Privacy policy
Chemtopia Co., Ltd. (hereinafter referred to as the 'Company') processes and safely manages personal information legally in compliance with the Personal Information Protection Act and related laws and regulations to protect the freedom and rights of information subjects. In accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses the following privacy policy to inform information subjects of the procedures and standards for processing personal information and to promptly and smoothly handle related grievances.
The Company processes personal information for the following purposes. The personal information processed will not be used for any purpose other than the following purposes, and if the purpose of use is changed, it will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
① Newsletter: To send the company's information newsletter to customers who have consented to the information subject.
② Customer support inquiries: Receiving inquiries and suggestions from customers who have consented to the information subject.
① The Company processes and retains personal information within the period of retention and use of personal information in accordance with the laws and regulations or the period of retention and use of personal information agreed upon when collecting personal information from the information subject.
② The period of processing and retention of each personal information is as follows.
A. Newsletter: (Required) Name, email, (retention period) until the customer withdraws the consent
B. Customer support inquiries: (required) Name, contact information, email, company name, position, department, (retention period) 1 year after customer inquiry
③ Related laws and regulations: Records on consumer complaints or dispute handling: 3 years, records on collection, processing and use of credit information: 3 years, records on contract or subscription withdrawal: 5 years, records on labeling/advertising: 6 months
We do not collect personal information about children under the age of 14.
The Company does not provide personal information of the information subject to third parties.
① The Company shall destroy the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period or the achievement of the purpose of processing.
② If the retention period of personal information agreed to by the information subject has elapsed or the purpose of processing has been achieved, but the personal information must continue to be preserved in accordance with other laws and regulations, the personal information shall be transferred to a separate database (DB) or preserved in a different storage location.
③ After the purpose of using the collected personal information is achieved, the Company shall destroy the information without delay in accordance with the retention period and the period of use. The procedure, method, and time of destruction are as follows.
- Personal information entered by the customer for the purpose of using the service shall be deleted or destroyed after the purpose of use, such as termination of the service, is achieved and the retention period for information protection reasons under the internal policy and other relevant laws and regulations (refer to Period of retention and use of personal information above) has elapsed. In general, personal information collected by the Company and managed in the form of electronic files is deleted as soon as the purpose is achieved.
- Personal information printed on paper is destroyed by shredding, incineration, or chemical treatment to dissolve it, and personal information stored in electronic files is deleted using technical methods that make it impossible to reproduce the records.
① The information subject may exercise rights such as requesting to view, correct, delete, or suspend the processing of personal information at any time against the Company.
② The exercise of rights may be made in writing, e-mail, facsimile transmission (FAX), etc. to the Company in accordance with Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
③ The rights may be exercised through an agent, such as the legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in the form of Attachment No. 11 of the “Notification on the Method of Handling Personal Information (No. 2020-7).”
④ For requests for access to personal information and suspension of processing, the rights of the information subject may be limited in accordance with Article 35 (4) and Article 37 (2) of the Personal Information Protection Act.
⑤ A request for correction and deletion of personal information cannot be made if the personal information is specified as the subject of collection in other laws and regulations.
⑥ The Company shall verify whether the person making the request for access, correction, deletion, or suspension of processing in accordance with the rights of the information subject is the person or a legitimate representative.
The Company implements technical, administrative, and physical measures necessary to ensure the safety of personal information so that it is not lost, stolen, leaked, altered, or damaged as follows.
① Establishment and implementation of an internal management plan: The Company establishes and implements an internal management plan to protect personal information.
② Minimization and training of personal information handlers: We designate the person in charge of handling personal information and implement measures to manage personal information by minimizing the number of handlers.
③ Encryption of personal information: The user's personal information is stored and managed with an encrypted password, so only the user can know it, and for important data, we use separate security functions such as encrypting file and transmission data or using a file lock function.
④ Technical measures against hacking, etc.: In order to prevent leakage and damage of personal information due to hacking or computer viruses, the Company installs security programs, periodically updates and inspects them, installs systems in areas with controlled access from the outside, and monitors and blocks them technically and physically at its website.
⑤ Access control for unauthorized persons: The Company has a separate physical storage location for the personal information processing system that stores personal information and has established and operated access control procedures for this purpose.
① We will notify you of any additions, deletions, or modifications to the contents of this Privacy Policy on our website at least 7 days prior to the effective date of the changes.
② This Privacy Policy will be effective from May 1, 2024.