of such access logs.
G. Restricting Access to Personal Information
Necessary measures are taken to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information; and unauthorized access from outside is controlled by using an intrusion prevention system.
H. Using Locks for Document Security
Documents and auxiliary storage devices, etc. containing personal information are kept in a safe place with a lock.
I. Restricting Access of Unauthorized Persons
KISCO separately has a physical storage place where personal information is kept and has established and implemented procedures for controlling access thereto.

Article 7. Installation, Operation, and Refusal of Tools for Automatic Collection of Personal Information

7.1 KISCO uses ‘cookies’ which automatically store and retrieve use information in order to provide users with customized services.
7.2 Cookies are a small amount of information sent to the user’s computer browser by a server (http) used to operate a website, which may be stored on the hard disk of the user’s PC computer.
A. Purpose of the use of cookies: To provide users with optimized information by identifying visits to and usages of each service and website visited by users, popular search terms, secured access, etc.
B. Installation, operation, and refusal of cookies: Users may refuse to store cookies by disabling them in their internet browser.
C. KISCO’s websites will ask for explicit consent from the user before deploying cookies.
D. Note: If a user refuses to store cookies, there may be difficulty in using customized services.

Article 8. Personal Information Protection Manager

8.1 KISCO takes responsibility for all works regarding the processing of personal information and has designated the following personal information protection manager to handle personal information subjects’ complaints and provide remedies for damage in connection with the processing of personal information.
▶ Personal Information Protection Manager
Name: Scott Watkins
Title: CMO
Position: Director
Contact: 01052567978, scott@kyunging.co.kr, none
※ It is connected to the department in charge of protection of personal information.
▶ Department in Charge of Protection of Personal Information
Department: Business Strategy Team-Marketing Part
Person in charge: Min-Hee Jo
Contact: 01021705933, olivia.jo@kyungin.co.kr, 02-3660-7905
8.2 A subject of personal information may contact the personal information protection manager and the in-charge department for all inquiries related to protection of personal information, handling of complaints, remedies for damage, etc. that occur while using the services (or business) of KISCO. KISCO will respond and handle inquiries from the information subjects without delay.

Article 9. Request to View Personal Information

Pursuant to Article 35 of the Personal Information Protection Act, a subject of personal information may request viewing of its personal information to the department below. KISCO will endeavor to promptly process the information subject’s request for viewing of its personal information.
▶ Department Handing Requests for Viewing Personal Information
Department: Business Strategy Team-Marketing Part
Person in charge: Min-Hee Jo
Contact: 01021705933, olivia.jo@kyungin.co.kr, 02-3660-7905

Article 10. Remedies for Infringement of Rights and Interests

A subject of personal information may file an application for settlement of disputes or counseling with the Personal Information Dispute Mediation Committee, the Korea Internet and Security Agency’s Personal Information Infringement Reporting Center, etc. in order to seek remedies for infringement of personal information. For other reporting and counseling on infringement of personal information, a subject of personal information may contact the following institutions:
A. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
B. Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
C. Supreme Prosecutors’ Office: (without area code) 1301 (www.spo.go.kr)
D. National Police Agency: (without area code) 182 (cyberbureau.police.go.kr)

Article 11. Amendment to Personal Information Processing Policy

11.1 This Personal Information Processing Policy becomes effective from May 21, 2021.