UNIONCOMMUNITY (‘https://unioncomm.co.kr’, hereinafter referred to as “UNIONCOMMUNITY”) has established and disclosed this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to safeguard the personal information of individuals and to ensure the efficient handling of any concerns related to personal information.
○ This Privacy Policy shall come into effect on January 1, 2023
Article 1 (Purpose of Processing Personal Information)
UNIONCOMMUTNITY (‘https://unioncomm.co.kr’, hereinafter referred to as “UNIONCOMMUNITY”) processes personal information for the following purposes. The personal information being processed shall not be utilized for any purposes other than those explicitly stated below. In the event of any change in the intended use of such information, we will undertake requisite measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
① Processing of Complaints
We process personal information for the purpose of verifying any complaints, confirming the details of the complaints, contacting and notifying for fact-finding, and providing updates on the results.
② Utilization for marketing and advertising purposes
We process personal information for the purpose of developing new services(products), providing customized services, offering event and promotional information, and providing opportunities for participation;
Article 2 (Processing and Retention Period of Personal Information)
① UNIONCOMMUNITY processes and retains personal information within the legally prescribed or consented period when collecting personal information form the data subject.
② Here are the respective processing and retention periods for each type of personal information:
A. Processing of Complaints
i. Personal information collected and used for the purpose of handling complaints will be retained for a period of <3 years> from the date of consent.
ii. Legal basis for retention: Consent of the data subject
B. Utilization for marketing and advertising purposes
i. Personal information related to marketing and advertising purposes will be retailed and utilized for the specific purposes from the date of consent until the withdrawal of consent for marketing information.
ii. Legal basis for retention: Consent of the data subject
Article 3 (Categories of Processed Personal Information)
① Utilization for marketing and advertising purposes
A. Mandatory categories: Name, mobile phone number, email, company name
② Processing of Complaints
A. Mandatory categories: Name, mobile phone number, email, company name
Article 4 (Information on the Provision of Personal Information to Third Parties)
① UNIONCOMMUNITY processes personal information only within the scope specified in Article 1(Purpose of Processing Personal Information), and provide personal information to third parties only with the consent of the data subject or when it is required by special provisions of Article 17 and 18 of the “Personal Information Protection Act” or other applicable laws.
② UNIONCOMMMUNTIY provides personal information to third parties as follows:
A. <Name of the Homepage Operating Company>
i. Recipient of personal information: Gongtong I
ii. Purpose of personal information usage by the recipient: Name, mobile phone number, email, company name
iii. Retention and usage period by the recipient: Until the end of the homepage operation management agreement
Article 5
① To ensure efficient handling of personal information, UNIONCOMMUNITY has entrusted certain personal information processing tasks to the following entities.
A. <Homepage Operation>
i. Entity entrusted (Subcontractor): Gongtong I
ii. Description of outsourcing tasks: Verification of member information related to website operation
iii. Duration of the outsourcing: Until the expiration of the website operation outsourcing agreement
B. <Amazon Web Services, Inc>
i. Entity entrusted (Subcontractor): Amazon Web Services, Inc.
ii. Description of outsourcing tasks: Storage of personal information
iii. Duration of the outsourcing: Until the termination of the ‘DB server leasing agreement’
② UNIONCOMMUNITY ensures compliances with Article 26 of the Personal Information Protection Act by specifying the purpose of the outsourced tasks, prohibiting unauthorized processing of personal information, implementing technical and managerial safeguard, and restricting re-outsourcing. UNIONCOMMUNITY actively monitors whether the delegate securely handles personal information and takes responsibility for any damages that may arise.
③ If there are any changes in the content of the outsourced tasks or the delegates, we will promptly disclose such changes through this privacy policy.
Article 6 (Regarding the transfer of personal information overseas)
① <Personal information manager> entrusts the storage of personal information to the foreign corporation, Amazon Web Services, Inc. as follows:
A. Trustee: Amazon Web Services, Inc.
B. Location of the Trustee: 410 Terry Ave N Seattle, WA 98109, USA
C. Date and method of entrustment: Personal information is transferred through a network at the time when users input their personal information on the website, or offline when users provide their personal information and it is later transmitted through a network
D. Contact information of information manager: aws-korea-privacy@amazon.com
E. Personal information categories being entrusted: Name, email address, contact number, company name
F. Description of entrusted tasks: Providing DB server for storing user’s personal information
G. Retention and Storage period of personal information: Until the user requests to cancel their subscription or delete their information
Article 7 (Procedure and Method for Disposal of Personal Information)
① When personal information becomes unnecessary due to the expiration of the retention period or the fulfillment of the processing purpose, <Personal information manager> will promptly dispose it.
② If, despite the expiration of the consent-based retention period or fulfillment of the processing purpose, there is a legal obligation to continue retaining personal information, <Personal information manager> will transfer the information to a separate database or store it in a different location for preservation
③ The procedures and methods for the disposal of personal information are as follows:
A. Disposal procedure: The personal information administrator selects the personal information to be disposed of, and the disposal of such information is carried out with the approval of the personal information protection administrator.
B. Disposal Method: The personal information administrator ensures that electronically recorded or stored personal information is irreversibly destroyed to prevent its recovery. Personal information recorded or stored in paper documents is shredded or incinerated for disposal
Article 8 (Rights, Obligations, and Exercise Methods of Data Subjects and Legal Representatives)
① Data subjects have the right to exercise their rights, such as accessing, correcting, deleting, or requesting the suspension of their personal information, at any time with respect to UNIONCOMMUNITY
② According to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, the rights under clause 1 can be exercised towards UNIONCOMMUNITY through written requests, email, facsimile (FAX), or other methods. UNIONCOMMUNITY will promptly take appropriate measures in response to such requests.
③ The rights in clause 1 can be exercised through a legal representative or authorized agent, who must submit a power of attorney according to the specified format (Annex No. 11 of the “Guidelines on Personal Information Processing Methods (No. 2020-7)”).
④ The right to access and request the suspension of personal information processing may be limited according to Article 35(4) and Article 37(2) of the Personal Information Protection Act
⑤ The request for correction and deletion of personal information cannot be made if the personal information is explicitly stated as a collection target under another law.
⑥ UNIONCOMMUNITY verifies the identity of the requester, whether they are the data subject themselves or a lawful representative, when responding to requests for access correction, deletion, or suspension of processing in accordance with the data subject’s rights.
Article 9 (Measures for Ensuring the Security of Personal Information)
UNIONCOMMUNITY takes the following measures to ensure the security of personal information
① Establishment of Internal Management Plan
A. We have established and implemented an internal management plan to ensure the secure handling of personal information
② Training of Personnel Managing Personal Information
A. We have implemented measures to minimize the number of employees handling personal information by designated individual as responsible personnel.
③ Regular Internal Audits
A. Regular internal audits for ensuring personal data handling security (Quarterly internal audits for data security)
④ Access Restriction for Personal Information
A. We grant, modify, and revoke access permissions to the database system handling personal information to control access. We also use intrusion detection systems to prevent unauthorized external access.
⑤ Access Log Preservation and Tampering Prevention
A. We store access logs for the personal information processing system for a minimum of one year. For cases involving additional personal information for over 50,000 individuals or processing sensitive information, we retain and manage logs for a minimum of two years. Furthermore, we utilize security measures to prevent tampering, theft, and loss of access logs.
⑥ Encryption of Personal Information
A. The personal Information of users is stored with encrypted passwords, ensuring that only the individuals themselves can access it. Additionally, for sensitive state, we employ separate security measures such as encrypting files or utilizing file locking functions.
⑦ Technical Measures for Cybersecurity Preparedness
A. UNION(UNIONCOMMUNITY) has implemented security programs, regular updates, and inspections to prevent the leakage and tampering of personal information due to hacking. We have installed systems in restricted access areas and employ technical and physical monitoring to safeguard against unauthorized access from external sources.
⑧ Unauthorized Access Control: Restricting Entry to Unauthorized Individuals
A. We have implemented access control measures for a separate physical storage facility where personal information is stored.
Article 10 (Installation, Operation, and Opt-out Policy for Automated Personal Information Collecting Devices)
① UNION utilizes ‘cookies’ to store and retrieve usage information on a regular basis, in order to provide individualized tailored services to users.
② Cookies are small pieces of information sent by the server (HTTP) of a website to the user’s computer browser. They can be stored on the hard disk of the user’s PC computer.
A. Purpose of ‘Cookies”: Cookies are used to track user visits, usage patterns, popular search terms, and secure connections on services and websites.
B. Installation, Operation, and Refusal of Cookies: You can refuse the storage of cookies by adjusting the options in the Tools-> Internet Options-> Privacy Menu of your web browser.
C. If you refuse to store cookies, it may cause difficulties in accessing personalized services.
Article 11 (Additional Criteria for Assessing Usage and Provision)
UNION, in accordance with Article 15(3) and Article 17(4) of the Personal Information Protection Act, may use personal information without the consent of the data subject, considering the provisions of Article 14-2 of the Enforcement Decree of the Personal Information Protection Act. In this regard, UNION has considered the following factors in order to use personal information without the data subject’s consent.
① UNION has taken into account whether the purpose is relevant to the initial purpose of collection
② UNION has assessed the predictability of additional usage and provision of personal information
③ Determining whether the additional usage and provision of personal information unduly infringes upon the interests of the data subject
④ Assessing whether adequate measures have been implemented to ensure security
※ Businesses/organizations autonomously determine and disclose criteria for considering factors regarding additional usage and provision.
Article 12 (Information Regarding the Personal Information Protection Officer)
① UNIONCOMMMUNITY has designated a personal information officer to manage the overall handling of personal information and to take responsibility for handling complaints and remedying damages related to the processing of personal information.
A. Personal Information Protection Officer
i. Name: Sung-Cheol, Yeo
ii. Position: Director of R&D (Executive Director)
iii. Contact Number: 02-6488-3213
iv. Email Address: fois@unioncomm.co.kr
B. Personal Information Protection Department
i. Department: Information Security Department
ii. Name: Jung-Hyun Bae
iii. Contact number: 02-6488-3243
iv. Email Address: willsonbae@unioncomm.co.kr
② You may contact the Personal Information Protection Manager and the respective department of UNIONCOMMUNITY for any inquiries, complaints, or requests related to the protection of personal information of utilizing UNIONCOMMUNITY’s services or business. We will promptly respond to and address your inquiries as well as provide appropriate remedies.
Article 13 (Personal Information Access Request Department: Handling Requests for Personal Data Access)
① Information subjects may submit requests for accessing personal information in accordance with Article 35 of the Personal Information Protection Act to the following department
A. Department: Personal Information Access Request Managing Department
B. Team: CS Team
C. Manager: Sung-Jeong Kim
D. Contact Number: 02-6488-3094
E. Email Address: ksju0000@unioncomm.co.kr
Article 14 (Remedies for Violation of Data Subject’s Rights)
① For privacy-related remedies, contact the following organization for dispute resolution and consultation: Personal Information Dispute Resolution Committee, Korea Internet & Security Agency’s Personal Information Breach Report Center, and other relevant agencies
A. Personal Information Dispute Resolution Committee (without area code) 1833-6972 (kopico.go.kr)
B. Personal Information Breach Reporting Center (without area code) 118 (privacy.kisa.co.kr)
C. National Police Agency (without area code) 1301 (spo.go.kr)
D. Police Agency (without area code) 182 (ecrm.cyber.go.kr)
② Individuals who have experienced violations of their rights as a result of actions taken by the public institution in response to requests made under Article 35,36, or 37 of the Personal Information Protection Act may seek administrative adjudication in accordance with the provisions of the Administrative adjudication Act.
Article 15 (Revision to the Privacy Policy)
① This Privacy Policy shall come into effect on January 1, 2023