Guide

個人情報取り扱い方針

All personal information that the AVATEC handles is collected, retained, and processed under relevant statutes or with consent of each person whose information becomes subject to this Policy. The Personal Information Protection Act provides for general norms concerning managing personal information, and the AVATEC will lawfully and properly manage the information collected, retained, and processed under the provisions of such statutes, so as to properly perform public services and appropriately protect citizens’ rights and interests.
Futhermore, we, at the AVATEC, respect your rights, including the right to request us to permit you to inspect your personal information retained by us and the right to request us to correct such information. You also have a right to file a petition for an administrative hearing to seek remedies for a violation of any of such rights under the Administrative Appeals Act.

AVATEC Policy for Handling Personal Information

1. Purposes of Handling Personal Information

Most services provided by the AVATEC through its web-site, are accessible by any user at any time without user registration. However, we, at the AVATEC, collect and use users’ personal information in order to provide more advanced, higher quality services, including service for downloading publications and a mailing service. Furthermore, only users who have registered with us as members are allowed to post their messages and comments on our message boards so as to curb reckless and defamatory or libelous expressions and strengthen the effects of opinions collected from you.

Your personal information processed by us are not used for any purpose other than the purposes specified in the following, and we will take necessary measures when any change occurs in the purposes of use, such as obtaining additional consent in accordance with Article 18 of the Personal Information Protection Act.

1.1. Personal Information Automatically Collected and Stored

When you access the web-site of the AVATECH, the following information is automatically collected and stored:
Users' Internet domain names and URLs of web-sites from which they navigated to access our web-site
Browsers and operating systems (OS) used by users
Date and time of visit, etc.

In order to provide higher-quality services to users, cookies are used as means of storing and retrieving user information from time to time. A cookie is a small piece of data sent from a server operated and used for the operation of a web-site (HTTP) to the web browser in a user’s personal computer. The information automatically collected and stored, as explained above, is used for statistical analysis to improve and supplement web pages and to faciliate communications between users and the web-site so as to provide better services to users. However, please note and understand that relevant statutes require us to provide such information to a relevant authority in certain cases.

1.2. Personal Information Collected when Additional Services are Used

A user’s personal information collected when the user attempts to download a publication forwarded by the AVATECH, use the regular mailing service, or post a message or comment on a message board, is limited to the minimum extent necessary.

Subscription
Personal Information Collected when Additional Services are Used Table
Consent to Use Purpose of Handling Major Items Period of Retaining
Consent of a user whose information becomes subject to this Policy To send newsletters and compile statistical data about areas for which research reports are used Required items, including use of additional services : ID, Name, Password, E-mail, Whether to receive newsletters
Optional items : None (no resident or alien registration numbers are collected) Two years (until a user withdraws subscription)

2. Period during which Personal Information is Handled and Retained

(a) The AVATECH handles and retains personal information only during the period specified by relevant statutes for retaining and using personal information or the period to which each user consents when we collect the user’s personal information.
(b) The period during which a user’s personal information is handled and retained is as follows: Subscription to the website: Two years (until a user withdraws subscription to the website).

3. Matters concerning Provision of Personal Information to Third Parties

The AVATEC does not provide personal information collected and retained thereby, to any third party without the relevant user’s consent, except in the following cases:
(a) Where a user specifically consents to provision of his/her personal information;
(b) Where other statute provides expressly;
(c) Where a user or his/her legal representative is incapable of communicating his/her intention or it is impossible to obtain consent from a user or his/her legal representative because his/her whereabouts are unknown but it is considered clearly necessary to urgently provide his/her personal information to a third party for the safety, health, or economic interests of the user or of a third party;
(d) Where personal information is provided in a form that makes it impossible to identify a specific person, as necessary for compiling statistics or scientific research;
(e) Where it is impracticable to perform relevant duties prescribed in other Acts unless personal information is provided for any purpose other than its original purpose or is provided to a third party and where such case is deliberated on and determined by the Personal Information Protection Commission;
(f) Where it is necessary to provide such information to a foreign government or an international organization to implement treaties or other international agreements;
(g) Where it is necessary to investigate a crime and to file and sustain a prosecution;
(h) Where it is necessary for a court to proceed with a trial;
(i) Where it is necessary to enforce a sentence, custody, or protective order imposed.

When we provide your personal information to a third party, we will inform you of the following facts to obtain consent from you:
The name of the recipient of personal information (or the name of the corporation or organization, if the recipient is a corporation or organization) and the contact information of the recipient;
The recipient’s purposes of using personal information and the items of personal information to be provided;
The duration during which the personal information will be retained and used by the recipient;
The fact that the user has a right to refuse to consent and details of any disadvantages.

4. Matters concerning Outsourced Processing of Personal Information

The AVATECH outsources the processing of a user’s personal information to maintain its website as follows:
Matters concerning Outsourced Processing of Personal Information
Company Outsourced Outsourced Matters Outsourcing Period
MXWEB Co.,Ltd

5. Rights and Obligations of Users, Exercise of Rights, and Performance of Obligations

A user, as a person whose information becomes subject to the Policy, may exercise the following rights:

  1. A user (if the user is under the age of 14, referring to his/her legal representative) may exercise the following rights in relation to protecting personal information:
    (a) The right to request permission to inspect his/her personal information;
    (b) The right to request correction of his/her personal information if there is any error, etc.;
    (c) The right to request the deletion of his/her personal information;
    (d) The right to request AVATEC to suspend handling his/her personal information.
  2. A user may exercise his/her rights prescribed in paragraph (1) by completing the form specified in attached Form 8 and submitting it to the AVATEC by post, email or fax AVATEC will take necessary measures promptly.
  3. Where a user requests the correction or deletion of any error, etc., in his/her personal information, the relevant information shall not be provided to any third party pursuant to this Policy, until the relevant information is corrected or deleted.
  4. A user may exercise his/her rights through an agent such as his/her legal representative or a person with a mandate.
  5. Where a user requests permission to inspect his/her personal information or requests AVATEC to suspend handling personal information, his/her rights may be limited in the following cases under Article 35 (4) or 37 (2) of the Personal Information Protection Act:
    1. Where any Act prohibits or restricts such inspection;
    2. Where such inspection is likely to harm another person’s health or safety or is likely to unreasonably encroach on another person’s property or interests;
    3. Where such inspection substantially interferes with a public institution performing any of the following business affairs:
    (a) Affairs concerning audits and investigations in progress under any other Act.
  6. No user may request AVATEC to delete his/her personal information where such personal information is clearly specified as information subject to collection under any statute.
  7. Upon receipt of a request to inspect, correct, or delete personal information or a request to suspend handling personal information, the AVATECH will verify whether the requesting person is the actual user or his/her legitimate representative.

6. Items of Personal Information to be Handled

The AVATECH collects and retains personal information only in compliance with the provisions of relevant statutes or with consent from users whose information becomes subject to this Policy. The main personal information collected and retained by the AVATEC, are as follows:

Subscription
Items of Personal Information to be Handled Table
Consent to Use Purpose of Handling Main Items Retention Period
Consent of a user whose information becomes subject to this Policy To send newsletters and compile statistical data about areas for which research reports are used Required items, including use of additional services : ID, Name, Password, E-mail, Whether to receive newsletters Optional items : None (no resident or alien registration numbers are collected) Two years (until a user withdraws subscription)

7. Destruction of Personal Information

In principle, the AVATEC destroys a user’s personal information after the period during which the personal information is retained ends or the purposes of handling the personal information have been attained, except where it is required to preserve the personal information under an Act. The procedure, deadlines, and methods for destroying it are as follows:
(a) Procedure for destruction: The information that a user has entered is destroyed in accordance with internal policies and relevant statutes after the period during which the information is retained ends or the purposes of handling the information have been attained;
(b) Methods for destruction: Personal information recorded and stored in electronic files will be destroyed by means of Low Level Formatting or other similar methods, so as to prevent restoration of records, while personal information recorded and preserved in paper documents will be shredded by a shredder.

8. Measures for Ensuring Safety of Personal Information

The AVATEC has taken the following technical and physical measures necessary for ensuring safety, in compliance with Article 29 of the Personal Information Protection Act:
(a) Formulating and implementing internal management plans: The AVATEC has formulated and implemented internal management plans in accordance with the guidelines for measures for ensuring the safety of personal information;
(b) Minimizing and educating personnel authorized to handle personal information: The number of personnel authorized to handle personal information has been minimized and regular educational programs have been implemented for such personnel;
(c) Restrictions on access to personal information: Access to personal information is controlled by granting, amending, or cancelling the authority to access the database system that processes personal information, and unauthorized external access is controlled by operating firewalls for blocking and preventing invasion and intrusion, while personnel authorized to handle personal information are precluded from accessing the personal information processing system externally via information and communications networks.
Furthermore, details about granting, amending, or cancelling authority are recorded, and such records are preserved for at least three years;
(d) Preserving access records and preventing forgery and alteration of access records: Log data about access to the personal information processing system (including web logs and summary information) are retained and managed for at least six months, and access records are maintained properly to prevent forgery, alteration, theft, and loss;
(e) Encryption of personal information: Passwords and identification numbers, among each user’s personal information, are encoded for storage and management. Furthermore, additional means, such as encrypting essential data for storage and transmission, are used for security.
(f) Technical measures against hacking: The AVATEC has installed security programs and updates and inspects the programs to protect personal information from being leaked externally or destroyed by hacking or computer viruses and has installed its systems in an area with restricted access to technically and physically monitor and block external access.
(g) Restricting access by unauthorized persons: The space for the physical storage of the personal information system that keeps personal information, is separated from other areas, and a procedure for controlling access to the space, has been established and is implemented.

9. Linked Web-Sites and Web-pages

When you visit any other web-site or web-page by clicking a link or banner on our web-site, please check the policies of the web-sites that you visit, since the privacy policy of the new web-site is that posted by the agency that operates the web-site.

10. Acquisition of Third Party’s Personal Information while Using Web-Site

No one shall acquire any personally identifiable information, including any e-mail address, from the web-site operated by the AVATEC. Any person who inspects or obtains such personal information by fraud or other misconduct, is punishable under the provisions of Article 59 of the Personal Information Protection Act.

11. Managers and Officers in Charge of Managing Personal Information

In order to ensure the legality of personal information and the appropriateness of procedures to protect citizens’ rights and interests, and to properly perform public services, the AVATEC appoints one of its personnel as the officer in charge of protecting personal information as follows: For any question or inquiry about personal information retained by the AVATEC and the policy on the protection of personal information, please do not hesitate to contact us by any of the following means:
(a) Information Protection Officer
Office : AVATEC
Name and position : Park Jeongcheol
Tel. : +82-53-592-4060, Fax: +82-53-592-1030
E-mail : cs9883@avatec.co.kr
Address : 100, Dalseo-daero 85gil, Dalseo-gu, Daegu Metropolitan City, Republic of Korea

If you have any questions regarding personal information held by AVATEC and its privacy policy, etc., please contact us as follows:
(b) Person in Charge of Protecting Personal Information
Office : AVATEC
Name and position : Park Jeongcheol
Tel. : +82-53-592-4060, Fax: +82-53-592-1030
E-mail : cs9883@avatec.co.kr
Address : 100, Dalseo-daero 85gil, Dalseo-gu, Daegu Metropolitan City, Republic of Korea

12. Requests to Inspect Personal Information

A user may request AVATEC to permit him/her to inspect his/her personal information under Article 35 of the Personal Information Protection Act. The AVATEC will strive to ensure that such request will be processed without delay.

Office : AVATEC
Name and position : Park Jeongcheol
Tel. : +82-53-592-4060, Fax: +82-53-592-1030
E-mail : cs9883@avatec.co.kr
Address : 100, Dalseo-daero 85gil, Dalseo-gu, Daegu Metropolitan City, Republic of Korea

13. Amending Privacy Policy

2018-02-14

14. Withdrawing Consent to Collect, Use, and Provide Personal Information

You may withdraw your consent to AVATEC collecting, using, and providing your personal information, at any time. If you click on [Sign in/Log in>Member Services>Sign out] or contact the Personal Information Officer in writing, by phone or e-mail, to withdraw your consent, the Officer will take necessary measures to delete your personal information immediately. We, at the AVATEC, will guide and supervise our personnel to ensure that personal information collected under the provisions of relevant statutes, will be used appropriately for the purposes of collection and processing.

15. Remedies for Violation of Rights and Interests

A user whose personal information becomes subject to this Policy, may file a petition for settlement of, or give notice of, a dispute with the Personal Information Dispute Mediation Committee, the Korea Internet Security Agency, or a breach of privacy reporting center to seek remedies for the breach of privacy. In addition, you may contact any of the following agencies to report or receive counselling on the breach of privacy:
(a) The Personal Information Dispute Mediation Committee (Korea Internet and Security Agency): 1833-6972 (http://www.kopico.go.kr)
(b) Personal Information Infringement Report Center (Korea Internet and Security Agency): 118 (without dialing an area code)
(c) The Cyber Crime Investigation Team of the Supreme Prosecutors’ Office: 02-3480-3573 (http://www.spo.go.kr)
(d) The Cyber Terrorism Response Center of the National Police Agency: 1566-0112 (http://www.netan.go.kr)


Any person whose rights or interests are violated by any disposition or inaction of the head of a public agency with regard to a request made under the provisions of Article 35, 36, or 37 of the Personal Information Dispute Mediation Committee, may file a petition for an administrative hearing in accordance with the provisions of the Administrative Appeals Act.


※ Please refer to the information on telephone numbers offered by the Central Administrative Appeals Commission (http://center.simpan.go.kr)