'Korean Powder Metallurgy' (hereinafter referred to as the 'Company') regards the protection of user's personal information as very important and complies with the personal
information protection regulations in the 'Act on Promotion of Information and Communications Network Utilization and Information Protection' and the 'Personal Information
Protection Guidelines' established by the Ministry of Information and Communication. The Company will inform you about how the personal information provided by users is
used for what purposes and in what manner, and what measures are taken to protect personal information. The Company's personal information handling policy may be
changed in accordance with changes in government laws and guidelines, the Company's terms and internal policies, and if any changes occur, the Company will immediately
post them on the website.
Items of Personal Information Collected and Collection Methods
Purpose of Collecting and Using Personal Information
Retention and Use Period of Personal Information
Procedure and Method of Personal Information Destruction
Outsourcing of Collected Personal Information
Provision of Personal Information to Third Parties
Rights of Users and Legal Representatives and How to Exercise Them
Other Personal Information Handling Policies
Contact Information for Personal Information Management and Customer Service Departments, etc.
Items of Personal Information Collected and Collection Methods
▶ Items of Personal Information Collected The Company collects the following personal information from users when using the service:
Mandatory Items of Personal Information: ① Name, email address, phone number/cell phone number Additionally, the following information may be generated and collected
during the service use process or business process:
Service usage records, access logs
▶ Collection Methods of Personal Information
Personal information is collected through processes such as the customer center on the website and job inquiries.
Collection through generated information collection tools
The Company allows users to choose "agree" or "disagree" for each content of the Company's personal information collection and use agreement.
Purpose of Collecting and Using Personal Information The Company uses the collected personal information for the following purposes:
Provision of services
Verification of personal identity and personal identification based on service use
Handling complaints and delivering notifications
Retention and Use Period of Personal Information In principle, the Company will promptly destroy the information after the purpose of collecting and using personal information
is achieved. However, if there is a need to retain member information in accordance with the relevant laws and regulations, the Company will retain the member information for a certain period as specified by the relevant laws and regulations. In this case, the Company will store the personal information separately in a separate database (DB) or in a
different storage location in accordance with the relevant laws and regulations.
Retention and Use Period of Personal Information
Item to be Retained, Retention Period, Legal Basis
Records of handling consumer complaints or disputes: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
Records of display/advertisement: 6 months (Act on Consumer Protection in Electronic Commerce, etc.)
Records of user access logs, etc.: 6 months (Protection of Communications Secrets Act)
Procedure and Method of Personal Information Destruction The Company generally destroys personal information without delay after the purpose of collecting and using
personal information is achieved. The procedures and methods for destruction are as follows:
▶ Destruction Procedure Personal information entered by users is transferred to a separate DB (in the case of paper, a separate document box) after the purpose is achieved,
and it is stored and managed for a certain period in accordance with internal policies and other related laws and regulations (see the retention and use period).
After the retention period, personal information is destroyed.
Personal information transferred to a separate DB will not be used for any purpose other than the retention required by law.
▶ Destruction Method Personal information stored in electronic file format is deleted using technical methods that cannot reproduce the record. Personal information printed
on paper is destroyed by shredding or incineration.
Provision of Personal Information to Third Parties The Company does not generally provide user's personal information to external parties. However, the following cases are
When there is a request from an investigative agency in accordance with the procedures and methods prescribed by law for the purpose of investigation,
in accordance with the law
When it is necessary for settlement of charges for paid services
When providing statistics, academic research, or market research in a form that cannot identify specific individuals
When users have given prior consent
Rights of Users and How to Exercise Them Users and legal representatives can request access, correction/deletion, suspension of processing, and withdrawal of consent for personal information related to registered users themselves or those under 14 years of age at any time.
In the following cases, the Company may refuse to access, correct, or delete personal information in whole or in part in accordance with the law:
When access is prohibited or restricted by law
When there is a risk of harming someone else's life or body or causing unjust damage to someone else's property and other benefits
If a user requests correction of an error in personal information, the Company will not use or provide the personal information until the correction is completed. In addition,
if incorrect personal information has already been provided to a third party, the Company will immediately notify the third party of the correction results without delay.
The Company manages personal information that has been deleted or suspended processing at the request of the user or legal representative in accordance with the retention
and use period specified in "3. Retention and Use Period of Personal Information." Users are requested to enter personal information accurately and keep it up to date.
Users have the right to protect personal information and have an obligation not to infringe on the information of others. Please be cautious to prevent leakage of your personal
information, including your password, and do not damage the personal information of others, such as by posting it. If you do not fulfill this responsibility and infringe on the
information and dignity of others, you may be subject to punishment under the "Act on Promotion of Information and Communications Network Utilization and Information
Other Personal Information Handling Policies ▶ Technical and Managerial Measures for Personal Information Protection The Company strives to secure safety to prevent
personal information from being lost, stolen, leaked, altered, or damaged in handling personal information. The following technical and managerial measures are taken:
Establishment and Implementation of Internal Management Plan The Company establishes and implements an internal management plan to ensure the safe processing of
Access Control Device Installation and Operation The Company controls unauthorized access from outside by using an intrusion prevention system and takes every possible
technical device to secure safety, such as using encryption of files and locking functions (Lock) to store and manage important data.
Measures to Prevent Forgery, Alteration, and Theft of Access Records The Company stores and manages records of access to personal information processing systems and records of access to personal information for a minimum of six months, and uses security functions to prevent access records from being forged, altered, or stolen.
Encryption of Personal Information The user's personal information is protected by a password, and files and transmission data are encrypted or stored and managed using a file
locking function (Lock). Important data is also protected using security functions.
Measures to Prevent Hacking and Other External Intrusions The Company is making efforts to prevent damage caused by computer viruses by using anti-virus programs and
regularly updating them. The anti-Virus program is updated regularly, and if a sudden virus appears, it is provided as soon as the virus is released to prevent personal
information from being compromised. The Company adopts security devices (SSL) that can securely transmit personal information on the network using encryption algorithms.
The Company has implemented intrusion prevention systems and vulnerability analysis systems for each server to be fully prepared for external attacks such as hacking.
Personal information is stored separately from general data and is stored and managed through a separate server. Access to the personal information of the administrator is
restricted to a minimum, and regular internal and external training on compliance with personal information protection policies and responsibilities is conducted.
The transfer of responsibilities of the personal information handling manager is carried out strictly in a secure state, and clear responsibility for personal information
accidents is ensured before and after joining and leaving the company. Special protected areas such as computer rooms and data storage rooms are established and controlled
to prevent access.
▶ Policy on Providing Links to Other Sites The Company may provide links to other companies' websites or data to users, and in this case, the Company has no control over
the websites, data, products, and services of third parties, so the Company cannot be responsible or guarantee the usefulness of products, and services or data. If you click
the new site to avoid misunderstandings.
▶ Policy on Operating Posts The Company values users' posts and does its best to protect them from alteration, damage, or deletion. However, there are exceptions
in the following cases:
Posts that disseminate false facts for the purpose of defaming others' honor
Posts disclosing the personal information of others without consent
Posts that infringe on the rights of the Company or third parties, including intellectual property rights
Posts with content unrelated to the board topic The Company may edit or modify specific parts of personal information disclosure without the user's consent when disclosing
the personal information of others without the user's consent for the purpose of protecting the individual's personal information. In cases where the content can be moved to
a board with a different topic, the Company will specify the move path in the relevant post to prevent misunderstandings.
In other cases, after giving explicit or individual warning, the Company may take measures such as deletion. In principle, the rights and responsibilities regarding posts belong
to the writer. Also, information voluntarily disclosed through posts is difficult to protect, so please consider carefully before disclosing information.
▶ Policy on Rejecting Unauthorized Collection of Email The Company refuses to collect email addresses posted without consent through email collection programs or other
technical devices. Violation of this may result in punishment under the "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc."
▶ Policy on Sending Commercial Information The Company does not send commercial information for profit purposes contrary to the user's explicit refusal of receipt.
If users have given consent to receive emails for product information, newsletters, etc., the Company will take the following measures to easily identify the user in the email
subject and body:
The subject of the email may not contain the phrase "advertisement," and the main content of the email is displayed.
The email body includes the sender's name, email address, and phone number for the user to easily indicate their intention to refuse receipt. In the case of sending commercial
information through media other than email, such as fax or mobile phone text messages, necessary measures will be taken to indicate "advertisement" at the beginning of the
transmission content in accordance with related laws.
Contact Information for Personal Information Management and Customer Service Departments The Company has designated the following department and personal information
management officer to protect personal information and handle complaints related to personal information:
▶ Personal Information Management Officer
Responsible Department: Korean Flour Payments
Personal Information Management Officer: Lee Tae Hyun
▶ Other Agencies Users can report all complaints related to personal information protection that occur while using the Company's services to the personal information
officer or the relevant department. The Company will provide a prompt and sufficient response to users' complaints. If you need to report or consult on other personal
breaches, please contact the following agencies:
Personal Information Breach Report Center (www.118.or.kr / 118)
Cyber Crime Investigation Center of the Prosecutor's Office (www.spo.go.kr / 02-3480-2000)
Cyber Terrorism Response Center of the National Police Agency (www.netan.go.kr/ 1566-0112)
Personal Information Handling (Processing) Policy Version Number: 1.0 Effective Date of Personal Information Handling (Processing) Policy: September 20, 2014