Hanwha Co., Ltd. (the “Company”) considers the handling of personal information of users very important and complies with the applicable laws related to personal information. The Company complies with the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc. (the “Information Communication Network Act”) and the Personal Information Protection Act (the “Protection Act”).
- 01. Consent to collection and use of personal information
- 02. Purpose of collection and use of personal information
- 03. Personal information items collected
- 04. Method of collection of personal information
- 05. Period of possession and use of personal information
- 06. Use of the collected personal information
and provision of such information to a third party
- 07. Rights and obligations of the concerned parties and how to exercise them
- 08. Withdrawal of consent to collection, use and provision of personal information
- 09. Procedure and method of destruction of personal information
- 10. Entrustment of personal information handling
- 12. Technical and Administrative Measure for Protection
of Personal Information
- 13. Matters concerning installation, operation and refusal of automatic personal information collection device
- 14. Rights and obligations of users
- 15. Collection of opinion and complaint handling
- 16. Supervisor and person responsible for protection of personal information
- 17. No unauthorized email collection
- 18. Duty to notify.
01. Consent to collection and use of personal information
The Company arranges the procedure whereby users may click an ‘agree’ or ‘disagree’ button with respect to collection of personal information within the contents of this Policy and if a user clicks an ‘agree’ button, he/she is deemed to have agreed to collection of personal information.
02. Purpose of collection and use of personal information
"Personal information” means an information concerning a living person by which the person may be identified based on his/her name, resident registration number, etc. contained in the information (includes information, if used alone, could not be used to identify one individual from the others, but could be easily combined with other information to identify one individual from the others).
The purposes of collection and use of personal information of customers by the Company are as follows.
Use purpose classification
- - Management of members
- - Identification of members for using membership services
- - Prevention of unauthorized or unapproved use by an unauthorized user, prevention of duplicated sign ups of existing members
- - Confirmation of an intention of signing up, and limitation on signing up and number of sign ups
- - Record keeping for customer consultations, complaint receiving and handling and settlement of disputes for users
- - Delivery of notices
- - Provision of contents, information on event/giveaway result and prize delivery
03. Collected personal information items
- A. The Company collects only the information required for providing basic services and obtains consent from users when collecting information for providing service that satisfies each user's preference and needs. Even when a user fails to provide optional information, there are no restrictions on his/her use of the service.
- B. The Company does not collect any sensitive personal information that may infringe the basic human right of users (i.e., race and nationality, ideology and creed, place of birth and place of family register, political orientation and criminal records, health condition and sexuality, etc.) other than applicant preference information. Under any circumstances, the Company does neither use the information provided by you for any purpose other than those declared in advance to users nor or disclose thereof to any third party.
- C. The Company collects and uses personal information as follows.
Types of collected information
Types of collected information
|How it is collected||Required Information||Optional Information|
|Register as a member||Member ID (email), Password, User Name||Image (photo), Gender, Date of Birth, Current Status, Academic major, Interests|
|Apply for on-line training course||Occupation||Gender, Date of Birth|
|Participate in an on-line event||Mobile phone number|
04. Method of collection of personal information
The Company collects information by the following methods.
- - Joining membership on the website, filling out information on the applications for educational lectures.
05. Period of possession and use of personal information
- A. Personal information of customers shall be retained and used during the period the Company provides the service to customers. If requested to be deleted, collected personal information is destroyed so that it can be neither viewed nor used. However, The Company reserves the right to possess personal information of members for a certain period of time in order to confirm transaction-related rights or obligations in accordance to applicable laws and regulations such as the Commercial Act, the ‘Act on the Consumer Protection in Electronic Commerce, etc., the Electronic Financial Transactions Act, the Specialized Credit Finance Business Act, the Framework Act on National Taxes, the Corporate Tax Act or the Value-Added Tax Act, etc., as follows and the review and use of such personal information shall be limited to the relevant reason and the purpose and period of possession and items to be possessed shall be specified in advance.
- B. If any information is required to be preserved, it shall be preserved pursuant to the applicable laws.
- If notified to a customer in advance and in case the retention period there has not expired or consent has been obtained from you individually, it shall be the promised retention period.
- General member information: immediately deleted upon a request to cancel membership
- Event participation info: immediately deleted after an event is over
- C. In the event any user requests to view the information in possession by consent of the user, the Company shall take measures to enable review/confirmation thereof without delay.
06. Use of the collected personal information and provision of such information to a third party
- Partnership: The Company may either provide personal information of customers to partners or share it with them to provide better service. When providing of sharing personal information, the Company will go through the process of obtaining consent by either writing or email to individual customers in advance on who are the partners, what is the provided or shared personal information item, why such personal information must be shared and until when how such information is protected and managed and if a customer does not agree, it shall be neither provided to nor shared with partners. If there is any change to a partnership or a partnership terminates, the Company shall either notify or obtain consent by the same procedure.
- B. The Company shall neither use personal information nor provide it to any third party beyond the extent notified to customers when collected or stipulated in the terms and conditions of the service. However, if there is consent from a customer of any one of the following cases shall be exceptions.
- When personal information is required personal information to perform the contract on the provision of the service and is considerably difficult to obtain conventional consent due to economic and technical reasons.
- When necessary to calculate the fee for provision of the service.
- When otherwise stipulated in other laws such as the Protection of Communications Secrets Act, the Act Regarding Promotion of Information and Communication Network Use and Protection of Information, the Real Name Financial Transaction Act, the Use and Protection of Credit Information Act, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, the Criminal Procedure Act, etc. However, even when a competent authority or an investigation agency requests such information for either an administrative or investigative purpose in case of ‘otherwise stipulated in the laws and regulations,’ we do not unconditionally provide personal information of any customer and when there is a warrant or an official letter bearing the seal of head of an authority, we provide personal information according to lawful processes.
07. Rights and obligations of data subjects and how to exercise them
- A. Rights to view personal information
- 1) data subjects may request to view their personal information processed by the Company.
- 2) When the Company receives a request to view personal information from a data subject, it shall allow the party to view his/her personal information within 10 days. If there is a valid reason for not being able to view such information, the Company shall notify the reason thereof to the subject and delay the viewing and the reason thereof solved, the Company shall allow the subject to view the information without delay.
- 3) The Company may notify a data subject if any of the following reasons occur and either restrict or refuse viewing.
- ① When viewing is either prohibited or restricted according to laws.
- ② When there is a concern for causing injuries to other people's life or body or unjustifiable infringement of other people's properties and other interests.
- B. Rights to correct/delete personal information
- 1) Any data subject may request to correct or delete his/her personal information. However, if the personal information is specified as an object to be collected pursuant to laws and regulations, he/she may not request for deletion thereof.
- 2) Unless there is a special process stipulated in laws and regulations, if a data subject requests to correct or delete his/her personal information, the Company shall take necessary measures without delay such as correction, deletion, etc. and inform the result thereof to the data subject.
- 3) If a data subject requests for correction of errors in personal information, the concerned personal information shall not be used or provided until it is corrected.
- 4) In case the Company has already provide wrong personal information to a third party, the Company shall notify the result of the correction to the third party without delay and take a measure to correct it.
- 5) When the Company deletes personal information, it shall take measures so that it can be neither recovered or reproduced.
- 6) If necessary, the Company may require the concerned data subject to submit evidence required to confirm the correction or deletion request.
- C. Rights to suspend processing of personal information
- 1) Any data subject may demand suspension of processing his/her personal information.
- 2) If a data subject requests for suspension of his/her personal information processing, the Company shall suspend processing of either the whole or partial personal information without delay. However, in the following cases, the Company may refuse the request of any data subject.
- ① When there is a special provision in laws and necessary to comply with obligations pursuant to laws.
- ② When there is a concern for causing injuries to other people's life or body or unjustifiable infringement of other people's properties and other interests.
- ③ If personal information is not processed, performance of an employment contract with a data subject is difficult and the data subject has not clearly expressed his/her intention to terminate such contract.
- 3) The Company shall take necessary measures on personal information which processing has been suspended according to a request of a data subject, such as destruction of the personal information concerned.
- D. How to request for viewing/correction/deletion/processing suspension of personal information
- 1) If a data subjects requires a viewing/correction/deletion/processing request, we will process it immediately if you leave your request on Q&A.
08. Withdrawal of consent to collection, use and provision of personal information
- A. You may, at any time, withdraw your consent to collection, use and provision of personal information, which you consented to during sign up. It shall be deemed that you have withdrawn your consent to collection, use and provision of personal information when you cancel your membership and delete your resume. Also, if user contact the supervisor in charge of management of personal information in writing, by telephone or by e-mail, etc., the Company shall immediately take necessary measures for the withdrawal without delay. In the event of withdrawal of consent or destruction of personal information, the Company shall immediately notify the user thereof. (※ However, withdrawal of consent for collection and use of required information to provide the Service shall be an exception.)
- B. The Company shall take necessary measures so that a withdrawal of the consent to collection of personal information and withdrawal from membership are easier than consenting to collection of personal information.
09. Procedure and method of destruction of personal information
When the purpose of use of personal information collected is achieved, the Company shall immediately destroy the relevant information in accordance with the possession period and the use period. The procedure, method and time of destruction shall be as follows.
- A. Procedure and Time of Destruction:
Personal information entered by a user for sign up to membership shall be deleted or destroyed after lapse of the period, which is prescribed for the protection of information (see the “Period of Possession and Use of Personal Information” above) under the Company's internal policy and other applicable laws, after the purpose of use of personal information is achieved, such as termination of services.
How to request for immediate destruction: you may request for immediate destruction to the system administration (firstname.lastname@example.org).
- B. Method of Destruction : Personal information printed on paper shall be destroyed by shredding, incineration or dissolution by chemicals. Personal information stored in an electronic file form shall be deleted by technical method which makes it impossible to restore or reproduce
10. Entrustment of personal information handling.
- A. The Company entrusts an outside company with handling of personal information for better business performance including provision of basic services, better services, customer convenience, etc., as follows.
- Entrusted company: Hanwha System/ICT
- Range of entrustment: Group talent incubation (Dreamplus) social contribution system management/operation, maintenance and repair.
- Retention and use period: until personal information is deleted or entrust contract expires.
|Entrusted company||Entrusted items||Period of possession and use|
|Hanwha System/ICT||Group talent incubation (Dreamplus) social contribution system management/operation, maintenance and repair.||Until personal information is deleted or entrust contract expires.|
|Hancom, Another Rainbow Ltd. Jellablue Co., Ltd. ||Hancom, Another Rainbow Ltd. Jellablue Co., Ltd. Conformation of Dreamplus event winners, prize delivery processing.||Deleted immediately after an event is over.|
- B. In the personal information handling entrustment., the Company clearly prescribes the provisions concerning the compliance with laws and regulations related to protection of personal information, the confidentiality of personal information, the prohibition from provision of personal information to a third party, the responsibility in the event of accident, the period of entrustment, and the obligations to return or destroy personal information after the end of handling of personal information, etc. through a contract and retains the details of the contract either in writing or electronically.
- C. In principle, the Company shall not handle or entrust personal information for purposes other than providing the service without consent from customers. However, if such need arises, the contents of the entrusted business and entrusted company to customers and obtain consent from them.
- A. When the Company seeks to obtain additional consent from a customer for the use of or provision to a third party of his/her personal information beyond the consented scope, The Company shall notify the customer of the relevant matter in advance in writing, by e-mail or phone, etc.
- B. In the event the Company entrusts collection, possession, disposition, use, provision, management or destruction, etc. of a customer's personal information to a third party, the Company shall inform the customer thereof and obtain consent from the customer by notifying such information on the registration page, in the Terms and Conditions of services or the Policy appearing on the website, etc.
- C. In the event the Company transfers its businesses, in part or whole, or transfers its rights or obligations due to merger or succession, etc., it shall notify users thereof in writing or by e-mail, etc. as well as describe such transfer on the first screen of the Homepage for 30 days or more. However, if the Company is unaware of any customer's address or telephone number without the Company's negligence, or event of force majeure, or any justifiable reason that the Company cannot notify the notice in writing, by e-mail or by other means may be substituted by publishing a notice no less than once in 2 or more daily newspapers published in Seoul (in the event most of users reside in a certain area, the newspapers published and distributed in such area).
12. Technical and Administrative Measure for Protection of Personal Information.
- A. The Company has prepared and applies technical and administrative measures to protect user's personal information.
- B. Technical Measures
- The Company devises the following technical measures to safeguard personal information from being lost, stolen, leaked, forged or damaged in the process of handling of user's personal information.
- User's personal information is password-protected and important information is protected through an additional security function by encoding files and transmission data or using a file lock function.
- The Company adopts a security system (SSL or SET) for safely transmitting personal information over network by using a code algorithm.
- The Company makes best efforts for security against infiltrations from outside such as hacking, etc. by using infiltration blocking systems and vulnerability analysis systems, etc. on each server.
- C. Administrative Measure
The Company limits the number of persons with access to personal information of users to a minimum, which fall under any of the following.
- Persons engaging in the direct marketing to users.
- Persons engaging in the protection of personal information such as the supervisor and person responsible for protection of personal information.
- Other persons who inevitably handle personal information for other business purposes.
- The Company prepares procedures for accessing and managing user's personal information and requires its employees to fully understand and comply with such procedures and provides regular in-house and external training to the employees who handle personal information for learning new security technologies and complying with personal information protection obligations.
- The transfer of duties of the persons who handle personal information are carried out strictly while maintaining security and the Company clearly describes their responsibilities for any personal information-related accidents after joining and resigning from the Company.
- The computer room and the data room, etc. are established as the high security areas to which access is controlled.
- When handling user's personal information by a computer, the Company designates the person in charge with access to personal information, issues an ID and a password to such person, and updates the password on a regular basis.
- The Company requires new employees to sign the written pledge for protection of information or for protection of personal information upon hiring them to prevent personal information leakage in advance, and prepares and performs an internal procedure to audit employees’ execution and compliance with the Policy on a continuous basis.
- The Company requires employees to sign a confidentiality agreement upon resigning from the Company to prevent potential damage, infringement or disclosure of personal information the employee has acquired in the process of handling personal information during employment.
- When collecting from or providing to customers any payment-related information such as customers’ credit card number or bank account for the purpose of entering into the service agreement or of providing services, customer takes necessary measures required for confirming the identity of the customer.
- The Company does not take responsibilities for any events resulting from customers’ own mistake or the basic risk of the Internet. Members should properly manage their ID and password to protect their personal information and take responsibility.
- The Company recommends that any password which others are able to guess easily should be avoided and that the passwords be changed on a regular basis.
- In the event a member accesses and logs into our website from a public PC used jointly with others and go to another website while logged into our website, the member is recommended to logout before closing the website window. If not, there is a risk that his/her information such as ID or password may be easily disclosed to others through the browser.
- In the event of any loss, leakage, falsification or damage to personal information due to an internal manager's mistake or any technical accident, the Company shall immediately inform users thereof and consider proper measures and compensation.
13. Matters concerning installation, operation and refusal of automatic personal information collection device
- A. The Company may install and operate cookies to save and frequently find information about the customers’ information through the internet service provided by the Company. A cookie is character string information sent by a web server to a web browser, saved and sent back to the server again when there is an additional request of the server. When a customer connects to the website, it can read the content of the cookie in the browser of the customer, find additional information and provide service without additional input such as the name due to the access.
- B. Customers have the right to choose on cookie installation. They can either accept all cookies, request for a notice when a cookie is installed, or reject all cookies in “tools → Internet Option → personal information → advanced” on the top of a web browser. However, when a customer refuses cookie installation, there may be inconvenience in using the service or we may have difficulties in providing the service.
- C. A cookie is ended when you exit from a browser or log out.
14. Rights and obligations of users
- A. Users should make sure to enter and maintain the most up-to-date personal information to provide any mishap. Users shall be liable for any accident arising from any inaccurate information entered by them and if a user provides any false information such as personal information theft, his/her membership may be revoked.
- B. Users have the right to have his/her personal information be protected as well as the obligation to protect himself/herself, and not to infringe information of others. Users should exercise caution to avoid theft of his/her personal information, including passwords, and also avoid potentially damaging personal information of others through, including posts. If a user fails to fulfill such responsibilities and damages information of others, he/she may be subject to punishment under the “Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.”
15. Collection of opinion and complaint handling
- A. The Company values opinion of users and users have the right to receive sincere answers on their questions at any time.
- B. The Company operates customer consultation channels such as the customer center for smooth communication with users and if a user has any question, he/she may contact the following contact and receive sincere answers at any time.
- - Personal information related customer center (TEL: 02-6313-3114)
- C. In the event a user requires consultation regarding infringement of personal information, he/she may contact the Personal Information Infringement Reporting Center under the Korea Internet Security Agency or the Cyber Terror Response Center under the National Police Agency.
- Entrusted party: Personal information infringement reporting center
- Telephone number: (No area code) 118
- URL: http://privacy.kisa.or.kr
- Entrusted party: Cyber Terror Response Center under the National Police Agency
- Telephone number: (No area code) 182
- URL: http://cyberbureau.police.go.kr
16. Supervisor and person responsible for protection of personal information
- A. The Company considers user's personal information to be very valuable and makes best efforts to prevent any damage, infringement or leakage of user's personal information. However, the Company shall have no liability for any damage to information due to unexpected accident arising from the basic risk of network such as hacking despite the technical countermeasures undertaken by the Company and for any dispute arising from posts written by visitors.
- B. The customer center makes the best efforts to answer users’ questions regarding protection of personal information promptly and sincerely. In addition, when a user seeks to contact the Company's person in charge of protection of personal information, he/she is requested to contact any of the following persons using the contact information or email address below and the Company shall answer the questions concerning personal information promptly and sincerely.
- - Chief Privacy Officer Name: Sangil Kim, General Manager
- - Person in charge for personal information protection: Dongwoo Han, Manager
17. No unauthorized email collection
The Dreamplus website (www.dreamplus.io) refuses any unauthorized collection of posted email addresses by email collection programs or other technical devices. In case of a violation of the foregoing provision can lead to punishment pursuant to the Act regarding the Promotion of Information and Communication Network Use and Protection of Information, etc.
18. Duty to notify.
- A. This Policy was established on September 13, 2018. In the event of addition, deletion or amendments to its contents according to the changes in government policies or security technologies, any general changes shall be publicly announced at least seven 7 days before the changes take effect, and any important changes shall be publicly announced at least thirty 30 days before the changes take effect, on the pop-up window of the website (www.dreamplus.io) or the ‘Public Notice’ menu.