OS Designers Co., Ltd. Privacy Policy

OS Designers Co., Ltd. (hereinafter referred to as the 'Company') establishes and discloses the following personal information processing policy to protect the personal information of the information subject and to handle related grievances promptly and smoothly.

- Table of Contents -

1. 1. Purpose of Personal Information Processing
2. 2. Personal Information Processing and Retention Period
3. 3. Matters on the Provision of Personal Information to Third Parties
4. 4. Rights, Obligations, and Exercise Methods of the Information Subject and Legal Representative
5. 5. Items of Personal Information Processed
6. 6. Procedures and Methods for Destroying Personal Information
7. 7. Measures to Ensure the Safety of Personal Information
8. 8. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
9. 9. Matters on the Personal Information Protection Officer
10. 10. Criteria for Judging Matters Considering Each Item of Article 14-2, Paragraph 1
11. 11. Department Receiving and Processing Requests for Access to Personal Information
12. 12. Remedies for Infringement of Rights
13. 13. Matters Concerning Changes to the Personal Information Processing Policy.

Article 1: Purpose of Personal Information Processing

The company processes personal information for the following purposes. Personal information being processed will not be used for purposes other than those specified below. If the purpose of use changes, the company intends to take the necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act. 

[Customer Inquiry Response]

The company processes personal information for the purposes of service consultation and provision, sending contracts and invoices, providing content, providing tailored services, billing and settlement, and debt collection.

[Utilization for Marketing and Advertising]

Personal information collected from customers who have agreed to receive marketing information, such as newsletters, is processed for the purposes of developing new services (products), providing tailored services, providing event and advertisement information and participation opportunities, providing services and advertisements based on demographic characteristics, verifying the validity of services, identifying access frequency, and compiling statistics on members' use of services.

Article 2: Personal Information Processing and Retention Period

The company processes and retains personal information within the personal information retention and usage period stipulated by laws or within the personal information retention and usage period agreed upon when collecting personal information from the information subject.

Each personal information processing and retention period is as follows:

A. Information Retention based on Company Policy

Personal information items collected for customer inquiry responses as stipulated in Article 7:

• Up to 1 year after handling the customer inquiry
• If there is an ongoing investigation or inquiry due to a violation of relevant laws: Until the conclusion of the investigation or inquiry
• If there is an outstanding debt or claim arising from website use: Until the settlement of the debt or claim.

B. Information Retention based on Related Laws

Goods or service provision: Until the completion of goods/service delivery and payment settlement. However, in the following cases, until the end of the specified period:

Records related to transactions such as display, advertisement, contract content, and performance under the "Act on Consumer Protection in Electronic Commerce, etc.":

Records on display and advertisements: 6 months

Records on contracts or withdrawal of offers, payment, supply of goods, etc.: 5 years

Records on consumer complaints or dispute handling: 3 years

Communication data preservation under the "Protection of Communications Secrets Act":

Data on subscriber's telecommunication time, start/end time, counterpart's subscriber number, frequency of use, location tracking data of originating base station: 1 year

Computer communication, Internet log data, and access location tracking data: 3 months

Article 3: Provision of Personal Information to Third Parties

The company only processes personal information within the scope specified for the purpose of personal information processing and only provides personal information to third parties in cases that fall under Articles 17 and 18 of the "Personal Information Protection Act," such as the information subject's consent or special provisions of the law. Otherwise, the company does not provide the personal information of the information subject to third parties.

Article 4: Rights, Obligations, and Exercise Methods of the Information Subject and Legal Representative

① The information subject can exercise their rights to access, correct, delete, or suspend the processing of their personal information against the company at any time.

※ For personal information requests related to children under the age of 14, the legal representative must make the request directly. If the information subject is a minor over 14 years of age, they can either exercise their rights themselves or through their legal representative.

② To exercise your rights against the company, you can contact us by email at info@os-designers.com in accordance with Article 41, Clause 1 of the "Personal Information Protection Act". The company will respond promptly.

③ Rights can also be exercised through a legal representative or authorized agent of the information subject. In this case, you must submit a power of attorney according to the format specified in the "Notice on Personal Information Processing Methods (2020-7)".

④ Requests for access to and suspension of personal information processing can be limited according to Article 35, Clause 4 and Article 37, Clause 2 of the "Personal Information Protection Act".

⑤ Requests for correction and deletion of personal information cannot be made if the information is specifically designated for collection under another law.

⑥ The company will verify the identity of the requester, whether it's the information subject or a legitimate representative, when there are requests for access, correction, deletion, or suspension of processing.

Article 5: Personal Information Items Processed

① The company processes the following personal information items:

② During the use of our internet service, the following personal information items can be automatically generated and collected:③ The company does not provide services to or collect personal information from children under the age of 14. If the purpose and items of member information processed by the company change, consent will be sought in advance according to relevant laws. The company collects personal information in the following ways and obtains consent before collecting:

Online, where users directly input their personal information

Offline, at exhibitions, conferences, and events, by collecting personal information on paper

Automatically during the use of services, through cookies, access logs, etc.

Article 6: Matters Concerning the Destruction Procedure and Method of Personal Information

① When personal information becomes unnecessary due to the expiration of the retention period or the achievement of processing purposes, the company will immediately destroy the information.

② If the agreed retention period for personal information has expired or the processing purpose has been achieved, but there is a need to retain the information due to other laws, the information will be transferred to a separate database (DB) or stored in a different place.

For records related to transactions such as display and advertising, contract contents, and fulfillment according to the "Consumer Protection in Electronic Commerce, etc. Act": Display and advertising records: 6 months Contract or withdrawal of offer, payment of price, provision of goods, etc.: 5 years Consumer complaints or dispute resolution records: 3 years

For communication records according to the "Telecommunications Privacy Protection Act": Subscriber communication date, start and end time, counterpart subscriber number, frequency of use, location tracking data of the sending base station: 1 year Computer communication, internet log records, access location tracking data: 3 months

③ The procedure and method for destroying personal information are as follows:

Destruction procedure The company identifies personal information that needs to be destroyed, and upon the approval of the company's personal information protection manager, the information is destroyed.

Destruction method Personal information recorded or stored in electronic file format is destroyed in a way that it cannot be restored, and personal information recorded or stored on paper is destroyed using a shredder or by incineration.

Article 7: Measures to Ensure the Security of Personal Information

The company takes the following measures to ensure the security of personal information:

Managerial measures: Establishment and implementation of an internal management plan, operation of a dedicated organization, regular employee training

Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation, and updating of security software

Physical measures: Access control to computer rooms and data storage rooms.

Article 8: Matters related to the installation, operation, and rejection of devices that automatically collect personal information

① The company uses 'cookies' to store and frequently retrieve usage information to provide individualized customized services to users. 

② A cookie is a small piece of information sent from the web server (http) to the user's computer browser and can also be stored on the user's PC hard disk. 

a. Purpose of using cookies: They are used to understand the visit and usage patterns of each service and website visited by the user, popular search terms, whether there's secure access, etc., to provide optimized information to the user. 

b. Installation, operation, and refusal of cookies: In Internet Explorer, you can refuse to store cookies through the option settings in Tools > Internet Options > Privacy. In Chrome, you can do so through the content settings button in Advanced Settings at the bottom of the settings menu.

c. If you refuse to store cookies, you may encounter difficulties using customized services. 

③ The company obtains user information through service sessions. A session is a system file sent to the user's computer from the service's server when a user visits the service site. This file temporarily stays on the user's computer to maintain the connection. This session is used only to maintain the current connection and is deleted when the browser is closed.

Article 9: Matters related to the personal information protection officer

① The company has designated a personal information protection officer as described below, who is responsible for overseeing all tasks related to personal information processing, and for addressing complaints and remedies related to personal information processing.

‣ Personal Information Protection Officer Name: Kim Jin-Ho Position: CEO Contact: info@os-designers.com

 ※ Connects to the personal information protection department. 

‣ Personal Information Protection Department Department: Infra&Security In-charge: Lee Ji-Yeon Contact: info@os-designers.com

② Users can contact the personal information protection officer and department with any inquiries, complaints, remedies, etc., related to personal information protection. The company will promptly respond and handle user inquiries.

Article 10: Criteria for additional use and provision

① According to Articles 15.3 and 17.4 of the "Personal Information Protection Act", the company may use and provide personal information additionally without the consent of the information subject, considering the criteria set forth in Article 14.2 of the Enforcement Decree of the "Personal Information Protection Act". 

② Accordingly, the company has considered the following matters for additional use and provision without the consent of the information subject: 

‣ Whether the purpose of additional use/provision is related to the original collection purpose 

‣ Whether the additional use/provision is predictable considering the circumstances of collection or processing practices ‣ Whether the additional use/provision unfairly infringes on the interests of the information subject 

‣ Whether necessary measures such as pseudonymization or encryption have been taken for security

Article 11: Department receiving and processing requests for access to personal information

Information subjects can request access to personal information under Article 35 of the "Personal Information Protection Act". The 'Personal Information Protection Department' mentioned in 'Article 8 on the personal information protection officer' is in charge of personal information access request tasks. The company will strive to process the personal information access requests promptly.

Article 12: Remedies for infringement of the rights of the information subject

① Information subjects can apply for dispute resolution, counseling, etc., due to personal information infringement at the Personal Information Dispute Mediation Committee, Korea Internet & Security Agency's Personal Information Infringement Report Center, etc. For other inquiries, counseling, or reporting on personal information infringement, please contact the following agencies:

Personal Information Dispute Mediation Committee: (Toll-free) 1833-6972 (www.kopico.go.kr)

Personal Information Infringement Report Center: (Toll-free) 118 (privacy.kisa.or.kr)

Prosecutor's Office: (Toll-free) 1301 (www.spo.go.kr)

Police: (Toll-free) 182 (ecrm.cyber.go.kr) 

② The company guarantees the information subject's personal information self-determination right and strives for consultation and damage relief from personal information infringement. For inquiries, please contact the 'Personal Information Protection Department' mentioned in 'Article 8 on the personal information protection officer'.

③ Those who have had their rights or interests infringed by a disposition or omission by the head of a public institution in accordance with the provisions of Articles 35 (Access to Personal Information), 36 (Correction and Deletion of Personal Information), and 37 (Suspension of Processing Personal Information) of the "Personal Information Protection Act" can request administrative litigation in accordance with the Administrative Litigation Act. 

‣ Central Administrative Litigation Committee: (Toll-free) 110 (www.simpan.go.kr)

Article 13: Matters concerning changes to the personal information processing policy

 ① This personal information processing policy will be applied from September 15, 2023.