1. General rules
① Personal information is in respect of individual information being alive, means information which can identify specific person.
② Xpege consider customer's own information very important and we are keeping regulation
for protection of personal information on Information Privacy Law.
③ Xpege is prescribing procedure to settle process of personal information treatment.
2.Collecting personal information and purpose for utilization
- We are also arranging process to make customers recognize personal information policy easily by adding version code when we change the process of personal information treatment.
- Identifying specific person being based on use of membership service
- Prevention of bad member's unfair use and unauthorized use
- Identifying personal under age
- Consulting, reception and settlement of customer's complaint
- Notification of some issue
- Settlement of charge in using service
- Providing contents, notifying prize winning of event and sending present
- Identification of the personal himself related to finance dealing & service
- Sending invoice, purchase, payment, refund, etc.
- Notifying new service, new item, and event information.
- Providing customers optimal service
- Utilizing data and marketing to provide customers optimized service
- Providing service and exposing commercial being based on demography feature
- Grasping frequency of access webpage
- Statistic about service use
- Sending publication, informing new service and item
- Planning web service and event which is suitable for customer's interest
- Survey for customers
3.Collection details of personal information
-Xpege is collecting necessary information to provide basic service and we are collecting the information after we acquire personal agreement. This is in case only we think it is desirable to provide optimized service depending on customer’s preference and needs. If customer does not enter menu option, we can restrict service use.
-Xpege is collecting personal information as below.
① Contents of personal information when customer joins membership
Identification of the person himself
Until the member
withdraw from membership
Contact details(Telephone number, mobile phone number etc.)
Identification of the person himself, treatment of notification and complaint
Providing information about item and service
Memorial day, purpose to use hotel, etc.
Providing information about item and service according to memorial day and preference
② The information which is created among process using service or business management
- Records of service use, Access log, cookie data, IP access information, Records to forbid use
-Xpege does not collect sensitive personal information related to concern about human rights abuses. This information includes race, people, thought, birthplace, political character, criminal records, health condition, sexual life, etc. If we must collect the information as above, we will ask user’s agreement in advance. And we will not use information user entered as different purpose with what we get agreement from user.
4. Method how to collect personal information
-Xpege collects personal information as follows.
- Joining membership through homepage, letter form, telephone and message board for consulting, application for prize, request of delivery
- Collecting information through the tools to create and collect information
-If customer choose “I agree” to written consent or stipulation for use of Xpege, we judge customer agreed with personal information collection.
5.Collecting personal information by cookie
-If customer access website, Xpege uses cookie which keeps and search for customer’s information. Cookie means small information which website transports to customer’s computer browser (internet explorer, chrome, etc.). The computer of Xpege will read details of cookie which exists in customer’s browser and search for customer’s additional information in customer’s computer. Therefore, it is possible to provide service without additional entry of name, the other information due to access.
-Management of cookie in Xpege
Xpege operates cookie for user’s convenience. The information being managed by Xpege is limited to Xpege membership ID only, does not collect any other information except it. The membership ID Xpege collected is used for the purpose as follows (Cookie is closed when browser is ended or log out).
- CONTACT US, Consulting, Registration of comment on message board
-Method how to refuse cookie configuration
If customer select option menu on customer’s web browser, it is possible to accept cookie or confirm whenever to store cookie or deny storage of all cookie. But please note there is limit in service provision in case cookie installation was denied.
6. Storage and destroy of personal information
-Xpege does not hesitate to destroy customer’s own information when we achieve purpose to collect personal information. Detail point in time to destroy is as follows.
① Information to join membership: In case to leave or be expelled from membership
② Delivery information: The time which delivery for item or service is completed
③ In case to collect the information for survey, event: The time which survey, event is over
④ Information to identify the person himself: In case to identify the person himself
- When the purpose to collect personal information as above was achieved, personal information must be destroyed right away, originally this is principle. But if there is reason to preserve the information, based on relative law and internal regulation, it will be preserved determined period as follows.
① Records about retraction of contract: 2 years
②Records about treatment of customer’s complaint or argument: 2 years
③ Information of identification to provide revisit service: in the same time to leave membership
-Method how to destroy
① Personal information being printed in paper: grinding or incinerating document
② Personal information being stored as type of electronic file: Deleting by using technical method, it is impossible to return
7. Providing and sharing collected personal information with a third party
-Xpege never exposes personal information to outside, beyond the range being released on “purpose to collect and use personal information” except customer’s agreement or related regulation on law. But at the following case, we provide personal information very carefully.
① We will inform detail reason and procedure in advance and allow choice to retract agreement regarding to utilization of personal information if service supplier’s right and obligation is completely transferred.
② In case to supply or share personal information, we ask agreement to customers through document or e-mail in advance regarding to the issue; who is the partner, what is supplied or shared among personal information, why such information has to be supplied or shared, until when it would be protected or managed. If customer does not agree with these, we do not provide or share personal information with our partner. And it is same procedure to inform or ask agreement when there is some change or termination in partnership.
-In case as follows, it is possible to provide personal information without customer’s permission.
① Implementation of contract about service supply
② In case to be based on regulation on related law or in case criminal investigation agency for purpose of investigation according to the procedure and method which is determined by law.
③ In case to change and provide not to identify personal information details for statistical data,academic research, and market research
8.User’s right, obligation and the method to use them
-Customer can take reading, modification, termination, suspension of treatment, retraction of agreement. If customer wants them, it is possible to click 《member’s information》 and read it directly, or contact with the person in charge of protecting personal information through letter or e-mail, then he will give help after he takes procedure to confirm the person himself. Direct telephone number is 82-2-560-9067.
-If customer requires correction about error of personal information, we do not utilize or provide personal information until correction is completed. And if we have already provided wrong personal information to a third party, we will let him make correction immediately by notifying the result of correction to a third party.
-Xpege treats personal information being terminated by customer according to regulation of using period for personal information being collected by Xpege and related law and also makes the information unavailable to read or use in other purpose.
-Customer must enter own personal information exactly to prevent unexpected accident. Xpege does not have any responsibility for accident due to inaccurate information customer entered by himself and customer can be disqualified from the reason.
-Customer has the right to enjoy the protection regarding to personal information but also customer has obligation not to invade others’ personal information. Customer needs to be careful with exposure of information and invasion of others’ information including comment on message board. If customer does not take responsibility to obey it and invade others’ information and human dignity, he can be punished by relative law.
9.Management of nonmember’s personal information
-Nonmember also can use Xpege’s service. We require personal information only we need absolutely.
-In case nonmember uses our service, we will only to use the personal information he entered in payment for charge and delivery for product.
10. Entrust of personal information management
-Xpege manages personal information, entrusting professional enterprise to perform service as follows.
-Xpege regulates compliance with law which related to personal information protection, maintenance of secret about personal information, prohibition of provision to a third party, taking responsibility for accident, period of consignment, return and destruction of personal information after treatment is completed, and we manage to keep these.
-Xpege will notify altered job description if there is change on it through homepage, letter, e-mail, telephone, SMS and etc.
11. Treatment to ensure safety about personal information
① Education & professionalization of personal information to person in the charge
We professionalize personal information manager and perform regular education to them.
② Regular self-inspection
We carry out regular self-inspection to guarantee safety related to personal information management.
③ Internal management plan
We set up and carry out internal management plan for safe treatment of personal information.
④ Encryption of personal information
User’s personal information is managed by encrypted password, nobody can know it except the person himself. And file and transported data is also encrypted, especially important data is managed by special security function.
⑤ Technical measures against hacking
We install security program to prevent personal information leakage and damage by hacking and computer virus. Also we update and check the program regularly and keep monitoring by setting up the surveillance system security area.
⑥ Limit access to personal information
We control access to personal information, allowing, modifying, and terminating authority to get access database system. We block unauthorized access from outside, using security system.
⑦ preservation of access log and prevention of alteration
We are keeping access log data for more than 6 months security functions to prevent access log data from alteration and loss.
⑧ Utilization of lock system to secure document
We are keeping document including person information and sub-storage medium in safe place where lock system is well-equipped
⑨ Restriction of access to unauthorized person
We have specific place to keep personal information and set up and carry out plan about restriction of access.
12.The person in charge of personal information management
-Keun Sik Kwak (email@example.com)
-Please query to the agency as follows if you need to report or consult about personal information infringement.
- www.eprivacy.or.kr / 82-2-580-0533~4
- www.spo.go.kr / 82-2-3480-2000
- www.ctrc.go.kr / 82-2-392-0330
13.Protection of personal information to children under 14 years of age
Xpege has policy as follows to protect personal information of requester less than 19 years of age who wants to join membership.
- We refuse request of membership to person less than 19 years of age.
- It is principle to deprive the certification of membership and forced withdrawal if user less than 19 years of age joined membership.
14.Transmission of commercial information
-Xpege does not transmit commercial information to get some profit against user’s definite denial.
-Xpege plan to make customers recognize easily in title and article of e-mail as follows when we send commercial information such like product information notice for marketing purpose.
- Title on e-mail: We describe main contents on the text of e-mail. The phrase such as (commercial) cannot be shown on the title of e-mail.
- E-mail text: We specify sender’s name, e-mail address, telephone number and address to let user show refusal against unwanted mailing. We describe the method to show intention of refusal exactly against unwanted mailing.
-Facsimile to customer agreed with reception of commercial mailing We take necessary measure to the customer agreed with reception of commercial mailing as we indicate sender’s name when we send commercial information to get some profit except mobile phone message service, fax.
15. Link site
-Xpege can provide other company’s website or link about data. But at this case, Xpege has no authorization to control against external website and its’ data, so we cannot take responsibility and guarantee about service and usefulness of data which is supplied from external website.
-When customer click the link Xepge includes and move to the other website, customer needs to investigate the website policy you moved from our site because the policy of website you moved has no relations with Xpege.
16.Posting on message board
-Xpege considers customer’s posting on message board very important and tries to prevent its alteration, damage, termination. But there is exemption in the following case.
- Spam mail: in example, chain letter, commercial for specific website
- In case to spread incorrect issue in purpose to abuse others and add damage to others’ honor.
- Throwing others’ personal information without agreement, violation of a third party’s copyright, definitely different description with the topic of message board.
- Xpege can delete specific part on article or amend it with marks in case to open personal information without agreement. We wish to make message board activate in desirable way.
- If some postings are different with the topic in current message board, we show the moving route on relative postings and are trying to prevent unnecessary misunderstanding caused from that.
- In the other cases, Xpege can delete postings including problem after individual or public notice.
-Individual writer has responsibility on management and copyright related to posting on message board. And customer needs to think over before the information will be opened because the information which is opened in voluntary cannot be protected.
17.Obligation to notify
We will notify the issue before 7 days at least if there is reason to change, terminate, add contents according to the reason to decide new law, or change some article of law, change external regulation of Xpege, or change security technic.
The policy for personal information starts to apply from 10th of March, 2017