PERSONAL INFORMATION PROCESSING POLICY
d’strict holdings Inc. and CJ CGV Co., Ltd. (collectively, “Service Provider”) provide LED.ART Service as a joint business, and establish this Personal Information Processing Policy (“this/the Policy”) as follows so as to comply with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection and other relevant laws (“Relevant Laws”), and to handle grievances of the service users (“Users”) related to the personal information protection in a quick and smooth manner.
Article 1. Purpose of Processing Personal Information
The Service Provider processes the User’s personal information for the following purposes. The processed personal information will not be used for any purposes other than the followings, and if the purpose is to be changed, the Service Provider will take necessary measure(s), such as obtaining additional consent pursuant to the Relevant Laws (Article 18 of the Personal Information Protection Act, etc.).
- Inquiries about placing order for license (for more details, see Article 2 below
Article 2. Period of Processing and Retaining Personal Information
- The Service Provider collects, processes and retains personal information for the period of retaining and using personal information pursuant to the Relevant Laws or within the period agreed (as a part of this Policy) by the User (See “retention period” in the table below).
- The ‘items’ and the ‘purposes for collection, processing and use’ of the personal information collected, processed and retained pursuant to this Policy are detailed as follows:
|Items of personal information collected and used||Purpose of collection, processing and use||Retention period|
Company/Department(title); Full name; Phone No.; Email address; and Address of the User
- Inquiries about placing orders for license, and response and answer to any such order(s);
- Procedures for verifying identity of the User, in relation to the order(s) placed by such User; and
- Obtaining a smooth communication channel with the User, and giving the major notices in relation to the User’s order
|One(1) year after the receipt of order (However, if a User requests to delete his/her own personal information, such information will be deleted without delay.)|
Article 3. Provision of Persona Information to Third Parties
The Service Provider uses the User’s personal information only to the extent agreed as ‘Purpose of collecting processing and use [of personal information]’ (See table in Article 2 above), and does not use it beyond the scope, or disclose the User’s personal information to the outside without prior consent of the User. However, in any of the following cases, the User’s personal information may be provided to the outside exceptionally, and in such case, the personal information may be provided to the minimum within the scope permitted by the Relevant Laws:
- When the User consents in advance;
- When it is unavoidable to provide necessary information (full name, address, phone number) so as to facilitate the delivery;
- When providing personal information in a form that cannot identify an individual attributed to the necessity for statistical data, academic research or market research;
- When it is necessary for settling expenses incurred from the transaction of Contents;
- When it is necessary for verifying the User’s identity to prevent theft;
- When there is any unavoidable reason required by laws and regulations.
Article 4. Outsourced Processing of Personal Information
In principle, the Service Provider does not outsource the processing of personal information to others without the User’s consent. However, if the Service Provider outsources the processing of personal information to a third party, the information on the outsourced work and the outsourced company will be posted on the website for the service. We inform you that we have not outsourced the processing of personal information as of December 2021.
Article 5. Rights and Obligations of Data Subject and Legal Representative, and How to Exercise the Rights
- The User may exercise the following rights as the owner of his personal data:
- Request for access to its own personal information;
- Request for correction of its own personal information;
- Request for deletion of its own personal information;
- Request for suspension to process its own personal information.
- The exercise of rights under Article 5.1 above may be made to the Service Provider in writing, via email, by fax pursuant to the annexed form No. 8 of the Enforcement Rues of the Personal Information Protection Act, and the Service Provider will take action without delay. (However, if the personal information is specified as ‘the personal information to be collected’ under the Relevant Laws, actions taken for the correction and deletion of the User’s personal information may be delayed or restricted.)
- If a User requests to correct or delete errors in its personal information, the Service Provider will not use or provide such personal information until the relevant personal information is completely corrected or deleted.
- The exercise of rights under Artcle 5.1 above may be done via a legal representative of data subject or a person delegated by the data subject. In such case, a power of attorney pursuant to the annexed form No. 11 of the Enforcement Rues of the Personal Information Protection Act must be submitted.
Article 6. Procedures and Method for Destroying Personal Information
In principle, the Service Provider destroys the personal information without delay when the purpose of processing the personal information is achieved, except for the situations where one’s personal information must be preserved pursuant to the Relevant Laws. Detailed information on procedure, deadline and methods for destruction are as follows:
- Procedure for destruction - The information keyboarded by the User is transferred to a separate database (“DB”) (paper document is transferred to a separate document box), and destroyed upon expiration of period specified pursuant to the Relevant Laws and this Policy (See the table in Article 2) (or immediately upon the User’s request for destruction). In such case, the personal information transferred to DB will not be used for any other purpose, except as required by law.
- Deadline for destruction - When the period of retaining personal information has elapsed, the User’s personal information will be destroyed within 5 days after the end of the retention period, and if the personal information becomes unnecessary due to the achievement of the purpose of processing personal information or the termination of business, the personal information will be destroyed within 5 days after the processing of personal information is deemed unnecessary.
- Method for destruction - Information in a format of electronic file will be destroyed using a technical method that cannot reproduce records. Personal information printed on paper is shredded using a shredder or destroyed by incineration.
Article 7. Measures to ensure the safety of personal information
The Service Provider take technical/administrative/physical measures necessary for ensuring safety under Article 29 of the Personal Information Protection Act as follows:
- Minimization and training of employees handling personal information - We are taking measures for managing personal information, designating employees who handle personal information, and minimizing and limiting them only to the staff in charge.
- Establishment and implementation of internal control plan - We have established and are implementing internal control plan for safe processing of personal information.
- Encryption of personal information - The User’s personal information is encrypted, stored and controlled, and an additional security function is applied to the critical data, such as encrypting files and transmitted data or using file lock function.
- Technical measures against hacking, etc.- The Service Provider installs security programs in order to prevent hacking or computer viruses from leaking and damaging the personal information, updates and inspects the programs on a regular basis, installs systems in areas where access is restricted from the outside, monitors and blocks them technically and physically.
- Restrictions on access to personal information - We take necessary measures to control access to personal information by granting, changing and cancelling one’s authority to access the DB that processes personal information, and use firewall system to control unauthorized access from the outside.
- Use of locks for document security - Documents and auxiliary storage devices containing personal information are stored in a safe place with locks.
- Access control for unauthorized persons - We have a separate physical storage place where personal information is stored, and establish and operate our own access control procedures.
Article 8. Remedies for infringement on rights and interest
If a User deems that his/her personal information has been infringed, and wishes to express concerns related thereto and obtain appropriate remedies, the User may contact the privacy officer of the Service Provider (See Article 9 below) to seek a solution and/or apply for dispute settlement and related counseling to the following agencies:
※Personal Information Dispute Mediation Committee: www.kopico.go.kr, 1833-6972
※Personal Information Infringement Report Center: privacy.kisa.or.kr, 118 (without local number)
※Cyber Investigation Department, Scientific Investigation division, Supreme Prosecutors’ Office:
cybercide.spo.go.kr, 1301 without local number
※Cyber Safety Bureau, National Police Agency: cyberbureau.police.go.kr, 182 without local number
Article 9. Privacy Officer and Privacy Staff
The Service Provider designates the relevant department and a privacy officer in order to protect the User’s personal information and handle complaints related to personal information as follows:
- Privacy officer
- Full name: Lee Seong Ho
- Position/department: CEO
- Tel.: 02-515-5456
- Email: firstname.lastname@example.org
- Privacy staff
- Department: Information Strategy Team
- Scope of work: receipt/processing of request for access to personal information and complains related to personal information protection, and other related matters related to personal information protection
- Full name: Kim Taeho
- Tel.: 02-515-5456
- Email: email@example.com
Article 10. Amendment to this Policy
This Policy becomes effective from the enforcement date(below), and any amendment to, addition to, deletion and correction of the Relevant Laws and this Policy will be posted on our website at least 7 days prior to the enforcement of such amendment. However, the critical amendment to the User’s right will be publicly notified at least 30 days in advance.
*This Policy will be enforced from December 1, 2021, and remain effective unless otherwise notified or announced by the Service Providers later.
The following is attached and used only to the hard copy version when entering into the License Agreement.
* By checking the box next to “I agree” below, I, a User, hereby confirms that I am well-informed of and agree with all provisions of this Policy.