Purpose of collecting and using personal information
Types of personal information collected
Method of collecting personal information
Providing personal information to third parties
Retention and use period of personal information
Procedure and method for destroying personal information
Rights of the users and their legal representatives and exercise of rights
Measures to secure personal information
Installation and operation of programs that automatically collect personal information and rejection of such programs
Personal information manager and grievance department
1. Purpose of collecting and using personal information
The Company collects and uses personal information to provide services for OMPASS admin website and OMPASS app, to identify and authenticate persons for membership-based services, to prevent the illegal use of services, to secure contact for customer support, to process complaints, to analyze members’ use of services statistically, to provide advertising information, and to provide services specific to statistical characteristics.
2. Types of personal information collected
Information collected for membership sign up under agreement by administrators includes last name, first name, email, phone number, country code, and company (organization) name.
Information collected for registration of sub-administrators by administrators includes last name, first name, email, phone number, and country code.
Information collected automatically for activities of administrators and sub-administrators includes OMPASS log, policy log, login time, cookie, and access IP information.
Information collected automatically for activities of users includes User ID, application name, authentication, login time, cookie, and access IP information.
3. Methods of collecting personal information
Personal information is collected during the membership service sign-up process, service use, phone consultation, email consultation, service inquiry, and quotation inquiry.
4. Providing personal information to a third party
5. Retention and use period of personal information
Information retention according to policy of the Company
The Company retains the information provided by administrator, sub administrator, and user from the time of registration to the time of membership withdrawal.
In the case of services other than membership, after achieving the purpose of using personal information, the information is immediately destroyed or retained according to the indicated retain period for each service.
Information retention according to relevant laws and regulations If there is a need to preserve personal information according to the provisions in laws such as the Commercial Act, however, the Company retains such in accordance with the laws and regulation.
Records concerning the contract or subscription withdrawal, etc.：5 years
Records concerning payment and supply of goods, etc.：5 years
Records concerning consumer complaints or dispute settlement：3 years
6. Procedure and method for destroying personal information
After achieving the purpose of collecting and using personal information or the retention period expires, the information is immediately destroyed. The procedure and method for destruction are as below.
Procedure for destroying personal information Collected personal information is immediately destroyed after achieving the purpose of collecting or the retention period expires. If there is a need to preserve personal information according to relevant laws and regulations, the information is moved to and stored in a separate DB and destroyed after the retention period expires.
Method for destroying personal information Collected personal information is immediately destroyed after achieving the purpose of collecting or the retention period expires. If there is a need to preserve personal information according to relevant laws and regulations, the information is moved to and stored in a separate DB and destroyed after the retention period expires.
Personal information printed on a paper is destroyed with a shredder.
Personal information saved in electronic file format is destroyed using a technical method that does not allow regeneration.
7. Rights of the users and their legal representatives and exercise of rights
8. Measures to secure personal information
The Company takes following administrative, technical, and physical measures to ensure safety when processing personal information.
Administrative measures：Establishing and implementing internal management plans, regular training on personal information protection for employees, etc.
Technical measures：Management of access permission to personal information processing system, installation of encrypt and security programs, etc.
Physical countermeasures：Access control to the storage for personal information such as server room and data storage room, etc.
9. Installation and operation of programs that automatically collect personal information and rejection of such programs
10. Personal information manager
Chief Privacy Manager：Nury Kang Contact for privacy related inquiries：070-4298-3070, firstname.lastname@example.org If you have any questions about your personal information, please contact us anytime. For other questions about reporting or consulting on privacy violation, please contact the following institutions in South Korea：
Cyber Bureau, National Police Agency https://cyberbureau.police.go.kr/ Call +82-182