The "Personal Information Protection Act” and the personal information processing policy of DMZ Integrated Information System-DMZigi are as follows:
Article 1. (The Purpose of Processing of Personal Data) DMZ Integrated Information System collects and uses personal data for the following purposes. The collected personal information will not be used for purposes other than the specified purpose. If the purpose of collection is changed, we will notify the user in advance and obtain consent.
A. Identification and verification of members
B. The provision of services in accordance with personal identification
C. Improvement and evaluation of services of DMZ Integrated Information System
Article 2. (Processing and Retention Period of Personal Information) In principle, the personal information of the user is destroyed without delay when the purpose of processing the personal information is achieved.
Article 3. (Provision of Personal Information to Third Parties) In principle "DMZigi" treats personal information of the user within the specified range in Article 1 (The Purpose of Processing of Personal Data), and we will not be processed beyond the original scope without prior consent of the user or provided to a third party. However, in cases of special regulations in other laws, or in cases where it falls under Article 18 (2) of the 「Personal Information Protection Act」, such as investigation of a crime, it is treated as an exception.
Article 4. (Personal information processing consignment) "DMZigi" consigns personal information processing business for smooth management, as follows:
- Company name: Cidow.
- Address: IM B/D 3F, 71, Nonhyeon-ro 79-gil, Gangnam-gu, Seoul, Korea
- Call : 02) 325-1009
- Business hours : 09:00 - 18:00
B. Consignment contents
- DMZ Integrated Information System Service expand business and operation support
-Compliance with personal information protection laws and regulations, we prohibit third parties from disclosing personal information and bear the burden of responsibility when contracting, we will notify you through the personal information processing policy when changing the company.
Article 5. (Rights and Duties of the Data Subject, and How to do it) The user can exercise the following rights as the subject of personal data.
A. Access to one’s own personal information
B. Requests for correction and deletion of errors in personal information, and requests to stop processing.
C. Requests for viewing, correcting and deleting personal information requires the identity verification process.
D. And in accordance with Article 8 of the Enforcement Regulations of the Personal Information Protection Act, E-mail, fax etc., and the agency will take action without delay.
E. If the user requests correction or deletion of personal information, we will not use or provide personal information until completion of processing. If we use or provide wrong personal information, we will correct it without delay.
F. Requests for personal information viewing and suspension may be restricted by the provisions of Article 35 (5), Article 37 (2) of the Personal Information Protection Act.
G. If requests for correction and deletion of personal information cannot be accepted, if the information is stipulated in other laws or regulations.
H. A request for access, correction, deletion and stop processing, etc., in accordance with the right of the information subject, it requires the identity verification.
Article 6. (Contents of Processing of Personal Information) In order to provide smooth service, we collect and process personal information as follows:
A. Social Login Information
- Facebook : Profile picture, ID, e-mail, name and gender
- Twitter : Profile Picture, ID and name
- Naver : Profile picture, ID, nickname, e-mail and gender
- Tistory : Profile picture, ID, e-mail, the number of blog, name and blog URL
B. Automatic data collection
-Service use history, visit history, access IP information
(2) Collection methods
B. Mobile web and app
Article 7. (Procedures and methods of destructing personal information) In principle, DMZ Integrated Information Systems will destroy personal data promptly after achieved the purpose of processing. However, this may not be the case if it should be preserve in accordance with other laws and regulations. The procedures, deadlines and methods of destruction are as follows:
A. Destruction procedures and deadlines
- If the retention period of unnecessary personal information has elapsed, we will destroy without delay from the end of the holding period.
B. Destruction methods
- The personal information will be permanently destroyed electronically in such a way that it cannot be recover or reproduce.
Article 8. (Measures to Ensure the Security of Personal Information) DMZ Integrated Information System takes measures technically, administratively and physically to secure the safety in accordance with Article 29 of Personal Data Protection Act, as follows:
C. To minimize and educate staff dealing with personal data
- The positively necessary number of people to handle personal data is selected and managed, and they are trained for the safe management.
D. Limit to access to personal information
- We take necessary measures to control access to personal information. We use intrusion prevention system to control unauthorized access from outside when granting access to the database system that processes personal information • Modifying • Deleting •Cancellation.
E. To keep the history of access
- We keep and manage the history of connecting to personal data-processing system (web logs, summaries, etc.) for at least 6 months.
F. Encryption of personal information
- Personal information is securely stored and managed through encryption. In addition, important data is using a separate security function by being encrypted while saving and sending.
G. Access control to unauthorized persons
- We have established a physical storage place for personal information system that keeps personal information and set up access control procedures.
Article 9. (Remedies for Infringement on Rights and Interests) In order to relieve the damage caused by personal information infringement, you can apply for dispute settlement or consultation with Korea Internet & Security Agency's Privacy Complaints Center and the Personal Information Dispute Mediation Committee.
A. Personal Information Dispute Mediation Committee: 02-405-5150(www.kopico.or.kr)
B. Privacy Complaints Center: (without the area code)118 (privacy.kisa.or.kr)
C. Supreme Prosecutors’ Office, Cyber Crime Investigation Team: 02-3480-3571 (firstname.lastname@example.org)
D. National Police Agency, Cyber Terror Response Center: 1566-0112 (www.netan.go.kr)
In addition, regarding the request of the information subject about reading, correcting, deleting, any person who has violated the rights or interests due to the disposition or omission of the public agency may request administrative judgment in accordance with the Administrative Appeals Act. (Refer to the Central Administrative Judgment Committee (http://simpan.go.kr)
Article 10. (Chief Privacy Officer) Privacy officer in accordance with Personal Data Protection Act, as follows:
A. Chief Privacy Officer: Ministry of the Interior and Safety, Policy planner.
B. Personal information protection field manager: Ministry of the Interior and Safety, Regional Development Director
C. Personal information handler
- Officer: Ministry of the Interior and Safety, Regional Development Division, Action Officer, Jaeyeon Lee
- Contact: 02-2100-4226(fax : 02-2100-3759), email@example.com