Countec Co., Ltd. (hereinafter the Company) regards your personal information as important and abides by the Act on Promotion of Information and Communication Network Use and Information Protection.
The Company will disclose the personal information provided through the Personal Information Protection Policy to the purpose and manner in which the personal information provided by the customer is used and what measures are being taken to protect personal information.
■ Personal information items to collect
The company collects the following personal information for counseling, service application and so on.
Collected items: name, e-mail, job, company name, department, job title, service history, access log, access IP information
How to collect personal information: Written form
■ Collection and use of personal information
The Company uses the collected personal information for the following purposes.
Providing contents according to contract execution and service provision
■ Retention and use period of personal information
Once the purpose of collecting and using personal information has been achieved, the Company will immediately terminate the information without exception.
■ Procedures and methods of destroying personal information
In principle, after the purpose of collecting and using personal information is achieved, the company will immediately destroy the information. The method of destruction is as follows.
How to destroy
- Personal information stored in an electronic file is deleted using a technical method that cannot play the record.
■ Providing personal information
In principle, the Company does not provide the users personal information to the outside. However, except as follows.
- When users have agreed in advance
- In accordance with the provisions of laws and regulations or for the purpose of investigation, if there is a request from the investigating agency in accordance with procedures and methods prescribed in the Act.
What is EU GDPR?
European Union General Privacy Protection Act General Data Protection Regulation
In May 2016, the European Union (EU) announced that the General Data Protection Regulation, which provides for the free movement of personal information between EU member states in a single digital market, GDPR will replace the Data Protection Directive 95/46 / EC (hereinafter referred to as the "Directive") in 1995, when the GDPR introduced the EUs privacy standard It applies.
Purpose of GDPR
GDPR was created to ensure the right to privacy of natural persons (Article 1, Paragraph 2) and at the same time to ensure the free movement of personal information within the EU (Article 1, para. 3). In the existing Directive, the legislation on personal information protection differs among the member countries, and various problems have occurred in the related activities. Therefore, the enactment of the legally binding GDPR, rather than the directive, has made it possible to regulate the protection of personal information more intensely and uniformly. However, some regulations have the possibility to delegate legislation to the member countries to decide for themselves.
GDPR Principles of Personal Information Processing
1. Lawfulness, fairness and transparency (Lawfulness, fairness and transparency)
2. Purpose limitation
3. Minimization of personal information processing (Data minimization)
5. Storage limitation principle
6. Integrity and confidentiality.
The legality of processing personal information
Personal information should not be processed as needed, but only by legal grounds. Article 6 (1) of GDPR shows the six justification rules. Therefore, before processing your personal information, you should first check which basis you are processing, and the purpose of processing should be determined by the relevant grounds.
Rights of information entities
The GDPR specifies various rights of information entities. In particular, we have strengthened the rights of information entities over existing directives by stating their rights, such as the right to delete ("right to forget"), the right to privacy, and the option for automated processing including profiling. Since the GDPR stipulates the actions that the controller should take in relation to each right of the information subject, the company should identify the contents and prepare the methods and procedures to ensure the rights of the information subject to the level required by the GDPR.
GDPR Physical & Geographic Coverage
GDPR is not only a company with a place in the EU, but also a company that does not have a place in the EU, but who provides goods or services to a resident who is an information agent in the EU or who monitors the behavior of residents in the EU It is also subject to application.
In the event of a violation of the GDPR regulations, companies shall be liable for damages to the subject of the damage caused by the violation, and penalties shall be imposed for violations. In particular, if it is determined that there is a serious violation, we levy a penalty amounting to 4% of the worldwide annual sales of the previous fiscal year or EUR 20 million. Violations that do not qualify as penalties in the GDPR will be sanctioned by the penalties stipulated in each member country.