Effective Date: February 25, 2023
Article 1 (Purpose of Personal Information Processing)
File name of personal information: User information
Purpose of personal information processing: User identification
Collection method: Website
Basis for retention: For user identification
Retention period: Deleted within 3 months after withdrawal
Article 2 (Items of Personal Information Being Processed)
① <Dogu Technologies Co., Ltd.> is processing the following personal information.
Required items: Email, password, login ID, service usage records, access logs, cookies, access IP information, payment records
Optional items: Company phone number, position, department, company name
Article 3 (Procedure and Method of Personal Information Destruction)
① <Dogu Technologies Co., Ltd.> promptly destroys the relevant personal information when the retention period of personal information has elapsed or when the purpose of processing personal information has been achieved and such information is no longer necessary.
② If the personal information agreed upon by the data subject has reached the retention period or the purpose of processing has been achieved, yet it is necessary to continue preserving the personal information due to other laws, the company transfers the information to a separate database (DB) or preserves it in a different location.
1. Personal information items preserved: Account information, transaction dates
③ The procedure and method of personal information destruction are as follows:
1. Destruction procedure: <Dogu Technologies Co., Ltd.> selects the personal information for destruction and obtains approval from the company's Personal Information Protection Manager to proceed with the destruction.
2. Destruction method: Technological methods that render electronic file information irretrievable are used.
Article 4 (Rights and Obligations of Information Subjects and Legal Representatives, and Methods of Exercising Those Rights)
① Information subjects can exercise rights such as viewing, correcting, deleting, or suspending the handling of personal information at any time with Dogu Technologies Co., Ltd.
② Exercising the rights mentioned in clause 1 can be done in writing, by electronic mail, facsimile (FAX), etc., directed to Dogu Technologies Co., Ltd., and Dogu Technologies Co., Ltd. will promptly take necessary actions in accordance with Article 41, Section 1 of the Enforcement Decree of the 'Personal Information Protection Act.'
③ The rights in clause 1 can be exercised through a legal representative of the information subject or an authorized agent. In this case, according to the 'Guidelines on Personal Information Handling (No. 2020-7),' a power of attorney as per Annex No. 11 must be submitted.
④ Requests for viewing personal information and suspending its handling may be limited in accordance with Article 35, Section 4, and Article 37, Section 2 of the 'Personal Information Protection Act.'
⑤ Requests for correcting or deleting personal information cannot be fulfilled when other laws stipulate that the information is subject to collection.
⑥ Dogu Technologies Co., Ltd. confirms the identity of the individual making requests based on information subject rights, requests for viewing, correcting/deleting, or requests for handling suspension, ensuring that it is the individual themselves or a legally authorized representative.
Article 5 (Measures for Securing Safety of Personal Information)
<Dogu Technologies Co., Ltd.> takes the following measures to secure personal information:
1. Regular self-audits: Conducts regular (quarterly) self-audits to ensure the security of personal information handling.
2. Minimization and education of personnel handling personal information: Designates personnel handling personal information, limits the number of personnel, and implements measures to manage personal information.
3. Establishment and implementation of an internal management plan: Establishes and implements an internal management plan for the secure processing of personal information.
4. Technical measures against hacking, etc.: Installs security programs to prevent leakage and damage of personal information due to hacking, computer viruses, etc.
5. Encryption of personal information: Encrypts stored and managed passwords to ensure that only the individual can access them. Uses separate security functions such as encrypting files and using file locking for important data.
6. Storage and prevention of tampering with access records: Stores and manages access records in the personal information processing system for at least 1 year. However, if personal information for over 50,000 individuals or unique identification information or sensitive information is handled, it is stored and managed for at least 2 years. Security features are used to prevent tampering, theft, or loss of access records.
7. Restriction of access to personal information: Grants, modifies, and revokes access rights to databases handling personal information to control access. Controls unauthorized access from outside using intrusion prevention systems.
8. Use of locking devices for document security: Stores documents containing personal information, auxiliary storage media, etc., in secure places with locking devices.
9. Access control for unauthorized individuals: Establishes and operates access control procedures for physical storage spaces containing personal information.
Article 6 (Installation, Operation, and Refusal of Automatic Collection Devices of Personal Information)
① <Dogu Technologies Co., Ltd.> uses 'cookies' to store and periodically retrieve usage information to provide individualized tailored services to users.
② Cookies are small amounts of information sent by the server (http) operating the website to the user's computer browser, and they may also be stored on the user's PC hard drive.
a. Purpose of using cookies: Used to optimize information provided to users by identifying their visits and usage patterns on visited services and websites, popular search terms, and secure access status.
b. Installation, operation, and refusal of cookies: Users can refuse cookie storage by setting options in the Tools > Internet Options > Privacy menu in the web browser. However, refusal may cause difficulties in using tailored services.
Article 7 (Handling of Pseudonymized Information)
<Dogu Technologies Co., Ltd.> processes pseudonymized information for the following purposes:
▶ Purpose of processing pseudonymized information
- Storage and processing of inquiries
▶ Period of processing and retaining pseudonymized information
- Destruction after 90 days
▶ Items of personal information subjected to pseudonymization
- Name, Email, Inquiry Details
▶ Measures to ensure the security of pseudonymized information pursuant to Article 28-4 (Obligations regarding Safety Measures for Pseudonymized Information) of the law
- Administrative measures: Establishment and implementation of internal management plans, regular employee education.
- Technical measures: Management of access rights to personal information processing systems, encryption of unique identification information, etc.
- Physical measures: Access controls for computer rooms, data storage rooms, etc.
Article 8 (Details of the Personal Information Protection Manager)
① <Dogu Technologies Co., Ltd.> is responsible for overseeing personal information processing and designates a Personal Information Protection Manager to handle complaints and remedies related to personal information processing. The details are as follows:
▶ Personal Information Protection Manager
Name: Kim Hoon-hoe
※ Connects to the Personal Information Protection Department.
▶ Personal Information Protection Department
Department: Server Development Department
Responsible Person: Kim Hoon-hoe
② Users of <Dogu Technologies Co., Ltd.> services (or businesses) can contact the Personal Information Protection Manager or the department in charge for inquiries, complaints, remedies, etc., regarding personal information protection related matters. <Dogu Technologies Co., Ltd.> will promptly respond and handle the user's inquiries.
Article 9 (Department Responsible for Receiving Requests for Access to Personal Information)
Information subjects can request access to personal information according to Article 35 of the 'Personal Information Protection Act' from the following department:
< Dogu Technologies Co., Ltd.> will make efforts to swiftly process requests for access to personal information from information subjects.
▶ Department for Receiving Requests for Access to Personal Information
Department: Server Development Department
Responsible Person: Kim Hoon-hoe
Article 10 (Remedies for Infringement of Information Subject's Rights)
Information subjects can apply for dispute resolution or counseling related to personal information infringements to the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, etc., to receive remedies for damages caused by personal information infringements. For other personal information infringement reports or consultations, please contact the following organizations:
1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
2. Korea Internet & Security Agency's Personal Information Infringement Reporting Center: 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
4. National Police Agency: 182 (ecrm.cyber.go.kr)
According to Article 35 (Access to Personal Information), Article 36 (Correction/Deletion of Personal Information), and Article 37 (Suspension of Personal Information Processing), individuals who have suffered violations of rights or benefits due to administrative dispositions by a public institution or unauthorized acts can file for administrative appeals according to the Administrative Appeals Act.
※ For more information on administrative appeals, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr).