EQ4ALL Co., Ltd. (hereinafter referred to as the “Company”) establishes and discloses the following Privacy Policy in accordance with the Personal Information Protection Act in order to protect users’ personal information and rights, and to smoothly handle any complaints related to personal information.
If the Company revises this Privacy Policy, it will provide notice through website announcements (or individual notices).
Article 1 (Purpose of Processing Personal Information, Items Collected, and Retention and Use Period)
โ The Company processes personal information of data subjects who use its website, mobile applications, and all services operated by the Company as follows. Personal information shall not be used for purposes other than those stated below. If the purpose of use is changed, the Company will take necessary measures, such as obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.
- 1. Category: Upon membership registration
- 2. Purpose of Processing: Verification of intent to register as a member, maintenance and management of membership status, and provision of services
- 3. Mandatory Information Collected: Company name, email address, name, password
- 4. Retention and Use Period: Until membership withdrawal
โก During the service use process, the following information may be automatically generated and collected.
1. Access logs, IP address, cookies, service usage records, etc.
โข If it is necessary to retain personal information pursuant to applicable laws and regulations, the Company retains such information for the period specified by the relevant laws as follows.
1. Records related to contracts or withdrawal of subscription
• Legal basis: Act on Consumer Protection in Electronic Commerce
• Retention period: 5 years
2. Records related to payment and supply of goods or services
• Legal basis: Act on Consumer Protection in Electronic Commerce
• Retention period: 5 years
3. Records related to consumer complaints or dispute resolution
• Legal basis: Act on Consumer Protection in Electronic Commerce
• Retention period: 3 years
4. Records related to display and advertisement
• Legal basis: Act on Consumer Protection in Electronic Commerce
• Retention period: 6 months
5. Records related to visits
• Legal basis: Protection of Communications Secrets Act
• Retention period: 3 months
Article 2 (Provision of Personal Information to Third Parties)
The Company processes personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information, Items Collected, and Retention and Use Period), and provides personal information to third parties only in cases falling under Articles 17 and 18 of the Personal Information Protection Act, such as with the data subject’s consent or when required by special provisions of law.
โ When separate consent has been obtained from the data subject
โก When required by special provisions of law or unavoidable for compliance with legal obligations
โข When prior consent cannot be obtained due to the data subject or legal guardian being unable to express intent or due to unknown address, and when it is clearly necessary to protect the urgent life, body, or property interests of the data subject or a third party
โฃ When necessary for statistics compilation or academic research purposes in a form that does not allow identification of a specific individual
โค When use for purposes other than the original purpose or provision to a third party is unavoidable to perform duties prescribed by other laws, and approval has been obtained from the Personal Information Protection Commission
โฅ When necessary to implement treaties or international agreements with foreign governments or international organizations
โฆ When necessary for criminal investigations and prosecution
โง When necessary for court proceedings
โจ When necessary for execution of punishment, correctional measures, or protective dispositions
Article 3 (Procedures and Methods for Destruction of Personal Information)
โ The Company destroys personal information without delay when it becomes unnecessary due to expiration of the retention period or achievement of the processing purpose.
โก If personal information must be retained in accordance with other laws despite the expiration of the retention period or achievement of the processing purpose, such information will be transferred to a separate database (DB) or stored in a different location.
โข Procedures and methods for destruction of personal information are as follows.
1. Destruction Procedure
The Company selects personal information subject to destruction and destroys it after obtaining approval from the Company’s Personal Information Protection Officer.
2. Destruction Method
Personal information stored in electronic file format is destroyed in a manner that prevents recovery, and personal information recorded on paper documents is destroyed by shredding or incineration.
Article 4 (Rights and Obligations of Data Subjects and Legal Representatives and Methods of Exercising Rights)
โ Data subjects may exercise the following rights related to personal information protection at any time.
1. Request for access to personal information
2. Request for correction in case of errors
3. Request for deletion
4. Request for suspension of processing
โก Rights may be exercised in writing, by email, or by facsimile (FAX) pursuant to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
โข Rights may also be exercised through a legal representative or an authorized agent. In such cases, a power of attorney in accordance with Form No. 11 of the “Public Notice on Personal Information Processing Methods (No. 2020-7)” must be submitted.
โฃ Requests for access to or suspension of processing may be restricted pursuant to Article 35(4) and Article 37(2) of the Personal Information Protection Act.
โค Requests for correction or deletion cannot be made if the personal information is explicitly required to be collected under other laws.
โฅ The Company verifies whether the person making the request is the data subject or a duly authorized representative.
Article 5 (Measures to Ensure the Security of Personal Information)
The Company implements the following measures to ensure the security of personal information
โ Regular Internal Audits
Regular internal audits (once per quarter) are conducted to ensure the stability of personal information handling.
โก Minimization and Training of Personnel Handling Personal Information
Only designated personnel are allowed to handle personal information, and access is minimized and managed accordingly.
โข Establishment and Implementation of Internal Management Plans
Internal management plans are established and implemented to ensure secure processing of personal information.
โฃ Technical Measures Against Hacking
Security programs are installed and regularly updated and inspected to prevent leakage or damage caused by hacking or computer viruses. Systems are installed in access-controlled areas and monitored and blocked through technical and physical measures.
โค Encryption of Personal Information
Passwords are stored and managed in encrypted form. Important data is protected through encryption of files and transmitted data or through file-locking and other security measures.
โฅ Storage and Prevention of Forgery or Alteration of Access Records
1. Access records to personal information processing systems are stored and managed for at least one year. If personal information of 50,000 or more data subjects, unique identification information, or sensitive information is processed, records are stored for at least two years.
2. Security measures are implemented to prevent forgery, alteration, theft, or loss of access records.
โฆ Restriction of Access to Personal Information
Access control measures are implemented through granting, changing, and revoking access rights to database systems, and intrusion prevention systems are used to block unauthorized external access.
โง Use of Locking Devices for Document Security
Documents and storage media containing personal information are stored in secure locations equipped with locking devices.
โจ Access Control for Unauthorized Persons
Physical storage locations for personal information are separately designated, and access control procedures are established and operated.
Article 6 (Installation, Operation, and Refusal of Automatic Personal Information Collection Devices)
โ The Company uses cookies to store and retrieve usage information in order to provide customized services to users.
โก Cookies are small pieces of information sent by the server (HTTP) operating the website to the user’s browser and may be stored on the user’s computer hard drive.
1. Purpose of Cookies: Cookies are used to analyze visit and usage patterns of services and websites, popular search terms, and secure access status, in order to provide optimized information to users.
2. Installation, Operation, and Refusal of Cookies : Users may refuse the storage of cookies by configuring settings in their web browser.
- Chrome :
[Settings > Advanced > Privacy and Security > Content Settings > Cookies]
- Microsoft Edge :
[Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data]
3. If cookie storage is refused, customized services may be difficult to use.
Article 7 (Criteria for Additional Use or Provision Without Consent)
When personal information is additionally used or provided without the data subject’s consent, the following criteria are considered.
โ Whether it is related to the original purpose of collection
โก Whether additional use or provision is predictable based on the circumstances of collection or processing practices
โข Whether it unfairly infringes upon the interests of the data subject
โฃ Whether necessary security measures such as pseudonymization or encryption have been taken
Article 8 (Personal Information Protection Officer and Department Handling Access Requests)
โ The Company designates a Personal Information Protection Officer to oversee personal information processing and to handle complaints and remedies related to personal information as follows.
โก Data subjects may contact the Personal Information Protection Officer or the responsible department regarding any inquiries, complaints, or remedies related to personal information protection arising from the use of the Company’s services. The Company will respond and process such inquiries without delay.
โข Data subjects may request access to personal information pursuant to Article 35 of the Personal Information Protection Act through the department below, and the Company will make efforts to process such requests promptly.
- Personal Information Protection Officer
Name: Soon-Young Kwon
Title: Director
Tel: +82 02-6207-7898 - Personal Information Protection Department
Department: Management Support Office
Tel: +82 02-6207-7898
Email : sykwon@eq4all.co.kr
Article 9 (Remedies for Infringement of Rights)
Data subjects may apply for dispute resolution or consultation regarding personal information infringement to the following organizations
โ Personal Information Dispute Mediation Committee
Website : www.kopico.go.kr
Tel: +82 1833-6972
โก Personal Information Infringement Report Center (KISA)
Website : privacy.kisa.or.kr
Tel: +82 118
โข Supreme Prosecutors’ Office
Website : www.spo.go.kr
Tel: +82 1301
โฃ National Police Agency
Website : ecrm.cyber.go.kr
Tel: +82 182
Article 10 (Changes to the Privacy Policy)
This Privacy Policy shall take effect on January 1, 2024.
