1. Purposes of Collection and Use of Personal Information
We collect personal information in order to provide the internet services related with the provision of font to the members and the collected information are used for the following purposes. All information provided by the users is not used except for the following purposes. When there is a change to the purposes of use, we will obtain the users’ prior consent.
1) Member Management
Identity check due to the use of membership service, confirmation of one’s intent, response to client inquiries, introduction of new information and delivery of notifications
2) Performance of Contract in relation to the Provision of Service and Payment of Fees following the Provision of Service
Identity check, personal identification for the provision of contents and service, purchase and payment of fees, and prevention of improper and unauthorized use
3) Service Development and Use for Marketing and Advertisements
Provision of tailored-service, guidance of service and recommendation for use, understanding of statistics and access frequencies for service improvement and new service development, posting of advertisement in accordance with statistical characteristics, and provision of event information and opportunity to participate therein
2. Items of Collected Personal Information and Method of Collection
In the website, without a separate membership subscription procedure, most of contents can be freely accessed except particular paid services. In case of use of service, essential items need to be inputted. The use of service is not restricted even if selective items are not inputted.
[Membership Subscription Stage]
[Service Purchase Stage]
[Service Use Stage]
The abovementioned personal information are collected at the time of use of website and service, event application, and fax, mail, phone, and customer center inquiries.
3. Period of Possession and Use of Personal Information
The website possesses and uses the users’ personal information from the date of membership subscription and during the period of provision of service. In case of requesting for membership withdrawal, withdrawing the consent to the collection and use of personal information or where the purposes of collection and use are achieved or the period of use is ended, the personal information shall be destroyed without delay.
However, in the following cases, they shall be preserved for each of the specified ground and period.
1) Where it is necessary to preserve pursuant to the provisions of relevant laws such as the Commercial Act, the transaction details and minimal basic information shall be possessed during the period of preservation under law. In such case, the company shall use the stored information only for the purpose of such storage.
① Records about contract or subscription withdrawal, etc.: 5 years
② Records about money payment and supply of goods, etc.: 5 years
③ Records of handling of customer complaint or dispute: 3 years
④ Records about improper use, etc.: 5 years
2) Where the period of possession was notified in advance and such period of possession is not yet passed and where individual consents were obtained, they shall be possessed during the agreed periods.
3) Where the user does not log-in to the website for 12 months, for the purpose of protection of personal information, the ID may be categorized as a dormant account and the use of relevant account can be suspended. In such case, the company shall notify such fact by 30 days in advance by one of e-mail, writing or SMS. The use of website is possible when the user directly undergoes the process of identity check and expresses his/her intent to re-use the website.
4. Provision and Consignment of Personal Information
The company uses the personal information within the scope notified in the purposes of collection and use of personal information, and it does not use them outside the scope that was consented by the users in advance.
A. Consignment of Handling
B. In the following cases, the personal information can be provided or used by obtaining the users’ consents through suitable procedures.
1) Partnerships: A change through partnerships shall be notified in advance. In such case, it shall undergo the process of obtaining individual consents; it shall not be provided when there is no consent.
2) Sale and M&A: Where the service provider’s rights and obligations are succeeded or assigned, it shall be notified in advance and the right of choice to withdraw the consent of user’s personal information shall be conferred; provided, however, it shall be an exception in the following cases:
– Where it is based on the relevant laws or where there is an investigation agency’s request pursuant to the procedures and methods set forth in law for the investigation purpose
5. Procedure for Destruction and Method of Destruction of Personal Information
The users’ personal information shall be in principle destroyed without delay when the purposes of collection and use of personal information are achieved. The company’s destruction procedure and method of personal information are as follows.
1) Destruction procedure: The information inputed by the users for the purpose of membership subscription, etc. are transferred to a separate DB after their purposes are achieved (a separate document cabinet in case of papers) and they are destroyed after storage for a certain period pursuant to the grounds of information protection under the internal policies and other relevant laws. The personal information transferred to the separate DB is not used for other purposes except those cases under law.
2) Destruction method: personal information printed on papers shall be destroyed by shredders or incineration. Personal information stored in electronic file forms shall be deleted by using a technical method in which restoration of records is not possible.
6. Users and Legal Representatives’ Rights and Methods of Exercise
1) The users may revise their own information registered in My Cloud > Revision of Member Information at any time.
2) For membership termination (withdrawal from the service), the users may withdraw directly by clicking on the service withdrawal and undergoing the identity check procedure. Alternatively, please contact the personal information manager / responsible officer in writing or by phone or email and it will be handled without delay.
3) In case of children under 14 years old, their legal representatives have the rights to check or revise the children’s personal information and withdraw their consents to the collection and use.
4) Where the users request for correction of errors of personal information, the relevant personal information is not used or provided until the completion of such correction. Moreover, where the incorrect personal information was already provided to a third party, the outcome of handling of correction will be notified to the third party without delay so that such correction can be made.
5) The company handles the personal information that is terminated or deleted pursuant to the users’ request in accordance with that is specified in ‘4. Period of Possession and Use of Personal Information’, and it handles them in a way that they cannot be used for any other purposes.
7. Sandoll’ Efforts for Protection of Personal Information
Sandoll is exercising its best efforts to safely manage the users’ personal information, and it is protecting the personal information at the same level as or higher level than what is required under the Information Communication Network Act and the Personal Information Protection Act.
1) Encryption of Personal Information
The users’ personal information is protected by passwords, and files and various data are protected by a separate security feature through encryption or file lock function.
2) Countermeasures against Hacking, etc.
In order to prevent losses by hacking or computer virus, etc., vaccine programs are regularly updated so that upon the appearance of new viruses, vaccines are applied as soon as they become available and thereby prevent the damage of personal information. The system is installed in an area in which access is controlled to guard against external infiltration, and the infiltration detection system and the weakness analysis system are installed under 24 hours monitoring.
3) Training of Employees Handling Personal Information
The employees to handle personal information are consisted of minimal number of employees. Regular trainings are conducted in relation to acquisition of new security technologies and obligation of personal information protection, and the internal audit procedure is implemented in order to maintain security.
4) Management of ID and Password
The company is exercising its best efforts to protect the users’ personal information; provided, however, the company is not liable for issues arising from the disclosure of personal information such as ID and password, etc. due to the users’ personal negligence and issues arising due to the basic internet risks.
8. Outline of Personal Information Manager and Responsible Officer
Sandoll designated the personal information manager and responsible officer as follows for handling of users’ inquiries and complaints, etc. related to personal information.
Where you need to report or consult in relation to other personal information infringements, please inquire to the following organizations.
– KISA Personal Information Infringement Report Center (www.118.or.kr / 118 without area code)
– Supreme Prosecutor’s Office High-Tech Crime Investigation Department (www.spo.go.kr / 02-3480-3571)
– National Policy Agency Cyber Terror Response Center (www.ctrc.go.kr / 182 without area code)
10. Matters relating to Installation/Operation and Refusal of Automatic Collection Device of Personal Information
1) The company through the internet service installs/operates cookies that store and frequently find customers’ information. Cookies are string information, which are sent by web servers to web browsers for storage and sent back to servers when there is an additional request from servers. When the members access the website, one can read the details of cookies in the members’ web browsers and find the additional information and thereby provide the service without additional inputs for access such as names, etc.
2) The information collected by the website through cookies are the same as ‘2. Items of Collected Personal Information and Methods of Collection’ and they are not used for the purposes other than ‘1. Purposes of Collection and Use of Personal Information.’
3) The members have a right of choice in relation to cookie installation.
The users may accept all cookies in “Tools > Internet Option > Privacy > Advanced” at the top end of web browser, require a notice to be sent at the time of installation of cookies, or refuse all cookies; provided, however, where the users refuse the installation of cookies, there can be inconveniences to the use of service or difficulties in the provision of service.
11. Link Websites
12. Protection of Personal Information of Non-Members
In the website, even without membership subscription, most of contents except personal information, which are not desired for disclosure, and major information can be perused.
13. Additional Rules
Effective Date: These standard terms and conditions shall be effective from November 23, 2015.
Effective Date: These standard terms and conditions shall be effective from December 13, 2018.
Effective Date: These standard terms and conditions shall be effective from November 27, 2020.