Article 1 (Personal Information to be Collected and Collection Methods)
The Company has established the procedure for users to select either “Consent” or “Do Not Consent” regarding the collection and use of their personal information.
Personal information shall be collected and used by the Company, as follows:
|Description||Information to be Collected||Collection Methods|
|Participation in Events|| Name, SNS channel ID applied for, mobile phone no., and delivery address for prizes
※The types of information to be collected from users may vary for each event.
|Participants need to fill out the event application form in person.|
|Subscription to Newsletters||Email address and records of receiving and unsealing SK Innovation Newsletters.||Participants need to fill out the newsletter subscription form in person.|
|Visits to SKinno News||Service usage records, access logs, and cookies||To be collected through “cookies” and “log files”|
Article 2 (Purpose of Collecting Personal information)
The Company shall collect personal information for the following purposes:
|Description||Purpose for Collection|
|Participation in Events||Verification of the winners’ identities, responding to event-related inquiries, giving public notice, and the delivery of event prizes|
|Subscription to Newsletters||Mailing of SK Innovation Newsletters|
|Visits to SKinno News||Improvement of user services, convenience, and the analysis of web logs|
Article 3 (Provision of Personal Information to Third Parties)
In principle, the Company shall provide no personal information to third parties, except where:
• (i) Users have previously consented to the provision of their personal information; or
• It is specifically provided by law or it is necessary to do so to comply with its statutory obligations.
Article 4 (Entrustment of Personal Information Processing)
• The Company shall entrust the processing of personal information, as follows, to secure expertise in customer services and deliver excellent service quality:
|Entrustee(Information ProcessingService Provider)
||Descriptions of the Business Entrusted|
|ExtraMile Communications Limited||Management of SKinno News and the SK Innovation Facebook Page and the holding of events (including the selection and verification of winners and the delivery of prizes)
Sharing with media representatives the contents of SKinno News and the SK Innovation Facebook Page
• When entering into any personal information processing agreements, the Company shall clearly set forth the purpose of the business entrusted, as well as the provisions concerning the prohibitions on personal information processing, the technical and administrative protection measures, the restrictions on re-entrustment, the management and supervision of entrustees, the liability for damages, etc. pursuant to Article 26 of the Personal Information Protection Act. Furthermore, the Company shall supervise its entrustees to ensure that they process personal information safely and securely.
Article 5 (Retention and Use Periods of Personal Information)
The Company shall use personal information solely during the period when customer services are provided, starting from the time when users participate in events or subscribe to SK Innovation Newsletters. The personal information of users shall be immediately destroyed upon the withdrawal of their consent, upon achieving the purpose of the collection and use of such personal information, or upon the expiration of the period for retention and use. Notwithstanding the foregoing, members’ personal information shall be retained for a given period pursuant to applicable law, as described in detail below.
• In the case of personal information given by the participants of an event: To be deleted 90 days after the date of announcement of event winners
• In the case of personal information being retained for users’ subscriptions to newsletters: To be promptly deleted when SK Innovation Newsletters cease to be issued or when subscribers terminate their subscription
• Records of visitors to SKinno News: To be immediately deleted following the mandatory retention thereof for 3 months pursuant to the Protection of Communications Secrets Act, when SKinno News services cease to be provided
Article 6 (Destruction Procedures and Methods for Personal Information)
• The Company shall promptly destroy any personal information when the personal information in question is no longer needed, such as when the retention period for the personal information has expired and the purpose of processing such personal information has been completed.
• Once the retention period for any personal information (to which prior consent has been obtained from users) has expired or the purpose of collection thereof has been achieved, and if the personal information must be nevertheless retained on an ongoing basis, as required by other applicable laws, the personal information in question shall be destroyed after the same has been retained for the period prescribed by the applicable law in a separate database (or filing cabinet, in the case of paper documents). The personal information transferred to a separate database (or filing cabinet, in the case of paper documents) shall not be used for any purposes other than the purpose of its retention, except as otherwise required by the law.
• Personal information shall be destroyed through the following procedures:
ㅇ Destruction Procedures
Where any personal information has been provided by users to participate in events or write comments, the personal information in question shall be destroyed upon the achievement of the purpose of collection and when it has been retained for a given period, depending on the Company’s internal policies or applicable law. In such a case, the personal information in question shall not be used for any purposes other than the purpose of its retention, except as otherwise required by the law.
ㅇ Destruction Methods
Personal information stored in an electronic file format shall be destroyed by the Company so that the records will be rendered unrecoverable, while personal information recorded and stored in the form of paper documents shall be destroyed using a document shredder or by incinerating.
Article 7 (Request for Access to Personal Information)
• Users may file a request to the department described below to access personal information, pursuant to Article 35 of the Personal Information Protection Act:
|Items||Department Responsible for Receiving and Processing Requests for Access to Personal Information|
|Department||Information Security Office|
|Person in Charge||Minkyeng Kim/ Manager|
ㅇ To give access to personal information
ㅇ To correct errors there in, if any
ㅇ To delete personal information
ㅇ To suspend the processing of personal information
• The rights of data subjects according to subsection 1 may be exercised in writing, by email, by fax, etc. and sent to the Company through Form No.8 attached to the Enforcement Ordinance of the Personal Information Protection Act. Upon receipt, the Company shall promptly take necessary action.
• In the event that a user requests for the correction, deletion, etc. of errors, in his/her personal information, the Company shall not provide a third party with the user’s personal information until the completion of the requested change.
• The exercise of users’ rights pursuant to subsection 1 may be conducted by their legal representatives or other duly authorized persons. In such cases, the representatives shall present a power of attorney through Form No.11 attached to the Enforcement Ordinance of the Personal Information Protection Act.
Article 8 (Installation/Operation of Automatic Personal Information Collection Devices and Refusal to Use Such Devices)
Cookies and log files are used on this website for various purposes, including calculating the number of visitors and unique visitors who have accessed the web page through anonymous statistics. Users can identify how cookies and log files are used on this website, based on the types of cookies and log files described below.
• The Purpose of Using Cookies and Log Files: Analysis of Web Logs
• Types of Cookies and Log Files Used
ㅇCookies related to Google Analytics
Production of web logs and demographic data, based on information concerning anonymous users (including GA, etc.)
ㅇ Cookies related to Jetpack
Production of website statistics through the analysis of service usage records and access logs
Customers have the option to install cookies. Customers may also allow all cookies to be installed or require the storage of cookies to be confirmed each time. In addition, users may disallow cookies from being stored at all.
Most browsers provide users with the function to manage cookies based on their own needs. In some browsers, users can set up rules for managing cookies on a site-by-site basis, thereby granting users more fine-grained control over privacy. In other words, users can disallow cookies from all sites except for those that they trust.
However, if cookies are not allowed to be stored at all, users may experience inconvenience in using some services.
ㅇ Internet Explorer
The tool menu of Internet Explorer includes an option to access advanced settings for personal information. Users can set up the environment to allow or disallow cookies and can also delete cookies from temporary Internet files and automatically completed data, etc. by clicking Tool>Internet Options>Personal Information (tab)>Advanced>Advanced Settings for Personal Information.
The tool menu of Google Chrome includes an option to delete Internet access records. Users can delete cookies, other sites and plug-in data by exercising this option.
ㅇ Secret Mode (or Privacy Protected Mode)
Most advanced browsers provide the Secret Mode feature. Users may search desired information under Secret Mode (or Privacy Protected Mode) to ensure that details of the site accessed or the information downloaded by the user will neither remain on Internet access records nor in download records. All cookies created in the Secret Mode (or Privacy Protected Mode) are automatically deleted once all secret windows are closed.
Article 9 (Security Measures to Protect Personal Information)
• When processing personal information, the Company shall take the following security measures to ensure that personal information will not be lost, stolen, leaked, forged, altered, or damaged.
ㅇ Administrative measures: Preparation and implementation of internal control plans, employee education on a regular basis, etc.
ㅇ Technical measures: Access control for personal information processing systems, etc.; control of unauthorized access using intrusion detection systems; installation of security systems; and encrypted storage of personal information
ㅇ Physical measures: Access control for the computer room, archives, etc.
• Upon the occurrence of any incidents involving the leakage, damage, etc. of personal information, the Company shall promptly notify the users concerned and take every possible action to minimize the damages caused thereby.
Article 10 (Handling Grievances Related to Personal Information and Remedies for Privacy Violations)
• Users are requested to inform the Company’s Privacy Manager and Privacy Representative of all civil petitions (related to privacy) occurring while using the services provided by the Company. The Company shall examine the problems pointed out and endeavor to take necessary corrective actions at the earliest possible time.
• Users may also refer to the Personal Information Infringement Report Center of the Korea Internet & Security Agency (KISA) to report any privacy violations or to consult in that regard. If users have suffered any monetary or mental damages as a result of such privacy violations, they may file a petition for relief with the Personal Information Dispute Mediation Committee.
Personal Information Infringement Report Center: (Without exchange number) 118 privacy.kisa.or.kr
Personal Information Dispute Mediation Committee: 1833-6972 kopico.go.kr
Cybercrime Investigation Division, Supreme Prosecutors’ Office: (Without exchange number) 1301, email@example.com http://spo.go.kr
Cyber Safety Bureau, Korea National Police Agency: (Without exchange number) 182, police.go.kr/www/security/cyber.jsp
Article 11 (Privacy Manager)
• The Company has appointed the Privacy Manager, as described below, to assume overall responsibility for processing personal information and handling users’ grievances related to personal information and requests of relief for the damages suffered by users and the like.
|Description||Privacy Manager||Privacy Representative|
|Department||Office of IT and Strategy Support||Information Security Office|
|Name/Position||Gwibeom Lee/Head||Minkyeng Kim/Manager|
※ If you dial the phone numbers above, you will be connected to the department responsible for protecting customer privacy.
• Users may refer to the Company’s Privacy Manager and Privacy Protection Department for inquiries and other matters related to the handling of privacy-related grievances, relief for damages, etc. occurring in the course of doing business with the Company or during the use of its services. Upon receipt, the Company shall promptly respond to and handle such inquires made by the data subjects concerned.
– Publication date: May 13, 2020
• Furthermore, in case of changes in any significant matters (such as the provision of personal information to third parties, the purpose of collection and use thereof, retention period, etc.), the Company shall ensure that consent will be sought from users.