Sugentech, Inc. (hereinafter referred to as "Company") operates the Suearly SMART application service (hereinafter referred to as "Service") to protect users' personal information and rights, and to handle users' complaints smoothly.
1. Purpose of collecting and using personal information
The company uses the collected personal information for the following purposes. The collected personal information will not be used for any purpose other than the following purposes, and prior consent will be sought if the purpose of use is changed.
1.
The purpose of the company's collection and use of user personal information and the personal information items are as follows.
Item | Purpose | Holding period | |
Required information for e-mail signup | (Required)Email, password, name, nickname, year of birth, gender, privacy number, device purchase area (country)
(Select)Profile photo | Confirmation of intention to sign up for membership, identification/certification, maintenance/management of membership qualifications, identity verification, confirmation and prevention of illegal use of services, various notices/notifications, grievance handling, service provision and consultation, satisfaction survey, customized content and product recommendation, etc. Marketing utilization | Until membership withdrawal |
Required information when signing up for a Apple account | (Required)Email, Apple linked ID, name, nickname, birthday year, gender, privacy number, device purchase area (country)(Select)Profile photo | Confirmation of intention to sign up for membership, identification/certification, maintenance/management of membership qualifications, identity verification, confirmation and prevention of illegal use of services, various notices/notifications, grievance handling, service provision and consultation, satisfaction survey, customized content and product recommendation, etc. Marketing utilization | Until membership withdrawal |
Required information when signing up for a Naver account | (Required)Naver linked ID, Naver token, email, name, nickname, birthday year, gender, privacy number, device purchase area (country)(Select)Profile photo | Confirmation of intention to sign up for membership, identification/certification, maintenance/management of membership qualifications, identity verification, confirmation and prevention of illegal use of services, various notices/notifications, grievance handling, service provision and consultation, satisfaction survey, customized content and product recommendation, etc. Marketing utilization | Until membership withdrawal |
Required information when signing up for a Google account | (Required)Google linked ID, Google token, email, name, nickname, birthday year, gender, privacy number, device purchase area (country)(Select)Profile photo | Confirmation of intention to sign up for membership, identification/certification, maintenance/management of membership qualifications, identity verification, confirmation and prevention of illegal use of services, various notices/notifications, grievance handling, service provision and consultation, satisfaction survey, customized content and product recommendation, etc. Marketing utilization | Until membership withdrawal |
Information generated in the course of service use or business processing | Device (including various wired and wireless devices such as mobile and tablet PCs) IP address, MAC address, service usage record, access log, cookie, access IP address, preparation and suspension record | Utilize service utilization statistics and analysis | Until membership withdrawal |
Consultation and Complaint Handling Information | Name, mobile number, ID, email | Information or complaints during consultation or complaints | Until membership withdrawal(However, preservation until the time prescribed by other laws and regulations) |
2. Processing and retention period of personal information
The company processes and holds personal information within the period of holding and using personal information or collecting personal information from users according to laws and regulations.
1.
Personal information related to membership registration and service use and management is retained and used for the purpose of use specified in Article 1 for up to 3 years from the date of agreement on collection and use.
2.
In the case of a member who violates the terms and conditions of use and related laws, member information can be kept up to two years after withdrawal to protect other members and use them as evidence when requesting an investigation by a judicial agency.
3.
If the service has not been used for more than a year, it shall be notified to the user under Article 39-6 of the Personal Information Protection Act, and stored and managed separately for five years from the date of conversion of other users' personal information. If requested by the customer, the above period can be set differently. However, if it is necessary to preserve it in accordance with relevant laws and regulations such as the Communications Secret Protection Act or the Consumer Protection Act in e-commerce, the user's personal information shall be kept for a certain period prescribed by the relevant laws and regulations.
ordinance | category | Period |
Communications Secret Protection Act | Logging | 3 months |
Act on Consumer Protection in Electronic Commerce, etc. | Records of the handling of consumer complaints or disputes | 3 years |
3. Matters concerning the provision of personal information to third parties
The company provides personal information to third parties only if it falls under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the information subject and special provisions of the law.
You have the right to refuse consent to the provision of personal information to third parties, and if you refuse consent, you will not be able to receive services and information from the company.
4. Entrustment of personal information processing
1.
The company entrusts the personal information processing work as follows for smooth personal information processing.
a consignment company | Contents of consignment work | Entrustment items | Personal information retention and usage period |
Amazon Web Service Inc | Data archiving and system operations | All personal information collected during the service delivery process | Until membership withdrawal. |
2.
If the details of the entrusted work or the trustee changes, it will be disclosed through this personal information processing policy without delay.
5. Disadvantages in the case of refusal to collect, use, or provide personal information
The company's personal information processing policy may be changed according to changes in laws and notices, or the company's terms and conditions and internal policies, and the company will post the changes on the service screen or notify the user. Users may refuse to consent to the following matters related to the collection, use, provision, consignment, etc. of personal information if they do not want to: However, if the user refuses to consent, we inform you that all or part of the service is not available.
6. User's rights, obligations, and methods of exercise
1.
Users can request the company to view or provide their personal information registered through the "Surely SMART" service and the status provided to third parties at any time, request correction if there is an error, and request deletion and withdrawal. However, the company may refuse the request if there is a legitimate public interest reason to refuse the request, such as access prohibited or restricted by law, or if there is a risk of harming another person's body or life, and if so, it notifies the information subject of the reason and method of objection verbally or in writing within 10 days.
2.
The exercise of rights under paragraph 1 can be done by writing, e-mail, or faxing in accordance with attached Form 8 of the Enforcement Rule of the Personal Information Protection Act, and Company., Ltd. will take action without delay.
3.
Users can withdraw their consent to the collection and use of personal information by terminating the service use contract (withdrawal of members).
4.
If you request the correction of personal information, you will not use or provide the personal information until the correction is completed. In addition, if the wrong personal information has already been provided to a third party, we will notify the third party of the result of the correction without delay so that the correction can be made. However, the access and correction of personal information may be restricted exceptionally in the following cases. 1. Where there is a risk of significant harm to the life, body, property, or rights and interests of the person or a third party; 2. If there is a risk of significantly impeding the business of the service provider 3. In case of violation of laws and regulations
5.
The company deletes or removes personal information and personal data upon request for deletion or withdrawal of membership. However, the company may keep the member's personal information for a period under laws and regulations as specified in Article 2 "Period of Processing and Retention of Personal Information".
7. Measures to secure the stability of personal information
In accordance with Article 29 of the Personal Information Protection Act, the company takes technical, administrative, and physical measures necessary to secure stability as follows.
1.
Password encryptionThe password of the member's email (ID) is encrypted, stored and managed, so only the person knows it, and the person who knows the password can check or change personal information.
2.
Countermeasures against hacking, etc.The company is doing its best to prevent the leakage or damage of members' personal information due to hacking or computer viruses. We back up data from time to time in preparation for personal information damage, use the latest vaccine program to prevent leakage or damage of users' personal information, and safely transmit personal information on the network through encrypted communication. And we're using intrusion prevention systems to control unauthorized access from outside, and we're trying to have every possible technical device to ensure systematic security.
3.
Minimize and train processing staffThe company's personal information processing staff is limited to the person in charge and updated regularly with a separate password. We always emphasize compliance with the company's personal information processing policy through occasional training for the person in charge.
4.
Restricting access to personal informationWe take necessary measures to control access to personal information by granting, changing, and canceling access to the database system that processes personal information. We control unauthorized access from outside using the intrusion prevention system.
5.
Operation of an organization dedicated to personal information protectionWe are trying to check the implementation of the company's personal information processing policy and compliance with the person in charge through an in-house personal information protection organization to correct and correct problems immediately if they are found. However, Shurely Smart is not responsible for any problems caused by the leakage of personal information such as IDs and passwords due to the user's own carelessness or Internet problems.
8. destruction of personal information
In principle, the company destroys the personal information without delay if the purpose of processing personal information is achieved. The procedure, time limit, and method of destruction are as follows.
1.
A revocation procedureThe information entered by the user is transferred to a separate DB after achieving the purpose (in the case of paper, a separate document) and is stored for a certain period of time or destroyed immediately in accordance with internal policies and other relevant laws. At this time, it was transferred to the DB and personal information is not used for any other purpose except in the case of law.
2.
The deadline for destructionIf the user's personal information has elapsed since the ownership period of personal information, it is necessary to be unnecessary information, such as the end of the end of the ownership period.
3.
Method of destructionInformation in electronic file formats uses a technical method that does not allow records to be played back. Personal information printed on paper is crushed by a grinder or destroyed through incineration.
9. Personal Information Protection Officer and Person in Charge
The company designates the person in charge and the person in charge of personal information protection as follows to protect the user's personal information and handle grievances related to personal information.
Personal Information Protection Officer | Personal Information Protection Person |
Name: Su-Jin Ku
Position: Quality Management Headquarters / Senior Managing Director
Email : surearly@sugentech.com | Name : Kyung-Soon Lee
Position: General Manager
Email : surearly@sugentech.com |
If you need to report or consult about other personal information infringement, please contact the institution below.
•
Personal Information Infringement Reporting Center (https://privacy.kisa.or.kr, 118 without national number)
•
Cyber Investigation Division of the Supreme Prosecutors' Office (https://www.spo.go.kr, 1301 without national number)
•
National Police Agency Cyber Security Bureau (https://ecrm.police.go.kr, 182 without station number)
10. duty of notice
If the contents of this personal information processing policy are added, deleted, or modified, it will be notified at least 7 days before the revision through the "Notice" on the service and website.
However, if there is an important change in user rights, such as the collection and utilization of personal information or the provision of third parties, it shall be notified at least 30 days in advance.
11. Applicable laws and competent courts
1. These Terms and Conditions are governed by and construed in accordance with the laws of the Republic of Korea.
2. Litigation concerning disputes between the company and the user shall be under the exclusive jurisdiction of the Seoul Central District Court.
3. In the case of users with addresses or residences abroad, the Seoul Central District Court of the Republic of Korea shall be the competent court for litigation concerning disputes between the company and the users, despite the preceding paragraph.
This personal information processing policy will take effect from March 1, 2024.