Personal Information Handling Guidelines
The following are Personal Information Protection Guidelines set by Rainbow Robotics (hereinafter “company”) to protect data providers’ personal information and seamlessly, promptly deal with relevant complaints or problems per the Personal Information Protection Act, Article 30.
Article 1 (Purpose of using personal information)
The company uses personal information for the following purposes and shall not use personal information retained by the company for a purpose other than what is specified as follows. Where there is a change in the purpose of how personal information is used, the company will take relevant measures such as obtaining data providers’ separate consent per the Personal Information Protection Act, Article 18. .
-
1. Membership subscription management
Ascertaining data providers’ intention on membership subscription, identification related to service for members, maintaining or managing membership, preventing illicit or unauthorized use of service, giving relevant notices, etc.
-
2. Responding to members’ complaints/problems
Identifying members, checking the contents of complaints or problems, communicating for a fact-finding process, notification of results of usage, etc.
-
3.Service provision
Providing contents and identifying members
-
4.Marketing and advertisement
Developing new services (or goods) and providing customized services; providing special event-related or promotional information; providing opportunities for participation; checking validity of services, frequency of connection or statistics concerning members’ use of services
Article 2 (Period of using/retaining personal information)
-
① ① The company shall use & retain personal information within the period to which data providers consented at the time of its collection or per the law or regulation concerned.
-
②The period of using/retaining personal information shall be as follows.
Items to retain |
Basis of operation |
Period for keeping/using |
Personal information related to membership subscription & management |
Data subject’s consent |
3 years |
Information on users asking for access to personal information, etc. |
Personal Information Protection Act, Articles 35 through 39 |
3 years |
Inquiry-related personal information |
Data subject’s consent |
1 year |
Records about visits for services |
Protection of Communications Secrets Act |
1 year |
Article 3 (Provision of personal information to third parties) N/a
Article 4 (Entrustment of personal information protection) N/a
Article 5 (Rights & obligations of data providers and their legal representative; the exercise thereof)
-
① ①Data subjects may at any time exercise their right to ask the company for access to, correction or deletion of, or suspension of the use of their personal information retained by the company.
-
②The exercise of the rights stated in the foregoing ① may be done in writing (including email) or by fax per Article 41(1), Enforcement Decree of the Personal Information Protection Act. Accordingly, the company shall comply with it with urgency.
-
③The exercise of the rights stated in the foregoing ① may be done through a data subject’s legal representative or one entrusted by a data subject. In this case, the data subject shall submit a power of attorney, using the form stipulated in the Notice on Personal Information Use (No. 2020-7) Schedule 11.
-
④Data subjects’ right to ask the company for access to or our suspension of the use of their personal information retained by the company may be limited per the Personal Information Protection Act, Article 35(4) or Article 37(2).
-
⑤Where another law stipulates the need for the collection of relevant personal information, a data subject shall not ask the company for a correction or deletion of his/her personal information retained by the company.
-
⑥ ⑥If and when a data subject asks the company for access to, correction or deletion of, or our suspension of the use of his/her personal information retained by us, the company shall check his/her identity with oneself or an authorized agent.
Article 6 (Drawing up of personal information items to be used)
-
1.Concerning inquiries on hiring, purchasing, goods, etc.
Information such as name, email, etc.
-
2.The following personal information items may be automatically created and collected by the company in the process of data providers’ using internet service
IP address, cookies, MAC address, service use-related records, visits-related records, records on dishonest use of service, etc.
Article 7 (Destruction of personal information)
-
①The company shall destroy data providers’ personal information immediately when it has become unnecessary due to the lapse of the set period of retaining personal information or the attainment of the purpose for its processing for use.
-
②The company destroys personal information as follows:
1.Procedure
The company selects personal information that should be destroyed, obtain the Personal Information Manager’s approval, and proceed with the destruction.
2. Method
Electronic files containing personal information are destroyed in a non-recoverable way. Paper printouts containing personal information are destroyed with a shredder or in an incinerator.
Article 8 (Securing safety of personal information)
The company shall take the following measures to secure the safety of personal information retained by the company:
-
1.Administrative measures: minimize the number of employees accessing personal information, hold training sessions for them, and carry out internal management plans
-
2.Technical measures: Devise countermeasures against hacking, etc., encode personal information, restrict unauthorized access to personal information, use a lock for a cabinet when personal information is retained
Article 9 (Operation of a device for automatic collection of personal information; matters concerning refusal of such a device)
-
①The company uses cookies to store personal information and fetch it as needed to provide customized service to individual users.
-
② ② Cookies refers to a small amount of information sent by the server (http) used in operation of a website to user’s computer browser. They are often stored in the hard disk of users’ PC.
-
A.Purpose of using cookies: Cookies are used to provide optimized information to users by ascertaining the following: types of visits or uses of services or websites visited by users, popular search words, whether secured connection was used, etc.
-
B. Operation of cookies or refusal of their use: You may refuse storing & installing cookies on your PC with the following steps: “Tools” at the top of web browser > Internet option > Setting an option in personal information menu.
-
C.Your refusal of installing & storing cookies on your PC may lead to a difficulty in your use of customized service.
Article 10 (Personal Information Manager)
-
①The company designates the Personal Information Manager, etc. as follows to handle data providers’ complaints on the use and retention of personal information and their inquiries, and get redress for damages incurred.
▶ Personal Information Manager
Name: Lee Jeong-ho (President)
▶ Department in charge of personal information protection
Department: Marketing Team
Employee in charge: Kim Yourim
☎: +82-42-719-8104, Fax: +82-42-719-8071, Email: yr.kim@rainbow-robotics.com
-
①Data subjects may contact the above manager or department concerned for inquiries on personal information protection, complaints or getting redress for damages incurred. The company is ready to respond to your inquiries immediately.
Article 11 (Asking for access to personal information)
Data subjects may contact the following department or employee to ask for access to their personal information retained by the company per the Personal Information Protection Act, Article 35. Accordingly, the company will do our utmost to process such a request promptly.
► Department in charge of access to personal information
Department : Marketing Team
Employee in charge: Kim Yourim
☎: +82-42-719-8104, Fax: +82-42-719-8071, Email: yr.kim@rainbow-robotics.com
Article 12 (How to get redress concerning an infringement of your rights or interest)
To get redress concerning infringement of their personal information, data providers may contact The "Personal Information Dispute Mediation Committee" (“PIDMC” or “Pico") or the Korea Computer Emergency Response Team Coordination Center (KrCERT/CC). They may also contact the following agencies to report their incident of personal information infringement or relevant consultation.
-
1.The "Personal Information Dispute Mediation Committee" (“PIDMC” or “Pico"): ☎+82-1833-6972 or www.kopico.go.kr
-
2.The Personal Information Infringement Reporting Center (operated by KISA): ☎+82-118 or privacy.kisa.or.kr
-
3.The Internet Crime Investigation Center of the Supreme Prosecutors' Office: ☎+82-1301 or www.spo.go.kr
-
4.The Cyber Bureau of the National Police Agency: ☎+82-182 or ecrm.cyber.go.kr
A person who has had his right or interest infringed due to an act or omission performed by the head of a public institution concerning his request made under the Personal Information Protection Act, Article 35 (Access to Personal Information), Article 36 (Rectification or Erasure of Personal Information), and Article 37 (Suspension of Processing of Personal Information) may ask for administrative adjudication Under the Administrative Appeals Act.
※ For details concerning administrative adjudication, please visit the homepage of the Central Administrative Appeals Commission (www.simpan.go.kr).
Article 13 (Change in Personal Information Protection Guidelines)
-
① These guidelines shall come into force on February 10, 2023.