Eastsoft Co., Ltd. (hereinafter referred to as ‘the Company’) places great
importance on the personal information of its users and is committed to protecting it in
compliance with the Personal Information Protection Act and related legal regulations.
In accordance with Article 30 of the Personal Information Protection Act, the Company has established and publicized the following privacy policy to guide the procedures and standards for processing personal information and ensure any related grievances can be handled promptly and smoothly.
2) The Company processes users' personal information as follows:
Membership Registration and Service Use
Marketing
Service Operation and Management
Guidance on Processing Without Consent
• The Company informs subjects about personal information that can be processed without their consent, including the type of information and the legal basis for processing, through methods prescribed by Presidential Decree such as email.
During the service use process and the provision of service tasks, the following information may be generated or additionally collected:
- IP address, cookies, access logs, visit date and time, service use records, misuse records
The Company may collect additional personal information after obtaining consent from the subject for the purpose of providing specialized services.
Personal information is collected through the following methods:
- When data subjects agree to the collection of personal information and directly enter the information during the PERSO account creation process on the website
- When personal information is provided from affiliated services or organizations
- When the data subject provides information during service consultations through email, fax, phone, or written forms
Pseudonymized Information Processing
Measures for Ensuring the Safety of Pseudonymized Information
• The Company takes measures to ensure the safety of pseudonymized information and the additional information required for restoring it to its original state (hereafter referred to as "additional information").
• Pseudonymized information and additional information are stored separately. However, if additional information is unnecessary, it is destroyed.
• Access rights to pseudonymized information and additional information are separated, and minimum necessary access rights are granted for operational execution. Records of access rights are maintained.
• The Company prepares related records in this privacy policy to manage the processing content of pseudonymized information.
• The processing of pseudonymized information for the purpose of identifying specific individuals is strictly prohibited.
• If information capable of identifying specific individuals is generated during the processing of pseudonymized information, the processing of such information is immediately stopped, and the information is promptly retrieved and destroyed.
Definition of Cookies
A small text file sent by the server used to run the website to the user's browser and stored on the hard disk of the user's computer.
Purpose of Use
Cookies facilitate the use of the website as set by the user and are used to provide personalized and customized services by understanding the record of visits and usage patterns of the website by the user.
Rejection of Cookie Collection
Cookies do not store information that identifies individuals, and users have a choice whether to use cookies. Users can allow all cookies, check each time a cookie is saved, or refuse all cookies by setting the web browser.
Example of Cookie Settings
[Web]
Internet Explorer: Tools menu at the top of the web browser > Internet Options > Privacy > Settings
Chrome: Settings menu on the right side of the web browser > Show advanced settings at the bottom > Content settings button under Privacy > Cookies
[App]
(1) (Android) ① Settings → ② Privacy → ③ Ads → ③ Reset advertising ID or delete advertising ID
(2) (iPhone) ① Settings → ② Privacy → ③ Tracking → ④ Allow Apps to Request to Track Off
※ The menu and method may vary depending on the mobile OS version.
2. However, if there is a need to preserve personal information according to the company's internal policy or relevant laws, the information will be securely stored in a separate database (DB) for a specified period. During this period, the Company will keep the personal information according to the provisions of the law and will not use the information for any other purposes.
3. The contents of personal information retention and destruction are as follows:
Reasons for information storage by the company's internal policy
Reasons for information storage according to relevant laws
2. When entering into an entrustment contract, in accordance with Article 26 of the Personal Information Protection Act, the company specifies in the contract and other documents matters related to responsibilities such as personal information processing outside of the purpose of performing entrusted tasks, technical and managerial protective measures, and supervises the trustee to ensure the secure processing of personal information.
3. If the content of the entrusted work or the trustee changes, we will promptly disclose it through the prior consent notification according to the related laws or through this personal information processing policy.
Guide to Personal Information Processing Entrustment Tasks and Trustees
1) Managerial measures: Establishment and implementation of internal management plans, regular employee training
2) Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and update of security programs
3) Physical measures: Access control for computer rooms, document storage rooms, etc.
- Access and modification of personal information can be done in the ‘Account Settings’ menu.
- Service cancellation and membership withdrawal can be requested through the ‘Account Settings>Membership Withdrawal’ menu.
2. The exercise of rights mentioned in paragraph 1 can be made to the company in writing, by email, or fax, in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the company will take immediate action.
3. The rights mentioned in paragraph 1 can also be exercised through a legal representative or an agent authorized by the user. In this case, a power of attorney in accordance with the format in Annex 11 of the "Notice on the Methods of Processing Personal Information (No. 2020-7)" must be submitted.
4. Requests for access and suspension of processing of personal information may be restricted under Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act.
5. Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.
6. The company verifies whether the person making the request for access, correction⬝deletion, or suspension of processing is the user or a legitimate representative.
2. Under Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act, those whose rights or interests have been infringed upon by an action or inaction of a head of a public institution can file for administrative adjudication in accordance with the Administrative Adjudication Act.
Personal Information Protection Officer
1. The company is responsible for the overall management of personal information processing tasks and has designated a Personal Information Protection Officer to handle complaints and remedy damages related to personal information processing.
2. Users can inquire with the Personal Information Protection Officer and the designated department about all personal information protection-related queries, complaints, and remedy for damages arising while using the company's services. The company will respond promptly to users' inquiries.
The company will make an effort to process users' requests for access to personal information swiftly.
However, in cases of significant changes to user rights such as changes to the items of personal information collected or the purpose of use, the company will notify at least 30 days in advance, and if necessary, re-obtain user consent.
1. This personal information processing policy will apply from July 30, 2024.
2. In case of changes to the personal information processing policy, the company will promptly announce it through the 'Notices' section of the company website.
In accordance with Article 30 of the Personal Information Protection Act, the Company has established and publicized the following privacy policy to guide the procedures and standards for processing personal information and ensure any related grievances can be handled promptly and smoothly.
This Privacy Policy includes the following:
- Article 1: Guidance on the Collection and Use of Personal Information
- Article 2: Handling of Sensitive Information
- Article 3: Processing of Personal Information for Children Under 14
- Article 4: Processing of Pseudonymized Information
- Article 5: Installation and Denial of Automatic Personal Information Collection Devices
- Article 6: Retention, Use Period, and Destruction of Personal Information
- Article 7: Outsourcing of Personal Information Processing
- Article 8: Overseas Transfer of Personal Information
- Article 9: Measures to Secure the Safety of Personal Information
- Article 10: Rights of Users and Legal Representatives and How to Exercise Them
- Article 11: Personal Information Protection Officer and Remedies for Infringement of User Rights
- Article 12: Request for Access to Personal Information
- Article 13: Changes to the Privacy Policy
1. Guidance on Collection and Use of Personal Information
1) The Company collects the minimum necessary personal information for service use.2) The Company processes users' personal information as follows:
Membership Registration and Service Use
| Purpose of Collection | Mandatory Items | Optional Items | Retention and Use Period |
|---|---|---|---|
| Membership Registration and User Identification | Email, Password | Name | 6 months after membership withdrawal |
| Inquiries and Complaint Handling | Name, Mobile Phone Number, Email | Up to 3 years according to related laws | |
| Password Reset | Email, Password | 6 months after membership withdrawal | |
| Social (SNS) Membership Registration | Google, Microsoft Name/Email | User-selected options | 6 months after membership withdrawal |
Marketing
| Purpose of Collection | Mandatory Items | Optional Items | Retention and Use Period |
|---|---|---|---|
| Transmission of information related to PERSO marketing and benefits, service-related updates, and news | Name | Until consent withdrawal |
Service Operation and Management
| Purpose of Collection | Mandatory Items | Optional Items | Retention and Use Period |
|---|---|---|---|
| Payment Card Registration and Payment | For example: Card Number, Expiry Date, First 2 Digits of Card Password, Date of Birth/Business Registration Number, Email | Until membership withdrawal or up to 5 years according to related laws |
Guidance on Processing Without Consent
• The Company informs subjects about personal information that can be processed without their consent, including the type of information and the legal basis for processing, through methods prescribed by Presidential Decree such as email.
During the service use process and the provision of service tasks, the following information may be generated or additionally collected:
- IP address, cookies, access logs, visit date and time, service use records, misuse records
The Company may collect additional personal information after obtaining consent from the subject for the purpose of providing specialized services.
Personal information is collected through the following methods:
- When data subjects agree to the collection of personal information and directly enter the information during the PERSO account creation process on the website
- When personal information is provided from affiliated services or organizations
- When the data subject provides information during service consultations through email, fax, phone, or written forms
2. Handling of Sensitive Information
The Company does not collect sensitive personal information of its users.3. Processing of Personal Information for Children Under 14
Our services are only available for users aged 14 and above to register.4. Processing of Pseudonymized Information
The Company processes pseudonymized information for the following purposes. Pseudonymized information refers to information that cannot identify a specific individual without the use of additional information to restore it to its original state.Pseudonymized Information Processing
| Purpose of Processing | Items Processed | Retention and Use Period |
|---|---|---|
Measures for Ensuring the Safety of Pseudonymized Information
• The Company takes measures to ensure the safety of pseudonymized information and the additional information required for restoring it to its original state (hereafter referred to as "additional information").
• Pseudonymized information and additional information are stored separately. However, if additional information is unnecessary, it is destroyed.
• Access rights to pseudonymized information and additional information are separated, and minimum necessary access rights are granted for operational execution. Records of access rights are maintained.
• The Company prepares related records in this privacy policy to manage the processing content of pseudonymized information.
• The processing of pseudonymized information for the purpose of identifying specific individuals is strictly prohibited.
• If information capable of identifying specific individuals is generated during the processing of pseudonymized information, the processing of such information is immediately stopped, and the information is promptly retrieved and destroyed.
5. Installation and Rejection of Automatic Personal Information Collection Devices
To provide personalized and customized services, the Company uses 'cookies' which store and frequently retrieve user's information.Definition of Cookies
A small text file sent by the server used to run the website to the user's browser and stored on the hard disk of the user's computer.
Purpose of Use
Cookies facilitate the use of the website as set by the user and are used to provide personalized and customized services by understanding the record of visits and usage patterns of the website by the user.
Rejection of Cookie Collection
Cookies do not store information that identifies individuals, and users have a choice whether to use cookies. Users can allow all cookies, check each time a cookie is saved, or refuse all cookies by setting the web browser.
Example of Cookie Settings
[Web]
Internet Explorer: Tools menu at the top of the web browser > Internet Options > Privacy > Settings
Chrome: Settings menu on the right side of the web browser > Show advanced settings at the bottom > Content settings button under Privacy > Cookies
[App]
(1) (Android) ① Settings → ② Privacy → ③ Ads → ③ Reset advertising ID or delete advertising ID
(2) (iPhone) ① Settings → ② Privacy → ③ Tracking → ④ Allow Apps to Request to Track Off
※ The menu and method may vary depending on the mobile OS version.
6. Retention, Use Period, and Destruction of Personal Information
1. Upon the expiration of the retention period of personal information consented by the user, or once the purpose of processing has been achieved, the Company will immediately destroy the personal information. In the case of electronic file types, they are deleted in a way that cannot be recovered or reproduced, and for records, printouts, documents, etc., they are shredded or incinerated.2. However, if there is a need to preserve personal information according to the company's internal policy or relevant laws, the information will be securely stored in a separate database (DB) for a specified period. During this period, the Company will keep the personal information according to the provisions of the law and will not use the information for any other purposes.
3. The contents of personal information retention and destruction are as follows:
Reasons for information storage by the company's internal policy
| Stored Information | Reason for Storage | Retention Period |
|---|---|---|
| User information | Prevention of wrongful sign-ups and usage upon withdrawal (Stored and processed in an unidentifiable state) |
6 months from withdrawal |
| User records | Refund actions and complaint handling | 6 months after handling completion |
Reasons for information storage according to relevant laws
| Stored Information | Legal Basis | Retention Period |
|---|---|---|
| Records related to contracts or withdrawal of subscriptions | Act on the Consumer Protection in Electronic Commerce, Etc. | 5 years |
| Record of payment and supply of goods, etc. | 5 years | |
| Record on consumer complaints or dispute resolution | 3 years | |
| Record on advertising and display | 6 months | |
| All transaction records and supporting documents as required by tax law | National Tax Service Basic Act | 5 years |
| Record of electronic financial transactions | Electronic Financial Transactions Act | 5 years |
| Record of access | Protection of Communications Secrets Act | 3 months |
| Record of communications confirmation | 12 months |
7. Personal Information Processing Entrustment
1. The company entrusts some personal information processing tasks for smooth processing of personal information tasks.2. When entering into an entrustment contract, in accordance with Article 26 of the Personal Information Protection Act, the company specifies in the contract and other documents matters related to responsibilities such as personal information processing outside of the purpose of performing entrusted tasks, technical and managerial protective measures, and supervises the trustee to ensure the secure processing of personal information.
3. If the content of the entrusted work or the trustee changes, we will promptly disclose it through the prior consent notification according to the related laws or through this personal information processing policy.
Guide to Personal Information Processing Entrustment Tasks and Trustees
| Intercom | CS processing and operational tasks according to service use |
| Google LLC | Web usability analysis and improvement, account verification, and service provision for membership services |
| ESTsoft Inc. | Payment for the provision of paid services |
| Stripe, Inc. | Payment for the provision of paid services |
| Noticeable | Service-related update news |
| MS Azure | Data storage and management of computer systems |
| Microsoft | Account verification and service provision for membership services |
| Hotjar | Analysis of service usage behavior |
8. Overseas Transfer of Personal Information
The company does not provide personal information to other businesses overseas. However, personal information processing tasks are transferred overseas for the purpose of fulfilling contracts related to the provision of information and communication services and enhancing user convenience. If you do not consent to the overseas transfer of personal information, you may notify your refusal by contacting the email of the department in charge of personal information protection (privacy@estsoft.com). However, in this case, you will no longer be able to use the related services.| Purpose | Items | Time and Method | Retention and Use Period | Company and Country |
|---|---|---|---|---|
| Data storage and system operation & management | Transferred via encrypted network when providing services /td> | Until consent withdrawal or the earlier of contract termination | Azure Cloud/ USA | |
| Web usability analysis and improvement | Visit time, service usage records, Cookie ID | Transferred via encrypted network when providing services | Until the earlier of contract termination or 5 years from the collection date | Google LLC / USA |
| Payment for the provision of paid services | Transaction amount, card number, expiration date, first two digits of card password, date of birth/business registration number, email | Until membership withdrawal or up to 5 years in accordance with relevant laws | ESTsoft Inc. / USA | |
| Payment for the provision of paid services | Transaction amount, card number, expiration date, first two digits of card password, date of birth/business registration number, email | Until membership withdrawal or up to 5 years in accordance with relevant laws | Stripe, Inc. / USA |
9. Measures to Ensure the Security of Personal Information
The company has taken the following measures to ensure the security of personal information:1) Managerial measures: Establishment and implementation of internal management plans, regular employee training
2) Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and update of security programs
3) Physical measures: Access control for computer rooms, document storage rooms, etc.
10. Rights of Users and Legal Representatives and How to Exercise Them
1. Users can exercise their rights to request access, correction, deletion, and suspension of processing of personal information at any time, and can withdraw their consent to the use of personal information provided through cancellation request.- Access and modification of personal information can be done in the ‘Account Settings’ menu.
- Service cancellation and membership withdrawal can be requested through the ‘Account Settings>Membership Withdrawal’ menu.
2. The exercise of rights mentioned in paragraph 1 can be made to the company in writing, by email, or fax, in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the company will take immediate action.
3. The rights mentioned in paragraph 1 can also be exercised through a legal representative or an agent authorized by the user. In this case, a power of attorney in accordance with the format in Annex 11 of the "Notice on the Methods of Processing Personal Information (No. 2020-7)" must be submitted.
4. Requests for access and suspension of processing of personal information may be restricted under Article 35, Paragraph 4, and Article 37, Paragraph 2 of the Personal Information Protection Act.
5. Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.
6. The company verifies whether the person making the request for access, correction⬝deletion, or suspension of processing is the user or a legitimate representative.
11. Personal Information Protection Officer and Remedies for Infringement of User Rights
1. Users seeking remedies for personal information infringement can apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center operated by the Korea Internet & Security Agency, etc. For other reports or consultations on personal information infringement, please contact the following institutions.| Personal Information Dispute Mediation Committee | |
|---|---|
| Website https://www.kopico.go.kr/ | Phone 1833-6972 |
| Personal Information Infringement Report Center (Operated by the Korea Internet & Security Agency) | |
| Website https://privacy.kisa.or.kr/ | Phone (toll-free) 118 |
| Cyber Crime Investigation Unit of the Supreme Prosecutors' Office | |
| Website https://www.spo.go.kr/ | Phone (toll-free) 1301 |
| Korean National Police Agency | |
| Website https://ecrm.police.go.kr/ | Phone (toll-free) 182 |
2. Under Article 35 (Access to Personal Information), Article 36 (Correction and Deletion of Personal Information), and Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act, those whose rights or interests have been infringed upon by an action or inaction of a head of a public institution can file for administrative adjudication in accordance with the Administrative Adjudication Act.
| Central Administrative Appeals Commission | |
|---|---|
| Website https://www.simpan.go.kr/ | Phone (toll-free) 110 |
Personal Information Protection Officer
1. The company is responsible for the overall management of personal information processing tasks and has designated a Personal Information Protection Officer to handle complaints and remedy damages related to personal information processing.
2. Users can inquire with the Personal Information Protection Officer and the designated department about all personal information protection-related queries, complaints, and remedy for damages arising while using the company's services. The company will respond promptly to users' inquiries.
Personal Information Protection Officer
Personal Information Protection Department
Name: Kwon Taek-soon
Position: CTO
Position: CTO
Personal Information Protection Department
Department: IT Infrastructure Information Security Team
Phone: 02-583-4620
Email: privacy@estsoft.com
Phone: 02-583-4620
Email: privacy@estsoft.com
12. Information Access Inquiry
Users may request access to their personal information under Article 35 of the Personal Information Protection Act from the following department.The company will make an effort to process users' requests for access to personal information swiftly.
Department receiving and processing requests for information access:
Department Name: ESTsoft Customer Center
Contact Number: 1544-8209
FAX: (02)-882-1155
Email: perso.info@estsoft.com
Contact Number: 1544-8209
FAX: (02)-882-1155
Email: perso.info@estsoft.com
13. Changes to the Personal Information Processing Policy
The company will notify of any additions, deletions, or modifications to this personal information processing policy at least 7 days in advance.However, in cases of significant changes to user rights such as changes to the items of personal information collected or the purpose of use, the company will notify at least 30 days in advance, and if necessary, re-obtain user consent.
1. This personal information processing policy will apply from July 30, 2024.
2. In case of changes to the personal information processing policy, the company will promptly announce it through the 'Notices' section of the company website.
- Announcement Date: July 23, 2024
- Effective Date: July 30, 2024
- Effective Date: July 30, 2024