Incheon Total Energy Co., Ltd. (hereinafter referred to as the 'Company') establishes and discloses the following guidelines for the processing of personal information in order to protect the personal information of data subjects in accordance with Article 30 of the Personal Information Protection Act and to promptly and smoothly address related complaints.
Article 1. Purpose of Personal Information Processing
The company processes personal information for the following purposes. The processed personal information will not be used for purposes other than the following, and if the purpose of use is changed, the company must take necessary measures, including obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
1. Website Membership Registration and Management The company processes personal information for confirmation of membership registration intent, self-identification and authentication in accordance with the provision of membership-based services, maintenance and management of membership qualifications, self-verification in accordance with the limited self-confirmation system, prevention of service misuse, confirmation of the consent of legal representatives when processing personal information of children under the age of 14, various notices and notifications, handling of complaints, and other related purposes.
2. Provision of Goods or Services The company processes personal information for product delivery, service provision, sending contracts and invoices, content delivery, customized service provision, self-verification, age verification, fee payment and settlement, debt collection, and other related purposes.
3. Handling of Complaints The company processes personal information for the purposes of verifying the identity of the complainant, confirming the details of the complaint, contacting and notifying for fact-finding, and notifying the results of handling.
Article 2. Processing and Retention Period of Personal Information
① The company processes and retains personal information within the period for which consent was obtained from the data subject or in accordance with the personal information retention and usage period required by laws and regulations.
② Each individual's personal information processing and retention period is as follows:
1. Website Membership Registration and Management: Until withdrawal from the website
However, in cases falling under the following circumstances, until the termination of the respective reasons:
1) In cases where investigations or inquiries are being conducted due to violations of relevant laws, until the conclusion of the investigation or inquiry
2) In cases where there are outstanding financial or contractual obligations resulting from website usage, until the settlement of those financial or contractual obligations
2. Provision of Goods or Services: Until the supply of goods/services is complete and payment/settlement of fees is finalized
However, in cases falling under the following circumstances, until the termination of the respective reasons:
1) Records related to disclosure, advertising, contract terms, and transaction execution under the 'Act on Consumer Protection in Electronic Commerce, etc
- Records related to disclosure and advertising: 6 months
- Records of contracts, withdrawal of subscriptions, payment of fees, and supply of goods, etc.: 5 years
- Records related to consumer complaints or dispute resolution: 3 years
2) Retention of communication data under the 'Act on the Protection of Communication Secrets:
- Computer communications, internet log data, access location tracking data: 3 months
Article 3. Provision of Personal Information to Third Parties
The company processes the personal information of data subjects only within the scope specified in Article 1 (Purpose of Processing Personal Information) and may provide personal information to third parties in accordance with Article 17 of the Personal Information Protection Act, including the consent of the data subject or special regulations under the law.
Article 4. Outsourcing of Personal Information Processin
① The company may outsource personal information processing tasks when necessary to ensure efficient personal information management. ② The company, when entering into outsourcing agreements, will specify in the contract or other documents the matters related to personal information protection as stipulated in Article 25 of the Personal Information Protection Act, including the prohibition of personal information processing beyond the outsourcing purposes, technical and administrative safeguards, restrictions on re-outsourcing, management and supervision of the subcontractor, and liability for damages. The company will also oversee whether the subcontractor handles personal information securely. ③ In the event of any changes in the content of outsourcing tasks or the subcontractor, the company will promptly disclose such changes through this privacy policy.
Article 5. Rights, Obligations, and Exercise Methods of Data Subjects
① Data subjects may exercise the following personal information protection-related rights against the company at any time.
1. Request to view personal information
2. Request for correction in case of errors
3. Request for deletion
4. Request for suspension of processing ② The exercise of rights under paragraph 1 can be made to the company in writing, by phone, email, fax, etc., and the company will promptly take action in response. ③ If a data subject requests the correction or deletion of personal information due to errors, the company will not use or provide such personal information until the correction or deletion is completed. ④ Exercise of rights under paragraph 1 may be done through a legal representative of the data subject or an authorized agent. In such cases, you must submit a power of attorney in accordance with the format provided in Annex 11 of the Personal Information Protection Act Enforcement Rules. ⑤ The data subject must not violate related laws, including the Personal Information Protection Act, and infringe upon the personal information and privacy of themselves or others being processed by the company.
Article 6. Personal Information Items Being Processed
The company is processing the following personal information items:
1. Website Membership Registration and Management: Until withdrawal from the website ㆍName, ID, password, address, phone number, email address, business registration number
2. Provision of Goods or Services ㆍName, ID, password, address, phone number, email address, business registration number
3. The following personal information items may be automatically generated and collected during the process of using internet services: ㆍIP Address, cookies, MAC Adress, service usage records, visitation records, etc.
Article 7. Destruction of Personal Information
① The company promptly destroys the relevant personal information when it becomes unnecessary due to the expiration of the personal information retention period or the achievement of the processing purpose.
② If, despite the expiration of the personal information retention period agreed upon by the data subject or the achievement of the processing purpose, personal information must continue to be retained in accordance with other laws, the company will move the relevant personal information to a separate database (DB) or store it in a different location for preservation.
③ The procedure and method of personal information destruction are as follows:
1. Process of Destruction The company selects the personal information for which the reasons for destruction have arisen, and with the approval of the company's Personal Information Protection Manager, proceeds to destroy the personal information.
2. Method of Destruction The company destroys personal information recorded and stored in electronic file format by using methods such as low-level formatting to ensure that the records cannot be reproduced. Personal information recorded and stored in paper documents is destroyed by shredding or incineration.
④ Measures Regarding the Destruction of Personal Information of Non-Users
1. The company converts users who have not used the service for one year into inactive accounts and stores their personal information separately. The separately stored personal information is destroyed promptly after one year of retention.
2. The company notifies members who are scheduled to become dormant members of the fact that their information will be stored separately, the date when it will become dormant, and the personal information items that will be stored separately by email, text message, or other means of notification available to users, up to 30 days before the transition to dormancy.
3.If you do not wish to convert your account into a dormant account, it is possible to log in to the service before the conversion to a dormant account takes place. Furthermore, even if your account has been converted into a dormant account, you can restore the dormant account and continue to use the service normally upon your consent when logging in.
Article 8. Rights, Obligations, and Exercise Methods of Data Subjects and Legal Representatives
① Data subjects have the right to exercise their rights, such as requesting access, correction, deletion, or suspension of personal information processing from the company at any time. ※ Requests to view personal information regarding children under the age of 14 must be made by their legal guardians. Information subjects who are minors aged 14 or older may exercise their rights regarding their personal information either by themselves or through their legal guardians.
② The exercise of rights can be carried out with regard to the company through written communication, electronic mail, facsimile transmission (FAX), etc., in accordance with Article 41, Paragraph 1 of the ‘Personal Information Protection Act,’ and the company will promptly take appropriate measures in response to such requests.
③ The exercise of rights can also be done through a legal representative of the data subject or through a delegated person. In such cases, you must submit a power of attorney in accordance with the format specified in Attachment 11 of the "Guidelines on Personal Information Processing Methods (No. 2020-7)".
④ The right to view personal information and the right to demand the cessation of processing may be limited in accordance with Article 35, Paragraph 4, and Article 37, Paragraph 2 of the ‘Personal Information Protection Act.’
⑤ Requests for the correction and deletion of personal information cannot be made if the personal information is explicitly designated as a subject of collection by other laws.
⑥ The company will verify whether the requester of access, correction, deletion, or processing cessation of personal information is the data subject themselves or a legitimate representative in accordance with the rights of the data subject.
Article 9. Security Measures for Personal Information
The company has implemented the following measures to ensure the security of personal information.
1. Administrative Measures: Establishment and implementation of internal management plans, regular employee training, and other internal measures are in place.
2. Technical Measures: Access control for systems such as personal information processing systems, access restrictions, and installation of security programs are implemented.
3. Physical Measures: Access control for areas such as computer rooms and data storage rooms is enforced.
Article 10. Items regarding the installation, operation, and refusal of automatic personal information collection devices
The company has implemented the following measures to ensure the security of personal information.
① The company uses ‘cookies’ to store usage information and retrieve it from time to time in order to provide individualized services to users.
② Cookies are a small amount of information that the server (http) used to run the website sends to the user's computer browser and are sometimes stored on the hard disk of the user's PC computer.
A. Purpose of use of cookies: They are used to provide optimized information to users by identifying visitation and usage patterns, popular search terms, secure access, etc. for each service and website visited by the user.
B. Installation, operation and refusal of cookies: You can refuse the storage of cookies through option settings in the Tools>Internet Options>Personal Information menu at the top of your web browser.
C. If you refuse to store cookies, you may have difficulty using customized services.
Article 11. Personal Information Protection Manager
① The company has appointed a Personal Information Protection Manager to oversee and take responsibility for all matters related to the processing of personal information, including handling complaints and providing remedies to data subjects in connection with personal information processing.
▷ Personal Information Protection Officer
Name: Song Gye Chan
Position: Manager of Administration Headquarters
Contact : Tel) 032-850-6110, E-mail) kcsong@e-inteco.co.kr, Fax) 032-850-6101
▷ Personal Information Protection Staff
Department: Management Support Team
Person in charge: Woo Hwa Kyoung, Team Leader
Contact : Tel) 032-850-6130, E-mail) nina@e-inteco.co.kr , Fax) 032-850-6101
② While using the company's services (or business), data subjects may contact the Personal Information Protection Manager and the relevant department for any inquiries, complaints, or matters related to personal information protection that may arise. The company will promptly respond to and address inquiries from data subjects.
Article 12. Request to view Personal Information
Data subjects can make requests to view personal information in accordance with Article 35 of the Personal Information Protection Act to the following department. The company will make every effort to process the data subject's request for access to personal information promptly.
▷ Receiving and Processing Department for Requests to view Personal Information
Department: Planning Team
Person in charge: Nam Sang Cheol, Manager
Contact : Tel) 032-850-6121, E-mail) ohsunwoo@e-inteco.co.kr, Fax) 032-850-6101
Article 13. Remedies for Violation of Rights
Data subjects can inquire about remedies for personal information breaches, counseling, and related matters from the following organizations.
< The following organizations are separate entities from the company. If you are not satisfied with the company's internal handling of personal information complaints or remedies or if you require more detailed assistance, please feel free to contact them. >
▷ Personal Information Breach Report Center (Operated by Korea Internet & Security Agency)
Remit: Reporting of personal information breaches, application for counseling
Homepage : privacy.kisa.or.kr
Tel : (Without area code) 118
▷ Personal Information Dispute Mediation Committee (Operated by Korea Internet & Security Agency)
Remit: : Application for personal information dispute mediation, group dispute mediation (civil resolution)
Homepage : privacy.kisa.or.kr
Tel : (Without area code) 118
▷ Cyber Crime Investigation Division of the Supreme Prosecutors' Office : 02-3480-3573 (www.spo.go.kr)
▷ Cyber Terrorism Response Center of the National Police Agency : 1566-0112 (www.netan.go.kr)
Article 14. Installation and Operation of Video Information Processing Equipment
① The company is installing and operating video information processing equipment as follows.
1. Installation Basis and Purpose of Video Information Processing Equipment: For the facility safety and fire prevention of Incheon Total Energy Co., Ltd
2. Installation Locations, and Coverage: 60 units installed in key facilities such as the company building and production facilities, covering the entire space of key facilities.
3. Person in Charge, Responsible Department, and Authorized Personnel for Access to Video Information: Jang Ji Hun, Manager (Smart Tecnology 2 Team)
4. Recording Time, Retention Period, Storage Location, and Processing Method of Video Information:
- Recording Time: 24 hours a day
- Retention Period: Within 30 days from the recording date
- Storage Location and Processing Method: Stored and processed in the video information processing equipment control room
5. Method and Location for Reviewing Video Information: Request to the person in charge (Smart Tecnology 2 Team)
6. Measures for Requests Regarding Viewing to Video Information by Data Subjects: Access is allowed only when the data subject's image is clearly captured or when it is necessary for the protection of the data subject's life, body, property, or vital interests.
7. Technical, Administrative, and Physical Measures for the Protection of Video Information: Establishment of an internal management plan, access control and restriction, application of secure storage and transmission technology for video information, preservation of processing records and prevention of tampering, provision of storage facilities with locking devices, and more.
Article 15. Changes to Privacy Policy
① This privacy policy has been effective from October 1, 2022.
② In case of any changes to the privacy policy, the company will make the previous version available for comparison and review.