Useok Cho
May 8, 2023
Privacy Policy Notice
privacy policy
May 9, 2024
In order to protect the personal information of information subjects in accordance with Article 30 of the Personal Information Protection Act and to promptly and smoothly handle complaints related thereto, 'Ribbon Holdings' (hereinafter referred to as the 'Company') has the following personal information processing policy. Established and disclosed.
○ This privacy policy is effective from May 9, 2024.
Article 1 (Personal information processing items, purpose, retention period)
① The company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, necessary measures will be taken, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
② The company processes, retains and then destroys personal information within the personal information retention and use period pursuant to the law or within the personal information retention and use period agreed upon when collecting personal information from the information subject.
③ When personal information becomes unnecessary, such as when the personal information retention period has passed or the purpose of processing has been achieved, the personal information is destroyed without delay.
④ Each personal information processing item, purpose, and retention period are as follows.
division | processing items | Purpose of processing | Retention period | |
Rebon Holdings home page | Contact Us | [Required] Inquiry field, inquiry route, inquiry content, name, company name, industry group, email, department name, mobile phone number | Counseling for inquiries, processing of service-related complaints, and notification of processing results | 3 years |
Subscribe to our newsletter | [Required] Name, company name, email | Promotional newsletter provided | When applying to unsubscribe from newsletters | |
Download content | [Required] Name, title, department name, company name, industry, mobile phone number, email | Provision of promotional technical data | 6 months | |
Promotion (event), Apply for free consulting | [Required] Name, title, company name, department name, email, mobile phone number, industry, company size (number of people) [Optional] Inquiry | Promotional training (seminar, webinar) and consultation for inquiries | 1 year | |
Customers who consent to promotion and marketing | [Required] Mobile phone number or email (at least one) | Information on new services, products, events, and promotions | When withdrawing consent to receive | |
technical support | Customer Support | [Required] Email, name, company name, password, language, mobile phone number, technical support request | Technical support for services, handling of service-related complaints | 3 years |
employment | job applicant | [Required] Email, mobile phone number, password, identity verification information (CI, DI), name, application field, date of birth, English name, recommender, application route, photo, address, contact information, military service details, high school, university, Graduate school, work experience, experience and career description, portfolio attached, career description attached, certified foreign language test, certificate, self-introduction [Optional – Sensitive Information] Nationality, disability status, veteran status | Guide to the progress of the talent recruitment process and each step of the process | 6 months after termination of the relevant employment case |
Inquiry while applying for employment | [Required] Name, phone number, email, inquiry details | Processing of complaints and notification of processing results when inquiries are received | 3 years | |
Recruitment successful candidate | Other than information collected when applying for employment [Required] Copy of bankbook [Required – Unique identification information] Copy of resident registration (resident registration number), alien registration number [Optional – Unique identification information] When registering a dependent, family relationship certificate (resident registration number), alien registration number | Salary and welfare benefits provided, four major insurances, career verification, and personnel services provided. | 5 years after leaving the company |
Article 2 (Preservation of personal information)
① In cases where personal information must continue to be preserved pursuant to other laws and regulations despite the expiration of the personal information retention period agreed upon by the information subject or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or storage location changed. Save it differently.
Basis law | Preserved Items | Retention Period |
commercial law | Commercial ledgers and important documents related to business | 10 years |
slip or similar document | 5 years | |
Act on Consumer Protection in Electronic Commerce, etc. | Records of contracts or subscription withdrawals, etc. | 5 years |
Records of payment and supply of goods, etc. | 5 years | |
Records of consumer complaints or dispute resolution | 3 years | |
Records of display/advertisement | 6 months | |
Framework Act on National Taxes | Books and supporting documents for all transactions stipulated by tax laws | 5 years |
Communications Secret Protection Act | Service visit history | 3 months |
② The procedures and methods for destroying personal information are as follows.
1. Destruction Procedure The company selects the personal information that is subject to destruction and destroys the personal information with the approval of the company's personal information protection manager.
2. Method of destruction: Information in the form of electronic files uses technical methods that cannot reproduce the records. Personal information printed on paper is destroyed by shredding or incineration.
Article 3 (Provision of personal information to third parties)
The company processes personal information only within the scope specified in Article 1 (Purpose of processing personal information), and only handles personal information in cases that fall under Articles 17 and 18 of the Personal Information Protection Act, including the consent of the information subject and special provisions of the law. Provide information to third parties.
Article 4 (Rights and obligations of information subjects and legal representatives and methods of exercising them)
① The information subject may exercise his/her rights, such as requesting the company to view, correct, delete, or suspend processing of personal information, at any time.
② The exercise of rights under Paragraph 1 may be made to the Company in writing, e-mail, facsimile (FAX), etc. in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
③ The exercise of rights under paragraph 1 can be done through an agent, such as the information subject’s legal representative or a person authorized to do so. In this case, the “Notice on Personal Information Processing Methods (No. 2020-7)” attached form No. 11 You must submit a power of attorney according to the following.
④ Requests to view and suspend personal information processing may limit the information subject's rights pursuant to Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.
⑤ Requests for correction or deletion of personal information cannot be requested if the personal information is specified as a collection target in other laws and regulations.
⑥ The company verifies whether the person making the request, such as a request for viewing, a request for correction or deletion, or a request for suspension of processing, is the person or a legitimate agent in accordance with the information subject's rights.
Article 5 (Measures to ensure the safety of personal information)
The company is taking the following measures to ensure the safety of personal information.
1. Conducting regular self-audits We conduct regular self-audits to ensure the stability of personal information processing.
2. Minimization and training of employees processing personal information We are implementing measures to manage personal information by designating employees who process personal information and limiting it to the person in charge.
3. Establishment and implementation of an internal management plan We are establishing and implementing an internal management plan for the safe processing of personal information.
4. Technical measures against hacking, etc. The company installs security programs and periodically updates and inspects them to prevent leakage and damage of personal information due to hacking or computer viruses, installs the system in an area where access from the outside is controlled, and provides technical/technical measures. We are physically monitoring and blocking.
5. Encryption of personal information The user's personal information is stored and managed with an encrypted password, so only the user can know it. For important data, separate security functions such as encrypting files and transmission data or using the file lock function are used. I'm doing it.
6. Storage of access records and prevention of forgery and falsification Records of access to the personal information processing system are stored and managed for at least one year. However, personal information of more than 50,000 information subjects is added, or unique identification information or sensitive information is not added. In case of processing, it is stored and managed for more than 2 years. Additionally, we use security features to prevent access records from being forged, altered, stolen, or lost.
7. Restriction of access to personal information Necessary measures are being taken to control access to personal information by granting, changing, and deleting access rights to the database system that processes personal information, and using an intrusion prevention system to prevent unauthorized access from outside. Access is controlled.
8. Use of locking device for document security Documents and auxiliary storage media containing personal information are stored in a safe place with a locking device.
9. Access control for unauthorized persons We have a separate physical storage location where personal information is stored, and access control procedures are established and operated for this.
Article 6 (Matters regarding installation, operation and refusal of automatic personal information collection devices)
① The company uses ‘cookies’ to store usage information and retrieve it from time to time in order to provide individualized services to users.
② Cookies are a small amount of information that the server (http) used to run the website sends to the user's computer browser and are sometimes stored on the hard disk of the user's PC computer.
go. Purpose of use of cookies: They are used to provide optimized information to users by identifying visitation and usage patterns, popular search terms, secure access, etc. for each service and website visited by the user.
me. Installation, operation and refusal of cookies:
Chrome | At the top right of your web browser, click More > Settings > Privacy & Security > Cookies and other site data. |
Edge | Settings and other at the top right of your web browser > Settings > Cookies and site permissions > Cookies and saved data |
Safari | Safari > Preferences > Privacy > Cookies and website data |
If you refuse to store cookies, you may have difficulty using customized services.
③To provide better services to information subjects, we use Google Analytics, a web log analysis tool provided by Google, Salesforce, and Pixel, a web log collection tool provided by KaKao. Google Analytics, Salesforce, and Kakao Pixel collect behavioral information about our website users through cookies, and in this case, only non-identifying information that cannot personally identify users is collected. Nevertheless, users can refuse the use of cookies by Google Analytics, Salesforce, and Kakao Pixel by installing add-ons or refusing cookie settings in their web browser.
Installation of Google Analytics blocking browser add-on (https://tools.google.com/dlpage/gaoptout)
Change your advertising settings in Salesforce or utilize the opt-out program (https://optout.aboutads.info/?c=2&lang=EN)
Kakao cookie use rejection settings (Internet Explorer: Tools → Internet Options → Privacy/Chrome: Settings → Privacy and Security)
Article 7 (Personal Information Protection Manager)
① A personal information protection officer is appointed as follows to take overall responsibility for the company's personal information processing work, and to handle complaints and provide relief for damage from information subjects related to personal information processing.
▶ Personal information protection officer | |
name | Jo Woo-seok |
position | CPO / CISO |
rank | manager |
contact | |
※ You will be connected to the personal information protection department. |
② Information subjects may inquire about all personal information protection-related inquiries, complaint handling, damage relief, etc. that arise while using the company's services (or business) to the personal information protection manager and responsible department. The company will respond and process inquiries from information subjects without delay.
Article 8 (Request to view personal information)
The information subject may request access to personal information pursuant to Article 35 of the Personal Information Protection Act to the department below. The company will endeavor to promptly process the information subject's request to view personal information.
▶ Personal information access request reception and processing department | |
Department | Information Protection Team |
Contact |
Article 9 (Methods for relief from rights infringement)
In order to receive relief from personal information infringement, the information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, etc. For other personal information infringement reports and consultations, please contact the organizations below.
1. Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Reporting Center: (without area code) 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)
4. National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)
The head of a public institution may respond to requests pursuant to the provisions of Article 35 (view of personal information), Article 36 (correction/deletion of personal information), and Article 37 (suspension of processing of personal information, etc.) of the Personal Information Protection Act. A person whose rights or interests have been infringed due to a disposition or omission may request an administrative trial in accordance with the Administrative Appeals Act. ※ For more information on administrative trials, visit the Central Administrative Appeals Commission (www.simpan.go.kr) website. Please refer to .
Article 10 (Changes to personal information processing policy)
① This personal information processing policy is effective from May 9, 2024.