1. Purpose of Handling of Personal Information IDEA® KOREA will use collected personal information for the following purposes. Any personal information processed shall not be used for purposes other than stated below and your prior consent will be sought in case there are any changes to the originally prescribed purposes.
① Acquiring and maintaining membership
IDEA® KOREA uses personal information for the purpose of confirming the intention to sign up for the membership; identifying · verifying individual users for member-only services; maintaining · managing the membership; preventing illegitimate or unauthorized use of services; acquiring the consent of a legal guardian to collect personal information of children under 14 and thereafter verifying identity of the legal guardian; providing notices · disclosures; and addressing customer complaints or preserving records to resolve disputes, etc.
② Handling complaints
IDEA® KOREA uses personal information for the purpose of identifying individual complainants; checking the content of complaints; making contact · sending a notice for fact-finding; and informing them of results, etc.
③ Marketing and advertisement
IDEA® KOREA uses personal information for the purpose of developing new services (products) and providing customized services; providing information about events and advertisements and an opportunity for engagement; providing services and posting advertisements in a way that meets demographic characteristics of target customers; verifying the effectiveness of services; identifying frequency of customer visits to the website; and compiling statistics concerning service utilization by members, etc.
2. Items of Personal Information
1. File name of personal information: IDEA® KOREA applicant personal information
- Items of personal information: Email, cellphone number, question and answer to find the password, password, log-in ID, gender, date of birth, name, business phone number, service utilization record, access log, cookies, access IP information
- Methods of collection: Website, written forms, phone/fax
- Reason for retention: Until withdrawing from group website
- Retention period: 3 years
- Relative legislations: Record on collection/process, and use of credit information: 3 years; Record on consumer complaint or dispute treatment: 3 years; Record on payment and supply of goods: 5 years; Record regarding contract or withdrawal of subscription: 5 years; and Record on sign/advertisement: 6 months
3. Processing and Retention Period of Personal Information
① Pursuant to related laws and regulations, IDEA® KOREA uses and retains the personal information provided by information subjects for the period specified under relevant laws or agreed upon by information subjects.
② The periods of retention and use of personal information for specific purposes are as follows:
<Membership registration and management for the website>
Personal information related to <Membership registration and management for the website> will be used and retained for <3 years> from when users agree with collection and use of their personal information.
-Reason for retention: Until withdrawing from group website
1) Record on collection/process, and use of credit information: 3 years
2) Record on consumer complaint or dispute treatment: 3 years
3) Record on payment and supply of goods: 5 years
4) Record regarding contract or withdrawal of subscription: 5 years
5) Record on sign/advertisement: 6 months
4. Provision of Personal Information to Third Party
① IDEA® KOREA shall provide personal information to a third party only if a consent is obtained from the information subject or if it is allowed under Article 17 and Article 18 of the Personal Information Protection Act.
② IDEA® KOREA provides personal information to the following third parties:
- Party receiving personal information: None
- Purpose of using personal information: None
- Period of retention and use of personal information: None
5. Entrustment of Personal Information Processing
① IDEA® KOREA entrusts certain affairs related to personal information processing as follows in order to smoothly handle such matters:
- Entrusted party: None
- Entrusted affair: None
- Entrustment period: None
② When entering into an entrustment agreement, IDEA® KOREA specifies
the following matters in the agreement or in any written form in accordance
with Article 25 of Personal Information Protection Act so that IDEA® KOREA can
make sure that the entrusted party handles personal information safely:
6. Rights and Obligations of Information
Subjects and Means to Exercise Rights
Information subjects may exercise the following rights:
information subject may at any time exercise the following rights against IDEA®
- Right to have access to his/her personal information;
- Right to request correction of any error;
- Right to request deletion of personal information; and
- Right to request discontinuance of personal information processing.
② The rights referred to in Paragraph 1 above may be exercised in a written form, or by email or facsimile in accordance with Article 41 (1) of the Enforcement Regulation of the Personal Information Protection Act, and IDEA® KOREA will immediately take action upon receipt of such request.
③ The rights referred to in Paragraph 1 above may be exercised by a legal agent or an authorized representative of the information subject. In such a case, the power of attorney as provided in Form 11 of the Enforcement Regulation of the Personal Information Protection Act must be submitted.
④ In respect of the request for access to personal information and discontinuance of personal information processing, the user's rights may be limited in accordance with Article 35 (5) and Article 37 (2) of the Personal Information Protection Act.
⑤ In respect of the request to correct and delete personal information, you may not request deletion if such personal information is specified as the one to be collected in other legislations.
⑥ When there is any request to access to, correct, or delete personal information based on the rights of the information subject, IDEA® KOREA makes sure if it is requested by the concerned user or legitimate legal agent.
7. Items of Personal Information to be Processed
① IDEA® KOREA processes the following items of personal information.
<Membership registration and management for the website>
- Required items: Email address, cellphone number, question and answer to find the password, password, log-in ID, gender, date of birth, resident registration number, service utilization record, access log, cookies, access IP information, payment record
- Optional items: Business phone number, company name
8. Destruction of Personal Information
In principle, IDEA® KOREA shall destroy the collected personal information without delay when the retention of such personal information is no longer necessary. , e.g., where the purpose of processing such personal information has been accomplished. Destruction procedures, period, and measures are as follows:
- Destruction procedure
The information entered by the use will be transferred to a separate database (separate documents in case the use wrote down the information on paper) after accomplishing the purpose, and stored for a certain period and/or destroyed immediately in accordance with internal policies and other relevant legislations. The personal information transferred to the database will not be used for any other purposes unless it is required by law.
- Destruction period
The personal information of the use will be destroyed within 5 days after the retention period expires, 5 days from the date when processing such personal information is considered no longer necessary, e.g., where the purpose of processing such personal information has been accomplished, the service has gone out of the window, or the business has been terminated.
- Destruction method
Information in the form of the electronic file will be destroyed using technical tools so as to make sure that such information cannot be reproduced.
9. Installation • Operation of Automatic Personal Information Collection Device and Refusal thereof
① IDEA® KOREA uses “cookies” that save and upload usage information frequently in order to provide customized services to individual users.
② Cookies are a small amount of information to be sent to the browser of the user by the server (http) used for operation of the website and can be stored in the hard disk of the user’s computer.
a. Purpose of using cookies: Cookies are used to identify patterns that users use and visit websites and, popular search words, whether users use a security connection, etc. in order to provide users with optimized information.
b. Installation • operation of cookies and the refusal thereof: Users have the option to refuse the installation of cookies in their computers by setting option on Tool on the top of the web browser > Internet Option > Personal Information.
c. If users refuse the installation of cookies, they may have difficulties in using customized services.
10. Chief Privacy Officer
① IDEA® KOREA appoints a chief privacy officer who is responsible for all affairs relating to processing personal information, handling complaints raised by users in respect with personal information, remedies for damage, etc.
Chief Privacy Officer
Name: Eunsil Jeon
Position and title: Director
Contact: 010-9033-3862, ideakorea.kbaa®gmail.com
Name: IDEA® KOREA Secretariat
Person in charge: Gunho Cho
Contact: 010-6706-6740, ideakorea.kbaa®gmail.com
② The information subject can ask the chief privacy officer or privacy department for information about personal information protection, handling complaints, and remedies, etc. that you may need while using the services (or business) of IDEA® KOREA. IDEA® KOREA will promptly respond to such inquiries.
12. Security Measures for Protection of
IDEA® KOREA takes the following technical, administrative and physical measures necessary to secure the safety of personal information in accordance with Article 29 of the Personal Information Protection Act:
1) Regular internal audits
IDEA® KOREA conducts internal audits periodically (on a quarterly basis) to secure the safety of personal information;
2) Minimum number of staff dealing with personal information and training of them
IDEA® KOREA gives permission only to the minimum number of staff to deal with personal information as the measure to manage personal information.
3) Establishing and implementing internal management plan
IDEA® KOREA establishes and implements the internal management plan to handle personal information with safety.
4) Encryption of personal information
Users’ passwords are stored and managed in an encrypted form so that only the concerned users can know them, and, in addition, important data are stored and transmitted in an encrypted form, and/or secured with the file locking function.
5) Storage of access records and prevention of forging or falsifying logs
IDEA® KOREA stores and manages records of access to the personal information system for at least 6 months and uses security programs to prevent such access records from being forged or falsified, stolen or lost.
6) Limited access to personal information
IDEA® KOREA takes measures to control access to personal information by controlling the authorization of access to the personal information database system, and prevents unauthorized access from outside with the intrusion prevention system.
7) Control of unauthorized access
IDEA® KOREA has a physical storage place where personal information is stored, and establishes and implements a process of controlling access to such place.