Grapsil Co., Ltd. (hereafter referred to as the “Company”) values the privacy of its customers and complies with the “Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.” The Company informs you through its Privacy Policy about the purposes and methods of how the personal data you provide is being used, and what measures are taken to protect your privacy. Any modification to the Privacy Policy will be announced on the website or by individual notice.
◦ Privacy Policy is announced on: December 1, 2021 ◦ This policy will take effect on [December 1, 2021].
Consent to Collection of Personal Data The Company provides a procedure where you can click the “Agree” or “Disagree” button regarding the Company’s Privacy Policy and Terms of Service, and by clicking the “Agree” button, you acknowledge and agree to the collection of personal data.
Protection of Children’s Personal Data ◦ The Company requires the consent of legal guardians when collecting personal data of children under the age of 14. ◦ Legal guardians of children under the age of 14 may request to view, edit, or withdraw consent for their child’s personal data, and the Company will take necessary measures without delay upon such request.
Categories of Personal Data Collected The Company collects the following personal data for membership registration, consultation, service application, etc. ◦ Collected Items: Name, date of birth, gender, login ID, password, home phone number, home address, mobile phone number, email address, occupation, marital status, resident registration number, user activity records, access log, cookies, access IP address, and payment records ◦ Method of Collection: Website (membership registration, bulletin boards, etc.), delivery requests
Purposes of Collection and Use of Personal Data The Company uses the collected personal data for the following purposes: ◦ To fulfill an agreement to provide services and settle the bill for services provided : To deliver content, make purchases and payments, deliver products, or issue invoices ◦ To manage members : To verify identity for use of membership services, proceed with personal identification, prevent wrongful use by fraudulent members and unauthorized access, confirm intention to join membership, verify age, verify parental consent from legal guardians for the collection of personal data of minors under 14, handle complaints and redress grievances, and deliver notices Confirmation, handling complaints such as handling complaints, and delivering notices ◦ To use for marketing and advertising purposes : To deliver event and promotional information, track access frequency, and create statistics on member activities However, the Company does not collect sensitive personal data that may infringe upon users’ fundamental human rights (race and ethnicity, ideology and principles, place of origin and domicile, political orientation and criminal record, health status and sex life, etc.).
Period of Retention and Use of Personal Data ◦ Your personal data is destroyed once the purpose of its collection or the purpose provided is fulfilled. - For membership information, when withdrawing membership or being expelled as a member - For payment information, when the payment is made or the statute of limitations for claims expires - For delivery information, when the goods or services have been delivered or provided (However, exceptions apply if personal data needs to be preserved according to the provisions of applicable laws and regulations, such as the Commercial Act.) ◦ Should it be necessary to retain your data beyond the specified retention period, we will request your consent again.
Procedures and Methods of Destruction of Personal Data The Company destroys data without delay after the purpose of collecting and using personal data is met. The destruction procedure and method are as follows: ◦ Destruction Procedure Data entered by members for membership registration, etc., is transferred to a separate database after the purpose is met (paper documents are transferred to a separate file cabinet) and destroyed after being stored for a certain period under internal policies and other relevant laws and regulations (refer to the period of retention and use). At this time, personal data transferred to the database is not used for any purpose other than those prescribed under the applicable laws and regulations. ◦ Destruction Method - Personal data stored in electronic file format is deleted using technical means designed to render the records irretrievable.
Provision of Personal Data In general, the Company does not provide users’ personal data to external parties. However, exceptions may apply in the following circumstances: - Where users have given prior consent - Where it is required under the applicable laws and regulations or demanded by an investigatory authority according to the procedure and method prescribed under the laws and regulations
Outsourcing of Collected Personal Data The Company may outsource the processing of your personal data to external parties for the improvement of services. ◦ If personal data is to be outsourced for processing, we will inform you in advance. ◦ If personal data is to be outsourced for processing, we will clearly define the service provider’s compliance with instructions related to personal data protection, confidentiality of personal data, prohibition of third party disclosure, and liability in the event of accidents through the outsourcing agreement, and keep the terms and conditions of the agreement in writing or in electronic format. We will keep the contract in writing or electronically. - Third-party processor: [Name of the courier company] - Outsourcing services provided: [Outsourcing services provided by the courier company] e.g., shipping - Third-party processor: [Name of the PG company] - Outsourcing services provided: [Outsourcing services provided by the PG company] e.g., purchase and payment processing
Rights of Users and Legal Guardians and How to Exercise Them Users have the right to access or modify their registered personal data and to request termination of their membership at any time. To access or modify personal data, users must click on “Edit Personal Information” (or “Edit Member Information”), and to withdraw consent for termination, click on “Terminate Membership” to undergo a verification process, before they are allowed to access or modify their personal data or terminate their membership account. Alternatively, you may contact the privacy officer in writing, by telephone, or via email, and we will promptly take action. If you request correction of any errors in your personal data, the Company will not use or provide such data until the correction is completely carried out. In addition, in the event where incorrect personal data has already been provided to a third party, the Company will notify the third party of the corrections without delay to ensure that the correction is carried out. The Company processes any personal data terminated or deleted at the user’s request according to the details specified under “Period of Retention and Use of Personal Data” and ensures that such data is not viewed or used for any other purposes.
Technical Measures for Personal Data Protection The Company has the following technical measures in place to ensure the safety while processing your personal data and prevent it from being lost, stolen, leaked, altered or damaged. ◦ Your personal data is protected by passwords, and important data is protected by separate security features, such as encrypting files and transmission data or using file locking features. ◦ The Company uses antivirus software to prevent damage caused by computer viruses. The antivirus software is regularly updated, and in the event of a sudden virus outbreak, updates are applied immediately to prevent personal data from being compromised. ◦ The Company adopts security protocols (SSL or SET) that use encryption algorithms to safely transmit personal data over the network. ◦ To prevent your personal data from being leaked by hacking or other means, security measures are in place to block external intrusions, and intrusion detection systems are installed on each server to monitor intrusions 24/7.
Details on the Installation, Operation, and Rejection of Automatic Personal Data Collection Devices The Company uses “cookies” and other similar technologies which store and find your data on an ongoing basis. Cookies are very small text files that are sent to your browser by the server used to run the website of oo and are stored on your computer’s hard disk. The Company uses cookies for the following purposes: ◦ Purposes of using cookies - To analyze access frequency or visit duration of members and non-members, identify users’ preferences and areas of interest, track user behavior, and provide targeted marketing and personalized services based on participation in various events and number of visits. You have the option to manage the installation of cookies. Therefore, you have the right to allow all cookies, require confirmation each time a cookie is stored, or reject the storage of all cookies by setting options in your web browser. ◦ How to reject cookie settings e.g.: You can choose the option in your web browser to allow all cookies, enable confirmation each time a cookie is saved, or refuse all cookies from being saved. How to change settings (for Internet Explorer): Tools at the top of the web browser > Internet Options > Privacy However, if you refuse to install cookies, you may experience difficulties using our services.
Complaint Service for Personal Data The Company has designated a department and a privacy officer as follows to protect the personal data of its customers and handle complaints related to personal data: Privacy officer: Huh Hoon Phone: +82-41-415-0271 Email: huhoon@grapsil.com You are entitled to report any privacy issues you encounter while using our services to our privacy officer or the designated department. The Company will provide rapid and satisfactory answers for all inquiries and reports filed by users. For any concerns or reports related to personal data breaches, please contact the following institutions: 1. Personal Information Dispute Mediation Committee (www.1336.or.kr/ or +82-1336) 2. Information Protection Mark Certification Committee (www.eprivacy.or.kr/ or +82-2-580-0533~4) 3. Internet Crime Investigation Division of the Supreme Prosecutors’ Office (http://icic.sppo.go.kr/ or +82-2-3480-3600) 4. Cyber Terror Response Center of the National Police Agency (www.ctrc.go.kr/ or +82-2-392-0330)